diff --git a/bin/touchid.sh b/bin/touchid.sh index 1f45914..94825f0 100755 --- a/bin/touchid.sh +++ b/bin/touchid.sh @@ -13,6 +13,9 @@ LIB_DIR="$(cd "$SCRIPT_DIR/../lib" && pwd)" # shellcheck source=../lib/core/common.sh source "$LIB_DIR/core/common.sh" +# Set up global cleanup trap +trap cleanup_temp_files EXIT INT TERM + readonly PAM_SUDO_FILE="${MOLE_PAM_SUDO_FILE:-/etc/pam.d/sudo}" readonly PAM_SUDO_LOCAL_FILE="${MOLE_PAM_SUDO_LOCAL_FILE:-/etc/pam.d/sudo_local}" readonly PAM_TID_LINE="auth sufficient pam_tid.so" @@ -66,9 +69,8 @@ show_status() { # Enable Touch ID for sudo enable_touchid() { - # Cleanup trap + # Cleanup trap handled by global EXIT trap local temp_file="" - trap '[[ -n "${temp_file:-}" ]] && rm -f "${temp_file:-}"' EXIT # First check if system supports Touch ID if ! supports_touchid; then @@ -88,7 +90,7 @@ enable_touchid() { # It is in sudo_local, but let's check if it's ALSO in sudo (incomplete migration) if grep -q "pam_tid.so" "$PAM_SUDO_FILE"; then # Clean up legacy config - temp_file=$(mktemp) + temp_file=$(create_temp_file) grep -v "pam_tid.so" "$PAM_SUDO_FILE" > "$temp_file" if sudo mv "$temp_file" "$PAM_SUDO_FILE" 2> /dev/null; then echo -e "${GREEN}${ICON_SUCCESS} Cleanup legacy configuration${NC}" @@ -117,7 +119,7 @@ enable_touchid() { else # Append if not present if ! grep -q "pam_tid.so" "$PAM_SUDO_LOCAL_FILE"; then - temp_file=$(mktemp) + temp_file=$(create_temp_file) cp "$PAM_SUDO_LOCAL_FILE" "$temp_file" echo "$PAM_TID_LINE" >> "$temp_file" sudo mv "$temp_file" "$PAM_SUDO_LOCAL_FILE" @@ -132,7 +134,7 @@ enable_touchid() { if $write_success; then # If we migrated from legacy, clean it up now if $is_legacy_configured; then - temp_file=$(mktemp) + temp_file=$(create_temp_file) grep -v "pam_tid.so" "$PAM_SUDO_FILE" > "$temp_file" sudo mv "$temp_file" "$PAM_SUDO_FILE" log_success "Touch ID migrated to sudo_local" @@ -163,7 +165,7 @@ enable_touchid() { fi # Create temp file - temp_file=$(mktemp) + temp_file=$(create_temp_file) # Insert pam_tid.so after the first comment block awk ' @@ -194,9 +196,8 @@ enable_touchid() { # Disable Touch ID for sudo disable_touchid() { - # Cleanup trap + # Cleanup trap handled by global EXIT trap local temp_file="" - trap '[[ -n "${temp_file:-}" ]] && rm -f "${temp_file:-}"' EXIT if ! is_touchid_configured; then echo -e "${YELLOW}Touch ID is not currently enabled${NC}" @@ -206,13 +207,13 @@ disable_touchid() { # Check sudo_local first if [[ -f "$PAM_SUDO_LOCAL_FILE" ]] && grep -q "pam_tid.so" "$PAM_SUDO_LOCAL_FILE"; then # Remove from sudo_local - temp_file=$(mktemp) + temp_file=$(create_temp_file) grep -v "pam_tid.so" "$PAM_SUDO_LOCAL_FILE" > "$temp_file" if sudo mv "$temp_file" "$PAM_SUDO_LOCAL_FILE" 2> /dev/null; then # Since we modified sudo_local, we should also check if it's in sudo file (legacy cleanup) if grep -q "pam_tid.so" "$PAM_SUDO_FILE"; then - temp_file=$(mktemp) + temp_file=$(create_temp_file) grep -v "pam_tid.so" "$PAM_SUDO_FILE" > "$temp_file" sudo mv "$temp_file" "$PAM_SUDO_FILE" fi @@ -236,7 +237,7 @@ disable_touchid() { fi # Remove pam_tid.so line - temp_file=$(mktemp) + temp_file=$(create_temp_file) grep -v "pam_tid.so" "$PAM_SUDO_FILE" > "$temp_file" if sudo mv "$temp_file" "$PAM_SUDO_FILE" 2> /dev/null; then diff --git a/install.sh b/install.sh index 21a3c00..8a45c84 100755 --- a/install.sh +++ b/install.sh @@ -100,7 +100,7 @@ resolve_source_dir() { local tmp tmp="$(mktemp -d)" - trap 'stop_line_spinner 2>/dev/null; rm -rf "$tmp"' EXIT + trap "stop_line_spinner 2>/dev/null; rm -rf \"$tmp\"" EXIT local branch="${MOLE_VERSION:-}" if [[ -z "$branch" ]]; then diff --git a/lib/core/base.sh b/lib/core/base.sh index 5a455e9..95b3ae4 100644 --- a/lib/core/base.sh +++ b/lib/core/base.sh @@ -512,7 +512,7 @@ declare -a MOLE_TEMP_DIRS=() create_temp_file() { local temp temp=$(mktemp) || return 1 - MOLE_TEMP_FILES+=("$temp") + register_temp_file "$temp" echo "$temp" } @@ -520,7 +520,7 @@ create_temp_file() { create_temp_dir() { local temp temp=$(mktemp -d) || return 1 - MOLE_TEMP_DIRS+=("$temp") + register_temp_dir "$temp" echo "$temp" } @@ -538,9 +538,12 @@ register_temp_dir() { # Compatible with both BSD mktemp (macOS default) and GNU mktemp (coreutils) mktemp_file() { local prefix="${1:-mole}" + local temp # Use TMPDIR if set, otherwise /tmp # Add .XXXXXX suffix to work with both BSD and GNU mktemp - mktemp "${TMPDIR:-/tmp}/${prefix}.XXXXXX" + temp=$(mktemp "${TMPDIR:-/tmp}/${prefix}.XXXXXX") || return 1 + register_temp_file "$temp" + echo "$temp" } # Cleanup all tracked temp files and directories diff --git a/lib/core/common.sh b/lib/core/common.sh index 5437f17..923122a 100755 --- a/lib/core/common.sh +++ b/lib/core/common.sh @@ -34,7 +34,7 @@ update_via_homebrew() { temp_upgrade=$(mktemp_file "brew_upgrade") # Set up trap for interruption (Ctrl+C) with inline cleanup - trap 'stop_inline_spinner 2>/dev/null; rm -f "$temp_update" "$temp_upgrade" 2>/dev/null; echo ""; exit 130' INT TERM + trap "stop_inline_spinner 2>/dev/null; rm -f \"$temp_update\" \"$temp_upgrade\" 2>/dev/null; echo \"\"; exit 130" INT TERM # Update Homebrew if [[ -t 1 ]]; then