Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1 from trent-maetzold/fix/build-and-cleanup

Browse Source 
Fix build for v3.22+, update to GHCR, cleanup workflows
This commit is contained in:
Trent Maetzold 2026-03-11 16:05:15 -05:00 committed by GitHub
commit 39947ed674
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
17 changed files with 176 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/FUNDING.yml vendored
View File

@ -1,12 +0,0 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: ['https://www.buymeacoffee.com/shenxn']

233
.github/workflows/build.yaml vendored
View File

@ -1,232 +1,75 @@
name: build from source
name: Build and Push
on:
push:
branches: [master]
paths:
- .github/workflows/build.yaml
- build/*
- VERSION
- build/**
pull_request:
paths:
- .github/workflows/build.yaml
- build/*
- build/**
workflow_dispatch:
permissions:
contents: read
packages: write
security-events: write
env:
GHCR_REPO: shenxn/protonmail-bridge-docker
DOCKERHUB_REPO: shenxn/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge
PLATFORMS: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/riscv64
IMAGE: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
jobs:
test:
resolve-version:
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/master'
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@master
- name: Set version
- name: Get latest upstream release
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKER_REPO_DEV }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true
context: ./build
file: ./build/Dockerfile
tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
build-args: |
version=${{ env.version }}
- name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
format: 'sarif'
exit-code: 0
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
run: |
version=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
echo "version=$version" >> $GITHUB_OUTPUT
echo "Resolved version: $version"
build:
needs: resolve-version
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64/v8
- linux/arm/v7
- linux/riscv64
steps:
- name: Checkout
uses: actions/checkout@master
- uses: actions/checkout@v4
- name: Prepare
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- uses: docker/setup-buildx-action@v3
- name: Set version
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
- uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
- name: Build
uses: docker/build-push-action@v6
with:
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=false
context: ./build
file: ./build/Dockerfile
push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }}
tags: |
"${{ env.DOCKERHUB_REPO }}:build"
"${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
"${{ env.GHCR_REPO }}:build"
"${{ env.GHCR_REPO }}:${{ env.version }}-build"
provenance: false
sbom: false
${{ env.IMAGE }}:latest
${{ env.IMAGE }}:${{ needs.resolve-version.outputs.version }}
build-args: |
version=${{ env.version }}
version=${{ needs.resolve-version.outputs.version }}
- name: Export digest
run: |
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
- name: Trivy scan
uses: aquasecurity/trivy-action@master
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: ${{ runner.temp }}/digests/*
if-no-files-found: error
retention-days: 1
image-ref: ${{ env.IMAGE }}:${{ needs.resolve-version.outputs.version }}
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
merge:
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Set version
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
tags: |
type=raw,enable=true,value=${{ env.version }}-build
type=raw,enable=true,suffix=,value=build
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
- name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
format: 'sarif'
exit-code: 0
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}
sarif_file: trivy-results.sarif

79
.github/workflows/deb.yaml vendored
View File

@ -1,79 +0,0 @@
name: pack from deb
on:
push:
paths:
- .github/workflows/deb.yaml
- deb/*
- VERSION
pull_request:
paths:
- .github/workflows/deb.yaml
- deb/*
workflow_dispatch:
env:
DOCKER_REPO: shenxn/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge-dev
jobs:
deb:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
- name: Set version
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Set repo
id: repo
run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ steps.repo.outputs.repo }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build image without push
uses: docker/build-push-action@v2
with:
context: ./deb
file: ./deb/Dockerfile
load: true
tags: protonmail-bridge:latest
- name: Scan image
id: scan
uses: anchore/scan-action@v2
with:
image: protonmail-bridge:latest
fail-build: true
severity-cutoff: critical
acs-report-enable: true
- name: Upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Login to DockerHub
uses: docker/login-action@v1
if: ${{ github.event_name != 'pull_request' }}
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Push image
uses: docker/build-push-action@v2
with:
context: ./deb
file: ./deb/Dockerfile
tags: |
${{ steps.repo.outputs.repo }}:latest
${{ steps.repo.outputs.repo }}:${{ env.version }}
labels: ${{ steps.docker_meta.outputs.labels }}
push: ${{ github.event_name != 'pull_request' }}

27
.github/workflows/mirror.yaml vendored
View File

@ -1,27 +0,0 @@
name: Mirroring
# yamllint disable-line rule:truthy
on:
push:
branches:
- master
- dev
jobs:
mirror_gitee:
name: Mirror to Gitee
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to Gitee
env:
SSH_KEY: ${{ secrets.GITEE_KEY }}
run: |
mkdir -p ~/.ssh
echo "${SSH_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no -l git"
git remote add gitee git@gitee.com:shenxn/protonmail-bridge-docker.git
git push --tags --force --prune gitee "refs/remotes/origin/*:refs/heads/*"

