How to compile a linux shell script to be a standalone executable *binary* (i.e. not just e.g. chmod 755)?

I'm looking for a free open source tool-set that will compile various "classic" scripting languages, e.g. Korn Shell, ksh, csh, bash etc. as an executable -- and if the script calls other programs or executables, for them to be included in the single executable.

Reasons:

1. To obfuscate the code for delivery to a customer so as not to reveal our Intellectual Property - for delivery onto a customer's own machine/systems for which I have no control over what permissions I can set regarding access, so the program file has to be binary whereby the workings cannot be easily seen by viewing in a text editor or hexdump viewer.

2. To make a single, simply deployed program for the customer without/or a minimal amount of any external dependencies.

I would prefer something simple without the need for package manager since:

1. I can't rely on the customer's knowledge to carry out (un) packaging instructions and

2. I can't rely on the policies governing their machines regarding installing packages (and indeed from third parties).

The simplest preferred approach is to be able to compile to proper machine code a single executable that will run out of the box without any dependencies.

The solution that fully meets my needs would be SHC - a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler.

Links about SHC:

• https://github.com/neurobin/shc
• http://www.datsi.fi.upm.es/~frosal/
• http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html

Links about CCsh:

• http://www.comeaucomputing.com/faqs/ccshlit.html

You could use this: http://megastep.org/makeself/

This generates a shell script that auto-extracts a bundled tar.gz archive into the temporary directory, and then can run an arbitrary command upon extraction.

Using this tool, you can provide only one shell script to the client.

This script will then extract your ofbsh obfuscated scripts and binaries into /tmp, and run them transparently.

You can obfuscate shell scripts with something like ofbsh. You won't easily bundle other programs into a single executable for unix, though. Normally the approach for installation would be to buld a package for your platform's package manager (e.g. rpm, deb, pkg) or to provide a tarball to unravel in the appropriate directory.

If you need an executable file that unpacks the contents you might be able to use a shell archive. Take a look at the docs for shar(1) and see if that will get what you want

If you really need a scripting capability to glue multiple C programs together, take a look at the Tcl language. It has an API that is designed to trivially wrap C programs that expect to see argv[] style parameters. You can even embed the chunks of C code into a custom Tcl interpreter and glue it together with various Tcl scripts.

If you really need to make it opaque, you could encrypt the tcl scripts and wrap the whole thing in something that unencrypts the tcl scripts to a buffer and then runs the Tcl interpreter on them. Tcl can accept scripts from a file or a char* buffer, so the unencrypted scripts never have to hit the file system.

shc

I have modified the original source and upgraded to a new version with some feature addition and bug fixes. It's here.

Example Usage:

shc -f script.sh -o binary_name

script.sh will be compiled to a binary named binary_name

Note that, you still need the required shell to be installed in your system to run this executable.

arx is a great bundler, and you may be able to integrate a obfuscator in its workflow.

Options that are available to you:

• Write a logic in your code that, when the code is run for the first time on a box, it'll check to see if all the required packages exist. And if they do not, the code will automatically go get the packages itself and will install them...without asking to the user to do anything. The only question the user needs to be asked is "Is it ok to proceed with the install of the aforementioned packages? (Y/N)". Anything outside of that is too much.

• Once the above code is complete (yes, i'm aware it may not be all that simple for you to code this, or may be it is, i don't know your coding capabilities), copy and paste your completed code to a site like kinglazy.com and an actual executable file will be generated for you.

There are quite a few benefits of this particular option:

• Yes, you will be able to run the encrypted version of your script without exposing any proprietary information.
• No one can try to "view" your script, because if they do, they'll see nothing but indecipherable, encrypted jargon which wont make sense to them.
• No one can attempt to modify your script because if they do, the script will immediately become inoperable.
• No one can run a debugger on your script to see how it works. If they do, the script will abort.
• Also, no one can create copies of your script on the same server. If they do, it will abort and won't work. It'll only allow users to create symlinks to the original location of wherever you want the script to be.

I may be missing some things in what you asked for, but i believe the above satisfies a good portion of what you wanted.

Not sure if this works on other scripts but it certainly does for shell scripts.

You can also use the free online version of CCsh to compile a shell script into a binary: http://www.comeaucomputing.com/tryccsh/