NCP : is there any alternative to bash script?


After installing NextcloudPi on a Raspberry, then a Rock64, I decided after reading this article, to switch to a more traditional server (an amd64 PC) for stability (power supply, SATA ports), and performance reasons (Collabora Online, etc.). For your information, I had many times to re-install NCP on the Rock64 due to power failure for example.

I could have installed Nextcloud classic on a Debian, but I find NextcloudPi much more ergonomic and promising.

My project is to install Debian as a server version, then NextcloudPi afterwards. There is a great script that installs NCP in a single line of code:

# curl -sSL | bash

Unfortunately, I have read a lot here and there that the “bash” is very controversial in terms of security in relation to the risk of a Man In The Middle attack.

So, is there a variant of this line of code that would remove the “| bash” part while avoiding installing several programs in stages like Docker and other related installations?

Thank you for your help.

Apart from VM, docker and the images for specific hardware (RPI, Droid etc), there is only the curl installer for installing NCP on Debian 9 systems.

That is too vague to be of any use.

There is nothing wrong with bash afaik. The last know serious vulnerability in bash was Shellshock in 2014.

The danger could potentially come from the script itself, but if you don’t trust a script or its maker, check it’s content before executing it, or just don’t use it.

I have 2 NCP instances installed with that script on Debian 9 machines, they have been up and running for about a year with no major issues.

1 Like