Fast patching via IL rewriting of Bitwarden images (#278)

* Fast patching via IL rewriting of Bitwarden images

Brings back the pre-047c4dd approach of patching pre-built Bitwarden
images instead of cloning and building from source. The fast patch mode
(now default) pulls ghcr.io/bitwarden/{api,identity} and rewrites
Core.dll in-place using Mono.Cecil, bypassing the full source build.

Updated to work with current Bitwarden:
- Uses SingleFileExtractor.Core to extract Core.dll from the
  PublishSingleFile bundle before patching; replaces the native
  launcher with a shell script wrapper (exec dotnet /app/Api.dll)
  so entrypoint.sh continues to work unchanged
- LicensingService search is now namespace-agnostic (handles the
  Bit.Core.Services → Bit.Core.Billing.Services rename)
- Thumbprint matching uses Contains() instead of Equals() to handle
  the hidden Unicode LRM character prepended to the production
  thumbprint string literal in the compiled IL

The original source-build path is preserved and accessible via
BITBETTER_BUILD_FROM_SOURCE=1.

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>

* Address review: fix correctness and robustness

- dotnet publish -c Release with explicit -o to match Dockerfile expectation
- Add --platform "$TARGETPLATFORM" to fast-patch docker builds for parity with source-build mode
- mkdir -p for idempotent .keys directory creation
- Align namespace to BitwardenSelfLicensor (repo convention)
- Branch bundle extraction on .dll extension instead of bare catch; exit 1 with clear message on failure
- Replace First() with FirstOrDefault() + targeted error on missing licensing resource
- FixRuntimeConfig derives framework name/version from includedFrameworks; switch to LatestPatch rollForward

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>

* Add BITBETTER_BUILD_FROM_SOURCE notes to README.md

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>

---------

Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
Co-authored-by: h44z <christoph.h@sprinternet.at>

build.sh

@@ -28,35 +28,66 @@ echo "Using BUILDPLATFORM=$BUILDPLATFORM TARGETPLATFORM=$TARGETPLATFORM"
 # If there aren't any keys, generate them first.
 [ -e "$DIR/.keys/cert.cert" ] || "$DIR/.keys/generate-keys.sh"
 
-# Prepare Bitwarden server repository
-rm -rf $DIR/server
-git clone --branch "v${BW_VERSION}" --depth 1 https://github.com/bitwarden/server.git $DIR/server
+if [ "${BITBETTER_BUILD_FROM_SOURCE:-0}" = "1" ]; then
+	echo "--- Source build mode ---"
 
-# Replace certificate file and thumbprint
-old_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/server/src/Core/licensing.cer | cut -d= -f2 | tr -d ':')
-new_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/.keys/cert.cert | cut -d= -f2 | tr -d ':')
-sed -i -e "s/$old_thumbprint/$new_thumbprint/g" $DIR/server/src/Core/Billing/Services/Implementations/LicensingService.cs
-cp $DIR/.keys/cert.cert $DIR/server/src/Core/licensing.cer
+	# Prepare Bitwarden server repository
+	rm -rf $DIR/server
+	git clone --branch "v${BW_VERSION}" --depth 1 https://github.com/bitwarden/server.git $DIR/server
 
-docker build \
-	--no-cache \
-	--platform "$TARGETPLATFORM" \
-	--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
-	--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
-	--label com.bitwarden.product="bitbetter" \
-	-f $DIR/server/src/Api/Dockerfile \
-	-t bitbetter/api \
-	$DIR/server
+	# Replace certificate file and thumbprint
+	old_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/server/src/Core/licensing.cer | cut -d= -f2 | tr -d ':')
+	new_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/.keys/cert.cert | cut -d= -f2 | tr -d ':')
+	sed -i -e "s/$old_thumbprint/$new_thumbprint/g" $DIR/server/src/Core/Billing/Services/Implementations/LicensingService.cs
+	cp $DIR/.keys/cert.cert $DIR/server/src/Core/licensing.cer
 
-docker build \
-	--no-cache \
-	--platform "$TARGETPLATFORM" \
-	--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
-	--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
-	--label com.bitwarden.product="bitbetter" \
-	-f $DIR/server/src/Identity/Dockerfile \
-	-t bitbetter/identity \
-	$DIR/server
+	docker build \
+		--no-cache \
+		--platform "$TARGETPLATFORM" \
+		--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
+		--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
+		--label com.bitwarden.product="bitbetter" \
+		-f $DIR/server/src/Api/Dockerfile \
+		-t bitbetter/api \
+		$DIR/server
+
+	docker build \
+		--no-cache \
+		--platform "$TARGETPLATFORM" \
+		--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
+		--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
+		--label com.bitwarden.product="bitbetter" \
+		-f $DIR/server/src/Identity/Dockerfile \
+		-t bitbetter/identity \
+		$DIR/server
+else
+	echo "--- Fast patch mode ---"
+
+	mkdir -p "$DIR/src/bitBetter/.keys"
+	cp "$DIR/.keys/cert.cert" "$DIR/src/bitBetter/.keys/cert.cert"
+
+	# Build the patcher tool inside the SDK container
+	docker run --rm \
+		-v "$DIR/src/bitBetter:/bitBetter" \
+		-w /bitBetter \
+		mcr.microsoft.com/dotnet/sdk:8.0 sh build.sh
+
+	docker build \
+		--no-cache \
+		--platform "$TARGETPLATFORM" \
+		--label com.bitwarden.product="bitbetter" \
+		--build-arg BITWARDEN_TAG="ghcr.io/bitwarden/api:$BW_VERSION" \
+		-t bitbetter/api \
+		"$DIR/src/bitBetter"
+
+	docker build \
+		--no-cache \
+		--platform "$TARGETPLATFORM" \
+		--label com.bitwarden.product="bitbetter" \
+		--build-arg BITWARDEN_TAG="ghcr.io/bitwarden/identity:$BW_VERSION" \
+		-t bitbetter/identity \
+		"$DIR/src/bitBetter"
+fi
 
 docker tag bitbetter/api bitbetter/api:latest
 docker tag bitbetter/identity bitbetter/identity:latest