other/BitBetter
1
0
Fork 0
mirror of https://github.com/jakeswenson/BitBetter.git synced 2026-06-05 19:13:39 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: other:lite
Branches Tags
other:master other:lite
..
compare: other:3a1218cb51b6151e1235e2c114fae8387878700c
Branches Tags
other:lite other:master

3 Commits
lite ... 3a1218cb51

Author SHA1 Message Date
Joseph Gigantino
3a1218cb51 Merge d56e51596b into 02740e84b6 2025-06-13 13:40:46 -04:00
Joseph Gigantino
d56e51596b Merge branch 'unified' into patch-1 2025-06-13 13:40:44 -04:00
Joseph Gigantino
229894f944 Update serverlist.txt so that by default all lines are comments 2025-03-29 19:17:51 -04:00
19 changed files with 762 additions and 1143 deletions
Expand all files Collapse all files

8
.circleci/config.yml
View File

@@ -12,10 +12,4 @@ jobs:
command: ./generateKeys.sh
- run:
name: Build script
command: ./build.sh update
- run:
name: Test generating user license
command: ./licenseGen.sh user TestName TestEmail@example.com 4a619d4a-522d-4c70-8596-affb5b607c23
- run:
name: Test generating organization license
command: ./licenseGen.sh org TestName TestEmail@example.com 4a619d4a-522d-4c70-8596-affb5b607c23
command: ./build.sh y

19
.editorconfig
View File

@@ -1,19 +0,0 @@
root=true
###############################
# Core EditorConfig Options #
###############################
# All files
[*]
indent_style=tab
indent_size=4
trim_trailing_whitespace=true
end_of_line=lf
charset=utf-8
[*.{cs}]
insert_final_newline=false
[*.{md,mkdn}]
trim_trailing_whitespace = true
indent_style = space

1
.gitattributes vendored
View File

@@ -1 +0,0 @@
* text eol=lf

3
.gitignore vendored
View File

@@ -7,6 +7,5 @@ src/bitBetter/.vs/*
*.pem
.vscode/
*.pfx
*.cer
*.cert
*.vsidx
.DS_Store

2
.servers/serverlist.txt
View File

@@ -1,4 +1,4 @@
# Uncomment a line below and fill in the missing values or add your own. Every line in this file will be called by build.[sh|ps1] once the patched image is built.
# docker run -d --name bitwarden --restart=always -v <full-local-path>\logs:/var/log/bitwarden -v <full-local-path>\bwdata:/etc/bitwarden -p 80:8080 --env-file <full-local-path>\settings.env bitwarden-patched
# docker run -d --name bitwarden -v <full-local-path>\logs:/var/log/bitwarden -v <full-local-path>\bwdata:/etc/bitwarden -p 80:8080 --env-file <full-local-path>\settings.env bitwarden-patch
# <OR>
# docker-compose -f <full-local-path>/docker-compose.yml up -d

