From 3e44d7347bb0097b9930acee3a7850d0c13dc7f0 Mon Sep 17 00:00:00 2001 From: Vinrobot Date: Sun, 7 Jul 2019 18:18:27 +0200 Subject: [PATCH] Improve build and scripts (#30) * Use absolute path rather than relative path in scripts * Remove src/bitBetter/.keys/cert.cert * Build licenseGen in Docker This way we don't have to install dotnet sdk on the host * Build bitBetter in Docker This way we don't have to install dotnet sdk on the host * Change DIR in run.sh to point to the project root * Replace echo in Dockerfiles by set -x and set -e * Use same Dockerfile for api and identity images * Update README.md * Update CircleCI config The Docker Executor can't mount volume. https://support.circleci.com/hc/en-us/articles/360007324514 https://circleci.com/docs/2.0/executor-types/#using-machine * Make scripts work with sh * Remove the container used to build bitBetter --- .circleci/config.yml | 5 +---- .keys/generate-keys.sh | 17 ++++++++++------- README.md | 16 +++------------- build.sh | 26 ++++++++++---------------- src/bitBetter/.keys/cert.cert | Bin 1194 -> 0 bytes src/bitBetter/Dockerfile | 11 +++++++++++ src/bitBetter/api/Dockerfile | 12 ------------ src/bitBetter/build.sh | 8 ++++++++ src/bitBetter/identity/Dockerfile | 12 ------------ src/licenseGen/Dockerfile | 16 ++++++++++++++-- src/licenseGen/build.sh | 13 ++++--------- src/licenseGen/run.sh | 11 ++++++----- 12 files changed, 67 insertions(+), 80 deletions(-) delete mode 100644 src/bitBetter/.keys/cert.cert create mode 100644 src/bitBetter/Dockerfile delete mode 100644 src/bitBetter/api/Dockerfile create mode 100755 src/bitBetter/build.sh delete mode 100644 src/bitBetter/identity/Dockerfile diff --git a/.circleci/config.yml b/.circleci/config.yml index 6a19ae7..34a1058 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,15 +1,12 @@ version: 2 jobs: build: - docker: - - image: microsoft/dotnet:2-sdk + machine: true steps: - checkout - run: name: Print the Current Time command: date - - setup_remote_docker - - run: { name: 'Get docker', command: 'curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh' } - run: name: Generate Keys command: ./.keys/generate-keys.sh diff --git a/.keys/generate-keys.sh b/.keys/generate-keys.sh index 59099ad..d460c13 100755 --- a/.keys/generate-keys.sh +++ b/.keys/generate-keys.sh @@ -3,15 +3,18 @@ # Check for openssl command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found. Aborting."; exit 1; } +DIR=`dirname "$0"` +DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd` + # Remove any existing key files -[ ! -e cert.pem ] || rm cert.pem -[ ! -e key.pem ] || rm key.pem -[ ! -e cert.cert ] || rm cert.cert -[ ! -e cert.pfx ] || rm cert.pfx +[ ! -e "$DIR/cert.pem" ] || rm "$DIR/cert.pem" +[ ! -e "$DIR/key.pem" ] || rm "$DIR/key.pem" +[ ! -e "$DIR/cert.cert" ] || rm "$DIR/cert.cert" +[ ! -e "$DIR/cert.pfx" ] || rm "$DIR/cert.pfx" # Generate new keys -openssl req -x509 -newkey rsa:4096 -keyout .keys/key.pem -out .keys/cert.cert -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test -openssl x509 -inform DER -in .keys/cert.cert -out .keys/cert.pem -openssl pkcs12 -export -out .keys/cert.pfx -inkey .keys/key.pem -in .keys/cert.pem -passin pass:test -passout pass:test +openssl