Mouws/protonmail-bridge-nextcoud-podman
1
0
Fork 1
mirror of https://github.com/shenxn/protonmail-bridge-docker.git synced 2026-03-26 21:35:58 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Merge pull request #1 from trent-maetzold/fix/build-and-cleanup

Browse Source 
Fix build for v3.22+, update to GHCR, cleanup workflows
This commit is contained in:
Trent Maetzold 2026-03-11 16:05:15 -05:00 committed by GitHub
commit 39947ed674
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
17 changed files with 176 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/FUNDING.yml vendored
View File

@ -1,12 +0,0 @@
# These are supported funding model platforms
github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
patreon: # Replace with a single Patreon username
open_collective: # Replace with a single Open Collective username
ko_fi: # Replace with a single Ko-fi username
tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
liberapay: # Replace with a single Liberapay username
issuehunt: # Replace with a single IssueHunt username
otechie: # Replace with a single Otechie username
custom: ['https://www.buymeacoffee.com/shenxn']

233
.github/workflows/build.yaml vendored
View File

@ -1,232 +1,75 @@
name: build from source name: Build and Push
on: on:
push: push:
branches: [master]
paths: paths:
- .github/workflows/build.yaml - .github/workflows/build.yaml
- build/* - build/**
- VERSION
pull_request: pull_request:
paths: paths:
- .github/workflows/build.yaml - .github/workflows/build.yaml
- build/* - build/**
workflow_dispatch: workflow_dispatch:
permissions:
contents: read
packages: write
security-events: write
env: env:
GHCR_REPO: shenxn/protonmail-bridge-docker IMAGE: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
DOCKERHUB_REPO: shenxn/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge
PLATFORMS: linux/amd64,linux/arm64/v8,linux/arm/v7,linux/riscv64
jobs: jobs:
test: resolve-version:
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.ref != 'refs/heads/master' outputs:
version: ${{ steps.version.outputs.version }}
steps: steps:
- name: Checkout - name: Get latest upstream release
uses: actions/checkout@master
- name: Set version
id: version id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV run: |
version=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
- name: Docker meta echo "version=$version" >> $GITHUB_OUTPUT
id: meta echo "Resolved version: $version"
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKER_REPO_DEV }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6
with:
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true
context: ./build
file: ./build/Dockerfile
tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
build-args: |
version=${{ env.version }}
- name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}"
format: 'sarif'
exit-code: 0
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
build: build:
needs: resolve-version
runs-on: ubuntu-latest runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
strategy:
fail-fast: false
matrix:
platform:
- linux/amd64
- linux/arm64/v8
- linux/arm/v7
- linux/riscv64
steps: steps:
- name: Checkout - uses: actions/checkout@v4
uses: actions/checkout@master
- name: Prepare - uses: docker/setup-buildx-action@v3
run: |
platform=${{ matrix.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Set version - uses: docker/login-action@v3
id: version if: github.event_name != 'pull_request'
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
with: with:
registry: ghcr.io registry: ghcr.io
username: ${{ github.repository_owner }} username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }} password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU - name: Build
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push by digest
id: build
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
platforms: ${{ matrix.platform }}
labels: ${{ steps.meta.outputs.labels }}
outputs: type=image,"name=name=${{ env.DOCKERHUB_REPO }},${{ env.GHCR_REPO }}",push-by-digest=true,name-canonical=true,push=false
context: ./build context: ./build
file: ./build/Dockerfile push: ${{ github.event_name != 'pull_request' }}
load: ${{ github.event_name == 'pull_request' }}
tags: | tags: |
"${{ env.DOCKERHUB_REPO }}:build" ${{ env.IMAGE }}:latest
"${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build" ${{ env.IMAGE }}:${{ needs.resolve-version.outputs.version }}
"${{ env.GHCR_REPO }}:build"
"${{ env.GHCR_REPO }}:${{ env.version }}-build"
provenance: false
sbom: false
build-args: | build-args: |
version=${{ env.version }} version=${{ needs.resolve-version.outputs.version }}
- name: Export digest - name: Trivy scan
run: | uses: aquasecurity/trivy-action@master
mkdir -p ${{ runner.temp }}/digests
digest="${{ steps.build.outputs.digest }}"
touch "${{ runner.temp }}/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with: with:
name: digests-${{ env.PLATFORM_PAIR }} image-ref: ${{ env.IMAGE }}:${{ needs.resolve-version.outputs.version }}
path: ${{ runner.temp }}/digests/* format: sarif
if-no-files-found: error output: trivy-results.sarif
retention-days: 1 severity: CRITICAL,HIGH
- name: Upload Trivy results
merge:
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Download digests
uses: actions/download-artifact@v4
with:
path: ${{ runner.temp }}/digests
pattern: digests-*
merge-multiple: true
- name: Set version
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.DOCKERHUB_REPO }}
${{ env.GHCR_REPO }}
tags: |
type=raw,enable=true,value=${{ env.version }}-build
type=raw,enable=true,suffix=,value=build
- name: Create manifest list and push
working-directory: ${{ runner.temp }}/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *)
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.GHCR_REPO }}@sha256:%s ' *)
- name: Run Trivy vulnerability scan
uses: aquasecurity/trivy-action@0.30.0
with:
image-ref: "${{ env.DOCKERHUB_REPO }}:${{ env.version }}-build"
format: 'sarif'
exit-code: 0
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'
- name: Upload Trivy scan SARIF report
uses: github/codeql-action/upload-sarif@v3 uses: github/codeql-action/upload-sarif@v3
if: always()
with: with:
sarif_file: 'trivy-results.sarif' sarif_file: trivy-results.sarif
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }}
docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }}

