Can you help me understand which.debianutils

I'm having a problem where `which` doesn't find java that is first in my PATH. That led to me looking at `/usr/bin/which.debianutils` on ubuntu 24.04. I don't understand what is going on here:

case $PATH in
(*[!:]:) PATH="$PATH:" ;;
esac

And this:

for PROGRAM in "$@"; do
RET=1
IFS_SAVE="$IFS"
IFS=:
case $PROGRAM in
*/*)
if [ -f "$PROGRAM" ] && [ -x "$PROGRAM" ]; then
puts "$PROGRAM"
RET=0
fi
;;
*)
for ELEMENT in $PATH; do
if [ -z "$ELEMENT" ]; then
ELEMENT=.
fi
if [ -f "$ELEMENT/$PROGRAM" ] && [ -x "$ELEMENT/$PROGRAM" ]; then
puts "$ELEMENT/$PROGRAM"
RET=0
[ "$ALLMATCHES" -eq 1 ] || break
fi
done
;;
esac
IFS="$IFS_SAVE"
if [ "$RET" -ne 0 ]; then
ALLRET=1
fi
done

`PROGRAM` is "java" and the noscript starts with:

set -ef

What does `*` mean with globbing turned off? What is the for loop doing?

`puts` is:

printf '%s\n' "$*"

https://redd.it/1f4siaf
@r_bash

One doubt about POSIX-Compliant features

Often I have several questions about if one binary, shell builtin or any of their options are POSIX compliant or not, such as unset -v

I'd like to know is there is any resource where I can check if above stuff is POSIX compliant or not

The truth is it seems as easy as google unset -v is posix compliant or not

But I could not find anything about that.

Probably there's an IEE resource right there or something like that.

Thanks in advance!!



https://redd.it/1f50od4
@r_bash

using qpdfview: recently I get this message before showme the pdf file

Hi, recently I get the message saying me Icon Theme "abc...." not found before qpdfview showme the pdf

screenshot: https://imgbox.com/ReZm0aBp

I don't know why and the pdf is simply, or text or and img into the pdf

I don't use templates, models of pages. I just use LO for create pdf files.

recently I am starting to use convert for get pdf files.

How can delete these messages?

https://redd.it/1f5b6ur
@r_bash

Fundamentals of handling passwords securely in a shell

I'm making this for a friend though it'd be nice to have a guide to hand people in general.

My gratitude in advance for ferocious criticism. Even if it's just a link or a nitpick it'll be gratefully appreciated so I can improve.

Cheers to everyone,

---

# Fundamentals of Handling Passwords Securely in a Shell
---

While this guide is orientated toward BASH it's relevant to all POSIX shells.

It's scope is the fundamentals of password delivery between programs in a shell enviroment intended to compliment various methods of encryption, file permissioning and software options.

# Parameters
---

Parameters of commands that are executed as a new process are exposed to ALL users through `/proc/$$/cmdline` for as long as that process exists.
See permissions: `ls -la "/proc/$$/cmdline"`

Examples:

#!/usr/bin/env bash

# printf WONT leak as it's a BASH builtin and won't generate a new process.
printf '%s\n' 'my secret'


# Functions WONT leak as they're a feature of the shell.
my_func(){ :; }
my_func 'my secret'


# sshpass WILL leak 'my secret' as it's not a built-in and executes as a
# new process.
sshpass -p 'my secret'


# Some examples of commands resulting in the same leak as expansion occurs
# before execution.
sshpass -p "$(read -sr -p 'enter password: ' pass; printf '%s' "$pass")"

sshpass -p "$(cat /my/secure/file)"

sshpass -p "$(</my/secure/file)"

# Variables
---

Variables used in the CREATION of a process are exposed to the CURRENT user through `/proc/$$/environ` for as long as that process exists, mindful that there's other ways for processes running under the same user to spy on each other.
See permissions: `ls -la "/proc/$$/environ"`

Examples:

#!/usr/bin/env bash

# Variable declaration WONT leak as it's defined within the BASH process.
pass='my secret'


# A function WONT leak a variable exported into it as it's a feature of
# the shell.
my_func(){ :; }
pass='my secret' my_func


# similarly exporting a variable into a built-in won't leak as it
# doesn't run as a new process.
pass='my secret' read -t 1


# sshpass WILL leak the exported variable to `environ` because it's not a
# built-in so the variable is used in the creation of it's process.
pass='my secret' sshpass

# Interactive History
---

This only applies to using BASH's interactive CLI, not the execution of BASH noscripts.

