From 822d3cadf955c66a20d2bdfe562ae1dc9a3da0fa Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 29 Dec 2020 00:02:27 +0100 Subject: [PATCH 1/7] Upgrade to 1.18.0 --- README.md | 4 ++-- README_fr.md | 4 ++-- check_process | 5 ----- conf/app.src | 6 +++--- conf/web.src | 6 +++--- manifest.json | 2 +- 6 files changed, 11 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 93fef86..ff59edc 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Bitwarden for YunoHost [![Integration level](https://dash.yunohost.org/integration/bitwarden.svg)](https://dash.yunohost.org/appci/app/bitwarden) ![](https://ci-apps.yunohost.org/ci/badges/bitwarden.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/bitwarden.maintain.svg) -[![Install Bitwarden with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=bitwarden) +[![Install Bitwarden with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=bitwarden) *[Lire ce readme en français.](./README_fr.md)* @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview Bitwarden is a open source password manager. -**Shipped version:** 1.16.3 +**Shipped version:** 1.18.0 ## Important points to read before installing diff --git a/README_fr.md b/README_fr.md index 0141049..23d77fe 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # Bitwarden pour YunoHost [![Niveau d'intégration](https://dash.yunohost.org/integration/bitwarden.svg)](https://dash.yunohost.org/appci/app/bitwarden) ![](https://ci-apps.yunohost.org/ci/badges/bitwarden.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/bitwarden.maintain.svg) -[![Installer Bitwarden avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=bitwarden) +[![Installer Bitwarden avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=bitwarden) *[Read this readme in english.](./README.md)* @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble Bitwarden est un gestionnaire de mots de passe open source. -**Version incluse :** 1.16.3 +**Version incluse :** 1.18.0 ## Points importants à lire avant l'installation diff --git a/check_process b/check_process index 78433bc..4870a09 100644 --- a/check_process +++ b/check_process @@ -29,13 +29,8 @@ upgrade=1 from_commit=576a173a43de914253645daa2c0b066f693a20f7 backup_restore=1 multi_instance=1 - # This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version. - # incorrect_path=1 port_already_use=0 change_url=1 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email=yalh@yahoo.com Notification=all diff --git a/conf/app.src b/conf/app.src index 71b40fa..22a11b4 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/dani-garcia/bitwarden_rs/archive/1.16.3.tar.gz -SOURCE_SUM=5c2eb9dfc249860b8e32678c510016a7c4b2abfa363d7c008801b79e02e39f305b36c7e2e5e492742dad7111d2e12bc37b59fa649bcc19a4d8429b2a3aa09162 -SOURCE_SUM_PRG=sha512sum +SOURCE_URL=https://github.com/dani-garcia/bitwarden_rs/archive/1.18.0.tar.gz +SOURCE_SUM=a1412849610f8305d9807f44c685140c8bf22b2bc72ea247874670a0ed9de547 +SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= diff --git a/conf/web.src b/conf/web.src index a45e9bf..ec41395 100644 --- a/conf/web.src +++ b/conf/web.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2.15.1/bw_web_v2.15.1.tar.gz -SOURCE_SUM=81f051ecb8f899de317550b3d6118602232cfafe306e8a049415a152df979cf03d18e6d42600ba083a25395f885b07c83981fef8b6f8196f58f010abe0553170 -SOURCE_SUM_PRG=sha512sum +SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2.17.1/bw_web_v2.17.1.tar.gz +SOURCE_SUM=47d1bee5d21089eaf992ebbe90686b061e0a1ec1e7a9a26c985f47fb220ca2cd +SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= diff --git a/manifest.json b/manifest.json index ec7163d..be0d44f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Manage passwords and other sensitive informations", "fr": "Gérez les mots de passe et autres informations sensibles" }, - "version": "1.16.3~ynh2", + "version": "1.18.0~ynh1", "url": "https://github.com/dani-garcia/bitwarden_rs", "license": "GPL-3.0-or-later", "maintainer": { From 8e6e7dee71d3e287a4b569b316b84b2e110d298f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 29 Dec 2020 10:49:37 +0100 Subject: [PATCH 2/7] Update bitwarden_rs.env --- conf/bitwarden_rs.env | 104 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 98 insertions(+), 6 deletions(-) diff --git a/conf/bitwarden_rs.env b/conf/bitwarden_rs.env index 9465e7d..9363dc6 100644 --- a/conf/bitwarden_rs.env +++ b/conf/bitwarden_rs.env @@ -1,14 +1,28 @@ ## Bitwarden_RS Configuration File ## Uncomment any of the following lines to change the defaults +## +## Be aware that most of these settings will be overridden if they were changed +## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . ## Main data folder # DATA_FOLDER=data ## Database URL ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 -## When using MySQL, this it is the URL to the DB, including username and password: -## Format: mysql://[user[:password]@]host/database_name # DATABASE_URL=data/db.sqlite3 +## When using MySQL, specify an appropriate connection URI. +## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html +# DATABASE_URL=mysql://user:password@host[:port]/database_name +## When using PostgreSQL, specify an appropriate connection URI (recommended) +## or keyword/value connection string. +## Details: +## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html +## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING +# DATABASE_URL=postgresql://user:password@host[:port]/database_name + +## Database max connections +## Define the size of the connection pool used for connecting to the database. +# DATABASE_MAX_CONNS=10 ## Individual folders, these override %DATA_FOLDER% # RSA_KEY_FILENAME=data/rsa_key @@ -60,7 +74,7 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## Log level ## Change the verbosity of the log output ## Valid values are "trace", "debug", "info", "warn", "error" and "off" -## Setting it to "trace" or "debug" would also show logs for mounted +## Setting it to "trace" or "debug" would also show logs for mounted ## routes and static file, websocket and alive requests # LOG_LEVEL=Info @@ -72,6 +86,10 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## cause performance degradation or might render the service unable to start. # ENABLE_DB_WAL=true +## Database connection retries +## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely +# DB_CONNECTION_RETRIES=15 + ## Disable icon downloading ## Set to true to disable icon downloading, this would still serve icons from $ICON_CACHE_FOLDER, ## but it won't produce any external network request. Needs to set $ICON_CACHE_TTL to 0, @@ -86,10 +104,11 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## Icon blacklist Regex ## Any domains or IPs that match this regex won't be fetched by the icon service. ## Useful to hide other servers in the local network. Check the WIKI for more details -# ICON_BLACKLIST_REGEX=192\.168\.1\.[0-9].*^ +## NOTE: Always enclose this regex withing single quotes! +# ICON_BLACKLIST_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$' ## Any IP which is not defined as a global IP will be blacklisted. -## Usefull to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block +## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block # ICON_BLACKLIST_NON_GLOBAL_IPS=true ## Disable 2FA remember @@ -97,6 +116,18 @@ LOG_FILE=/var/log/__APP__/__APP__.log ## Note that the checkbox would still be present, but ignored. # DISABLE_2FA_REMEMBER=false +## Maximum attempts before an email token is reset and a new email will need to be sent. +# EMAIL_ATTEMPTS_LIMIT=3 + +## Token expiration time +## Maximum time in seconds a token is valid. The time the user has to open email client and copy token. +# EMAIL_EXPIRATION_TIME=600 + +## Email token size +## Number of digits in an email token (min: 6, max: 19). +## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting! +# EMAIL_TOKEN_SIZE=6 + ## Controls if new users can register SIGNUPS_ALLOWED=false @@ -118,6 +149,14 @@ SIGNUPS_ALLOWED=false ## even if SIGNUPS_ALLOWED is set to false # SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org +## Controls which users can create new orgs. +## Blank or 'all' means all users can create orgs (this is the default): +# ORG_CREATION_USERS= +## 'none' means no users can create orgs: +# ORG_CREATION_USERS=none +## A comma-separated list means only those users can create orgs: +# ORG_CREATION_USERS=admin1@example.com,admin2@example.com + ## Token for the admin interface, preferably use a long random string ## One option is to use 