70
README.md
View File

@@ -1,14 +1,12 @@
# BitBetter lite
# BitBetter
BitBetter is is a tool to modify Bitwarden's core dll to allow you to generate your own individual and organisation licenses.
Please see the FAQ below for details on why this software was created.
Be aware that this branch is **only** for the lite (formerly unified) version of bitwarden. It has been rewritten and works in different ways than the master branch.
_Beware! BitBetter does some semi janky stuff to rewrite the bitwarden core dll and allow the installation of a self signed certificate. Use at your own risk!_
_Beware! BitBetter is a solution that generates a personal certificate and uses that to generate custom licences. This requires (automated) modifying of libraries. Use at your own risk!_
Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter and https://github.com/GieltjE/BitBetter
Credit to https://github.com/h44z/BitBetter and https://github.com/jakeswenson/BitBetter
# Table of Contents
- [BitBetter](#bitbetter)
@@ -32,14 +30,14 @@ The following instructions are for unix-based systems (Linux, BSD, macOS) and Wi
## Dependencies
Aside from docker, which you also need for Bitwarden, BitBetter requires the following:
* Bitwarden (tested with 2025.11.1 might work on lower versions), for safety always stay up to date
* Bitwarden (tested with 1.47.1, might work on lower versions)
* openssl (probably already installed on most Linux or WSL systems, any version should work, on Windows it will be auto installed using winget)
## Setting up BitBetter
With your dependencies installed, begin the installation of BitBetter by downloading it through Github or using the git command:
```
git clone https://github.com/jakeswenson/BitBetter.git -b lite
git clone https://github.com/jakeswenson/BitBetter.git
```
### Optional: Manually generating Certificate & Key
@@ -48,8 +46,8 @@ If you wish to generate your self-signed cert & key manually, you can run the fo
```bash
cd .keys
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cer -days 36500 -outform DER -passout pass:test
openssl x509 -inform DER -in cert.cer -out cert.pem
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.cert -days 36500 -outform DER -passout pass:test
openssl x509 -inform DER -in cert.cert -out cert.pem
openssl pkcs12 -export -out cert.pfx -inkey key.pem -in cert.pem -passin pass:test -passout pass:test
```
@@ -65,14 +63,14 @@ The scripts supports running and patching multi instances.
Edit the .servers/serverlist.txt file and fill in the missing values, they can be replaced with existing installation values.
This file may be empty, but there will be no containers will be spun up automatically.
Now it is time to **run the main build script** to generate a modified version of the `ghcr.io/bitwarden/lite` docker image and the license generator.
Now it is time to **run the main build script** to generate a modified version of the `ghcr.io/bitwarden/self-host` docker image and the license generator.
From the BitBetter directory, simply run:
```
./build.[sh|ps1]
```
This will create a new self-signed certificate in the `.keys` directory if one does not already exist and then create a modified version of the official `ghcr.io/bitwarden/lite` image called `bitwarden-patched`.
This will create a new self-signed certificate in the `.keys` directory if one does not already exist and then create a modified version of the official `ghcr.io/bitwarden/self-host` image called `bitwarden-patch`.
Afterwards it will automatically generate the license generator and start all previously specified containers which are **now ready to accept self-issued licenses.**
@@ -100,36 +98,6 @@ If you ran the build script, you can **simply run the license gen in interactive
**The license generator will spit out a JSON-formatted license which can then be used within the Bitwarden web front-end to license your user or org!**
## Migrating from mssql to a real database
Prepare a new database and bwdata directory, download and prepare the new settings.env (https://raw.githubusercontent.com/bitwarden/self-host/refs/heads/main/bitwarden-lite/settings.env)
Make sure you can get the data from either the backup file or by connecting directly to the mssql database (navicat has a trial).
If required (e.g. you cannot connect to your docker mssql server directly) download Microsoft SQL Server 2022 and SQL Server Management Studio (the latter can be used to import the .bak file)
After cloning this repo and modifying .servers/serverlist.txt to suit your new environment do the following:
```
docker exec -i bitwarden-mssql /backup-db.sh
./bitwarden.sh stop
```
Run build.sh and ensure your new instance serves a webpage AND has populated the new database with the tables (should be empty now)
Proceed to stop the new container for now.
Copy from the old to the new bwdata directory (do not copy/overwrite identity.pfx!):
- bwdata/core/licenses to bwdata-new/licenses
- bwdata/core/aspnet-dataprotection to bwdata-new/data-protection
- bwdata/core/attachments to bwdata-new/attachments
Export data only from the old sql server database, if needed import the .bak file to a local mssql instance.
Only export tables that have rows, makes it much quicker, .json is the easiest with navicat.
Import the rows to the real database, start the new docker container.
---
# FAQ: Questions you might have.
@@ -146,26 +114,6 @@ In the past we have done so but they were not focused on the type of customer th
UPDATE: Bitwarden now offers a cheap license called [Families Organization](https://bitwarden.com/pricing/) that provides premium features and the ability to self-host Bitwarden for six persons.
## 2fa doesn't work
Unfortunately the new BitWarden container doesn't set the timezone and ignores TZ= from the environment, can be fixed by:
```
docker exec bitwarden ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
```
## Changes in settings.env
Require a recreation of the docker container, build.sh will suffice too.
## Migrating from the old unified branch
```
git branch -m unified lite
git fetch origin
git branch -u origin/lite lite
git remote set-head origin -a
```
# Footnotes