By default commands are saved to ~/.bash_history when the terminal is closed and this file is usually readable by all users. It's recommended to `chmod 600` this file if the `$HOME` directory isn't already secured with similar permissions (ex: 700).

If a command contains sensitive information, ex: `printf '%s' 'my_api_key' | my_prog` the following are a few ways to prevent it being written to .bash_history:

1. You can use `history -c` to clear prior history
2. You can add ignorespace to HISTCONTROL so commands beginning with a space are not recorded: `[[ $HISTCONTROL == 'ignoredups' ]] && HISTCONTROL='ignoreboth' || HISTCONTROL='ignorespace'`
3. You can hard kill the terminal with `kill -9 $$` to prevent it writing history before close.


# Good Practices
---

Secrets should never be present in exported variables or parameters of commands that execute as a new process.

Short of an app secific solution, secrets should either be written to a program through an anonymous pipe (ex: `|` or `<()`) or provided in a parameter/variable as the path to a permissioned file that contains them.

Examples:

#!/usr/bin/env bash

# Only the path to the file containing the secret is leaked to `cmdline`,
# not the secret itself in the following 3 examples
my_app -f /path/to/secrets

my_app < /path/to/secrets

PASS_FILE=/path/to/secrets my_app


# Here variable `pass` stores the password entered by the uses which is
# passed as a parameter to the built-in `printf` to write it through an
# anonymous pipe to `my_app`. Then the variable is `unset` so it's not
# accidently used somewhere else in the noscript.
read -sr -p 'enter password: ' pass
printf '%s'

"$pass" | my_app
unset pass


# The noscript itself can store the key though it doesn't mix well with
# version control and seperation of concerns.
printf '%s' 'my_api_key' | my_app


# Two examples of using process substitution `<()` in place of a password
# file as it expands to the path of a private file denoscriptor.
my_app --pass-file <( read -sr -p 'enter password: ' pass; printf '%s' "$pass" )

my_app --pass-file <( printf '%s' 'my_api_key' )

# Summary
---

- Secrets should be delivered as a path to a secure file or written over an anonymous pipe.
- Secrets can be stored in local variables though it's always better to reduce attack surface and opportunity for mistakes if you have the option.
- Secrets should never be present in exported variables or parameters of commands that execute as a new process.

https://redd.it/1f5sern
@r_bash

RunBash : Seamlessly Run Bash Scripts and Linux Binaries on Windows from Explorer, Cmd, and PowerShell

Hey everyone! 👋

If you're a developer or a power user who enjoys the flexibility of Linux but often works in a Windows environment, this might be the tool you've been looking for.

# What is RunBash?

RunBash is a handy utility that allows you to run Bash noscripts and Linux binaries directly from your Windows system. It integrates seamlessly with both Windows Explorer and the Command Prompt, providing a versatile and efficient way to execute your noscripts and binaries without needing a separate terminal or extra steps.

# Key Features:

* **Direct Execution**: Run your Bash noscripts and Linux binaries directly from Windows Explorer or the Command Prompt. No need to open a separate terminal.

* **Linux Command Integration:** Easily link and manage Linux commands within your Windows environment.

* **Context Menu Integration**: Add options to the right-click context menu in Explorer, making it easy to execute noscripts or commands from any directory.

* **Customizable SourceCode:** add Any code you want to the main batchfile (\\ProgramData\\RunBash\\RunBash.bat) to adjust the execution into your needs.

* **Customizable Execution**: Control output, error handling, and execution behavior with various parameters.

* **Root/Admin Access**: Option to run noscripts with root or admin privileges, providing the flexibility to handle system-level tasks.

