feat: slim runtime and non-root user
All checks were successful
Build and publish / build-and-push-arch (push) Successful in 2m11s
All checks were successful
Build and publish / build-and-push-arch (push) Successful in 2m11s
This commit is contained in:
parent
77144a85e4
commit
dfe8fc7ae3
1 changed files with 14 additions and 6 deletions
|
|
@ -10,7 +10,7 @@ ADD https://github.com/ProtonMail/proton-bridge.git#${version} /build/
|
|||
WORKDIR /build/
|
||||
RUN make build-nogui vault-editor
|
||||
|
||||
FROM golang:1-trixie
|
||||
FROM debian:trixie-slim
|
||||
LABEL maintainer="SR2 Communications <contact@sr2.uk>"
|
||||
|
||||
EXPOSE 25/tcp
|
||||
|
|
@ -18,15 +18,23 @@ EXPOSE 143/tcp
|
|||
|
||||
# Install dependencies and protonmail bridge
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
|
||||
&& apt-get install -y --no-install-recommends socat pass libsecret-1-0 libfido2-1 libcbor0.10 ca-certificates adduser \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create app user
|
||||
RUN addgroup --gid 19994 protonmail && \
|
||||
adduser --uid 19994 --gid 19994 --shell /bin/bash --home /protonmail protonmail
|
||||
|
||||
# Copy bash scripts
|
||||
COPY gpgparams entrypoint.sh /protonmail/
|
||||
COPY --chown=19994:19994 gpgparams entrypoint.sh /protonmail/
|
||||
|
||||
# Copy protonmail
|
||||
COPY --from=build /build/bridge /protonmail/
|
||||
COPY --from=build /build/proton-bridge /protonmail/
|
||||
COPY --from=build /build/vault-editor /protonmail/
|
||||
COPY --from=build --chown=19994:19994 /build/bridge /protonmail/
|
||||
COPY --from=build --chown=19994:19994 /build/proton-bridge /protonmail/
|
||||
COPY --from=build --chown=19994:19994 /build/vault-editor /protonmail/
|
||||
|
||||
WORKDIR /protonmail
|
||||
|
||||
USER 19994
|
||||
|
||||
ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue