1
0
mirror of https://github.com/jakeswenson/BitBetter.git synced 2023-10-10 13:36:57 +02:00

Bitbetter identity Core.dll (#14)

* Added a Key Generating script

To make the keygen process a bit easier I've added a `generate-keys.sh` script that can be found in the `.keys` directory. It will generate the key & cert and bundle them into the required pkcs#12 file automatically when running the build script if none already exist.

* Generate bitbetter/identiry container with modified Core.dll

Added the generation of a second modified container, bitbetter/identity, which contains the modified dll. Fixes #12.

This works on my testing environment but has not gone through extensive testing. I'd recommend a review and cleanup of this commit before it is merged into the develop or master branches.
This commit is contained in:
Jeff Alyanak 2019-05-25 18:12:10 -04:00 committed by GitHub
parent 5f85d83e45
commit 15371c362c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 166 additions and 24 deletions

View File

@ -10,6 +10,9 @@ jobs:
command: date command: date
- setup_remote_docker - setup_remote_docker
- run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' } - run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' }
- run:
name: Generate Keys
command: ./.keys/generate-keys.sh
- run: - run:
name: Build script name: Build script
command: ./build.sh command: ./build.sh

View File

@ -1 +0,0 @@
Need an empty folder

17
.keys/generate-keys.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
# Check for openssl
command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found. Aborting."; exit 1; }
# Remove any existing key files
[ ! -e cert.pem ] || rm cert.pem
[ ! -e key.pem ] || rm key.pem
[ ! -e cert.cert ] || rm cert.cert
[ ! -e cert.pfx ] || rm cert.pfx
# Generate new keys
openssl req -x509 -newkey rsa:4096 -keyout .keys/key.pem -out .keys/cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test
openssl x509 -inform DER -in .keys/cert.cert -out .keys/cert.pem
openssl pkcs12 -export -out .keys/cert.pfx -inkey .keys/key.pem -in .keys/cert.pem -passin pass:test -passout pass:test
ls

View File

@ -40,8 +40,33 @@ dotnet add package Newtonsoft.Json --version 11.0.0
cd ../bitBetter cd ../bitBetter
dotnet add package Newtonsoft.Json --version 11.0.0 dotnet add package Newtonsoft.Json --version 11.0.0
``` ```
## Building BitBetter
Next, we need to generate the self-signed certificate we will use to sign any licenses we generate. Now that you've set up your build environment, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images.
From the BitBetter directory, simply run:
```bash
./build.sh
```
This will create a new self-signed certificate in the `.keys` directory one does not already exist and then create a modified version of the official `bitwarden/api` called `bitbetter/api` and a modified version of the `bitwarden/identity` called `bitbetter/identity`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image.
Edit your `/path/to/bwdata/docker/docker-compose.yml`.
> Replace `image: bitwarden/api:x.xx.x`<br>with `image: bitbetter/api`
> Replace `image: bitwarden/identity:x.xx.x`<br>with `image: bitbetter/identity`
You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`.
> Replace `dockerComposePull`<br>with `#dockerComposePull`
You can now start or restart Bitwarden as normal and the modified api will be used. <b>It is now ready to accept self-issued licenses.</b>
---
**Note: Manually generating Certificate & Key**
If you wish to generate your self-signed cert & key manually, you can run the following commands.
```bash ```bash
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
@ -51,26 +76,7 @@ openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:te
Note that the password here must be `test`.<sup>[1](#f1)</sup> Note that the password here must be `test`.<sup>[1](#f1)</sup>
## Building BitBetter ---
Now that you've generated your own own self-signed certificate, you can run the main `BitBetter/build.sh` script to generate a modified version of the `bitwarden/api` docker image.
From the BitBetter directory, simply run:
```bash
./build.sh
```
This will create a modified version of the official `bitwarden/api` called `bitbetter/api`. You may now simply edit your bitwarden docker-compose.yml to utilize the modified image.
Edit your `/path/to/bwdata/docker/docker-compose.yml`.
> Replace `image: bitwarden/api:x.xx.x`<br>with `image: bitbetter/api`
You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `function restart()` block, comment out the call to `dockerComposePull`.
> Replace `dockerComposePull`<br>with `#dockerComposePull`
You can now start or restart Bitwarden as normal and the modified api will be used. <b>It is now ready to accept self-issued licenses.</b>
## Generating Signed Licenses ## Generating Signed Licenses