req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cert" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test +openssl x509 -inform DER -in "$DIR/cert.cert" -out "$DIR/cert.pem" +openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test ls diff --git a/README.md b/README.md index 9c07f7c..afe7119 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ BitBetter is is a tool to modify bitwardens core dll to allow you to generate yo _Beware! BitBetter does janky IL magic to rewrite the bitwarden core dll and install a self signed certificate. Use at your own risk!_ -Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter +Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter # Table of Contents 1. [Getting Started](#getting-started) @@ -22,7 +22,6 @@ The following instructions are for unix-based systems (Linux, BSD, macOS), it is Aside from docker, which you also need for Bitwarden, BitBetter requires the following: * openssl (probably already installed on most Linux or WSL systems) -* dotnet-sdk-2.1 (install instructions can be found [here](https://dotnet.microsoft.com/download/linux-package-manager/rhel/sdk-2.1.604)) ## Setting up BitBetter With your pre-requisites installed, begin the installation of BitBetter by downloading it through Github or using the git command: @@ -31,15 +30,6 @@ With your pre-requisites installed, begin the installation of BitBetter by downl git clone https://github.com/jakeswenson/BitBetter.git ``` -First, we need to add the correct version of Newtonsoft.Json to the license generator and the BitBetter docker directories. - -```bash -cd BitBetter/src/licenseGen/ -dotnet add package Newtonsoft.Json --version 12.0.1 - -cd ../bitBetter -dotnet add package Newtonsoft.Json --version 12.0.1 -``` ## Building BitBetter Now that you've set up your build environment, you can **run the main build script** to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images. @@ -125,13 +115,13 @@ I'll work on updates in the next couple weeks, right now, I just wanted somethin ## But why? Its open source? Yes, bitwarden is great. If I didn't care about it i wouldn't be doing this. -I was bothered that if i want to host bitwarden myself, at my house, +I was bothered that if i want to host bitwarden myself, at my house, for my family to use (with the ability to share access) I would still have to pay a monthly ENTERPRISE organization fee. To host it myself. And maintain it myself. Basically WTH was bitwarden doing that I was paying them for? ## You should have reached out to bitwarden -Thanks, good idea. And I did. Currently they're not focused on solving this issue - yet. +Thanks, good idea. And I did. Currently they're not focused on solving this issue - yet. To be clear i'm totally happy to give them my money. Offer a perpetual server license, and i'd pay for it. Let me license the server, period. Allow an orginzation to have Premium for all users.. 500 seats, let the 500 users in the orginzation have the Premium features too. I'm still in the testing/evaluating phase. If I am hosting the server/data, let me license the server, period. How many licenses does one user need to have... diff --git a/build.sh b/build.sh index 85720a0..dd86ce5 100755 --- a/build.sh +++ b/build.sh @@ -1,24 +1,18 @@ -#!