build: gpg-agent run fix & automated login process

The gpg-agent could not start if the /root is mounted by docker when
the external path is long enough, a workaround is to use a different
GNUPGHOME for gpg key generation, and copy generated files to
/root/.gnupg afterwards

bonus: thanks to expect, we can a automated login process, if both
PROTONMAIL_USERNAME and PROTONMAIL_PASSWORD are set

Signed-off-by: Jeffrey Stoke <me@arhat.dev>

README.md

@@ -26,28 +26,39 @@ There are two types of images.
  - `deb`: Images based on the official [.deb release](https://protonmail.com/bridge/install). It only supports the `amd64` architecture.
  - `build`: Images based on the [source code](https://github.com/ProtonMail/proton-bridge). It supports `amd64`, `arm64`, and `arm/v7`. Supporting to more architectures is possible. PRs are welcome.
 
-tag | description
+| tag               | description          |
- -- | --
+| ----------------- | -------------------- |
-`latest` | latest `deb` image
+| `latest`          | latest `deb` image   |
-`[version]` | `deb` images
+| `[version]`       | `deb` images         |
-`build` | latest `build` image
+| `build`           | latest `build` image |
-`[version]-build` | `build` images
+| `[version]-build` | `build` images       |
+
+## Environment Variables for images with `build` in tag
+
+| Name                  | Description                                                                         | Default Value |
+| --------------------- | ----------------------------------------------------------------------------------- | ------------- |
+| `PROTONMAIL_USERNAME` | your protonmail account username                                                    | (not set)     |
+| `PROTONMAIL_PASSWORD` | the password for your protonmail account                                            | (not set)     |
+| `MASTER_PASSWORD`     | the master password for the internal password manager required by protonmail-bridge | `pass-key`    |
+| `GNUPGHOME`           | change the defulat `/root/.gnupg` to this directory as a workaround for gpg error   | `/tmp/gnupg`  |
 
 ## Initialization
 
 To initialize and add account to the bridge, run the following command.
 
-```
+```bash
 docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init
 ```
 
 Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely.
 
+__NOTE:__ If you have `PROTONMAIL_USERNAME` and `PROTONMAIL_PASSWORD` set for `docker run` with `-e`, the login process will finish automatically.
+
 ## Run
 
 To run the container, use the following command.
 
-```
+```bash
 docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
 ```
 
@@ -61,7 +72,7 @@ If you don't want to use Helm, you can also reference to the guide ([#6](https:/
 
 Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package.
 
-```
+```bash
 docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
 ```
 

build/.dockerignore

@@ -6,3 +6,4 @@
 !gpgparams
 !Dockerfile
 !build.sh
+!login.exp

build/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.13 AS build
+FROM golang:1.16 AS build
 
 # Install dependencies
 RUN apt-get update && apt-get install -y libsecret-1-dev
@@ -16,13 +16,16 @@ EXPOSE 143/tcp
 
 # Install dependencies and protonmail bridge
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
+    && apt-get install -y --no-install-recommends \
+        expect socat pass libsecret-1-0 ca-certificates \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy bash scripts
-COPY gpgparams entrypoint.sh /protonmail/
-
 # Copy protonmail
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/
 
+# Copy bash scripts
+COPY gpgparams entrypoint.sh login.exp /protonmail/
+
+RUN chmod +x /protonmail/login.exp
+
 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]

build/build.sh

@@ -2,12 +2,12 @@
 
 set -ex
 
-VERSION=`cat VERSION`
+VERSION="$(cat VERSION)"
 
 # Clone new code
 git clone https://github.com/ProtonMail/proton-bridge.git
 cd proton-bridge
-git checkout v$VERSION
+git checkout "v${VERSION}"
 
 # Build
 make build-nogui

build/entrypoint.sh

@@ -4,13 +4,37 @@ set -ex
 
 # Initialize
 if [[ $1 == init ]]; then
+    # set GNUPGHOME as a workaround for
+    #
+    #   gpg-agent[106]: error binding socket to '/root/.gnupg/S.gpg-agent': File name too long
+    #
+    # when using docker volume mount
+    #
+    # ref: https://dev.gnupg.org/T2964
+    #
+
+    export GNUPGHOME="${GNUPGHOME:-"/tmp/gnupg"}"
+    rm -rf "${GNUPGHOME}" || true
+    mkdir -p "${GNUPGHOME}"
+    chmod 0700 "${GNUPGHOME}"
 
     # Initialize pass
     gpg --generate-key --batch /protonmail/gpgparams
-    pass init pass-key
+    pass init "${MASTER_PASSWORD:-"pass-key"}"
 
     # Login
-    /protonmail/proton-bridge --cli $@
+    do_login="/protonmail/proton-bridge --cli $*"
+    if [[ "x${PROTONMAIL_USERNAME}" != "x" && "x${PROTONMAIL_PASSWORD}" != "x" ]]; then
+        # automated login if both username and password are set
+        do_login="/protonmail/login.exp ${do_login}"
+    fi
+
+    $do_login
+
+    # copy gnupg files to default path
+    mkdir -p /root/.gnupg
+    kill "$(pidof gpg-agent)"
+    cp -a "${GNUPGHOME}/" /root/.gnupg/
 
 else
 

build/login.exp

@@ -0,0 +1,55 @@
+#!/usr/bin/expect -f
+
+set timeout 15;
+
+spawn {*}$argv ;
+
+# wait for inital prompt
+expect {
+  ">>> " {
+    # protonmail-bridge started without error, do nothing
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "login\r"
+expect {
+  "Username: " {
+    # login start, enter username
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "$env(PROTONMAIL_USERNAME)\r"
+expect {
+  "Password: " {
+    # username entered, enter password
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "$env(PROTONMAIL_PASSWORD)\r"
+expect {
+  "was added successfully." {
+    # login ok
+    exit 0
+  }
+
+  "Server error" {
+    # login failed
+    exit 1
+  }
+
+  timeout {
+    exit 2
+  }
+}