From 10653e1ceceb4954010a2833a3131ad9c4e84437 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 16 Jun 2021 00:42:34 +0000 Subject: [PATCH 1/6] Bump build version to 1.8.5 --- build/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/VERSION b/build/VERSION index fe4e75f..ff2fd4f 100644 --- a/build/VERSION +++ b/build/VERSION @@ -1 +1 @@ -1.8.3 \ No newline at end of file +1.8.5 \ No newline at end of file From ae2117655e852a71d6699fe536d7c239c5a0334f Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 17 Jun 2021 21:34:25 +0100 Subject: [PATCH 2/6] Update Dockerfile bump golang to 1.15 in build --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index b391b6c..ae1c6f7 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.13 AS build +FROM golang:1.15 AS build # Install dependencies RUN apt-get update && apt-get install -y libsecret-1-dev From cc4eba30df51b8a809bff5d722a48fdd6111ad88 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Wed, 23 Jun 2021 00:38:37 +0000 Subject: [PATCH 3/6] Bump build version to 1.8.7 --- build/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/VERSION b/build/VERSION index ff2fd4f..d2c4b27 100644 --- a/build/VERSION +++ b/build/VERSION @@ -1 +1 @@ -1.8.5 \ No newline at end of file +1.8.7 \ No newline at end of file From cc26ba05b3142ac23812e80949a8557939725bc3 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Fri, 25 Jun 2021 00:45:27 +0000 Subject: [PATCH 4/6] Bump deb version to 1.8.7-1 --- deb/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deb/VERSION b/deb/VERSION index 3a784b5..26ed364 100644 --- a/deb/VERSION +++ b/deb/VERSION @@ -1 +1 @@ -1.8.3-1 \ No newline at end of file +1.8.7-1 \ No newline at end of file From 07d1004e09a1c31cc5c65b84177f14fda95cfd8e Mon Sep 17 00:00:00 2001 From: Thibault Godouet Date: Sun, 25 Jul 2021 17:42:10 +0100 Subject: [PATCH 5/6] run as non-root in docker --- README.md | 6 +++--- build/Dockerfile | 7 +++++++ build/entrypoint.sh | 5 +++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 853a82d..389e6b7 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ tag | description To initialize and add account to the bridge, run the following command. ``` -docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init +docker run --rm -it -v protonmail:/home/protonmail shenxn/protonmail-bridge init ``` Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. @@ -48,7 +48,7 @@ Wait for the bridge to startup, use `login` command and follow the instructions To run the container, use the following command. ``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge +docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge ``` ## Kubernetes @@ -62,7 +62,7 @@ If you don't want to use Helm, you can also reference to the guide ([#6](https:/ Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package. ``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge +docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge ``` Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service). diff --git a/build/Dockerfile b/build/Dockerfile index ae1c6f7..439e831 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -25,4 +25,11 @@ COPY gpgparams entrypoint.sh /protonmail/ # Copy protonmail COPY --from=build /build/proton-bridge/proton-bridge /protonmail/ +# Add a user 'protonmail' with UID 8535 +RUN useradd -u 8535 -d /home/protonmail protonmail \ + && mkdir -p /home/protonmail \ + && chown protonmail: /home/protonmail +# change to non-privileged user for extra security +USER protonmail + ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"] diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 1cebda6..c04cb4a 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -2,6 +2,11 @@ set -ex +id +# Go to current user's homedir +cd +echo $PWD + # Initialize if [[ $1 == init ]]; then From 4cf0ad4a095878ede4ae60d3976bfe3869b48fa8 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 2 Sep 2021 00:42:48 +0000 Subject: [PATCH 6/6] Bump build version to 1.8.9 --- build/VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/VERSION b/build/VERSION index d2c4b27..5af131d 100644 --- a/build/VERSION +++ b/build/VERSION @@ -1 +1 @@ -1.8.7 \ No newline at end of file +1.8.9 \ No newline at end of file