[arch-commits] Commit in bitwarden_rs/repos (6 files)

Daniel M. Capella polyzen at archlinux.org
Tue Nov 24 09:48:05 UTC 2020 

    Date: Tuesday, November 24, 2020 @ 09:48:05
  Author: polyzen
Revision: 760894

archrelease: copy trunk to community-x86_64

Added:
  bitwarden_rs/repos/community-x86_64/
  bitwarden_rs/repos/community-x86_64/PKGBUILD
    (from rev 760893, bitwarden_rs/trunk/PKGBUILD)
  bitwarden_rs/repos/community-x86_64/bitwarden_rs.install
    (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.install)
  bitwarden_rs/repos/community-x86_64/bitwarden_rs.service
    (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.service)
  bitwarden_rs/repos/community-x86_64/bitwarden_rs.sysusers.conf
    (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.sysusers.conf)
  bitwarden_rs/repos/community-x86_64/bitwarden_rs.tmpfiles
    (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.tmpfiles)

----------------------------+
 PKGBUILD                   |   57 +++++++++++++++++++++++++++++++++++
 bitwarden_rs.install       |    8 ++++
 bitwarden_rs.service       |   69 +++++++++++++++++++++++++++++++++++++++++++
 bitwarden_rs.sysusers.conf |    1 
 bitwarden_rs.tmpfiles      |    3 +
 5 files changed, 138 insertions(+)

Copied: bitwarden_rs/repos/community-x86_64/PKGBUILD (from rev 760893, bitwarden_rs/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2020-11-24 09:48:05 UTC (rev 760894)
@@ -0,0 +1,57 @@
+# Maintainer: Daniel M. Capella <polyzen at archlinux.org>
+# Contributor: Markus Richter <mqus at disroot dot org>
+# Contributor: Timothée Ravier <tim at siosm.fr
+
+pkgname=bitwarden_rs
+pkgver=1.17.0
+pkgrel=3
+pkgdesc='Unofficial Bitwarden compatible server written in Rust'
+arch=('x86_64')
+url=https://github.com/dani-garcia/bitwarden_rs
+license=('GPL3')
+depends=('mariadb-libs' 'openssl' 'postgresql-libs' 'sqlite')
+makedepends=('rustup')
+optdepends=('bitwarden_rs-vault: for the web app'
+            'mariadb: for the MySQL backend'
+            'postgresql: for the PostgreSQL backend')
+conflicts=("$pkgname-mysql" "$pkgname-postgresql")
+backup=('etc/bitwarden_rs.env')
+install=$pkgname.install
+source=("$url/archive/$pkgver/$pkgname-$pkgver.tar.gz"
+        "$pkgname.service"
+        "$pkgname.sysusers.conf"
+        "$pkgname.tmpfiles")
+b2sums=('faf4a3e0cba6905547c347bd8d7939e2412116d5c9b226e49cddd04306b6e69e00e1f5d7b1b09493ff02614d5417b34cd9c54cb3efffbf238e23e3f54bacd5d1'
+        '8fc7e0aeed4b17065ddaedad0038e2a635e9bc477170e397a116845249784f3beaa7c241e9706ae64abc1c662eb969ccfa045e21bd805188690bb308e1d88a97'
+        '1c95c3ba5b40508c0b67bec788ea38468baddd5e0e2b20ff78aaeb99cb5d0b93e29995dc4672a96a7be9a3b0d3a5c5a607576a2db01309ff08231eb4b747b659'
+        'a2a6a128a405b4dbd06eb84c25b1971a5dcab4b918d6fec74da317b76485eda6b4b16ad972a85d9c8267b0a848787761fae75cd6bbb81d970a8cbc8683a2fc42')
+
+prepare() {
+  cd $pkgname-$pkgver
+  sed -i 's,# DATA_FOLDER=data,DATA_FOLDER=/var/lib/bitwarden_rs,
+  s,# WEB_VAULT_ENABLED=true,WEB_VAULT_ENABLED=false,
+  s,# LOG_FILE=/path/to/log,LOG_FILE=/var/log/bitwarden_rs.log,
+  /^# ROCKET_TLS/a ROCKET_LIMITS={json=10485760}' .env.template
+}
+
+build() {
+  cd $pkgname-$pkgver
+  rustup set profile minimal
+  BWRS_VERSION="$pkgver" cargo build --release --locked --features sqlite,mysql,postgresql
+}
+
+check() {
+  cd $pkgname-$pkgver
+  cargo test --release --locked --features sqlite,mysql,postgresql
+}
+
+package() {
+  cd $pkgname-$pkgver
+  install -Dm644 .env.template "$pkgdir"/etc/bitwarden_rs.env
+  install -Dt "$pkgdir"/usr/bin target/release/bitwarden_rs
+  install -Dm644 -t "$pkgdir"/usr/lib/systemd/system ../bitwarden_rs.service
+  install -Dm644 ../$pkgname.sysusers.conf "$pkgdir"/usr/lib/sysusers.d/bitwarden_rs.conf
+  install -Dm644 ../bitwarden_rs.tmpfiles "$pkgdir"/usr/lib/tmpfiles.d/bitwarden_rs.conf
+}
+
+# vim:set ts=2 sw=2 et:

