Commit Graph

219 Commits

Author SHA1 Message Date
Mathijs van Veluw
92f1530e96
Allow custom umask setting (#4896)
To provide a way to add more security regarding file/folder permissions
this PR adds a way to allow setting a custom `UMASK` variable.

This allows people to set a more secure default like only allowing the
owner the the process/container to read/write files and folders.

Examples:
 - `UMASK=022` File: 644 | Folder: 755 (Default of the containers)
   This means Owner read/write and group/world read-only
 - `UMASK=027` File: 640 | Folder: 750
   This means Owner read/write, group read-only, world no access
 - `UMASK=077` File: 600 | Folder: 700
   This measn Owner read/write and group/world no access

resolves #4571

Signed-off-by: BlackDex <black.dex@gmail.com>
2024-08-27 19:37:17 +02:00
Daniel
a1204cc935
Update Rust to 1.80.1 (#4831) 2024-08-09 11:52:56 +02:00
Mathijs van Veluw
1ea511cbfc
Updated web-vault to v2024.6.2b (#4826) 2024-08-08 17:04:04 +02:00
Mathijs van Veluw
2e6a6fa39f
Update crates, web-vault and fixes (#4823)
* Update crates, web-vault and fixes

- Updated crates
- Updated web-vault to v2024.6.2
  This version is currently the latest version compatible with our API implementation.
  For newer versions we need more code updates to make it compatible.
  Thanks to @stefan0xC this version fixes #4628
- Added a small fix to prevent errors in the Vaultwarden and Client logs.
  The v2024.6.2 web-vault calls an endpoint with invalid arguments.
  If this happens we ignore the call and just return an Ok.
- Added the bulk-collection endpoint (Though not yet available in v2024.6.2)

Fixes #4628

* Prevent bulk remove collections to work
2024-08-07 22:46:03 +02:00
Mathijs van Veluw
529c39c6c5
Update Rust, Crates and GHA (#4783)
- Update Rust to v1.80.0
- Updated GitHub Actions
- Updated crates
2024-07-25 20:24:27 +02:00
Daniel
0e53f58288
Fix Dockerfile linter warnings (#4763)
- they seem to have started appearing with buildx v0.16.0
- skip lint check for FromPlatformFlagConstDisallowed and RedundantTargetPlatform
2024-07-24 00:28:07 +02:00
Calvin Li
6fedfceaa9
chore: Dockerfile to Remove port 3012 (#4725) 2024-07-10 18:40:29 +02:00
Mathijs van Veluw
247d0706ff
Update crates and web-vault (#4714)
- Updated the crates
   Removed the patch for mimalloc
 - Updated the web-vault to v2024.5.1b

The reason for not updating to v2024.6.x is that there are several items
not working correctly or need some more research.
2024-07-08 23:27:48 +02:00
Daniel
8e2a87fd79
Remove mimalloc workaround (#4606)
- libatomic linking for armv6 has been fixed in 992c9da4c5
2024-06-24 19:44:21 +02:00
Mathijs van Veluw
55fdee3bf8
Update crates, web-vault and GHA (#4648)
- Updated all crates including Diesel and the new mysqlclient-sys
- Updated the MSRV to v1.78 as that is what Diesel mandates
- Added the mimalloc crate as a patch for now to fix armv6 static builds
  This probably makes #4606 possible
- Updated web-vault to v2024.5.1
- Updated GitHub Actions
  Fixed an issue with the localhost images for extracting the musl binaries.
2024-06-19 13:06:58 +02:00
Daniel García
377969ea67
Update rust and remove unused header values (#4645)
* Update rust and remove unused header values

* Missed one unused var
2024-06-16 22:05:17 +02:00
Daniel
8e7b27cc36
Update Alpine to version 3.20 (#4583)
- needed to add double quotes, otherwise it was parsed as 3.2 instead of 3.20
2024-05-25 15:19:53 +02:00
Daniel
d230ee087c
Fix web-vault version in Docker(files/Settings) (#4575) 2024-05-25 15:18:59 +02:00
Daniel
3261534438
Optimize Dockerfiles (#4532)
Move some ARGs closer to the build stage (potentially improving caching)
Remove redundant COPY commands
Remove redundant RUN command
Move CARGO_HOME's "&&" operator to the first line (improves consistency)
2024-05-19 20:32:36 +02:00
Mathijs van Veluw
6cadb2627a
Update Rust, crates and web-vault (#4558)
* Update Rust and crates

