From dfe8fc7ae3f2ed9efa9953d0ec451f5484b922ed Mon Sep 17 00:00:00 2001 From: irl Date: Mon, 18 May 2026 09:29:10 +0100 Subject: [PATCH] feat: slim runtime and non-root user --- build/Containerfile | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/build/Containerfile b/build/Containerfile index 6516ad8..ffc031f 100644 --- a/build/Containerfile +++ b/build/Containerfile @@ -10,7 +10,7 @@ ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/ WORKDIR /build/ RUN make build-nogui vault-editor -FROM golang:1-trixie +FROM debian:trixie-slim LABEL maintainer="SR2 Communications " EXPOSE 25/tcp @@ -18,15 +18,23 @@ EXPOSE 143/tcp # Install dependencies and protonmail bridge RUN apt-get update \ - && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \ + && apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 libcbor0.10 ca-certificates adduser \ && rm -rf /var/lib/apt/lists/* +# Create app user +RUN addgroup --gid 19994 protonmail && \ + adduser --uid 19994 --gid 19994 --shell /bin/bash --home /protonmail protonmail + # Copy bash scripts -COPY gpgparams entrypoint.sh /protonmail/ +COPY --chown=19994:19994 gpgparams entrypoint.sh /protonmail/ # Copy protonmail -COPY --from=build /build/bridge /protonmail/ -COPY --from=build /build/proton-bridge /protonmail/ -COPY --from=build /build/vault-editor /protonmail/ +COPY --from=build --chown=19994:19994 /build/bridge /protonmail/ +COPY --from=build --chown=19994:19994 /build/proton-bridge /protonmail/ +COPY --from=build --chown=19994:19994 /build/vault-editor /protonmail/ + +WORKDIR /protonmail + +USER 19994 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]