diff options
author | Markus Richter | 2020-01-05 23:55:10 +0100 |
---|---|---|
committer | Markus Richter | 2020-01-06 00:12:31 +0100 |
commit | c729d85279c01843d23457463b1309f6a732524f (patch) | |
tree | 22f2302c925b929cfe9e3d1787e79938bac23a1a | |
parent | 17dfecebc3a391e50b5d8d63826f3b7678f78391 (diff) | |
download | aur-c729d85279c01843d23457463b1309f6a732524f.tar.gz |
1.13.1
- apply changes to the systemd config from Siosm
- revert cargo test patches
- make restart reminder on update smaller
- remove unneccessary daemon-reloading (is triggered by pacman anyway)
Upstream Changelog:
- New collapsed log messaging, filtering the useless stuff like static file accesses and removing duplicate error messages. To get a more complete logging, use a LOG_LEVEL value of debug or trace.
- Fix crash when cipher page points to huge file
- Addded config option to change client IP header, IP_HEADER, by default it's X-Client-IP for backwards compat reasons.
- Printed current server time when failing TOTP, for easy debugging
- Protected websockets server against panics
- Add a logout button on the admin page
- Add endpoint to delete specific U2F key
- Updated dependencies
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | 0002-Fix-tests.patch | 27 | ||||
-rw-r--r-- | PKGBUILD | 26 | ||||
-rw-r--r-- | bitwarden_rs.install | 23 | ||||
-rw-r--r-- | bitwarden_rs.service | 17 | ||||
-rw-r--r-- | bitwarden_rs.sysusers.conf | 1 | ||||
-rw-r--r-- | bitwarden_rs.tmpfiles.conf | 1 |
7 files changed, 44 insertions, 67 deletions
@@ -1,6 +1,6 @@ pkgbase = bitwarden_rs pkgdesc = An unofficial lightweight implementation of the bitwarden-server using rust and sqlite. Does NOT include the web-interface. - pkgver = 1.13.0 + pkgver = 1.13.1 pkgrel = 1 url = https://github.com/dani-garcia/bitwarden_rs install = bitwarden_rs.install @@ -17,16 +17,18 @@ pkgbase = bitwarden_rs conflicts = bitwarden_rs-mysql conflicts = bitwarden_rs-postgresql backup = etc/bitwarden_rs.env - source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.0.tar.gz + source = https://github.com/dani-garcia/bitwarden_rs/archive/1.13.1.tar.gz source = bitwarden_rs.install source = bitwarden_rs.service + source = bitwarden_rs.sysusers.conf + source = bitwarden_rs.tmpfiles.conf source = 0001-Disable-Vault.patch - source = 0002-Fix-tests.patch - sha512sums = ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d - sha512sums = 399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74 - sha512sums = 4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658 + sha512sums = f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717 + sha512sums = ae1e05b613d3178bf3fa273ff6661c567140a43826e681b5164ef7d101c1243e5ff93e9caf7193984626d363b8b8b7c076e6646b865699d4cbe482a3dc4f91e7 + sha512sums = 60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6 + sha512sums = 15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6 + sha512sums = 6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6 sha512sums = a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028 - sha512sums = 5d0e5a96dbd23d2e2fb1a89e2db8817018feb6a05dc854c5a9a3d1b84f94605c6a1f597dc233ec5ca6ff7adb18bbfdca2bcb2645de31c17f38470f649468ef44 pkgname = bitwarden_rs diff --git a/0002-Fix-tests.patch b/0002-Fix-tests.patch deleted file mode 100644 index 8481e6295d9a..000000000000 --- a/0002-Fix-tests.patch +++ /dev/null @@ -1,27 +0,0 @@ -commit 12928b832c8354a9d81fe984e378f60353cca3b3 -Author: Daniel García <dani-garcia@users.noreply.github.com> -Date: Sat Nov 30 23:30:35 2019 +0100 - - Fix broken tests - -diff --git a/src/api/core/two_factor/email.rs b/src/api/core/two_factor/email.rs -index 0a78ca2..5b1565d 100644 ---- a/src/api/core/two_factor/email.rs -+++ b/src/api/core/two_factor/email.rs -@@ -321,14 +321,14 @@ mod tests { - - #[test] - fn test_token() { -- let result = generate_token(19).unwrap(); -+ let result = crypto::generate_token(19).unwrap(); - - assert_eq!(result.chars().count(), 19); - } - - #[test] - fn test_token_too_large() { -- let result = generate_token(20); -+ let result = crypto::generate_token(20); - - assert!(result.is_err(), "too large token should give an error"); - } @@ -1,8 +1,9 @@ # Maintainer: Markus Richter <mqus at disroot dot org> +# Contributor: Timothée Ravier <tim@siosm.fr pkgname=bitwarden_rs _pkgbase=bitwarden_rs -pkgver=1.13.0 +pkgver=1.13.1 pkgrel=1 pkgdesc="An unofficial lightweight implementation of the bitwarden-server using rust and sqlite. Does NOT include the web-interface." arch=('i686' 'x86_64' 'armv7h' 'aarch64') @@ -17,13 +18,15 @@ install=bitwarden_rs.install source=("https://github.com/dani-garcia/bitwarden_rs/archive/$pkgver.tar.gz" "${_pkgbase}.install" "${_pkgbase}.service" - "0001-Disable-Vault.patch" - "0002-Fix-tests.patch") -sha512sums=('ef17482b98b8caa089c957bc3db53f3adcbcdd1b8b64cb4b94612875bf939e259b9ef5928d2aaf99490534a83b48a3ec06933c28b243be1c41bf3dfbe68f5c8d' - '399e63002acb764895bbcf3b983642c8858343b36909eeeb73133de1a9740a3d81232bc206ff6bf3daed50f72354c5e6fd5314d0d044acd9f1cb23a933b1dd74' - '4ce188956f6fe7cfdb711b1505f6344ed2775751ea112a0506dc96455c2705ab8529ec442e4747d7810fc3535b4ca78d1864e874dab5b5306373587097e02658' - 'a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028' - '5d0e5a96dbd23d2e2fb1a89e2db8817018feb6a05dc854c5a9a3d1b84f94605c6a1f597dc233ec5ca6ff7adb18bbfdca2bcb2645de31c17f38470f649468ef44') + "${_pkgbase}.sysusers.conf" + "${_pkgbase}.tmpfiles.conf" + "0001-Disable-Vault.patch") +sha512sums=('f032749606745ab1fd78cc0429fff3e9711522a94098f57d0134fa0f8dbfc07814d5b2a71e53028f8f911fd9c233fdedb8f68822096229a00cef189b41b6e717' + 'ae1e05b613d3178bf3fa273ff6661c567140a43826e681b5164ef7d101c1243e5ff93e9caf7193984626d363b8b8b7c076e6646b865699d4cbe482a3dc4f91e7' + '60a406c8fea4bb651974b3fd386f66a0fcf73bfcc29bffe171b92134e2e81b6374ac6be879eb420208ecd77911b7d157db587510347e56ecb72aec34ac90fbe6' + '15b00b0dc9122f98ce8d7b55668fdfbb2e0387563e7d9ad6c0ebc73b75e46e1ccdb3a2186a453795a1b3e2d45358ff5a8076d5cf30319ab2c21539d20cff81c6' + '6fd0ea962f077f92ad7f55a1bab479e68e3463b41eb171d501847554b676b7ecf05e016544f6331bdb53bf71038fcf2ce67ad213d0a7c2f93acbafd72e8441a6' + 'a6f2361c7aa83e63b9a557500406b0cd660e0d7f8b16345f859faa3f96e22bdcecd7589711960486fa0401896291f7d46f66882744c69117fc146056f4a49028') _src="$pkgname-$pkgver" @@ -32,7 +35,6 @@ build() { #build bitwarden_rs cd "$srcdir/$_src" patch -N -p1 -i "$srcdir/0001-Disable-Vault.patch" - patch -N -p1 -i "$srcdir/0002-Fix-tests.patch" cargo build --release --locked --features sqlite } @@ -44,8 +46,14 @@ check() { package() { # setup systemd service install -D -m 0644 "$srcdir/bitwarden_rs.service" "$pkgdir/usr/lib/systemd/system/bitwarden_rs.service" + + # declarative