如何使用 Powershell 下载脚本文件然后通过传入参数执行它? [英] How to use Powershell to download a script file then execute it with passing in arguments?
问题描述
我通常使用这个命令来运行一些 powershell 脚本:
<代码>&".\NuGet\NuGet Package and Publish.ps1" -Version $env:appveyor_build_version -NuGet "C:\Tools\NuGet\nuget.exe" -apiKey $env:apiKey
工作正常,但脚本在我的服务器本地找到.
我希望说:用参数等运行这个脚本......很好......但脚本位于 GIST 或某些 GitHub 公共存储库中.
这可能吗?
在 linux 世界中,这通常被称为piping to bash"
这是一个安装 Chef 取自 Chef 文档的示例
curl -L https://omnitruck.chef.io/install.sh |须藤 bash同样的事情可以用powershell完成
<预><代码>.{ iwr -useb https://omnitruck.chef.io/install.ps1 } |即;安装iwr 是 Invoke-WebRequest 的简写,iex 是 Invoke-Expression
由于您特别询问了传入参数的问题,这里有一个带有 args 的示例.
<预><代码>.{ iwr -useb https://omnitruck.chef.io/install.ps1 } |即;安装 -channel 当前 -project Chefdk您可以查看 powershell 脚本,以便更清楚地了解其工作原理.
基本上将您的 powershell 脚本作为 github gist 托管,然后在脚本中将所有内容包装在一个模块中
new-module -name foobar -scriptblock {函数 Foo() {}功能栏(){}函数安装项目(){参数 ([字符串]$project = '厨师',[字符串]$channel = '稳定')富酒吧}设置别名安装-值安装项目export-modulemember -function 'Foo','Bar' -alias 'install'}<小时>
最佳做法
'Piping to bash' 是有争议的,因为如果您不小心,攻击者理论上有可能拦截并用他们自己的脚本替换您的脚本.
- 仅安装您控制或完全信任的脚本
- 使用永久链接或验证您下载的文件的哈希值
- 只能从 https 下载
I usually have this command to run some powershell script:
& ".\NuGet\NuGet Package and Publish.ps1" -Version $env:appveyor_build_version -NuGet "C:\Tools\NuGet\nuget.exe" -apiKey $env:apiKey
works fine but the script is found locally on my server.
I'm hoping to say: run this script with arguments, etc.. fine .. but the script is located as a GIST or in some GitHub public repo.
Is this possible?
In the linux world, this is commonly referred to as 'piping to bash'
Here is an example that installs chef taken from the chef documentation
curl -L https://omnitruck.chef.io/install.sh | sudo bash
The same thing can be done with powershell
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install
iwr is shorthand for Invoke-WebRequest and iex is short for Invoke-Expression
Since you specifically asked about passing in arguments, here is an example with args.
. { iwr -useb https://omnitruck.chef.io/install.ps1 } | iex; install -channel current -project chefdk
You can look at the powershell script for a clearer understanding how it works.
Basically host your powershell script as a github gist, then in the script wrap everything in a module
new-module -name foobar -scriptblock {
Function Foo() {
}
Function Bar() {
}
Function Install-Project() {
param (
[string]$project = 'chef',
[string]$channel = 'stable'
)
Foo
Bar
}
set-alias install -value Install-Project
export-modulemember -function 'Foo','Bar' -alias 'install'
}
Best practices
'Piping to bash' is controversial because it is theoretically possible for attacker to intercept and replace your script with their own if you aren't careful.
- Only install scripts you control or fully trust
- Use permalinks or verify hashes of file you download
- Only download from https
这篇关于如何使用 Powershell 下载脚本文件然后通过传入参数执行它?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
