How to compile a linux shell script to be a standalone executable *binary* (i.e. not just e.g. chmod 755)?

I'm looking for a free open source tool-set that will compile various "classic" scripting languages, e.g. Korn Shell, ksh, csh, bash etc. as an executable -- and if the script calls other programs or executables, for them to be included in the single executable.

Reasons:

  1. To obfuscate the code for delivery to a customer so as not to reveal our Intellectual Property - for delivery onto a customer's own machine/systems for which I have no control over what permissions I can set regarding access, so the program file has to be binary whereby the workings cannot be easily seen by viewing in a text editor or hexdump viewer.

  2. To make a single, simply deployed program for the customer without/or a minimal amount of any external dependencies.

I would prefer something simple without the need for package manager since:

  1. I can't rely on the customer's knowledge to carry out (un) packaging instructions and

  2. I can't rely on the policies governing their machines regarding installing packages (and indeed from third parties).

The simplest preferred approach is to be able to compile to proper machine code a single executable that will run out of the box without any dependencies.


Solution 1:

The solution that fully meets my needs would be SHC - a free tool, or CCsh a commercial tool. Both compile shell scripts to C, which then can be compiled using a C compiler.

Links about SHC:

  • https://github.com/neurobin/shc
  • http://www.datsi.fi.upm.es/~frosal/
  • http://www.downloadplex.com/Linux/System-Utilities/Shell-Tools/Download-shc_70414.html

Links about CCsh:

  • http://www.comeaucomputing.com/faqs/ccshlit.html

Solution 2:

You could use this: http://megastep.org/makeself/

This generates a shell script that auto-extracts a bundled tar.gz archive into the temporary directory, and then can run an arbitrary command upon extraction.

Using this tool, you can provide only one shell script to the client.

This script will then extract your ofbsh obfuscated scripts and binaries into /tmp, and run them transparently.