Index: b/lib/routines.c
===================================================================
--- a/lib/routines.c
+++ b/lib/routines.c
@@ -242,3 +242,50 @@
   /* Don't complain if you can't unlink.  Who cares of a tmp file? */
   unlink (filename);
 }
+
+/*
+ * Securely generate a temp file, and make sure it gets
+ * deleted upon exit.
+ */
+static char **	tempfiles;
+static unsigned	ntempfiles;
+
+static void
+cleanup_tempfiles()
+{
+	while (ntempfiles--)
+		unlink(tempfiles[ntempfiles]);
+}
+
+char *
+safe_tempnam(const char *pfx)
+{
+	char	*dirname, *filename;
+	int	fd;
+
+	if (!(dirname = getenv("TMPDIR")))
+		dirname = "/tmp";
+
+	tempfiles = (char **) realloc(tempfiles,
+			(ntempfiles+1) * sizeof(char *));
+	if (tempfiles == NULL)
+		return NULL;
+
+	filename = malloc(strlen(dirname) + strlen(pfx) + sizeof("/XXXXXX"));
+	if (!filename)
+		return NULL;
+
+	sprintf(filename, "%s/%sXXXXXX", dirname, pfx);
+
+	if ((fd = mkstemp(filename)) < 0) {
+		free(filename);
+		return NULL;
+	}
+	close(fd);
+
+	if (ntempfiles == 0)
+		atexit(cleanup_tempfiles);
+	tempfiles[ntempfiles++] = filename;
+
+	return filename;
+}
Index: b/lib/routines.h
===================================================================
--- a/lib/routines.h
+++ b/lib/routines.h
@@ -255,7 +255,8 @@
 /* If _STR_ is not defined, give it a tempname in _TMPDIR_ */
 #define tempname_ensure(Str)				\
 do {							\
-  (Str) = (Str) ? (Str) : tempnam (NULL, "a2_");	\
+  (Str) = (Str) ? (Str) : safe_tempnam("a2_");	\
 } while (0)
+char * safe_tempnam(const char *);
 
 #endif
'q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/'>root</a>/<a href='/guix/log/gnu'>gnu</a>/<a href='/guix/log/gnu/system'>system</a>/<a href='/guix/log/gnu/system/install.scm'>install.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system/install.scm?showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-08-19 16:41:07 +0200'>2024-08-19</span></td><td><a href='/guix/commit/gnu/system/install.scm?id=ce40b1c655edab622b4ad9ff49f948bd65753662'>install: Set ‘privileged-programs’ rather than ‘setuid-programs’.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2024-04-18 10:43:06 -0400'>2024-04-18</span></td><td><a href='/guix/commit/gnu/system/install.scm?id=65e8472a4b6fc6f66871ba0dad518b7d4c63595e'>system: Remove nss-certs from OS templates, adjust doc.</a><span class='msg-avail'>...</span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2023-12-22 16:06:15 -0800'>2023-12-22</span></td><td><a href='/guix/commit/gnu/system/install.scm?id=ab1ff7ca40b0a2d935f715dcf64f0f3128632d3d'>images: Add orangepi-r1-plus-lts image.</a><span class='msg-avail'>...</span></td><td>Herman Rimm</td></tr>
<tr><td><span title='2023-12-02 12:25:45 +0100'>2023-12-02</span></td><td><a href='/guix/commit/gnu/system/install.scm?id=b0715d7cd2a74bc231751f8afc9dffb2047501ac'>gnu: Use ‘libc-utf8-locales-for-target’.</a><span class='msg-avail'>...</span></td><td>Janneke Nieuwenhuizen</td></tr>
<tr><td><span title='2023-09-17 15:31:04 +0200'>2023-09-17</span></td><td><a href='/guix/commit/gnu/system/install.scm?id=d4da1f26e1c3fdb2b5d1d8f67ebd195d119fa964'>gnu: file-systems: Add variable %base-live-file-systems.</a><span class='msg-avail'>...</span></td><td>Nicolas Graves</td></tr>
<td><span title='2020-10-20 22:39:43 +0100'>2020-10-20</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=bdcf4d88d58798eca7811c8b1fbd4638168d05c3'>services: databases: Don't specify a default postgresql version.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2018-10-18 01:12:22 +0200'>2018-10-18</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=39d7fdce453b0ca23ecbed72048647debbaa58a6'>services: dhcp-client: Deprecate 'dhcp-client-service' procedure.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-03-10 16:20:55 +0000'>2018-03-10</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=69f7cf2bf4ca3ab792438a9e7fb46f78ef0f227a'>tests: databases: Add a system test for PostgreSQL.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2017-10-08 17:31:49 +0100'>2017-10-08</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=02bc41c4cedd15c6a76ecd5218f9b5848de8baea'>tests: databases: Add a simple test for MySQL.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2017-10-06 21:24:30 +0100'>2017-10-06</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=5266ff719e274056cb3e2b9740183f0063177255'>services: Add MongoDB.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2017-08-15 22:24:15 +0100'>2017-08-15</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=6230e155afd8c43c12ee3f03032aac34433db11a'>gnu: Fix memcached service startup.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>
<tr><td><span title='2017-07-30 09:08:30 +0100'>2017-07-30</span></td><td><a href='/guix/commit/gnu/tests/databases.scm?id=119fdd0d0e33492ef2b563295fe9564258d51401'>services: Add memcached.</a><span class='msg-avail'>...</span></td><td>Christopher Baines</td></tr>