From 4265199e52330150a5d2efbba68df97c7c3ffffb Mon Sep 17 00:00:00 2001 From: Joel Beckmeyer Date: Sat, 26 Mar 2022 20:55:52 -0400 Subject: [PATCH 1/2] New package: vaultwarden-web-2.28.1 --- srcpkgs/vaultwarden-web/template | 38 ++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 srcpkgs/vaultwarden-web/template diff --git a/srcpkgs/vaultwarden-web/template b/srcpkgs/vaultwarden-web/template new file mode 100644 index 000000000000..3f82acbd9df5 --- /dev/null +++ b/srcpkgs/vaultwarden-web/template @@ -0,0 +1,38 @@ +# Template file for 'vaultwarden-web' +pkgname=vaultwarden-web +version=2.28.1 +revision=1 +_patch_version=2.28.0 +create_wrksrc=yes +hostmakedepends="git nodejs" +short_desc="Web vault builds for vaultwarden" +maintainer="Joel Beckmeyer " +license="GPL-3.0-or-later" +homepage="https://github.com/dani-garcia/bw_web_builds" +distfiles="https://raw.githubusercontent.com/dani-garcia/bw_web_builds/v${version}/patches/v${_patch_version}.patch" +checksum=5abd6c839f2a2ed340b46bd1a0ecde8c71adba12bc72e97e69832077b639e874 + +post_fetch() { + # need to directly clone and checkout version so we can pull in submodules + git clone https://github.com/bitwarden/web ${wrksrc} + cd ${wrksrc} + git checkout "v${version}" + git submodule update --init +} + +post_patch() { + patch --forward --strip=1 --input="v${version}.patch" +} + +do_configure() { + npm ci +} + +do_build() { + npm run dist:oss:selfhost +} + +do_install() { + vmkdir usr/share/webapps/vaultwarden-web + vcopy build/* usr/share/webapps/vaultwarden-web +} From c96664e52f4c3b53eb6e5408ec6dfe62b2efdabe Mon Sep 17 00:00:00 2001 From: Joel Beckmeyer Date: Thu, 17 Feb 2022 13:25:21 -0500 Subject: [PATCH 2/2] New package: vaultwarden-1.25.0 --- srcpkgs/vaultwarden/files/vaultwarden/log/run | 1 + srcpkgs/vaultwarden/files/vaultwarden/run | 6 ++ srcpkgs/vaultwarden/patches/config.patch | 41 +++++++++ .../dashmap_available_parallelism.patch | 14 +++ .../vaultwarden/patches/format_strings.patch | 89 +++++++++++++++++++ srcpkgs/vaultwarden/patches/rust_1.60.patch | 19 ++++ srcpkgs/vaultwarden/template | 25 ++++++ 7 files changed, 195 insertions(+) create mode 120000 srcpkgs/vaultwarden/files/vaultwarden/log/run create mode 100644 srcpkgs/vaultwarden/files/vaultwarden/run create mode 100644 srcpkgs/vaultwarden/patches/config.patch create mode 100644 srcpkgs/vaultwarden/patches/dashmap_available_parallelism.patch create mode 100644 srcpkgs/vaultwarden/patches/format_strings.patch create mode 100644 srcpkgs/vaultwarden/patches/rust_1.60.patch create mode 100644 srcpkgs/vaultwarden/template diff --git a/srcpkgs/vaultwarden/files/vaultwarden/log/run b/srcpkgs/vaultwarden/files/vaultwarden/log/run new file mode 120000 index 000000000000..3a5b4a586051 --- /dev/null +++ b/srcpkgs/vaultwarden/files/vaultwarden/log/run @@ -0,0 +1 @@ +/usr/bin/vlogger \ No newline at end of file diff --git a/srcpkgs/vaultwarden/files/vaultwarden/run b/srcpkgs/vaultwarden/files/vaultwarden/run new file mode 100644 index 000000000000..ff5d0c6af46d --- /dev/null +++ b/srcpkgs/vaultwarden/files/vaultwarden/run @@ -0,0 +1,6 @@ +#!/bin/sh +[ -r ./conf ] && . ./conf +ENV_FILE=${ENV_FILE:-/etc/vaultwarden.conf} +export ENV_FILE + +exec chpst -u _vaultwarden:_vaultwarden vaultwarden diff --git a/srcpkgs/vaultwarden/patches/config.patch b/srcpkgs/vaultwarden/patches/config.patch new file mode 100644 index 000000000000..c71af0eb1b12 --- /dev/null +++ b/srcpkgs/vaultwarden/patches/config.patch @@ -0,0 +1,41 @@ +diff --git a/.env.template b/.env.template +index 6af6b53..18b7f98 100644 +--- a/.env.template ++++ b/.env.template +@@ -5,7 +5,7 @@ + ## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json . + + ## Main data folder +-# DATA_FOLDER=data ++DATA_FOLDER=/var/lib/vaultwarden + + ## Database URL + ## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3 +@@ -46,8 +46,8 @@ + # ICON_CACHE_NEGTTL=259200 + + ## Web vault settings +-# WEB_VAULT_FOLDER=web-vault/ +-# WEB_VAULT_ENABLED=true ++# WEB_VAULT_FOLDER=/usr/share/webapps/vaultwarden-web ++WEB_VAULT_ENABLED=false + + ## Enables websocket notifications + # WEBSOCKET_ENABLED=false +@@ -103,7 +103,7 @@ + + ## Logging to file + ## It's recommended to also set 'ROCKET_CLI_COLORS=off' +-# LOG_FILE=/path/to/log ++# LOG_FILE=/var/log/vaultwarden.log + + ## Logging to Syslog + ## This requires extended logging +@@ -291,6 +291,7 @@ + # ROCKET_PORT=80 # Defaults to 80 in the Docker images, or 8000 otherwise. + # ROCKET_WORKERS=10 + # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"} ++ROCKET_LIMITS={json=10485760} + + ## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service. + ## To make sure the email links are pointing to the correct host, set the DOMAIN variable. diff --git a/srcpkgs/vaultwarden/patches/dashmap_available_parallelism.patch b/srcpkgs/vaultwarden/patches/dashmap_available_parallelism.patch new file mode 100644 index 000000000000..64959f872cb2 --- /dev/null +++ b/srcpkgs/vaultwarden/patches/dashmap_available_parallelism.patch @@ -0,0 +1,14 @@ +diff --git a/Cargo.toml b/Cargo.toml +index 1ccd16c..5d0dab6 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -155,6 +155,9 @@ mimalloc = { version = "0.1.29", features = ["secure"], default-features = false + # 2022-05-04: Forked/Updated the job_scheduler again use the latest dependencies and some fixes. + job_scheduler = { git = 'https://github.com/BlackDex/job_scheduler', rev = '9100fc596a083fd9c0b560f8f11f108e0a19d07e' } + ++# revert a commit that breaks Rust 1.57 support ++dashmap = { git = 'https://github.com/TinfoilSubmarine/dashmap', rev = '1008b24de43aabaaa87d35171d588d09aba0865d' } ++ + # Strip debuginfo from the release builds + # Also enable thin LTO for some optimizations + [profile.release] diff --git a/srcpkgs/vaultwarden/patches/format_strings.patch b/srcpkgs/vaultwarden/patches/format_strings.patch new file mode 100644 index 000000000000..a20ab1ca812b --- /dev/null +++ b/srcpkgs/vaultwarden/patches/format_strings.patch @@ -0,0 +1,89 @@ +diff --git a/src/api/icons.rs b/src/api/icons.rs +index 71c4899..75e45ee 100644 +--- a/src/api/icons.rs ++++ b/src/api/icons.rs +@@ -60,7 +60,7 @@ static CLIENT: Lazy = Lazy::new(|| { + match client.build() { + Ok(client) => client, + Err(e) => { +- error!("Possible trust-dns error, trying with trust-dns disabled: '{e}'"); ++ error!("Possible trust-dns error, trying with trust-dns disabled: '{}'", e); + get_reqwest_client_builder() + .cookie_provider(cookie_store) + .timeout(Duration::from_secs(CONFIG.icon_download_timeout())) +@@ -454,7 +454,7 @@ async fn get_favicons_node( + } + } else if tag.name == TAG_BASE && tag.attributes.contains_key(ATTR_HREF) { + let href = std::str::from_utf8(tag.attributes.get(ATTR_HREF).unwrap()).unwrap_or_default(); +- debug!("Found base href: {href}"); ++ debug!("Found base href: {}", href); + base_url = match base_url.join(href) { + Ok(inner_url) => inner_url, + _ => url.clone(), +@@ -503,8 +503,8 @@ struct IconUrlResult { + /// ``` + async fn get_icon_url(domain: &str) -> Result { + // Default URL with secure and insecure schemes +- let ssldomain = format!("https://{domain}"); +- let httpdomain = format!("http://{domain}"); ++ let ssldomain = format!("https://{}", domain); ++ let httpdomain = format!("http://{}", domain); + + // First check the domain as given during the request for both HTTPS and HTTP. + let resp = match get_page(&ssldomain).or_else(|_| get_page(&httpdomain)).await { +@@ -522,20 +522,20 @@ async fn get_icon_url(domain: &str) -> Result { + base = domain_parts.next_back().unwrap() + ); + if is_valid_domain(&base_domain).await { +- let sslbase = format!("https://{base_domain}"); +- let httpbase = format!("http://{base_domain}"); +- debug!("[get_icon_url]: Trying without subdomains '{base_domain}'"); ++ let sslbase = format!("https://{}", base_domain); ++ let httpbase = format!("http://{}", base_domain); ++ debug!