From 44fbc26c4e3835e840498e5f95ac433111d05d4b Mon Sep 17 00:00:00 2001 From: Oliver Hansen Date: Tue, 6 Jun 2023 20:52:05 +0000 Subject: [PATCH] Add PR #69 from upstream --- README.md | 8 ++++---- build/Dockerfile | 9 ++++++++- build/entrypoint.sh | 6 +++++- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0c048b3c..f9a86a5d 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ tag | description To initialize and add account to the bridge, run the following command. ``` -docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init +docker run --rm -it -v protonmail:/home/protonmail shenxn/protonmail-bridge init ``` Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely. @@ -44,7 +44,7 @@ Wait for the bridge to startup, use `login` command and follow the instructions To run the container, use the following command. ``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge +docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge ``` ## Kubernetes @@ -58,7 +58,7 @@ If you don't want to use Helm, you can also reference to the guide ([#6](https:/ Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package. ``` -docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge +docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge ``` Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service). @@ -78,4 +78,4 @@ For anyone who want to build this container on your own (for development or secu docker build . ``` -That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images. +That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images. \ No newline at end of file diff --git a/build/Dockerfile b/build/Dockerfile index 1971c403..edd80b5a 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -27,4 +27,11 @@ COPY gpgparams entrypoint.sh /protonmail/ COPY --from=build /build/proton-bridge/bridge /protonmail/ COPY --from=build /build/proton-bridge/proton-bridge /protonmail/ -ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"] +# Add a user 'protonmail' with UID 8535 +RUN useradd -u 8535 -d /home/protonmail protonmail \ + && mkdir -p /home/protonmail \ + && chown protonmail: /home/protonmail +# change to non-privileged user for extra security +USER protonmail + +ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"] \ No newline at end of file diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 19310870..08bccac6 100644 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -2,6 +2,10 @@ set -ex +# Go to current user's homedir +cd +echo "Running as user '$USER' (UID '$UID') in '$PWD'" + # Initialize if [[ $1 == init ]]; then @@ -32,4 +36,4 @@ else mkfifo faketty cat faketty | /protonmail/proton-bridge --cli $@ -fi +fi \ No newline at end of file