/bin/bash +#!/bin/sh + +DIR=`dirname "$0"` +DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd` # If there aren't any keys, generate them first. -[ -e ./.keys/cert.cert ] || ./.keys/generate-keys.sh +[ -e "$DIR/.keys/cert.cert" ] || "$DIR/.keys/generate-keys.sh" -[ -e ./src/bitBetter/api/.keys ] || mkdir ./src/bitBetter/api/.keys -[ -e ./src/bitBetter/identity/.keys ] || mkdir ./src/bitBetter/identity/.keys +[ -e "$DIR/src/bitBetter/.keys" ] || mkdir "$DIR/src/bitBetter/.keys" -cp .keys/cert.cert ./src/bitBetter/api/.keys -cp .keys/cert.cert ./src/bitBetter/identity/.keys +cp "$DIR/.keys/cert.cert" "$DIR/src/bitBetter/.keys" -cd ./src/bitBetter +docker run --rm -v "$DIR/src/bitBetter:/bitBetter" -w=/bitBetter mcr.microsoft.com/dotnet/core/sdk:2.1 sh build.sh -dotnet restore -dotnet publish +docker build --build-arg BITWARDEN_TAG=bitwarden/api -t bitbetter/api "$DIR/src/bitBetter" # --squash +docker build --build-arg BITWARDEN_TAG=bitwarden/identity -t bitbetter/identity "$DIR/src/bitBetter" # --squash -cp -r bin/ api/ -cp -r bin/ identity/ -cd ./api -docker build --pull . -t bitbetter/api # --squash - -cd ../identity -docker build --pull . -t bitbetter/identity # --squash diff --git a/src/bitBetter/.keys/cert.cert b/src/bitBetter/.keys/cert.cert deleted file mode 100644 index 740465ba03136bd88550356c9efa1cca5a620f6a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1194 zcmV;b1XcSmf&`{8f&z{L2>`7)J#?njWSlS!1_>&LNQUlw}8?+FaSo=aOK&ww^8Nu*8UgItalZ1eyNhR#$V!-A>%kCAl;XJ$YY(!)*7= zo;!1M*TfXzEpugaqXhOL#ZLy(6Rq?`g1OQ6|t+JgD=mbM+AXiG}hu;}^ zY-lRXz)O0kU7~yn2G}kisPQbJ+bhX~#RY0XXv<%C$nY7Drz1!?{$$^H)!8pmj6v1x z^JG{``Z5yh%lxn!&pIgj*$1WyJ=dT(s|&}vpx06mrEd$KMbM@=go+CO6VN<2KuQ5l z?}^D9Syn(m@I*VGwC^Z=mV4_jtI4nS5lfPy&sRSRuw!V%Fb>hc8fP34K_m$W$9vHq zoVM_%j(r<@Nd!oPrgH!_Q0T_stR(Q4B~ED|t>_`ZKgH20)V17g1{(dpi0~dar*ZCX zwn-)-6Oyd$x7&&tx+z6^)Ur)30IHq#RV7ZR65)*nZ{SXkTgXqjh5!e25Io?Hqj#PG zA?mebMozGnKYAI1iXW>LQlLL=fbkDrNd^nOvzfw#7a0SJic2hq>tQ92C9pT-#a4I97yDRmUn>=nx6ggq{pyQuWXi5~*l>Q2j zx`=NCnH%&WHUjbsiP8m>eRa<*A%v2L^*v4#U9I?SGE4<)uYci50s{d60Wb{)2`Yw2 zhW8Bt0Sg5H1A+np04sY!VFgkPn2u(vMccurECT6KDmE4nD}Nd!o~E%PZcQ3#wDDH! zJrgR>vf_J+&VAsO0QO|TiewX2M_P`A#AuVoxW1Oxn^N<-8LDOf6%v5`)aDm`=RyPdg93A{Lm1Zs7X$?Joq{`Rl!an~*UuvI@aYWtz zv$i`pr0-^R``C!-}fl3uOv6 z?<%HDKrf~CoFj}|;=k_?DoN@b<5tlMLcnV^?C4Z@z#h8e-BWTD)F>mwg8k;j7e`|} zeF&X)Ei_RGVNy7SRzVwRxmglT@DUiIxhL&ZzGkg6l`Y-9> z_!g`k%)ovb8tfbx_kL=;NEm=M8Z4(0g1q=}`n6EgCO1EU4))qPm@h*Y!gshsYZfHY zlrrWvuMAWO2apGLmEeFoDNIb0EXkty>_qGDO{F@LpymV7?XTgsF;oGyOd3i3VF=lo I*(}b{us|yqjQ{`u diff --git a/src/bitBetter/Dockerfile b/src/bitBetter/Dockerfile new file mode 100644 index 0000000..02837cb --- /dev/null +++ b/src/bitBetter/Dockerfile @@ -0,0 +1,11 @@ +ARG BITWARDEN_TAG +FROM ${BITWARDEN_TAG} + +COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/ +COPY ./.keys/cert.cert /newLicensing.cer + +RUN set -e; set -x; \ + dotnet /bitBetter/bitBetter.dll && \ + mv /app/Core.dll /app/Core.orig.dll && \ + mv /app/modified.dll /app/Core.dll && \ + rm -rf /bitBetter && rm -rf /newLicensing.cer diff --git a/src/bitBetter/api/Dockerfile b/src/bitBetter/api/Dockerfile deleted file mode 100644 index b59756d..0000000 --- a/src/bitBetter/api/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM bitwarden/api - -COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/ -COPY ./.keys/cert.cert /newLicensing.cer - -RUN dotnet /bitBetter/bitBetter.dll && \ - echo "modified dll" && \ - mv /app/Core.dll /app/Core.orig.dll && \ - mv /app/modified.dll /app/Core.dll && \ - echo "replaced dll" && \ - rm -rf /bitBetter && rm -rf /newLicensing.cer && \ - echo "cleaned up" diff --git a/src/bitBetter/build.sh b/src/bitBetter/build.sh new file mode 100755 index 0000000..5b0ccd2 --- /dev/null +++ b/src/bitBetter/build.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e +set -x + +dotnet add package Newtonsoft.Json --version 12.0.1 +dotnet restore +dotnet publish diff --git a/src/bitBetter/identity/Dockerfile b/src/bitBetter/identity/Dockerfile deleted file mode 100644 index b3a0324..0000000 --- a/src/bitBetter/identity/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM bitwarden/identity - -COPY bin/Debug/netcoreapp2.0/publish/* /bitBetter/ -COPY ./.keys/cert.cert /newLicensing.cer - -RUN dotnet /bitBetter/bitBetter.dll && \ - echo "modified dll" && \ - mv /app/Core.dll /app/Core.orig.dll && \ - mv /app/modified.dll /app/Core.dll && \ - echo "replaced dll" && \ - rm -rf /bitBetter && rm -rf /newLicensing.cer && \ - echo "cleaned up" diff --git a/src/licenseGen/Dockerfile b/src/licenseGen/Dockerfile index 441f497..2d61df0 100644 --- a/src/licenseGen/Dockerfile +++ b/src/licenseGen/Dockerfile @@ -1,5 +1,17 @@ +FROM mcr.microsoft.com/dotnet/core/sdk:2.1 as build + +WORKDIR /licenseGen + +COPY . /licenseGen + +RUN set -e; set -x; \ + dotnet add package Newtonsoft.Json --version 12.0.1 \ + && dotnet restore \ + && dotnet publish + + FROM bitbetter/api -COPY bin/Debug/netcoreapp2.0/publish/* /app/ +COPY --from=build /licenseGen/bin/Debug/netcoreapp2.0/publish/* /app/ -ENTRYPOINT [ "dotnet", "/app/licenseGen.dll", "--core", "/app/Core.dll", "--cert", "/cert.pfx" ] \ No newline at end of file +ENTRYPOINT [ "dotnet", "/app/licenseGen.dll", "--core", "/app/Core.dll", "--cert", "/cert.pfx" ] diff --git a/src/licenseGen/build.sh b/src/licenseGen/build.sh index c52062e..31d08ac 100755 --- a/src/licenseGen/build.sh +++ b/src/licenseGen/build.sh @@ -1,11 +1,6 @@ -#!/bin/bash +#!/bin/sh -script_dir=`cd $(dirname $0); pwd` - -cd $script_dir - -dotnet restore -dotnet publish - -docker build . -t bitbetter/licensegen # --squash +DIR=`dirname "$0"` +DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd` +docker build -t bitbetter/licensegen "$DIR" # --squash diff --git a/src/licenseGen/run.sh b/src/licenseGen/run.sh index 2219640..ebfdd58 100755 --- a/src/licenseGen/run.sh +++ b/src/licenseGen/run.sh @@ -1,18 +1,19 @@ -#!/bin/bash +#!/bin/sh -script_dir=`cd $(dirname $0); pwd` +DIR=`dirname "$0"` +DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd` # Grab the absolute path to the default pfx location -cert_path=`cd ./.keys; ls -d -1 $PWD/cert.pfx` +cert_path="$DIR/.keys/cert.pfx" if [ "$#" -lt "1" ]; then echo "USAGE: $0 [License Gen args...]" exit 1 elif [ "$#" -ge "2" ]; then # If a cert path is provided manually, override the default - cert_path=$1 + cert_path="$1" shift fi -docker run -it -v "$cert_path:/cert.pfx" bitbetter/licensegen "$@" +docker run -it --rm -v "$cert_path:/cert.pfx" bitbetter/licensegen "$@"