[colug-432] bash pipe + read?

Rick Hornsby richardjhornsby at gmail.com
Mon Nov 16 11:21:22 EST 2015


> On Nov 16, 2015, at 09:51, Rob Funk <rfunk at funknet.net> wrote:
> 
> Rick Hornsby wrote:
>> I've written a shell script that's meant to be run similar to how you install
>> rvm[1] using curl:
>> 
>> $ curl http://somehost/myscript.sh | sudo bash -s devel
> 
> If you do this, at least make it https rather than http, so that
> you're not vulnerable to DNS hijacking.

Good point.

While I should probably switch to https because it is a good practice generally, I could have been more specific about the purpose.  This is an internally sourced and internally used bootstrap script to get the host set up for puppet - mount an NFS share, register with Satellite, install puppet, run puppet apply.

There are a few changes (initial patches, etc) that cause the need for a reboot.

>> Alternatively, I could make the user do
>> 
>> $ wget http://somehost/myscript.sh; chmod 755 myscript.sh; ./myscript.sh
> 
> Simpler:
>  $ wget http://somehost/myscript.sh; bash ./myscript.sh
> 
>> But that seems far less elegant than curl ... | bash
> 
> But at least with that solution the user doesn't assume that you
> expect them to run it without reading it.

While I've made efforts to keep the script readable so I don't drive myself nuts, I expect the people running it aren't going to read it.




More information about the colug-432 mailing list