- Updated Rust to v1.78.0
- Updated crates

* Update web-vault to v2024.5.0
2024-05-19 20:30:34 +02:00
Mathijs van Veluw
ca9234ed86
Add extra (unsupported) container build arch's (#4524)
There was a PR (#4370) to add i686/i386 support for Vaultwarden.
That specific PR was not a viable way of adding this.

This PR adds extra architectures for Debian based containers which we
will not support by default. Those images will not be build and pushed
to our container registries.

Added the following architectures:
 - linux/386
 - linux/ppc64le
 - linux/s390x

Again, there will be no major support for these architectures, but it
will allow people who use these architectures to build a Debian based
binary more easily
2024-04-27 21:51:14 +02:00
Mathijs van Veluw
2ad33ec97f
Update Crate and Rust (#4522)
* Update Crate and Rust

- Updated all crates
- Updated Rust to the latest patch version

* Updated GitHub Actions
2024-04-27 00:53:42 +02:00
Stefan Melmuk
129b835ac7
update web-vault to v2024.3.1 (new vertical layout) (#4468)
* update web-vault to v2024.3.0

* update web-vault to v2024.3.1
2024-04-06 11:45:25 +02:00
Mathijs van Veluw
93636eb3c3
Update Rust and crates (#4445)
- Updated Rust to v1.77.0
- Updated several crates
  The `reqwest` update included `trust-dns` > `hickory-dns` changes.
  Also, `reqwest` v0.12 is not working correctly for us, that is something to investigate.
- Fixed a new clippy warning
2024-03-23 15:40:34 +01:00
Mathijs van Veluw
b9bdc9b8e2
Update Rust, crates and web-vault (#4328)
- Updated Rust to v1.76.0
- Updated crates
- Updated web-vault to v2024.1.2b
- Fixed some Clippy lints
- Moved lint check configuration Cargo.toml
- Fixed issue with Reset Password Enrollment when logged-in via device
2024-02-08 22:16:29 +01:00
Mathijs van Veluw
4438da39f9
Fix healthcheck when using .env file (#4299)
It seems Debian based images see the `.env` file in the `pwd` path, but
sourcing it via `. .env` breaks. It does work if you provide the full
path `/.env`. Changed the default to `/.env`.

Alpine does not have an issue with both ways.
2024-01-31 22:31:47 +01:00
Mathijs van Veluw
1d00e34bbb
Update crates, web-vault and GHA (#4275)
- Update GitHub Actions
- Updated crates
- Updated web-vault to v2024.1.2
2024-01-26 20:19:53 +01:00
Mathijs van Veluw
c5665e7b77
Update Rust and Crates (#4211)
- Updated Rust to v1.75.0
- Updated all the crates
- Fixed warning generated by latest version of Rust
2024-01-01 15:41:54 +01:00
Mathijs van Veluw
cbdcf8ef9f
Update web-vault to v2023.12.0 (#4201) 2023-12-24 15:50:58 +01:00
Mathijs van Veluw
3246251f29
Fix the version string (#4153)
For some reason still not known, the `.git` directory was not copied
into the container. I think buildkit (buildx) did this by default before, and
stopped this with newer versions.

This PR fixes this by also touching `build.rs` besides `src/main.rs`.

This PR also updates Rust to v1.74.1 and some crates, including the
latest version of Alpine 3.19.

Fixes #4150
2023-12-09 23:04:33 +01:00
Mathijs van Veluw
8ab200224e
Several small fixes for open issues (#4143)
* Fix BWDC when re-run with cleared cache

Using the BWDC with a cleared cache caused invited users to be converted
to accepted users.

The problem was a wrong check for the `restore` function.

