vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 8bf1278b1b7483c93cc083fdd6011fc4206447af
parent 00ce943ea5016cc49ba71b45f36c870d8f55b14e
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sat, 26 Jun 2021 14:08:06 +0200

Update web vault and docker base images

Diffstat:
Mdocker/Dockerfile.j2 | 12++++++------
Mdocker/amd64/Dockerfile | 14+++++++-------
Mdocker/amd64/Dockerfile.alpine | 16++++++++--------
Mdocker/arm64/Dockerfile | 14+++++++-------
Mdocker/armv6/Dockerfile | 14+++++++-------
Mdocker/armv7/Dockerfile | 14+++++++-------
Mdocker/armv7/Dockerfile.alpine | 14+++++++-------
7 files changed, 49 insertions(+), 49 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -1,15 +1,15 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -{% set build_stage_base_image = "rust:1.51" %} +{% set build_stage_base_image = "rust:1.53" %} {% if "alpine" in target_file %} {% if "amd64" in target_file %} -{% set build_stage_base_image = "clux/muslrust:nightly-2021-04-14" %} -{% set runtime_stage_base_image = "alpine:3.13" %} +{% set build_stage_base_image = "clux/muslrust:nightly-2021-06-24" %} +{% set runtime_stage_base_image = "alpine:3.14" %} {% set package_arch_target = "x86_64-unknown-linux-musl" %} {% elif "armv7" in target_file %} {% set build_stage_base_image = "messense/rust-musl-cross:armv7-musleabihf" %} -{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.13" %} +{% set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.14" %} {% set package_arch_target = "armv7-unknown-linux-musleabihf" %} {% endif %} {% elif "amd64" in target_file %} @@ -44,8 +44,8 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -{% set vault_version = "2.20.4" %} -{% set vault_image_digest = "sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b" %} +{% set vault_version = "2.20.4b" %} +{% set vault_image_digest = "sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05" %} # The web-vault digest specifies a particular web-vault build on Docker Hub. # Using the digest instead of the tag name provides better security, # as the digest of an image is immutable, whereas a tag name can later diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -14,18 +14,18 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.51 as build +FROM rust:1.53 as build # Debian-based builds support multidb ARG DB=sqlite,mysql,postgresql diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -14,18 +14,18 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## -FROM clux/muslrust:nightly-2021-04-14 as build +FROM clux/muslrust:nightly-2021-06-24 as build # Alpine-based AMD64 (musl) does not support mysql/mariadb during compile time. ARG DB=sqlite,postgresql @@ -70,7 +70,7 @@ RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM alpine:3.13 +FROM alpine:3.14 ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile @@ -14,18 +14,18 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.51 as build +FROM rust:1.53 as build # Debian-based builds support multidb ARG DB=sqlite,mysql,postgresql diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile @@ -14,18 +14,18 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.51 as build +FROM rust:1.53 as build # Debian-based builds support multidb ARG DB=sqlite,mysql,postgresql diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile @@ -14,18 +14,18 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## -FROM rust:1.51 as build +FROM rust:1.53 as build # Debian-based builds support multidb ARG DB=sqlite,mysql,postgresql diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine @@ -14,15 +14,15 @@ # - From https://hub.docker.com/r/vaultwarden/web-vault/tags, # click the tag name to view the digest of the image it currently points to. # - From the command line: -# $ docker pull vaultwarden/web-vault:v2.20.4 -# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4 -# [vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b] +# $ docker pull vaultwarden/web-vault:v2.20.4b +# $ docker image inspect --format "{{.RepoDigests}}" vaultwarden/web-vault:v2.20.4b +# [vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05] # # - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b -# [vaultwarden/web-vault:v2.20.4] +# $ docker image inspect --format "{{.RepoTags}}" vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 +# [vaultwarden/web-vault:v2.20.4b] # -FROM vaultwarden/web-vault@sha256:810919341388a50d3a88225ce234333f72eb80382953997e9fd5590cca829e1b as vault +FROM vaultwarden/web-vault@sha256:894e266d4491494dd5a8a736855a6772aa146fa14206853b11b41cf3f3f64d05 as vault ########################## BUILD IMAGE ########################## FROM messense/rust-musl-cross:armv7-musleabihf as build @@ -73,7 +73,7 @@ RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM balenalib/armv7hf-alpine:3.13 +FROM balenalib/armv7hf-alpine:3.14 ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80