From e8725c4b47d9b303da48d61195f65121a1d31856 Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ismo@ivuorinen.net>
Date: Thu, 5 Feb 2026 22:49:36 +0200
Subject: [PATCH] fix(scripts): use safe temp directories and fix composer exit
 code

- install-ntfy.sh: use mktemp -d with cleanup trap instead of /tmp/ntfy_*
- install-git-crypt.sh: use mktemp -d with cleanup trap instead of /tmp/git-crypt
- install-composer.sh: only move composer.phar if installation succeeded
---
 scripts/install-composer.sh  |  4 +++-
 scripts/install-git-crypt.sh |  7 +++----
 scripts/install-ntfy.sh      | 18 ++++++++++--------
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/scripts/install-composer.sh b/scripts/install-composer.sh
index a4eaf73..8d9651f 100755
--- a/scripts/install-composer.sh
+++ b/scripts/install-composer.sh
@@ -22,5 +22,7 @@ fi
 php composer-setup.php --quiet
 RESULT=$?
 rm composer-setup.php
-mv composer.phar ~/.local/bin/composer
+if [ $RESULT -eq 0 ]; then
+  mv composer.phar ~/.local/bin/composer
+fi
 exit $RESULT
diff --git a/scripts/install-git-crypt.sh b/scripts/install-git-crypt.sh
index 9c23531..231333b 100755
--- a/scripts/install-git-crypt.sh
+++ b/scripts/install-git-crypt.sh
@@ -14,11 +14,10 @@ msgr run "Installing git-crypt"
 if ! command -v git-crypt &> /dev/null; then
   REPO_URL="https://github.com/AGWA/git-crypt.git"
   CHECK_PATH="${XDG_BIN_HOME}/git-crypt"
-  BUILD_PATH="/tmp/git-crypt"
+  BUILD_PATH="$(mktemp -d)"
+  trap 'rm -rf "$BUILD_PATH"' EXIT
 
-  rm -rf "$BUILD_PATH"
-
-  if [ ! -d "$CHECK_PATH" ]; then
+  if [ ! -f "$CHECK_PATH" ]; then
     git clone --depth 1 "$REPO_URL" "$BUILD_PATH" || { msgr err "Failed to clone $REPO_URL"; exit 1; }
     cd "$BUILD_PATH" || { msgr err "$BUILD_PATH not found"; exit 1; }
     make && make install PREFIX="$HOME/.local"
diff --git a/scripts/install-ntfy.sh b/scripts/install-ntfy.sh
index 8563f86..abbbd0c 100755
--- a/scripts/install-ntfy.sh
+++ b/scripts/install-ntfy.sh
@@ -29,23 +29,25 @@ esac
 
 NTFY_VERSION="$(x-gh-get-latest-version binwiederhier/ntfy)"
 NTFY_URL="https://github.com/binwiederhier/ntfy"
-NTFY_DEST="/tmp/ntfy_${NTFY_VERSION}_${NTFY_ARCH}"
+NTFY_TARBALL="ntfy_${NTFY_VERSION}_${NTFY_ARCH}.tar.gz"
+NTFY_DIR="ntfy_${NTFY_VERSION}_${NTFY_ARCH}"
 
 # Download and extract ntfy
 install_ntfy()
 {
-  curl -L "$NTFY_URL/releases/download/v${NTFY_VERSION}/${NTFY_DEST}.tar.gz" -o "${NTFY_DEST}.tar.gz"
-  tar zxvf "${NTFY_DEST}.tar.gz"
-  cp -a "${NTFY_DEST}/ntfy" ~/.local/bin/ntfy
+  local tmpdir
+  tmpdir="$(mktemp -d)"
+  trap 'rm -rf "$tmpdir"' EXIT
+
+  curl -L "$NTFY_URL/releases/download/v${NTFY_VERSION}/${NTFY_TARBALL}" -o "$tmpdir/${NTFY_TARBALL}"
+  tar zxvf "$tmpdir/${NTFY_TARBALL}" -C "$tmpdir"
+  cp -a "$tmpdir/${NTFY_DIR}/ntfy" ~/.local/bin/ntfy
   mkdir -p ~/.config/ntfy
 
   # Copy config only if it does not exist
   if [ ! -f "$HOME/.config/ntfy/client.yml" ]; then
-    cp "${NTFY_DEST}/client/client.yml" ~/.config/ntfy/client.yml
+    cp "$tmpdir/${NTFY_DIR}/client/client.yml" ~/.config/ntfy/client.yml
   fi
-
-  # Clean up
-  rm -rf "${NTFY_DEST}" "${NTFY_DEST}.tar.gz"
 }
 
 main()