79
.github/workflows/deb.yaml vendored
View File

@ -1,79 +0,0 @@
name: pack from deb
on:
push:
paths:
- .github/workflows/deb.yaml
- deb/*
- VERSION
pull_request:
paths:
- .github/workflows/deb.yaml
- deb/*
workflow_dispatch:
env:
DOCKER_REPO: shenxn/protonmail-bridge
DOCKER_REPO_DEV: ghcr.io/shenxn/protonmail-bridge-dev
jobs:
deb:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
- name: Set version
id: version
run: echo "version=`cat VERSION`" >> $GITHUB_ENV
- name: Set repo
id: repo
run: if [[ $GITHUB_REF == "refs/heads/master" ]]; then echo "::set-output name=repo::${DOCKER_REPO}"; else echo "::set-output name=repo::${DOCKER_REPO_DEV}"; fi
- name: Docker meta
id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ${{ steps.repo.outputs.repo }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Build image without push
uses: docker/build-push-action@v2
with:
context: ./deb
file: ./deb/Dockerfile
load: true
tags: protonmail-bridge:latest
- name: Scan image
id: scan
uses: anchore/scan-action@v2
with:
image: protonmail-bridge:latest
fail-build: true
severity-cutoff: critical
acs-report-enable: true
- name: Upload Anchore scan SARIF report
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Login to DockerHub
uses: docker/login-action@v1
if: ${{ github.event_name != 'pull_request' }}
with:
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
if: ${{ github.event_name != 'pull_request' }}
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
- name: Push image
uses: docker/build-push-action@v2
with:
context: ./deb
file: ./deb/Dockerfile
tags: |
${{ steps.repo.outputs.repo }}:latest
${{ steps.repo.outputs.repo }}:${{ env.version }}
labels: ${{ steps.docker_meta.outputs.labels }}
push: ${{ github.event_name != 'pull_request' }}