* **Error and Output Handling**: Fine-tune what outputs and errors are displayed or hidden, making debugging easier.

# Why Use RunBash?

RunBash bridges the gap between Windows and Linux environments, allowing you to leverage the power of Bash and Linux tools without leaving your Windows workspace. Whether you're a developer needing to run cross-platform noscripts or a power user looking to streamline your workflow, RunBash offers a robust solution, and get you out the headacke of changing every path in the arguments from windows based to Linux based.

# Getting Started

To get started with RunBash, you can check out the repository on GitHub: [benzaria/runbash](https://github.com/benzaria/RunBash).

1. **Clone the Repo**: `git clone https://github.com/benzaria/RunBash.git`
2. **Run the Setup**: Execute `setup.bat` to install and configure RunBash.
3. **Start Using It**: You can now run Bash noscripts or Linux binaries directly from Explorer or the Command Prompt!

# Feedback and Contributions

I'm always looking for feedback and ways to improve RunBash. Feel free to open issues or submit pull requests on the GitHub repo. Let's make running Linux tools on Windows as smooth as possible!

Thanks for checking it out! I hope you find RunBash as useful as I do. 🚀

https://redd.it/1f5up6l
@r_bash

sed not working within for loop

I'm trying to do this loop

for ALLSERVER in "$HOME/Games/Servers/Minecraft/"
do

echo $( sed '53!d' "$ALLSERVER/server-properties" )

done

but `sed` is interpreting the wildcard character incorrectly, in a way that `echo` doesn't, producing the following error:

sed: can't read /home/user/Games/Servers/Minecraft//server-properties: No such file or directory

How can I make it properly substitute the wildcard for the directory in the current iteration?

https://redd.it/1f63mbt
@r_bash

[Seeking advice + critique] I wrote a collection of noscripts on creating and using LUKS volume on Linux natively rather than with third party software like veracrypt

Scripts Link: https://gitlab.com/cy_narrator/lukshelper

Complementary article: https://utsavpoudyal.com.np/posts/Create-Encrypted-File-Container-in-Linux/

So I wanted a way to deal with sensitive files on Linux without necessarily having to encrypt the entire disk of a flash drive. Basically, what I want is a way to create an encrypted file container on Linux, sort of what Veracrypt allows you to do but without any third party software, this ensures that the volume is available even when that third party software is unavailable.

The most concern I have is in my luksCreate.sh noscript. That noscript takes in a password from the user and feeds into cryptsetup. This is done for convinience, otherwise, the user has to enter the same password three times, first two times for when cryptsetup luksFormat was performed on the volume, last one when the noscript opens the volume to format it with a filesystem. I also had to do some calculations to calculate appropriate `count` for the given block size and volume size.

Someone mentioned that it is possible for someone to terminate the noscript early and read the $password1 and $password2, I tried and it is not the case because they are bash variables, not environment variables. But regardless, the passwords are overwritten with empty string after use.

Some defaults were assumed when creating the volume which is explained in my article in **Notes and Disclaimer** section.

I dont think the password handling concern is present in other noscripts as other noscripts just call on cryptsetup and make cryptsetup prompt for the password itself. But regardless, please let me know if anything else also can be improved.

I am still learning bash, I have hardly written bash before, those too were written couple of years ago and I have totally forgotten how they were written.

Please also let me know ideas on how to make these noscripts better.

https://redd.it/1f6ie7b
@r_bash

Escaping characters is grep

I am trying to grep some text between two values but I can't escape the characters.

viewME('jkhkjhkjhkjhudydsdvvytvd')

I use this command but it keeps giving me a ( error. I tested the regex in a tester and it works without issue yet when I try grep I get errors on Arch linux. What am I missing?

grep -E '(?<=viewME\\(\\').*(?=\\'\\))'

https://redd.it/1f6ulzc
@r_bash

Script doesn't terminate after simple background process exits

Script:

#!/usr/bin/env bash

# Control Tasmota plug via MQTT
status() {
mosquittosub -h addr -u user -P 1 -t 'stat/plugc/RESULT' -C 1 | jq -r .Timers &
}

status

mosquittopub -h addr -u user -P 1 -t cmnd/plugc/timers -m "OFF"

I run mosquitto_sub in the background so it can listen and return the result of mosquitto_pub, after which it exits. I get that result, but the noscript appears to "hang" (shell prompt doesn't give me back the cursor) even though the mosquitto_sub process ends (it no longer has a pid). I need to press Enter on the shell and it returns with success code 0.