("[get_icon_url]: Trying without subdomains '{}'", base_domain); + + sub_resp = get_page(&sslbase).or_else(|_| get_page(&httpbase)).await; + } + + // When the domain is not an IP, and has less then 2 dots, try to add www. infront of it. + } else if is_ip.is_err() && domain.matches('.').count() < 2 { +- let www_domain = format!("www.{domain}"); ++ let www_domain = format!("www.{}", domain); + if is_valid_domain(&www_domain).await { +- let sslwww = format!("https://{www_domain}"); +- let httpwww = format!("http://{www_domain}"); +- debug!("[get_icon_url]: Trying with www. prefix '{www_domain}'"); ++ let sslwww = format!("https://{}", www_domain); ++ let httpwww = format!("http://{}", www_domain); ++ debug!("[get_icon_url]: Trying with www. prefix '{}'", www_domain); + + sub_resp = get_page(&sslwww).or_else(|_| get_page(&httpwww)).await; + } +@@ -567,10 +567,10 @@ async fn get_icon_url(domain: &str) -> Result { + get_favicons_node(dom, &mut iconlist, &url).await; + } else { + // Add the default favicon.ico to the list with just the given domain +- iconlist.push(Icon::new(35, format!("{ssldomain}/favicon.ico"))); +- iconlist.push(Icon::new(40, format!("{ssldomain}/apple-touch-icon.png"))); +- iconlist.push(Icon::new(35, format!("{httpdomain}/favicon.ico"))); +- iconlist.push(Icon::new(40, format!("{httpdomain}/apple-touch-icon.png"))); ++ iconlist.push(Icon::new(35, format!("{}/favicon.ico", ssldomain))); ++ iconlist.push(Icon::new(40, format!("{}/apple-touch-icon.png", ssldomain))); ++ iconlist.push(Icon::new(35, format!("{}/favicon.ico", httpdomain))); ++ iconlist.push(Icon::new(40, format!("{}/apple-touch-icon.png", httpdomain))); + } + + // Sort the iconlist by priority +diff --git a/src/util.rs b/src/util.rs +index de61a35..d8cc111 100644 +--- a/src/util.rs ++++ b/src/util.rs +@@ -619,7 +619,7 @@ pub fn get_reqwest_client() -> Client { + match get_reqwest_client_builder().build() { + Ok(client) => client, + Err(e) => { +- error!("Possible trust-dns error, trying with trust-dns disabled: '{e}'"); ++ error!("Possible trust-dns error, trying with trust-dns disabled: '{}'", e); + get_reqwest_client_builder().trust_dns(false).build().expect("Failed to build client") + } + } diff --git a/srcpkgs/vaultwarden/patches/rust_1.60.patch b/srcpkgs/vaultwarden/patches/rust_1.60.patch new file mode 100644 index 000000000000..afb4ea14e2c8 --- /dev/null +++ b/srcpkgs/vaultwarden/patches/rust_1.60.patch @@ -0,0 +1,19 @@ +diff --git a/Cargo.toml b/Cargo.toml +index 3278c70..1ccd16c 100644 +--- a/Cargo.toml ++++ b/Cargo.toml +@@ -3,7 +3,7 @@ name = "vaultwarden" + version = "1.0.0" + authors = ["Daniel GarcĂ­a "] + edition = "2021" +-rust-version = "1.60" ++rust-version = "1.57" + resolver = "2" + + repository = "https://github.com/dani-garcia/vaultwarden" +@@ -158,5 +158,4 @@ job_scheduler = { git = 'https://github.com/BlackDex/job_scheduler', rev = '9100 + # Strip debuginfo from the release builds + # Also enable thin LTO for some optimizations + [profile.release] +-strip = "debuginfo" + lto = "thin" diff --git a/srcpkgs/vaultwarden/template b/srcpkgs/vaultwarden/template new file mode 100644 index 000000000000..7d769e2052b7 --- /dev/null +++ b/srcpkgs/vaultwarden/template @@ -0,0 +1,25 @@ +# Template file for 'vaultwarden' +pkgname=vaultwarden +version=1.25.0 +revision=1 +build_style=cargo +configure_args="--features sqlite,mysql,postgresql" +hostmakedepends="pkg-config" +makedepends="openssl-devel libmysqlclient-devel postgresql-libs-devel + sqlite-devel" +short_desc="Unofficial Bitwarden compatible server written in Rust" +maintainer="Joel Beckmeyer " +license="GPL-3.0-or-later" +homepage="https://github.com/dani-garcia/vaultwarden" +distfiles="https://github.com/dani-garcia/vaultwarden/archive/${version}.tar.gz" +checksum=5391f60b3afa9b66cad03cc19903ccc5ad229cbfde142041c7f910d60fd2d2cf + +system_accounts="_vaultwarden" +_vaultwarden_homedir="/var/lib/vaultwarden" + +make_dirs="/var/lib/vaultwarden 0750 _vaultwarden _vaultwarden" + +post_install() { + vsconf .env.template vaultwarden.conf + vsv vaultwarden +}