95
ReadMeInstall Normal file
View File

@ -0,0 +1,95 @@
These are the commands I used (and a few of my notes) for a minimal Debian Stretch install..
Software Selection - "SSH server" and 'standard system utilities" only
sudo apt-get update
sudo apt-get install vim vim-doc vim-scripts wget curl git
sudo apt-get dist-upgrade
sudo reboot
---The next few lines I setup my server authentication and other misc profile settings you can skip until sudo apt-get
ssh-keygen
echo "ssh-rsa AA...1Q== " >> .ssh/authorized_keys
echo ":set mouse=" >> .vimrc
echo "set nocompatible" >> .vimrc
vi .bashrc
sudo visudo ---- tom ALL=(ALL) NOPASSWD:ALL
sudo vi /etc/ssh/sshd_config - Enable 'PermitRootLogin prohibit-password' and 'PasswordAuthentication no'
sudo apt-get update
sudo apt install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt update
apt-cache policy docker-ce
sudo apt install docker-ce
sudo systemctl status docker
sudo usermod -aG docker ${USER}
exit
id -nG
docker version
docker info
docker run hello-world
sudo curl -L --fail https://github.com/docker/compose/releases/download/1.23.1/run.sh -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.asc.gpg
sudo mv microsoft.asc.gpg /etc/apt/trusted.gpg.d/
wget -q https://packages.microsoft.com/config/debian/9/prod.list
sudo mv prod.list /etc/apt/sources.list.d/microsoft-prod.list
sudo chown root:root /etc/apt/trusted.gpg.d/microsoft.asc.gpg
sudo chown root:root /etc/apt/sources.list.d/microsoft-prod.list
curl -s -o bitwarden.sh https://raw.githubusercontent.com/bitwarden/core/master/scripts/bitwarden.sh && sudo chmod u+x bitwarden.sh
./bitwarden.sh install
sudo apt-get update
sudo apt-get install dotnet-sdk-2.1
git clone https://github.com/online-stuff/BitBetter.git
cd BitBetter/src/licenseGen/
dotnet add package Newtonsoft.Json --version 11.0.0
cd ~/BitBetter/src/bitBetter
dotnet add package Newtonsoft.Json --version 11.0.0
cd ~/BitBetter/.keys
rm *
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
openssl x509 -inform DER -in cert.cert -out cert.pem
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
cd ~/BitBetter
./build.sh
cd src/licenseGen/
./build.sh
cd ~
vi ~/bwdata/docker/docker-compose.yml - Change image: bitwarden/api:1.26.0 to image: bitbetter/api and image: bitwarden/identity:x.xx.x to image: bitbetter/identity
vi ~/bwdata/env/global.override.env - Enter mail__smtp relay settings
vi ~/bwdata/scripts/run.sh - function restart() { dockerComposePull to #dockerComposePull
./bitwarden start
----Server should be up and running.. Create a user account
cd ~/BitBetter/src/licenseGen/
./build.sh
./run.sh ~/BitBetter/.keys/cert.pfx user "Name" "EMail" "User-GUID"
Get User-GUID from the admin portal of the BitWarden server
./run.sh ~/BitBetter/.keys/cert.pfx org "Name" "EMail" "Install-ID used to install the server from bitwarden.com/host"

View File

@ -1,13 +1,23 @@
#!/bin/bash #!/bin/bash
mkdir ./src/bitBetter/.keys # If there aren't any keys, generate them first.
[ -e ./keys/cert.cert] || ./.keys/generate-keys.sh
cp .keys/cert.cert ./src/bitBetter/.keys [ -e ./source/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys
[ -e ./source/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys
cp .keys/cert.cert ./src/bitBetter/api/.keys
cp .keys/cert.cert ./src/bitBetter/identity/.keys
cd ./src/bitBetter cd ./src/bitBetter
dotnet restore dotnet restore
dotnet publish dotnet publish
cp -r bin/ api/
cp -r bin/ identity/
cd ./api
docker build --pull . -t bitbetter/api # --squash docker build --pull . -t bitbetter/api # --squash
cd ../identity
docker build --pull . -t bitbetter/identity # --squash

View File

@ -0,0 +1,12 @@
FROM bitwarden/identity
COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/
COPY ./.keys/cert.cert /newLicensing.cer
RUN dotnet /bitBetter/bitBetter.dll && \
echo "modified dll" && \
mv /app/Core.dll /app/Core.orig.dll && \
mv /app/modified.dll /app/Core.dll && \
echo "replaced dll" && \
rm -rf /bitBetter && rm -rf /newLicensing.cer && \
echo "cleaned up"