* Fast patching via IL rewriting of Bitwarden images
Brings back the pre-047c4dd approach of patching pre-built Bitwarden
images instead of cloning and building from source. The fast patch mode
(now default) pulls ghcr.io/bitwarden/{api,identity} and rewrites
Core.dll in-place using Mono.Cecil, bypassing the full source build.
Updated to work with current Bitwarden:
- Uses SingleFileExtractor.Core to extract Core.dll from the
PublishSingleFile bundle before patching; replaces the native
launcher with a shell script wrapper (exec dotnet /app/Api.dll)
so entrypoint.sh continues to work unchanged
- LicensingService search is now namespace-agnostic (handles the
Bit.Core.Services → Bit.Core.Billing.Services rename)
- Thumbprint matching uses Contains() instead of Equals() to handle
the hidden Unicode LRM character prepended to the production
thumbprint string literal in the compiled IL
The original source-build path is preserved and accessible via
BITBETTER_BUILD_FROM_SOURCE=1.
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
* Address review: fix correctness and robustness
- dotnet publish -c Release with explicit -o to match Dockerfile expectation
- Add --platform "$TARGETPLATFORM" to fast-patch docker builds for parity with source-build mode
- mkdir -p for idempotent .keys directory creation
- Align namespace to BitwardenSelfLicensor (repo convention)
- Branch bundle extraction on .dll extension instead of bare catch; exit 1 with clear message on failure
- Replace First() with FirstOrDefault() + targeted error on missing licensing resource
- FixRuntimeConfig derives framework name/version from includedFrameworks; switch to LatestPatch rollForward
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
* Add BITBETTER_BUILD_FROM_SOURCE notes to README.md
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---------
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
Co-authored-by: h44z <christoph.h@sprinternet.at>
* Add license options, bump version, add Token claim
Added the missing license options:
- `ExpirationWithoutGracePeriod`
- `UseAutomaticUserConfirmation`
- `UsePhisingBlocker`
- `UseDisableSmAdsForUsers`
- `UseMyItems`
Bumped the license version from 15 to 16 (`UseOrganizationDomains` is valid only with version 16).
Added `GenerateUserToken` and `GenerateOrgToken` helpers to create the expected `Token` claim that’s still missing in our licenses.
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
* Address Copilot review
- Capture `now = DateTime.UtcNow` once per license-generation call and pass it
into GenerateUserToken/GenerateOrgToken, so all date fields in the JSON
license and the embedded JWT derive from the same instant (fixes drift across
separate DateTime.UtcNow calls)
- Move set("Token", ...) before ComputeHash/Sign in both GenerateUserLicense
and GenerateOrgLicense so all fields are finalised before signing
- Add UseRiskInsights claim to the org JWT; confirmed present as a required
claim in Bitwarden's OrganizationLicenseClaimsFactory
Version is intentionally excluded from both JWTs: neither UserLicenseClaimsFactory
nor OrganizationLicenseClaimsFactory generates it, and the claims-path VerifyData
never reads it.
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---------
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
Add commands to build check to build licensegen image as well and test if the created licensegen image can actually generate user and organization licenses. run.sh will print the generated license to stdout and return zero if successful. If an error occurs, a non zero error code is returned which should cause a build error.
Signed-off-by: Joseph Gigantino <128943406+Jgigantino31@users.noreply.github.com>
Fix for this error:
unable to load certificate
140067633099200:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
* Build image from source
* Clone only current version tag
* remove obsolete project
* support loading Core.dll from single file application
* pass single file application to license gen
* remove loose file parameter
* fix executable parameter
* Remove unnecessary changes in LicensingService.cs
* Revert "Remove unnecessary changes in LicensingService.cs"
This reverts commit d8465e1aec.
* Changed comment
Move `Manually generating Certificate & Key` section from `Building BitBetter` to `Setting up BitBetter` and mark it as `Optional` instead of `Note`.
Co-authored-by: h44z <christoph.h@sprinternet.at>
* - Updated license version to 12
- Added new SM license options
* Change seats, smseats, smserviceaccounts from short to int, like they are in the Bitwarden server code, to allow for the accurate maximum amount of seats
* BitBetter: update build.sh / update-bitwarden.sh
Bitwarden has changed the way they report version numbers for
self-hosted installations.
Fixes https://github.com/jakeswenson/BitBetter/issues/134
Credit to @Ayitaka for the fix
Tested and Verified, Updated install to 1.47.1
Signed-off-by: Donald Hoskins <grommish@gmail.com>
* Update build.sh
Remove extraneous comment
* update-bitwarden.sh: Fix relative path
update-bitwarden.sh attempted to update BitBetter via
./build.sh, but if run via crontab, you aren't in
the BitBetter directory.
Fixed to find it correctly.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
* Update update-bitwarden.sh
Co-authored-by: h44z <christoph.h@sprinternet.at>
Co-authored-by: h44z <christoph.h@sprinternet.at>
* Use latest release of bitwarden as base image (#67, #66)
* Add a script which simplifies Bitwarden updates
* fix typo
* Add UseApi
* Updated version, created update section
* Workaround for docker-compose --ignore-pull-failures bugs (4377 and 7127)
* use version from docker script
* check if bitbetter images are outdated
Co-authored-by: Lework <kuailemy123@163.com>
Co-authored-by: Jake Swenson <jakeswenson@users.noreply.github.com>
Co-authored-by: Jeff Alyanak <jeff@alyanak.ca>
* Exclude cert.cert from git
* Use latest release of bitwarden as base image (#67, #66)
* Add a script which simplifies Bitwarden updates
* fix typo
* Add UseApi
* Updated version, created update section
* Workaround for docker-compose --ignore-pull-failures bugs (4377 and 7127)
* use version from docker script
* check if bitbetter images are outdated
* Make Sso available in org license
Add `UseSso` var and enable
* Update README.md
Co-authored-by: Christoph Haas <christoph.h@sprinternet.at>
Co-authored-by: Lework <kuailemy123@163.com>
Co-authored-by: Captainhook <ec14018@qmul.ac.uk>
* Make policies available in generated org licenses.
* Change license version to current value used in BitWarden. Add info about compatibility in README file.
Co-authored-by: Michiel Hazelhof <m.hazelhof@fyn.nl>
Due to compatibility issues laid out in issue #53:
Update from .net core 2.0 to 3.1 and newtonsoft.json 12.0.1 to 12.0.3.
* Update README.md
Added note that testing has been done up to Bitwarden 1.32.0.
Replaced editing of `docker-compose.yml` with the update-resistant usage
of `docker-compose.override.yml`
* Updated Readme
Better description of dependencies, updated readme.
* Fixed default key directory
Script was not looking in the right place for the auto-generated key directory. This patch fixes issue #35.
* Cleans up Key Directory Patch
Key directory path fix was echoing the directory when run.
* Fixed default key directory
Script was not looking in the right place for the auto-generated key directory. This patch fixes issue #35.
* Cleans up Key Directory Patch
Key directory path fix was echoing the directory when run.
