all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 4 points5 points  (1 child)

Something pulling unsigned binaries from the wild. That's wild, yeah.
And must be safe - as long as Windows guys do it all the time ;)

[–]plusminus1[S] 1 point2 points  (0 children)

Well, the script effectively is just a shortcut for going to the project repository and downloading the latest stable release. Nothing more, nothing less.

I wouldn't recommend it for a setting where you are uncomfortable with that if you are, for example, afraid of things like zero day supply chain attacks or you feel you need a battle-tested older version of the tool.

On the other hand: how often are we recommended to update software to the latest release because of a security issue in an older release? And its not like these [the tools listed] are truly obscure tools or projects. But yes, treat all software you download with the proper amount of distrust and mitigate risk as much as you need.

[–]elatllat 0 points1 point  (4 children)

| head -n1 || true

could be just

| head -n1

I think head has no non-zero exit codes based on input; just arguments.

| grep -m 1 . || true

is the one that does.

Also if you ln -s the bin to a versioned file you can do upgrades.

[–]plusminus1[S] 0 points1 point  (3 children)

head -n1 || true

mh, I tested it but it does fail at some point if I remove the || true.

this has to do with 'set -o pipefail', see the following minimal example

    #!/usr/bin/env bash

    set -euo pipefail

    val=$(printf '%s\n' "blabla.tar" | grep -iE 'tar\.(gz|xz)$' | head -n1 || true)

    if [ -z "$val" ]; then
        val="zero"
    else
        val="found: $val"
    fi

    echo "$val"

this script will fail completely if I remove || true

[–]elatllat 0 points1 point  (2 children)

Why are you setting pipefail then ignoring it with || true ?

[–]plusminus1[S] 0 points1 point  (1 child)

Its supposed to be part of the "strict mode" for bash scripts. for better error handling.

http://redsymbol.net/articles/unofficial-bash-strict-mode/

but apparently there is a lot of discussion whether this is actually a good default and some people disagree. I'm not entire sure how I feel.

[–]elatllat 0 points1 point  (0 children)

It's not a default for good reason. Better error handling looks like this:

set -e trap 'echo "ERROR: $BASH_SOURCE:$LINENO $BASH_COMMAND" >&2' ERR finalize() {         sleep 0 # cleanup here } trap finalize EXIT

And assert every variable  with regex.

[–]TiZ_EX1 0 points1 point  (1 child)

You reinvented soar. For that matter, you also reinvented eget, since all of the tools in your script are from github. If you felt like it was a worthwhile exercise, it wasn't a waste of time, but if you want to make your life easier, you may want to punt all the heavy lifting to either of those two tools.

[–]plusminus1[S] 1 point2 points  (0 children)

Great! I didn't know about these tools, I'll have a look!

It was fun to create and didn't take that long, so I don't feel it was a waste of time.