Commit graph

222 commits

Author SHA1 Message Date
Daniel García
5800aceb2d
Update web vault to v2023.3.0 and dependencies 2023-03-22 21:30:30 +01:00
BlackDex
0c0e632bc9
Upd Crates, Rust, MSRV, GHA and remove Backtrace
- Changed MSRV to v1.65.
  Discussed this with @dani-garcia, and we will support **N-2**.
  This is/will be the same as for the `time` crate we use.
  Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary
- Removed backtrace crate in favor of `std::backtrace` stable since v1.65
- Updated Rust to v1.67.1
- Updated all the crates
- Updated the GHA action versions
- Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-07 09:17:42 +01:00
Daniel García
024d12db08
Update web vault to v2023.2.0 and dependencies 2023-02-21 22:48:20 +01:00
BlackDex
a0a4994250
Updated Rust and crates
- Updated Rust to v1.67.0
- Updated all crates except for `cookies` and `webauthn`
2023-02-13 08:32:01 +01:00
Jeremy Lin
a2162f4d69
Allow listening on privileged ports (below 1024) as non-root
This is done by running `setcap cap_net_bind_service=+ep` on the executable
in the build stage (doing it in the runtime stage creates an extra copy of
the executable that bloats the image). This only works when using the
BuildKit-based builder, since the `COPY` instruction doesn't copy
capabilities on the legacy builder.
2023-02-01 00:35:33 -08:00
Jeremy Lin
686474f815
Disable Hadolint check for consecutive RUN instructions (DL3059)
This check doesn't seem to add enough value to justify the difficulties it
tends to create when generating `RUN` instructions from a template.
2023-01-24 13:11:13 -08:00
Jeremy Lin
2c6bd8c9dc
Rename .buildx Dockerfiles to .buildkit
This is a more accurate name, since these Dockerfiles require BuildKit, not Buildx.
2023-01-24 13:11:12 -08:00
Daniel García
50fc22966c
Updated web vault to 2023.1.1 and rust dependencies 2023-01-24 20:39:09 +01:00
Daniel García
9b7e86efc2
Update web vault to 2023.1.0 2023-01-12 19:49:06 +01:00
BlackDex
072f2e24c2
Update Rust to v1.66.1 to patch CVE
This PR sets Rust to v1.66.1 to fix a CVE.
https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html
https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Also updated some packages while at it.
2023-01-12 09:45:52 +01:00
Daniel García
10dadfca06
Update web vault to 2022.12.0 2022-12-18 20:37:01 +01:00
BlackDex
8b6dfe48b7
Disable groups by default and Some optimizations
- Put groups support behind a feature flag, and disabled by default.
  The reason is that it has some known issues, but we want to keep
  optimizing this feature. Putting it behind a feature flag could help
  some users, and the developers into optimizing this feature without to
  much trouble.

Further:

