From e7b9ed72c4a7a7089b25845dc8a419ec3bbaf58a Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Wed, 20 Dec 2017 22:31:30 -0500 Subject: [PATCH] env files are only readable by owner --- util/Setup/CertBuilder.cs | 41 +++------------------------- util/Setup/EnvironmentFileBuilder.cs | 8 ++++++ util/Setup/Helpers.cs | 33 ++++++++++++++++++++++ 3 files changed, 45 insertions(+), 37 deletions(-) diff --git a/util/Setup/CertBuilder.cs b/util/Setup/CertBuilder.cs index fee547150f..47e38b8bce 100644 --- a/util/Setup/CertBuilder.cs +++ b/util/Setup/CertBuilder.cs @@ -1,7 +1,5 @@ using System; -using System.Diagnostics; using System.IO; -using System.Runtime.InteropServices; namespace Bit.Setup { @@ -28,7 +26,7 @@ namespace Bit.Setup Directory.CreateDirectory($"/bitwarden/ssl/self/{Domain}/"); Console.WriteLine("Generating self signed SSL certificate."); Ssl = selfSignedSsl = true; - Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " + + Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " + $"-keyout /bitwarden/ssl/self/{Domain}/private.key " + $"-out /bitwarden/ssl/self/{Domain}/certificate.crt " + $"-subj \"/C=US/ST=New York/L=New York/O=8bit Solutions LLC/OU=bitwarden/CN={Domain}\""); @@ -37,48 +35,17 @@ namespace Bit.Setup if(LetsEncrypt) { Directory.CreateDirectory($"/bitwarden/letsencrypt/live/{Domain}/"); - Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048"); + Helpers.Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048"); } Console.WriteLine("Generating key for IdentityServer."); Directory.CreateDirectory("/bitwarden/identity/"); - Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " + + Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " + "-out identity.crt -subj \"/CN=bitwarden IdentityServer\" -days 10950"); - Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " + + Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " + $"-in identity.crt -certfile identity.crt -passout pass:{IdentityCertPassword}"); return selfSignedSsl; } - - private string Exec(string cmd) - { - var process = new Process - { - StartInfo = new ProcessStartInfo - { - RedirectStandardOutput = true, - UseShellExecute = false, - CreateNoWindow = true, - WindowStyle = ProcessWindowStyle.Hidden - } - }; - - if(!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) - { - var escapedArgs = cmd.Replace("\"", "\\\""); - process.StartInfo.FileName = "/bin/bash"; - process.StartInfo.Arguments = $"-c \"{escapedArgs}\""; - } - else - { - process.StartInfo.FileName = "powershell"; - process.StartInfo.Arguments = cmd; - } - - process.Start(); - var result = process.StandardOutput.ReadToEnd(); - process.WaitForExit(); - return result; - } } } diff --git a/util/Setup/EnvironmentFileBuilder.cs b/util/Setup/EnvironmentFileBuilder.cs index ed53883682..a65dbbe7e3 100644 --- a/util/Setup/EnvironmentFileBuilder.cs +++ b/util/Setup/EnvironmentFileBuilder.cs @@ -131,6 +131,8 @@ globalSettings__installation__identityUri=https://identity.bitwarden.com "); } + Helpers.Exec("chmod 600 /bitwarden/docker/global.env"); + using(var sw = File.CreateText("/bitwarden/docker/mssql.env")) { sw.Write($@"ACCEPT_EULA=Y @@ -139,6 +141,8 @@ SA_PASSWORD=SECRET "); } + Helpers.Exec("chmod 600 /bitwarden/docker/mssql.env"); + Console.WriteLine("Building docker environment override files."); Directory.CreateDirectory(" /bitwarden/env/"); using(var sw = File.CreateText("/bitwarden/env/global.override.env")) @@ -149,6 +153,8 @@ SA_PASSWORD=SECRET } } + Helpers.Exec("chmod 600 /bitwarden/env/global.override.env"); + using(var sw = File.CreateText("/bitwarden/env/mssql.override.env")) { foreach(var item in _mssqlValues) @@ -156,6 +162,8 @@ SA_PASSWORD=SECRET sw.WriteLine($"{item.Key}={item.Value}"); } } + + Helpers.Exec("chmod 600 /bitwarden/env/mssql.override.env"); } } } diff --git a/util/Setup/Helpers.cs b/util/Setup/Helpers.cs index 906288baac..23fd696745 100644 --- a/util/Setup/Helpers.cs +++ b/util/Setup/Helpers.cs @@ -1,6 +1,8 @@ using System; using System.Data.SqlClient; +using System.Diagnostics; using System.IO; +using System.Runtime.InteropServices; using System.Security.Cryptography; using System.Text; @@ -125,5 +127,36 @@ namespace Bit.Setup return null; } + + public static string Exec(string cmd, bool returnStdout = false) + { + var process = new Process + { + StartInfo = new ProcessStartInfo + { + RedirectStandardOutput = true, + UseShellExecute = false, + CreateNoWindow = true, + WindowStyle = ProcessWindowStyle.Hidden + } + }; + + if(!RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) + { + var escapedArgs = cmd.Replace("\"", "\\\""); + process.StartInfo.FileName = "/bin/bash"; + process.StartInfo.Arguments = $"-c \"{escapedArgs}\""; + } + else + { + process.StartInfo.FileName = "powershell"; + process.StartInfo.Arguments = cmd; + } + + process.Start(); + var result = returnStdout ? process.StandardOutput.ReadToEnd() : null; + process.WaitForExit(); + return result; + } } }