Merge 5b5d1301c9 into 676dd7b85c

Updated the container image registries from Docker Hub to GitHub Container Registry. Fixes #224

README.md

@@ -14,8 +14,8 @@ Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/B
 - [Getting Started](#getting-started)
   - [Dependencies](#dependencies)
   - [Setting up BitBetter](#setting-up-bitbetter)
+    - [Optional: Manually generating Certificate & Key](#optional-manually-generating-certificate--key)
   - [Building BitBetter](#building-bitbetter)
-    - [Note: Manually generating Certificate & Key](#note-manually-generating-certificate--key)
   - [Updating Bitwarden and BitBetter](#updating-bitwarden-and-bitbetter)
   - [Generating Signed Licenses](#generating-signed-licenses)
     - [Note: Alternative Ways to Generate License](#note-alternative-ways-to-generate-license)
@@ -40,6 +40,21 @@ With your dependencies installed, begin the installation of BitBetter by downloa
 git clone https://github.com/jakeswenson/BitBetter.git
 ```
 
+### Optional: Manually generating Certificate & Key
+
+If you wish to generate your self-signed cert & key manually, you can run the following commands.
+
+```bash
+cd .keys
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
+openssl x509 -inform DER -in cert.cert -out cert.pem
+openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
+```
+
+> Note that the password here must be `test`.<sup>[1](#f1)</sup>
+
+---
+
 ## Building BitBetter
 
 Now that you've set up your build environment, you can **run the main build script** to generate a modified version of the `bitwarden/api` and `bitwarden/identity` docker images.
@@ -54,8 +69,6 @@ This will create a new self-signed certificate in the `.keys` directory if one d
 You may now simply create the file `/path/to/bwdata/docker/docker-compose.override.yml` with the following contents to utilize the modified images.
 
 ```yaml
-version: '3'
-
 services:
   api:
     image: bitbetter/api
@@ -70,19 +83,6 @@ You'll also want to edit the `/path/to/bwdata/scripts/run.sh` file. In the `func
 
 You can now start or restart Bitwarden as normal and the modified api will be used. **It is now ready to accept self-issued licenses.**
 
----
-### Note: Manually generating Certificate & Key
-
-If you wish to generate your self-signed cert & key manually, you can run the following commands.
-
-```bash
-openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
-openssl x509 -inform DER -in cert.cert -out cert.pem
-openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
-```
-
-> Note that the password here must be `test`.<sup>[1](#f1)</sup>
-
 ---
 
 ## Updating Bitwarden and BitBetter

build.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
-
+set -e
 DIR=`dirname "$0"`
 DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd`
 BW_VERSION=$(curl -sL https://go.btwrdn.co/bw-sh-versions | grep '^ *"'coreVersion'":' | awk -F\: '{ print $2 }' | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
@@ -9,14 +9,19 @@ echo "Building BitBetter for BitWarden version $BW_VERSION"
 # If there aren't any keys, generate them first.
 [ -e "$DIR/.keys/cert.cert" ] || "$DIR/.keys/generate-keys.sh"
 
-[ -e "$DIR/src/bitBetter/.keys" ] || mkdir "$DIR/src/bitBetter/.keys"
+# Prepare Bitwarden repository
+rm -rf $DIR/server
+git clone --branch "v${BW_VERSION}" --depth 1 https://github.com/bitwarden/server.git $DIR/server
+old_thumbprint=$(openssl x509 -fingerprint -noout -in $DIR/server/src/Core/licensing.cer | cut -d= -f2 | tr -d ':')
+new_thumbprint=$(openssl x509 -fingerprint -noout -in $DIR/.keys/cert.cert | cut -d= -f2 | tr -d ':')
+cp $DIR/.keys/cert.cert $DIR/server/src/Core/licensing.cer
+# Optional, has actually no effect
+sed -i -e "s/$old_thumbprint/$new_thumbprint/g" $DIR/server/src/Core/Services/Implementations/LicensingService.cs
+# Enable loose files for API, so Core.dll is accessible
+sed -i -e 's/PublishSingleFile=true/PublishSingleFile=false/g' $DIR/server/src/Api/Dockerfile
 
-cp "$DIR/.keys/cert.cert" "$DIR/src/bitBetter/.keys"
-
-docker run --rm -v "$DIR/src/bitBetter:/bitBetter" -w=/bitBetter mcr.microsoft.com/dotnet/sdk:6.0 sh build.sh
-
-docker build --no-cache --build-arg BITWARDEN_TAG=bitwarden/api:$BW_VERSION --label com.bitwarden.product="bitbetter" -t bitbetter/api "$DIR/src/bitBetter" # --squash
-docker build --no-cache --build-arg BITWARDEN_TAG=bitwarden/identity:$BW_VERSION --label com.bitwarden.product="bitbetter" -t bitbetter/identity "$DIR/src/bitBetter" # --squash
+docker build --no-cache --label com.bitwarden.product="bitbetter" $DIR/server -f $DIR/server/src/Api/Dockerfile -t bitbetter/api
+docker build --no-cache --label com.bitwarden.product="bitbetter" $DIR/server -f $DIR/server/src/Identity/Dockerfile -t bitbetter/identity
 