- Updates Rust to v1.66.0
- Updated GHA workflows
- Updated Alpine to 3.17
- Updated jquery to v3.6.2
- Moved jdenticon.js to load at the bottom, fixes an issue on chromium
- Added autocomplete attribute to admin login password field
- Added some extra CSP options (Tested this on Safari, Firefox, Chrome, Bitwarden Desktop)
- Moved uppercase convertion from runtime to compile-time using `paste`
  for building the environment variables, lowers heap allocations.
2022-12-16 14:52:42 +01:00
Daniel García
d0b53a6a3d
Update web vault to v2022.11.2 2022-12-12 23:11:46 +01:00
Daniel García
8feed2916f
Update web vault to v2022.11.1 2022-12-01 22:53:47 +01:00
BlackDex
b010dde661
Update Rust version, deps and workflow
- Update Rust to v1.65.0
- Update dependencies
- Updated workflow files
- Added some extra clippy checks
- Fixed some clippy checks
2022-11-08 14:03:31 +01:00
Daniel García
2aa97fa121
Update web vault to v2022.10.2 2022-10-26 21:42:37 +02:00
GeekCorner
31b77bf178
feat: Bump web-vault to v2022.10.1 2022-10-23 18:34:12 +02:00
Jeremy Lin
0a2a8be0ff
Take ROCKET_ADDRESS into account in the Docker healthcheck 2022-10-20 01:04:09 -07:00
Daniel García
638766b346
Update web-vault to 2022.10.0 and dependencies 2022-10-14 18:21:01 +02:00
Daniel García
4cb5918950
Update web vault to v2022.9.2 2022-10-09 17:13:32 +02:00
BlackDex
1094f359c3
Update libraries and Rust version
- Updated to Rust v1.64.0
- Updated all libararies
- Updated multer-rs to be based upon the latest version
- Updated Dockerfiles to match the Rust version
2022-09-25 16:44:34 +02:00
Daniel García
b1b6bc9be0
Update web vault to 2022.9.0 2022-09-08 17:46:02 +02:00
Daniel García
a62dc102fb
Update web vault to 2022.8.1 and cargo dependencies 2022-09-04 23:18:27 +02:00
BlackDex
6e23a573fb
Update deps and Alpine image
- Updated deps
- Updated Alpine images to 3.16
- Removed dumb-init, not needed anymore
- Some small shellcheck tweaks on the start/healthcheck scripts
2022-07-31 15:45:31 +02:00
BlackDex
9a787dd105
Fix persistent folder check within containers
The previous persistent folder check worked by checking if a file
exists. If you used a bind-mount, then this file is not there. But when
using a docker/podman volume those files are copied, and caused the
container to not start.

This change checks the `/proc/self/mountinfo` for a specific patern to
see if the data folder is persistent or not.

Fixes #2622
2022-07-20 13:29:39 +02:00
Daniel García
a0eab35768
Update web vault to 2022.6.2 2022-07-15 19:15:22 +02:00
Daniel García
0c4e79cff6
Update web vault to v2022.6.0 2022-07-06 23:35:02 +02:00
Daniel García
93d4a12834
Update the rest of the files leftover from #2595 by running make 2022-07-06 23:27:48 +02:00
Nathan Neulinger
5a55cfbb9b
Update Dockerfile.j2 2022-07-06 08:56:17 -05:00
Nathan Neulinger
ac93b8a6b9
Update Dockerfile.buildx.alpine 2022-07-06 08:54:36 -05:00
Nathan Neulinger
93786d9ebd
Update Dockerfile.buildx 2022-07-06 08:54:19 -05:00
Nathan Neulinger
a6dbb580c9
Update Dockerfile.alpine 2022-07-06 08:53:58 -05:00
Nathan Neulinger
e62678abdb
Update Dockerfile 2022-07-06 08:53:18 -05:00
Daniel García
60b339f450
Update included web vault to v2022.5.2 2022-06-26 22:04:45 +02:00
Daniel García
d5cfbfc71d
Update web vault to v2022.05.0 2022-06-04 19:07:15 +02:00
BlackDex
a85a250dfd
Fix persistent volume check
It seemed there were some issues building the cross-platform images.
This PR fixes #2501 so building the containers will work again.
2022-05-28 09:31:09 +02:00
BlackDex
40ed505581
Add a persistent volume check.
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.

This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.

This should prevent issues like #2493 .
2022-05-26 09:39:56 +02:00
BlackDex
21b433c5d7
Fix armv6 issue with bullseye images
It looks like the armv6 bullseye images are missing a symlink to the
dynamic linker. The previous buster images had this symlink there,
bullseye does not.

This PR fixes adds that symlink again for only the Debian armv6 build.

