[Feature Request] Avoid Running Scripts from Directly Online#5
[Feature Request] Avoid Running Scripts from Directly Online#5ejtejada wants to merge 12 commits intojlambert360:masterfrom
Conversation
|
@jsj1027 |
No feel free to just continue the changes on this pull request |
|
@jsj1027 If you do accept this pull request, wait a few minutes for github to update the raw file and run |
|
So im liking this, but when testing it I ran into an issue.
Also I noticed when testing with the first command, that a setup file isnt created. Which is weird because it work basically the same way as before right? |
|
I think curl doesn't behave as expected if the file doesn't already exist. One fix is to explictly declare where curl should save to Also, I see no way around having to chmod +x setup if the file doesn't already exist without the correct permissions. |
|
@jsj1027
|
|
@jsj1027 |
Hello Everyone,
This script was awesome, and allowed me to build Ishiiruka for netplay, so thank you!
However, the current way to check if the script is up to date is dangerous. I would never suggest anyone run a script grabbed from curl, as you cannot read it before you run it.
Thus, I changed the check you implemented.
Instead of disallowing the script to run from a downloaded instance, I grab the md5sum of the online master, then compare it to the current one for the existing setup file.
This safely allows a user to just
./setup
And makes sure they are up to date.
However, doing this requires md5sum become a dependency and the shell set to bash (not dash) explicitly. This should causes no issues, but was needed for my string comparison behavior on line 16. I tested these changes to script and it compiled no problem.
I also explicitly stated the dependencies for Ubuntu in the README.
Have a great day,
~Edgar