Merge pull request #2 from AronMarinelli/user/aron/perms-issues

Allow configuration of UID/GID when running the application through Docker, update README.md

Bitwarden.SecureSync.Application/Bitwarden.SecureSync.Application.csproj

@@ -33,6 +33,10 @@
         <Content Include="..\.dockerignore">
             <Link>.dockerignore</Link>
         </Content>
+        <Content Include="..\docker-entrypoint.sh">
+          <Link>docker-entrypoint.sh</Link>
+          <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+        </Content>
         <Content Include="..\Dockerfile">
             <Link>Dockerfile</Link>
         </Content>

Bitwarden.SecureSync.Application/Program.cs

@@ -56,7 +56,6 @@ static async Task CheckConfigurationAvailability()
     Console.ForegroundColor = ConsoleColor.Yellow;
     Console.WriteLine(
         "No configuration file found. A default appsettings.json file will be created in the /config directory.");
-    Console.ResetColor();
 
     var bitwardenConfiguration = BitwardenConfiguration.GetSampleConfiguration();
     var syncConfiguration = SyncConfiguration.GetSampleConfiguration();
@@ -73,7 +72,13 @@ static async Task CheckConfigurationAvailability()
         }
     );
 
-    await File.WriteAllTextAsync("config/appsettings.json", serializedSampleConfig);
+    var fileInfo = new FileInfo("config/appsettings.json");
+    await using var fs = fileInfo.Open(FileMode.CreateNew, FileAccess.ReadWrite);
+    await using var sw = new StreamWriter(fs);
+    await sw.WriteAsync(serializedSampleConfig);
+
+    Console.WriteLine($"Stopping application gracefully. Please add required configuration to {fileInfo.FullName} in order for the application to run properly on next run.");
+    Environment.Exit(0);
 }
 
 static void BindConfiguration(IServiceCollection services, IConfiguration configuration)

Dockerfile

@@ -1,5 +1,4 @@
 FROM mcr.microsoft.com/dotnet/runtime:8.0 AS base
-USER $APP_UID
 WORKDIR /app
 
 FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
@@ -20,14 +19,21 @@ RUN dotnet publish "Bitwarden.SecureSync.Application.csproj" -c $BUILD_CONFIGURA
 
 FROM base AS final
 WORKDIR /app
-COPY --from=publish /app/publish .
-ENTRYPOINT ["dotnet", "Bitwarden.SecureSync.Application.dll"]
+
+ENV PATH="/app:${PATH}" \
+    PUID=0 \
+    PGID=0
+
+RUN set -eux; \
+	apt-get update; \
+	apt-get install -y gosu; \
+	rm -rf /var/lib/apt/lists/*; \
+	gosu nobody true
 
 VOLUME ["/app/config", "/app/data"]
 
-USER root
-RUN chown -R $APP_UID /app
-USER $APP_UID
+COPY --from=publish /app/publish .
+ENTRYPOINT ["/bin/sh", "docker-entrypoint.sh"]
 
 LABEL org.opencontainers.image.authors="[email protected]"
 LABEL org.opencontainers.image.url="https://github.com/AronMarinelli/bitwarden-secure-sync"

README.md

@@ -4,6 +4,7 @@ A simple tool that can be used to export your Bitwarden vault to a local file pe
 
 Uses the [Bitwarden CLI](https://github.com/bitwarden/clients) tool to communicate with the API, and exports your passwords using the default Bitwarden export method.
 
+> [!NOTE]  
 > I am not affiliated with Bitwarden Inc. in any way, and am providing this software as-is. This project is intended for personal use, and might receive breaking updates without notice. 
 
 ## Usage
@@ -14,6 +15,14 @@ It is important to bind both the `/app/config` and `/app/data` directories for t
 
 Upon initial run, the application shall automatically create an appsettings.json file at the /app/config path. In order for the application to function, the appsettings.json file should be configured as [described below](#configuration).
 
+> [!IMPORTANT]  
+> By default, the application is configured to run as root (UID/GID 0).
+> For security purposes, it is recommended you specify the PGID and PUID environment variables when running the container.
+> 
+> A properly formatted docker run command may look as follows:
+>
+> ```docker run --env PGID=100 --env PUID=99 -v /home/docker/bitwarden-secure-sync/config:/app/config -v /home/docker/bitwarden-secure-sync/data:/app/data aronmarinelli/bitwarden-secure-sync```
+
 ### .NET/Console app
 It is possible to run the application outside of Docker. 
 

docker-entrypoint.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+mkdir /.config && mkdir /.config/Bitwarden\ CLI
+chown -R ${PUID}:${PGID} /.config/Bitwarden\ CLI
+
+chown -R ${PUID}:${PGID} /app
+exec gosu ${PUID}:${PGID} dotnet /app/Bitwarden.SecureSync.Application.dll