From b3c8d67f74b4dc1f28bddf3e6a52b49c75f780a6 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Thu, 5 Dec 2024 22:19:30 +0100 Subject: [PATCH 01/23] debian supports riscv64 now so we can just switch to that and everything works --- build/Dockerfile | 7 +++---- deb/Dockerfile | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 1971c40..b2f01f4 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,15 +1,14 @@ -# Use carlosedp/golang for riscv64 support -FROM carlosedp/golang:1.18 AS build +FROM debian:sid-slim AS build # Install dependencies -RUN apt-get update && apt-get install -y git build-essential libsecret-1-dev +RUN apt-get update && apt-get install -y git golang build-essential libsecret-1-dev # Build WORKDIR /build/ COPY build.sh VERSION /build/ RUN bash build.sh -FROM ubuntu:jammy +FROM debian:sid-slim LABEL maintainer="Xiaonan Shen " EXPOSE 25/tcp diff --git a/deb/Dockerfile b/deb/Dockerfile index 8aa8bc7..ddebcac 100644 --- a/deb/Dockerfile +++ b/deb/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:jammy +FROM debian:sid-slim LABEL maintainer="Xiaonan Shen " EXPOSE 25/tcp From db779f4e521b276211935cdeb4f623bb2f27ab8b Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 12:27:01 +0100 Subject: [PATCH 02/23] add (backwards compatible) support for running rootless --- build/Dockerfile | 4 ++++ build/entrypoint.sh | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index b2f01f4..d995d47 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -11,9 +11,13 @@ RUN bash build.sh FROM debian:sid-slim LABEL maintainer="Xiaonan Shen " +# These are only exported if running as root EXPOSE 25/tcp EXPOSE 143/tcp +EXPOSE 1025/tcp +EXPOSE 1143/tcp + # Install dependencies and protonmail bridge RUN apt-get update \ && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \ diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 1931087..330c9e2 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -23,8 +23,13 @@ else # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + if [[ $(id -u) == 0 ]]; then + socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + fi + + socat TCP-LISTEN:1025,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:1143,fork TCP:127.0.0.1:1143 & # Start protonmail # Fake a terminal, so it does not quit because of EOF... From ac55256b612a53b02afdeff5340266b6a6df0324 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 13:45:31 +0100 Subject: [PATCH 03/23] fix restarts --- build/Dockerfile | 4 ++-- build/entrypoint.sh | 11 +++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index d995d47..2253a17 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -15,8 +15,8 @@ LABEL maintainer="Xiaonan Shen " EXPOSE 25/tcp EXPOSE 143/tcp -EXPOSE 1025/tcp -EXPOSE 1143/tcp +EXPOSE 2025/tcp +EXPOSE 2143/tcp # Install dependencies and protonmail bridge RUN apt-get update \ diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 330c9e2..403ace6 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -19,6 +19,8 @@ if [[ $1 == init ]]; then /protonmail/proton-bridge --cli $@ else + # delete lock files if they exist - this can happen if the container is restarted forcefully + find $HOME -name "*.lock" -delete # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. @@ -28,13 +30,10 @@ else socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & fi - socat TCP-LISTEN:1025,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:1143,fork TCP:127.0.0.1:1143 & + socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & # Start protonmail - # Fake a terminal, so it does not quit because of EOF... - rm -f faketty - mkfifo faketty - cat faketty | /protonmail/proton-bridge --cli $@ + /protonmail/proton-bridge --noninteractive $@ fi From 5368a237f5c1c4b0f75b9faaa2929575ef994c46 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 14:01:27 +0100 Subject: [PATCH 04/23] update deb entrypoint --- deb/Dockerfile | 6 +++++- deb/entrypoint.sh | 19 ++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/deb/Dockerfile b/deb/Dockerfile index ddebcac..3d20b17 100644 --- a/deb/Dockerfile +++ b/deb/Dockerfile @@ -1,9 +1,13 @@ -FROM debian:sid-slim +FROM ubuntu:jammy LABEL maintainer="Xiaonan Shen " +# These are only exported if running as root EXPOSE 25/tcp EXPOSE 143/tcp +EXPOSE 2025/tcp +EXPOSE 2143/tcp + WORKDIR /protonmail # Copy bash scripts diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 13637e5..241f32f 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -30,20 +30,25 @@ if [[ $1 == init ]]; then pass init pass-key # Login - protonmail-bridge --cli + protonmail-bridge --cli $@ else + # delete lock files if they exist - this can happen if the container is restarted forcefully + find $HOME -name "*.lock" -delete + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + if [[ $(id -u) == 0 ]]; then + socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + fi + + socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & # Start protonmail - # Fake a terminal, so it does not quit because of EOF... - rm -f faketty - mkfifo faketty - cat faketty | protonmail-bridge --cli + /protonmail/proton-bridge --noninteractive $@ fi From b62e01689c79bc552747fb782be3140a0c6b4143 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 14:43:17 +0100 Subject: [PATCH 05/23] add friendly error messages for when the container hasn't been initialized properly. --- build/entrypoint.sh | 7 +++++++ deb/entrypoint.sh | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 403ace6..73e6c80 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -22,6 +22,13 @@ else # delete lock files if they exist - this can happen if the container is restarted forcefully find $HOME -name "*.lock" -delete + # give friendly error if you don't have protonmail data + find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 + # give friendly error if the user doesn't own the data + if [[ $(id -u) != 0 ]]; then + find $HOME -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + fi + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 241f32f..41fcf41 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -37,6 +37,13 @@ else # delete lock files if they exist - this can happen if the container is restarted forcefully find $HOME -name "*.lock" -delete + # give friendly error if you don't have protonmail data + find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 + # give friendly error if the user doesn't own the data + if [[ $(id -u) != 0 ]]; then + find $HOME -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + fi + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) From e117b4613e1ae8ee5bed932c908edcaed81fa8fd Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 18:56:23 +0100 Subject: [PATCH 06/23] slightly nicer find commands --- build/entrypoint.sh | 2 +- deb/entrypoint.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 73e6c80..8576cce 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -26,7 +26,7 @@ else find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + find $HOME/.* -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 fi # socat will make the conn appear to come from 127.0.0.1 diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 41fcf41..10ed759 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -41,7 +41,7 @@ else find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + find $HOME/.* -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 fi # socat will make the conn appear to come from 127.0.0.1 From 2fc6d542a88563959bc6a6d7e646036e781519b6 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 19:17:46 +0100 Subject: [PATCH 07/23] fix find --- build/entrypoint.sh | 4 ++-- deb/entrypoint.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 8576cce..330fe86 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -23,10 +23,10 @@ else find $HOME -name "*.lock" -delete # give friendly error if you don't have protonmail data - find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 + find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME/.* -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + find $HOME/.* -not -user $(id -u) | grep -q . || (echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1) fi # socat will make the conn appear to come from 127.0.0.1 diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 10ed759..b45b851 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -38,10 +38,10 @@ else find $HOME -name "*.lock" -delete # give friendly error if you don't have protonmail data - find $HOME | grep -q . || echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1 + find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME/.* -not -user $(id -u) | grep -q . || echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + find $HOME/.* -not -user $(id -u) | grep -q . || (echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1) fi # socat will make the conn appear to come from 127.0.0.1 From a7c8aee0260395bb7458c75bf608af35bb66018f Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Fri, 6 Dec 2024 20:18:08 +0100 Subject: [PATCH 08/23] fix entrypoint --- build/entrypoint.sh | 4 +++- deb/entrypoint.sh | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 330fe86..ac6506d 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -26,7 +26,9 @@ else find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME/.* -not -user $(id -u) | grep -q . || (echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1) + if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then + echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + fi fi # socat will make the conn appear to come from 127.0.0.1 diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index b45b851..8bbc78f 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -41,7 +41,9 @@ else find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then - find $HOME/.