Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
 /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
 #define tempname_ensure(Str)				\
 do {							\
-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
 } while (0)
+char * safe_tempnam(const char *);
 
 #endif
'right' method='get' action='/guix/log/doc/package-hello.json'>
<input type='hidden' name='id' value='b0e3121495f3b24e133c61b42cf40ffa9707cf55'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=b0e3121495f3b24e133c61b42cf40ffa9707cf55'>root</a>/<a href='/guix/log/doc?id=b0e3121495f3b24e133c61b42cf40ffa9707cf55'>doc</a>/<a href='/guix/log/doc/package-hello.json?id=b0e3121495f3b24e133c61b42cf40ffa9707cf55'>package-hello.json</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/doc/package-hello.json?id=b0e3121495f3b24e133c61b42cf40ffa9707cf55&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-02-23 19:02:55 +0100'>2024-02-23</span></td><td><a href='/guix/commit/doc/package-hello.json?id=b386c11e7804e0b577411d930b60f1e0a4a0382c'>import: Do not return package name with json importer.</a><span class='msg-avail'>...<span class='msg-tooltip'>* guix/import/json.scm (json-&gt;code): Do not return package names after
package expressions.
* doc/package-hello.json: Fix comma errors and use valid greeter URL.

Change-Id: Id71924e72f690a9bda5fbfdb65a443029adfd158
Signed-off-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
</span></span></td><td>Herman Rimm</td></tr>
<tr><td><span title='2020-04-16 23:41:52 +0200'>2020-04-16</span></td><td><a href='/guix/commit/doc/package-hello.json?id=c9f321e52a99dea93fcc099372ea0167150b9aac'>doc: Document building and installing from JSON files.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi (Invoking guix package): Augment pargraphs for
"--install-from-file".
(Invoking guix build): Document building from JSON files.
* doc/package-hello.json: New file.
* doc/local.mk (EXTRA_DIST): Add it.
</span></span></td><td>Ricardo Wurmus</td></tr>