From 15371c362c386d8c9413f584101fdf6d0e2d64f6 Mon Sep 17 00:00:00 2001 From: Jeff Alyanak Date: Sat, 25 May 2019 18:12:10 -0400 Subject: [PATCH] Bitbetter identity Core.dll (#14) * Added a Key Generating script To make the keygen process a bit easier I've added a `generate-keys.sh` script that can be found in the `.keys` directory. It will generate the key & cert and bundle them into the required pkcs#12 file automatically when running the build script if none already exist. * Generate bitbetter/identiry container with modified Core.dll Added the generation of a second modified container, bitbetter/identity, which contains the modified dll. Fixes #12. This works on my testing environment but has not gone through extensive testing. I'd recommend a review and cleanup of this commit before it is merged into the develop or master branches. --- .circleci/config.yml | 3 + .keys/Empty.txt | 1 - .keys/generate-keys.sh | 17 ++++++ README.md | 48 ++++++++------- ReadMeInstall | 95 ++++++++++++++++++++++++++++++ build.sh | 14 ++++- src/bitBetter/{ => api}/Dockerfile | 0 src/bitBetter/identity/Dockerfile | 12 ++++ 8 files changed, 166 insertions(+), 24 deletions(-) delete mode 100644 .keys/Empty.txt create mode 100755 .keys/generate-keys.sh create mode 100644 ReadMeInstall rename src/bitBetter/{ => api}/Dockerfile (100%) create mode 100644 src/bitBetter/identity/Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 6238da7..6a19ae7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -10,6 +10,9 @@ jobs: command: date - setup_remote_docker - run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' } + - run: + name: Generate Keys + command: ./.keys/generate-keys.sh - run: name: Build script command: ./build.sh diff --git a/.keys/Empty.txt b/.keys/Empty.txt deleted file mode 100644 index 031e408..0000000 --- a/.keys/Empty.txt +++ /dev/null @@ -1 +0,0 @@ -Need an empty folder diff --git a/.keys/generate-keys.sh b/.keys/generate-keys.sh new file mode 100755 index 0000000..59099ad --- /dev/null +++ b/.keys/generate-keys.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +# Check for openssl +command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found. Aborting."; exit 1; } + +# Remove any existing key files +[ ! -e cert.pem ] || rm cert.pem +[ ! -e key.pem ] || rm key.pem +[ ! -e cert.cert ] || rm cert.cert +[ ! -e cert.pfx ] || rm cert.pfx + +# Generate new keys +openssl req -x509 -newkey rsa:4096 -keyout .keys/key.pem -out .keys/cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test +openssl x509 -inform DER -in .keys/cert.cert -out .keys/cert.pem +openssl pkcs12 -export -out .keys/cert.pfx -inkey .keys/key.pem -in .keys/cert.pem -passin pass:test -passout pass:test + +ls diff --git a/README.md b/README.md index c6674d1..5b98ca6 100644 --- a/README.md +++ b/README.md @@ -40,8 +40,33 @@ dotnet add package Newtonsoft.Json --version 11.0.0 cd ../bitBetter dotnet add package Newtonsoft.Json --version 11.0.0 ``` +## Building BitBetter -Next, we need to generate the self-signed certificate we will use to sign any licenses we generate. +Now that you've set up your build environment, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images. + +From the BitBetter directory, simply run: +```bash +./build.sh +``` + +This will create a new self-signed certificate in the `.keys` directory one does not already exist and then create a modified version of the official `bitwarden/api` called `bitbetter/api` and a modified version of the `bitwarden/identity` called `bitbetter/identity`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image. + +Edit your `/path/to/bwdata/docker/docker-compose.yml`. + +> Replace `image: bitwarden/api:x.xx.x`
with `image: bitbetter/api` + +> Replace `image: bitwarden/identity:x.xx.x`
with `image: bitbetter/identity` + +You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`. + +> Replace `dockerComposePull`
with `#dockerComposePull` + +You can now start or restart Bitwarden as normal and the modified api will be used. It is now ready to accept self-issued licenses. + +--- +**Note: Manually generating Certificate & Key** + +If you wish to generate your self-signed cert & key manually, you can run the following commands. ```bash openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test @@ -51,26 +76,7 @@ openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:te Note that the password here must be `test`.[1](#f1) -## Building BitBetter - -Now that you've generated your own own self-signed certificate, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` docker image. - -From the BitBetter directory, simply run: -```bash -./build.sh -``` - -This will create a modified version of the official `bitwarden/api` called `bitbetter/api`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image. - -Edit your `/path/to/bwdata/docker/docker-compose.yml`. - -> Replace `image: bitwarden/api:x.xx.x`
