Shell – What’s the difference between `curl | sh` and `sh -c “$(curl)”`

command-substitutioncurldockerpipeshell

One easy install method for Docker (for example) is this:

curl -sSL https://get.docker.com/ | sh

However, I have also seen some that look like this (using the Docker example):

sh -c "$(curl -sSL https://get.docker.com/)"

They appear to be functionally the same, but is there a reason to use one over the other? Or is it just a preference/aesthetic thing?

(Of note, be very careful when running script from unknown origins.)

Best Answer

There is a practical difference.

curl -sSL https://get.docker.com/ | sh starts curl and sh at the same time, connecting the output of curl with the input of sh. curl will carry out with the download (roughly) as fast as sh can run the script. The server can detect the irregularities in the timing and inject malicious code not visible when simply downloading the resource into a file or buffer or when viewing it in a browser.

In sh -c "$(curl -sSL https://get.docker.com/)", curl is run strictly before the sh is run. The whole contents of the resource are downloaded and passed to your shell before the sh is started. Your shell only starts sh when curl has exited, and passes the text of the resource to it. The server cannot detect the sh call; it is only started after the connection ends. It is similar to downloading the script into a file first.

(This may not relevant in the docker case, but it may be a problem in general and highlights a practical difference between the two commands.)

Related Solutions

shell – Difference Between $(stuff) and `stuff`

The old-style backquotes ` ` do treat backslashes and nesting a bit different. The new-style $() interprets everything in between ( ) as a command.

echo $(uname | $(echo cat))
Linux

echo `uname | `echo cat``
bash: command substitution: line 2: syntax error: unexpected end of file
echo cat

works if the nested backquotes are escaped:

echo `uname | \`echo cat\``
Linux

backslash fun:

echo $(echo '\\')
\\

echo `echo '\\'`
\

The new-style $() applies to all POSIX-conformant shells.
As mouviciel pointed out, old-style ` ` might be necessary for older shells.

Apart from the technical point of view, the old-style ` ` has also a visual disadvantage:

Hard to notice: I like $(program) better than `program`
Easily confused with a single quote: '`'`''`''`'`''`'
Not so easy to type (maybe not even on the standard layout of the keyboard)

_{(and SE uses ` ` for own purpose, it was a pain writing this answer :)}

Difference Between Curl and Wget Explained

The main differences are:

wget's major strong side compared to curl is its ability to download recursively.
wget is command line only. There's no lib or anything, but curl's features are powered by libcurl.
curl supports FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, POP3, IMAP, SMTP, RTMP and RTSP. wget supports HTTP, HTTPS and FTP.
curl builds and runs on more platforms than wget.
wget is released under a free software copyleft license (the GNU GPL). curl is released under a free software permissive license (a MIT derivate).
curl offers upload and sending capabilities. wget only offers plain HTTP POST support.

You can see more details at the following link:

curl vs Wget

Best Answer

Related Solutions

shell – Difference Between $(stuff) and `stuff`

Difference Between Curl and Wget Explained

Related Question