116
build.ps1
View File

@@ -1,20 +1,10 @@
$ErrorActionPreference = 'Stop'
$PSNativeCommandUseErrorActionPreference = $true
# detect buildx, ErrorActionPreference will ensure the script stops execution if not found
docker buildx version
# Enable BuildKit for better build experience and to ensure platform args are populated
$env:DOCKER_BUILDKIT=1
$env:COMPOSE_DOCKER_CLI_BUILD=1
# define temporary directory
$tempdirectory = "$pwd\temp"
# define services to patch
$components = "Api","Identity"
# delete old directories / files if applicable
if (Test-Path "$tempdirectory" -PathType Container) {
if (Test-Path "$tempdirectory") {
Remove-Item "$tempdirectory" -Recurse -Force
}
@@ -26,65 +16,52 @@ if (Test-Path -Path "$pwd\src\licenseGen\cert.pfx" -PathType Leaf) {
Remove-Item "$pwd\src\licenseGen\cert.pfx" -Force
}
if (Test-Path -Path "$pwd\src\bitBetter\cert.cer" -PathType Leaf) {
Remove-Item "$pwd\src\bitBetter\cert.cer" -Force
}
if (Test-Path "$pwd\.keys\cert.cert" -PathType Leaf) {
Rename-Item -Path "$pwd\.keys\cert.cert" -NewName "$pwd\.keys\cert.cer"
if (Test-Path -Path "$pwd\src\bitBetter\cert.cert" -PathType Leaf) {
Remove-Item "$pwd\src\bitBetter\cert.cert" -Force
}
# generate keys if none are available
if (!(Test-Path "$pwd\.keys" -PathType Container)) {
if (!(Test-Path "$pwd\.keys")) {
.\generateKeys.ps1
}
# copy the key to bitBetter
Copy-Item "$pwd\.keys\cert.cer" -Destination "$pwd\src\bitBetter"
# copy the key to bitBetter and licenseGen
Copy-Item "$pwd\.keys\cert.cert" -Destination "$pwd\src\bitBetter"
Copy-Item "$pwd\.keys\cert.pfx" -Destination "$pwd\src\licenseGen"
# build bitBetter and clean the source directory after
docker build --no-cache -t bitbetter/bitbetter "$pwd\src\bitBetter"
Remove-Item "$pwd\src\bitBetter\cert.cer" -Force
docker build -t bitbetter/bitbetter "$pwd\src\bitBetter"
Remove-Item "$pwd\src\bitBetter\cert.cert" -Force
# gather all running instances, cannot run a wildcard filter on Ancestor= :(, does find all where name = *bitwarden*
# gather all running instances
$oldinstances = docker container ps --all -f Name=bitwarden --format '{{.ID}}'
# stop and remove all running instances
# stop all running instances
foreach ($instance in $oldinstances) {
docker stop $instance
docker rm $instance
}
# update bitwarden itself
if ($args[0] -eq 'update') {
docker pull ghcr.io/bitwarden/lite:latest
} else {
$confirmation = Read-Host "Update (or get) bitwarden source container (y/n)"
if ($args[0] -eq 'y')
{
docker pull ghcr.io/bitwarden/self-host:beta
}
else
{
$confirmation = Read-Host "Update (or get) bitwarden source container"
if ($confirmation -eq 'y') {
docker pull ghcr.io/bitwarden/lite:latest
docker pull ghcr.io/bitwarden/self-host:beta
}
}
# stop and remove previous existing patch(ed) container
$oldinstances = docker container ps --all -f Ancestor=bitwarden-patched --format '{{.ID}}'
foreach ($instance in $oldinstances) {
docker stop $instance
docker rm $instance
}
$oldinstances = docker image ls bitwarden-patched --format '{{.ID}}'
foreach ($instance in $oldinstances) {
docker image rm $instance
}
# remove old extract containers
$oldinstances = docker container ps --all -f Name=bitwarden-extract --format '{{.ID}}'
foreach ($instance in $oldinstances) {
docker stop $instance
docker rm $instance
}
docker stop bitwarden-patch
docker rm bitwarden-patch
docker image rm bitwarden-patch
# start a new bitwarden instance so we can patch it
$patchinstance = docker run -d --name bitwarden-extract ghcr.io/bitwarden/lite:latest
$patchinstance = docker run -d --name bitwarden-patch ghcr.io/bitwarden/self-host:beta
# create our temporary directory
New-item -ItemType Directory -Path $tempdirectory
@@ -92,55 +69,36 @@ New-item -ItemType Directory -Path $tempdirectory
# extract the files that need to be patched from the services that need to be patched into our temporary directory
foreach ($component in $components) {
New-item -itemtype Directory -path "$tempdirectory\$component"
docker cp $patchinstance`:/app/$component/$component "$tempdirectory\$component\$component"
docker cp $patchinstance`:/etc/supervisor.d/$($component.ToLower()).ini "$tempdirectory\$($component.ToLower()).ini"
docker cp $patchinstance`:/app/$component/Core.dll "$tempdirectory\$component\Core.dll"
}
# stop and remove our temporary container
docker stop bitwarden-extract
docker rm bitwarden-extract
# run bitBetter, this applies our patches to the required files
docker run -v "$tempdirectory`:/app/mount" --rm bitbetter/bitbetter
# create a new image with the patched files
if (Test-Path -Path "$pwd\Dockerfile-bitwarden-patch" -PathType Leaf) {
Remove-Item "$pwd\Dockerfile-bitwarden-patch" -Force
}
$dockerFile = "FROM mcr.microsoft.com/dotnet/aspnet:10.0-alpine3.23"
$dockerFile = -join($dockerFile, "FROM ghcr.io/bitwarden/lite:latest")
$dockerFile = -join($dockerFile, "COPY --from=0 /usr/share/dotnet /usr/share/dotnet")
foreach ($component in $components) {
$dockerFile = -join($dockerFile, "`n`nCOPY ./temp/$component/ /app/$component/")
$dockerFile = -join($dockerFile, "`nCOPY ./temp/$($component.ToLower()).ini /etc/supervisor.d/$($component.ToLower()).ini")
$dockerFile = -join($dockerFile, "`nRUN rm -f /app/$component/$component")
}
[System.IO.File]::WriteAllLines("$pwd\Dockerfile-bitwarden-patch", $dockerFile)
docker build . --tag bitwarden-patched --file "$pwd\Dockerfile-bitwarden-patch"
Remove-Item "$pwd\Dockerfile-bitwarden-patch" -Force
docker build . --tag bitwarden-patch --file "$pwd\src\bitBetter\Dockerfile-bitwarden-patch"
# stop and remove our temporary container
docker stop bitwarden-patch
docker rm bitwarden-patch
# copy our patched library to the licenseGen source directory
Copy-Item "$tempdirectory\Identity\Core.dll" -Destination "$pwd\src\licenseGen"
# remove our temporary directory
Remove-Item "$tempdirectory" -Recurse -Force
# start all user requested instances
if (Test-Path -Path "$pwd\.servers\serverlist.txt" -PathType Leaf) {
foreach($line in Get-Content "$pwd\.servers\serverlist.txt") {
if ((-not ($line.StartsWith("#"))) -and (-not [string]::IsNullOrWhiteSpace($line))) {
Invoke-Expression "& $line"
}
}
foreach($line in Get-Content "$pwd\.servers\serverlist.txt") {
Invoke-Expression "& $line"
}
# remove our bitBetter image
docker image rm bitbetter/bitbetter
# copy our patched library to the licenseGen source directory
Copy-Item "$tempdirectory\Identity\Core.dll" -Destination "$pwd\src\licenseGen"
Copy-Item "$pwd\.keys\cert.pfx" -Destination "$pwd\src\licenseGen"
# build the licenseGen
docker build -t bitbetter/licensegen "$pwd\src\licenseGen"
# clean the licenseGen source directory
Remove-Item "$pwd\src\licenseGen\Core.dll" -Force
Remove-Item "$pwd\src\licenseGen\cert.pfx" -Force
# remove our temporary directory
Remove-Item "$tempdirectory" -Recurse -Force