If I run those commands on the interactive shell directly, it behaves as expected--I get back my command line cursor.

Any ideas?

https://redd.it/1f6zypv
@r_bash

Is It Possible to Make SSHD Generate a New sshd_config File?

Hi all

I have made some changes to my `/etc/ssh/sshd_config` file,
and I would like to compare them to the original untouched file.

Is it possible to ask SSHD to somehow generate a new sshd_config file?
Like what I had before changing any settings..

Thank you

https://redd.it/1f79iiz
@r_bash

Is It Possible to Ask "man" to Show Only a Specific Setting?

Hi all


If you run man man,
you see that man has several options to filter the output,
for example:

> man man options [section page ...] ...

Now assume this:

You want to run man sshd_config,
and thens see only the paragraph for the PubkeyAcceptedKeyTypes setting.

Is it possible to point the command to a specific setting/paragraph?

Thank you

https://redd.it/1f7ay1b
@r_bash

Which PubkeyAcceptedAlgorithm Should I Choose for SSHD, Now that "ssh-rsa" is Less Recommended?

Hi all

Since SSHD removed "ssh-rsa" from the Default List for PubkeyAcceptedAlgorithms,
I conclude that it's an old algorithm and SSHD is trying to push users to something newer and more secure.

So in man sshd_config,
we can see the following list of Algorithms that are now in the default list:

ssh-ed25519-cert-v01@openssh.com,
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
sk-ssh-ed25519-cert-v01@openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
rsa-sha2-512-cert-v01@openssh.com,
rsa-sha2-256-cert-v01@openssh.com,
ssh-ed25519,
ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384,
ecdsa-sha2-nistp521,
sk-ssh-ed25519@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,
rsa-sha2-256

Which one should I choose?

And why some of them resemble the format of an Email Address?

Thank you

https://redd.it/1f7gb20
@r_bash

[Critique] Aria2 moving downloads noscript

I’ve developed a noscript that moves completed downloads from Aria2. I’m seeking feedback on potential improvements. You can review the noscript here: [GitHub](https://github.com/macg4dave/aria_move).

I’m considering replacing the mv command with rsync and refining the variable management. Are there any other enhancements or best practices I should consider?

#!/bin/sh

# Variables for paths (no trailing slashes)
DOWNLOAD="/mnt/World/incoming"
COMPLETE="/mnt/World/completed"
LOG_FILE="/mnt/World/mvcompleted.log"
TASK_ID=$1
NUM_FILES=$2
SOURCE_FILE=$3
LOG_LEVEL=1 # 1=NORMAL, 2=NORMAL+INFO, 3=NORMAL+INFO+ERROR, 4=NORMAL+DEBUG+INFO+ERROR

# Function to log messages based on log level
log() {
local level=$1
local message=$2
local datetime=$(date '+%Y-%m-%d %H:%M:%S')

case $level in
NORMAL)
echo "$datetime - NORMAL: $message" >> "$LOG_FILE"
;;
ERROR)
[ $LOG_LEVEL -ge 2 ] && echo "$datetime - ERROR: $message" >> "$LOG_FILE"
;;
INFO)
[ $LOG_LEVEL -ge 3 ] && echo "$datetime - INFO: $message" >> "$LOG_FILE"
;;
DEBUG)
[ $LOG_LEVEL -ge 4 ] && echo "$datetime - DEBUG: $message" >> "$LOG_FILE"
;;
esac
}