'openssl rand -base64 48' ## If not set, the admin panel is disabled @@ -129,6 +168,16 @@ ADMIN_TOKEN=__ADMIN_TOKEN__ ## Invitations org admins to invite users, even when signups are disabled # INVITATIONS_ALLOWED=true +## Name shown in the invitation emails that don't come from a specific organization +# INVITATION_ORG_NAME=Bitwarden_RS + +## Per-organization attachment limit (KB) +## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more +# ORG_ATTACHMENT_LIMIT= +## Per-user attachment limit (KB). +## Limit in kilobytes for a users attachments, once the limit is exceeded it won't be possible to upload more +# USER_ATTACHMENT_LIMIT= + ## Controls the PBBKDF password iterations to apply on the server ## The change only applies when the password is changed @@ -144,6 +193,13 @@ ADMIN_TOKEN=__ADMIN_TOKEN__ ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs DOMAIN=https://__DOMAIN____PATH_URL__ +## Allowed iframe ancestors (Know the risks!) +## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors +## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets +## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value. +## Multiple values must be separated with a whitespace. +# ALLOWED_IFRAME_ANCESTORS= + ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ @@ -166,7 +222,7 @@ DOMAIN=https://__DOMAIN____PATH_URL__ ## Authenticator Settings ## Disable authenticator time drifted codes to be valid. ## TOTP codes of the previous and next 30 seconds will be invalid -## +## ## According to the RFC6238 (https://tools.ietf.org/html/rfc6238), ## we allow by default the TOTP code which was valid one step back and one in the future. ## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes. @@ -196,3 +252,39 @@ SMTP_SSL=false # SMTP_PASSWORD=password # SMTP_AUTH_MECHANISM="Plain" # SMTP_TIMEOUT=15 + +## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections. +## Possible values: ["Plain", "Login", "Xoauth2"]. +## Multiple options need to be separated by a comma ','. +# SMTP_AUTH_MECHANISM="Plain" + +## Server name sent during the SMTP HELO +## By default this value should be is on the machine's hostname, +## but might need to be changed in case it trips some anti-spam filters +# HELO_NAME= + +## SMTP debugging +## When set to true this will output very detailed SMTP messages. +## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting! +# SMTP_DEBUG=false + +## Accept Invalid Hostnames +## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! +## Only use this as a last resort if you are not able to use a valid certificate. +# SMTP_ACCEPT_INVALID_HOSTNAMES=false + +## Accept Invalid Certificates +## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks! +## Only use this as a last resort if you are not able to use a valid certificate. +## If the Certificate is valid but the hostname doesn't match, please use SMTP_ACCEPT_INVALID_HOSTNAMES instead. +# SMTP_ACCEPT_INVALID_CERTS=false + +## Require new device emails. When a user logs in an email is required to be sent. +## If sending the email fails the login attempt will fail!! +# REQUIRE_DEVICE_EMAIL=false + +## HIBP Api Key +## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key +# HIBP_API_KEY= + +# vim: syntax=ini From a8a0d118320fc482652573ad39d7ae3d82bdef0f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 8 Feb 2021 13:10:02 +0100 Subject: [PATCH 3/7] Upgrade to version 1.19.0 --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 4 ++-- conf/web.src | 4 ++-- manifest.json | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index ff59edc..549d00d 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview Bitwarden is a open source password manager. -**Shipped version:** 1.18.0 +**Shipped version:** 1.19.0 ## Important points to read before installing diff --git a/README_fr.md b/README_fr.md index 1ecefb3..f229807 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble Bitwarden est un gestionnaire de mots de passe open source. -**Version incluse :** 1.18.0 +**Version incluse :** 1.19.0 ## Points importants à lire avant l'installation diff --git a/conf/app.src b/conf/app.src index 22a11b4..13af1a0 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/dani-garcia/bitwarden_rs/archive/1.18.0.tar.gz -SOURCE_SUM=a1412849610f8305d9807f44c685140c8bf22b2bc72ea247874670a0ed9de547 +SOURCE_URL=https://github.com/dani-garcia/bitwarden_rs/archive/1.19.0.tar.gz +SOURCE_SUM=7310fbd06ccfac7433cd69cb4b21528a2b112658916c44927686cfa56e979a2e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/web.src b/conf/web.src index ec41395..dff899c 100644 --- a/conf/web.src +++ b/conf/web.