In a bid to try and make the sharing and executing BASH scripts safer whilst maintaining convenience, I am going to be introducing automated hash checks and digital signatures. This checking will be handled by your local computer using the new
prog-exec script that you will need to install (instructions below). The source code for this is available on Github for all to review and download. Constructive criticism, pull requests, and suggestions for improvements are openly welcomed.
For now there is only automated hash checking (using sha256), and I will now be working on the signed scripts functionality. I have only tested this on my local computer running Ubuntu 16.04 and on a few basic scripts.
wget https://raw.githubusercontent.com/programster/prog-exec/master/prog-exec chmod +x prog-exec sudo mv prog-exec /bin/.
Once installed to your path, you should be able to execute one-line commands that I (and others) provide such as below to echo out "hello world".
prog-exec "1/1" "23fc5e6d9e13fc267aabd29b06f805e6e93d453923586fc75e590dc178d4f49f"
The key thing is that after the hash check succeeds, but before the script is executed, you are given the opportunity to review the script before confirming whether you wish to proceed with execution (by entering
y). If the script fails the hash check or you change your mind, then the script just exits out.
First published: 16th August 2018