From 629faceeef0fc8fc68772227e3bb86ccfca34c1b Mon Sep 17 00:00:00 2001
From: Shu Muto <shu.mutow@nec.com>
Date: Wed, 1 Feb 2023 02:09:43 +0900
Subject: [PATCH] Fix arguments expansion in `docker-entrypoint.sh` (#1110,
 #902)

Co-authored-by: Kai Ren <tyranron@gmail.com>
---
 docker/coturn/CHANGELOG.md                      | 14 +++++++++++++-
 docker/coturn/README.md                         | 17 +++++++++--------
 docker/coturn/alpine/Dockerfile                 |  6 ++++--
 .../rootfs/usr/local/bin/docker-entrypoint.sh   |  8 --------
 docker/coturn/debian/Dockerfile                 |  3 +--
 .../rootfs/usr/local/bin/docker-entrypoint.sh   |  8 --------
 .../rootfs/usr/local/bin/docker-entrypoint.sh   | 14 ++++++++++++++
 7 files changed, 41 insertions(+), 29 deletions(-)
 delete mode 100644 docker/coturn/alpine/rootfs/usr/local/bin/docker-entrypoint.sh
 delete mode 100644 docker/coturn/debian/rootfs/usr/local/bin/docker-entrypoint.sh
 create mode 100644 docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh

diff --git a/docker/coturn/CHANGELOG.md b/docker/coturn/CHANGELOG.md
index 46117a5d..e472019a 100644
--- a/docker/coturn/CHANGELOG.md
+++ b/docker/coturn/CHANGELOG.md
@@ -4,6 +4,18 @@ Coturn TURN server Docker image changelog
 
 
 
+## [4.6.1-r1] · 2023-01-??
+[4.6.1-r1]: /../../tree/docker/4.6.1-r1
+
+### Fixed
+
+- Incorrect argument expansion in `docker-entrypoint.sh`. ([#1110])
+
+[#1110]: /../../pull/1110
+
+
+
+
 ## [4.6.1-r0] · 2022-12-04
 [4.6.1-r0]: /../../tree/docker/4.6.1-r0
 
@@ -192,7 +204,7 @@ Coturn TURN server Docker image changelog
 
 ### Improved
 
-- Use DNS requests to discover external IP address in `detect-external-ip` script ([#753]).
+- Use DNS requests to discover external IP address in `detect-external-ip` script. ([#753])
 
 ### Fixed
 
diff --git a/docker/coturn/README.md b/docker/coturn/README.md
index d78816fc..23e5a9d5 100644
--- a/docker/coturn/README.md
+++ b/docker/coturn/README.md
@@ -52,9 +52,7 @@ As per [RFC 5766 Section 6.2], these are the ports that the TURN server will use
 You can change them with `min-port` and `max-port` Coturn configuration options:
 ```bash
 docker run -d -p 3478:3478 -p 3478:3478/udp -p 5349:5349 -p 5349:5349/udp -p 49160-49200:49160-49200/udp \
-       coturn/coturn -n --log-file=stdout \
-                        --external-ip='$(detect-external-ip)' \
-                        --min-port=49160 --max-port=49200
+       coturn/coturn --min-port=49160 --max-port=49200
 ```
 
 Or just use the host network directly (__recommended__, as Docker [performs badly with large port ranges][7]):
@@ -97,12 +95,15 @@ By default, default Coturn configuration and CLI options provided in the `CMD` [
 
 #### Automatic detection of external IP
 
-`detect-external-ip` binary may be used to automatically detect external IP of TURN server in runtime. It's okay to use it multiple times (the value will be evaluated only once).
+`detect-external-ip` binary may be used to automatically detect external IP of TURN server in runtime.
+To add ` --external-ip=<detected external IP>` using `detect-external-ip` as argument for `turnserver`, set envronment variable `DETECT_EXTERNAL_IP`. Also, environment variables `DETECT_RELAY_IP`, `DETECT_EXTERNAL_IPV6` and `DETECT_RELAY_IPV6` can be used for adding arugments ` --external-ip=<detected external IP>` or ` --relay-ip=<detected external IP>`.
+It's okay to use it multiple times (the value will be evaluated only once).
 ```bash
-docker run -d --network=host coturn/coturn \
-           -n --log-file=stdout \
-           --external-ip='$(detect-external-ip)' \
-           --relay-ip='$(detect-external-ip)'
+docker run -d --network=host \
+           -e DETECT_EXTERNAL_IP=yes \
+           -e DETECT_RELAY_IP=yes \
+           coturn/coturn \
+           -n --log-file=stdout
 ```
 