 docker tag bitbetter/api bitbetter/api:latest
 docker tag bitbetter/identity bitbetter/identity:latest

src/bitBetter/Dockerfile

@@ -1,11 +0,0 @@
-ARG BITWARDEN_TAG
-FROM ${BITWARDEN_TAG}
-
-COPY bin/Debug/netcoreapp6.0/publish/* /bitBetter/
-COPY ./.keys/cert.cert /newLicensing.cer
-
-RUN set -e; set -x; \
-    dotnet /bitBetter/bitBetter.dll && \
-    mv /app/Core.dll /app/Core.orig.dll && \
-    mv /app/modified.dll /app/Core.dll && \
-    rm -rf /bitBetter && rm -rf /newLicensing.cer

src/bitBetter/Program.cs

@@ -1,93 +0,0 @@
-using System;
-using System.IO;
-using System.Linq;
-using System.Security.Cryptography.X509Certificates;
-using Mono.Cecil;
-using Mono.Cecil.Cil;
-using Mono.Cecil.Rocks;
-
-namespace bitwardenSelfLicensor
-{
-    class Program
-    {
-        static int Main(string[] args)
-        {
-            string cerFile;
-            string corePath;
-
-            if(args.Length >= 2) {
-                cerFile = args[0];
-                corePath = args[1];
-            } else if (args.Length == 1) {
-                cerFile = args[0];
-                corePath = "/app/Core.dll";
-            }
-            else {
-                cerFile = "/newLicensing.cer";
-                corePath = "/app/Core.dll";
-            }
-
-
-            var module =  ModuleDefinition.ReadModule(new MemoryStream(File.ReadAllBytes(corePath)));
-            var cert = File.ReadAllBytes(cerFile);
-
-            var x = module.Resources.OfType<EmbeddedResource>()
-                                    .Where(r => r.Name.Equals("Bit.Core.licensing.cer"))
-                                    .First();
-
-            Console.WriteLine(x.Name);
-
-            var e = new EmbeddedResource("Bit.Core.licensing.cer", x.Attributes, cert);
-
-            module.Resources.Add(e);
-            module.Resources.Remove(x);
-
-            var services = module.Types.Where(t => t.Namespace == "Bit.Core.Services");
-            
-
-            var type = services.First(t => t.Name == "LicensingService");
-
-            var licensingType =  type.Resolve();
-
-            var existingCert = new X509Certificate2(x.GetResourceData());
-
-            Console.WriteLine($"Existing Cert Thumbprint: {existingCert.Thumbprint}");
-            X509Certificate2 certificate = new X509Certificate2(cert);
-
-            Console.WriteLine($"New Cert Thumbprint: {certificate.Thumbprint}");
-
-            var ctor = licensingType.GetConstructors().Single();
-
-
-            var rewriter = ctor.Body.GetILProcessor();
-
-            var instToReplace = 
-                ctor.Body.Instructions.Where(i => i.OpCode == OpCodes.Ldstr
-                    && string.Equals((string)i.Operand, existingCert.Thumbprint, StringComparison.InvariantCultureIgnoreCase))
-                .FirstOrDefault();
-
-            if(instToReplace != null) {
-                rewriter.Replace(instToReplace, Instruction.Create(OpCodes.Ldstr, certificate.Thumbprint));
-            }
-            else {
-                Console.WriteLine("Cant find inst");
-            }
-
-            // foreach (var inst in ctor.Body.Instructions)
-            // {
-            //     Console.Write(inst.OpCode.Name + " " + inst.Operand?.GetType() + " = ");
-            //     if(inst.OpCode.FlowControl == FlowControl.Call) {
-            //         Console.WriteLine(inst.Operand);
-            //     }
-            //     else if(inst.OpCode == OpCodes.Ldstr) {
-            //         Console.WriteLine(inst.Operand);
-            //     }
-            //     else {Console.WriteLine();}
-            // }
-
-            module.Write("modified.dll");
-
-            return 0;
-        }
-    }
-}

src/bitBetter/bitBetter.csproj

@@ -1,12 +0,0 @@
-<Project Sdk="Microsoft.NET.Sdk">
-
-  <PropertyGroup>
-    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp6.0</TargetFramework>
-  </PropertyGroup>
-
-  <ItemGroup>
-    <PackageReference Include="Mono.Cecil" Version="0.11.2" />
-  </ItemGroup>
-
-</Project>

src/bitBetter/build.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-dotnet restore
-dotnet publish

src/licenseGen/Dockerfile

@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 as build
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
 
 WORKDIR /licenseGen
 
@@ -12,6 +12,6 @@ RUN set -e; set -x; \
 
 FROM bitbetter/api
 
-COPY --from=build /licenseGen/bin/Debug/netcoreapp6.0/publish/* /app/
+COPY --from=build /licenseGen/bin/Release/net8.0/publish/* /app/
 
