fix: stub openvpn-systemd-resolved to prevent missing-components sudo call + binary inspection

vpn-node/Dockerfile

@@ -13,25 +13,36 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
         net-tools openresolv \
     && rm -rf /var/lib/apt/lists/*
 
+# ── Stub openvpn-systemd-resolved ────────────────────────────────────────────
+# This package is not in Debian repos. Its absence is what triggers purevpn-cli
+# to call `sudo --install-missing-components`. A no-op stub satisfies the check.
+RUN mkdir -p /usr/lib/openvpn \
+    && printf '#!/bin/sh\nexit 0\n' \
+        | tee /usr/local/bin/openvpn-systemd-resolved \
+              /usr/lib/openvpn/openvpn-systemd-resolved > /dev/null \
+    && chmod +x /usr/local/bin/openvpn-systemd-resolved \
+                /usr/lib/openvpn/openvpn-systemd-resolved
+
 # ── Install purevpn-cli ───────────────────────────────────────────────────────
-# Pre-installing its dependencies above means the installer's own apt calls
-# find everything already present and skip cleanly.
-# Binary lands at /opt/purevpn-cli/bin/purevpn-cli
 RUN curl -fsSL https://apps.purevpn-tools.com/cross-platform/linux-cli/production/cli-install.sh \
         -o /tmp/cli-install.sh \
     && bash /tmp/cli-install.sh \
     && rm -f /tmp/cli-install.sh
 
-# ── Fake sudo wrapper ─────────────────────────────────────────────────────────
+# ── Inspect binary (visible in build log, remove once confirmed working) ──────
-# purevpn-cli calls `sudo purevpn-cli --connect X --install-missing-components`
+RUN echo "=== binary type ===" \
-# which crashes in its own pkg/Node.js bootstrap when that flag combination is
+    && file /opt/purevpn-cli/bin/purevpn-cli /opt/purevpn-cli/purevpn-cli 2>/dev/null || true \
-# run through pkg's argument parser (bug in the CLI).
+    && echo "=== bin/purevpn-cli header ===" \
-# Fix: strip --install-missing-components and run the real command as-is.
+    && head -3 /opt/purevpn-cli/bin/purevpn-cli 2>/dev/null || true
-# We are already root in Docker so the re-run won't trigger sudo again.
+
-RUN printf '#!/bin/bash\nnew=(); for a in "$@"; do [[ "$a" == "--install-missing-components" ]] && continue; new+=("$a"); done\nexec "${new[@]}"\n' \
+# ── Fake sudo — last-resort safety net ───────────────────────────────────────
+# If purevpn-cli still calls sudo despite the stub above, this wrapper runs
+# the command minus --install-missing-components so it doesn't crash the
+# pkg/Node.js bootstrap. The echo lets us see in logs if it fires.
+RUN printf '#!/bin/bash\nnew=()\nfor a in "$@"; do\n  [[ "$a" == "--install-missing-components" ]] && { echo "[sudo] stripped --install-missing-components"; continue; }\n  new+=("$a")\ndone\necho "[sudo] exec: ${new[*]}"\nexec "${new[@]}"\n' \
     > /usr/local/bin/sudo && chmod +x /usr/local/bin/sudo
 
-# ── PATH: installer puts binary in /opt/purevpn-cli/bin/ ─────────────────────
+# ── PATH ──────────────────────────────────────────────────────────────────────
 ENV PATH=/opt/purevpn-cli/bin:/opt/purevpn-cli:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 # ── Location list ─────────────────────────────────────────────────────────────