 By default, [IPv4] address is discovered. In case you need an [IPv6] one, specify the `--ipv6` flag:
diff --git a/docker/coturn/alpine/Dockerfile b/docker/coturn/alpine/Dockerfile
index 64f93e36..e1d57ebc 100644
--- a/docker/coturn/alpine/Dockerfile
+++ b/docker/coturn/alpine/Dockerfile
@@ -105,7 +105,7 @@ COPY --from=dist-libprom /out/ /
 COPY CMakeLists.txt \
      configure \
      INSTALL \
-     LICENSE LICENSE.OpenSSL \
+     LICENSE \
      make-man.sh Makefile.in \
      postinstall.txt \
      README.turn* \
@@ -154,7 +154,6 @@ RUN mkdir -p /out/ \
 
 # Install helper tools of Docker image.
 COPY docker/coturn/rootfs/ /out/
-COPY docker/coturn/alpine/rootfs/ /out/
 RUN chmod +x /out/usr/local/bin/docker-entrypoint.sh \
              /out/usr/local/bin/detect-external-ip.sh
 RUN ln -s /usr/local/bin/detect-external-ip.sh \
@@ -187,6 +186,9 @@ RUN apk update \
         hiredis \
         mongo-c-driver \
         libmicrohttpd \
+ # Install `bash` for `docker-entrypoint.sh`.
+ && apk add --no-cache \
+        bash \
  # Install `dig` tool for `detect-external-ip.sh`.
  && apk add --no-cache \
         bind-tools \
diff --git a/docker/coturn/alpine/rootfs/usr/local/bin/docker-entrypoint.sh b/docker/coturn/alpine/rootfs/usr/local/bin/docker-entrypoint.sh
deleted file mode 100644
index b4774bb1..00000000
--- a/docker/coturn/alpine/rootfs/usr/local/bin/docker-entrypoint.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-
-# If command starts with an option, prepend it with a `turnserver` binary.
-if [ "${1:0:1}" == '-' ]; then
-  set -- turnserver "$@"
-fi
-
-exec $(eval "echo $@")
diff --git a/docker/coturn/debian/Dockerfile b/docker/coturn/debian/Dockerfile
index 0807b40d..d08fcf9b 100644
--- a/docker/coturn/debian/Dockerfile
+++ b/docker/coturn/debian/Dockerfile
@@ -104,7 +104,7 @@ COPY --from=dist-libprom /out/ /
 COPY CMakeLists.txt \
      configure \
      INSTALL \
-     LICENSE LICENSE.OpenSSL \
+     LICENSE \
      make-man.sh Makefile.in \
      postinstall.txt \
      README.turn* \
@@ -153,7 +153,6 @@ RUN mkdir -p /out/ \
 
 # Install helper tools of Docker image.
 COPY docker/coturn/rootfs/ /out/
-COPY docker/coturn/debian/rootfs/ /out/
 RUN chmod +x /out/usr/local/bin/docker-entrypoint.sh \
              /out/usr/local/bin/detect-external-ip.sh
 RUN ln -s /usr/local/bin/detect-external-ip.sh \
diff --git a/docker/coturn/debian/rootfs/usr/local/bin/docker-entrypoint.sh b/docker/coturn/debian/rootfs/usr/local/bin/docker-entrypoint.sh
deleted file mode 100644
index 27d60864..00000000
--- a/docker/coturn/debian/rootfs/usr/local/bin/docker-entrypoint.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-# If command starts with an option, prepend it with a `turnserver` binary.
-if [ "${1:0:1}" == '-' ]; then
-  set -- turnserver "$@"
-fi
-
-exec $(eval "echo $@")
diff --git a/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh b/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh
new file mode 100644
index 00000000..8ea3ab41
--- /dev/null
+++ b/docker/coturn/rootfs/usr/local/bin/docker-entrypoint.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# If command starts with an option, prepend it with a `turnserver` binary.
+if [ "${1:0:1}" == '-' ]; then
+  set -- turnserver "$@"
+fi
+
+# Evaluate each argument separately to avoid mixing them up in a single `eval`.
+expanded=()
+for i in "$@"; do
+  expanded+=("$(eval "echo $i")")
+done
+
+exec "${expanded[@]}"