 ENTRYPOINT [ "dotnet", "/app/licenseGen.dll", "--core", "/app/Core.dll", "--cert", "/cert.pfx" ]

src/licenseGen/Program.cs

@@ -398,7 +398,7 @@ namespace bitwardenSelfLicensor
 
             var type = core.GetType("Bit.Core.Models.Business.OrganizationLicense");
             var licenseTypeEnum = core.GetType("Bit.Core.Enums.LicenseType");
-            var planTypeEnum = core.GetType("Bit.Core.Enums.PlanType");
+            var planTypeEnum = core.GetType("Bit.Core.Billing.Enums.PlanType");
 
             var license = Activator.CreateInstance(type);
 
@@ -414,14 +414,14 @@ namespace bitwardenSelfLicensor
             set("BillingEmail", email);
             set("BusinessName", string.IsNullOrWhiteSpace(businessName) ? "BitBetter" : businessName);
             set("Enabled", true);
-            set("Plan", "Custom");
-            set("PlanType", Enum.Parse(planTypeEnum, "Custom"));
-            set("Seats", (int)short.MaxValue);
+            set("Plan", "Enterprise (Annually)");
+            set("PlanType", Enum.Parse(planTypeEnum, "EnterpriseAnnually"));
+            set("Seats", int.MaxValue);
             set("MaxCollections", short.MaxValue);
             set("UsePolicies", true);
             set("UseSso", true);
             set("UseKeyConnector", true);
-            //set("UseScim", true); // available in version 10, which is not released yet
+            set("UseScim", true);
             set("UseGroups", true);
             set("UseEvents", true);
             set("UseDirectory", true);
@@ -429,15 +429,22 @@ namespace bitwardenSelfLicensor
             set("Use2fa", true);
             set("UseApi", true);
             set("UseResetPassword", true);
+            set("UseCustomPermissions", true);
             set("MaxStorageGb", storage == 0 ? short.MaxValue : storage);
             set("SelfHost", true);
             set("UsersGetPremium", true);
-            set("Version", 9);
+            set("UsePasswordManager", true);
+            set("UseSecretsManager", true);
+            set("SmSeats", int.MaxValue);
+            set("SmServiceAccounts", int.MaxValue);
+            set("Version", 15); //This is set to 15 to use AllowAdminAccessToAllCollectionItems can be changed to 13 to just use Secrets Manager
             set("Issued", DateTime.UtcNow);
             set("Refresh", DateTime.UtcNow.AddYears(100).AddMonths(-1));
             set("Expires", DateTime.UtcNow.AddYears(100));
             set("Trial", false);
             set("LicenseType", Enum.Parse(licenseTypeEnum, "Organization"));
+            set("LimitCollectionCreationDeletion", true); //This will be used in the new version of BitWarden but can be applied now
+            set("AllowAdminAccessToAllCollectionItems", true);
 
             set("Hash", Convert.ToBase64String((byte[])type.GetMethod("ComputeHash").Invoke(license, new object[0])));
             set("Signature", Convert.ToBase64String((byte[])type.GetMethod("Sign").Invoke(license, new object[] { cert })));

src/licenseGen/licenseGen.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
   </PropertyGroup>
 
   <ItemGroup>

update-bitwarden.sh

@@ -32,14 +32,14 @@ RECREATE_OV=${tmprecreate:-$RECREATE_OV}
 if [[ $RECREATE_OV =~ ^[Yy]$ ]]
 then
     {
-        echo "version: '3'"
-        echo ""
         echo "services:"
         echo "  api:"
         echo "    image: bitbetter/api:$BW_VERSION"
+        echo "    pull_policy: never"
         echo ""
         echo "  identity:"
         echo "    image: bitbetter/identity:$BW_VERSION"
+        echo "    pull_policy: never"        
         echo ""
     } > $BITWARDEN_BASE/bwdata/docker/docker-compose.override.yml
     echo "BitBetter docker-compose override created!"
@@ -71,7 +71,7 @@ cd $BITWARDEN_BASE
 ./bitwarden.sh updateself
 
 # Update the bitwarden.sh: automatically patch run.sh to fix docker-compose pull errors for private images
-awk '1;/function downloadRunFile/{c=6}c&&!--c{print "sed -i '\''s/dccmd pull/dccmd pull --ignore-pull-failures || true/g'\'' $SCRIPTS_DIR/run.sh"}' $BITWARDEN_BASE/bitwarden.sh > tmp_bw.sh && mv tmp_bw.sh $BITWARDEN_BASE/bitwarden.sh 
+sed -i 's/chmod u+x $SCRIPTS_DIR\/run.sh/chmod u+x $SCRIPTS_DIR\/run.sh\n        sed -i \x27s\/dccmd pull\/dccmd pull --ignore-pull-failures || true\/g\x27 $SCRIPTS_DIR\/run.sh/g' -i $BITWARDEN_BASE/bitwarden.sh
 chmod +x $BITWARDEN_BASE/bitwarden.sh
 echo "Patching bitwarden.sh completed..."