From dcf6534c1fe121558dba34feb947293e1285bb96 Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Mon, 18 May 2020 14:57:53 +0200 Subject: [PATCH 1/7] add some bot token warnings --- bashbot.sh | 22 +++++++++++++++++++--- doc/0_install.md | 2 +- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/bashbot.sh b/bashbot.sh index c297399..6d9299d 100755 --- a/bashbot.sh +++ b/bashbot.sh @@ -11,7 +11,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ V0.94-5-g1dc0211 # # Exit Codes: # - 0 sucess (hopefully) @@ -28,6 +28,7 @@ if [ -t 1 ] && [ -n "$TERM" ]; then RED='\e[31m' GREEN='\e[32m' ORANGE='\e[35m' + GREY='\e[1;30m' NC='\e[0m' fi @@ -110,7 +111,13 @@ if [ -z "${BOTTOKEN}" ]; then printf '%s\n' "${BOTTOKEN}" > "${TOKENFILE}" fi fi - [ -z "${BOTTOKEN}" ] && BOTTOKEN="$(< "${TOKENFILE}")" + if [ "$(cat -v "${TOKENFILE}" | wc | sed -e 's/[[:space:]]//g')" != "1146" ]; then + echo -e "${ORANGE}Warning, something may wrong with your token file.${NC}" + echo -e "${ORANGE}The file musst be 1 newline, 1 word, and 46 byte, your's is:${NC}\c" + wc "${TOKENFILE}" + fi + BOTTOKEN="$(< "${TOKENFILE}")" + # setup botadmin file if [ ! -f "${BOTADMIN}" ]; then if [ -z "${CLEAR}" ]; then @@ -148,6 +155,15 @@ if [ -z "${BOTTOKEN}" ]; then exit 2 fi fi +if [[ ! "${BOTTOKEN}" =~ ^[0-9]+:[a-zA-Z0-9_-]+$ ]]; then + echo -e "${ORANGE}Warning, your bottoken may incorrent. it sould have the following format:${NC}" + echo -e "${GREY}123456789${RED}:${GREY}Aa-Zz_0Aa-Zz_1Aa-Zz_2Aa-Zz_3Aa-Zz_4${ORANGE} => ${NC}\c" + echo -e "${GREY}9 digits${RED}:${GREY}35 alnum characters + '_-'${NC}" + echo -e "${ORANGE}Your current token is: ${GREY}${BOTTOKEN//:/${RED}:${GREY}}${NC}" +fi +if [ "${BOTTOKEN#bot}" != "${BOTTOKEN}" ]; then + echo -e "${ORANGE}Warning, your token starts with '${GREY}bot${NC}${ORANGE}', did you forget to remove it?.${NC}" +fi ################## # here we start with the real stuff @@ -840,7 +856,7 @@ if [ "${SOURCE}" != "yes" ]; then ;; *) echo -e "${RED}${REALME}: BAD REQUEST${NC}" - echo -e "${RED}Available arguments: start, stop, kill, status, count, broadcast, help, suspendback, resumeback, killback${NC}" + echo -e "${RED}Available arguments: ${GREY}start, stop, kill, status, count, broadcast, help, suspendback, resumeback, killback${NC}" exit 4 ;; esac diff --git a/doc/0_install.md b/doc/0_install.md index 1d70836..66207bf 100644 --- a/doc/0_install.md +++ b/doc/0_install.md @@ -98,5 +98,5 @@ The old format is supported for backward compatibility, but may fail for corner #### [Next Create Bot](1_firstbot.md) -#### $$VERSION$$ V0.94-3-gca803c0 +#### $$VERSION$$ V0.94-4-gf0a7d85 From 3d92bf3ca84453463aefeb7009ee209fca80bf60 Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Mon, 18 May 2020 18:34:34 +0200 Subject: [PATCH 2/7] some bot token checks: format, length, non printable chars --- bashbot.