* -not -user $(id -u) | grep -q . || (echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1) + if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then + echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + fi fi # socat will make the conn appear to come from 127.0.0.1 From 51a8142c11d326ad71508a2cdac127feaadb6da0 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Tue, 10 Dec 2024 10:21:15 +0100 Subject: [PATCH 09/23] slight entrypoint enhancements for debugging purposes --- build/entrypoint.sh | 11 +++++++---- deb/entrypoint.sh | 12 +++++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index ac6506d..93712e4 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -19,18 +19,21 @@ if [[ $1 == init ]]; then /protonmail/proton-bridge --cli $@ else - # delete lock files if they exist - this can happen if the container is restarted forcefully - find $HOME -name "*.lock" -delete - + if [[ $HOME == / ]] then + echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." # give friendly error if you don't have protonmail data find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then - echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." + exit 1 fi fi + # delete lock files if they exist - this can happen if the container is restarted forcefully + find $HOME -name "*.lock" -delete + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index 8bbc78f..a68a42c 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -33,19 +33,21 @@ if [[ $1 == init ]]; then protonmail-bridge --cli $@ else - - # delete lock files if they exist - this can happen if the container is restarted forcefully - find $HOME -name "*.lock" -delete - + if [[ $HOME == / ]] then + echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." # give friendly error if you don't have protonmail data find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then - echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." && exit 1 + echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." + exit 1 fi fi + # delete lock files if they exist - this can happen if the container is restarted forcefully + find $HOME -name "*.lock" -delete + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) From 045c7bb5086e6cef34963b9eb071fcec6c127239 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Tue, 10 Dec 2024 10:57:05 +0100 Subject: [PATCH 10/23] increase readability --- build/entrypoint.sh | 13 +++++++++++-- deb/entrypoint.sh | 12 ++++++++++-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 93712e4..74a3504 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -19,10 +19,18 @@ if [[ $1 == init ]]; then /protonmail/proton-bridge --cli $@ else - if [[ $HOME == / ]] then + if [[ $HOME == "/" ]] then echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." + exit 1 + fi + # give friendly error if you don't have protonmail data - find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) + if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME + echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." + sleep 300 + exit 1 + fi + # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then @@ -34,6 +42,7 @@ else # delete lock files if they exist - this can happen if the container is restarted forcefully find $HOME -name "*.lock" -delete + # socat will make the conn appear to come from 127.0.0.1 # ProtonMail Bridge currently expects that. # It also allows us to bind to the real ports :) diff --git a/deb/entrypoint.sh b/deb/entrypoint.sh index a68a42c..c117d81 100644 --- a/deb/entrypoint.sh +++ b/deb/entrypoint.sh @@ -33,10 +33,18 @@ if [[ $1 == init ]]; then protonmail-bridge --cli $@ else - if [[ $HOME == / ]] then + if [[ $HOME == "/" ]] then echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." + exit 1 + fi + # give friendly error if you don't have protonmail data - find $HOME | grep -q . || (echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." && sleep 300 && exit 1) + if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME + echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." + sleep 300 + exit 1 + fi + # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then From 166a822fb0118ae0d19977fcc8712fc0795baef2 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Tue, 10 Dec 2024 12:24:16 +0100 Subject: [PATCH 11/23] add building the vault editor for protomailv3 --- build/Dockerfile | 3 ++- build/build.