Most of us have used curl to download a script and run it immediately. Using curl | bash provides instant gratification. We can quickly get up and running with an application without requiring a steep learning curve or a strong attention span. Unfortunately, the common advice is that this is not safe! But what if it was?
Let's walk through how we can work with people's natural tendencies, keep the one-liner and make it more secure. We will use
Porter and Notary to transform an example cloud-native application deployment from a dicey bash script, executed with bash and hope, into a safer one-liner installation that was designed to be used in production.
You will learn:
- Why curling a script to bash is insecure, and why bundles mitigate those risks.
- How to reuse existing tools and scripts in a bundle, without starting over from scratch.
- What a safer one-line user experience could look like.
