From 04d4b908dba2d8f4fac47134127f450a9d063611 Mon Sep 17 00:00:00 2001 From: Costa Huang Date: Thu, 13 Dec 2018 15:54:52 -0500 Subject: [PATCH 1/5] API-15 # Delete the Salt and use environment variable to generate the salt --- .dockerignore | 3 ++- .gitignore | 3 ++- encryption.go | 2 -- utils/generate_salt_file.go | 31 +++++++++++++++++++++++++++++++ 4 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 utils/generate_salt_file.go diff --git a/.dockerignore b/.dockerignore index afbc551..f8d8061 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,3 @@ vendor -Dockerfile \ No newline at end of file +Dockerfile +salt.go \ No newline at end of file diff --git a/.gitignore b/.gitignore index 12852ca..3fe9c63 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ cmd/portwarden/portwarden_backup/* vendor/* **/*.portwarden -**/*.decrypted.zip \ No newline at end of file +**/*.decrypted.zip +salt.go \ No newline at end of file diff --git a/encryption.go b/encryption.go index 7d9a2e2..89ced60 100644 --- a/encryption.go +++ b/encryption.go @@ -14,8 +14,6 @@ import ( ) const ( - Salt = `,(@0vd<)D6c3:5jI;4BZ(#Gx2IZ6B>` - ErrMessageAuthenticationFailed = "cipher: message authentication failed" ErrWrongBackupPassphrase = "wrong backup passphrase entered" ) diff --git a/utils/generate_salt_file.go b/utils/generate_salt_file.go new file mode 100644 index 0000000..1fb19c6 --- /dev/null +++ b/utils/generate_salt_file.go @@ -0,0 +1,31 @@ +package main + +import ( + "fmt" + "io/ioutil" + "log" + "os" +) + +const ( + Template = `package portwarden + +const ( + Salt = "%v" +) +` +) + +func main() { + Salt := os.Getenv("Salt") + if len(Salt) == 0 { + log.Fatal("Salt not detected in Environment Variable `Salt`") + } + err := ioutil.WriteFile("./salt.go", []byte(fmt.Sprintf(Template, Salt)), 0644) + if err != nil { + if len(Salt) == 0 { + log.Fatalf("Error writing salt file: %v", err) + } + } + +} From 85be6602623c850c753f8636de181434701db966 Mon Sep 17 00:00:00 2001 From: Costa Huang Date: Thu, 13 Dec 2018 16:23:10 -0500 Subject: [PATCH 2/5] API-15 # Use environment variables for salts of encryption --- Dockerfile.Build | 4 ++-- docker-compose.yaml | 13 +++++++++---- utils/generate_salt_file.go | 1 - 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Dockerfile.Build b/Dockerfile.Build index bca4238..1a23c1c 100644 --- a/Dockerfile.Build +++ b/Dockerfile.Build @@ -7,6 +7,7 @@ RUN tar -C /usr/local -xzf /tmp/go1.11.2.linux-amd64.tar.gz RUN rm /tmp/go1.11.2.linux-amd64.tar.gz ENV GOPATH /go ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +ENV Salt $Salt RUN mkdir -p "$GOPATH/src" "$GOPATH/bin" && chmod -R 777 "$GOPATH" # Setup work directory @@ -25,14 +26,13 @@ RUN chmod +x /usr/bin/bw # Run dep # Notice git is the dependency for running dep RUN cd /go/src/github.com/vwxyzjn/portwarden && dep ensure --vendor-only - +RUN go run /go/src/github.com/vwxyzjn/portwarden/web/utils/generate_salt_file.go RUN go build /go/src/github.com/vwxyzjn/portwarden/web/worker/main.go && mv ./main /worker RUN go build /go/src/github.com/vwxyzjn/portwarden/web/scheduler/main.go && mv ./main /scheduler # Ready to run EXPOSE 5000 - FROM debian:stretch-20181112 RUN apt-get update && apt-get install -y ca-certificates openssl COPY --from=0 /usr/bin/bw /usr/bin/bw diff --git a/docker-compose.yaml b/docker-compose.yaml index cb7b10d..ca3e4f2 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,6 +2,15 @@ version: '3' services: + salt_generator: + image: vwxyzjn/portwarden-server-dev:1.7.0 + environment: + - Salt=${Salt} + volumes: + - .:/go/src/github.com/vwxyzjn/portwarden + command: + go run ./utils/generate_salt_file.go + scheduler: image: vwxyzjn/portwarden-server-dev:1.7.0 stdin_open: true @@ -17,8 +26,6 @@ services: - .:/go/src/github.com/vwxyzjn/portwarden working_dir: /go/src/github.com/vwxyzjn/portwarden/web/scheduler - # command: - # go run main.go redis: image: redis @@ -41,8 +48,6 @@ services: - .:/go/src/github.com/vwxyzjn/portwarden working_dir: /go/src/github.com/vwxyzjn/portwarden/web/worker - command: - go run main.go redis-commander: image: rediscommander/redis-commander:latest diff --git a/utils/generate_salt_file.go b/utils/generate_salt_file.go index 1fb19c6..cb2af28 100644 --- a/utils/generate_salt_file.go +++ b/utils/generate_salt_file.go @@ -27,5 +27,4 @@ func main() { log.Fatalf("Error writing salt file: %v", err) } } - } From e16fcff41929a7f86aef5c2114630732e46e7f97 Mon Sep 17 00:00:00 2001 From: Costa Huang Date: Thu, 13 Dec 2018 17:06:53 -0500 Subject: [PATCH 3/5] API-15 # Try to use drone.io CI/CD --- .drone.yml | 15 +++++++++++++++ Dockerfile.Build | 12 ++++++------ 2 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..34b804c --- /dev/null +++ b/.drone.yml @@ -0,0 +1,15 @@ +kind: pipeline +name: production + +steps: +- name: docker + image: plugins/docker + settings: + dockerfile: Dockerfile.Build + repo: vwxyzjn/portwarden-server-prod + target: production + auto_tag: true + username: + from_secret: docker_username + password: + from_secret: docker_password \ No newline at end of file diff --git a/Dockerfile.Build b/Dockerfile.Build index 1a23c1c..8fb4613 100644 --- a/Dockerfile.Build +++ b/Dockerfile.Build @@ -1,4 +1,4 @@ -FROM ubuntu:latest +FROM ubuntu:latest as builder # Install Go RUN apt-get update && apt-get install -y wget git gcc unzip @@ -33,12 +33,12 @@ RUN go build /go/src/github.com/vwxyzjn/portwarden/web/scheduler/main.go && mv . # Ready to run EXPOSE 5000 -FROM debian:stretch-20181112 +FROM debian:stretch-20181112 as production RUN apt-get update && apt-get install -y ca-certificates openssl -COPY --from=0 /usr/bin/bw /usr/bin/bw -COPY --from=0 /scheduler /go/src/github.com/vwxyzjn/portwarden/web/scheduler/scheduler -COPY --from=0 /worker /go/src/github.com/vwxyzjn/portwarden/web/worker/worker -COPY --from=0 /go/src/github.com/vwxyzjn/portwarden/web/portwardenCredentials.json /go/src/github.com/vwxyzjn/portwarden/web/portwardenCredentials.json +COPY --from=builder /usr/bin/bw /usr/bin/bw +COPY --from=builder /scheduler /go/src/github.com/vwxyzjn/portwarden/web/scheduler/scheduler +COPY --from=builder /worker /go/src/github.com/vwxyzjn/portwarden/web/worker/worker +COPY --from=builder /go/src/github.com/vwxyzjn/portwarden/web/portwardenCredentials.json /go/src/github.com/vwxyzjn/portwarden/web/portwardenCredentials.json RUN chmod +x /go/src/github.com/vwxyzjn/portwarden/web/scheduler/scheduler RUN chmod +x /go/src/github.com/vwxyzjn/portwarden/web/worker/worker WORKDIR /go/src/github.com/vwxyzjn/portwarden From 80cee2ae28f0ef4dedda7a6ecdc57a522eae8e27 Mon Sep 17 00:00:00 2001 From: Costa Huang Date: Thu, 13 Dec 2018 17:16:58 -0500 Subject: [PATCH 4/5] API-15 # Add salt to the environment --- .drone.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.drone.yml b/.drone.yml index 34b804c..bf27283 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,6 +4,9 @@ name: production steps: - name: docker image: plugins/docker + environment: + Salt: + from_secret: Salt settings: dockerfile: Dockerfile.Build repo: vwxyzjn/portwarden-server-prod From 26f7c81eca0c3082c7470c966aa6f513b701703a Mon Sep 17 00:00:00 2001 From: Costa Huang Date: Sat, 15 Dec 2018 01:56:51 -0500 Subject: [PATCH 5/5] API-15 # Test drone.io --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index bf27283..7c8db5d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,9 +4,9 @@ name: production steps: - name: docker image: plugins/docker - environment: - Salt: - from_secret: Salt + # environment: + # Salt: + # from_secret: Salt settings: dockerfile: Dockerfile.Build repo: vwxyzjn/portwarden-server-prod