From d8c2eec74bea76bea888b3ec88a1bb9e382b244c Mon Sep 17 00:00:00 2001
From: Alexander Pankratov <s.pankratoff@gmail.com>
Date: Sat, 25 Jun 2022 02:46:46 +0300
Subject: [PATCH] Fix unattended upgrade and apt upgrade in container

---
 Dockerfile          | 19 +++++++++++++++++++
 README.md           |  3 +--
 docker-compose.yml  |  2 +-
 build.sh => init.sh |  8 +++++---
 4 files changed, 26 insertions(+), 6 deletions(-)
 create mode 100644 Dockerfile
 rename build.sh => init.sh (64%)

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..b4d6dee
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+FROM alpine:latest as builder
+# Docker cant unpack remote archives via ADD command :(
+# Lets use multistage build to download and unpack remote archive.
+RUN wget https://antizapret.prostovpn.org/container-images/az-vpn/rootfs.tar.xz  \
+    && mkdir /rootfs-dir  \
+    && tar -xf /rootfs.tar.xz -C /rootfs-dir/
+
+FROM scratch
+COPY --from=builder /rootfs-dir /
+RUN wget https://secure.nic.cz/files/knot-resolver/knot-resolver-release.deb --no-check-certificate \
+    && dpkg --force-confnew -i knot-resolver-release.deb \
+    && rm knot-resolver-release.deb \
+    && chmod 1777 /tmp \
+    && apt update -y \
+    && apt upgrade -y -o Dpkg::Options::="--force-confold" \
+    && apt autoremove -y && apt clean
+
+COPY ./init.sh /
+ENTRYPOINT ["/init.sh"]
diff --git a/README.md b/README.md
index e563aaa..7ef9585 100644
--- a/README.md
+++ b/README.md
@@ -15,8 +15,7 @@ Docker image converted from original LXD image.
     ```shell
     git clone https://github.com/xtrime-ru/antizapret-vpn-docker.git antizapret
     cd antizapret
-    ./build.sh
-    docker-compose up -d
+    docker-compose up -d --build
     ```
 2. Download configuration file for your openvpn client from `client_keys` folder. 
 There will be udp and tcp versions of the config. For better performance use upd.
diff --git a/docker-compose.yml b/docker-compose.yml
index da45a62..46e7ac8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,6 +2,7 @@ version: '2.4'
 services:
   antizapret-vpn:
     image: xtrime/antizapret-vpn:latest
+    build: ./
     container_name: antizapret-vpn
     restart: unless-stopped
     ports:
@@ -10,7 +11,6 @@ services:
     volumes:
       - ./client_keys/:/root/easy-rsa-ipsec/CLIENT_KEY/
       - ./easyrsa3/:/root/easy-rsa-ipsec/easyrsa3/
-    entrypoint: bash -c '/root/easy-rsa-ipsec/generate.sh && /usr/sbin/init'
     privileged: true
     logging:
       driver: "json-file"
diff --git a/build.sh b/init.sh
similarity index 64%
rename from build.sh
rename to init.sh
index cb6a7f9..a6b91ed 100755
--- a/build.sh
+++ b/init.sh
@@ -1,12 +1,14 @@
 #!/usr/bin/env bash
 
-if [[ ! -f ./easyrsa3/easyrsa ]]
+if [[ ! -f /root/easy-rsa-ipsec/easyrsa3/easyrsa ]]
 # We need to  easyrsa3/pki folder to be persistent.
 # But we cant just symlink it, because easyrsa will try to remove it and crash during key regeneration.
 # So we replace existing folder with link from host.
 then
     curl -L https://github.com/OpenVPN/easy-rsa/releases/download/v3.1.0/EasyRSA-3.1.0.tgz | tar -xz
-    mv EasyRSA-3.1.0 easyrsa3
+    mv EasyRSA-3.1.0/* /root/easy-rsa-ipsec/easyrsa3
+    rm -rf EasyRSA-3.1.0/
 fi
 
-docker import https://antizapret.prostovpn.org/container-images/az-vpn/rootfs.tar.xz xtrime/antizapret-vpn:latest
\ No newline at end of file
+/root/easy-rsa-ipsec/generate.sh \
+&& exec /usr/sbin/init
\ No newline at end of file