27
.github/workflows/mirror.yaml vendored
View File

@ -1,27 +0,0 @@
name: Mirroring
# yamllint disable-line rule:truthy
on:
push:
branches:
- master
- dev
jobs:
mirror_gitee:
name: Mirror to Gitee
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to Gitee
env:
SSH_KEY: ${{ secrets.GITEE_KEY }}
run: |
mkdir -p ~/.ssh
echo "${SSH_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no -l git"
git remote add gitee git@gitee.com:shenxn/protonmail-bridge-docker.git
git push --tags --force --prune gitee "refs/remotes/origin/*:refs/heads/*"

79
.github/workflows/scheduled-update.yaml vendored Normal file
View File

@ -0,0 +1,79 @@
name: Check for new upstream release
on:
schedule:
- cron: '0 6 * * *'
permissions:
contents: read
packages: write
security-events: write
env:
IMAGE: ghcr.io/${{ github.repository_owner }}/protonmail-bridge
jobs:
check:
runs-on: ubuntu-latest
outputs:
version: ${{ steps.check.outputs.version }}
needed: ${{ steps.check.outputs.needed }}
steps:
- name: Compare upstream to registry
id: check
run: |
version=$(curl -s https://api.github.com/repos/ProtonMail/proton-bridge/releases/latest | jq -r '.tag_name')
echo "version=$version" >> $GITHUB_OUTPUT
token=$(curl -s "https://ghcr.io/token?scope=repository:${{ github.repository_owner }}/protonmail-bridge:pull" | jq -r '.token')
exists=$(curl -s -o /dev/null -w '%{http_code}' \
-H "Authorization: Bearer $token" \
"https://ghcr.io/v2/${{ github.repository_owner }}/protonmail-bridge/manifests/$version")
if [ "$exists" = "200" ]; then
echo "needed=false" >> $GITHUB_OUTPUT
echo "$version already exists in registry"
else
echo "needed=true" >> $GITHUB_OUTPUT
echo "New version $version — building"
fi
build:
needs: check
if: needs.check.outputs.needed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: ./build
push: true
tags: |
${{ env.IMAGE }}:latest
${{ env.IMAGE }}:${{ needs.check.outputs.version }}
build-args: |
version=${{ needs.check.outputs.version }}
- name: Trivy scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE }}:${{ needs.check.outputs.version }}
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH
- name: Upload Trivy results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-results.sarif

24
.github/workflows/update-check.yaml vendored
View File

@ -1,24 +0,0 @@
name: update check
on:
push:
paths:
- .github/workflows/update-check.yaml
- update-check.py
pull_request:
paths:
- .github/workflows/update-check.yaml
- update-check.py
schedule:
- cron: '0 0 * * *' # runs everyday at midnight
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@master
with:
token: ${{ secrets.PERSONAL_TOKEN }}
- name: Check Update
run: python3 update-check.py ${{ github.event_name == 'pull_request' }}

