From a58c4619321c9bfb754b61303c2819f4a060336b Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 11 Mar 2026 14:32:07 +0100 Subject: [PATCH] fix container change back to debian for older systems change host 0.0.0.0 to protonmail-bridge --- build/Dockerfile | 28 ++++++++++------------- build/entrypoint.sh | 55 +++++++++++++++++++++++---------------------- build/gpgparams | 6 ++--- 3 files changed, 43 insertions(+), 46 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 4ce186e..973ab0d 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,37 +1,33 @@ -FROM golang:alpine AS build +FROM golang:trixie AS build ARG VERSION -RUN apk add --no-cache pass gcc musl-dev git make \ - libsecret-dev \ +RUN apt-get update && apt-get install -y \ + build-essential \ + libsecret-1-dev \ libfido2-dev \ - libcbor-dev + libcbor-dev \ + pass # Build ADD https://github.com/ProtonMail/proton-bridge.git#${VERSION} /build/proton-bridge/ WORKDIR /build/proton-bridge/ -RUN sed -i 's/127.0.0.1/0.0.0.0/g' internal/constants/constants.go +RUN sed -i 's/127.0.0.1/protonmail-bridge/g' internal/constants/constants.go RUN make build-nogui vault-editor -FROM alpine:latest +FROM debian:trixie EXPOSE 1025/tcp EXPOSE 1143/tcp -RUN mkdir -p /root/.gnupg && chmod 700 /root/.gnupg - # Install dependencies and protonmail bridge -RUN apk add --no-cache \ - gcompat \ - libsecret \ - libfido2 \ +RUN apt-get update && apt-get install -y \ gnupg \ pass \ + libsecret-1-0 \ + libfido2-1 \ ca-certificates \ - dbus \ - dbus-x11 \ - gnome-keyring \ - haveged + && rm -rf /var/lib/apt/lists/* # Copy bash scripts COPY gpgparams entrypoint.sh /protonmail/ diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 160b7ca..93584e6 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -1,36 +1,37 @@ -#!/bin/bash -set -ex +#!/bin/sh +set -e -# start entropy -haveged -w 1024 & +mkdir -p /root/.gnupg +chmod 700 /root/.gnupg -# start dbus -eval $(dbus-launch --sh-syntax) +# Initialize pass store if missing +if [ ! -d "/root/.password-store" ]; then + echo "Initializing password store..." -# start secret service -export $(gnome-keyring-daemon --start --components=secrets) + # Generate GPG key + gpg --batch --gen-key /protonmail/gpgparams -chmod 700 /root/.gnupg || true + # Extract fingerprint + KEY=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec:/ {print $5; exit}') + + # Initialize pass + pass init "$KEY" +fi # Initialize -if [[ $1 == init ]]; then - gpg --generate-key --batch /protonmail/gpgparams +if [[ "$1" == "init" ]]; then + # Kill the other instance as only one can be running at a time. + # This allows users to run entrypoint init inside a running conainter + # which is useful in a k8s environment. + # || true to make sure this would not fail in case there is no running instance. + pkill protonmail-bridge || true - KEY=$(gpg --list-secret-keys --with-colons | awk -F: '/^sec:/ {print $5; exit}') - pass init "$KEY" - - # Kill the other instance as only one can be running at a time. - # This allows users to run entrypoint init inside a running conainter - # which is useful in a k8s environment. - # || true to make sure this would not fail in case there is no running instance. - pkill protonmail-bridge || true - - # Run any ProtonMail Bridge Command - Login - proton-bridge --cli $@ + # Run any ProtonMail Bridge Command - Login + proton-bridge --cli "$@" else - # Start ProtonMail Bridge - # Fake a terminal, so it does not quit because of EOF... - rm -f faketty - mkfifo faketty - cat faketty | proton-bridge --cli $@ + # Start ProtonMail Bridge + # Fake a terminal, so it does not quit because of EOF... + rm -f faketty + mkfifo faketty + cat faketty | proton-bridge --cli "$@" fi diff --git a/build/gpgparams b/build/gpgparams index 355568e..351df8e 100644 --- a/build/gpgparams +++ b/build/gpgparams @@ -1,8 +1,8 @@ %no-protection -%echo Generating a basic OpenPGP key Key-Type: RSA Key-Length: 2048 -Name-Real: pass-key +Subkey-Type: RSA +Name-Real: Proton Bridge +Name-Email: bridge@local Expire-Date: 0 %commit -%echo done