[colug-432] bash pipe + read?
Rick Hornsby
richardjhornsby at gmail.com
Mon Nov 16 11:21:22 EST 2015
> On Nov 16, 2015, at 09:51, Rob Funk <rfunk at funknet.net> wrote:
>
> Rick Hornsby wrote:
>> I've written a shell script that's meant to be run similar to how you install
>> rvm[1] using curl:
>>
>> $ curl http://somehost/myscript.sh | sudo bash -s devel
>
> If you do this, at least make it https rather than http, so that
> you're not vulnerable to DNS hijacking.
Good point.
While I should probably switch to https because it is a good practice generally, I could have been more specific about the purpose. This is an internally sourced and internally used bootstrap script to get the host set up for puppet - mount an NFS share, register with Satellite, install puppet, run puppet apply.
There are a few changes (initial patches, etc) that cause the need for a reboot.
>> Alternatively, I could make the user do
>>
>> $ wget http://somehost/myscript.sh; chmod 755 myscript.sh; ./myscript.sh
>
> Simpler:
> $ wget http://somehost/myscript.sh; bash ./myscript.sh
>
>> But that seems far less elegant than curl ... | bash
>
> But at least with that solution the user doesn't assume that you
> expect them to run it without reading it.
While I've made efforts to keep the script readable so I don't drive myself nuts, I expect the people running it aren't going to read it.
More information about the colug-432
mailing list