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bashbot.sh b/bashbot.sh index 6d9299d..c4148af 100755 --- a/bashbot.sh +++ b/bashbot.sh @@ -11,7 +11,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # -#### $$VERSION$$ V0.94-5-g1dc0211 +#### $$VERSION$$ V0.94-6-gdcf6534 # # Exit Codes: # - 0 sucess (hopefully) @@ -114,7 +114,7 @@ if [ -z "${BOTTOKEN}" ]; then if [ "$(cat -v "${TOKENFILE}" | wc | sed -e 's/[[:space:]]//g')" != "1146" ]; then echo -e "${ORANGE}Warning, something may wrong with your token file.${NC}" echo -e "${ORANGE}The file musst be 1 newline, 1 word, and 46 byte, your's is:${NC}\c" - wc "${TOKENFILE}" + cat -v "${TOKENFILE}" | wc | sed -e 's/[[:space:]]\+/ /g' fi BOTTOKEN="$(< "${TOKENFILE}")" @@ -159,7 +159,7 @@ if [[ ! "${BOTTOKEN}" =~ ^[0-9]+:[a-zA-Z0-9_-]+$ ]]; then echo -e "${ORANGE}Warning, your bottoken may incorrent. it sould have the following format:${NC}" echo -e "${GREY}123456789${RED}:${GREY}Aa-Zz_0Aa-Zz_1Aa-Zz_2Aa-Zz_3Aa-Zz_4${ORANGE} => ${NC}\c" echo -e "${GREY}9 digits${RED}:${GREY}35 alnum characters + '_-'${NC}" - echo -e "${ORANGE}Your current token is: ${GREY}${BOTTOKEN//:/${RED}:${GREY}}${NC}" + echo -e "${ORANGE}Your current token is: '${GREY}$(cat -ve <<<"${BOTTOKEN//:/${RED}:${GREY}}")' (one $ is ok){NC}" fi if [ "${BOTTOKEN#bot}" != "${BOTTOKEN}" ]; then echo -e "${ORANGE}Warning, your token starts with '${GREY}bot${NC}${ORANGE}', did you forget to remove it?.${NC}" From 876361f5625b789da04dac3f86c2dd840598795d Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Tue, 19 May 2020 14:58:29 +0200 Subject: [PATCH 3/7] install gnu utils on BSD and MacOS ... --- README.html | 8 ++++---- README.md | 10 +++++----- README.txt | 17 ++++++++-------- bashbot.sh | 31 ++++++++++++++++------------- doc/0_install.md | 13 ++++++++----- examples/bash2env.sh | 46 ++++++++++++++++++++++++++++++-------------- 6 files changed, 76 insertions(+), 49 deletions(-) diff --git a/README.html b/README.html index 4d337e6..2f448c3 100644 --- a/README.html +++ b/README.html @@ -91,7 +91,8 @@ Written by Drew (@topkecleon), Daniil Gentili (@danogentili), and Kay M (@gnadel

