Bash 条件管道 [英] Bash conditional piping

问题描述

如何通过管道输出命令以防万一它返回 true?

How can I pipe an output of a command just in case it returns true?

function open
{
    TEMPFILE=$(mktemp -u)
    if ! gpg2 --quiet --decrypt --batch --passphrase "$2" "$1" 2> $TEMPFILE; then
        error $"Password errata od errore di lettura dal file

Dettagli:
$(grep -v '^$' $TEMPFILE)"
        rm -f $TEMPFILE
        return 1
    fi
    rm -f $TEMPFILE
}

if ! open "$@" "$PASSWORD"; then
    exit 1
fi | <SOMECOMMAND>

这样，它只是通过管道而不检查 open 是返回 true 还是 false，因此永远不会执行exit 1".

This way, it just pipe and don't check whether open returns true or false so doesn't ever execute "exit 1".

如何在不使用文件的情况下解决它(出于安全原因).

How can I solve it without using files (for security reasons).

推荐答案

在我提出解决方案之前，让我解释一下这比你想象的更难.基本问题是时间问题:open ... 函数在运行时产生输出；在它完成运行后(因此在它产生它的输出之后)会产生一个退出状态.由于您想根据退出状态对输出执行不同的操作，因此您必须将输出临时存储在某个地方，直到函数完成，您可以决定如何处理输出.

Before I propose a solution, let me explain any this is more difficult than you realize. The basic problem is timing: the open ... function produces output as it runs; it produces an exit status after it has finished running (and hence after it has produced its output). Since you want to do different things with the output depending on the exit status, you must store the output someplace temporary until the function finishes and you can decide what to do with the output.

管道本身不能用于此，因为管道不存储数据(除了一点缓冲区空间)——它们将数据实时"从一个程序传递到另一个程序，在这种情况下，第二个程序可以'直到第一个完成后才开始.通常，临时文件将是完美的(存储数据是文件的用途)，但出于安全原因，您不希望这样做.这几乎就是将数据放在 RAM 中的某个位置(尽管这也不是完全安全的......).

A pipe inherently won't work for this, because pipes don't store data (except for a little buffer space) -- they pass data "live" from one program to another, and in this case the second program can't start until after the first has finished. Normally, a temp file would be perfect for this (storing data is what files are for), but you don't want that for security reasons. That pretty much leaves putting the data somewhere in RAM (although that's not perfectly secure either...).

@Karoly Horvath 的回答建议将输出存储在 bash 变量中(存储在 RAM 中)，但这不起作用，因为 bash 无法处理变量值中的空字节.因此，我提出了一种变体，您可以在其中使用数据的安全"编码，并将其放入 bash 变量中.我用的是uuencode格式，不过你也可以用base64、hex dump等等……

@Karoly Horvath's answer proposed storing the output in a bash variable (which is stored in RAM), but that didn't work because bash doesn't cope with null bytes in variable values. So, I propose a variant where you use a "safe" encoding of the data, and put that in a bash variable. I used uuencode format, but you could also use base64, hex dump, etc...

if result=$(open "$@" "$PASSWORD" | uuencode -; exit ${PIPESTATUS[0]}); then
    echo "$result" | uudecode -p | SOMECOMMAND
fi

请注意，PIPESTATUS 是一个 bashism，因此您应该使用 #!/bin/bash 启动脚本.此外，如果输出太长，您可能会遇到 bash 想要存储/扩展/等多少数据的限制；如果这被证明是一个问题，事情就会变得更加复杂.

Note that PIPESTATUS is a bashism, so you should start the script with #!/bin/bash. Also, if the output is too long you may run into limits on how much data bash wants to store/expand/etc; if that turns out to be a problem, things get more complicated.

顺便说一句，如果您担心安全性，请不要使用 gpg2 的 --passphrase 选项 - 在命令行上传递密码短语会将其暴露给例如任何在正确的时间运行 ps 的人，这是一个非常糟糕的主意.gpg2 提供了很多选项来提供密码，所以请使用更好的选项.

BTW, if you're concerned about security, don't use gpg2's --passphrase option -- passing the passphrase on the command line exposes it to e.g. anyone who runs ps at the right time, which is a very bad idea. gpg2 has many options for supplying the passphrase, so please use a better one.

这篇关于Bash 条件管道的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！