From d6cd69e9d2ae35dc90c4a4ef602765de15896b84 Mon Sep 17 00:00:00 2001
From: Johannes 'josch' Schauer <josch@mister-muffin.de>
Date: Sun, 15 Jan 2017 15:42:26 +0100
Subject: [PATCH] Store dose3 Packages and Sources in a secure way using
 tempfile

---
 run.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/run.py b/run.py
index fd3d3f6..cae7f0a 100755
--- a/run.py
+++ b/run.py
@@ -16,6 +16,8 @@ import subprocess
 import yaml
 import daklib_arch
 import debarch
+import tempfile
+import os
 
 abi_from_abitable = [row[0] for row in debarch._load_table('/usr/share/dpkg/abitable')]
 abi_from_ostable = [row[0].split('-')[0] for row in debarch._load_table('/usr/share/dpkg/ostable')]
@@ -55,20 +57,26 @@ def dpkg_arch_matches(arch, wildcard):
         env={}) == 0
 
 def dose_arch_matches(arch, wildcard):
-    with open("/tmp/sources", "w") as f:
-        f.write("""
+    f1 = tempfile.NamedTemporaryFile(mode='w', delete=False)
+    n1 = f1.name
+    f1.write("""
 Package: foo
 Architecture: %s
 Version: 0.invalid.0
 """%(wildcard))
-    with open("/tmp/packages", "w") as f:
-        f.write("""
+    f1.close()
+    f2 = tempfile.NamedTemporaryFile(mode='w', delete=False)
+    n2 = f2.name
+    f2.write("""
 Package: build-essential
 Architecture: %s
 Version: 0.invalid.0
 """%(arch))
+    f2.close()
     data = subprocess.check_output(['dose-builddebcheck', '--deb-native-arch=%s'%arch,
         '--successes', '/tmp/packages', '/tmp/sources'])
+    os.unlink(n1)
+    os.unlink(n2)
     data = yaml.load(data, Loader=yaml.CBaseLoader)
     return len(data['report']) == 1