fix: remove world access to existing data

fix: set umask closes #6
chore: publish 1.1.0+1.33.2 release
2025-04-03 17:06:53 -03:00 · 2025-03-31 15:40:03 -03:00 · 2025-02-24 14:49:03 +01:00 · 2025-02-24 14:44:41 +01:00 · 2025-01-20 14:25:52 +01:00
8 changed files with 14 additions and 3 deletions
--- a/.env.sample
+++ b/.env.sample
@ -15,6 +15,8 @@ LOG_LEVEL=warn

 SECRET_ADMIN_TOKEN_VERSION=v1 # length=48

+TX="Europe/Berlin"
+
 ## DB settings
 #COMPOSE_FILE="$COMPOSE_FILE:compose.mariadb.yml"
 #SECRET_DB_PASSWORD_VERSION=v1
--- a/abra.sh
+++ b/abra.sh
@ -1,4 +1,4 @@
-export APP_ENTRYPOINT_VERSION=v3
+export APP_ENTRYPOINT_VERSION=v4
 APP_DIR="app:/data"

 insert_vaultwarden_admin_token() {
--- a/compose.yml
+++ b/compose.yml
@ -3,7 +3,7 @@ version: "3.8"

 services:
  app:
-    image: vaultwarden/server:1.32.7
+    image: vaultwarden/server:1.33.2
    networks:
      - proxy
      - internal
@ -16,6 +16,7 @@ services:
      - "EXTENDED_LOGGING=$EXTENDED_LOGGING"
      - "LOG_FILE=$LOG_FILE"
      - "LOG_LEVEL=$LOG_LEVEL"
+      - "TX=${TX:-Europe/Berlin}"
    configs:
      - source: app_entrypoint
        target: /docker-entrypoint.sh
@ -41,7 +42,7 @@ services:
        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.4+1.32.7"
+        - "coop-cloud.${STACK_NAME}.version=1.1.0+1.33.2"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/data"

--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@ -1,6 +1,7 @@
 #!/bin/bash

 set -e
+umask 027

 # set DATABASE_URL with db_password
 set_db_url() {
@ -48,6 +49,9 @@ fi
 file_env "ADMIN_TOKEN"
 file_env "SMTP_PASSWORD"

+# remove world permissions on data
+chmod -R o= /data
+
 # upstream startup command
 # https://github.com/dani-garcia/vaultwarden/blob/60ed5ff99d15dec0b82c85987f9a3e244b8bde91/docker/Dockerfile.j2#L254
 /start.sh
--- a/release/1.0.0+1.32.3
+++ b/release/1.0.0+1.32.3
@ -0,0 +1 @@
+ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.
--- a/release/1.0.1+1.32.5
+++ b/release/1.0.1+1.32.5
@ -0,0 +1 @@
+ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.
--- a/release/1.0.2+1.32.5
+++ b/release/1.0.2+1.32.5
@ -0,0 +1 @@
+ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.
--- a/release/1.0.3+1.32.5
+++ b/release/1.0.3+1.32.5
@ -0,0 +1 @@
+ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.
Author	SHA1	Message	Date
f	cab11b0e2a	fix: remove world access to existing data	2025-04-03 17:06:53 -03:00
f	938e4671b4	fix: set umask closes #6	2025-03-31 15:40:03 -03:00
Moritz	96c7c18029	chore: publish 1.1.0+1.33.2 release	2025-02-24 14:49:03 +01:00
Moritz	936d2c7044	add timezone env TX	2025-02-24 14:44:41 +01:00
stevensting	705f81dfb2	add release notes for older version with upgrade warning All checks were successful continuous-integration/drone/push Build is passing Details	2025-01-20 14:25:52 +01:00
				`@ -0,0 +1 @@`
				`ATTENTION: this version is not automatically upgradeable due to missing entrypoint version increase. Please upgrade to at least 1.0.4+1.32.7 directly.`