Date: Wed, 25 Jan 2023 02:00:26 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269143] security/vaultwarden upgrade web vault to 2023.1.0 via new security/vaultwarden-web port Message-ID: <bug-269143-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269143 Bug ID: 269143 Summary: security/vaultwarden upgrade web vault to 2023.1.0 via new security/vaultwarden-web port Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: mr@FreeBSD.org Reporter: yds@Necessitu.de Assignee: mr@FreeBSD.org Flags: maintainer-feedback?(mr@FreeBSD.org) Created attachment 239691 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239691&action= =3Dedit vaultwarden-web patch this patch splits the security/vaultwarden web-vault into a new security/vaultwarden-web port. the main security/vaultwarden port now RUN_DEPENDS on security/vaultwarden-web. this allows for building binary packages where only the web-vault might need a version bump while the main = Rust pkg does not need upgrading. the security/vaultwarden port splits Makefile.crates into a separate file to make the main Makefile much smaller and easier to grok. the port now installs the fully commented ${WRKSRC}/.env.template in /usr/local/share/examples/vaultwarden/vaultwarden.env which can be copied to /usr/local/etc/vaultwarden.env and edited as needed. any existing rc.conf.d/vaultwarden should be moved to the new ENV_FILE=3D/usr/local/etc/vaultwarden.env location port includes a new apache.conf reverse proxy example file. the rc.d script is completely rewritten to automatically create, chmod/chown all the requisite config and runtime files and folders to be accessible onl= y by the vaultwarden runtime user. the runtime user can be set with vaultwarden_= user and vaultwarden_group rc.conf variables. the port now includes a /usr/local/etc/newsyslog.conf.d/vaultwarden.conf fi= le to rotate the logs created by daemon -o logging output. there's no need to configure any logging within vaultwarden itself, daemon and newsyslogd take care of all the logging chores automagically. daemon supervisor will now restart vaultwarden after one second should it q= uit for any reason. the rc.d script now creates a bare-bones config.json with a random admin_to= ken and adds two new extra sub-commands: showtoken and maketoken which will show the current admin_token or generate a new one. making it easy to set/get the admin_token in config.json helps keep the=20 admin_token out of the environment variables where it can be viewed with `ps awxeww|grep vaultwarden` while vaultwarden is running. setting admin_token = via environment variables seems like a bad idea from a security perspective <-- that was the motivation for the two new sub-commands. config.json is ensure= d by the rc.d script to be readable only by the vaultwarden runtime user keeping= the admin_token secret like it oughtta be. of course any existing config.json will be honored and not touched unless o= ne issues the maketoken subcommand, and then only the admin_token is changed, while the rest of the file stays as is. UPDATING: the port moves the default location of the "data" folder to "/var/db/vaultwarden" and adds a new rc.conf variable `vaultwarden_data` current users are advised to move their existing "data" folder to the new default location: tar -C /usr/local/www/vaultwarden/data/ -cf - . | tar -C /var/db/vaultwarde= n/ -xvf - or to keep using the old data folder location set the rc.conf variables: ``` vaultwarden_enable=3D"YES" vaultwarden_data=3D"/usr/local/www/vaultwarden/data" --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-269143-7788>