From ca0e1c0a91e41f62fe3a3adf302f091b52feb440 Mon Sep 17 00:00:00 2001 From: Wyatt Gill Date: Fri, 31 Dec 2021 16:13:28 -0600 Subject: [PATCH] Switch to bash and use array for ovpn args --- Dockerfile | 7 ++++--- data/scripts/dante_wrapper.sh | 4 +--- data/scripts/entry.sh | 35 +++++++++++++++---------------- data/scripts/tinyproxy_wrapper.sh | 8 +++---- 4 files changed, 25 insertions(+), 29 deletions(-) diff --git a/Dockerfile b/Dockerfile index bea2d7c..b65d232 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,9 @@ FROM alpine:3.15 ARG IMAGE_VERSION ARG BUILD_DATE -LABEL created="$BUILD_DATE" -LABEL source="github.com/wfg/docker-openvpn-client" -LABEL version="$IMAGE_VERSION" +LABEL org.opencontainers.image.created="$BUILD_DATE" +LABEL org.opencontainers.image.source="github.com/wfg/docker-openvpn-client" +LABEL org.opencontainers.image.version="$IMAGE_VERSION" ENV KILL_SWITCH=on \ VPN_LOG_LEVEL=3 \ @@ -13,6 +13,7 @@ ENV KILL_SWITCH=on \ SOCKS_PROXY=off RUN apk add --no-cache \ + bash \ bind-tools \ dante-server \ openvpn \ diff --git a/data/scripts/dante_wrapper.sh b/data/scripts/dante_wrapper.sh index 95b2d3b..4e9d566 100755 --- a/data/scripts/dante_wrapper.sh +++ b/data/scripts/dante_wrapper.sh @@ -1,6 +1,4 @@ -#!/bin/ash -# shellcheck shell=ash -# shellcheck disable=SC2169 # making up for lack of ash support +#!/bin/bash echo -e "Running Dante SOCKS proxy server.\n" diff --git a/data/scripts/entry.sh b/data/scripts/entry.sh index d35db6e..95af272 100755 --- a/data/scripts/entry.sh +++ b/data/scripts/entry.sh @@ -1,6 +1,4 @@ -#!/bin/ash -# shellcheck shell=ash -# shellcheck disable=SC2169 # making up for lack of ash support +#!/bin/bash cleanup() { # When you run `docker stop` or any equivalent, a SIGTERM signal is sent to PID 1. @@ -185,34 +183,35 @@ if [ "$SOCKS_PROXY" = "on" ]; then echo "$(cat /run/secrets/$PROXY_USERNAME_SECRET):$(cat /run/secrets/$PROXY_PASSWORD_SECRET)" | chpasswd 2> /dev/null sed -i 's/socksmethod: none/socksmethod: username/' /data/sockd.conf else - echo "WARNING: Credentials secrets not read. Starting SOCKS proxy without credentials." + echo "WARNING: Credentials secrets not present. Starting SOCKS proxy without credentials." fi fi /data/scripts/dante_wrapper.sh & fi -ovpn_auth_flag='' -if [ -n "$OPENVPN_AUTH_SECRET" ]; then +openvpn_args=( + "--config" "$config_file_modified" + "--auth-nocache" + "--cd" "/data/vpn" + "--pull-filter" "ignore" "ifconfig-ipv6" + "--pull-filter" "ignore" "route-ipv6" + "--script-security" "2" + "--up-restart" + "--verb" "$vpn_log_level" +) + +if [ "$OPENVPN_AUTH_SECRET" ]; then if [ -f "/run/secrets/$OPENVPN_AUTH_SECRET" ]; then echo "Configuring OpenVPN authentication." - ovpn_auth_flag="--auth-user-pass /run/secrets/$OPENVPN_AUTH_SECRET" + openvpn_args+=("--auth-user-pass" "/run/secrets/$OPENVPN_AUTH_SECRET") else - echo "WARNING: OpenVPN Credentials secrets fail to read." + echo "WARNING: OpenVPN credentials secrets not present." fi fi echo -e "Running OpenVPN client.\n" -openvpn --config "$config_file_modified" \ - $ovpn_auth_flag \ - --verb "$vpn_log_level" \ - --auth-nocache \ - --connect-retry-max 10 \ - --pull-filter ignore "route-ipv6" \ - --pull-filter ignore "ifconfig-ipv6" \ - --script-security 2 \ - --up-restart \ - --cd /data/vpn & +openvpn "${openvpn_args[@]}" & openvpn_child=$! wait $openvpn_child diff --git a/data/scripts/tinyproxy_wrapper.sh b/data/scripts/tinyproxy_wrapper.sh index 915a98d..eb4ef6b 100755 --- a/data/scripts/tinyproxy_wrapper.sh +++ b/data/scripts/tinyproxy_wrapper.sh @@ -1,6 +1,4 @@ -#!/bin/ash -# shellcheck shell=ash -# shellcheck disable=SC2169 # making up for lack of ash support +#!/bin/bash echo -e "Running Tinyproxy HTTP proxy server.\n" @@ -8,8 +6,8 @@ until ip link show tun0 2>&1 | grep -qv "does not exist"; do sleep 1 done -function get_addr { - echo $(ip a show dev $1 | grep inet | cut -d " " -f 6 | cut -d "/" -f 1) +get_addr() { + ip a show dev "$1" | grep inet | cut -d " " -f 6 | cut -d "/" -f 1 } addr_eth=${LISTEN_ON:-$(get_addr eth0)}