Package Details: bitwarden_rs 1.17.0-1

Git Clone URL: (read-only, click to copy)
Package Base: bitwarden_rs
Description: An unofficial lightweight implementation of the bitwarden-server using rust and sqlite. Does NOT include the web-interface.
Upstream URL:
Keywords: bitwarden manager password passwordmanager rust selfhosted server
Licenses: GPL3
Conflicts: bitwarden_rs-git, bitwarden_rs-mysql, bitwarden_rs-postgresql
Submitter: mqs
Maintainer: mqs
Last Packager: mqs
Votes: 13
Popularity: 1.25
First Submitted: 2018-07-13 15:29
Last Updated: 2020-10-11 14:55

Pinned Comments

grawlinson commented on 2020-02-18 05:34

If any users are running this in a container (LXC, et al), the systemd service will not start. The line LimitNPROC=64 in the service file prevents the service from starting, as the following error shows:

Feb 18 05:29:10 staging-bitwarden systemd[1]: Started Bitwarden Server (Rust Edition).
Feb 18 05:29:10 staging-bitwarden systemd[49506]: bitwarden_rs.service: Failed to execute command: Resource temporarily unavailable
Feb 18 05:29:10 staging-bitwarden systemd[49506]: bitwarden_rs.service: Failed at step EXEC spawning /usr/bin/bitwarden_rs: Resource temporarily unavailable
Feb 18 05:29:10 staging-bitwarden systemd[1]: bitwarden_rs.service: Main process exited, code=exited, status=203/EXEC
Feb 18 05:29:10 staging-bitwarden systemd[1]: bitwarden_rs.service: Failed with result 'exit-code'.

Commenting out that particular line results in the service starting correctly.

Latest Comments

1 2 3 4 Next › Last »

mqs commented on 2020-10-11 18:16

I thought about it a bit more and tried out some things.

Point 1 is almost entirely moot since the database can also run on a different machine. So depending on that in any way would be unnecessarily limiting and configuring the service file for that should be up to the user.

I'm currently building bitwarden_rs-git with a multi-db backend and tried out the dependencies. I noticed that -mysql and -postgresql depend on mysql/postgresql entirely, not only their client libraries which are necessary for building bitwarden_rs, which alleviates this issue a bit.

But on the other hand, mariadb-libs and postgresql-libs are also required at runtime, if you compiled the bitwarden_rs with it. That makes ~2MB more for the multidb-package as well as an additional ~30MB of mandatory libraries. I'm not sure if this is ok.

With those circumstances I'm more for the separate packages.

mqs commented on 2020-10-11 09:51

@bjo, @grawlinson In principle I am not against this, but there are some issues to remember.

  1. I would have liked to put Wants=mysqld.service (or the apropriate equivalent) into the service file for the database dependencies. But as it isn't included in the separate packages even now, I am leaving this out and only putting After=mysqld.service in, which should work even if mysql is not installed.

  2. Dependencies. I would have wanted to leave out the dependencies on mysql or postgresql for the sqlite packages for reasons of waste on the system. I can compromise on that if those are staying make dependencies and optional runtime dependencies, so that would not be an issue. Btw, mysql and postgresql are not runtime-dependencies of bitwarden_rs-{musql,postgresql}. Is this intentional?

  3. Binary size. I think this is not really an issue but lets not forget it.

Nevertheless, I would want to only make bitwarden_rs-git multi-db for now, to allow for testing and would try push the next bitwarden_rs release (not 1.17.0) with a multidb PKGBUILD.

grawlinson commented on 2020-10-10 21:08

That’s fantastic news. It means that this package (bitwarden_rs) can be the sole provider for all database backends.

bjo commented on 2020-10-10 19:47

1.17.0 has support for multiple databases at once:

Multiple database support, now you can compile with cargo build --features sqlite,mysql,postgresql or any combination of them.

So, do we still need the different PKGBUIlDs?

mqs commented on 2020-10-09 09:52

Apart from what grawlinson said, could you try to run

sudo -u bitwarden_rs bash
cp /etc/bitwarden_rs.env .env

and see what it says? This should basically run bitwarden_rs without using systemd but with the same user permissions. If it does not fail(or fails differently) then the issue lies in the (possibly too) restrictive .service file I put together. If it also fails then the issue is in your configuration or setup.

It would help if you could put together how to reproduce your issue (what did you do after you installed the bitwarden_rs package?)

PS: Right, after the test above (which you can stop with ctrl+c) you might want to clean up the copy of the .env config file with rm .env.

grawlinson commented on 2020-10-09 08:24

@christian-arch: I've been using bitwarden_rs behind a reverse proxy (nginx) for TLS. I think that's what upstream has recommended.

What are the permissions on the certificate files? Do they actually exist?

christian-arch commented on 2020-10-08 23:31

I'm trying to setup bitwarden with HTTPS but when I try to start the service it exits with:

Oct 09 01:15:45 server bitwarden_rs[2201]: Error: I/O error while setting tls.certs:
Oct 09 01:15:45 server bitwarden_rs[2201]:     => Permission denied (os error 13)

I figure this has something to do with which user the service is running I tried changing the service's group and let that group read my cert files but still get the same error. I also tried to run the service as root but then I get:

Oct 09 01:26:20 server systemd[1]: bitwarden_rs.service: Main process exited, code=dumped, statu>
Oct 09 01:26:20 server systemd[1]: bitwarden_rs.service: Failed with result 'core-dump'.

Is anyone running bitwarden from this package with TLS enabled?

Inxsible commented on 2020-03-10 14:43

Thank you again @grawlinson & @mqs.

If the chrome/firefox extension would work without issues, then I will try to only install the bitwarden_rs server. If in the future I feel the need to access it via a browser, then I can replace it with the vault version.

Thanks for helping me understand.

mqs commented on 2020-03-10 06:38

@Inxsible You only need the web vault if you want to access it as a web page, e.g. from devices other than your own or devices where you can't even install browser plugins or apps. If you are using a Chromebook, you can probably use the official Bitwarden browser plugin and won't need the web-vault.

If you do want to install bitwarden_rs-vault, you probably won't have to reconfigure bitwarden_rs.env because the vault package will try to configure it automatically. Just follow the instructions shown when you install the package. If you want to use it in chrome then I recommend bitwarden_rs-vault-bin because it already was patched to mitigate a chrome bug.

grawlinson commented on 2020-03-10 05:54

Yes, the documentation is a bit sparse.

For your use-case, you'll want to install bitwarden_rs and bitwarden_rs-vault, you'll also want to setup a reverse proxy with HTTPS as well as modify /etc/bitwarden_rs.env as below:

## Web vault settings

There are other variables that need adjusting, the wiki has examples in the 'Configuration' section.

If you need additional help, my contact details can be found in my profile.