Fixes #4114

* Remove useless variable

During some refactoring this seems to be overlooked.
This variable gets filled but isn't used at all afterwards.

Fixes #4105

* Check some `.git` paths to force a rebuild

When a checked-out repo switches to a specific tag, and that tag does
not have anything else changed in the files except the tag, it could
happen that the build process doesn't see any changes, while it could be
that the version string needs to be different.

This commit ensures that if some specific paths are changed within the
.git directory, cargo will be triggered to rebuild.

Fixes #4087

* Do not delete dir on file delete

Previously during a `delete_file` check we also tried to delete the
parent directory and ignored all errors, like not being empty for
example.

Since this function is called `delete_file` and does not mention
anything in regards to a directory i have removed that code and it will
now only delete the file and leave the rest as-is.

If this somehow is still needed or wanted, which i do not think we want,
then we should create a new function.

Fixes #4081

* Fix healthcheck when using an ENV file

If someone is using a `.env` file or configured the `ENV_FILE` variable
to use that as it's configuration, this was missed by the healthcheck.

So, `DOMAIN` and `ROCKET_TLS` were not seen, and not used in these cases.

This commit fixes this by checking for this file and if it exists, then
it will load those variables first.

Fixes #4112

* Add missing route

While there was a function and a derive, this endpoint wasn't part of
the routes. Since Bitwarden does have this endpoint ill add the route
instead of deleting it.

Fixes #4076
Fixes #4144

* Update crates to update the openssl crate

Because of a bug in the openssl-sys crate we pinned the version to an
older version. This issue has been fixed and was released 2 days ago.

This commit updates the openssl crates including others.
This should also fix the issues with building Vaultwarden using newer
versions of LibreSSL.

Fixes #4051
2023-12-09 01:21:14 +01:00
Mathijs van Veluw
34e00e1478
Update Rust, Crates, Profile and Actions (#4126)
- Updated Rust to v1.74.0
- Updated all crates (where possible)
- Changed release profile to use
  * fat lto
  * 1 codegen-unit
  This should optimize a bit for speed and a lot for size ~15MB smaller
- Updated Github actions to use caching for the bake process
- Added a schedule to clean the cache every week to prevent stale Debian/Alpine base images
- During the release action, the Alpine/static binaries are added as artifects.
  Later we could also automatically add them to the releases maybe.
- Added CODEWONERS to prevent unchecked changes to github actions workflows
2023-12-04 20:26:11 +01:00
Mathijs van Veluw
48836501bf
Update crates (#4074)
* Remove another header for websocket connections

* Fix small bake issue

* Update crates

Updated crates and adjusted code where needed.
One major update is Rocket rc4, no need anymore (again) for crates.io patching.

The only item still pending is openssl/openssl-sys for which we need to
wait if https://github.com/sfackler/rust-openssl/pull/2094 will be
merged. If, then we can remove the pinned versions for the openssl crate.
2023-11-15 10:41:14 +01:00
Mathijs van Veluw
efc6eb0073
Fix missing alpine tag during buildx bake (#4043)
The bake recipt was missing the single `:alpine` tag for the alpine
builds when we were releasing a `stable/latest` version of Vaultwarden.

This PR fixes this by checking for those conditions and add the
`:alpine` tag too.

We will keep the `:latest-alpine` also, which i find even nicer then just
`:alpine`

Fixes #4035
2023-11-07 10:50:58 +01:00
Daniel García
915496c103
Update web vault to 2023.10.0 2023-11-04 02:55:41 +01:00
Mathijs van Veluw
d722328f05
Container building changes (#3958)
* WIP: Container building changes

* Small updates

- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier

* Update GitHub Actions Workflow

- Updated workflow to use qemu and buildx bake

In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.

