在CentOS 5主机上(使用bash 3.2.32),我们使用
Ruby(1.8.7)来实现
ENV['AWS_foo-bar_ACCESS_KEY'] = xxxxx
然后,使用bash,我们运行一个shell脚本:
BUCKET_NAME=$1
AWS_ACCESS_KEY_ID_VAR="AWS_${BUCKET_NAME}_ACCESS_KEY_ID"
AWS_ACCESS_KEY_ID="${!AWS_ACCESS_KEY_ID_VAR}"
export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
这在CentOS 5上运行良好.
但是,在CentOS 6上(使用bash 4.1.2),我们得到了错误
-bash: export: `AWS_foo-bar_ACCESS_KEY_ID=xxxxx': not a valid identifier
我们理解这是失败的,因为 – 变量名中不允许这样做.但是为什么这个工作在bash 3.2而不是bash 4.1?
“为什么”几乎是不相关的:POSIX标准非常清楚地表明导出只需要支持有效名称的参数,任何带破折号的东西都不是有效名称.因此,不需要POSIX shell来支持使用破折号,间接扩展或其他方式导出或扩展变量名称.
值得注意的是,ShellShock–由环境内容的草率处理引起的一个主要安全漏洞 – 在当前CentOS 6更新存储库中出现的bash 4.1中得到修复;在一个产生安全漏洞的区域增加严谨性应该不足为奇.
本答案的其余部分将集中于演示POSIX明确允许甚至需要bash 4.1的新行为 – 因此先前的行为是未定义的实现工件.
至quote POSIX on environment variables:
These strings have the form name=value; names shall not contain the character ‘=’. For values to be portable across systems conforming to IEEE Std 1003.1-2001,the value shall be composed of characters from the portable character set (except NUL and as indicated below). There is no meaning associated with the order of strings in the environment. If more than one string in a process’ environment has the same name,the consequences are undefined.
Environment variable names used by the utilities in the Shell and Utilities volume of IEEE Std 1003.1-2001 consist solely of uppercase letters,digits,and the ‘_’ (underscore) from the characters defined in Portable Character Set and do not begin with a digit. Other characters may be permitted by an implementation; applications shall tolerate the presence of such names. Uppercase and lowercase letters shall retain their unique identities and shall not be folded together. The name space of environment variable names containing lowercase letters is reserved for applications. Applications can define any environment variables with names from this name space without modifying the behavior of the standard utilities.
Note: Other applications may have difficulty dealing with environment variable names that start with a digit. For this reason,use of such names is not recommended anywhere.
从而:
>工具(包括shell)需要完全支持具有大写和小写字母,数字(第一个位置除外)和下划线的环境变量名称.
>工具(包括shell)应该容忍其他名称 – 这意味着它们不应该在其存在时崩溃或行为异常 – 但不需要支持它们.
最后,明确允许shell丢弃环境变量名,这些名称也不是shell变量名.从the relevant standard开始:
It is unspecified whether environment variables that were passed to the shell when it was invoked,but were not used to initialize shell variables (see Shell Variables) because they had invalid names,are included in the environment passed to execl() and (if execl() fails as described above) to the new shell.
此外,定义有效的shell名称is well-defined:
Name – In the shell command language,a word consisting solely of underscores,and alphabetics from the portable character set. The first character of a name is not a digit.
值得注意的是,只有下划线(不是短划线)被认为是符合POSIX标准的shell中有效名称的一部分.
…和the POSIX specification for export明确使用“名称”(它在上面引用的文本中定义),并将其描述为适用于“变量”(shell变量,对其名称的限制也受到其他地方引用的限制)这个文件):
The shell shall give the export attribute to the variables corresponding to the specified names,which shall cause them to be in the environment of subsequently executed commands. If the name of a variable is followed by = word,then the value of that variable shall be set to word.
所有上述内容都说 – 如果你的操作系统提供了一个/ proc / self / environ来表示你在启动过程中的环境变量的状态(在shell允许的情况下,可以放弃任何不具备的变量)在shell中有有效的名称),你可以提取具有无效名称的内容,如下所示:
# using a lower-case name where possible is in line with POSIX guidelines,see above
aws_access_key_id_var="AWS_${BUCKET_NAME}_ACCESS_KEY_ID"
while IFS= read -r -d '' var; do
[[ $var = "$aws_access_key_id_var"=* ]] || continue
val=${var#"${aws_access_key_id_var}="}
break
done </proc/self/environ
echo "Extracted value: $val"