Resolves #2490
2022-05-24 15:25:51 +02:00
BlackDex
2168d09421
Update Rust version in Dockerfile
Updated Rust from v1.60 to v1.61 for building the images.
Also made the rust version fixed for the Alpine build images to prevent
those images being build with a newer version when released.
2022-05-21 17:46:14 +02:00
Daniel García
b636d20c64
Update web vault to v2.28.1 2022-05-11 22:19:22 +02:00
BlackDex
3ca85028ea
Improve sync speed and updated dep. versions
Improved sync speed by resolving the N+1 query issues.
Solves #1402 and Solves #1453

With this change there is just one query done to retreive all the
important data, and matching is done in-code/memory.

With a very large database the sync time went down about 3 times.

Also updated misc crates and Github Actions versions.
2022-05-06 17:01:02 +02:00
Daniel García
26ad06df7c
Update web vault to 2.28.0 and dependencies 2022-04-23 18:18:15 +02:00
BlackDex
d98f95f536
Fix building mimalloc on armv6
The armv6 builds need a specific location for the libatomic.a file.
This commit fixes that by adding a RUSTFLAGS argument for this.

Also removed the `link-arg=-s` since this is now already done during via the release profile
And removed the CFLAGS for armv7, this is already fixed by default in the blackdex/rust-musl images.
2022-03-27 14:45:50 +02:00
Daniel García
6643e83b61
Disable mimalloc in arm for now 2022-03-26 20:11:46 +01:00
Daniel García
7b742009a1
Update web vault to 2.27.0 and dependencies 2022-03-26 16:35:54 +01:00
BlackDex
b0faaf2527
Several updates and fixes
- Removed all `thread::sleep` and use `tokio::time::sleep` now.
  This solves an issue with updating to Bullseye ( Resolves #1998 )
- Updated all Debian images to Bullseye
- Added MiMalloc feature and enabled it by default for Alpine based images
  This increases performance for the Alpine images because the default
  memory allocator for MUSL based binaries isn't that fast
- Updated `dotenv` to `dotenvy` a maintained and updated fork
- Fixed an issue with a newer jslib (not fully released yet)
  That version uses a different endpoint for `prelogin` Resolves #2378 )
2022-03-20 18:51:24 +01:00
Daniel García
06f8e69c70
Update web vault to 2.26.1 2022-02-27 22:21:36 +01:00
BlackDex
42136a7097
Favicon, SMTP and misc updates
Favicon:
- Replaced HTML tokenizer, much faster now.
- Caching the domain blacklist function.
- Almost all functions are async now.
- Fixed bug on minimizing data to parse
- Changed maximum icon download size to 5MB to match Bitwarden
- Added `apple-touch-icon.png` as a second fallback besides `favicon.ico`

SMTP:
- Deprecated SMTP_SSL and SMTP_EXPLICIT_TLS, replaced with SMTP_SECURITY

Misc:
- Fixed issue when `resolv.conf` contains errors and trust-dns panics (Fixes #2283)
- Updated Javscript and CSS files for admin interface
- Fixed an issue with the /admin interface which did not cleared the login cookie correctly
- Prevent websocket notifications during org import, this caused a lot of traffic, and slowed down the import.
  This is also the same as Bitwarden which does not trigger this refresh via websockets.