* Address review remarks and small updates

- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
2023-10-23 00:18:38 +02:00
BlackDex
ccc51e7580
Fix arm builds
Because of some changes in the packages of Debian we need to add an
extra package to request it also to install
2023-09-22 21:44:20 +02:00
Stefan Melmuk
60cbfa59bf
update web-vault to v2023.8.2 2023-09-01 07:45:48 +02:00
Daniel García
5ab7010c37
Fix reference to rust-toolchain.toml in Docker 2023-09-01 00:12:48 +02:00
BlackDex
32543c46da
Update Rust and Crates
- Updated Rust to v1.72.0
- Updated all the crates
  Including a CVE https://github.com/dani-garcia/vaultwarden/security/dependabot/21
- Updated GitHub Workflows
- Run `cargo fmt` which has some new fmt's
- Moved from `rust-toolchain` to `rust-toolchain.toml`
2023-08-31 22:45:53 +02:00
GeekCornerGH
ae1c53f4e5
build (deps): Bump Rust version and sync lockfile 2023-08-13 18:52:23 +02:00
GeekCorner
bc57c4b193
feat (web vault): Bump web vault to v2023.7.1 2023-08-13 18:18:00 +02:00
BlackDex
aaeae16983
Update images to Bookworm and PQ15
This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15.

The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm.

Also:
- Enabled spares crate registry
- Updated workflow actions
- Updated Rust to v1.71.0
- The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher.
   The 64bit arch's already used musl v1.2.3.
- Updated crates.

Improves / Closes #3434
2023-08-12 12:29:33 +02:00
Helmut K. C. Tessarek
f40f5b8399
update web-vault to v2023.5.0 2023-06-04 16:15:10 -04:00
Helmut K. C. Tessarek
06a10e2c5a
Update Rust and Crates 2023-06-03 17:04:45 -04:00
Stefan Melmuk
8b05a5d192
update web-vault to v2023.4.2 2023-05-12 08:05:35 +02:00
Gitouche
ba492c0602 Use fully qualified image names in Dockerfile 2023-05-03 18:31:28 +02:00
Daniel García
1ec049e2b5
Update web vault to v2023.4.0 2023-05-01 19:49:48 +02:00
BlackDex
cfba8347a3
Update Rust and Crates
- Updated Rust to v1.69.0
- Updated MSRV to v1.67.1
- Updated crates
- Updated GitHub Actions
2023-04-24 14:10:58 +02:00
BlackDex
fc43608eec
Revert setcap, update rust and crates
- Revert #3170 as discussed in #3387
  In hindsight it's better to not have this feature
- Update Dockerfile.j2 for easy version changes.
  Just change it in one place instead of multiple
- Updated to Rust to latest patched version
- Updated crates to latest available
- Pinned mimalloc to an older version, as it breaks on musl builds
2023-04-02 15:19:59 +02:00
Daniel García
3646f14042
Update web vault to v2023.3.0b 2023-03-26 14:10:51 +02:00
BlackDex
467ecfdc99
Add support for Quay.io and GHCR.io as registries
- Added support for Quay.io
- Added support for GHCR.io

To enable support for these container image registries the following needs to be added.

As `Actions secrets and variables` - `Secrets`
- `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME`
- `QUAY_TOKEN` and `QUAY_USERNAME`

As `Actions secrets and variables` - `Variables` - `Repository Variables`
- `DOCKERHUB_REPO`
- `GHCR_REPO`
- `QUAY_REPO`

The `DOCKERHUB_REPO` currently configured in `Secrets` can be removed if wanted, probably best after this PR has been merged.

If one of the vars/secrets are not configured it will skip that specific registry!
2023-03-23 16:38:27 +01:00
Daniel García
5800aceb2d
Update web vault to v2023.3.0 and dependencies 2023-03-22 21:30:30 +01:00
BlackDex
0c0e632bc9
Upd Crates, Rust, MSRV, GHA and remove Backtrace
- Changed MSRV to v1.65.
  Discussed this with @dani-garcia, and we will support **N-2**.
  This is/will be the same as for the `time` crate we use.
  Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary
- Removed backtrace crate in favor of `std::backtrace` stable since v1.65
- Updated Rust to v1.67.1
- Updated all the crates
- Updated the GHA action versions
- Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
2023-03-07 09:17:42 +01:00
Daniel García
024d12db08
Update web vault to v2023.2.0 and dependencies 2023-02-21 22:48:20 +01:00