93
README.md
View File

@ -1,93 +1,92 @@
# ProtonMail IMAP/SMTP Bridge Docker Container # ProtonMail IMAP/SMTP Bridge Docker Container
![version badge](https://img.shields.io/docker/v/shenxn/protonmail-bridge) > Fork of [shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) with build fixes, updated dependencies, and GHCR publishing.
![image size badge](https://img.shields.io/docker/image-size/shenxn/protonmail-bridge/build)
![docker pulls badge](https://img.shields.io/docker/pulls/shenxn/protonmail-bridge)
![deb badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/pack%20from%20deb/badge.svg)
![build badge](https://github.com/shenxn/protonmail-bridge-docker/workflows/build%20from%20source/badge.svg)
This is an unofficial Docker container of the [ProtonMail Bridge](https://protonmail.com/bridge/). Some of the scripts are based on [Hendrik Meyer's work](https://gitlab.com/T4cC0re/protonmail-bridge-docker). ![build badge](https://github.com/trent-maetzold/protonmail-bridge-docker/workflows/build%20from%20source/badge.svg)
Docker Hub: [https://hub.docker.com/r/shenxn/protonmail-bridge](https://hub.docker.com/r/shenxn/protonmail-bridge) This is an unofficial Docker container of the [ProtonMail Bridge](https://protonmail.com/bridge/).
GitHub: [https://github.com/shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) GHCR: `ghcr.io/trent-maetzold/protonmail-bridge`
## Changes from upstream
- Fixed build for proton-bridge v3.22+ (added `libfido2` dependency)
- Switched base image from `debian:sid` to `debian:trixie` (stable)
- Removed DockerHub publishing (GHCR only)
- Removed Gitee mirror workflow
- Merged version check into build workflow with scheduled auto-update
- Updated all GitHub Actions to current versions
- Replaced deprecated Anchore scan with Trivy
- Default docker-compose binds to localhost only (security)
- Updated maintainer labels and security policy
## ARM Support ## ARM Support
We now support ARM devices (`arm64` and `arm/v7`)! Use the images tagged with `build`. See next section for details. ARM devices (`arm64` and `arm/v7`) are supported. Use the images tagged with `build`.
## Tags ## Tags
There are two types of images. There are two types of images:
- `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). It only supports the `amd64` architecture. - `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). `amd64` only.
- `build`: Images based on the [source code](https://github.com/ProtonMail/proton-bridge). It supports `amd64`, `arm64`, `arm/v7` and `riscv64`. Supporting to more architectures is possible. PRs are welcome. - `build`: Images compiled from [source code](https://github.com/ProtonMail/proton-bridge). Supports `amd64`, `arm64`, `arm/v7`, and `riscv64`.
tag | description | tag | description |
-- | -- | -- | -- |
`latest` | latest `deb` image | `latest` | latest `build` image |
`[version]` | `deb` images | `build` | latest `build` image |
`build` | latest `build` image | `[version]-build` | `build` images |
`[version]-build` | `build` images
## Initialization ## Initialization
To initialize and add account to the bridge, run the following command. To initialize and add an account to the bridge:
``` ```
docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init docker run --rm -it -v protonmail:/root ghcr.io/trent-maetzold/protonmail-bridge:build init
``` ```
If you want to use Docker Compose instead, you can create a copy of the provided example [docker-compose.yml](docker-compose.yml) file, modify it to suit your needs, and then run the following command: Or with Docker Compose:
``` ```
docker compose run protonmail-bridge init docker compose run protonmail-bridge init
``` ```
Wait for the bridge to startup, then you will see a prompt appear for [Proton Mail Bridge interactive shell](https://proton.me/support/bridge-cli-guide). Use the `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. Wait for the bridge to start, use `login` to add your account, `info` to see credentials, then `exit`. You may need `CTRL+C` to fully exit.
## Run ## Run
To run the container, use the following command.
``` ```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge docker run -d --name=protonmail-bridge -v protonmail:/root \
-p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp \
--restart=unless-stopped ghcr.io/trent-maetzold/protonmail-bridge:build
``` ```
Or, if using Docker Compose, use the following command. Or with Docker Compose:
``` ```
docker compose up -d docker compose up -d
``` ```
## Kubernetes
If you want to run this image in a Kubernetes environment. You can use the [Helm](https://helm.sh/) chart (https://github.com/k8s-at-home/charts/tree/master/charts/stable/protonmail-bridge) created by [@Eagleman7](https://github.com/Eagleman7). More details can be found in [#23](https://github.com/shenxn/protonmail-bridge-docker/issues/23).
If you don't want to use Helm, you can also reference to the guide ([#6](https://github.com/shenxn/protonmail-bridge-docker/issues/6)) written by [@ghudgins](https://github.com/ghudgins).
## Security ## Security
Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package. The default configuration binds ports to localhost only. If you need network access, update the port bindings — but use a firewall on untrusted networks.
```
docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
```
Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service).
## Compatibility
The bridge currently only supports some of the email clients. More details can be found on the official website. I've tested this on a Synology DiskStation and it runs well. However, you may need ssh onto it to run the interactive docker command to add your account. The main reason of using this instead of environment variables is that it seems to be the best way to support two-factor authentication.
## Bridge CLI Guide ## Bridge CLI Guide
The initialization step exposes the bridge CLI so you can do things like switch between combined and split mode, change proxy, etc. The [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/) gives more information on to use the CLI. The initialization step exposes the bridge CLI for configuration (combined/split mode, proxy, etc.). See the [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/).
## Build ## Build
For anyone who want to build this container on your own (for development or security concerns), here is the guide to do so. First, you need to `cd` into the directory (`deb` or `build`, depending on which type of image you want). Then just run the docker build command To build locally:
``` ```
docker build . cd build
docker build --build-arg version=v3.22.0 .
``` ```
That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images. ## Acknowledgments
This project is a fork of [shenxn/protonmail-bridge-docker](https://github.com/shenxn/protonmail-bridge-docker) by [Xiaonan Shen](https://github.com/shenxn), which provided the original Dockerfiles, entrypoint scripts, and CI pipeline. Some scripts are based on [Hendrik Meyer's work](https://gitlab.com/T4cC0re/protonmail-bridge-docker).
## License
[GPLv3](LICENSE)

