From e55fe43e2d7b9b0bed8980ce519ecad0ee34364b Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 13 Apr 2026 15:59:42 +0200
Subject: [PATCH] core: remove unused TEMP_DIR mktemp leak in build_container /
 clean sonarqube (#13708)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix(core): remove unused TEMP_DIR mktemp leak in build_container

The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.

Remove the mktemp -d and pushd entirely to eliminate the leak.

* fix(sonarqube): clean up temp file after zip extraction

The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.

Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
---
 ct/sonarqube.sh              | 1 +
 install/sonarqube-install.sh | 1 +
 misc/build.func              | 2 --
 3 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ct/sonarqube.sh b/ct/sonarqube.sh
index 0ac979445..ab7cd3c47 100644
--- a/ct/sonarqube.sh
+++ b/ct/sonarqube.sh
@@ -43,6 +43,7 @@ function update_script() {
     RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
     curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
     unzip -q "$temp_file" -d /opt
+    rm -f "$temp_file"
     mv /opt/sonarqube-${RELEASE} /opt/sonarqube
     echo "${RELEASE}" > ~/.sonarqube
     msg_ok "Updated SonarQube"
diff --git a/install/sonarqube-install.sh b/install/sonarqube-install.sh
index 0856eb513..b84d7b03b 100644
--- a/install/sonarqube-install.sh
+++ b/install/sonarqube-install.sh
@@ -21,6 +21,7 @@ temp_file=$(mktemp)
 RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
 curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
 unzip -q "$temp_file" -d /opt
+rm -f "$temp_file"
 mv /opt/sonarqube-* /opt/sonarqube
 $STD useradd -r -m -U -d /opt/sonarqube -s /bin/bash sonarqube
 chown -R sonarqube:sonarqube /opt/sonarqube
diff --git a/misc/build.func b/misc/build.func
index 4af0752dc..0f1e90417 100644
--- a/misc/build.func
+++ b/misc/build.func
@@ -3613,8 +3613,6 @@ build_container() {
   fi
 
   # Build PCT_OPTIONS as string for export
-  TEMP_DIR=$(mktemp -d)
-  pushd "$TEMP_DIR" >/dev/null
   local _func_url
   if [ "$var_os" == "alpine" ]; then
     _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func"