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 2253a17..c2aec15 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -8,7 +8,7 @@ WORKDIR /build/ COPY build.sh VERSION /build/ RUN bash build.sh -FROM debian:sid-slim +FROM debian:sid LABEL maintainer="Xiaonan Shen " # These are only exported if running as root @@ -29,5 +29,6 @@ COPY gpgparams entrypoint.sh /protonmail/ # Copy protonmail COPY --from=build /build/proton-bridge/bridge /protonmail/ COPY --from=build /build/proton-bridge/proton-bridge /protonmail/ +COPY --from=build /build/proton-bridge/vault-editor /protonmail/ ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"] diff --git a/build/build.sh b/build/build.sh index 91f2772..7b45e05 100644 --- a/build/build.sh +++ b/build/build.sh @@ -20,4 +20,4 @@ if [[ $ARCH == "armv7l" ]] ; then fi # Build -make build-nogui +make build-nogui vault-editor From b874fa9b03a21ae0629430588faa4a4cd83559f6 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Tue, 10 Dec 2024 12:26:53 +0100 Subject: [PATCH 12/23] add ps utils --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index c2aec15..7bbb37a 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -20,7 +20,7 @@ EXPOSE 2143/tcp # Install dependencies and protonmail bridge RUN apt-get update \ - && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \ + && apt-get install -y --no-install-recommends procps socat pass libsecret-1-0 ca-certificates \ && rm -rf /var/lib/apt/lists/* # Copy bash scripts From 18040d4b41c792ec896fe2f32addcd597c4e8a31 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Wed, 11 Dec 2024 12:27:43 +0100 Subject: [PATCH 13/23] add env variables! --- build/Dockerfile | 7 +++++-- build/entrypoint.sh | 12 ++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 7bbb37a..d2b0200 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -8,7 +8,7 @@ WORKDIR /build/ COPY build.sh VERSION /build/ RUN bash build.sh -FROM debian:sid +FROM debian:sid-slim LABEL maintainer="Xiaonan Shen " # These are only exported if running as root @@ -18,9 +18,12 @@ EXPOSE 143/tcp EXPOSE 2025/tcp EXPOSE 2143/tcp +ENV PROTONMAIL_TelemetryDisabled=false +ENV PROTONMAIL_AutoUpdate=false + # Install dependencies and protonmail bridge RUN apt-get update \ - && apt-get install -y --no-install-recommends procps socat pass libsecret-1-0 ca-certificates \ + && apt-get install -y --no-install-recommends procps jq socat pass libsecret-1-0 ca-certificates \ && rm -rf /var/lib/apt/lists/* # Copy bash scripts diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 74a3504..5392ec7 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -54,6 +54,18 @@ else socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & + # check if the vault-editor can read the config + /protonmail/vault-editor read 2>&1 1>/dev/null + # Modify the protonmail config with env variables and expected values + /protonmail/vault-editor read | \ + jq '.Settings.AutoUpdate = env.PROTONMAIL_AutoUpdate + | .Settings.TelemetryDisabled = env.PROTONMAIL_TelemetryDisabled + | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" + | .Settings.Autostart = false + | .Settings.SMTPPort = 1025 + | .Settings.IMAPPort = 1143 ' \ + | /protonmail/vault-editor write + # Start protonmail /protonmail/proton-bridge --noninteractive $@ From 037bc21902e573f1d0d6c57c565eb1481394b8a9 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Thu, 12 Dec 2024 12:49:00 +0100 Subject: [PATCH 14/23] disable the vault-editor stuff because it is currently broken. --- build/entrypoint.sh | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 5392ec7..5cc170c 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -54,17 +54,18 @@ else socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & - # check if the vault-editor can read the config - /protonmail/vault-editor read 2>&1 1>/dev/null - # Modify the protonmail config with env variables and expected values - /protonmail/vault-editor read | \ - jq '.Settings.AutoUpdate = env.PROTONMAIL_AutoUpdate - | .Settings.TelemetryDisabled = env.PROTONMAIL_TelemetryDisabled - | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" - | .Settings.Autostart = false - | .Settings.SMTPPort = 1025 - | .Settings.IMAPPort = 1143 ' \ - | /protonmail/vault-editor write + # Broken until https://github.com/ProtonMail/proton-bridge/issues/512 is resolved. + # # check if the vault-editor can read the config + # /protonmail/vault-editor read 2>&1 1>/dev/null + # # Modify the protonmail config with env variables and expected values + # /protonmail/vault-editor read | \ + # jq '.Settings.AutoUpdate = env.PROTONMAIL_AutoUpdate + # | .Settings.TelemetryDisabled = env.PROTONMAIL_TelemetryDisabled + # | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" + # | .Settings.Autostart = false + # | .Settings.SMTPPort = 1025 + # | .Settings.IMAPPort = 1143 ' \ + # | /protonmail/vault-editor write # Start protonmail /protonmail/proton-bridge --noninteractive $@ From 97ae2ee134f2218e31b9b2a9a7042fbd2f81ea9b Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Thu, 12 Dec 2024 12:53:18 +0100 Subject: [PATCH 15/23] test --- build/entrypoint.