CloudHost/vpndock
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: env -u PKG_EXECPATH in sudo wrapper + pre-install components at build

Browse Source 
PKG_EXECPATH inherited from parent caused pkg bootstrap to treat argv[1] as
a module path. Fix: env -u unsets only PKG_EXECPATH so bootstrap starts fresh
while all auth/session vars are preserved. Depth guard prevents loops.

Also pre-run component installation during Docker build so the sudo code path
is never hit at runtime.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-03-12 18:02:18 +01:00
parent 60cdd60327
commit 91674ea056
2 changed files with 18 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
vpn-node/Dockerfile
View File

@@ -29,24 +29,21 @@ RUN curl -fsSL https://apps.purevpn-tools.com/cross-platform/linux-cli/productio
&& bash /tmp/cli-install.sh \
&& rm -f /tmp/cli-install.sh
# ── Inspect binary (visible in build log, remove once confirmed working) ──────
RUN echo "=== binary type ===" \
&& file /opt/purevpn-cli/bin/purevpn-cli /opt/purevpn-cli/purevpn-cli 2>/dev/null || true \
&& echo "=== bin/purevpn-cli header ===" \
&& head -3 /opt/purevpn-cli/bin/purevpn-cli 2>/dev/null || true
# ── Fake sudo wrapper ────────────────────────────────────────────────────────
# The purevpn-cli pkg bootstrap uses argv[1] as the main module path when
# --install-missing-components is present (causing "Cannot find module '/--connect'").
# Fix: move --install-missing-components to argv[1] so the bootstrap handles
# it as its own flag rather than trying to load '--connect' as a script.
# Clean env (env -i) prevents parent env vars from interfering with pkg startup.
# Unsets PKG_EXECPATH so the child's pkg bootstrap starts fresh instead of
# treating argv[1] as a Node.js module path. Depth guard stops recursion.
COPY sudo-wrapper.sh /usr/local/bin/sudo
RUN chmod +x /usr/local/bin/sudo
# ── PATH ──────────────────────────────────────────────────────────────────────
ENV PATH=/opt/purevpn-cli/bin:/opt/purevpn-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# ── Pre-install VPN components so runtime never needs sudo ───────────────────
# Runs the binary as root during build; it calls our sudo wrapper (depth 1),
# which correctly invokes the child. Connection attempt will fail (no auth),
# but component files get written to stable paths and persist in the image.
RUN purevpn-cli --connect US --install-missing-components 2>&1 || true
# ── Location list ─────────────────────────────────────────────────────────────
COPY servers.txt /etc/vpndock/servers.txt