compatibility with Bitwarden offline setup
tfboy opened this issue · 5 comments
Hi,
I was just wondering if there are any plans to make this work with fully offline installations of Bitwarden?
I have tried, but as the docker containers are installed manually when configuring as an offline install, it's not possible to build the images when running the build.sh script:
build.sh README.md src update-bitwarden.sh
Unable to find image 'mcr.microsoft.com/dotnet/sdk:6.0' locally
6.0: Pulling from dotnet/sdk
0bc8ff246cb8: Pull complete
5c7a0ff61f6b: Pull complete
0a33056c1d9b: Pull complete
72cae2b4ebed: Pull complete
96830a80fe4a: Pull complete
1143b2a14b65: Pull complete
b5e3c0596624: Pull complete
19a10a9b1d43: Pull complete
Digest: sha256:229eee05c4a54649f9c0c86c8265ffeb87ce160a330a671a86d51ede66359e2b
Status: Downloaded newer image for mcr.microsoft.com/dotnet/sdk:6.0
+ dotnet restore
Determining projects to restore...
Restored /bitBetter/bitBetter.csproj (in 1.04 sec).
+ dotnet publish
MSBuild version 17.3.2+561848881 for .NET
Determining projects to restore...
All projects are up-to-date for restore.
bitBetter -> /bitBetter/bin/Debug/netcoreapp6.0/bitBetter.dll
bitBetter -> /bitBetter/bin/Debug/netcoreapp6.0/publish/
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 1.618MB
Step 1/6 : ARG BITWARDEN_TAG
Step 2/6 : FROM ${BITWARDEN_TAG}
invalid reference format
DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
Install the buildx component to build images with BuildKit:
https://docs.docker.com/go/buildx/
Sending build context to Docker daemon 1.618MB
Step 1/6 : ARG BITWARDEN_TAG
Step 2/6 : FROM ${BITWARDEN_TAG}
invalid reference format
Error response from daemon: No such image: bitbetter/api:latest
Error response from daemon: No such image: bitbetter/identity:latest
Error parsing reference: "bitbetter/api:" is not a valid repository/tag: invalid reference format
Error parsing reference: "bitbetter/identity:" is not a valid repository/tag: invalid reference format
Push notifications to Mobile app require online access to push.bitwarden.com You might want SMTP as well.
Push notifications to Mobile app require online access to push.bitwarden.com You might want SMTP as well.
Sorry, to clarify, this is an offline in the sense that it's firewalled from the Internet. But SMTP is available and working (internally). Good point about push notifications, but this isn't required in this case. Could be disabled.
This seems to break because the url used in build.sh
to determine $BW_VERSION
no longer works:
$ curl -vvv https://go.btwrdn.co/bw-sh-versions
* processing: https://go.btwrdn.co/bw-sh-versions
* Could not resolve host: go.btwrdn.co
* Closing connection
curl: (6) Could not resolve host: go.btwrdn.co
To workaround: hardcode the value to the Bitwarden installed version. For my install, it's "2023.10.2".
Here's a patch for build.sh
for Bitwarden v2023.10.2:
# git diff
diff --git a/build.sh b/build.sh
index 4371c0c..7349e3e 100755
--- a/build.sh
+++ b/build.sh
@@ -3,6 +3,7 @@
DIR=`dirname "$0"`
DIR=`exec 2>/dev/null;(cd -- "$DIR") && cd -- "$DIR"|| cd "$DIR"; unset PWD; /usr/bin/pwd || /bin/pwd || pwd`
BW_VERSION=$(curl -sL https://go.btwrdn.co/bw-sh-versions | grep '^ *"'coreVersion'":' | awk -F\: '{ print $2 }' | sed -e 's/,$//' -e 's/^"//' -e 's/"$//')
+BW_VERSION="2023.10.2"
echo "Building BitBetter for BitWarden version $BW_VERSION"
Actually, I wonder if this could make installations simpler.
Initially, I had a normal self-hosted installation but I then wanted to sandbox it and remove internet connectivity. But my containers were always unhealthy. I reached out fo their support team and they said it won't work and I need to do the proper offline install.
However, part of the offline install requires you creating your identity server for signing the certificates (something you don't do with a normal install as I believe it checks against the online servers which is why there's the modified bitbetter containers impersonating the identity servers).
As you have your own local identity servers, can you not use these instead of the modified bitbetter ones to sign the licence? If this worked, then it would remove the need for these modified servers and simplify the process.
I'm playing around seeing if I can get it to work.
Just to add, I've had a look and cannot get it working with the off-line install. I did put a post up in the Discussions section.
If we could get the "offline" version to work, I think it could be a lot simpler and wouldn't require changing / using any modified containers, just using the identity.pfx certificate generated on install.