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 5cc170c..783b3f1 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -55,17 +55,17 @@ else socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & # Broken until https://github.com/ProtonMail/proton-bridge/issues/512 is resolved. - # # check if the vault-editor can read the config - # /protonmail/vault-editor read 2>&1 1>/dev/null - # # Modify the protonmail config with env variables and expected values - # /protonmail/vault-editor read | \ - # jq '.Settings.AutoUpdate = env.PROTONMAIL_AutoUpdate - # | .Settings.TelemetryDisabled = env.PROTONMAIL_TelemetryDisabled - # | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" - # | .Settings.Autostart = false - # | .Settings.SMTPPort = 1025 - # | .Settings.IMAPPort = 1143 ' \ - # | /protonmail/vault-editor write + # check if the vault-editor can read the config + /protonmail/vault-editor read 2>&1 1>/dev/null + # Modify the protonmail config with env variables and expected values. Env variables must be converted from string to boolean. + /protonmail/vault-editor read | \ + jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true else false end) + | .Settings.TelemetryDisabled = (env.PROTONMAIL_TelemetryDisabled | if . == "true" then true else false end) + | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" + | .Settings.Autostart = false + | .Settings.SMTPPort = 1025 + | .Settings.IMAPPort = 1143 ' \ + | /protonmail/vault-editor write # Start protonmail /protonmail/proton-bridge --noninteractive $@ From 7f15c4b6ab2eaa9d43aada48ac591d8554eccde7 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding Date: Thu, 12 Dec 2024 15:14:44 +0100 Subject: [PATCH 16/23] fix settings updater --- build/entrypoint.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 783b3f1..8cad894 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -64,8 +64,10 @@ else | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" | .Settings.Autostart = false | .Settings.SMTPPort = 1025 - | .Settings.IMAPPort = 1143 ' \ - | /protonmail/vault-editor write + | .Settings.IMAPPort = 1143 ' > /tmp/protonmail-conf.json + + cat /tmp/protonmail-conf.json | /protonmail/vault-editor write + rm /tmp/protonmail-conf.json # Start protonmail /protonmail/proton-bridge --noninteractive $@ From a7fcf0fd88a8af23c4be1138e1dd61865d75843c Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 24 Apr 2025 20:51:44 +0200 Subject: [PATCH 17/23] build pr images too --- .github/workflows/build.yaml | 10 ++++++++++ build/entrypoint.sh | 25 +++++-------------------- 2 files changed, 15 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index cb20661..623b763 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -93,3 +93,13 @@ jobs: ${{ steps.repo.outputs.repo }}:${{ steps.version.outputs.version }}-build labels: ${{ steps.docker_meta.outputs.labels }} push: ${{ github.event_name != 'pull_request' }} + - name: Push test-image + uses: docker/build-push-action@v2 + with: + context: ./build + file: ./build/Dockerfile + platforms: ${{ env.PLATFORMS }} + tags: | + ${{ steps.repo.outputs.repo }}:pr-${{ github.head_ref }} + labels: ${{ steps.docker_meta.outputs.labels }} + push: ${{ github.event_name == 'pull_request' }} diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 8cad894..058f093 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -8,7 +8,7 @@ if [[ $1 == init ]]; then # Initialize pass gpg --generate-key --batch /protonmail/gpgparams pass init pass-key - + # Kill the other instance as only one can be running at a time. # This allows users to run entrypoint init inside a running conainter # which is useful in a k8s environment. @@ -30,7 +30,7 @@ else sleep 300 exit 1 fi - + # give friendly error if the user doesn't own the data if [[ $(id -u) != 0 ]]; then if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then @@ -49,26 +49,11 @@ else if [[ $(id -u) == 0 ]]; then socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & + else + socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & fi - socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & - - # Broken until https://github.com/ProtonMail/proton-bridge/issues/512 is resolved. - # check if the vault-editor can read the config - /protonmail/vault-editor read 2>&1 1>/dev/null - # Modify the protonmail config with env variables and expected values. Env variables must be converted from string to boolean. - /protonmail/vault-editor read | \ - jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true else false end) - | .Settings.TelemetryDisabled = (env.PROTONMAIL_TelemetryDisabled | if . == "true" then true else false end) - | .