Fix v3.22.0 build, improve stability, and set up for community maintenance
- Add libfido2-dev, libcbor-dev to build deps; libfido2-1, libcbor0 to runtime (fixes #135) - Make bridge binaries read-only to block built-in auto-updater at runtime - Add HEALTHCHECK to Dockerfile - Fix long-uptime stdin stability: replace cat pipe with sleep infinity - Clean up stale GPG agent sockets on container startup - Update maintainer label - Repoint build.yaml to dancwilliams Docker Hub and GHCR repos - Use clean version/latest tags (drop -build suffix) - Fix missing checkout in merge job - Add workflow_dispatch and pip install to update-check.yaml - Remove Gitee mirror workflow - Remove legacy deb build (Dockerfile, workflow, and deb/ directory)
This commit is contained in:
Dan Williams
parent
97014ae98c
commit
5ad6fa81e3
11 changed files with 51 additions and 255 deletions
|
|
@ -4,7 +4,7 @@ FROM debian:sid-slim AS build
|
|||
ARG version
|
||||
|
||||
# Install dependencies
|
||||
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev
|
||||
RUN apt-get update && apt-get install -y golang build-essential libsecret-1-dev libfido2-dev libcbor-dev
|
||||
|
||||
# Build
|
||||
ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
|
||||
|
|
@ -12,14 +12,18 @@ WORKDIR /build/
|
|||
RUN make build-nogui vault-editor
|
||||
|
||||
FROM debian:sid-slim
|
||||
LABEL maintainer="Simon Felding <sife@adm.ku.dk>"
|
||||
LABEL maintainer="Dan Williams <dancwilliams@github>"
|
||||
|
||||
EXPOSE 25/tcp
|
||||
EXPOSE 143/tcp
|
||||
|
||||
# Monitor proton-bridge process health
|
||||
HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=60s \
|
||||
CMD bash -c "pgrep -f proton-bridge || exit 1"
|
||||
|
||||
# Install dependencies and protonmail bridge
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 libcbor0 ca-certificates \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Copy bash scripts
|
||||
|
|
@ -30,4 +34,8 @@ COPY --from=build /build/bridge /protonmail/
|
|||
COPY --from=build /build/proton-bridge /protonmail/
|
||||
COPY --from=build /build/vault-editor /protonmail/
|
||||
|
||||
# Prevent the bridge's built-in auto-updater from replacing the container binary at runtime.
|
||||
# Version management is handled externally via the update-check workflow.
|
||||
RUN chmod -w /protonmail/bridge /protonmail/proton-bridge /protonmail/vault-editor
|
||||
|
||||
ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue