Implement persistent storage and start mode

2020-05-23 00:31:37 +02:00 · 2020-05-23 00:31:37 +02:00 · 6a89682d5f
parent 076e355366
commit 6a89682d5f
2 changed files with 52 additions and 15 deletions
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -2,20 +2,49 @@
 set -euo pipefail

 BRIDGE="${BRIDGE:-/usr/bin/protonmail-bridge}"
+INPIPE=/tmp/input


-gpg --generate-key --batch gpg-keygen-params.txt
-pass init proton
+setup() {
+    gpg --generate-key --batch gpg-keygen-params.txt
+    pass init proton

-mkfifo input
-sleep infinity > input &
-$BRIDGE --cli < input &
-bridge_pid=$!
+    bridge-cli

-echo "login" > input
-echo "$BRIDGE_USER" > input
-echo "$BRIDGE_PASS" > input
-echo "info" > input
+    echo "login" > $INPIPE
+    echo "$BRIDGE_USER" > $INPIPE
+    echo "$BRIDGE_PASS" > $INPIPE
+    echo "exit" > $INPIPE
+    wait $bridge_pid
+}

-wait $bridge_pid
+bridge-cli() {
+    mkfifo $INPIPE
+    sleep infinity > $INPIPE &
+    $BRIDGE --cli < $INPIPE &
+    bridge_pid=$!
+}
+
+start() {
+    bridge-cli
+
+    echo "info" > $INPIPE
+    wait $bridge_pid
+}
+
+case "${1:-}" in
+  setup)
+    setup
+  ;;
+  start)
+    start
+  ;;
+  test)
+    bash -i
+  ;;
+  *)
+    echo "Usage: isolated_protonmail_bridge.sh [setup|start|test]"
+    exit 1
+  ;;
+esac

--- a/isolated-protonmail-bridge.sh
+++ b/isolated-protonmail-bridge.sh
@ -3,13 +3,21 @@ set -euo pipefail

 HERE="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 JAIL_HOME=/home/proton
-DEFAULT_BIN=entrypoint.sh
-BIN="${1:-${DEFAULT_BIN}}"
+BIN="${BIN:-entrypoint.sh}"
+
+if [[ -z "${ROOTFS:-}" ]]; then
+    echo "Please set the ROOTFS envvar!"
+    exit 1
+else
+    ROOTFS="$(realpath "${ROOTFS}")"
+fi
+
+rm -rf "${ROOTFS}/dev/fd"

 nsjail -Mo                                                                                     \
       --disable_clone_newnet                                                                  \
+       --chroot "${ROOTFS}" --rw                                                               \
       --cwd "${JAIL_HOME}"                                                                    \
-       --tmpfsmount /                                                                          \
       --tmpfsmount /tmp --tmpfsmount /run                                                     \
       --symlink /proc/self/fd:/dev/fd                                                         \
       --bindmount_ro "${HERE}/entrypoint.sh:${JAIL_HOME}/entrypoint.sh"                       \
@ -22,5 +30,5 @@ nsjail -Mo
       --env PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin                 \
       --env BRIDGE_USER                                                                       \
       --env BRIDGE_PASS                                                                       \
-       -- ${BIN}
+       -- ${BIN} "${1:-}"