Released to the public domain wherever applicable. Elsewhere, consider it released under the WTFPLv2.

Prerequisites

Uses JSON.sh, but no more TMUX.

-

Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. More concret on the common commands provided by coreutils, busybox or toybox, see Developer Notes

+

Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. More concret on the common commands provided by recent versions of coreutils, busybox or toybox, see Developer Notes

+

Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see Install Bashbot

Bashbot Documentation and Downloads are availible on www.github.com

Documentation

    @@ -150,8 +151,7 @@ Written by Drew (@topkecleon), Daniil Gentili (@danogentili), and Kay M (@gnadel
  • Examples Dir

Your really first bashbot in a nutshell

-

Note for MacOS: you must install install a more current bash, see Install Bashbot

-

To install and run bashbot you need acess to a linux/unix/bsd command line. If you don't know how to get accces to a linux/unix/bsd like command line you should stop reading here :-(

+

To install and run bashbot you need acess to a linux/unix command line. If you don't know how to get accces to a linux/unix/bsd like command line you should stop reading here :-(

In addition you need a Telegram client and a mobile phone to register an account. If you don't want to register for Telegram you should stop reading here ;-)

After you're registered to Telegram send a message to @botfather, create a new Telegram Bot token and write it down. You need the token to install the bot.

Now open a linux/unix/bsd terminal and check if bash is installed: which bash && echo "bash installed!". If you get an error message bash is not installed.

@@ -228,6 +228,6 @@ It features background tasks and interactive chats, and can serve as an interfac

@Gnadelwartz

That's it!

If you feel that there's something missing or if you found a bug, feel free to submit a pull request!

