fix: document custom entrypoint and cmd must be specified in array fo…

…rm and provide correct error message when unknown args are specified

236f871 added entrypoint to dockerfile which may be considered as backward incompatible change. However reverting it may break existing setups which depend on entrypoint. Add a note in docs and logs nudging users to use array form.

Taskfile.yml

@@ -305,3 +305,53 @@ tasks:
       # <IMAGE>:latest or unstable
       - for: { var: IMAGE_REPOS, split: ',', as: IMAGE_REPO }
         cmd: crane index append --tag {{.IMAGE_REPO}}:{{.V_UNSTABLE_OR_LATEST}}{{.V_DIRTY_SUFFIX}} -m {{.IMAGE_REPO}}@{{.IMAGE_AMD64_DIGEST}} -m {{.IMAGE_REPO}}@{{.IMAGE_ARM64_DIGEST}}
+  # -----------------------------------------------------------------
+  # Cleanup generated data, cache and build artifacts
+  # -----------------------------------------------------------------
+  clean:
+    desc: "Clean cache, build artifacts etc."
+    aliases:
+      - "go:clean"
+    cmds:
+      - task: internal:rm-file-glob
+        vars:
+          DIRECTORY: '{{ joinPath .ROOT_DIR "dist" }}'
+          PATTERN: "{{.ITEM}}"
+        for:
+          - "*.json"
+          - "*.yml"
+          - "*.yaml"
+      - task: internal:rm-file-glob
+        vars:
+          DIRECTORY: '{{ joinPath .ROOT_DIR "build" }}'
+          PATTERN: "{{.ITEM}}"
+        for:
+          - "*.tar"
+          - "*.tar.gz"
+          - "*.sbom"
+          - "*.sbom.att"
+          - "*.sbom.att.json"
+          - "*.sbom.spdx"
+          - "*.sbom.spdx.json"
+          - "*.sbom.spdx.json"
+          - "*.sbom.cyclonedx.xml"
+          - "*.sbom.cyclonedx.json"
+          - "*.sigstore.pem"
+          - "*.sigstore.sig"
+          - "*.sigstore.bundle"
+          - "*.intoto.json"
+          - "*.in-toto.json"
+          - "*.jsonl"
+      - task: internal:rm-file-glob
+        vars:
+          DIRECTORY: '{{ joinPath .ROOT_DIR ".task" "checksum" }}'
+          PATTERN: "*"
+      - task: internal:rmdir
+        vars:
+          DIRECTORY: "{{ .ITEM }}"
+        for:
+          - "{{ .GO_COVER_DIR }}"
+          - '{{ joinPath .ROOT_DIR "bin" }}'
+          - '{{ joinPath .ROOT_DIR ".task" "checksum" }}'
+          - '{{ joinPath .ROOT_DIR ".task" }}'
+          - '{{ joinPath .ROOT_DIR "dist" }}'

docs/faq.md

@@ -174,10 +174,6 @@ guarantees. If your are _not_ using default metadata and ip check endpoints this
 - `protonwire-api.vercel.app`
 - `icanhazip.com`
 
-## Known Issues
-
-- Running multiple instances of this __outside of containers__ on _same host_ is not supported.
-
 ## Kubernetes
 
 Currently no egress gateway supports proxying both TCP and UDP
@@ -196,7 +192,8 @@ your pod are using the VPN. Do note that `.cluster` domains like `<service>.<nam
 Port forwarding is not supported directly, but the image includes tools required to setup via custom
 script(`socat` and `natpmpc` etc). It is being tracked via [#125](https://github.com/tprasadtp/protonvpn-docker/issues/125). It might be necessary to write your `service` loop which keeps port forwarding updated. Following commands can be used to setup VPN connection and check it regularly.
 
-- Connect to VPN server with kill-switch.
+- Connect to VPN server with kill-switch. Note that this does not use `--service` or `--container`
+flag, thus it **SHOULD NOT** be running in background as this command will return once connection is established.
 
     ```bash
     protonwire connect --ks
@@ -210,9 +207,13 @@ depends on protonwire running in the background.
     ```
 
 - Setup your port forwarding using `natpmpc` and write mapped port to a shared volume
-- In a loop verify the connection and keep refreshing port forwarding at regular intervals.
+- In a **loop** verify the connection and keep refreshing port forwarding at regular intervals.
 - To disconnect, run
 
     ```bash
     protonwire disconnect
     ```
+
+## Overriding Entrypoint/Command
+
+When using custom scripts as entrypoint or cmd, specify them in array form. i.e `["/bin/my-script", "args"]` instead of `/bin/my-script args`.

protonwire

@@ -2282,7 +2282,7 @@ function protonvpn_disconnect_cmd() {
 function __automatic_server_selection_error_msg() {
     log_error "Automatic server selection for (${PROTONVPN_SERVER}) is not supported due to upstream API changes."
     log_error "Specify a valid server DNS name like node-nl-01.protonvpn.net or server name like NL-1."
-    log_error "Please see https://github.com/tprasadtp/protonvpn-docker/blob/master/docs/faq.md for more info."
+    log_error "See - https://github.com/tprasadtp/protonvpn-docker/blob/master/docs/faq.md#overriding-entrypointcommand"
 }
 
 function server_lookup_cmd() {
@@ -2454,9 +2454,21 @@ function main() {
     declare -i log_lvl_q_lock=0
     declare -i cmd_lock=0
     local color_mode="auto"
-    local cmd_mode="HELP"
     local looper_flag="false"
     local healthcheck_service_status_file="false"
+    local cmd_mode=""
+
+    # cmd mode needs to be handled differently
+    # as user may invoke just the script without arguments expecting a help
+    # or with unknown/malformed arguments which needs to be handled gracefully.
+    # so, set cmd_mode to HELP only if no other arguments are specified.
+    # also keep a copy or arguments as it will be nuked via shift.
+    # See https://github.com/tprasadtp/protonvpn-docker/issues/312.
+    declare -a args_copy
+    args_copy=("$@")
+    if [[ $# -eq 0 ]]; then
+        cmd_mode="HELP"
+    fi
 
     if __is_bool_true "${DEBUG}"; then
         LOG_LVL="0"
@@ -2706,7 +2718,10 @@ function main() {
         exit $?
         ;;
     *)
-        log_error "Unknown PROTONVPN_EXE_MODE - $cmd_mode"
+        log_error "Unknown COMMAND - ${args_copy[*]} See usage below."
+        log_error "If overriding entrypoint/cmd specify it in array form."
+        log_error "See FAQ - https://github.com/tprasadtp/protonvpn-docker/blob/master/docs/faq.md for more info."
+        display_usage
         exit 10
         ;;
     esac