with `image: bitbetter/api` - -You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`. - -> Replace `dockerComposePull`
with `#dockerComposePull` - -You can now start or restart Bitwarden as normal and the modified api will be used. It is now ready to accept self-issued licenses. +--- ## Generating Signed Licenses diff --git a/ReadMeInstall b/ReadMeInstall new file mode 100644 index 0000000..49265ed --- /dev/null +++ b/ReadMeInstall @@ -0,0 +1,95 @@ +These are the commands I used (and a few of my notes) for a minimal Debian Stretch install.. +Software Selection - "SSH server" and 'standard system utilities" only + + + +sudo apt-get update +sudo apt-get install vim vim-doc vim-scripts wget curl git +sudo apt-get dist-upgrade +sudo reboot + +---The next few lines I setup my server authentication and other misc profile settings you can skip until sudo apt-get + +ssh-keygen + +echo "ssh-rsa AA...1Q== " >> .ssh/authorized_keys + +echo ":set mouse=" >> .vimrc +echo "set nocompatible" >> .vimrc + +vi .bashrc + +sudo visudo ---- tom ALL=(ALL) NOPASSWD:ALL + +sudo vi /etc/ssh/sshd_config - Enable 'PermitRootLogin prohibit-password' and 'PasswordAuthentication no' + +sudo apt-get update +sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common +curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - +sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" +sudo apt update +apt-cache policy docker-ce +sudo apt install docker-ce +sudo systemctl status docker +sudo usermod -aG docker ${USER} +exit + +id -nG +docker version +docker info +docker run hello-world + +sudo curl -L --fail https://github.com/docker/compose/releases/download/1.23.1/run.sh -o /usr/local/bin/docker-compose +sudo chmod +x /usr/local/bin/docker-compose + +wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg +sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/ +wget -q https://packages.microsoft.com/config/debian/9/prod.list +sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list +sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg +sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list + +curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh && sudo chmod u+x bitwarden.sh +./bitwarden.sh install + +sudo apt-get update +sudo apt-get install dotnet-sdk-2.1 + +git clone https://github.com/online-stuff/BitBetter.git + +cd BitBetter/src/licenseGen/ +dotnet add package Newtonsoft.Json --version 11.0.0 + +cd ~/BitBetter/src/bitBetter +dotnet add package Newtonsoft.Json --version 11.0.0 + +cd ~/BitBetter/.keys +rm * + +openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test +openssl x509 -inform DER -in cert.cert -out cert.pem +openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test + + +cd ~/BitBetter +./build.sh + +cd src/licenseGen/ +./build.sh + +cd ~ + +vi ~/bwdata/docker/docker-compose.yml - Change image: bitwarden/api:1.26.0 to image: bitbetter/api and image: bitwarden/identity:x.xx.x to image: bitbetter/identity +vi ~/bwdata/env/global.override.env - Enter mail__smtp relay settings +vi ~/bwdata/scripts/run.sh - function restart() { dockerComposePull to #dockerComposePull + +./bitwarden start + +----Server should be up and running.. Create a user account + +cd ~/BitBetter/src/licenseGen/ +./build.sh +./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID" + Get User-GUID from the admin portal of the BitWarden server + +./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server from bitwarden.com/host" diff --git a/build.sh b/build.sh index d3ea9ba..2f773af 100755 --- a/build.sh +++ b/build.sh @@ -1,13 +1,23 @@ #!/bin/bash -mkdir ./src/bitBetter/.keys +# If there aren't any keys, generate them first. +[ -e ./keys/cert.cert] || ./.keys/generate-keys.sh -cp .keys/cert.cert ./src/bitBetter/.keys +[ -e ./source/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys +[ -e ./source/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys +cp .keys/cert.cert ./src/bitBetter/api/.keys +cp .keys/cert.cert ./src/bitBetter/identity/.keys cd ./src/bitBetter dotnet restore dotnet publish +cp -r bin/ api/ +cp -r bin/ identity/ + +cd ./api docker build --pull . -t bitbetter/api # --squash +cd ../identity +docker build --pull . -t bitbetter/identity # --squash diff --git a/src/bitBetter/Dockerfile b/src/bitBetter/api/Dockerfile similarity index 100% rename from src/bitBetter/Dockerfile rename to src/bitBetter/api/Dockerfile diff --git a/src/bitBetter/identity/Dockerfile b/src/bitBetter/identity/Dockerfile new file mode 100644 index 0000000..b3a0324 --- /dev/null +++ b/src/bitBetter/identity/Dockerfile @@ -0,0 +1,12 @@ +FROM bitwarden/identity + +COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/ +COPY ./.keys/cert.cert /newLicensing.cer + +RUN dotnet /bitBetter/bitBetter.dll && \ + echo "modified dll" && \ + mv /app/Core.dll /app/Core.orig.dll && \ + mv /app/modified.dll /app/Core.dll && \ + echo "replaced dll" && \ + rm -rf /bitBetter && rm -rf /newLicensing.cer && \ + echo "cleaned up"