-

$$VERSION$$ V0.94-2-gced78d3

+

$$VERSION$$ V0.94-7-g3d92bf3

diff --git a/README.md b/README.md index fdde078..e3db184 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,9 @@ Elsewhere, consider it released under the [WTFPLv2](http://www.wtfpl.net/txt/cop Uses [JSON.sh](http://github.com/dominictarr/JSON.sh), but no more TMUX. Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. -More concret on the common commands provided by [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands) +More concret on the common commands provided by recent versions of [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands) + +Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see [Install Bashbot](doc/0_install.md) Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and [Downloads](https://github.com/topkecleon/telegram-bot-bash/releases) are availible on www.github.com @@ -60,9 +62,7 @@ Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and [Do ### Your really first bashbot in a nutshell -Note for MacOS: you must install install a more current bash, see [Install Bashbot](doc/0_install.md) - -To install and run bashbot you need acess to a linux/unix/bsd command line. If you don't know how to get accces to a linux/unix/bsd like command line you should stop reading here :-( +To install and run bashbot you need acess to a linux/unix command line. If you don't know how to get accces to a linux/unix/bsd like command line you should stop reading here :-( In addition you need a [Telegram client](https://telegram.org) and a mobile phone to [register an account](https://telegramguide.com/create-a-telegram-account/). If you don't want to register for Telegram you should stop reading here ;-) @@ -192,4 +192,4 @@ This may happen if to many wrong requests are sent to api.telegram.org, e.g. usi If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-2-gced78d3 +#### $$VERSION$$ V0.94-7-g3d92bf3 diff --git a/README.txt b/README.txt index 490cded..a3740c2 100644 --- a/README.txt +++ b/README.txt @@ -17,12 +17,16 @@ Uses [JSON.sh](http://github.com/dominictarr/JSON.sh), but no more TMUX. Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. -More concret on the common commands provided by +More concret on the common commands provided by recent versions of [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands) +Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and +(gnu)sed versions, bashbot may not run without installing additional software, +see [Install Bashbot](doc/0_install.md) + Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and [Downloads](https://github.com/topkecleon/telegram-bot-bash/releases) are @@ -71,12 +75,9 @@ availible on www.github.com ### Your really first bashbot in a nutshell -Note for MacOS: you must install install a more current bash, see [Install -Bashbot](doc/0_install.md) - -To install and run bashbot you need acess to a linux/unix/bsd command line. If -you don't know how to get accces to a linux/unix/bsd like command line you -should stop reading here :-( +To install and run bashbot you need acess to a linux/unix command line. If you +don't know how to get accces to a linux/unix/bsd like command line you should +stop reading here :-( In addition you need a [Telegram client](https://telegram.org) and a mobile phone to [register an @@ -269,4 +270,4 @@ tor proxy on your server you may uncomment the ```BASHBOT_CURL_ARGS``` line in If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-2-gced78d3 +#### $$VERSION$$ V0.94-7-g3d92bf3 diff --git a/bashbot.sh b/bashbot.sh index c4148af..f7b5d04 100755 --- a/bashbot.sh +++ b/bashbot.sh @@ -11,7 +11,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # -#### $$VERSION$$ V0.94-6-gdcf6534 +#### $$VERSION$$ V0.94-7-g3d92bf3 # # Exit Codes: # - 0 sucess (hopefully) @@ -111,12 +111,9 @@ if [ -z "${BOTTOKEN}" ]; then printf '%s\n' "${BOTTOKEN}" > "${TOKENFILE}" fi fi - if [ "$(cat -v "${TOKENFILE}" | wc | sed -e 's/[[:space:]]//g')" != "1146" ]; then - echo -e "${ORANGE}Warning, something may wrong with your token file.${NC}" - echo -e "${ORANGE}The file musst be 1 newline, 1 word, and 46 byte, your's is:${NC}\c" - cat -v "${TOKENFILE}" | wc | sed -e 's/[[:space:]]\+/ /g' - fi + # read BOTTOKEN from file and removen everyting from first newline to end BOTTOKEN="$(< "${TOKENFILE}")" + BOTTOKEN="${BOTTOKEN%%$'\n'*}" # setup botadmin file if [ ! -f "${BOTADMIN}" ]; then @@ -155,16 +152,24 @@ if [ -z "${BOTTOKEN}" ]; then exit 2 fi fi -if [[ ! "${BOTTOKEN}" =~ ^[0-9]+:[a-zA-Z0-9_-]+$ ]]; then - echo -e "${ORANGE}Warning, your bottoken may incorrent. it sould have the following format:${NC}" +# do we have BSD sed +if ! sed '1ia' /dev/null; then + echo -e "${ORANGE}Warning: You may run on a BSD style system without gnu utils ...${NC}" +fi +# BOTTOKEN format checks +if [[ ! "${BOTTOKEN}" =~ ^[0-9]{8,10}:[a-zA-Z0-9_-]{35}$ ]]; then + echo -e "${ORANGE}Warning, your bottoken may incorrect. it should have the following format:${NC}" echo -e "${GREY}123456789${RED}:${GREY}Aa-Zz_0Aa-Zz_1Aa-Zz_2Aa-Zz_3Aa-Zz_4${ORANGE} => ${NC}\c" - echo -e "${GREY}9 digits${RED}:${GREY}35 alnum characters + '_-'${NC}" - echo -e "${ORANGE}Your current token is: '${GREY}$(cat -ve <<<"${BOTTOKEN//:/${RED}:${GREY}}")' (one $ is ok){NC}" -fi -if [ "${BOTTOKEN#bot}" != "${BOTTOKEN}" ]; then - echo -e "${ORANGE}Warning, your token starts with '${GREY}bot${NC}${ORANGE}', did you forget to remove it?.${NC}" + echo -e "${GREY}8-10 digits${RED}:${GREY}35 alnum characters + '_-'${NC}" + echo -e "${ORANGE}Your current token is: '${GREY}^$(cat -ve <<<"${BOTTOKEN//:/${RED}:${GREY}}")${ORANGE}'${NC}" + [[ ! "${BOTTOKEN}" =~ ^[0-9]{8,10}: ]] &&\ + echo -e "${ORANGE}Possible problem in the digits part, len is $(($(wc -c <<<"${BOTTOKEN%:*}")-1))${NC}" + [[ ! "${BOTTOKEN}" =~ :[a-zA-Z0-9_-]{35}$ ]] &&\ + echo -e "${ORANGE}Posilbe problem in the charatcers part, len is $(($(wc -c <<<"${BOTTOKEN#*:}")-1))${NC}" fi +exit + ################## # here we start with the real stuff URL="${BASHBOT_URL:-https://api.telegram.org/bot}${BOTTOKEN}" diff --git a/doc/0_install.md b/doc/0_install.md index 66207bf..1b054b2 100644 --- a/doc/0_install.md +++ b/doc/0_install.md @@ -43,13 +43,16 @@ If you modified ```commands.sh``` move your changes to ```mycommands.sh```, this Now you can restart your bashbot instances. -### Note for MacOS Users +### Note for BSD and MacOS -You must install a more current version of bash, as the default bash is way to old, +**On MacOS** You must install a more current version of bash, as the default bash is way to old, see e.g. [Install Bash on Mac](http://macappstore.org/bash/) -After installation / update of bashbot you must change the shebang line to point to your bash location -e.g. with the provided script ```bash -c "examples/bash2env *.sh */*.sh"``` +**On BSD and MacOS** I recommend to install the gnu variants of coreutils and include them in front of your PATH +environment variable before running bashbot, e.g. sed, grep, find + +In adition you must adjust the shebang line of the scripts ```bashbot.sh``` and ```json.sh``` to point to to the correct bash +or use the example script: ```examples/bash2env *.sh */*.sh``` We stay with /bin/bash shebang, because using the system bash is more save, see [Security Considerations](../README.md#Security-Considerations) @@ -98,5 +101,5 @@ The old format is supported for backward compatibility, but may fail for corner #### [Next Create Bot](1_firstbot.md) -#### $$VERSION$$ V0.94-4-gf0a7d85 +#### $$VERSION$$ V0.94-7-g3d92bf3 diff --git a/examples/bash2env.sh b/examples/bash2env.sh index c0ee605..15a81cf 100755 --- a/examples/bash2env.sh +++ b/examples/bash2env.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # file: bash2env.sh # simole helper script to convert bash shebang from # ! /bin/bash TO ! /usr/bin/env bash @@ -6,7 +6,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ V0.94-7-g3d92bf3 # adjust your language setting here # https://github.com/topkecleon/telegram-bot-bash#setting-up-your-environment @@ -15,23 +15,41 @@ export 'LANG=C.UTF-8' export 'LANGUAGE=C.UTF-8' unset IFS +MYSHEBANG="" ################ -# uncomment thenfollowing line to make the conversion -# DOIT="yes" +# uncomment one of the following lines to make the conversion +# linux/unix bash +# MYSHEBANG="#!/bin/bash" + +# BSD bash +# MYSHEBANG="#!/usr/bin/bash" + +# homebrew gnu bash on MacOS +# MYSHEBANG="#!/usr/local/opt/bash" + +# use portable /usr/bin/env +# MYSHEBANG="#!/usr/bin/env bash" + +# bashbot default bash +FROMSHEBANG="#!/bin/bash" + +# uncomment to convert back to bashbot default bash +# FROMSHEBANG="#!/usr/bin/env bash" +# MYSHEBANG="#!/bin/bash" if [ "$1" = "" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then - echo "$0: convert bash shebang to /usr/bin/env bash" + echo "$0: convert bash shebang to point to your local installation" echo "usage: $0 script [script ...]" exit fi # loop tomprocess files -if [ "${DOIT}" = "yes" ]; then - echo "Warning, changes will be done!" +if [ "${MYSHEBANG}" != "" ]; then + echo "Warning, shebang will changed from ${FROMSHEBANG} changed to ${MYSHEBANG}!" else - echo "Dry run, output changes only!" - echo "Uncomment DOIT=\"yes\" in script to make the changes permanent." + echo "Dry run, demonstration only!" + echo "Uncomment one of the MYSHEBANG= lines fitting your environment to make the changes permanent." fi @@ -45,15 +63,15 @@ do file "${file}" if [[ "$(file -b "${file}")" =~ Bourne.*script.*text ]]; then echo "Processing ${file} ..." - if head -n 1 "${file}" | grep -q '^#!/bin/bash'; then - if [ "${DOIT}" = "yes" ]; then - sed -i -e '1 s|^#!/bin/bash|#!/usr/bin/env bash|' "${file}" + if head -n 1 "${file}" | grep -q "^${FROMSHEBANG}"; then + if [ "${MYSHEBANG}" != "" ]; then + sed -i -e '1 s|^'"${FROMSHEBANG}"'|'"${MYSHEBANG}"'|' "${file}" head -n 1 "${file}" else - sed -n -e '1 s|^#!/bin/bash|#!/usr/bin/env bash (dry run)|p' "${file}" + sed -n -e '1 s|^'"${FROMSHEBANG}"'|#!/some/shebang/bash (dry run)|p' "${file}" fi else - echo "No #!/bin/bash shebang, nothing to convert." + echo "Found: $(head -n 1 "${file}") - Nothing to convert." fi echo -e "... done.\n" else From 46af6348a79ed656d5ccde7d8d294be3b93c91de Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Tue, 19 May 2020 15:15:26 +0200 Subject: [PATCH 4/7] some doc typo and imorovments --- README.html | 4 ++-- README.md | 4 ++-- README.txt | 4 ++-- doc/0_install.md | 10 +++++----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.html b/README.html index 2f448c3..0dc596b 100644 --- a/README.html +++ b/README.html @@ -92,7 +92,7 @@ Written by Drew (@topkecleon), Daniil Gentili (@danogentili), and Kay M (@gnadel

