undefined | Better HN

0 points4728284727d ago0 comments

Interesting. Is this just literally “fun”, or do you see real world use cases?

0 comments

The aws cli has a set of porcelain for s3 access (aws s3) and plumbing commands for lower level access to advanced controls (aws s3api). The plumbing command aws s3api get-object doesn't support stdout natively, so if you need it and want to use it in a pipeline (e.g. pv), you would naively do something like

  $ aws s3api get-object --bucket foo --key bar /dev/stdout | pv ...

Unfortunately, aws s3api already prints the API response to stdout, and error messages to stderr, so if you do the above you'll clobber your pipeline with noise, and using /dev/stderr has the same effect on error.

You can, though, do the following:

  $ aws s3api get-object --bucket foo --key bar /dev/fd/3 3>&1 >/dev/null | pv ...

This will pipe only the object contents to stdout, and the API response to /dev/null.

stabbles27d ago

Would be nice if `curl` had something to dump headers to a third file descriptor while outputting the response on stdout.

homebrewer27d ago

This should work?

  curl --dump-header /dev/fd/xxx https://google.com

  mkfifo headers.out
  curl --dump-header headers.out https://google.com

unless I'm misunderstanding you.

1 more reply

jez27d ago

I have used this in the past when building shell scripts and Makefiles to orchestrate an existing build system:

https://github.com/jez/symbol/blob/master/scaffold/symbol#L1...

The existing build system I did not have control over, and would produce output on stdout/stderr. I wanted my build scripts to be able to only show the output from the build system if building failed (and there might have been multiple build system invocations leading to that failure). I also wanted the second level to be able to log progress messages that were shown to the user immediately on stdout.

    Level 1: create fd=3, capture fd 1/2 (done in one place at the top-level)
    Level 2: log progress messages to fd=3 so the user knows what's happening
    Level 3: original build system, will log to fd 1/2, but will be captured

It was janky and it's not a project I have a need for anymore, but it was technically a real world use case.

figmert27d ago

One of my use-cases previously has been enforcing ultimate or fully trust of a gpg signature.

    tmpfifo="$(mktemp -u -t gpgverifyXXXXXXXXX)"
    gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>$tmpfifo
    grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)' $tmpfifo

It was a while ago since I implemented this, but iirc the reason for that was to validate that the key that has signed this is actually trusted, and the signature isn't just cryptographically valid.

You can also redirect specific file descriptors into other commands:

    gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>(grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)')

171862744027d ago

This is often used by shell scripts to wrap another program, so that those's input and output can be controlled. E.g. Autoconf uses this to invoke the compiler and also to control nested log output.

jas-27d ago

Red hat and other RPM based distributions recommended kickstart scripts use tty3 using a similar method

post-it27d ago

Multiple levels of logging, all of which you want to capture but not all in the same place.

skydhash27d ago

Wasn't the idiomatic way the `-v` flag (repeated for verbosity). And then stderr for errors (maybe warning too).

notpushkin27d ago

It is, and all logs should ideally go to stderr. But that doesn’t let you pipe them to different places.

post-it27d ago

Yes, but sometimes you want just important non-error logs to go to the console or journal, and then those plus verbose logs to go to a file that gets rotated, and then also stderr on top of that.

j / k navigate · click thread line to collapse

0 comments

nothrabannosir27d ago

  $ aws s3api get-object --bucket foo --key bar /dev/stdout | pv ...

You can, though, do the following:

  $ aws s3api get-object --bucket foo --key bar /dev/fd/3 3>&1 >/dev/null | pv ...

This will pipe only the object contents to stdout, and the API response to /dev/null.

stabbles27d ago

Would be nice if `curl` had something to dump headers to a third file descriptor while outputting the response on stdout.

homebrewer27d ago

This should work?

  curl --dump-header /dev/fd/xxx https://google.com

  mkfifo headers.out
  curl --dump-header headers.out https://google.com

unless I'm misunderstanding you.

1 more reply

jez27d ago

I have used this in the past when building shell scripts and Makefiles to orchestrate an existing build system:

https://github.com/jez/symbol/blob/master/scaffold/symbol#L1...

    Level 1: create fd=3, capture fd 1/2 (done in one place at the top-level)
    Level 2: log progress messages to fd=3 so the user knows what's happening
    Level 3: original build system, will log to fd 1/2, but will be captured

It was janky and it's not a project I have a need for anymore, but it was technically a real world use case.

figmert27d ago

One of my use-cases previously has been enforcing ultimate or fully trust of a gpg signature.

    tmpfifo="$(mktemp -u -t gpgverifyXXXXXXXXX)"
    gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>$tmpfifo
    grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)' $tmpfifo

It was a while ago since I implemented this, but iirc the reason for that was to validate that the key that has signed this is actually trusted, and the signature isn't just cryptographically valid.

You can also redirect specific file descriptors into other commands:

    gpg --status-fd 3 --verify checksums.txt.sig checksums.txt 3>(grep -Eq '^\[GNUPG:] TRUST_(ULTIMATE|FULLY)')

171862744027d ago

This is often used by shell scripts to wrap another program, so that those's input and output can be controlled. E.g. Autoconf uses this to invoke the compiler and also to control nested log output.

jas-27d ago

Red hat and other RPM based distributions recommended kickstart scripts use tty3 using a similar method

post-it27d ago

Multiple levels of logging, all of which you want to capture but not all in the same place.

skydhash27d ago

Wasn't the idiomatic way the `-v` flag (repeated for verbosity). And then stderr for errors (maybe warning too).

notpushkin27d ago

It is, and all logs should ideally go to stderr. But that doesn’t let you pipe them to different places.

post-it27d ago

Yes, but sometimes you want just important non-error logs to go to the console or journal, and then those plus verbose logs to go to a file that gets rotated, and then also stderr on top of that.

j / k navigate · click thread line to collapse