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" - | .Settings.Autostart = false - | .Settings.SMTPPort = 1025 - | .Settings.IMAPPort = 1143 ' > /tmp/protonmail-conf.json - - cat /tmp/protonmail-conf.json | /protonmail/vault-editor write - rm /tmp/protonmail-conf.json - # Start protonmail /protonmail/proton-bridge --noninteractive $@ From 6e7290efd3264cabb3ac228716876f1f43992d1d Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 24 Apr 2025 20:58:23 +0200 Subject: [PATCH 18/23] push test images to ghcr.io/shenxn/protonmail-bridge-dev --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 623b763..01a531c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -77,7 +77,7 @@ jobs: password: ${{ secrets.REGISTRY_PASSWORD }} - name: Login to GitHub Container Registry uses: docker/login-action@v1 - if: ${{ github.event_name != 'pull_request' && github.ref == 'refs/heads/dev' }} + if: ${{ github.event_name == 'pull_request' }} with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -100,6 +100,6 @@ jobs: file: ./build/Dockerfile platforms: ${{ env.PLATFORMS }} tags: | - ${{ steps.repo.outputs.repo }}:pr-${{ github.head_ref }} + ${{ steps.repo.outputs.repo }}:${{ github.head_ref }} labels: ${{ steps.docker_meta.outputs.labels }} push: ${{ github.event_name == 'pull_request' }} From a68521bd9dc32738957598c3dbf360009a247f37 Mon Sep 17 00:00:00 2001 From: simonfelding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 24 Apr 2025 23:51:08 +0200 Subject: [PATCH 19/23] fix space --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f15d3d7..83ff9ba 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -225,4 +225,4 @@ jobs: - name: Inspect image run: | docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} - docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} \ No newline at end of file + docker buildx imagetools inspect ${{ env.GHCR_REPO }}:${{ steps.meta.outputs.version }} From cb2cf7502fd85a876ba9d863a6fa0177897a11de Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 24 Apr 2025 23:57:18 +0200 Subject: [PATCH 20/23] fix pr builds --- .github/workflows/build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 83ff9ba..30f42f4 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -57,14 +57,14 @@ jobs: outputs: type=image,"name=${{ env.DOCKER_REPO_DEV }}",push-by-digest=false,name-canonical=true,push=true context: ./build file: ./build/Dockerfile - tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" + tags: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.sha }}" build-args: | version=${{ env.version }} - name: Run Trivy vulnerability scan uses: aquasecurity/trivy-action@0.30.0 with: - image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.ref_name }}" + image-ref: "${{ env.DOCKER_REPO_DEV }}:dev-${{ github.sha }}" format: 'sarif' exit-code: 0 severity: 'CRITICAL,HIGH' From 651cbbdaf3a38dadf7de4bfb83ab49f9fec16193 Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 12 Jun 2025 16:49:33 +0200 Subject: [PATCH 21/23] simplified some stuff. it should work now! --- README.md | 50 ++++------------------ build/entrypoint.sh | 102 +++++++++++++++++++++++--------------------- 2 files changed, 62 insertions(+), 90 deletions(-) diff --git a/README.md b/README.md index e772fde..2f4577b 100644 --- a/README.md +++ b/README.md @@ -29,41 +29,20 @@ tag | description `build` | latest `build` image `[version]-build` | `build` images -## Initialization +## Starting the container -To initialize and add account to the bridge, run the following command. +To initialize and add account to the bridge, run the following steps: +1. Start the container with a named volume (protonmail) for persistent storage. ``` -docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init +docker run -it -v protonmail:/root shenxn/protonmail-bridge ``` -If you want to use Docker Compose instead, you can create a copy of the provided example [docker-compose.yml](docker-compose.yml) file, modify it to suit your needs, and then run the following command: +## Setting up the bridge -``` -docker compose run protonmail-bridge init -``` - -Wait for the bridge to startup, then you will see a prompt appear for [Proton Mail Bridge interactive shell](https://proton.me/support/bridge-cli-guide). Use the `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. - -## Run - -To run the container, use the following command. - -``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge -``` - -Or, if using Docker Compose, use the following command. - -``` -docker compose up -d -``` - -## Kubernetes - -If you want to run this image in a Kubernetes environment. You can use the [Helm](https://helm.sh/) chart (https://github.com/k8s-at-home/charts/tree/master/charts/stable/protonmail-bridge) created by [@Eagleman7](https://github.com/Eagleman7). More details can be found in [#23](https://github.com/shenxn/protonmail-bridge-docker/issues/23). - -If you don't want to use Helm, you can also reference to the guide ([#6](https://github.com/shenxn/protonmail-bridge-docker/issues/6)) written by [@ghudgins](https://github.com/ghudgins). +If you have not set up an account, you need to do the folliwing steps in the protonmail-bridge CLI interface: +1. Use the `add` command to add your ProtonMail account. You will be prompted