From 6a89682d5f4479bcbc62c39d1f789da9ad9b8f60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20T=C3=B3th?= <mrtoth@strongds.hu>
Date: Sat, 23 May 2020 00:31:37 +0200
Subject: [PATCH] Implement persistent storage and start mode

---
 entrypoint.sh                 | 51 +++++++++++++++++++++++++++--------
 isolated-protonmail-bridge.sh | 16 ++++++++---
 2 files changed, 52 insertions(+), 15 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index a383a59..1bbded3 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,20 +2,49 @@
 set -euo pipefail
 
 BRIDGE="${BRIDGE:-/usr/bin/protonmail-bridge}"
+INPIPE=/tmp/input
 
 
-gpg --generate-key --batch gpg-keygen-params.txt
-pass init proton
+setup() {
+    gpg --generate-key --batch gpg-keygen-params.txt
+    pass init proton
 
-mkfifo input
-sleep infinity > input &
-$BRIDGE --cli < input &
-bridge_pid=$!
+    bridge-cli
 
-echo "login" > input
-echo "$BRIDGE_USER" > input
-echo "$BRIDGE_PASS" > input
-echo "info" > input
+    echo "login" > $INPIPE
+    echo "$BRIDGE_USER" > $INPIPE
+    echo "$BRIDGE_PASS" > $INPIPE
+    echo "exit" > $INPIPE
+    wait $bridge_pid
+}
 
-wait $bridge_pid
+bridge-cli() {
+    mkfifo $INPIPE
+    sleep infinity > $INPIPE &
+    $BRIDGE --cli < $INPIPE &
+    bridge_pid=$!
+}
+
+start() {
+    bridge-cli
+
+    echo "info" > $INPIPE
+    wait $bridge_pid
+}
+
+case "${1:-}" in
+  setup)
+    setup
+  ;;
+  start)
+    start
+  ;;
+  test)
+    bash -i
+  ;;
+  *)
+    echo "Usage: isolated_protonmail_bridge.sh [setup|start|test]"
+    exit 1
+  ;;
+esac
 
diff --git a/isolated-protonmail-bridge.sh b/isolated-protonmail-bridge.sh
index 19913d4..5e8a997 100755
--- a/isolated-protonmail-bridge.sh
+++ b/isolated-protonmail-bridge.sh
@@ -3,13 +3,21 @@ set -euo pipefail
 
 HERE="$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")"
 JAIL_HOME=/home/proton
-DEFAULT_BIN=entrypoint.sh
-BIN="${1:-${DEFAULT_BIN}}"
+BIN="${BIN:-entrypoint.sh}"
+
+if [[ -z "${ROOTFS:-}" ]]; then
+    echo "Please set the ROOTFS envvar!"
+    exit 1
+else
+    ROOTFS="$(realpath "${ROOTFS}")"
+fi
+
+rm -rf "${ROOTFS}/dev/fd"
 
 nsjail -Mo                                                                                     \
        --disable_clone_newnet                                                                  \
+       --chroot "${ROOTFS}" --rw                                                               \
        --cwd "${JAIL_HOME}"                                                                    \
-       --tmpfsmount /                                                                          \
        --tmpfsmount /tmp --tmpfsmount /run                                                     \
        --symlink /proc/self/fd:/dev/fd                                                         \
        --bindmount_ro "${HERE}/entrypoint.sh:${JAIL_HOME}/entrypoint.sh"                       \
@@ -22,5 +30,5 @@ nsjail -Mo
        --env PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin                 \
        --env BRIDGE_USER                                                                       \
        --env BRIDGE_PASS                                                                       \
-       -- ${BIN}
+       -- ${BIN} "${1:-}"