Prerequisites

Uses JSON.sh, but no more TMUX.

Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. More concret on the common commands provided by recent versions of coreutils, busybox or toybox, see Developer Notes

-

Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see Install Bashbot

+

Note for MacOS and BSD Users: As bashbot use behavior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see Install Bashbot

Bashbot Documentation and Downloads are availible on www.github.com

Documentation

    @@ -228,6 +228,6 @@ It features background tasks and interactive chats, and can serve as an interfac

    @Gnadelwartz

    That's it!

    If you feel that there's something missing or if you found a bug, feel free to submit a pull request!

    -

    $$VERSION$$ V0.94-7-g3d92bf3

    +

    $$VERSION$$ V0.94-8-g876361f

    diff --git a/README.md b/README.md index e3db184..5424140 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Uses [JSON.sh](http://github.com/dominictarr/JSON.sh), but no more TMUX. Even bashbot is written in bash, it depends on commands typically availible in a Unix/Linux Environment. More concret on the common commands provided by recent versions of [coreutils](https://en.wikipedia.org/wiki/List_of_GNU_Core_Utilities_commands), [busybox](https://en.wikipedia.org/wiki/BusyBox#Commands) or [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands) -Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see [Install Bashbot](doc/0_install.md) +*Note for MacOS and BSD Users:* As bashbot use behavior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see [Install Bashbot](doc/0_install.md) Bashbot [Documentation](https://github.com/topkecleon/telegram-bot-bash) and [Downloads](https://github.com/topkecleon/telegram-bot-bash/releases) are availible on www.github.com @@ -192,4 +192,4 @@ This may happen if to many wrong requests are sent to api.telegram.org, e.g. usi If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-7-g3d92bf3 +#### $$VERSION$$ V0.94-8-g876361f diff --git a/README.txt b/README.txt index a3740c2..a894042 100644 --- a/README.txt +++ b/README.txt @@ -23,7 +23,7 @@ More concret on the common commands provided by recent versions of [toybox](https://landley.net/toybox/help.html), see [Developer Notes](doc/7_develop.md#common-commands) -Note for MacOS and BSD Users: As bashbot use behaivior of recent bash and +*Note for MacOS and BSD Users:* As bashbot use behavior of recent bash and (gnu)sed versions, bashbot may not run without installing additional software, see [Install Bashbot](doc/0_install.md) @@ -270,4 +270,4 @@ tor proxy on your server you may uncomment the ```BASHBOT_CURL_ARGS``` line in If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-7-g3d92bf3 +#### $$VERSION$$ V0.94-8-g876361f diff --git a/doc/0_install.md b/doc/0_install.md index 1b054b2..a16c4b0 100644 --- a/doc/0_install.md +++ b/doc/0_install.md @@ -45,16 +45,16 @@ Now you can restart your bashbot instances. ### Note for BSD and MacOS -**On MacOS** You must install a more current version of bash, as the default bash is way to old, +**On MacOS** you must install a more recent version of bash, as the default bash is way to old, see e.g. [Install Bash on Mac](http://macappstore.org/bash/) -**On BSD and MacOS** I recommend to install the gnu variants of coreutils and include them in front of your PATH -environment variable before running bashbot, e.g. sed, grep, find +**On BSD and MacOS** I recommend to install gnu coreutils and include them in front of your PATH +environment variable before running bashbot, e.g. the gnu versions of sed, grep, find ... In adition you must adjust the shebang line of the scripts ```bashbot.sh``` and ```json.sh``` to point to to the correct bash or use the example script: ```examples/bash2env *.sh */*.sh``` -We stay with /bin/bash shebang, because using the system bash is more save, see +Bashbot will stay with /bin/bash shebang, as using a fixed path is more secure than the portable /usr/bin/env variant, see [Security Considerations](../README.md#Security-Considerations) ### Notes on Updates @@ -101,5 +101,5 @@ The old format is supported for backward compatibility, but may fail for corner #### [Next Create Bot](1_firstbot.md) -#### $$VERSION$$ V0.94-7-g3d92bf3 +#### $$VERSION$$ V0.94-8-g876361f From c86efb1e07ebaf10ccb6eab80daab8f0a9bd44b8 Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Tue, 19 May 2020 15:21:48 +0200 Subject: [PATCH 5/7] fix doc typo --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5424140..e7072ae 100644 --- a/README.md +++ b/README.md @@ -116,10 +116,10 @@ In addition bashbot has a [test suite](doc/7_develop.md) to check if important f **We stay with /bin/bash shebang, because it's more save from security perspective.** -Using the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using -possibly broken, mangled or compromised bash executables. +Using a fixed path to the system provided bash makes it harder for attackers or users to place alternative versions of bash +and avoids using a possibly broken, mangled or compromised bash executable. -If you are a MacOS user or forced to use an alternative bash, see [Install Bashbot](doc/0_install.md) +If you are a BSD / MacOS user or must to use an other bash location, see [Install Bashbot](doc/0_install.md) ### Run your Bot as a restricted user **I recommend to run your bot as a user, with almost no access rights.** From a055b775d7a39c3dc7cf8e49f4b6149f572b026f Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Tue, 19 May 2020 17:32:29 +0200 Subject: [PATCH 6/7] use MarkdownV2 --- README.html | 6 +++--- README.md | 2 +- README.txt | 12 ++++++------ modules/sendMessage.sh | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/README.html b/README.html index 0dc596b..a0e272d 100644 --- a/README.html +++ b/README.html @@ -181,8 +181,8 @@ It features background tasks and interactive chats, and can serve as an interfac

    A powerful tool to improve your scripts is shellcheck. You can use it online or install shellcheck locally. Shellcheck is used extensive in bashbot development to enshure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests. In addition bashbot has a test suite to check if important functionality is working as expected.

    Do not use #!/usr/bin/env bash

    We stay with /bin/bash shebang, because it's more save from security perspective.

    -

    Using the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables.

    -

    If you are a MacOS user or forced to use an alternative bash, see Install Bashbot

    +

    Using a fixed path to the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using a possibly broken, mangled or compromised bash executable.

    +

    If you are a BSD / MacOS user or must to use an other bash location, see Install Bashbot

    Run your Bot as a restricted user

    I recommend to run your bot as a user, with almost no access rights. All files your Bot have write access to are in danger to be overwritten/deleted if your bot is hacked. For the same reason ervery file your Bot can read is in danger to be disclosed. Restict your Bots access rigths to the absolute minimum.

    Never run your Bot as root, this is the most dangerous you can do! Usually the user 'nobody' has almost no rights on Unix/Linux systems. See Expert use on how to run your Bot as an other user.