79
.github/workflows/scheduled-update.yaml vendored Normal file
View File

@ -0,0 +1,79 @@
name: Check for new upstream release
on:
schedule:
- cron: '0 6 * * *'
permissions:
contents: read
packages: write
security-events: write
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
jobs:
check:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.check.outputs.version }}
needed: ${{ steps.check.outputs.needed }}
steps:
- name: Compare upstream to registry
id: check
run: |
version=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
echo "version=$version" >> $GITHUB_OUTPUT
token=$(curl -s "https://ghcr.io/token?scope=repository:${{ github.repository_owner }}/protonmail-bridge:pull" | jq -r '.token')
exists=$(curl -s -o /dev/null -w '%{http_code}' \
-H "Authorization: Bearer $token" \
"https://ghcr.io/v2/${{ github.repository_owner }}/protonmail-bridge/manifests/$version")
if [ "$exists" = "200" ]; then
echo "needed=false" >> $GITHUB_OUTPUT
echo "$version already exists in registry"
else
echo "needed=true" >> $GITHUB_OUTPUT
echo "New version $version — building"
fi
build:
needs: check
if: needs.check.outputs.needed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./build
push: true
tags: |
${{ env.IMAGE }}:latest
${{ env.IMAGE }}:${{ needs.check.outputs.version }}
build-args: |
version=${{ needs.check.outputs.version }}
- name: Trivy scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE }}:${{ needs.check.outputs.version }}
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif

24
.github/workflows/update-check.yaml vendored
View File

@ -1,24 +0,0 @@
name: update check
on:
push:
paths:
- .github/workflows/update-check.yaml
- update-check.py
pull_request:
paths:
- .github/workflows/update-check.yaml
- update-check.py
schedule:
- cron: '0 0 * * *' # runs everyday at midnight
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
with:
token: ${{ secrets.PERSONAL_TOKEN }}
- name: Check Update
run: python3 update-check.py ${{ github.event_name == 'pull_request' }}

