Add persistent cache mounts for the Go module cache, Go build cache,
and apt so only changed packages are re-downloaded or recompiled on
subsequent builds.
CGO LTO is injected via `make LIBFIDO2_LDFLAGS=...` rather than ENV
because the Makefile sets CGO_LDFLAGS inline in go-build-finalize,
clobbering any inherited environment variable. Binary stripping is done
with strip --strip-all post-build since the Makefile owns the -ldflags
chain and cannot be extended without losing the -X version constants.
- Replace legacy entrypoint with the current build/ version
(PTY_TOOL support, init/manage/attach/run commands, SIGTERM trap,
port-readiness liveness check, abduco session detection, <container>
placeholder in error messages); only difference is binary name
protonmail-bridge instead of /protonmail/proton-bridge
- Add ARG/ENV PTY_TOOL and conditional apt install of dtach/abduco/reptyr
- Add HEALTHCHECK on 127.0.0.1 for all four ports (25, 143, 1025, 1143)
- Switch from CMD bash ... to ENTRYPOINT + CMD ["run"]
- Validate PTY_TOOL at startup and verify the selected binary exists
- Add abduco_session_alive() using `abduco -l` instead of checking BRIDGE_SOCK
(abduco does not create a socket file, so the old check always failed)
- Fix wait_for_session, manage blocking loop, and attach to use tool-specific
liveness checks rather than grouping dtach and abduco together
- Add default (*) error branches to all PTY_TOOL case statements
- Check kill -0 BRIDGE_PID inside the port readiness loop to fail fast if the
bridge exits before its ports are ready
- Add SIGTERM/SIGINT trap with a cleanup() function in run mode so Docker stop
properly reaps bridge and socat children instead of waiting for the kill timeout
- Replace \$(hostname) with <container> placeholder in user-facing error messages
- Use golang:1.26-trixie builder instead of debian:sid
- Build proton-bridge from source via version argument/envelopment
- Add support for PTY tools (dtach, abduco, reptyr) for interactive sessions
- Introduce manage and attach commands for bridge CLI sessions
- Improve daemon startup with port readiness checks
- Add HEALTHCHECK and configurable CMD/ENTRYPOINT
- Harden entrypoint with strict bash flags and better error handling
- Install additional runtime deps (libfido2, procps) and optional PTY tools
The build calls to Protonmail's repo and builds from it. When that repo
changes (i.e. when deb/* changes), the image should be built again.
---------
Co-authored-by: Simon Ungar Felding <45149055+simonfelding@users.noreply.github.com>
tested locally, works fine.
debian has supported riscv64 in the sid image for some time.
this is the same thing the carlosedp/golang image did.
this also fixes the bug with the wrong glibc version, as the build
container now uses the same glibc version as the final container.
