Add PR shenxn#69 from upstream

olivervhansen · Jun 6, 2023 · 44fbc26 · 44fbc26
1 parent cb8a875
commit 44fbc26
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -34,7 +34,7 @@ tag | description
 To initialize and add account to the bridge, run the following command.
 
 ```
-docker run --rm -it -v protonmail:/root shenxn/protonmail-bridge init
+docker run --rm -it -v protonmail:/home/protonmail shenxn/protonmail-bridge init
 ```
 
 Wait for the bridge to startup, use `login` command and follow the instructions to add your account into the bridge. Then use `info` to see the configuration information (username and password). After that, use `exit` to exit the bridge. You may need `CTRL+C` to exit the docker entirely.
@@ -44,7 +44,7 @@ Wait for the bridge to startup, use `login` command and follow the instructions
 To run the container, use the following command.
 
 ```
-docker run -d --name=protonmail-bridge -v protonmail:/root -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
+docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 1025:25/tcp -p 1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
 ```
 
 ## Kubernetes
@@ -58,7 +58,7 @@ If you don't want to use Helm, you can also reference to the guide ([#6](https:/
 Please be aware that running the command above will expose your bridge to the network. Remember to use firewall if you are going to run this in an untrusted network or on a machine that has public IP address. You can also use the following command to publish the port to only localhost, which is the same behavior as the official bridge package.
 
 ```
-docker run -d --name=protonmail-bridge -v protonmail:/root -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
+docker run -d --name=protonmail-bridge -v protonmail:/home/protonmail -p 127.0.0.1:1025:25/tcp -p 127.0.0.1:1143:143/tcp --restart=unless-stopped shenxn/protonmail-bridge
 ```
 
 Besides, you can publish only port 25 (SMTP) if you don't need to receive any email (e.g. as a email notification service).
@@ -78,4 +78,4 @@ For anyone who want to build this container on your own (for development or secu
 docker build .
 ```
 
-That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images.
+That's it. The `Dockerfile` and bash scripts handle all the downloading, building, and packing. You can also add tags, push to your favorite docker registry, or use `buildx` to build multi architecture images.
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -27,4 +27,11 @@ COPY gpgparams entrypoint.sh /protonmail/
 COPY --from=build /build/proton-bridge/bridge /protonmail/
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/
 
-ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
+# Add a user 'protonmail' with UID 8535
+RUN useradd -u 8535 -d /home/protonmail protonmail \
+    && mkdir -p /home/protonmail \
+    && chown protonmail: /home/protonmail
+# change to non-privileged user for extra security
+USER protonmail
+
+ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
diff --git a/build/entrypoint.sh b/build/entrypoint.sh
@@ -2,6 +2,10 @@
 
 set -ex
 
+# Go to current user's homedir
+cd
+echo "Running as user '$USER' (UID '$UID') in '$PWD'"
+
 # Initialize
 if [[ $1 == init ]]; then
 
@@ -32,4 +36,4 @@ else
     mkfifo faketty
     cat faketty | /protonmail/proton-bridge --cli $@
 
-fi
+fi