120
build.sh
View File

@@ -1,12 +1,4 @@
#!/bin/bash
set -e
# detect buildx, set -e will ensure the script stops execution if not found
docker buildx version
# Enable BuildKit for better build experience and to ensure platform args are populated
export DOCKER_BUILDKIT=1
export COMPOSE_DOCKER_CLI_BUILD=1
# define temporary directory
TEMPDIRECTORY="$PWD/temp"
@@ -20,19 +12,15 @@ if [ -d "$TEMPDIRECTORY" ]; then
fi
if [ -f "$PWD/src/licenseGen/Core.dll" ]; then
rm -f "$PWD/src/licenseGen/Core.dll"
rm -f "$PWD/src/licenseGen/Core.dll"
fi
if [ -f "$PWD/src/licenseGen/cert.pfx" ]; then
rm -f "$PWD/src/licenseGen/cert.pfx"
rm -f "$PWD/src/licenseGen/cert.pfx"
fi
if [ -f "$PWD/src/bitBetter/cert.cer" ]; then
rm -f "$PWD/src/bitBetter/cert.cer"
fi
if [ -f "$PWD/.keys/cert.cert" ]; then
mv "$PWD/.keys/cert.cert" "$PWD/.keys/cert.cer"
if [ -f "$PWD/src/bitBetter/cert.cert" ]; then
rm -f "$PWD/src/bitBetter/cert.cert"
fi
# generate keys if none are available
@@ -40,52 +28,42 @@ if [ ! -d "$PWD/.keys" ]; then
./generateKeys.sh
fi
# copy the key to bitBetter
cp -f "$PWD/.keys/cert.cer" "$PWD/src/bitBetter"
# copy the key to bitBetter and licenseGen
cp -f "$PWD/.keys/cert.cert" "$PWD/src/bitBetter"
cp -f "$PWD/.keys/cert.pfx" "$PWD/src/licenseGen"
# build bitBetter and clean the source directory after
docker build --no-cache -t bitbetter/bitbetter "$PWD/src/bitBetter"
rm -f "$PWD/src/bitBetter/cert.cer"
docker build -t bitbetter/bitbetter "$PWD/src/bitBetter"
rm -f "$PWD/src/bitBetter/cert.cert"
# gather all running instances, cannot run a wildcard filter on Ancestor= :(, does find all where name = *bitwarden*
# gather all running instances
OLDINSTANCES=$(docker container ps --all -f Name=bitwarden --format '{{.ID}}')
# stop and remove all running instances
# stop all running instances
for INSTANCE in ${OLDINSTANCES[@]}; do
docker stop $INSTANCE
docker rm $INSTANCE
done
# update bitwarden itself
if [ "$1" = "update" ]; then
docker pull ghcr.io/bitwarden/lite:latest
if [ "$1" = "y" ]; then
docker pull ghcr.io/bitwarden/self-host:beta
else
read -p "Update (or get) bitwarden source container (y/n): "
if [[ $REPLY =~ ^[Yy]$ ]]; then
docker pull ghcr.io/bitwarden/lite:latest
read -p "Update (or get) bitwarden source container: " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]
then
docker pull ghcr.io/bitwarden/self-host:beta
fi
fi
# stop and remove previous existing patch(ed) container
OLDINSTANCES=$(docker container ps --all -f Ancestor=bitwarden-patched --format '{{.ID}}')
for INSTANCE in ${OLDINSTANCES[@]}; do
docker stop $INSTANCE
docker rm $INSTANCE
done
OLDINSTANCES=$(docker image ls bitwarden-patched --format '{{.ID}}')
for INSTANCE in ${OLDINSTANCES[@]}; do
docker image rm $INSTANCE
done
# remove old extract containers
OLDINSTANCES=$(docker container ps --all -f Name=bitwarden-extract --format '{{.ID}}')
for INSTANCE in ${OLDINSTANCES[@]}; do
docker stop $INSTANCE
docker rm $INSTANCE
done
docker stop bitwarden-patch
docker rm bitwarden-patch
docker image rm bitwarden-patch
# start a new bitwarden instance so we can patch it
PATCHINSTANCE=$(docker run -d --name bitwarden-extract ghcr.io/bitwarden/lite:latest)