93
README.md
View File

@ -1,93 +1,92 @@
# ProtonMail IMAP/SMTP Bridge Docker Container
![version badge](https://img.shields.io/docker/v/shenxn/protonmail-bridge)
![image size badge](https://img.shields.io/docker/image-size/shenxn/protonmail-bridge/build)
![docker pulls badge](https://img.shields.io/docker/pulls/shenxn/protonmail-bridge)
![deb badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/pack%20from%20deb/badge.svg)
![build badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/build%20from%20source/badge.svg)
> Fork of [shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) with build fixes, updated dependencies, and GHCR publishing.
This is an unofficial Docker container of the [ProtonMail Bridge](https://protonmail.com/bridge/). Some of the scripts are based on [Hendrik Meyer's work](https://gitlab.com/T4cC0re/protonmail-bridge-docker).
![build badge](https://github.com/trent-maetzold/protonmail-bridge-docker/workflows/build%20from%20source/badge.svg)
Docker Hub: [https://hub.docker.com/r/shenxn/protonmail-bridge](https://hub.docker.com/r/shenxn/protonmail-bridge)
This is an unofficial Docker container of the [ProtonMail Bridge](https://protonmail.com/bridge/).
GitHub: [https://github.com/shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker)
GHCR: `ghcr.io/trent-maetzold/protonmail-bridge`
## Changes from upstream
- Fixed build for proton-bridge v3.22+ (added `libfido2` dependency)
- Switched base image from `debian:sid` to `debian:trixie` (stable)
- Removed DockerHub publishing (GHCR only)
- Removed Gitee mirror workflow
- Merged version check into build workflow with scheduled auto-update
- Updated all GitHub Actions to current versions
- Replaced deprecated Anchore scan with Trivy
- Default docker-compose binds to localhost only (security)
- Updated maintainer labels and security policy
## ARM Support
We now support ARM devices (`arm64` and `arm/v7`)! Use the images tagged with `build`. See next section for details.
ARM devices (`arm64` and `arm/v7`) are supported. Use the images tagged with `build`.
## Tags
There are two types of images.
- `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). It only supports the `amd64` architecture.
- `build`: Images based on the [source code](https://github.com/ProtonMail/proton-bridge). It supports `amd64`, `arm64`, `arm/v7` and `riscv64`. Supporting to more architectures is possible. PRs are welcome.
There are two types of images:
- `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). `amd64` only.
- `build`: Images compiled from [source code](https://github.com/ProtonMail/proton-bridge). Supports `amd64`, `arm64`, `arm/v7`, and `riscv64`.
tag | description
-- | --
`latest` | latest `deb` image
`[version]` | `deb` images
`build` | latest `build` image
`[version]-build` | `build` images
| tag | description |
| -- | -- |
| `latest` | latest `build` image |
| `build` | latest `build` image |
| `[version]-build` | `build` images |
## Initialization
To initialize and add account to the bridge, run the following command.
To initialize and add an account to the bridge:
```
docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init
docker run --rm -it -v protonmail:/root ghcr.io/trent-maetzold/protonmail-bridge:build init
```
If you want to use Docker Compose instead, you can create a copy of the provided example [docker-compose.yml](docker-compose.yml) file, modify it to suit your needs, and then run the following command:
Or with Docker Compose:
```
docker compose run protonmail-bridge init
```
Wait for the bridge to startup, then you will see a prompt appear for [Proton Mail Bridge interactive shell](https://proton.me/support/bridge-cli-guide). Use the `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely.
Wait for the bridge to start, use `login` to add your account, `info` to see credentials, then `exit`. You may need `CTRL+C` to fully exit.
## Run
To run the container, use the following command.
```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
docker run -d --name=protonmail-bridge -v protonmail:/root \
-p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp \
--restart=unless-stopped ghcr.io/trent-maetzold/protonmail-bridge:build
```
Or, if using Docker Compose, use the following command.
Or with Docker Compose:
```
docker compose up -d
```
## Kubernetes
If you want to run this image in a Kubernetes environment. You can use the [Helm](https://helm.sh/) chart (https://github.com/k8s-at-home/charts/tree/master/charts/stable/protonmail-bridge) created by [@Eagleman7](https://github.com/Eagleman7). More details can be found in [#23](https://github.com/shenxn/protonmail-bridge-docker/issues/23).
If you don't want to use Helm, you can also reference to the guide ([#6](https://github.com/shenxn/protonmail-bridge-docker/issues/6)) written by [@ghudgins](https://github.com/ghudgins).
## Security
Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package.
```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
```
Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service).
## Compatibility
The bridge currently only supports some of the email clients. More details can be found on the official website. I've tested this on a Synology DiskStation and it runs well. However, you may need ssh onto it to run the interactive docker command to add your account. The main reason of using this instead of environment variables is that it seems to be the best way to support two-factor authentication.
The default configuration binds ports to localhost only. If you need network access, update the port bindings — but use a firewall on untrusted networks.
## Bridge CLI Guide
The initialization step exposes the bridge CLI so you can do things like switch between combined and split mode, change proxy, etc. The [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/) gives more information on to use the CLI.
The initialization step exposes the bridge CLI for configuration (combined/split mode, proxy, etc.). See the [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/).
## Build
For anyone who want to build this container on your own (for development or security concerns), here is the guide to do so. First, you need to `cd` into the directory (`deb` or `build`, depending on which type of image you want). Then just run the docker build command
To build locally:
```
docker build .
cd build
docker build --build-arg version=v3.22.0 .
```
That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images.
## Acknowledgments
This project is a fork of [shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) by [Xiaonan Shen](https://github.com/shenxn), which provided the original Dockerfiles, entrypoint scripts, and CI pipeline. Some scripts are based on [Hendrik Meyer's work](https://gitlab.com/T4cC0re/protonmail-bridge-docker).
## License
[GPLv3](LICENSE)

4
SECURITY.md
View File

@ -2,4 +2,6 @@
## Reporting a Vulnerability
Before reporting any vulnerability, make sure that it is caused by this project (i.e., this is not a vulnarability of the bridge itself). To report a vulnerabilitiy, you can send me an email (s@sxn.dev). My PGP public key is available [here](https://api.protonmail.ch/pks/lookup?op=get&search=s@sxn.dev).
Before reporting any vulnerability, make sure that it is caused by this project (i.e., not a vulnerability of the bridge itself).
To report a vulnerability, please [open a private security advisory](https://github.com/trent-maetzold/protonmail-bridge-docker/security/advisories/new) on this repository.

1
VERSION
View File

@ -1 +0,0 @@
v3.22.0

13
build/Dockerfile
View File

@ -1,25 +1,26 @@
# The build image could be golang, but it currently does not support riscv64. Only debian:sid does, at the time of writing.
FROM debian:sid-slim AS build
# Trixie (Debian 13) supports golang on all target platforms including riscv64.
FROM debian:trixie-slim AS build
ARG version
# Install dependencies
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev libcbor-dev
# Build
ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
WORKDIR /build/
RUN make build-nogui vault-editor
FROM debian:sid-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
FROM debian:trixie-slim
LABEL maintainer="Trent Maetzold <trent@trkm.io>"
LABEL org.opencontainers.image.source="https://github.com/trent-maetzold/protonmail-bridge-docker"
EXPOSE 25/tcp
EXPOSE 143/tcp
# Install dependencies and protonmail bridge
RUN apt-get update \
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Copy bash scripts