Copied: bitwarden_rs/repos/community-x86_64/bitwarden_rs.install (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.install)
===================================================================
--- community-x86_64/bitwarden_rs.install	                        (rev 0)
+++ community-x86_64/bitwarden_rs.install	2020-11-24 09:48:05 UTC (rev 760894)
@@ -0,0 +1,8 @@
+post_install() {
+  cat << EOF
+Configure the server via its environment variables in /etc/bitwarden_rs.env.
+
+Start bitwarden_rs and enable its systemd service:
+# systemctl enable --now bitwarden_rs.service
+EOF
+}

Copied: bitwarden_rs/repos/community-x86_64/bitwarden_rs.service (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.service)
===================================================================
--- community-x86_64/bitwarden_rs.service	                        (rev 0)
+++ community-x86_64/bitwarden_rs.service	2020-11-24 09:48:05 UTC (rev 760894)
@@ -0,0 +1,69 @@
+[Unit]
+Description=Bitwarden Server (Rust Edition)
+Documentation=https://github.com/dani-garcia/bitwarden_rs
+After=network.target
+
+[Service]
+# The user/group bitwarden_rs is run under. These are created at install, with
+# /var/lib/bitwarden_rs as the home directory
+User=bitwarden_rs
+Group=bitwarden_rs
+
+# The location of the .env file for configuration
+EnvironmentFile=/etc/bitwarden_rs.env
+
+# The location of the compiled binary
+ExecStart=/usr/bin/bitwarden_rs
+
+# Set reasonable connection and process limits
+LimitNOFILE=1048576
+LimitNPROC=64
+
+# Set the working directory (user and password data are stored here) and only
+# allow writes to the following
+WorkingDirectory=~
+ReadWritePaths=/var/lib/bitwarden_rs /var/log/bitwarden_rs.log
+
+# Prevent bitwarden_rs from doing anything stupid and/or unneccessary
+LockPersonality=yes
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+
+PrivateTmp=yes
+PrivateDevices=yes
+
+ProtectHome=yes
+ProtectSystem=strict
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectHostname=yes
+ProtectClock=yes
+
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+
+RemoveIPC=yes
+UMask=0077
+
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@resources
+SystemCallFilter=~@privileged
+
+# Allow bitwarden_rs to bind ports in the range of 0-1024 and restrict it to
+# that capability
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# If bitwarden_rs is run at ports >1024, you should apply these options in a
+# drop-in file
+#PrivateUsers=yes
+#CapabilityBoundingSet=
+#AmbientCapabilities=
+
+[Install]
+WantedBy=multi-user.target

Copied: bitwarden_rs/repos/community-x86_64/bitwarden_rs.sysusers.conf (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.sysusers.conf)
===================================================================
--- community-x86_64/bitwarden_rs.sysusers.conf	                        (rev 0)
+++ community-x86_64/bitwarden_rs.sysusers.conf	2020-11-24 09:48:05 UTC (rev 760894)
@@ -0,0 +1 @@
+u bitwarden_rs - "bitwarden_rs user" /var/lib/bitwarden_rs /usr/bin/nologin

Copied: bitwarden_rs/repos/community-x86_64/bitwarden_rs.tmpfiles (from rev 760893, bitwarden_rs/trunk/bitwarden_rs.tmpfiles)
===================================================================
--- community-x86_64/bitwarden_rs.tmpfiles	                        (rev 0)
+++ community-x86_64/bitwarden_rs.tmpfiles	2020-11-24 09:48:05 UTC (rev 760894)
@@ -0,0 +1,3 @@
+d /var/lib/bitwarden_rs     0750 bitwarden_rs bitwarden_rs
+h /var/lib/bitwarden_rs     -    -            -            - +C
+f /var/log/bitwarden_rs.log 0640 bitwarden_rs bitwarden_rs

More information about the arch-commits mailing list