4
SECURITY.md
View File

@ -2,4 +2,6 @@
## Reporting a Vulnerability ## Reporting a Vulnerability
Before reporting any vulnerability, make sure that it is caused by this project (i.e., this is not a vulnarability of the bridge itself). To report a vulnerabilitiy, you can send me an email (s@sxn.dev). My PGP public key is available [here](https://api.protonmail.ch/pks/lookup?op=get&search=s@sxn.dev). Before reporting any vulnerability, make sure that it is caused by this project (i.e., not a vulnerability of the bridge itself).
To report a vulnerability, please [open a private security advisory](https://github.com/trent-maetzold/protonmail-bridge-docker/security/advisories/new) on this repository.

1
VERSION
View File

@ -1 +0,0 @@
v3.22.0

13
build/Dockerfile
View File

@ -1,25 +1,26 @@
# The build image could be golang, but it currently does not support riscv64. Only debian:sid does, at the time of writing. # Trixie (Debian 13) supports golang on all target platforms including riscv64.
FROM debian:sid-slim AS build FROM debian:trixie-slim AS build
ARG version ARG version
# Install dependencies # Install dependencies
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev libcbor-dev
# Build # Build
ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/ ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
WORKDIR /build/ WORKDIR /build/
RUN make build-nogui vault-editor RUN make build-nogui vault-editor
FROM debian:sid-slim FROM debian:trixie-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>" LABEL maintainer="Trent Maetzold <trent@trkm.io>"
LABEL org.opencontainers.image.source="https://github.com/trent-maetzold/protonmail-bridge-docker"
EXPOSE 25/tcp EXPOSE 25/tcp
EXPOSE 143/tcp EXPOSE 143/tcp
# Install dependencies and protonmail bridge # Install dependencies and protonmail bridge
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \ && apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 ca-certificates \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Copy bash scripts # Copy bash scripts

28
deb/Dockerfile
View File

@ -1,28 +0,0 @@
### The Deb install is just a repack of the official ProtonMail Bridge deb package with less dependencies.
### I recommend you don't use this. It's here for legacy reasons.
FROM debian:sid-slim AS build
COPY install.sh PACKAGE /
RUN apt-get update && apt-get install -y wget binutils
# Repack deb (removes unnecessary dependencies and produces /protonmail.deb)
RUN bash /install.sh
FROM debian:sid-slim
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
EXPOSE 25/tcp
EXPOSE 143/tcp
WORKDIR /protonmail
# Copy bash scripts
COPY gpgparams entrypoint.sh PACKAGE /protonmail/
COPY --from=build /protonmail.deb /tmp/protonmail.deb
RUN apt-get update \
&& apt-get install -y --no-install-recommends /tmp/protonmail.deb socat pass libsecret-1-0 ca-certificates procps \
&& rm -rf /var/lib/apt/lists/*
CMD ["bash", "/protonmail/entrypoint.sh"]