28
deb/Dockerfile
View File

@ -1,28 +0,0 @@
### The Deb install is just a repack of the official ProtonMail Bridge deb package with less dependencies.
### I recommend you don't use this. It's here for legacy reasons.
FROM debian:sid-slim AS build
COPY install.sh PACKAGE /
RUN apt-get update && apt-get install -y wget binutils
# Repack deb (removes unnecessary dependencies and produces /protonmail.deb)
RUN bash /install.sh
FROM debian:sid-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
EXPOSE 25/tcp
EXPOSE 143/tcp
WORKDIR /protonmail
# Copy bash scripts
COPY gpgparams entrypoint.sh PACKAGE /protonmail/
COPY --from=build /protonmail.deb /tmp/protonmail.deb
RUN apt-get update \
&& apt-get install -y --no-install-recommends /tmp/protonmail.deb socat pass libsecret-1-0 ca-certificates procps \
&& rm -rf /var/lib/apt/lists/*
CMD ["bash", "/protonmail/entrypoint.sh"]

1
deb/PACKAGE
View File

@ -1 +0,0 @@
https://github.com/ProtonMail/proton-bridge/releases/download/v3.22.0/protonmail-bridge_3.22.0-1_amd64.deb

49
deb/entrypoint.sh
View File

@ -1,49 +0,0 @@
#!/bin/bash
set -ex
# Initialize
if [[ $1 == init ]]; then
# # Parse parameters
# TFP="" # Default empty two factor passcode
# shift # skip `init`
# while [[ $# -gt 0 ]]; do
# key="$1"
# case $key in
# -u|--username)
# USERNAME="$2"
# ;;
# -p|--password)
# PASSWORD="$2"
# ;;
# -t|--twofactor)
# TWOFACTOR="$2"
# ;;
# esac
# shift
# shift
# done
# Initialize pass
gpg --generate-key --batch /protonmail/gpgparams
pass init pass-key
# Login
protonmail-bridge --cli
else
# socat will make the conn appear to come from 127.0.0.1
# ProtonMail Bridge currently expects that.
# It also allows us to bind to the real ports :)
socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
# Start protonmail
# Fake a terminal, so it does not quit because of EOF...
rm -f faketty
mkfifo faketty
cat faketty | protonmail-bridge --cli
fi

8
deb/gpgparams
View File

@ -1,8 +0,0 @@
%no-protection
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Name-Real: pass-key
Expire-Date: 0
%commit
%echo done

16
deb/install.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
set -ex
# Repack deb (remove unnecessary dependencies)
mkdir deb
wget -i /PACKAGE -O /deb/protonmail.deb
cd deb
ar x -v protonmail.deb
mkdir control
tar zxvf control.tar.gz -C control
sed -i "s/^Depends: .*$/Depends: libgl1, libc6, libsecret-1-0, libstdc++6, libgcc1/" control/control
cd control
tar zcvf ../control.tar.gz .
cd ../
ar rcs -v /protonmail.deb debian-binary control.tar.gz data.tar.gz

6
docker-compose.yml
View File

@ -2,10 +2,10 @@ version: '2.1'
services:
protonmail-bridge:
image: shenxn/protonmail-bridge
image: ghcr.io/trent-maetzold/protonmail-bridge:build
ports:
- 1025:25/tcp
- 1143:143/tcp
- 127.0.0.1:1025:25/tcp
- 127.0.0.1:1143:143/tcp
restart: unless-stopped
volumes:
- protonmail:/root

37
update-check.py
View File

@ -1,37 +0,0 @@
import requests, os, sys
def git(command):
return os.system(f"git {command}")
release = requests.get("https://api.github.com/repos/protonmail/proton-bridge/releases/latest").json()
version = release['tag_name']
deb = [asset for asset in release ['assets'] if asset['name'].endswith('.deb')][0]['browser_download_url']
print(f"Latest release is: {version}")
with open("VERSION", 'w') as f:
f.write(version)
with open("deb/PACKAGE", 'w') as f:
f.write(deb)
git("config --local user.name 'GitHub Actions'")
git("config --local user.email 'actions@github.com'")
git("add -A")
if git("diff --cached --quiet") == 0: # Returns 0 if there are no changes
print("Version didn't change")
exit(0)
git(f"commit -m 'Bump version to {version}'")
is_pull_request = sys.argv[1] == "true"
if is_pull_request:
print("This is a pull request, skipping push step.")
exit(0)
if git("push") != 0:
print("Git push failed!")
exit(1)