* Update to .NET 10.0 for Bitwarden server 2026.5.0 compatibility
Bitwarden server 2026.5.0 ships with .NET 10.0 runtime only, breaking
the fast-patch build. This commit updates all .NET projects and build
pipelines to target net10.0 and the dotnet/sdk:10.0 image.
Additionally:
- Replace obsolete X509Certificate2(byte[]) constructors with
X509CertificateLoader.LoadCertificate() / LoadPkcs12FromFile()
to resolve SYSLIB0057 warnings introduced in .NET 9/10
- Add -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 to
generate-keys.sh PKCS#12 export, fixing OpenSSL 3.x errors caused
by the deprecated RC2-40-CBC legacy algorithm
- Update FixRuntimeConfig fallback framework version to 10.0.0
Fixes#281
Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
* Fix certificate validation by replacing all thumbprint occurrences
Bitwarden's LicensingService performs two validation checks:
1. Validates _creationCertificate thumbprint
2. Validates all certificates in _verificationCertificates
The thumbprint constants are inlined at compile time, creating multiple
Ldstr instructions in the IL code. The patcher was only replacing the
first occurrence, causing the second validation to fail with:
'Invalid license verifying certificate.'
This fix replaces ALL occurrences of the old thumbprint to ensure both
validation checks pass.
Fixes runtime error: 'Invalid license verifying certificate'
---------
Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
Co-authored-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
* Fast patching via IL rewriting of Bitwarden images
Brings back the pre-047c4dd approach of patching pre-built Bitwarden
images instead of cloning and building from source. The fast patch mode
(now default) pulls ghcr.io/bitwarden/{api,identity} and rewrites
Core.dll in-place using Mono.Cecil, bypassing the full source build.
Updated to work with current Bitwarden:
- Uses SingleFileExtractor.Core to extract Core.dll from the
PublishSingleFile bundle before patching; replaces the native
launcher with a shell script wrapper (exec dotnet /app/Api.dll)
so entrypoint.sh continues to work unchanged
- LicensingService search is now namespace-agnostic (handles the
Bit.Core.Services → Bit.Core.Billing.Services rename)
- Thumbprint matching uses Contains() instead of Equals() to handle
the hidden Unicode LRM character prepended to the production
thumbprint string literal in the compiled IL
The original source-build path is preserved and accessible via
BITBETTER_BUILD_FROM_SOURCE=1.
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
* Address review: fix correctness and robustness
- dotnet publish -c Release with explicit -o to match Dockerfile expectation
- Add --platform "$TARGETPLATFORM" to fast-patch docker builds for parity with source-build mode
- mkdir -p for idempotent .keys directory creation
- Align namespace to BitwardenSelfLicensor (repo convention)
- Branch bundle extraction on .dll extension instead of bare catch; exit 1 with clear message on failure
- Replace First() with FirstOrDefault() + targeted error on missing licensing resource
- FixRuntimeConfig derives framework name/version from includedFrameworks; switch to LatestPatch rollForward
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
* Add BITBETTER_BUILD_FROM_SOURCE notes to README.md
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
---------
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
Co-authored-by: h44z <christoph.h@sprinternet.at>
Fix for this error:
unable to load certificate
140067633099200:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
* Build image from source
* Clone only current version tag
* remove obsolete project
* support loading Core.dll from single file application
* pass single file application to license gen
* remove loose file parameter
* fix executable parameter
* Remove unnecessary changes in LicensingService.cs
* Revert "Remove unnecessary changes in LicensingService.cs"
This reverts commit d8465e1aec.
* Changed comment
* BitBetter: update build.sh / update-bitwarden.sh
Bitwarden has changed the way they report version numbers for
self-hosted installations.
Fixes https://github.com/jakeswenson/BitBetter/issues/134
Credit to @Ayitaka for the fix
Tested and Verified, Updated install to 1.47.1
Signed-off-by: Donald Hoskins <grommish@gmail.com>
* Update build.sh
Remove extraneous comment
* Exclude cert.cert from git
* Use latest release of bitwarden as base image (#67, #66)
* Add a script which simplifies Bitwarden updates
* fix typo
* Add UseApi
* Updated version, created update section
* Workaround for docker-compose --ignore-pull-failures bugs (4377 and 7127)
* use version from docker script
* check if bitbetter images are outdated
* Make Sso available in org license
Add `UseSso` var and enable
* Update README.md
Co-authored-by: Christoph Haas <christoph.h@sprinternet.at>
Co-authored-by: Lework <kuailemy123@163.com>
Co-authored-by: Captainhook <ec14018@qmul.ac.uk>
Co-authored-by: Michiel Hazelhof <m.hazelhof@fyn.nl>
Due to compatibility issues laid out in issue #53:
Update from .net core 2.0 to 3.1 and newtonsoft.json 12.0.1 to 12.0.3.
* Use absolute path rather than relative path in scripts
* Remove src/bitBetter/.keys/cert.cert
* Build licenseGen in Docker
This way we don't have to install dotnet sdk on the host
* Build bitBetter in Docker
This way we don't have to install dotnet sdk on the host
* Change DIR in run.sh to point to the project root
* Replace echo in Dockerfiles by set -x and set -e
* Use same Dockerfile for api and identity images
* Update README.md
* Update CircleCI config
The Docker Executor can't mount volume.
https://support.circleci.com/hc/en-us/articles/360007324514https://circleci.com/docs/2.0/executor-types/#using-machine
* Make scripts work with sh
* Remove the container used to build bitBetter
* Added a Key Generating script
To make the keygen process a bit easier I've added a `generate-keys.sh` script that can be found in the `.keys` directory. It will generate the key & cert and bundle them into the required pkcs#12 file automatically when running the build script if none already exist.
* Generate bitbetter/identiry container with modified Core.dll
Added the generation of a second modified container, bitbetter/identity, which contains the modified dll. Fixes#12.
This works on my testing environment but has not gone through extensive testing. I'd recommend a review and cleanup of this commit before it is merged into the develop or master branches.