Rust:
- Updated to use v1.59
- Use the new `strip` option and enabled to strip `debuginfo`
- Enabled `lto` with `thin`
- Removed the strip RUN from the alpine armv7, this is now done automatically
2022-02-26 13:56:42 +01:00
BlackDex
5f01db69ff
Update async to prepare for main merge
- Changed nightly to stable in Dockerfile and Workflow
- Updated Dockerfile to use stable and updated ENV's
- Removed 0.0.0.0 as default addr it now uses ROCKET_ADDRESS or the default
- Updated Github Workflow actions to the latest versions
- Updated Hadolint version
- Re-orderd the Cargo.toml file a bit and put libs together which are linked
- Updated some libs
- Updated .dockerignore file
2022-02-22 20:00:33 +01:00
BlackDex
f38926d666
Upd Dockerfiles, crates. Fixed rust 2018 idioms
- Updated crates
- Fixed Dockerfiles to build using the rust stable version
- Enabled warnings for rust 2018 idioms and fixed them.
2022-01-30 22:26:18 +01:00
Daniel García
45122bed9e
Update web vault to v2.25.1b 2022-01-30 21:33:13 +01:00
Daniel García
9a60eb04c2
Update web vault to 2.25.1 and rust base images to march rust-toolchain, the official rust images don't have nightly builds, so just use the latest 2022-01-24 00:15:25 +01:00
D. Scott Boggs
85c0aa1619 Bump rust version to mitigate CVE-2022-21658 2022-01-23 17:51:36 -05:00
BlackDex
5b430f22bc
Support all DB's for Alpine and Debian
- Using my own rust-musl build containers we now support all database
types for both Debian and Alpine.
- Added new Alpine containers for armv6 and arm64/aarch64
- The Debian builds can also be done wihout dpkg magic stuff, probably
some fixes in Rust regarding linking (Or maybe OpenSSL or Diesel), in
any case, it works now without hacking dpkg and apt.
- Updated toolchain and crates
2021-12-26 21:59:28 +01:00
Daniel García
9e4d372213
Update web vault to 2.25.0 2021-12-13 00:02:13 +01:00
BlackDex
c453528dc1
Macro recursion decrease and other optimizations
- Decreased `recursion_limit` from 512 to 87
  Mainly done by optimizing the config macro's.
  This fixes an issue with the rust-analyzer which doesn't go beyond 128
- Removed Regex for masking sensitive values and replaced it with a map()
  This is much faster then using a Regex.
- Refactored the get_support_json macro's
- All items above also lowered the binary size and possibly compile-time
- Removed `_conn: DbConn` from several functions, these caused unnecessary database connections for functions who didn't used that at all
- Decreased json response for `/plans`
- Updated libraries and where needed some code changes
  This also fixes some rare issues with SMTP https://github.com/lettre/lettre/issues/678
- Using Rust 2021 instead of 2018
- Updated rust nightly
2021-11-06 17:44:53 +01:00
Daniel García
450c4d4d97
Update web vault to 2.24.1 2021-10-27 22:46:12 +02:00
Daniel García
03c0a5e405
Update web vault image to v2.23.0c 2021-10-18 22:06:35 +02:00
BlackDex
fce6cb5865
Update OpenSSL via an updated clux build image.
Recently the LetsEncrypt DST certificate has expired.
Older versions of OpenSSL like v1.0.x have issues using this certificate.

Recently clux has updated his image to support OpenSSL v1.1.1[a-z].
This solves issues with those certificates.

This issues was disscused on Matrix.
2021-10-08 16:46:29 +02:00
BlackDex
9928a5404b
Revert Debian images back to Buster.
This fixes #1998 where with some checking it seems Bullseye has some
issues with the glibc sleep call. It returns a SIGILL.

The glibc on Buster doesn't seem to have this issue, so revert back for
now until a fix has been released.
2021-09-27 17:35:49 +02:00
Daniel García
4d33e24099
Update web vault to 2.23.0 2021-09-22 20:26:17 +02:00
BlackDex
ca0fd7a31b Optimize release workflow.
- Split Debian and Alpine into different build matrix
  This starts building both Debian and Alpine based images at the same time
- Make use of Docker BuildKit, which improves speed also.
- Use BuildKit caching for Rust Cargo across docker images.
  This prevents downloading the same crates multiple times.
- Use Github Actions Services to start a docker registry, starting it
via the build script sometimes caused issues.
- Updated the Build workflow to use Ubuntu 20.04 which is more close to
the Bullseye Debian release regarding package versions.
2021-09-13 14:42:15 +02:00
Jeremy Lin
4350e9d241 Update Debian base images to bullseye 2021-09-04 11:46:15 -07:00
Daniel García
37525b1e7e
Merge branch 'fix-timezone-alpine-container' of https://github.com/mrckndt/vaultwarden into mrckndt-fix-timezone-alpine-container 2021-08-22 22:14:38 +02:00
Marco
f6bd8b3462 Adding tzdata to container
To be able to set a timezone inside a container with the env variable TZ
the tzdata package is needed. Otherwise only UTC will be set.
2021-08-06 13:39:33 +02:00
BlackDex
89b5f7c98d Dependency updates
Updated several dependencies and switch to different totp library.

