From nobody Wed Jan 25 02:00:26 2023 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P1n9R2TCFz3bDD9 for ; Wed, 25 Jan 2023 02:00:27 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P1n9Q6P7jz46XV for ; Wed, 25 Jan 2023 02:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674612026; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=diDgI4hWH3q2gbGfIWY6nw0Nc1O3JTt08Xt3QklBH7I=; b=dIagugxAVi4VDI0Hj1rBHFqPR+MvT2d8vSJW+dkAix81v4ZvyV7oF889ys/E6+ZylIdJsX VXJNyIMwVCj8pk1oEgIBvdckr6PStZOxhhrO4AKWrElEaJ1LCpvj6ALPGyGsWATfxVFd8N 0DQpSBfhRoTSbgYPISG52nPTaUv3yPRWZHByY3aXEFn703Lsmp2xSgSlstFMBC6oK8NWGu IhGCRjcKQNm7HHfNPIqgprKmq08FkQI/dHr7Qxypp/CBS78wqLXVcZW4fCafugGFovdHro Yg2g1fl8Sb/oqVHOkCsD2+ILoYh+b3PWja1iRl5o6TTiVfv8KMfKbPrhsrkQ/A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674612026; a=rsa-sha256; cv=none; b=oa6MJqExR2ea/UWKwj7hrsUZfNkLS6fOpLcWm0KtniDZ1RcVUrPaFwqRq9+NLew+G7qTUj xFzvzGwvzBCCMu/if/rcoIaVdsr6rzctUhqtP1HFNgZh5QWIMzmEDx5UtYjrFAqt7UaxmZ xmLzLjEZShh70joup7thfqFPsvSO4cMBpNvB9V7s4BwVWzqTjwog8vkKjoaY5MpjUWmlI2 JprFOZTHQ/Ko6YvpsMX5dNve0KfsKWP8oy5a0gS0Lre7kObnamx5RlBgJ5EDhFJucq4KEb rSAB0cIc/8PIEk6D0Tn+OZNMZ1kaSKamUMUP87zQUrS60njhWvGuY41spw+L6Q== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P1n9Q5MMtzXBp for ; Wed, 25 Jan 2023 02:00:26 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 30P20Q4k048189 for ; Wed, 25 Jan 2023 02:00:26 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 30P20QHD048188 for ports-bugs@FreeBSD.org; Wed, 25 Jan 2023 02:00:26 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 269143] security/vaultwarden upgrade web vault to 2023.1.0 via new security/vaultwarden-web port Date: Wed, 25 Jan 2023 02:00:26 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: yds@Necessitu.de X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: mr@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D269143 Bug ID: 269143 Summary: security/vaultwarden upgrade web vault to 2023.1.0 via new security/vaultwarden-web port Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: mr@FreeBSD.org Reporter: yds@Necessitu.de Assignee: mr@FreeBSD.org Flags: maintainer-feedback?(mr@FreeBSD.org) Created attachment 239691 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D239691&action= =3Dedit vaultwarden-web patch this patch splits the security/vaultwarden web-vault into a new security/vaultwarden-web port. the main security/vaultwarden port now RUN_DEPENDS on security/vaultwarden-web. this allows for building binary packages where only the web-vault might need a version bump while the main = Rust pkg does not need upgrading. the security/vaultwarden port splits Makefile.crates into a separate file to make the main Makefile much smaller and easier to grok. the port now installs the fully commented ${WRKSRC}/.env.template in /usr/local/share/examples/vaultwarden/vaultwarden.env which can be copied to /usr/local/etc/vaultwarden.env and edited as needed. any existing rc.conf.d/vaultwarden should be moved to the new ENV_FILE=3D/usr/local/etc/vaultwarden.env location port includes a new apache.conf reverse proxy example file. the rc.d script is completely rewritten to automatically create, chmod/chown all the requisite config and runtime files and folders to be accessible onl= y by the vaultwarden runtime user. the runtime user can be set with vaultwarden_= user and vaultwarden_group rc.conf variables. the port now includes a /usr/local/etc/newsyslog.conf.d/vaultwarden.conf fi= le to rotate the logs created by daemon -o logging output. there's no need to configure any logging within vaultwarden itself, daemon and newsyslogd take care of all the logging chores automagically. daemon supervisor will now restart vaultwarden after one second should it q= uit for any reason. the rc.d script now creates a bare-bones config.json with a random admin_to= ken and adds two new extra sub-commands: showtoken and maketoken which will show the current admin_token or generate a new one. making it easy to set/get the admin_token in config.json helps keep the=20 admin_token out of the environment variables where it can be viewed with `ps awxeww|grep vaultwarden` while vaultwarden is running. setting admin_token = via environment variables seems like a bad idea from a security perspective <-- that was the motivation for the two new sub-commands. config.json is ensure= d by the rc.d script to be readable only by the vaultwarden runtime user keeping= the admin_token secret like it oughtta be. of course any existing config.json will be honored and not touched unless o= ne issues the maketoken subcommand, and then only the admin_token is changed, while the rest of the file stays as is. UPDATING: the port moves the default location of the "data" folder to "/var/db/vaultwarden" and adds a new rc.conf variable `vaultwarden_data` current users are advised to move their existing "data" folder to the new default location: tar -C /usr/local/www/vaultwarden/data/ -cf - . | tar -C /var/db/vaultwarde= n/ -xvf - or to keep using the old data folder location set the rc.conf variables: ``` vaultwarden_enable=3D"YES" vaultwarden_data=3D"/usr/local/www/vaultwarden/data" --=20 You are receiving this mail because: You are the assignee for the bug.=