env files are only readable by owner

2025-02-16 01:51:21 +01:00 · 2017-12-20 22:31:30 -05:00 · 2017-12-20 22:31:30 -05:00 · e7b9ed72c4
commit e7b9ed72c4
parent 67ec4603a4
3 changed files with 45 additions and 37 deletions
--- a/util/Setup/CertBuilder.cs
+++ b/util/Setup/CertBuilder.cs
@ -1,7 +1,5 @@
 using System;
-using System.Diagnostics;
 using System.IO;
-using System.Runtime.InteropServices;

 namespace Bit.Setup
 {
@ -28,7 +26,7 @@ namespace Bit.Setup
                Directory.CreateDirectory($"/bitwarden/ssl/self/{Domain}/");
                Console.WriteLine("Generating self signed SSL certificate.");
                Ssl = selfSignedSsl = true;
-                Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " +
+                Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " +
                    $"-keyout /bitwarden/ssl/self/{Domain}/private.key " +
                    $"-out /bitwarden/ssl/self/{Domain}/certificate.crt " +
                    $"-subj \"/C=US/ST=New York/L=New York/O=8bit Solutions LLC/OU=bitwarden/CN={Domain}\"");
@ -37,48 +35,17 @@ namespace Bit.Setup
            if(LetsEncrypt)
            {
                Directory.CreateDirectory($"/bitwarden/letsencrypt/live/{Domain}/");
-                Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048");
+                Helpers.Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048");
            }

            Console.WriteLine("Generating key for IdentityServer.");
            Directory.CreateDirectory("/bitwarden/identity/");
-            Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
+            Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
                "-out identity.crt -subj \"/CN=bitwarden IdentityServer\" -days 10950");
-            Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
+            Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
                $"-in identity.crt -certfile identity.crt -passout pass:{IdentityCertPassword}");

            return selfSignedSsl;
        }
-
-        private string Exec(string cmd)
-        {
-            var process = new Process
-            {
-                StartInfo = new ProcessStartInfo
-                {
-                    RedirectStandardOutput = true,
-                    UseShellExecute = false,
-                    CreateNoWindow = true,
-                    WindowStyle = ProcessWindowStyle.Hidden
-                }
-            };
-
-            if(!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
-            {
-                var escapedArgs = cmd.Replace("\"", "\\\"");
-                process.StartInfo.FileName = "/bin/bash";
-                process.StartInfo.Arguments = $"-c \"{escapedArgs}\"";
-            }
-            else
-            {
-                process.StartInfo.FileName = "powershell";
-                process.StartInfo.Arguments = cmd;
-            }
-
-            process.Start();
-            var result = process.StandardOutput.ReadToEnd();
-            process.WaitForExit();
-            return result;
-        }
    }
 }
--- a/util/Setup/EnvironmentFileBuilder.cs
+++ b/util/Setup/EnvironmentFileBuilder.cs
@ -131,6 +131,8 @@ globalSettings__installation__identityUri=https://identity.bitwarden.com
 ");
            }

+            Helpers.Exec("chmod 600 /bitwarden/docker/global.env");
+
            using(var sw = File.CreateText("/bitwarden/docker/mssql.env"))
            {
                sw.Write($@"ACCEPT_EULA=Y
@ -139,6 +141,8 @@ SA_PASSWORD=SECRET
 ");
            }

+            Helpers.Exec("chmod 600 /bitwarden/docker/mssql.env");
+
            Console.WriteLine("Building docker environment override files.");
            Directory.CreateDirectory(" /bitwarden/env/");
            using(var sw = File.CreateText("/bitwarden/env/global.override.env"))
@ -149,6 +153,8 @@ SA_PASSWORD=SECRET
                }
            }

+            Helpers.Exec("chmod 600 /bitwarden/env/global.override.env");
+
            using(var sw = File.CreateText("/bitwarden/env/mssql.override.env"))
            {
                foreach(var item in _mssqlValues)
@ -156,6 +162,8 @@ SA_PASSWORD=SECRET
                    sw.WriteLine($"{item.Key}={item.Value}");
                }
            }
+
+            Helpers.Exec("chmod 600 /bitwarden/env/mssql.override.env");
        }
    }
 }
--- a/util/Setup/Helpers.cs
+++ b/util/Setup/Helpers.cs
@ -1,6 +1,8 @@
 using System;
 using System.Data.SqlClient;
+using System.Diagnostics;
 using System.IO;
+using System.Runtime.InteropServices;
 using System.Security.Cryptography;
 using System.Text;

@ -125,5 +127,36 @@ namespace Bit.Setup

            return null;
        }
+
+        public static string Exec(string cmd, bool returnStdout = false)
+        {
+            var process = new Process
+            {
+                StartInfo = new ProcessStartInfo
+                {
+                    RedirectStandardOutput = true,
+                    UseShellExecute = false,
+                    CreateNoWindow = true,
+                    WindowStyle = ProcessWindowStyle.Hidden
+                }
+            };
+
+            if(!RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
+            {
+                var escapedArgs = cmd.Replace("\"", "\\\"");
+                process.StartInfo.FileName = "/bin/bash";
+                process.StartInfo.Arguments = $"-c \"{escapedArgs}\"";
+            }
+            else
+            {
+                process.StartInfo.FileName = "powershell";
+                process.StartInfo.Arguments = cmd;
+            }
+
+            process.Start();
+            var result = returnStdout ? process.StandardOutput.ReadToEnd() : null;
+            process.WaitForExit();
+            return result;
+        }
    }
 }