PATCHINSTANCE=$(docker run -d --name bitwarden-patch ghcr.io/bitwarden/self-host:beta)
# create our temporary directory
mkdir $TEMPDIRECTORY
@@ -93,50 +71,33 @@ mkdir $TEMPDIRECTORY
# extract the files that need to be patched from the services that need to be patched into our temporary directory
for COMPONENT in ${COMPONENTS[@]}; do
mkdir "$TEMPDIRECTORY/$COMPONENT"
docker cp $PATCHINSTANCE:/app/$COMPONENT/$COMPONENT "$TEMPDIRECTORY/$COMPONENT/$COMPONENT"
docker cp $PATCHINSTANCE:/etc/supervisor.d/${COMPONENT,,}.ini "$TEMPDIRECTORY/${COMPONENT,,}.ini"
docker cp $PATCHINSTANCE:/app/$COMPONENT/Core.dll "$TEMPDIRECTORY/$COMPONENT/Core.dll"
done
# stop and remove our temporary container
docker stop bitwarden-extract
docker rm bitwarden-extract
# run bitBetter, this applies our patches to the required files
docker run -v "$TEMPDIRECTORY:/app/mount" --rm bitbetter/bitbetter
# create a new image with the patched files
if [ -f "$PWD/Dockerfile-bitwarden-patch" ]; then
rm -f "$PWD/Dockerfile-bitwarden-patch"
fi
echo "FROM mcr.microsoft.com/dotnet/aspnet:10.0-alpine3.23" >> "$PWD/Dockerfile-bitwarden-patch"
echo "FROM ghcr.io/bitwarden/lite:latest" >> "$PWD/Dockerfile-bitwarden-patch"
echo "COPY --from=0 /usr/share/dotnet /usr/share/dotnet" >> "$PWD/Dockerfile-bitwarden-patch"
for COMPONENT in ${COMPONENTS[@]}; do
echo "" >> "$PWD/Dockerfile-bitwarden-patch"
echo "RUN rm -f /app/$COMPONENT/$COMPONENT" >> "$PWD/Dockerfile-bitwarden-patch"
echo "COPY ./temp/${COMPONENT,,}.ini /etc/supervisor.d/${COMPONENT,,}.ini" >> "$PWD/Dockerfile-bitwarden-patch"
echo "COPY ./temp/$COMPONENT/ /app/$COMPONENT/" >> "$PWD/Dockerfile-bitwarden-patch"
done
docker build . --tag bitwarden-patched --file "$PWD/Dockerfile-bitwarden-patch"
rm -f "$PWD/Dockerfile-bitwarden-patch"
docker build . --tag bitwarden-patch --file "$PWD/src/bitBetter/Dockerfile-bitwarden-patch"
# start all user requested instances
if [ -f "$PWD/.servers/serverlist.txt" ]; then
# convert line endings to unix
sed -i 's/\r$//' "$PWD/.servers/serverlist.txt"
cat "$PWD/.servers/serverlist.txt" | while read -r LINE; do
if [[ $LINE != "#"* && -n $LINE ]]; then
bash -c "$LINE"
fi
done
fi
# remove our bitBetter image
docker image rm bitbetter/bitbetter
# stop and remove our temporary container
docker stop bitwarden-patch
docker rm bitwarden-patch
# copy our patched library to the licenseGen source directory
cp -f "$TEMPDIRECTORY/Identity/Core.dll" "$PWD/src/licenseGen"
cp -f "$PWD/.keys/cert.pfx" "$PWD/src/licenseGen"
# remove our temporary directory
rm -rf "$TEMPDIRECTORY"
# start all user requested instances
sed -i 's/\r$//' "$PWD/.servers/serverlist.txt"
cat "$PWD/.servers/serverlist.txt" | while read -r LINE; do
bash -c "$LINE"
done
# remove our bitBetter image
docker image rm bitbetter/bitbetter
# build the licenseGen
docker build -t bitbetter/licensegen "$PWD/src/licenseGen"
@@ -144,6 +105,3 @@ docker build -t bitbetter/licensegen "$PWD/src/licenseGen"
# clean the licenseGen source directory
rm -f "$PWD/src/licenseGen/Core.dll"
rm -f "$PWD/src/licenseGen/cert.pfx"
# remove our temporary directory
rm -rf "$TEMPDIRECTORY"

