From b7d690bb34320f29a21707473b886a9a8f566ca1 Mon Sep 17 00:00:00 2001 From: RagavRida Date: Fri, 24 Apr 2026 00:05:30 +0530 Subject: [PATCH] fix(build-app): bail out if 'mktemp -d' fails instead of cp-ing into '/' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The DMG creation step sets DMG_TMP from 'mktemp -d' with no error check. If mktemp fails (tmpfs full, permissions, TMPDIR misconfigured), DMG_TMP is empty and the very next line — 'cp -a "\$APP_DIR" "\$DMG_TMP/"' — expands to 'cp -a "" "/"', which copies the bundle into the root of the filesystem. Refuse to continue unless mktemp produced a real directory. Defensive second check catches the (rare) case where mktemp succeeds but returns something that isn't a directory we can cp into. --- scripts/build-app.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/build-app.sh b/scripts/build-app.sh index 90ba8a748..8869212ab 100755 --- a/scripts/build-app.sh +++ b/scripts/build-app.sh @@ -179,7 +179,11 @@ echo " Creating DMG..." rm -f "$DMG_PATH" # Create a temporary directory for DMG contents -DMG_TMP=$(mktemp -d) +DMG_TMP=$(mktemp -d) || { echo "ERROR: mktemp -d failed — refusing to continue so we don't cp into the filesystem root." >&2; exit 1; } +if [ -z "$DMG_TMP" ] || [ ! -d "$DMG_TMP" ]; then + echo "ERROR: mktemp -d returned an invalid path ('$DMG_TMP')." >&2 + exit 1 +fi cp -a "$APP_DIR" "$DMG_TMP/" ln -s /Applications "$DMG_TMP/Applications"