- Switch oath with totp-lite
  oauth hasn't been updated in a long while and some dependencies could not be updated any more
  It now also validates a preseeding 0, as the previous library returned an int instead of a str which stripped a leading 0
- Updated rust to the current latest nightly (including build image)
- Updated bootstrap css and js
- Updated hadolint to latest version
- Updated default rust image from v1.53 to v1.54
- Updated new nightly build/clippy messages
2021-08-22 13:46:48 +02:00
Daniel García
c666497130
Update webvault to 2.21.1 2021-07-25 18:56:06 +02:00
BlackDex
18703bf195 Fix armv7 alpine build.
The `messense/rust-musl-cross` has removed OpenSSL in favor of the
vendored option. Enabled vendored openssl to resolve this.

Resolves #1807
2021-06-29 10:37:39 +02:00
Daniel García
8bf1278b1b
Update web vault and docker base images 2021-06-26 14:08:06 +02:00
Daniel García
c380d9c379
Support for webauthn and u2f->webauthn migrations 2021-06-16 19:06:40 +02:00
BlackDex
565439a914 Updated Pipelines and fixed new Hadolints
- Removed azure-pipelines
- Updated gh-actions to run `cargo test` per db feature
- Fail on warnings by adding `RUSTFLAGS` env
- Updated Dockerfile to fix some new hadolint warnings
2021-05-08 16:48:48 +02:00
Daniel García
1e5306b820
Remove warning when compiling only with mysql and add compatibility mode with the old docker script names 2021-04-29 16:01:04 +02:00
Daniel García
34ea10475d
Project renaming 2021-04-27 23:18:32 +02:00
Daniel García
ced7f1771a
Update dependencies 2021-04-15 18:38:00 +02:00
Daniel García
b268c3dd1c
Update web vault and add unnoficialserver response 2021-04-06 20:38:22 +02:00
BlackDex
95fc88ae5b Some admin interface updates.
- Fixed bug when web-vault is disabled.
- Updated sql-server version check to be simpler thx to @weiznich ( https://github.com/dani-garcia/bitwarden_rs/pull/1548#discussion_r604767196 )
- Use `VACUUM INTO` to create a SQLite backup instead of using the external sqlite3 application.
  - This also removes the dependancy of having the sqlite3 packages installed on the final image unnecessary, and thus removed it.
- Updated backup filename to also have the current time.
- Add specific bitwarden_rs web-vault version check (to match letter patched versions)
  Will work when https://github.com/dani-garcia/bw_web_builds/pull/33 is build (But still works without it also).
2021-04-05 15:09:16 +02:00
BlackDex
9caf4bf383 Misc changes.
Some small changes in general:
- Moved the SQL Version check struct into the function.
- Updated hadolint to 2.0.0
- Fixed hadolint 2.0.0 warnings
- Updated github workflows
- Added .editorconfig for some general shared editor settings.
2021-03-30 21:45:10 +02:00
Daniel García
60164182ae
Fix alpine armv7 build
Reference: https://github.com/messense/rust-musl-cross/pull/34
2021-03-23 23:47:12 +01:00
Daniel García
7436b454db
Update web vault to 2.19.0 2021-03-14 23:36:49 +01:00
std2main
cdf5b6ec2d Add a dot in find command.
Add a dot indicting current directory to search by find.