11
generateKeys.ps1
View File

@@ -1,13 +1,10 @@
$ErrorActionPreference = 'Stop'
$PSNativeCommandUseErrorActionPreference = $true
# get the basic openssl binary path
$opensslbinary = "$Env:Programfiles\OpenSSL-Win64\bin\openssl.exe"
# if openssl is not installed attempt to install it
if (!(Get-Command $opensslbinary -errorAction SilentlyContinue))
{
winget install openssl
winget install openssl
}
# if previous keys exist, remove them
@@ -20,6 +17,6 @@ if (Test-Path "$pwd\.keys")
New-item -ItemType Directory -Path "$pwd\.keys"
# generate actual keys
Invoke-Expression "& '$opensslbinary' req -x509 -newkey rsa:4096 -keyout `"$pwd\.keys\key.pem`" -out `"$pwd\.keys\cert.cer`" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test"
Invoke-Expression "& '$opensslbinary' x509 -inform DER -in `"$pwd\.keys\cert.cer`" -out `"$pwd\.keys\cert.pem`""
Invoke-Expression "& '$opensslbinary' pkcs12 -export -out `"$pwd\.keys\cert.pfx`" -inkey `"$pwd\.keys\key.pem`" -in `"$pwd\.keys\cert.pem`" -passin pass:test -passout pass:test -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256"
Invoke-Expression "& '$opensslbinary' req -x509 -newkey rsa:4096 -keyout `"$pwd\.keys\key.pem`" -out `"$pwd\.keys\cert.cert`" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test"
Invoke-Expression "& '$opensslbinary' x509 -inform DER -in `"$pwd\.keys\cert.cert`" -out `"$pwd\.keys\cert.pem`""
Invoke-Expression "& '$opensslbinary' pkcs12 -export -out `"$pwd\.keys\cert.pfx`" -inkey `"$pwd\.keys\key.pem`" -in `"$pwd\.keys\cert.pem`" -passin pass:test -passout pass:test"

7
generateKeys.sh
View File

@@ -1,5 +1,4 @@
#!/bin/bash
set -e
# Check for openssl
command -v openssl >/dev/null 2>&1 || { echo >&2 "openssl required but not found. Aborting."; exit 1; }
@@ -15,6 +14,6 @@ fi
mkdir "$DIR"
# Generate new keys
openssl req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cer" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test
openssl x509 -inform DER -in "$DIR/cert.cer" -out "$DIR/cert.pem"
openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256
openssl req -x509 -newkey rsa:4096 -keyout "$DIR/key.pem" -out "$DIR/cert.cert" -days 36500 -subj '/CN=www.mydom.com/O=My Company Name LTD./C=US' -outform DER -passout pass:test
openssl x509 -inform DER -in "$DIR/cert.cert" -out "$DIR/cert.pem"
openssl pkcs12 -export -out "$DIR/cert.pfx" -inkey "$DIR/key.pem" -in "$DIR/cert.pem" -passin pass:test -passout pass:test

19
licenseGen.ps1
View File

@@ -1,17 +1,14 @@
$ErrorActionPreference = 'Stop'
$PSNativeCommandUseErrorActionPreference = $true
if ($($args.Count) -lt 1) {
echo "USAGE: <License Gen action> [License Gen args...]"
echo "ACTIONS:"
echo " interactive"
echo " user"
echo " org"
echo "USAGE: <License Gen action> [License Gen args...]"
echo "ACTIONS:"
echo " interactive"
echo " user"
echo " org"
Exit 1
}
if ($args[0] -eq "interactive") {
docker run -it --rm bitbetter/licensegen interactive
if ($args[0] = "interactive") {
docker run -it --rm bitbetter/licensegen interactive
} else {
docker run bitbetter/licensegen $args
docker run bitbetter/licensegen $args
}

13
licenseGen.sh
View File

@@ -1,13 +1,12 @@
#!/bin/bash
set -e
if [ $# -lt 1 ]; then
echo "USAGE: <License Gen action> [License Gen args...]"
echo "ACTIONS:"
echo " interactive"
echo " user"
echo " org"
exit 1
echo "USAGE: <License Gen action> [License Gen args...]"
echo "ACTIONS:"
echo " interactive"
echo " user"
echo " org"
exit 1
fi
if [ "$1" = "interactive" ]; then

8
src/bitBetter/Dockerfile
View File

@@ -1,14 +1,14 @@
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
WORKDIR /bitBetter
COPY . /bitBetter
COPY cert.cer /app/
COPY cert.cert /app/
RUN dotnet restore
RUN dotnet publish -c Release -o /app --no-restore
FROM mcr.microsoft.com/dotnet/sdk:10.0
FROM mcr.microsoft.com/dotnet/sdk:8.0
WORKDIR /app
COPY --from=build /app .
ENTRYPOINT ["dotnet", "/app/bitBetter.dll"]
ENTRYPOINT [ "/app/bitBetter" ]