setup of user and directory + install -D -m 0644 "$srcdir/bitwarden_rs.sysusers.conf" "$pkgdir/usr/lib/sysusers.d/bitwarden_rs.conf" + install -D -m 0644 "$srcdir/bitwarden_rs.tmpfiles.conf" "$pkgdir/usr/lib/tmpfiles.d/bitwarden_rs.conf" + # copy default config file install -D -m 0644 "$srcdir/$_src/.env.template" "$pkgdir/etc/bitwarden_rs.env" + # copy binary install -D -m0755 "$srcdir/$_src/target/release/bitwarden_rs" "$pkgdir/usr/bin/bitwarden_rs" } diff --git a/bitwarden_rs.install b/bitwarden_rs.install index a9ad0060b616..ce116456f22e 100644 --- a/bitwarden_rs.install +++ b/bitwarden_rs.install @@ -1,16 +1,4 @@ post_install() { - # Create users and data directory - - echo "Adding user bitwarden_rs and creating data directory /var/lib/bitwarden_rs ..." - mkdir -p /var/lib/bitwarden_rs - getent group bitwarden_rs &>/dev/null || groupadd -r bitwarden_rs >/dev/null - getent passwd bitwarden_rs &>/dev/null || useradd -r -g bitwarden_rs -d /var/lib/bitwarden_rs -s /usr/bin/nologin bitwarden_rs >/dev/null - chown bitwarden_rs:bitwarden_rs /var/lib/bitwarden_rs - chmod 0750 /var/lib/bitwarden_rs - - # Load service file - systemctl --quiet daemon-reload - echo "" echo "##########" echo "#" @@ -23,16 +11,7 @@ post_install() { } post_upgrade() { - # Reload service file - systemctl --quiet daemon-reload - echo "" - echo "##########" - echo "#" echo "# Remember to restart the bitwarden_rs unit via 'systemctl restart bitwarden_rs.service', if neccessary." - echo "#" - echo "##########" - echo "" - } pre_remove() { @@ -41,8 +20,6 @@ pre_remove() { } post_remove() { - # Unload service - systemctl --quiet daemon-reload echo "" echo "##########" echo "#" diff --git a/bitwarden_rs.service b/bitwarden_rs.service index 458600a27ea6..c8263ff33640 100644 --- a/bitwarden_rs.service +++ b/bitwarden_rs.service @@ -14,16 +14,31 @@ ExecStart=/usr/bin/bitwarden_rs # Set reasonable connection and process limits LimitNOFILE=1048576 LimitNPROC=64 -# Isolate bitwarden_rs from the rest of the system + +# Prevent bitwarden_rs from doing anything stupid and/or unneccessary. PrivateTmp=true PrivateDevices=true + ProtectHome=true ProtectSystem=strict +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes + +RestrictNamespaces=yes + +SystemCallArchitectures=native +SystemCallFilter=@system-service +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 + # Only allow writes to the following directory and set it to the working directory (user and password data are stored here) WorkingDirectory=/var/lib/bitwarden_rs ReadWriteDirectories=/var/lib/bitwarden_rs + # Allow bitwarden_rs to bind ports in the range of 0-1024 AmbientCapabilities=CAP_NET_BIND_SERVICE +# Restrict bitwarden_rs to only this capability +CapabilityBoundingSet=CAP_NET_BIND_SERVICE [Install] WantedBy=multi-user.target diff --git a/bitwarden_rs.sysusers.conf b/bitwarden_rs.sysusers.conf new file mode 100644 index 000000000000..344eab9ab504 --- /dev/null +++ b/bitwarden_rs.sysusers.conf @@ -0,0 +1 @@ +u bitwarden_rs - "User for bitwarden_rs service" diff --git a/bitwarden_rs.tmpfiles.conf b/bitwarden_rs.tmpfiles.conf new file mode 100644 index 000000000000..b6af34830524 --- /dev/null +++ b/bitwarden_rs.tmpfiles.conf @@ -0,0 +1 @@ +d /var/lib/bitwarden_rs 0750 bitwarden_rs bitwarden_rs |