Use mktemp for temporary download directory

[johshoff]

Using the current directory may not always be appropriate, for example in
the case where it will unnecessarily trigger a backup to be made.

The only risk with this change is that systems might not have a mktemp.
I am not aware of such a system, but have not tested on Windows. It is
working on a basic Ubuntu and OS X installation.

[rust-highfive]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @huonw (or someone else) soon.

[nodakai]

Does it not suffice to simply cd to the $TMPDIR environment variable (or alike) when creating the working directory? Security experts would say mktemp(1) is essential for avoiding the symlink attack, but... should all of us be that cautious? Using different working directories every time isn't desirable for, eg. supporting HTTP GET resume.

Apart from that, you really need to check if TMP_DIR was successfully set or not. One of the idioms for check is:

TMP_DIR=`mktemp -d` || exit 1

There are several invocation of rm -Rf "${TMP_DIR}" later in the script. They scare me a lot...

[johshoff]

@nodakai Thanks for taking a look! Good point about exiting if it fails.

I made a fallback to the current bahavior if mktemp fails. That should take care of those problems.

I didn't think about the HTTP resume scenario, but it doesn't seem like rustup is trying to do that—it deletes the folder up front.

Does it not suffice to simply cd to the $TMPDIR environment variable (or alike) when creating the working directory?

Yes, I could definitely just do that. It just didn't seem right to me to pollute the current directory (whatever that might be) with a rustup-tmp-install directory. Especially when if the user, like me, triggers automatic backup routines in said folder.

To be honest, this isn't a big deal to me; I can always work around it. I just assume that someone else will have simlar issues.

[steveklabnik]

/cc @brson

[brson]

Will probably need a rebase after #19170 lands.

[frewsxcv]

#19170 has landed (19 days ago) and this just needs a rebase at this point

[johshoff]

@frewsxcv Thanks for the heads up. Merged master into the fork.

[frewsxcv]

This line is over 100 characters long, which fails the style checker

[tbu-]

This probably use $() instead of backticks, but it must certainly be quoted.

[johshoff]

@frewsxcv Thanks again for the feedback. I split the line into three lines. Not sure if it matches the style guide (if you even have one for bash).

@tbu- I changed it to use $() instead. Good suggestion. Not sure what you mean about the quotation—the current way should work fine even if there are e.g. spaces in the returned values.

[tbu-]

@johshoff Yea, I was wrong about the needed quotation. Thanks for the change to $().