From 8d2e576fc26a4c792d73f2f09a22faad66d6c6b9 Mon Sep 17 00:00:00 2001 From: Eric Trenkel Date: Sat, 17 Jan 2026 08:52:08 +0100 Subject: [PATCH 1/5] Add workaround for stale gpg-agent socket in entrypoint scripts --- build/entrypoint.sh | 6 ++++++ deb/entrypoint.sh | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 1931087..df71743 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -2,6 +2,12 @@ set -ex +# Workaround for stale gpg-agent socket causing auth failures on restart +# Cleans up leftover sockets in the GPG home directory +if [ -d /root/.gnupg ]; then + rm -f /root/.gnupg/S.gpg-agent* +fi + # Initialize if [[ $1 == init ]]; then diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 13637e5..3f81e42 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -2,6 +2,12 @@ set -ex +# Workaround for stale gpg-agent socket causing auth failures on restart +# Cleans up leftover sockets in the GPG home directory +if [ -d /root/.gnupg ]; then + rm -f /root/.gnupg/S.gpg-agent* +fi + # Initialize if [[ $1 == init ]]; then From 2b9894f41316dc57227ee945cad570a1c55daa21 Mon Sep 17 00:00:00 2001 From: Eric Trenkel Date: Sat, 17 Jan 2026 08:53:17 +0100 Subject: [PATCH 2/5] Refactor entrypoint scripts to keep faketty open and ensure proper bridge execution --- build/entrypoint.sh | 11 ++++++++++- deb/entrypoint.sh | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index df71743..463c94b 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -36,6 +36,15 @@ else # Fake a terminal, so it does not quit because of EOF... rm -f faketty mkfifo faketty - cat faketty | /protonmail/proton-bridge --cli $@ + + # Keep faketty open + sleep infinity > faketty & + + # Start bridge reading from faketty + /protonmail/proton-bridge --cli $@ < faketty & + + # Wait for the bridge to exit + wait $! + exit $? fi diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 3f81e42..94c9f77 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -50,6 +50,15 @@ else # Fake a terminal, so it does not quit because of EOF... rm -f faketty mkfifo faketty - cat faketty | protonmail-bridge --cli + + # Keep faketty open + sleep infinity > faketty & + + # Start bridge reading from faketty + protonmail-bridge --cli < faketty & + + # Wait for the bridge to exit + wait $! + exit $? fi From 056fd6ad267caab37d5d329df425926d8ef55f06 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 25 Feb 2026 20:43:08 +0100 Subject: [PATCH 3/5] Enhance socat command options for improved connection handling in entrypoint scripts --- build/entrypoint.sh | 4 ++-- deb/entrypoint.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 463c94b..bf2924d 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -29,8 +29,8 @@ else # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + socat TCP-LISTEN:25,fork,reuseaddr TCP:127.0.0.1:1025,nodelay & + socat TCP-LISTEN:143,fork,reuseaddr TCP:127.0.0.1:1143,nodelay & # Start protonmail # Fake a terminal, so it does not quit because of EOF... diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 94c9f77..764ad0a 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -43,8 +43,8 @@ else # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + socat TCP-LISTEN:25,fork,reuseaddr TCP:127.0.0.1:1025,nodelay & + socat TCP-LISTEN:143,fork,reuseaddr TCP:127.0.0.1:1143,nodelay & # Start protonmail # Fake a terminal, so it does not quit because of EOF... From 906c603ded8d49c484837de453311ba313490228 Mon Sep 17 00:00:00 2001 From: Eric Trenkel Date: Sun, 8 Mar 2026 03:16:53 +0100 Subject: [PATCH 4/5] Add libfido2-dev and pkg-config dependencies --- build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index e90ff25..f96a3bd 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -4,7 +4,7 @@ FROM debian:sid-slim AS build ARG version # Install dependencies -RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev +RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev pkg-config # Build ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/ @@ -19,7 +19,7 @@ EXPOSE 143/tcp # Install dependencies and protonmail bridge RUN apt-get update \ - && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \ + && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates libfido2-1 \ && rm -rf /var/lib/apt/lists/* # Copy bash scripts From 383840cb3f3d386d43977481c44395666a9778af Mon Sep 17 00:00:00 2001 From: Eric Trenkel Date: Sun, 8 Mar 2026 03:56:47 +0100 Subject: [PATCH 5/5] Add libcbor-dev and libcbor0 --- build/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index f96a3bd..45f7557 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -4,7 +4,7 @@ FROM debian:sid-slim AS build ARG version # Install dependencies -RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev pkg-config +RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev pkg-config libcbor-dev # Build ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/ @@ -19,7 +19,7 @@ EXPOSE 143/tcp # Install dependencies and protonmail bridge RUN apt-get update \ - && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates libfido2-1 \ + && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates libfido2-1 libcbor0 \ && rm -rf /var/lib/apt/lists/* # Copy bash scripts