find in mac won't work without the dot
2021-03-05 15:49:45 -05:00
Daniel García
9117095764
Update dependencies and web vault 2021-02-24 20:30:19 +01:00
Daniel García
5b14608041
Update web vault to have better error messages when not using HTTPS 2021-02-20 19:13:20 +01:00
Jeremy Lin
f82de8d00d Update Alpine base images to 3.13 2021-02-14 15:18:47 -08:00
Daniel García
a74bc2e58f
Update web vault to 2.18.1b 2021-02-06 16:49:49 +01:00
BlackDex
5860679624 Updated dependencies and small mail fixes
- Updated rust nightly
- Updated depenencies
- Removed unicode support for regex (less dependencies)
- Fixed dependency and nightly changes/deprications
- Some mail changes for less spam point triggering
2021-01-31 20:07:42 +01:00
Daniel García
4628e4519d
Update web vault to 2.18.1 2021-01-27 16:08:11 +01:00
Daniel García
580c1bbc7d
Update web vault to 2.18.0 2021-01-25 12:27:57 +01:00
Jeremy Lin
c5ca588a6f Dockerfile.j2: clean up web-vault section 2021-01-24 17:26:25 -08:00
Marco Kilchhofer
1e31043fb3 Improve shutdown behavior (on kubernetes) 2021-01-22 11:50:24 +01:00
Jeremy Lin
5633b6ac94 Use Docker Buildx for multi-arch builds
The bitwarden_rs code is still cross-compiled exactly as before, but Docker
Buildx is used to rewrite the resulting Docker images with correct platform
metadata (reflecting the target platform instead of the build platform).
Buildx also now handles building and pushing the multi-arch manifest lists.
2021-01-09 02:33:36 -08:00
BlackDex
feefe69094 Updated Github Actions, Fixed Dockerfile
- Updated the Github Actions to build just one binary with all DB
  Backends.

- Created a hadolint workflow to check and verify Dockerfiles.
- Fixed current hadolint errors.
- Fixed a bug in the Dockerfile.j2 which prevented the correct libraries
  and tools to be installed on the Alpine images.

- Deleted travis.yml since that is not used anymore
2020-12-16 19:31:39 +01:00
Daniel García
6530904883
Update web vault version to 2.17.1 2020-12-08 16:43:19 +01:00
BlackDex
d46a6ac687 Updated dependencies and Dockerfiles
- Updated crates
- Updated rust-toolchain
- Updated Dockerfile to use latest rust 1.48 version
- Updated AMD64 Alpine to use same version as rust-toolchain and support
  PostgreSQL.
- Updated Rocket to the commit right before they updated hyper.
  Until that update there were some crates updated and some small fixes.
  After that build fails and we probably need to make some changes
(which is probably something already done in the async branch)
2020-12-04 13:38:42 +01:00
Daniel García
257b143df1
Remove some duplicate code in Dockerfile with the help of some variables 2020-10-11 17:27:15 +02:00
BlackDex
ce99e5c583 Fixed issue with building Alpine armv7 image.
The runtime image was using a very old Alpine version.
This caused issues with the catatonit install

Now using the Balena armv7hf Alpine image for this.
2020-10-08 13:12:58 +02:00
BlackDex
8c03746a67 Fixed building mysql, postgresql and sqlite3 for arm
With some apt/dpkg magic building multidb containers for arm versions
now also works. As long as the build stage and docker-image stage use
the same base (debian buster now) it should all work.

Resolves #530, resolves #1066
2020-10-06 18:04:53 +02:00
Daniel García
8746d36845
Document database connection retries and change alpine repo for catatonit
(cherry picked from commit 88e3835050c0418c060c8e3a704894763ee33aa0)
2020-10-04 14:14:26 +02:00
Daniel García
22b9c80007
Reorganize dockerfile template slightly (same result) 2020-10-03 20:59:48 +02:00
Daniel García
ab4355cfed
Updated web vault, dependencies and base docker images 2020-10-03 20:50:13 +02:00
Aiden McClelland
6a8f42da8a
specify version of cmosh's alpine-arm
Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2020-09-26 14:03:20 -06:00