to enter your ProtonMail username and password. +2. After adding your account, use the `info` command to see the configuration information (username and password). ## Security @@ -75,19 +54,6 @@ docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/ Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service). -## Compatibility - -The bridge currently only supports some of the email clients. More details can be found on the official website. I've tested this on a Synology DiskStation and it runs well. However, you may need ssh onto it to run the interactive docker command to add your account. The main reason of using this instead of environment variables is that it seems to be the best way to support two-factor authentication. - ## Bridge CLI Guide The initialization step exposes the bridge CLI so you can do things like switch between combined and split mode, change proxy, etc. The [official guide](https://protonmail.com/support/knowledge-base/bridge-cli-guide/) gives more information on to use the CLI. - -## Build - -For anyone who want to build this container on your own (for development or security concerns), here is the guide to do so. First, you need to `cd` into the directory (`deb` or `build`, depending on which type of image you want). Then just run the docker build command -``` -docker build . -``` - -That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images. diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 058f093..a4a56d9 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -2,59 +2,65 @@ set -ex -# Initialize if [[ $1 == init ]]; then + echo "The init command is deprecated. Go to our github repo for setup instructions." +fi - # Initialize pass +if [[ $HOME == "/" ]] then + echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." + exit 1 +fi + +# give friendly error if you don't have protonmail data +if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME + echo 'Protonmail does not seem to have been initialized yet. Enter the container with something like `docker exec -it ` and type "help" for instructions on how to set up the ProtonMail Bridge' + timeout 10s /protonmail/proton-bridge --noninteractive # this starts the bridge in non-interactive mode and kills it after 20 seconds, so we can populate the vault with default values and override them with the env variables in the later step. +fi + +# give friendly error if the user doesn't own the data +if [[ $(id -u) != 0 ]]; then + if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then + echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." + exit 1 + fi +fi + +if [[ ! -f $HOME/.gnupg ]]; then + echo "No GPG key found in $HOME/.gnupg. Running gpg --generate-key." gpg --generate-key --batch /protonmail/gpgparams pass init pass-key - # Kill the other instance as only one can be running at a time. - # This allows users to run entrypoint init inside a running conainter - # which is useful in a k8s environment. - # || true to make sure this would not fail in case there is no running instance. - pkill protonmail-bridge || true +# delete lock files if they exist - this can happen if the container is restarted forcefully - # Login - /protonmail/proton-bridge --cli $@ - -else - if [[ $HOME == "/" ]] then - echo "When running rootless, you must set a home dir as the HOME env var. We recommend /data. Make sure it is writable by the user running the container (currently id is $(id -u) and HOME is $HOME)." - exit 1 - fi - - # give friendly error if you don't have protonmail data - if [[ `find $HOME | wc -l` == 1 ]]; then # 1 because find $HOME will always return $HOME - echo "No files found - start the container with the init command, or copy/mount files into it at $HOME first. Sleeping 5 minutes before exiting so you have time to copy the files over." - sleep 300 - exit 1 - fi - - # give friendly error if the user doesn't own the data - if [[ $(id -u) != 0 ]]; then - if [[ `find $HOME/.* -not -user $(id -u) | wc -l` != 0 ]]; then - echo "You do not own the data in $HOME. Please chown it to $(id -u), run the container as the owner of the data or run the container as root." - exit 1 - fi - fi - - # delete lock files if they exist - this can happen if the container is restarted forcefully +if [[ `find $HOME -name "*.lock" | wc -l` != 0 ]]; then + echo "Deleting lock files in $HOME. This can happen if the container is restarted forcefully." find $HOME -name "*.lock" -delete - - - # socat will make the conn appear to come from 127.0.0.1 - # ProtonMail Bridge currently expects that. - # It also allows us to bind to the real ports :) - if [[ $(id -u) == 0 ]]; then - socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & - else - socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & - socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & - fi - - # Start protonmail - /protonmail/proton-bridge --noninteractive $@ - fi + +# socat will make the conn appear to come from 127.0.0.1 +# ProtonMail Bridge currently expects that. +# It also allows us to bind to the real ports :) +if [[ $(id -u) == 0 ]]; then + socat TCP-LISTEN:25,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:143,fork TCP:127.0.0.1:1143 & +else + socat TCP-LISTEN:2025,fork TCP:127.0.0.1:1025 & + socat TCP-LISTEN:2143,fork TCP:127.0.0.1:1143 & +fi + +# Broken until https://github.com/ProtonMail/proton-bridge/issues/512 is resolved. +# check if the vault-editor can read the config +/protonmail/vault-editor read 2>&1 1>/dev/null +# Modify the protonmail config with env variables and expected values. Env variables must be converted from string to boolean. +/protonmail/vault-editor read | \ +jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true else false end) +| .Settings.TelemetryDisabled = (env.PROTONMAIL_TelemetryDisabled | if . == "true" then true else false end) +| .Settings.GluonDir |= "\(env.HOME)/.local/share/protonmail/bridge-v3/gluon" +| .Settings.Autostart = false +| .Settings.SMTPPort = 1025 +| .Settings.IMAPPort = 1143 ' \ +| /protonmail/vault-editor write + +# Start protonmail +echo "Starting ProtonMail Bridge. Connect to the CLI with `docker exec -it ` and type 'help' for instructions." +/protonmail/proton-bridge --cli $@ \ No newline at end of file From 7ef9657e540d7bf7e2e64dbcb03c29e9166a4ddd Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 12 Jun 2025 16:57:11 +0200 Subject: [PATCH 22/23] fix missing if statement closing --- build/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/entrypoint.sh b/build/entrypoint.sh index a4a56d9..32a0453 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -29,7 +29,7 @@ if [[ ! -f $HOME/.gnupg ]]; then echo "No GPG key found in $HOME/.gnupg. Running gpg --generate-key." gpg --generate-key --batch /protonmail/gpgparams pass init pass-key - +fi # delete lock files if they exist - this can happen if the container is restarted forcefully if [[ `find $HOME -name "*.lock" | wc -l` != 0 ]]; then @@ -63,4 +63,4 @@ jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true # Start protonmail echo "Starting ProtonMail Bridge. Connect to the CLI with `docker exec -it ` and type 'help' for instructions." -/protonmail/proton-bridge --cli $@ \ No newline at end of file +/protonmail/proton-bridge --cli $@ From d483aa120bb878c74c304ca65199e9410d7a018c Mon Sep 17 00:00:00 2001 From: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com> Date: Thu, 12 Jun 2025 18:45:25 +0200 Subject: [PATCH 23/23] there we go. --- README.md | 9 +++++++-- build/entrypoint.sh | 2 ++ docker-compose.yml | 9 +++++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2f4577b..15e6e16 100644 --- a/README.md +++ b/README.md @@ -37,12 +37,17 @@ To initialize and add account to the bridge, run the following steps: ``` docker run -it -v protonmail:/root shenxn/protonmail-bridge ``` +2. When you are done, press `CTRL+P` followed by `CTRL+Q`. This detaches the container from your terminal and keeps it running in the background. ## Setting up the bridge If you have not set up an account, you need to do the folliwing steps in the protonmail-bridge CLI interface: -1. Use the `add` command to add your ProtonMail account. You will be prompted to enter your ProtonMail username and password. -2. After adding your account, use the `info` command to see the configuration information (username and password). +1. Connect to the running container by getting it's name using `docker ps` and then running: +``` +docker attach +``` +2. Use the `add` command to add your ProtonMail account. You will be prompted to enter your ProtonMail username and password. +3. After adding your account, use the `info` command to see the configuration information (username and password). ## Security diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 32a0453..e80f31e 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -64,3 +64,5 @@ jq '.Settings.AutoUpdate = (env.PROTONMAIL_AutoUpdate | if . == "true" then true # Start protonmail echo "Starting ProtonMail Bridge. Connect to the CLI with `docker exec -it ` and type 'help' for instructions." /protonmail/proton-bridge --cli $@ +echo "ProtonMail bridge stopped. waiting 30 seconds before exiting in order to preserve the logs." +sleep 30 # so we have time to read the logs in case of a crash loop \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index fa91e7d..cdf95da 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,14 +1,19 @@ -version: '2.1' - services: protonmail-bridge: image: shenxn/protonmail-bridge + container_name: protonmail-bridge ports: - 1025:25/tcp - 1143:143/tcp restart: unless-stopped volumes: - protonmail:/root + stdin_open: true + tty: true + logging: + options: + max-size: "1m" + max-file: "10" volumes: protonmail: name: protonmail