CloudHost/vpndock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: strip --install-missing-components + env -u PKG_EXECPATH in sudo wrapper

Browse Source 
The real issue: PKG_EXECPATH inherited from parent makes pkg bootstrap treat
argv[1] as a module path regardless of arg order. Fix: unset only PKG_EXECPATH
(env -u) so bootstrap starts fresh and loads embedded main. Strip
--install-missing-components since it's not a commander.js flag. Keep all other
env vars for auth/session. Parent handles actual connection after child exits.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-03-12 16:53:46 +01:00
parent 88b2db93d2
commit 60cdd60327
1 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
vpn-node/sudo-wrapper.sh
View File

@@ -1,19 +1,17 @@
#!/bin/bash #!/bin/bash
# sudo-wrapper.sh # sudo-wrapper.sh
# #
# purevpn-cli (pkg/Node.js binary) calls: # purevpn-cli calls: sudo purevpn-cli --connect <loc> --install-missing-components
# sudo purevpn-cli --connect <loc> --install-missing-components
# #
# The pkg bootstrap uses argv[1] as the main module path when # Problem: PKG_EXECPATH inherited from the parent makes the pkg bootstrap treat
# --install-missing-components is present. With the original call order, # argv[1] as a module path → "Cannot find module '/--connect'" (or '/--install...')
# argv[1] = '--connect', so pkg tries require('/--connect') → crash. # regardless of arg order.
# #
# Fix: move --install-missing-components to argv[1] position so pkg sees it # Solution:
# as its own bootstrap flag instead of a module path. # 1. Strip --install-missing-components (not a commander.js flag; causes errors)
# # 2. Unset PKG_EXECPATH only (-u) so the child's bootstrap starts fresh and
# We do NOT use env -i — the child needs parent env vars (auth session, etc). # loads the embedded main module. All other env vars (auth, session) are kept.
# Instead, a depth counter (PUREVPN_SUDO_DEPTH) prevents infinite recursion # 3. Depth guard prevents infinite recursion if the child also tries to sudo.
# in case the child also tries to call sudo.
DEPTH="${PUREVPN_SUDO_DEPTH:-0}" DEPTH="${PUREVPN_SUDO_DEPTH:-0}"
if [[ "$DEPTH" -ge 2 ]]; then if [[ "$DEPTH" -ge 2 ]]; then
@@ -28,8 +26,8 @@ other_args=()
for a in "$@"; do for a in "$@"; do
case "$a" in case "$a" in
-E|-n|-H|--preserve-env|--non-interactive) continue ;; # sudo flags, ignore -E|-n|-H|--preserve-env|--non-interactive) continue ;; # sudo flags, skip
--install-missing-components) has_install_flag=true ;; --install-missing-components) has_install_flag=true ;; # strip, don't pass
*) *)
if [[ -z "$binary" ]]; then if [[ -z "$binary" ]]; then
binary="$a" binary="$a"
@@ -46,9 +44,9 @@ if [[ -z "$binary" ]]; then
fi fi
if [[ "$has_install_flag" == "true" ]]; then if [[ "$has_install_flag" == "true" ]]; then
echo "[sudo-wrapper] reorder (depth=$NEXT_DEPTH): $binary --install-missing-components ${other_args[*]}" >&2 echo "[sudo-wrapper] stripped --install-missing-components, unset PKG_EXECPATH (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2
exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \ exec env -u PKG_EXECPATH PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \
"$binary" "--install-missing-components" "${other_args[@]}" "$binary" "${other_args[@]}"
else else
echo "[sudo-wrapper] passthrough (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2 echo "[sudo-wrapper] passthrough (depth=$NEXT_DEPTH): $binary ${other_args[*]}" >&2
exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \ exec env PUREVPN_SUDO_DEPTH="$NEXT_DEPTH" \