Bash – source without polluting own namespace [get variables from other scripts in a safe manner]

bashshell-script

I'd like to assign the contents of variables of another bash script to variables in the calling script.

Specifically, I source this file: https://projects.archlinux.org/svntogit/packages.git/plain/trunk/PKGBUILD?h=packages/firefox (and other alike files).

The file contains variables named depends, makedepends, etc.

So in my script I have multiple statements like these:

depends="$(source "/path/to/file" ; printf '%s' "${depends[@]}")"
makedepends="$(source "/path/to/file" ; printf '%s' "${makedepends[@]}")"
...

So basically, each statement starts it's own subshell which sources the file and prints the contents of just ONE variable to a variable in the parent shell.

Is there another way which involves to start just a SINGLE subshell, source the file and get the contents of specified variables of the file assigned to specified variables in the calling shell without polluting the environment of the calling shell?

————————————————————————

Since Mark Mann pointed out the dangers of source-ing foreign scripts, I ended up with another solution. Instead of using source to get variables of another script, one can use a multi line grep with a perl regex to grep all needed variables from the file (varName=(…),varName2="…",varname3='…',varName4=…) and eval the result:

$ grepvars='(license)|(depends)|(makedepends)|(url)|(pkgdesc)|(pkgver)'
$
$ eval $(grep -Pzo "^(${grepvars})=\([^\)\(\`]*\)|^(${grepvars})=\"[^\"\(\`]*\"|^(${grepvars})='\''[^'\'']*'\''|^(${grepvars})=[^\s;\(\`]*" /tmp/above_mentioned_file)
$ echo $url
https://www.mozilla.org/firefox/
$
$ echo ${depends[@]}
gtk3 gtk2 mozilla-common libxt startup-notification mime-types dbus-glib alsa-lib ffmpeg2.8 desktop-file-utils hicolor-icon-theme libvpx icu libevent nss hunspell sqlite ttf-font

Best Answer

Use eval.

If you have your source (in /tmp/other.sh):

a=1
b=2
c=3

And you want only a portion, you can use eval to get just those items (here in /tmp/main.sh):

eval $(source /tmp/other.sh;
       echo a="$a";
       echo b="$b";)

echo a is $a "(expect 1)"
echo b is $b "(expect 2)"
echo c is $c "(expect nothing)"

And running it:

$ bash /tmp/main.sh
a is 1 (expect 1)
b is 2 (expect 2)
c is (expect nothing)

WARNING: Performing an eval or source on an untrusted script is very dangerous. You're executing a shell script, and that script can perform anything you could do yourself. WARNING

Related Solutions

Bash – How to Set Environment Variables Dynamically

export $key=$val should work just fine in bash. I suspect your issue is the pipe (|). All commands in a pipeline are executed in a subshell. In your example, the instance of bash that is running your script will fork off 2 subshells: one for cat $1 and another for the while read .... The variables are assigned and exported in the subshell running the while loop, and then all of them are promptly thrown out when the subshell exits. One way to fix this is to not spawn subshells at all. Instead of a useless use of cat, try redirection instead:

while read ...; do
   ...
done < "$1"

BashFAQ 24 explains this in much greater detail.

An alternate approach is to just source the file, with exports thrown in:

. <(sed '/^export/!s/^/export /' "$1")

^{The <( ) is process substitution.}

As an additional note of caution, since you are reading environment variables from an argument, you must make sure that the argument file $1 is a trusted source so it can't do bad things to your script.

Bash scripts ran from from gnome/nautilus don’t have environment variables

That is because a starting X session never reads your ~/.bashrc and ~/.profile. Usually, the desktop manager is started as root or its own user from an init script. The resulting process usually has the environment of the init process when it hits the desktop manager starting script. (I will not talk about less established init implementations at this point.)

After login it spawns a child process, which inherits just that environment. The child process drops privileges to your uid and runs /etc/X11/Xsession, which usually simply runs all the scripts in /etc/X11/Xsession.d. These scripts usually either set environment variables, or, specifically modify the invocation of the desktop environment.

In that directory you may find a file like 40x11-common_xsessionrc on Debian systems, which sources your ~/.xsessionrc. The last file in /etc/X11/Xsession.d will start your desktop environment. All your GUI processes will be spawned from this process, thus inherit the environment set up through /etc/X11/Xsession.d and consequently your ~/.xsessionrc.

~/.xsessionrc is a script file, which may source ~/.bashrc but that's really bad style, because then your DE sources it, the terminal process inherits that environment and then bash sources ~/.bashrc again, which may have unwanted side effects.

However, it is totally acceptible to have a ~/.myenvironmentvariables, which contains stricly (environment) variable definitions and is sourced by ~/.bashrc and ~/.xsessionrc. If you do that, all your processes will inherit the variables specified in ~/.myenvironmentvariables, especially the shell scripts you double click in Nautilus.

————————————————————————

Best Answer

Related Solutions

Bash – How to Set Environment Variables Dynamically

Bash scripts ran from from gnome/nautilus don’t have environment variables

Related Question