build: gpg-agent run fix & automated login process

The gpg-agent could not start if the /root is mounted by docker when the external path is long enough, a workaround is to use a different GNUPGHOME for gpg key generation, and copy generated files to /root/.gnupg afterwards bonus: thanks to expect, we can a automated login process, if both PROTONMAIL_USERNAME and PROTONMAIL_PASSWORD are set Signed-off-by: Jeffrey Stoke <me@arhat.dev>
2021-06-14 22:38:44 +02:00
parent 8fa301b5a3
commit da0dfab9d3
6 changed files with 112 additions and 18 deletions
--- a/build/.dockerignore
+++ b/build/.dockerignore
@@ -6,3 +6,4 @@
 !gpgparams
 !Dockerfile
 !build.sh
+!login.exp
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.13 AS build
+FROM golang:1.16 AS build

 # Install dependencies
 RUN apt-get update && apt-get install -y libsecret-1-dev
@@ -16,13 +16,16 @@ EXPOSE 143/tcp

 # Install dependencies and protonmail bridge
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends socat pass libsecret-1-0 ca-certificates \
+    && apt-get install -y --no-install-recommends \
+        expect socat pass libsecret-1-0 ca-certificates \
    && rm -rf /var/lib/apt/lists/*

-# Copy bash scripts
-COPY gpgparams entrypoint.sh /protonmail/
-
 # Copy protonmail
 COPY --from=build /build/proton-bridge/proton-bridge /protonmail/

+# Copy bash scripts
+COPY gpgparams entrypoint.sh login.exp /protonmail/
+
+RUN chmod +x /protonmail/login.exp
+
 ENTRYPOINT ["bash", "/protonmail/entrypoint.sh"]
--- a/build/build.sh
+++ b/build/build.sh
@@ -2,12 +2,12 @@

 set -ex

-VERSION=`cat VERSION`
+VERSION="$(cat VERSION)"

 # Clone new code
 git clone https://github.com/ProtonMail/proton-bridge.git
 cd proton-bridge
-git checkout v$VERSION
+git checkout "v${VERSION}"

 # Build
 make build-nogui
--- a/build/entrypoint.sh
+++ b/build/entrypoint.sh
@@ -4,13 +4,37 @@ set -ex

 # Initialize
 if [[ $1 == init ]]; then
+    # set GNUPGHOME as a workaround for
+    #
+    #   gpg-agent[106]: error binding socket to '/root/.gnupg/S.gpg-agent': File name too long
+    #
+    # when using docker volume mount
+    #
+    # ref: https://dev.gnupg.org/T2964
+    #
+
+    export GNUPGHOME="${GNUPGHOME:-"/tmp/gnupg"}"
+    rm -rf "${GNUPGHOME}" || true
+    mkdir -p "${GNUPGHOME}"
+    chmod 0700 "${GNUPGHOME}"

    # Initialize pass
    gpg --generate-key --batch /protonmail/gpgparams
-    pass init pass-key
+    pass init "${MASTER_PASSWORD:-"pass-key"}"

    # Login
-    /protonmail/proton-bridge --cli $@
+    do_login="/protonmail/proton-bridge --cli $*"
+    if [[ "x${PROTONMAIL_USERNAME}" != "x" && "x${PROTONMAIL_PASSWORD}" != "x" ]]; then
+        # automated login if both username and password are set
+        do_login="/protonmail/login.exp ${do_login}"
+    fi
+
+    $do_login
+
+    # copy gnupg files to default path
+    mkdir -p /root/.gnupg
+    kill "$(pidof gpg-agent)"
+    cp -a "${GNUPGHOME}/" /root/.gnupg/

 else

--- a/build/login.exp
+++ b/build/login.exp
@@ -0,0 +1,55 @@
+#!/usr/bin/expect -f
+
+set timeout 15;
+
+spawn {*}$argv ;
+
+# wait for inital prompt
+expect {
+  ">>> " {
+    # protonmail-bridge started without error, do nothing
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "login\r"
+expect {
+  "Username: " {
+    # login start, enter username
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "$env(PROTONMAIL_USERNAME)\r"
+expect {
+  "Password: " {
+    # username entered, enter password
+  }
+
+  timeout {
+    exit 2
+  }
+}
+
+send -- "$env(PROTONMAIL_PASSWORD)\r"
+expect {
+  "was added successfully." {
+    # login ok
+    exit 0
+  }
+
+  "Server error" {
+    # login failed
+    exit 1
+  }
+
+  timeout {
+    exit 2
+  }
+}