From ffcebecf1ae9b4321960fe9bef18e0d1e623c074 Mon Sep 17 00:00:00 2001
From: Silvio Knizek <silvio.knizek@sap.com>
Date: Mon, 23 Nov 2020 18:53:15 +0100
Subject: [PATCH] replace /dev/shm/$uuid by actual random tmpfile

`/dev/shm` is linux only and shouldn't be used even there. Modern
systems do have a `tmpfs` at `/tmp`, where it belongs.
`ioutil.TempFile` creates a temp file based upon `os.TempDir`, so it
works independent of the actual OS.
---
 editor.go  |  9 +--------
 wrapper.go | 18 +++++-------------
 2 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/editor.go b/editor.go
index fc368a3..6af3367 100644
--- a/editor.go
+++ b/editor.go
@@ -8,8 +8,6 @@ import (
 	"os"
 	"os/exec"
 	"strings"
-
-	"github.com/google/uuid"
 )
 
 const (
@@ -55,12 +53,7 @@ func (e Editor) Launch(path string) error {
 }
 
 func (e Editor) LaunchTemp(r io.Reader) ([]byte, string, error) {
-	uuid, err := uuid.NewRandom()
-	if err != nil {
-		return []byte{}, "", err
-	}
-	tmpf := fmt.Sprintf("/dev/shm/%v", uuid)
-	f, err := os.OpenFile(tmpf, os.O_RDWR|os.O_CREATE, 0600)
+	f, err := ioutil.TempFile("", "*.helm")
 	if err != nil {
 		return nil, "", err
 	}
diff --git a/wrapper.go b/wrapper.go
index 059227c..6c5bb3b 100644
--- a/wrapper.go
+++ b/wrapper.go
@@ -7,7 +7,6 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 )
@@ -185,22 +184,15 @@ func decryptSecrets(args []string) ([]string, []string, error) {
 				if err != nil {
 					return helmArgs, decryptedFiles, err
 				}
-				// Store decrypted contents in a shm file
-				uuid, err := uuid.NewRandom()
-				if err != nil {
-					return helmArgs, decryptedFiles, err
-				}
-				tmpf := fmt.Sprintf("/dev/shm/%v", uuid)
+				// Store decrypted contents in a tmp file
+				f, err := ioutil.TempFile("", "*.helm")
+				tmpf := f.Name()
 				decryptedFiles = append(decryptedFiles, tmpf)
-				_, err = os.OpenFile(tmpf, os.O_RDWR|os.O_CREATE, 0600)
-				if err != nil {
-					return helmArgs, decryptedFiles, err
-				}
-				err = ioutil.WriteFile(tmpf, plain, 0644)
+				_, err = f.Write(plain)
 				if err != nil {
 					return helmArgs, decryptedFiles, err
 				}
-				// Update args to access the decrypt shm file instead
+				// Update args to access the decrypt tmp file instead
 				helmArgs[i+1] = tmpf
 			}
 		}