4
src/bitBetter/Dockerfile-bitwarden-patch Normal file
View File

@@ -0,0 +1,4 @@
FROM ghcr.io/bitwarden/self-host:beta
COPY ./temp/Api/Core.dll /app/Api/Core.dll
COPY ./temp/Identity/Core.dll /app/Identity/Core.dll

163
src/bitBetter/Program.cs
View File

@@ -1,142 +1,75 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using dnlib.DotNet;
using dnlib.DotNet.Emit;
using dnlib.DotNet.Writer;
using dnlib.IO;
using SingleFileExtractor.Core;
namespace bitBetter;
internal class Program
{
private static Int32 Main()
{
const String certFile = "/app/cert.cer";
private static Int32 Main()
{
const String certFile = "/app/cert.cert";
String[] files = Directory.GetFiles("/app/mount", "Core.dll", SearchOption.AllDirectories);
foreach (String iniFile in Directory.GetFiles("/app/mount/", "*.ini", SearchOption.TopDirectoryOnly))
{
Console.WriteLine("Patching: " + iniFile);
foreach (String file in files)
{
Console.WriteLine(file);
ModuleDefMD moduleDefMd = ModuleDefMD.Load(file);
Byte[] cert = File.ReadAllBytes(certFile);
String[] lines = File.ReadAllLines(iniFile);
for (Int32 i = 0; i < lines.Length; i++)
{
String line = lines[i];
if (!line.StartsWith("command=", StringComparison.Ordinal)) continue;
EmbeddedResource embeddedResourceToRemove = moduleDefMd.Resources
.OfType<EmbeddedResource>()
.First(r => r.Name.Equals("Bit.Core.licensing.cer"));
String appNameAndPath = line[(line.LastIndexOf('=') + 1)..];
lines[i] = "command=/usr/bin/dotnet \"" + appNameAndPath + ".dll\" --runtimeconfig \"" + appNameAndPath + ".runtimeconfig.json\"";
break;
}
File.WriteAllText(iniFile, String.Join("\n", lines), new UTF8Encoding(false));
}
Console.WriteLine(embeddedResourceToRemove.Name);
foreach (String singleFile in Directory.GetFiles("/app/mount/", "*", SearchOption.AllDirectories))
{
if (Path.HasExtension(singleFile)) continue;
EmbeddedResource embeddedResourceToAdd = new("Bit.Core.licensing.cer", cert) {Attributes = embeddedResourceToRemove.Attributes };
moduleDefMd.Resources.Add(embeddedResourceToAdd);
moduleDefMd.Resources.Remove(embeddedResourceToRemove);
Console.WriteLine("Extracting: " + singleFile);
DataReader reader = embeddedResourceToRemove.CreateReader();
X509Certificate2 existingCert = new(reader.ReadRemainingBytes());
ExecutableReader reader1 = new(singleFile);
String currentDirectory = Path.GetDirectoryName(singleFile);
String newCoreDll = Path.Combine(currentDirectory, "Core.dll");
reader1.ExtractToDirectory(currentDirectory);
reader1.Dispose();
Console.WriteLine($"Existing Cert Thumbprint: {existingCert.Thumbprint}");
X509Certificate2 certificate = new(cert);
File.Delete(singleFile);
Console.WriteLine($"New Cert Thumbprint: {certificate.Thumbprint}");
if (!File.Exists(newCoreDll))
{
Console.WriteLine("Could not extract Core.dll for " + singleFile);
Environment.Exit(-1);
}
IEnumerable<TypeDef> services = moduleDefMd.Types.Where(t => t.Namespace == "Bit.Core.Services");
TypeDef type = services.First(t => t.Name == "LicensingService");
MethodDef constructor = type.FindConstructors().First();
Console.WriteLine("Extracted: " + newCoreDll);
ModuleDefMD moduleDefMd = ModuleDefMD.Load(newCoreDll);
Byte[] cert = File.ReadAllBytes(certFile);
Instruction instructionToPatch =
constructor.Body.Instructions
.FirstOrDefault(i => i.OpCode == OpCodes.Ldstr
&& String.Equals((String)i.Operand, existingCert.Thumbprint, StringComparison.InvariantCultureIgnoreCase));
EmbeddedResource embeddedResourceToRemove = moduleDefMd.Resources.OfType<EmbeddedResource>().First(r => r.Name.Equals("Bit.Core.licensing.cer"));
EmbeddedResource embeddedResourceToAdd = new("Bit.Core.licensing.cer", cert) { Attributes = embeddedResourceToRemove.Attributes };
moduleDefMd.Resources.Add(embeddedResourceToAdd);
moduleDefMd.Resources.Remove(embeddedResourceToRemove);
if (instructionToPatch != null)
{
instructionToPatch.Operand = certificate.Thumbprint;
}
else
{
Console.WriteLine("Can't find constructor to patch");
}
DataReader reader = embeddedResourceToRemove.CreateReader();
ModuleWriterOptions moduleWriterOptions = new(moduleDefMd);
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.KeepOldMaxStack;
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll;
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveRids;
X509Certificate2 existingCert = X509CertificateLoader.LoadCertificate(reader.ReadRemainingBytes());
X509Certificate2 certificate = X509CertificateLoader.LoadCertificate(cert);
Console.WriteLine($"Existing certificate Thumbprint: {existingCert.Thumbprint}");
Console.WriteLine($"New certificate Thumbprint: {certificate.Thumbprint}");
moduleDefMd.Write(file + ".new");
moduleDefMd.Dispose();
File.Delete(file);
File.Move(file + ".new", file);
}
// Find LicensingService by class name (namespace-agnostic to handle renames)
TypeDef type = moduleDefMd.Types.FirstOrDefault(t => String.Equals(t.Name, "LicensingService", StringComparison.OrdinalIgnoreCase));
if (type == null)
{
Console.Error.WriteLine("ERROR: LicensingService class not found");
return -1;
}
Console.WriteLine($"Found: {type.FullName}");
MethodDef constructor = type.FindConstructors().First();
if (constructor == null)
{
Console.Error.WriteLine("ERROR: Cannot find constructor");
return -1;
}
Instruction[] instructionToPatch = constructor.Body.Instructions
.Where(i => i.OpCode == OpCodes.Ldstr)
.Where(i => ((String)i.Operand)
.Contains(existingCert.Thumbprint, StringComparison.OrdinalIgnoreCase))
.ToArray();
if (instructionToPatch.Length > 0)
{
Console.WriteLine($"Found {instructionToPatch.Length} thumbprint Ldstr instruction(s) to replace");
foreach (Instruction inst in instructionToPatch)
{
Console.WriteLine($" Replacing: '{inst.Operand}'");
inst.Operand = certificate.Thumbprint;
}
}
else
{
Console.WriteLine("ERROR: Can't find instruction to patch");
return -1;
}
Console.WriteLine("Writing: " + newCoreDll);
ModuleWriterOptions moduleWriterOptions = new(moduleDefMd);
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.KeepOldMaxStack;
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveAll;
moduleWriterOptions.MetadataOptions.Flags |= MetadataFlags.PreserveRids;
moduleDefMd.Write(newCoreDll + ".new");
moduleDefMd.Dispose();
File.Delete(newCoreDll);
File.Move(newCoreDll + ".new", newCoreDll);
}
foreach (String runtimeConfigFile in Directory.GetFiles("/app/mount/", "*.runtimeconfig.json", SearchOption.AllDirectories))
{
Console.WriteLine("Patching: " + runtimeConfigFile);
String[] lines = File.ReadAllLines(runtimeConfigFile);
for (Int32 i = 0; i < lines.Length; i++)
{
String line = lines[i];
if (!line.Contains("includedFrameworks", StringComparison.Ordinal)) continue;
lines[i] = lines[i].Replace("includedFrameworks", "frameworks", StringComparison.Ordinal);
break;
}
File.WriteAllText(runtimeConfigFile, String.Join("\n", lines), new UTF8Encoding(false));
}
return 0;
}
return 0;
}
}

