build: switch to Go-based multi-stage build and improve
- Use golang:1.26-trixie builder instead of debian:sid - Build proton-bridge from source via version argument/envelopment - Add support for PTY tools (dtach, abduco, reptyr) for interactive sessions - Introduce manage and attach commands for bridge CLI sessions - Improve daemon startup with port readiness checks - Add HEALTHCHECK and configurable CMD/ENTRYPOINT - Harden entrypoint with strict bash flags and better error handling - Install additional runtime deps (libfido2, procps) and optional PTY tools
This commit is contained in:
c41ms0n
parent
57c519436e
commit
3913448f2f
2 changed files with 211 additions and 38 deletions
|
|
@ -1,33 +1,52 @@
|
|||
# The build image could be golang, but it currently does not support riscv64. Only debian:sid does, at the time of writing.
|
||||
FROM debian:sid-slim AS build
|
||||
### The Deb install is just a repack of the official ProtonMail Bridge deb package with less dependencies.
|
||||
### I recommend you don't use this. It's here for legacy reasons.
|
||||
|
||||
FROM golang:1.26-trixie AS build
|
||||
|
||||
ARG version
|
||||
ENV version=${version}
|
||||
|
||||
# Install dependencies
|
||||
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev
|
||||
|
||||
RUN apt-get update && apt-get install -y build-essential libsecret-1-dev libfido2-dev libcbor-dev
|
||||
|
||||
# Build
|
||||
ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
|
||||
WORKDIR /build/
|
||||
RUN make build-nogui vault-editor
|
||||
|
||||
FROM debian:sid-slim
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
FROM debian:trixie-slim
|
||||
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
|
||||
|
||||
# Select PTY tool for manage/attach commands: dtach (default), abduco, reptyr
|
||||
ARG PTY_TOOL=dtach
|
||||
ENV PTY_TOOL=${PTY_TOOL}
|
||||
|
||||
EXPOSE 25/tcp
|
||||
EXPOSE 143/tcp
|
||||
|
||||
# Install dependencies and protonmail bridge
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /protonmail
|
||||
|
||||
# Copy bash scripts
|
||||
COPY gpgparams entrypoint.sh /protonmail/
|
||||
|
||||
# Copy protonmail
|
||||
COPY --from=build /build/bridge /protonmail/
|
||||
COPY --from=build /build/proton-bridge /protonmail/
|
||||
COPY --from=build /build/vault-editor /protonmail/
|
||||
|
||||
ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
socat pass libsecret-1-0 libfido2-1 ca-certificates procps \
|
||||
&& case "${PTY_TOOL}" in \
|
||||
dtach) apt-get install -y --no-install-recommends dtach ;; \
|
||||
abduco) apt-get install -y --no-install-recommends abduco ;; \
|
||||
reptyr) apt-get install -y --no-install-recommends reptyr ;; \
|
||||
esac \
|
||||
&& chmod +x /protonmail/entrypoint.sh \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 --start-period=120s \
|
||||
CMD /bin/bash -c "true < /dev/tcp/localhost/25"
|
||||
|
||||
ENTRYPOINT ["/protonmail/entrypoint.sh"]
|
||||
CMD ["run"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue