ProtonMail Bridge on Sailfish

ddobrev · 25 April 2021 22:43

I won’t delve into the internals of mailing services. You asked why ProtonMail can’t just use IMAP/POP3 and I’ve answered. They don’t know what to do with 2 passwords while ProtonMail doesn’t open with just one: there’s just one example of the bridge.
Now, the remark about Go is worth thinking about. I had assumed C++ because I didn’t bother to check all code thinking the Qt version would be enough of a problem (and it is, they use Qt 5.13). The 18 MB-s you’ve shown are indeed atrocious, I do hope Go fares much better. But I’m not even sure it works on Sailfish. I guess it’s one item I can check tomorrow as it’s very late here.

poetaster · 26 April 2021 07:12

It’s certainly worth looking at supporting GO and nothing against custom clients for mail services.

I just read: https://protonmail.com/support/knowledge-base/the-difference-between-the-mailbox-password-and-login-password/

They make it clear it’s not 2FA but is actually what I describe. 1 mailbox password and 1 password for gnupg.

I’ll have a look at the bridge implementation when I have a moment.

kaosan · 29 July 2021 21:39

@ddobrev Did you mange to get ProtonBridge running? I saw some guides for Pinephone and it seems that they managed to compile non-gui version of ProtonBridge from Github that worked fine with PASS. Maybe that will work too on SFOS?

ddobrev · 18 August 2021 19:25

I’m afraid not - they don’t support 32-bit builds and Jolla won’t support upgrading to 64-bit on devices older than Xperia 10 II. I got hydroxide working and especially with their latest code it works acceptably.

bymoe · 4 September 2021 12:40

I am running into an permission error when trying to authenticate with hydroxide.

[nemo@Sailfish ~]$ hydroxide auth username password
-bash: hydroxide: Permission denied


[nemo@Sailfish ~]$ systemctl --user status hydroxide
● hydroxide.service - Hydroxide ProtonMail bridge
   Loaded: loaded (/home/nemo/.config/systemd/user/hydroxide.service; enabled; vendor preset: enab
led)
   Active: failed (Result: exit-code) since Sat 2021-09-04 13:15:16 IST; 1min 43s ago
  Process: 2247 ExecStart=/home/nemo/bin/hydroxide serve (code=exited, status=203/EXEC)
 Main PID: 2247 (code=exited, status=203/EXEC)

Anyone any idea?
Its the same result with devel-su

ddobrev · 5 September 2021 13:39

Did you chmod +x hydroxide?

bymoe · 5 September 2021 17:34

Thank you ddobrev, you got me closer to it. The service is now running after changing chmod, but I still have no permissions to authenticate.

[nemo@Sailfish bin]$ ls -l hydroxide
-rwxr-xr-x    1 nemo     nemo       9847214 Sep  3 11:29 hydroxide
[nemo@Sailfish bin]$ systemctl --user status hydroxide
● hydroxide.service - Hydroxide ProtonMail bridge
   Loaded: loaded (/home/nemo/.config/systemd/user/hydroxide.service; enabled; vendor preset: enab
led)
   Active: active (running) since Sun 2021-09-05 16:15:56 IST; 2h 14min ago
 Main PID: 9656 (hydroxide)
   CGroup: /user.slice/user-100000.slice/user@100000.service/hydroxide.service
           └─9656 /home/nemo/bin/hydroxide serve
[nemo@Sailfish bin]$ hydroxide auth username password
-bash: hydroxide: Permission denied

ddobrev · 5 September 2021 17:56

Which is that bin you’ve placed your executable in? Is it a system one, such as /usr/bin or /usr/local/bin? It should work this way too but my personal one has always been in a home subfolder (~/Documents/hydroxide). If this doesn’t work either, I fear I’m out of ideas.

bymoe · 6 September 2021 12:44

Thanks a million. I moved the hydroxide executable to /bin and changed the hydroxide.service file accordingly. Now authorization seems to work and I got my bridge password.

meolic · 9 September 2021 10:24

Just info, it may not mean anything to you.

JSEHV · 9 September 2021 18:30

Not really, still the best email service out there.

Really looking forward to see ProtonMail Bridge implemented in Sailfish OS

Best would be if it can be supported on the OS level, so as a user you can select the mailservice in your account settings. Why have only Gmail, etc. ProtonMail deserves to be in the list for sure. But fully understand that the implementation of it is another beast.

ddobrev · 9 September 2021 19:57

I agree, this would nicely complement Sailfish’s focus on privacy and security.

diegoc · 31 October 2021 11:46

Have there been any updates on this? It would be great to have it as a function in Sailfish OS

poetaster · 1 November 2021 18:05

I’m curious why it’s ‘the best’? I run my own mail servers and crypto mailing lists so I’m not a client anyway, I’m just curious why you think it’s ‘good’ ™.

I looked at the bridge code, both from proton and hydroxide and can’t see how this doesn’t actually make email LESS secure. In the main because adding an ‘entity’, like a service on the client in the mix adds complexity and increases the attack surface.

If you ‘only’ use a web client to access it, it’s probably more secure than many ‘things’ but I don’t buy the security argument.

But it might be better for other reasons. Although I am, of course, inclined to believe my own services are best (ducks and runs…)

EDIT: just for the sake of completeness, some of the systems I run are very much like:
https://thomas-leister.de/mailserver-debian-buster/
But with slightly differnt SQL schema and standard postfix admin (which is also not quite standard).
For crypto lists, one setup uses:
https://schleuder.org/

I also run more exotic setups.

mattpenn · 22 January 2022 18:20

I’m currently running protonmail-bridge on my SFOS device and it is working with the SFOS email client for both sending and receiving mail. The approach I took to get it working is somewhat convoluted. Running natively should be possible with more effort on packaging the dependencies.

Approach:

Install Harbour Containers and dependencies (n.b. aarch64 packages available from @Levone1 in this thread)
Create an Arch linux container
Attach a terminal session and install the protonmail-bridge build dependencies
Build protonmail-bridge from source with the make build-nogui
Run protonmail-bridge --nogui, login then use the output of info to configure SFOS email account settings

I’ve yet to bother tidying it up by automatically starting the container/application on reboot but it is great using the native email client with a server that is PGP signing my mails. And while obviously a hacky fudge it is wonderful to be able to do this at all on a mobile device!

NIS · 1 September 2022 14:25

Hi, I have a question: if you are running ProtonMail Bridge in a Container constantly, doesn’t his produce high battery drainage? How is battery life with this approach? Because I’m also looking into using this approach daily

Mikkoj · 1 February 2023 10:16

Is there instructions for beginners to get this working in Sfos mail app?Or just use android app

NIS · 18 December 2023 18:59

For everyone interested in running ProtonMail Bridge on their Sailfish-smartphone, I’ve created this Wiki:

abranson · 18 December 2023 22:53

Dovecot and Postfix forever!

poetaster · 19 December 2023 11:41

And don’t forget rspamd! And managesieve. Errr, and mysql. Ok, ok. I do use postfix admin, too. sigh.