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2.17.1/bw_web_v2.17.1.tar.gz -SOURCE_SUM=47d1bee5d21089eaf992ebbe90686b061e0a1ec1e7a9a26c985f47fb220ca2cd +SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2.18.1b/bw_web_v2.18.1b.tar.gz +SOURCE_SUM=3301d3c78213af61ae052eaa5c3e26dda0a29e924741ad16a7405b9a083b0134 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index be0d44f..2be518f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Manage passwords and other sensitive informations", "fr": "Gérez les mots de passe et autres informations sensibles" }, - "version": "1.18.0~ynh1", + "version": "1.19.0~ynh1", "url": "https://github.com/dani-garcia/bitwarden_rs", "license": "GPL-3.0-or-later", "maintainer": { From b9332c133ad4b9049d5f0c0e93bdf8ae0cb50292 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 21 Feb 2021 08:29:39 +0100 Subject: [PATCH 4/7] Fix data folder --- scripts/install | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/install b/scripts/install index 0a257f3..f8bd3ec 100644 --- a/scripts/install +++ b/scripts/install @@ -136,6 +136,9 @@ ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" +# Create datadir +mkdir -p "$final_path"/live/data + #================================================= # SETUP SYSTEMD #================================================= From 1e938eb77fc7b60db278d54622f75e2a09cf38b3 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 21 Feb 2021 08:33:12 +0100 Subject: [PATCH 5/7] Fix checksum --- conf/app.src | 4 ++-- conf/web.src | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/app.src b/conf/app.src index 13af1a0..e61eb7a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ SOURCE_URL=https://github.com/dani-garcia/bitwarden_rs/archive/1.19.0.tar.gz -SOURCE_SUM=7310fbd06ccfac7433cd69cb4b21528a2b112658916c44927686cfa56e979a2e -SOURCE_SUM_PRG=sha256sum +SOURCE_SUM=701be212aa04c5aaedb96d8856b8d4a47a28eb1a524906ae1453c8005bd998bc7414a011ea708c70b11baabdca323ac18eb72f0fd3abd6344941eb3b48f279ae +SOURCE_SUM_PRG=sha512sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= diff --git a/conf/web.src b/conf/web.src index dff899c..6ada434 100644 --- a/conf/web.src +++ b/conf/web.src @@ -1,6 +1,6 @@ SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2.18.1b/bw_web_v2.18.1b.tar.gz -SOURCE_SUM=3301d3c78213af61ae052eaa5c3e26dda0a29e924741ad16a7405b9a083b0134 -SOURCE_SUM_PRG=sha256sum +SOURCE_SUM=a9255ff0611c1a1fd5baabb7c651df2fc6f5b7d787cceebef43a02defab58296ea09d47b68e807a6b63cef419dcd7237373a7f541ebbb5f8171c605a641a95e8 +SOURCE_SUM_PRG=sha512sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= From e6ac8b8e3d82283177b5c908c079800e860c0795 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 21 Feb 2021 08:36:44 +0100 Subject: [PATCH 6/7] Update check_process --- check_process | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/check_process b/check_process index 8564331..24ed91a 100644 --- a/check_process +++ b/check_process @@ -29,6 +29,8 @@ upgrade=1 from_commit=576a173a43de914253645daa2c0b066f693a20f7 # 1.16.3~ynh2 upgrade=1 from_commit=e2e958b1885f7a08e0d5afe5dada5c0dd44dd671 + # 1.16.3~ynh3 + upgrade=1 from_commit=df2a0510288c352cfc03886763149f49839ed620 backup_restore=1 multi_instance=1 port_already_use=0 @@ -49,3 +51,5 @@ Notification=all name=1.16.3~ynh1 ; commit=e2e958b1885f7a08e0d5afe5dada5c0dd44dd671 name=1.16.3~ynh2 + ; commit=df2a0510288c352cfc03886763149f49839ed620 + name=1.16.3~ynh3 From be5ed6fd975e48e075ecd05d48593827211ab99a Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 21 Feb 2021 08:39:55 +0100 Subject: [PATCH 7/7] Update pull_request_template.md --- pull_request_template.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pull_request_template.md b/pull_request_template.md index 61498b2..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/bitwarden_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/bitwarden_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*