    @@ -228,6 +228,6 @@ It features background tasks and interactive chats, and can serve as an interfac

    @Gnadelwartz

    That's it!

    If you feel that there's something missing or if you found a bug, feel free to submit a pull request!

    -

    $$VERSION$$ V0.94-8-g876361f

    +

    $$VERSION$$ V0.94-9-g46af634

    diff --git a/README.md b/README.md index e7072ae..682ab9e 100644 --- a/README.md +++ b/README.md @@ -192,4 +192,4 @@ This may happen if to many wrong requests are sent to api.telegram.org, e.g. usi If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-8-g876361f +#### $$VERSION$$ V0.94-9-g46af634 diff --git a/README.txt b/README.txt index a894042..38f057c 100644 --- a/README.txt +++ b/README.txt @@ -160,12 +160,12 @@ functionality is working as expected. **We stay with /bin/bash shebang, because it's more save from security perspective.** -Using the system provided bash makes it harder for attackers or users to place -alternative versions of bash and avoids using -possibly broken, mangled or compromised bash executables. +Using a fixed path to the system provided bash makes it harder for attackers or +users to place alternative versions of bash +and avoids using a possibly broken, mangled or compromised bash executable. -If you are a MacOS user or forced to use an alternative bash, see [Install -Bashbot](doc/0_install.md) +If you are a BSD / MacOS user or must to use an other bash location, see +[Install Bashbot](doc/0_install.md) ### Run your Bot as a restricted user **I recommend to run your bot as a user, with almost no access rights.** @@ -270,4 +270,4 @@ tor proxy on your server you may uncomment the ```BASHBOT_CURL_ARGS``` line in If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-8-g876361f +#### $$VERSION$$ V0.94-9-g46af634 diff --git a/modules/sendMessage.sh b/modules/sendMessage.sh index 1df7f87..19e8e9e 100644 --- a/modules/sendMessage.sh +++ b/modules/sendMessage.sh @@ -5,7 +5,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ v0.96-dev-0-gc86efb1 # source once magic, function named like file eval "$(basename "${BASH_SOURCE[0]}")(){ :; }" @@ -35,7 +35,7 @@ send_normal_message() { send_markdown_message() { local text; text="$(JsonEscape "${2}")" until [ -z "${text}" ]; do - sendJson "${1}" '"text":"'"${text:0:4096}"'","parse_mode":"markdown"' "${MSG_URL}" + sendJson "${1}" '"text":"'"${text:0:4096}"'","parse_mode":"markdownv2"' "${MSG_URL}" text="${text:4096}" done } From f8f59a3cab6731cf7ab68962e30d0b4324bded6d Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Tue, 19 May 2020 17:37:26 +0200 Subject: [PATCH 7/7] revert v2 for master --- modules/sendMessage.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/sendMessage.sh b/modules/sendMessage.sh index 19e8e9e..654d039 100644 --- a/modules/sendMessage.sh +++ b/modules/sendMessage.sh @@ -5,7 +5,7 @@ # This file is public domain in the USA and all free countries. # Elsewhere, consider it to be WTFPLv2. (wtfpl.net/txt/copying) # -#### $$VERSION$$ v0.96-dev-0-gc86efb1 +#### $$VERSION$$ v0.941-0-ga055b77 # source once magic, function named like file eval "$(basename "${BASH_SOURCE[0]}")(){ :; }" @@ -35,7 +35,7 @@ send_normal_message() { send_markdown_message() { local text; text="$(JsonEscape "${2}")" until [ -z "${text}" ]; do - sendJson "${1}" '"text":"'"${text:0:4096}"'","parse_mode":"markdownv2"' "${MSG_URL}" + sendJson "${1}" '"text":"'"${text:0:4096}"'","parse_mode":"markdown"' "${MSG_URL}" text="${text:4096}" done }