[pass] Fix mktemp template to work with GNU Coreutils

Deny Dias deny at macpress.com.br
Wed Feb 18 21:07:24 CET 2015

Hi, Olof. Thank you for your reply.

Indeed, I was deceived by Slackware package layout. There are two mktemp
binaries in Slackware:

$ ls -la /usr/bin/mktemp*
-rwxr-xr-x 1 root root 7624 Set 21  2008 /usr/bin/mktemp*
lrwxrwxrwx 1 root root   20 Fev 17 22:31 /usr/bin/mktemp-gnu -> \

The first one, wich is the standard one, comes from the package bin-11.1,
which in turn is provided by debianutils-2.7, a very, very old package from

The second one comes from coreutils-8.23, the latest GNU Coreutils version.

As the standard falls into the olde debianutils-2.7, it is limited by the six
caharacter in the template definition.

$ zcat /usr/man/man1/mktemp.1.gz | grep 'six (6)'
may be any filename with six (6)

The patch I provided may still be relevant if password-store is commited
to a broader Linux distribution audience, as its slogan imples ('the standard
unix password manager'). If that's the case, to make it work with as many
distros as possible requiring no user modifications is desired.

If I'm wrong in my assumption, as the maintainer of an up to date packge
for password-store to Slackware, I can just apply the patch in the build time.

I can't see password-store.sh code without the patch as any less secure by
having shorter template length in mktemp.

Best regards,

Deny Dias.

Em qua 18 fev 2015, às 19:18:20, Olof Johansson escreveu:
> On 2015-02-18 15:50 -0200, Deny Dias wrote:
> > Hi,
> > 
> > GNU Coreutils (e.g. coreutils-8.23) imposes a limit of exactly six (6) X's to
> > define a valid template. If this limit is not observed when passing arguments to
> > mktemp, it throws an error:
> > 
> >  mktemp: cannot create temp file /dev/shm/pass.XXXXXXXD2gHRw/XXXXX: \
> >   Invalid argument
> I can see no such limitation in coreutils 8.23. Are you sure you are
> invoking the coreutils mktemp? And indeed, on Debian, doing the
> following works just fine:
>  $ mktemp /tmp/foo-XXXXXXXXXXXXXXX
>  /tmp/foo-IsM2YQaLtch45i2
> > This is what 'man mktemp' says about the template size in such systems:
> > 
> >  ...The template may be any filename with six (6) `Xs' appended to it, for
> >  example /tmp/tfile.XXXXXX.  If no template is specified a default of tmp.XXXXXX
> >  is  used  and  the  -t  flag  is implied (see below)...
>   coreutils-8.23$ grep -Fr 'six (6)' *
> gave me nothing... The help text in mktemp.c says the following:
> | TEMPLATE must contain at least 3 consecutive 'X's in last component.
> | If TEMPLATE is not specified, use tmp.XXXXXXXXXX, and --tmpdir is implied.

More information about the Password-Store mailing list