1
deb/PACKAGE
View File

@ -1 +0,0 @@
https://github.com/ProtonMail/proton-bridge/releases/download/v3.22.0/protonmail-bridge_3.22.0-1_amd64.deb

49
deb/entrypoint.sh
View File

@ -1,49 +0,0 @@
#!/bin/bash
set -ex
# Initialize
if [[ $1 == init ]]; then
# # Parse parameters
# TFP="" # Default empty two factor passcode
# shift # skip `init`
# while [[ $# -gt 0 ]]; do
# key="$1"
# case $key in
# -u|--username)
# USERNAME="$2"
# ;;
# -p|--password)
# PASSWORD="$2"
# ;;
# -t|--twofactor)
# TWOFACTOR="$2"
# ;;
# esac
# shift
# shift
# done
# Initialize pass
gpg --generate-key --batch /protonmail/gpgparams
pass init pass-key
# Login
protonmail-bridge --cli
else
# socat will make the conn appear to come from 127.0.0.1
# ProtonMail Bridge currently expects that.
# It also allows us to bind to the real ports :)
socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 &
socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 &
# Start protonmail
# Fake a terminal, so it does not quit because of EOF...
rm -f faketty
mkfifo faketty
cat faketty | protonmail-bridge --cli
fi

8
deb/gpgparams
View File

@ -1,8 +0,0 @@
%no-protection
%echo Generating a basic OpenPGP key
Key-Type: RSA
Key-Length: 2048
Name-Real: pass-key
Expire-Date: 0
%commit
%echo done

16
deb/install.sh
View File

@ -1,16 +0,0 @@
#!/bin/bash
set -ex
# Repack deb (remove unnecessary dependencies)
mkdir deb
wget -i /PACKAGE -O /deb/protonmail.deb
cd deb
ar x -v protonmail.deb
mkdir control
tar zxvf control.tar.gz -C control
sed -i "s/^Depends: .*$/Depends: libgl1, libc6, libsecret-1-0, libstdc++6, libgcc1/" control/control
cd control
tar zcvf ../control.tar.gz .
cd ../
ar rcs -v /protonmail.deb debian-binary control.tar.gz data.tar.gz

6
docker-compose.yml
View File

@ -2,10 +2,10 @@ version: '2.1'
services: services:
protonmail-bridge: protonmail-bridge:
image: shenxn/protonmail-bridge image: ghcr.io/trent-maetzold/protonmail-bridge:build
ports: ports:
- 1025:25/tcp - 127.0.0.1:1025:25/tcp
- 1143:143/tcp - 127.0.0.1:1143:143/tcp
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- protonmail:/root - protonmail:/root

37
update-check.py
View File

@ -1,37 +0,0 @@
import requests, os, sys
def git(command):
return os.system(f"git {command}")
release = requests.get("https://api.github.com/repos/protonmail/proton-bridge/releases/latest").json()
version = release['tag_name']
deb = [asset for asset in release ['assets'] if asset['name'].endswith('.deb')][0]['browser_download_url']
print(f"Latest release is: {version}")
with open("VERSION", 'w') as f:
f.write(version)
with open("deb/PACKAGE", 'w') as f:
f.write(deb)
git("config --local user.name 'GitHub Actions'")
git("config --local user.email 'actions@github.com'")
git("add -A")
if git("diff --cached --quiet") == 0: # Returns 0 if there are no changes
print("Version didn't change")
exit(0)
git(f"commit -m 'Bump version to {version}'")
is_pull_request = sys.argv[1] == "true"
if is_pull_request:
print("This is a pull request, skipping push step.")
exit(0)
if git("push") != 0:
print("Git push failed!")
exit(1)