other/BitBetter
1
0
Fork 0
mirror of https://github.com/jakeswenson/BitBetter.git synced 2026-06-04 02:23:39 +00:00
Code Issues Projects Releases Wiki Activity
Files
8def331bb6d9572e4467675f7cc72cb66b764833
BitBetter/build.sh
Pascal Pothmann 8def331bb6 Update to .NET 10.0 and fix certificate validation for Bitwarden server 2026.5.0 (#282) 
* Update to .NET 10.0 for Bitwarden server 2026.5.0 compatibility

Bitwarden server 2026.5.0 ships with .NET 10.0 runtime only, breaking
the fast-patch build. This commit updates all .NET projects and build
pipelines to target net10.0 and the dotnet/sdk:10.0 image.

Additionally:
- Replace obsolete X509Certificate2(byte[]) constructors with
  X509CertificateLoader.LoadCertificate() / LoadPkcs12FromFile()
  to resolve SYSLIB0057 warnings introduced in .NET 9/10
- Add -certpbe AES-256-CBC -keypbe AES-256-CBC -macalg SHA256 to
  generate-keys.sh PKCS#12 export, fixing OpenSSL 3.x errors caused
  by the deprecated RC2-40-CBC legacy algorithm
- Update FixRuntimeConfig fallback framework version to 10.0.0

Fixes #281

Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>

* Fix certificate validation by replacing all thumbprint occurrences

Bitwarden's LicensingService performs two validation checks:
1. Validates _creationCertificate thumbprint
2. Validates all certificates in _verificationCertificates

The thumbprint constants are inlined at compile time, creating multiple
Ldstr instructions in the IL code. The patcher was only replacing the
first occurrence, causing the second validation to fail with:
'Invalid license verifying certificate.'

This fix replaces ALL occurrences of the old thumbprint to ensure both
validation checks pass.

Fixes runtime error: 'Invalid license verifying certificate'

---------

Signed-off-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
Co-authored-by: Pascal Pothmann <19438422+p0thi@users.noreply.github.com>
2026-06-03 21:57:45 +02:00

100 lines
3.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
set -e
DIR=`dirname "$0"`
DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd`
BW_VERSION=$(curl -sL https://go.btwrdn.co/bw-sh-versions | grep '^ *"'coreVersion'":' | awk -F\: '{ print $2 }' | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
echo "Building BitBetter for BitWarden version $BW_VERSION"
# Enable BuildKit for better build experience and to ensure platform args are populated
export DOCKER_BUILDKIT=1
export COMPOSE_DOCKER_CLI_BUILD=1
# Determine host architecture to use as default BUILDPLATFORM / TARGETPLATFORM if not supplied.
# Allow override via environment variables when invoking the script.
HOST_UNAME_ARCH=$(uname -m 2>/dev/null || echo unknown)
case "$HOST_UNAME_ARCH" in
x86_64|amd64) DEFAULT_ARCH=amd64 ;;
aarch64|arm64) DEFAULT_ARCH=arm64 ;;
armv7l|armv7) DEFAULT_ARCH=arm/v7 ;;
*) DEFAULT_ARCH=amd64 ;;
esac
: "${BUILDPLATFORM:=linux/${DEFAULT_ARCH}}"
: "${TARGETPLATFORM:=linux/${DEFAULT_ARCH}}"
echo "Using BUILDPLATFORM=$BUILDPLATFORM TARGETPLATFORM=$TARGETPLATFORM"
# If there aren't any keys, generate them first.
[ -e "$DIR/.keys/cert.cert" ] || "$DIR/.keys/generate-keys.sh"
if [ "${BITBETTER_BUILD_FROM_SOURCE:-0}" = "1" ]; then
echo "--- Source build mode ---"
# Prepare Bitwarden server repository
rm -rf $DIR/server
git clone --branch "v${BW_VERSION}" --depth 1 https://github.com/bitwarden/server.git $DIR/server
# Replace certificate file and thumbprint
old_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/server/src/Core/licensing.cer | cut -d= -f2 | tr -d ':')
new_thumbprint=$(openssl x509 -inform DER -fingerprint -noout -in $DIR/.keys/cert.cert | cut -d= -f2 | tr -d ':')
sed -i -e "s/$old_thumbprint/$new_thumbprint/g" $DIR/server/src/Core/Billing/Services/Implementations/LicensingService.cs
cp $DIR/.keys/cert.cert $DIR/server/src/Core/licensing.cer
docker build \
--no-cache \
--platform "$TARGETPLATFORM" \
--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
--label com.bitwarden.product="bitbetter" \
-f $DIR/server/src/Api/Dockerfile \
-t bitbetter/api \
$DIR/server
docker build \
--no-cache \
--platform "$TARGETPLATFORM" \
--build-arg BUILDPLATFORM="$BUILDPLATFORM" \
--build-arg TARGETPLATFORM="$TARGETPLATFORM" \
--label com.bitwarden.product="bitbetter" \
-f $DIR/server/src/Identity/Dockerfile \
-t bitbetter/identity \
$DIR/server
else
echo "--- Fast patch mode ---"
mkdir -p "$DIR/src/bitBetter/.keys"
cp "$DIR/.keys/cert.cert" "$DIR/src/bitBetter/.keys/cert.cert"
# Build the patcher tool inside the SDK container
docker run --rm \
-v "$DIR/src/bitBetter:/bitBetter" \
-w /bitBetter \
mcr.microsoft.com/dotnet/sdk:10.0 sh build.sh
docker build \
--no-cache \
--platform "$TARGETPLATFORM" \
--label com.bitwarden.product="bitbetter" \
--build-arg BITWARDEN_TAG="ghcr.io/bitwarden/api:$BW_VERSION" \
-t bitbetter/api \
"$DIR/src/bitBetter"
docker build \
--no-cache \
--platform "$TARGETPLATFORM" \
--label com.bitwarden.product="bitbetter" \
--build-arg BITWARDEN_TAG="ghcr.io/bitwarden/identity:$BW_VERSION" \
-t bitbetter/identity \
"$DIR/src/bitBetter"
fi
docker tag bitbetter/api bitbetter/api:latest
docker tag bitbetter/identity bitbetter/identity:latest
docker tag bitbetter/api bitbetter/api:$BW_VERSION
docker tag bitbetter/identity bitbetter/identity:$BW_VERSION
# Remove old instances of the image after a successful build.
ids=$( docker image ls --format="{{ .ID }} {{ .Tag }}" 'bitbetter/*' | grep -E -v -- "CREATED|latest|${BW_VERSION}" | awk '{ ids = (ids ? ids FS $1 : $1) } END { print ids }' )
[ -n "$ids" ] && docker rmi $ids || true
Reference in New Issue View Git Blame Copy Permalink