shell script should be sh and not bash

[sylware]

Scripts should expect only basic sh on a system and not bash.
If you want to use the complex sh extensions of bash, do not hesitate to provide your binary of bash in the package (even a statically linked build will do).
The same apply to python scripts... or "any" scripts (python may dynamically load system libs in order to "script" them, then statically linked python interpreter won't do on gnu libc systems, only a dynamically linked one will work)

[illwieckz]

It's not a problem to set bash as a dependency. If no one is able to build and distribute bash for your system you have no more chance to run steam in any way.

Just as an example, it's good to rely on advanced things like nestable subshell, you know how it's far better and safer to have to write:

echo $(echo $(echo $(echo hello world)))

than to write:

echo `echo \`echo \\\`echo hello world\\\`\``

and other “basic shell” legacies.

You already use the nestable subshells, please don't switch to not-nestable backquotes (code from steam.sh):

STEAMROOT="$(cd $(dirname $0) && echo $PWD)"

By the way that piece of code is very ugly, you don't need to rely on a directory pivot to do this, even if the subshell somewhat secures it. And that's not the only thing that is asking for trouble: I just checked this lone line in an obvious known-to-broke use case, and I confirm you this code is unsafe and is not reliable at all. That lone line is broken by itself.

Please do not delete my homedir anymore because of poorly written shell scripts. Bash is still an unsafe scripting language, but it allows some better methodology (like the one above) to do less mistakes. That issue was not reported by me but I faced a variant of it, and yes it deleted my whole homedir, hopefully I never ran steam outside of a chroot because I never trusted it.

Oh and make sure everyone use shellcheck.

It's OK to set bash as a dependency.

Note: I can help you make better linux things (I remember you this other thread).

[sylware]

On Mon, Oct 08, 2018 at 07:53:41AM -0700, Thomas Debesse wrote: It's not a problem to set bash as a dependency. If no one is able to build and distribute bash for your system you have no more chance to run steam in any way.

I disagree. It is a problem to set such massive kludge as a dependencies which are not even core to video games (C interfaces of alsa/x11/wayland/GL/vulkan/linux input event). The less system dependencies out of core, the better. The less expensive those system dependencies out of core are, the better. I have bash _only_ for steam, I have dbus _only_ for steam, I have 32 bits libs _only_ for steam. bash is a massive kludge with a very expensive SDK. Python2 *and* Python3 too. Why not javascript, ruby, perl, squirel, swift, etc too, there is no end. One of the biggest mistakes in the linux world is to expect everything available from a huge mainstream distro. This is clumsy, if not malicious since it hurts small and light alternative distros. I can tell you that dealing with the video game core is already a pain with its near malicious overcomplexity. The steam client should be distributed with its scripts language engines and expect only a basic sh and core video games C libs/kernel interface. That said, I would recommend valve to use only basic sh with custom helper programs.