vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit c5ca588a6f026a25da1ad62fe9bb967468d7a951
parent 06888251e3fa8d53f7b7360c5da8acdc2c8a29ca
Author: Jeremy Lin <jeremy.lin@gmail.com>
Date:   Sun, 24 Jan 2021 17:26:25 -0800

Dockerfile.j2: clean up web-vault section

Diffstat:
Mdocker/Dockerfile.j2 | 33++++++++++++++++++++-------------
Mdocker/amd64/Dockerfile | 27+++++++++++++++++----------
Mdocker/amd64/Dockerfile.alpine | 27+++++++++++++++++----------
Mdocker/arm64/Dockerfile | 27+++++++++++++++++----------
Mdocker/armv6/Dockerfile | 27+++++++++++++++++----------
Mdocker/armv7/Dockerfile | 27+++++++++++++++++----------
Mdocker/armv7/Dockerfile.alpine | 27+++++++++++++++++----------
7 files changed, 122 insertions(+), 73 deletions(-)

diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -1,5 +1,5 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. {% set build_stage_base_image = "rust:1.48" %} {% if "alpine" in target_file %} @@ -44,19 +44,26 @@ # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### -{% set vault_image_hash = "sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0" %} -{% raw %} -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +{% set vault_version = "2.17.1" %} +{% set vault_image_digest = "sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0" %} +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 -{% endraw %} -FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v{{ vault_version }} +# $ docker image inspect --format "{{ '{{' }}.RepoDigests}}" bitwardenrs/web-vault:v{{ vault_version }} +# [bitwardenrs/web-vault@{{ vault_image_digest }}] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{ '{{' }}.RepoTags}}" bitwardenrs/web-vault@{{ vault_image_digest }} +# [bitwardenrs/web-vault:v{{ vault_version }}] +# +FROM bitwardenrs/web-vault@{{ vault_image_digest }} as vault ########################## BUILD IMAGE ########################## FROM {{ build_stage_base_image }} as build diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ########################## diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ########################## diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ########################## diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ########################## diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ########################## diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine @@ -1,20 +1,27 @@ # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ ####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.17.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/bitwardenrs/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull bitwardenrs/web-vault:v2.17.1 +# $ docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1 +# [bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 +# [bitwardenrs/web-vault:v2.17.1] # -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault ########################## BUILD IMAGE ##########################