# Function to find a unique name if there's a conflict
find_unique_name() {
local base=$(basename "$1")
local dir=$(dirname "$1")
local count=0
local new_base=$base

log DEBUG "Finding unique name for $1"

while [ -e "$dir/$new_base" ]; do
count=$((count + 1))
new_base="${base%.*}"_"$count.${base##*.}"
done

log DEBUG "Unique name found: $dir/$new_base"
echo "$dir/$new_base"
}

# Function to move files and handle errors
move_file() {
local src=$1
local dst_dir=$2

log DEBUG "Attempting to move file $src to directory $dst_dir"

if [ ! -d "$dst_dir" ]; then
mkdir -p "$dst_dir" || { log ERROR "Failed to create directory $dst_dir."; exit 1; }
fi

local dst=$(find_unique_name "$dst_dir/$(basename "$src")")
mv --backup=t "$src" "$dst" >> "$LOG_FILE" 2>&1 || { log ERROR "Failed to move $src to $dst."; exit 1; }

log INFO "Moved $src to $dst."
}

# Function to move all files within a directory
move_directory() {
local src_dir=$1
local dst_dir=$2

log DEBUG "Attempting to move directory $src_dir to $dst_dir"

mkdir -p "$dst_dir" || { log ERROR "Failed to create directory $dst_dir."; exit 1; }

mv --backup=t "$src_dir" "$dst_dir" >> "$LOG_FILE" 2>&1 || { log ERROR "Failed to move $src_dir to $dst_dir."; exit 1; }

log INFO "Moved directory $src_dir to $dst_dir."
}

# Main noscript starts here
log INFO "Task ID: $TASK_ID Completed."
log DEBUG "SOURCE_FILE is $SOURCE_FILE"

if [ "$NUM_FILES" -eq 0 ]; then
log INFO "No file to move for Task ID $TASK_ID."
exit 0
fi

# Determine the source and destination directories
SOURCE_DIR=$(dirname "$SOURCE_FILE")
DESTINATION_DIR=$(echo "$SOURCE_DIR" | sed "s,$DOWNLOAD,$COMPLETE,")

log DEBUG "SOURCE_DIR is $SOURCE_DIR"
log DEBUG "DESTINATION_DIR is $DESTINATION_DIR"

# Check if SOURCE_FILE is part of a directory and move the entire directory
if [ "$(basename "$SOURCE_DIR")" != "$(basename "$DOWNLOAD")" ]; then
log DEBUG "Moving entire directory as the source file is within a subdirectory"
move_directory "$SOURCE_DIR" "$COMPLETE"
else
log DEBUG "Moving a single file $SOURCE_FILE"
move_file "$SOURCE_FILE" "$DESTINATION_DIR"
fi

log NORMAL "Task ID $TASK_ID completed successfully."
log NORMAL "Moving $SOURCE_FILE completed successfully."
exit

0

https://redd.it/1f7nimj
@r_bash

Read Upwork request data

For URL

https://www.upwork.com/nx/search/jobs/?nbs=1&page=5&per\_page=50

In my Firefox Web Developer Tools the request to https://www.upwork.com/api/graphql/v1 is made and the type is 'application/x-thrift+json'.

The request headers include:

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate, br

Content-Type: application/json

Also I see the JSON response in the Web Developer tab.

But when I copy the request as curl and paste it to command line it returns gibberish which can be either a binary gzip archive or some thrift data (I have no idea what thrift is). piping to gunzip and using curl --compressed option gives an error saying it's not an archive data. How can I read that response and see JSON ?

https://redd.it/1f7vo0e
@r_bash

Quitting a Script without exiting the shell

I wrote a simple bash noscript that has a series of menus made with if statements. If a user selects an invalid option, I want the noscript to quit right away.

The problem is that exit kills the terminal this noscript is running in, & return doesn’t work since it’s not a “function or sources noscript.”

I guess I could put the whole noscript in a while loop just so I can use break in the if else statements, but is there a better way to do this?

What’s the proper way to quit a noscript? Thanks for your time!

UPDATE:
I’m a clown. I had only ever run exit directly from a terminal, & from a sourced noscript. I just assumed it always closed the terminal. My bad.

