Switch to bash and use array for ovpn args

Dockerfile

@@ -3,9 +3,9 @@ FROM alpine:3.15
 ARG IMAGE_VERSION
 ARG BUILD_DATE
 
-LABEL created="$BUILD_DATE"
-LABEL source="github.com/wfg/docker-openvpn-client"
-LABEL version="$IMAGE_VERSION"
+LABEL org.opencontainers.image.created="$BUILD_DATE"
+LABEL org.opencontainers.image.source="github.com/wfg/docker-openvpn-client"
+LABEL org.opencontainers.image.version="$IMAGE_VERSION"
 
 ENV KILL_SWITCH=on \
     VPN_LOG_LEVEL=3 \
@@ -13,6 +13,7 @@ ENV KILL_SWITCH=on \
     SOCKS_PROXY=off
 
 RUN apk add --no-cache \
+        bash \
         bind-tools \
         dante-server \
         openvpn \

data/scripts/dante_wrapper.sh

@@ -1,6 +1,4 @@
-#!/bin/ash
-# shellcheck shell=ash
-# shellcheck disable=SC2169 # making up for lack of ash support
+#!/bin/bash
 
 echo -e "Running Dante SOCKS proxy server.\n"
 

data/scripts/entry.sh

@@ -1,6 +1,4 @@
-#!/bin/ash
-# shellcheck shell=ash
-# shellcheck disable=SC2169 # making up for lack of ash support
+#!/bin/bash
 
 cleanup() {
     # When you run `docker stop` or any equivalent, a SIGTERM signal is sent to PID 1.
@@ -185,34 +183,35 @@ if [ "$SOCKS_PROXY" = "on" ]; then
             echo "$(cat /run/secrets/$PROXY_USERNAME_SECRET):$(cat /run/secrets/$PROXY_PASSWORD_SECRET)" | chpasswd 2> /dev/null
             sed -i 's/socksmethod: none/socksmethod: username/' /data/sockd.conf
         else
-            echo "WARNING: Credentials secrets not read. Starting SOCKS proxy without credentials."
+            echo "WARNING: Credentials secrets not present. Starting SOCKS proxy without credentials."
         fi
     fi
     /data/scripts/dante_wrapper.sh &
 fi
 
-ovpn_auth_flag=''
-if [ -n "$OPENVPN_AUTH_SECRET" ]; then 
+openvpn_args=(
+    "--config" "$config_file_modified"
+    "--auth-nocache"
+    "--cd" "/data/vpn"
+    "--pull-filter" "ignore" "ifconfig-ipv6"
+    "--pull-filter" "ignore" "route-ipv6"
+    "--script-security" "2"
+    "--up-restart"
+    "--verb" "$vpn_log_level"
+)
+
+if [ "$OPENVPN_AUTH_SECRET" ]; then 
     if [ -f "/run/secrets/$OPENVPN_AUTH_SECRET" ]; then
         echo "Configuring OpenVPN authentication."
-        ovpn_auth_flag="--auth-user-pass /run/secrets/$OPENVPN_AUTH_SECRET"
+        openvpn_args+=("--auth-user-pass" "/run/secrets/$OPENVPN_AUTH_SECRET")
     else
-        echo "WARNING: OpenVPN Credentials secrets fail to read."
+        echo "WARNING: OpenVPN credentials secrets not present."
     fi
 fi
 
 echo -e "Running OpenVPN client.\n"
 
-openvpn --config "$config_file_modified" \
-    $ovpn_auth_flag \
-    --verb "$vpn_log_level" \
-    --auth-nocache \
-    --connect-retry-max 10 \
-    --pull-filter ignore "route-ipv6" \
-    --pull-filter ignore "ifconfig-ipv6" \
-    --script-security 2 \
-    --up-restart \
-    --cd /data/vpn &
+openvpn "${openvpn_args[@]}" &
 openvpn_child=$!
 
 wait $openvpn_child

data/scripts/tinyproxy_wrapper.sh

@@ -1,6 +1,4 @@
-#!/bin/ash
-# shellcheck shell=ash
-# shellcheck disable=SC2169 # making up for lack of ash support
+#!/bin/bash
 
 echo -e "Running Tinyproxy HTTP proxy server.\n"
 
@@ -8,8 +6,8 @@ until ip link show tun0 2>&1 | grep -qv "does not exist"; do
     sleep 1
 done
 
-function get_addr {
-   echo $(ip a show dev $1 | grep inet | cut -d " " -f 6 | cut -d "/" -f 1)
+get_addr() {
+   ip a show dev "$1" | grep inet | cut -d " " -f 6 | cut -d "/" -f 1
 } 
 
 addr_eth=${LISTEN_ON:-$(get_addr eth0)}