From 2e31c1dcc96351ec881b3ada57ec292238db3a2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Tue, 9 Jun 2026 21:44:20 +0200
Subject: [PATCH] fix(passbolt): persist GPG keyring as volume to survive
 restarts

Passbolt's entrypoint creates /var/lib/passbolt/.gnupg/pubring.kbx
as root while PHP-FPM runs as www-data. Without a volume this file
is recreated with wrong ownership on every container recreate, breaking
all GPG operations. Mounting the dir as a volume keeps the chown
33:33 fix permanent.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 passbolt/compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/passbolt/compose.yml b/passbolt/compose.yml
index 7a0da8c..a2de06e 100644
--- a/passbolt/compose.yml
+++ b/passbolt/compose.yml
@@ -24,6 +24,7 @@ services:
     volumes:
       - ../.data/passbolt/gpg:/etc/passbolt/gpg
       - ../.data/passbolt/jwt:/etc/passbolt/jwt
+      - ../.data/passbolt/gnupg:/var/lib/passbolt/.gnupg
     depends_on:
       db:
         condition: service_healthy