I really appreciate all the quick responses!

https://redd.it/1f85r2h
@r_bash

AutoPilot - it's siimple | Automate the setup of a new system with ease

# AutoPilot - It's simple.

[**AutoPilot**](https://github.com/Noam-Alum/AutoPilot/) is a free-to-use, [well documented](https://docs.alum.sh/AutoPilot/Introduction.html) bash noscript (for both **Debian** and **RHEL** related operating systems) written by [me](https://www.linkedin.com/in/noam-alum/) meant to automate the process of setting up a new system.

It uses [YAML](https://en.wikipedia.org/wiki/YAML) for its configuration file, so it is very easy to set up, and you can create numerous configuration files for different occasions. (I like to call them *"Profiles"* 🙃)

https://preview.redd.it/hc8790ev8nmd1.png?width=269&format=png&auto=webp&s=480f775b873bad386577d30c524fcfefc7b6ca64

**Current available directives (**[v1.0.0](https://github.com/Noam-Alum/AutoPilot/releases/tag/v1.0.0)**):**

* [SELinux](https://docs.alum.sh/AutoPilot/directives/SELinux.html)
* [Users](https://docs.alum.sh/AutoPilot/directives/Users.html)
* [Run\_Lines](https://docs.alum.sh/AutoPilot/directives/Run_Lines.html)
* [Installed\_packages](https://docs.alum.sh/AutoPilot/directives/Installed_packages.html)
* [Plugins](https://docs.alum.sh/AutoPilot/directives/Plugins.html)
* [Network\_Configuration](https://docs.alum.sh/AutoPilot/directives/Network_Configuration.html)
* [Environment\_configuration](https://docs.alum.sh/AutoPilot/directives/Environment_configuration.html)
* [Cronjobs](https://docs.alum.sh/AutoPilot/directives/Cronjobs.html)
* [Repo](https://docs.alum.sh/AutoPilot/directives/Repo.html)
* [Time](https://docs.alum.sh/AutoPilot/directives/Time.html)



**Use cases:**

|**Use Case**|**Denoscription**|
|:-|:-|
|**Educational Institutions**|Educational institutions can leverage AutoPilot to quickly deploy standardized environments for students and faculty.|
|**Development Environments**|Developers can use New System to configure their development machines with the necessary programming languages, libraries, frameworks, and tools.|
|**Personal Use**|Individuals who frequently set up new machines or reinstall their operating systems can benefit from AutoPilot by automating the setup process.|
|**Testing and QA**|AutoPilot automates test environment setup, providing quality assurance teams and testers with consistent, repeatable configurations and necessary tools.|
|**Temporary Setups**|For temporary or event-based setups like trade shows or conferences, AutoPilot quickly prepares machines with the required software and settings, making deployment and management easier for short periods.|
|**Rescue and Recovery**|When a system needs recovery or rebuilding after a failure, AutoPilot automates software reinstallation and settings reconfiguration, reducing the time to restore it to its original state.|
|**Company Deployment**|A company can use AutoPilot to quickly configure new machines, ensuring consistent software and settings. This includes installing productivity tools, setting up configurations, and applying security policies.|
|**OS Migration**|When switching operating systems, AutoPilot automates setup of applications, configurations, and settings, ensuring a smooth transition and minimizing manual reinstallation and reconfiguration.|
|**System Formatting**|If you need to format and reinstall your operating system, AutoPilot handles post-installation setup. It automates software installation, configuration, and personalization, helping you get back to work faster.|



>I hope someone could find this helpful 😁, if you want to request a new feature you can do that [here](https://github.com/Noam-Alum/AutoPilot/issues/new?assignees=Noam-Alum&labels=feature+request&projects=&template=feature-request.md&noscript=Feature+request+%7C+%5Bfeature+request+short+denoscription%5D).



**Links:**

* [GitHub](https://github.com/Noam-Alum/AutoPilot/)
* [Documentation](https://docs.alum.sh/AutoPilot/Introduction.html)
* [Contribute](https://github.com/Noam-Alum/AutoPilot/blob/main/CONTRIBUTING.md)

https://redd.it/1f88k58
@r_bash

This is official Google noscript

https://redd.it/1f89ord
@r_bash