8
src/bitBetter/bitBetter.csproj
View File

@@ -1,10 +1,12 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net10.0</TargetFramework>
<TargetFramework>net8.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="dnlib" Version="4.5.0" />
<PackageReference Include="SingleFileExtractor.Core" Version="2.3.0" />
<PackageReference Include="dnlib" Version="4.4.0" />
</ItemGroup>
</Project>

6
src/licenseGen/Dockerfile
View File

@@ -1,4 +1,4 @@
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
WORKDIR /licenseGen
COPY . /licenseGen
@@ -8,8 +8,8 @@ COPY cert.pfx /app/
RUN dotnet restore
RUN dotnet publish -c Release -o /app --no-restore
FROM mcr.microsoft.com/dotnet/sdk:10.0
FROM mcr.microsoft.com/dotnet/sdk:8.0
WORKDIR /app
COPY --from=build /app .
ENTRYPOINT ["dotnet", "/app/licenseGen.dll", "--cert=/app/cert.pfx", "--core=/app/Core.dll"]
ENTRYPOINT [ "dotnet", "/app/licenseGen.dll", "--core", "/app/Core.dll", "--cert", "/app/cert.pfx" ]

1036
src/licenseGen/Program.cs
View File

File diff suppressed because it is too large Load Diff

9
src/licenseGen/licenseGen.csproj
View File

@@ -1,11 +1,14 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net10.0</TargetFramework>
<TargetFramework>net8.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="5.1.0" />
<PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="4.1.1" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="System.Runtime.Loader" Version="4.3.0" />
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.17.0" />
</ItemGroup>
</Project>