Currently vaultwarden v1.35.0 can't be built because it still has the toolchain listed for 1.76.0 in its rust-toolchain.toml

buildpackage will fail with an error similar:

package migrations_internals v2.2.0 cannot be built because it requires rustc 1.78.0 or newer, while the currently active rustc version is 1.76.0

Right now this package ships the default upstream config file which uses sqlite since no database connection string is set. With dbconfig-common we could offer the selection of supported database servers at installation time and setup a database and credentials automatically. Check if any schema migration strategy needs also to be implemented.

Since v1.28.0 vaultwarden added the option and recommendation to use argon2 as admin token instead of plaintext. Currently a plaintext token is generated using openssl and a notice is printed during installation.

1. To use argon2 a password has to be provided by the user. I got a tip from the debian packaging IRC on how to handle such things (the debconf option seems the one to be explored):

Q: Hi, I can't find guidance on how to handle generated passwords for packages. There is no word about it in the policy manual. Mysql e.g. uses /etc/mysql/debian.cnf to store a root password for pkg use. So is placing such file in /etc still a viable solution?
A: for databases, there is dbconfig-common
A: more generally, ask for the password using debconf, then write the result to the config. the default should be loaded from the config file

Note that we can't load the existing password from the config as we only have the hash. I suggest we don't need to as we keep the current logic to only create a hash automatically (this time with user input) when missing. If a user wants to create a new hash afterwards he can use the vaultwarden hash command.

2. Set the required packages as dependencies so this can be executed at postinst (if postinst is still the recommended way of the point above). Vaultwarden doesn't intent using their hash command for automatic purposes: (dani-garcia/vaultwarden#3411)

I've installed the rust toolchain 1.78 with rustup. But gdb buildpackage for some reason refuses to find cargo:

gbp:info: Extracting 'vaultwarden_1.30.5.orig.tar.gz' to '/opt/vaultwarden-deb/vaultwarden-tmp'
gbp:info: Exporting 'HEAD' to '/opt/vaultwarden-deb/vaultwarden-tmp'
gbp:info: Moving '/opt/vaultwarden-deb/vaultwarden-tmp' to '/opt/vaultwarden-deb/vaultwarden-1.30.5'
gbp:info: Performing the build
 dpkg-buildpackage -us -uc -ui -i -I
dpkg-buildpackage: Information: Source package vaultwarden
dpkg-buildpackage: Information: Source version 1.30.5-1
dpkg-buildpackage: Information: source distribution unstable
dpkg-buildpackage: Information: Source changed by dionysius <[email protected]>
 dpkg-source -i -I --before-build .
dpkg-buildpackage: Information: host architecture amd64
dpkg-source: Information: Options from vaultwarden-1.30.5/debian/source/options are used: --extend-diff-ignore=(^|/)(.github|LICENSE|README|signing-key)
dpkg-checkbuilddeps: Error: Unfulfilled build dependencies: cargo
dpkg-buildpackage: Warning: Build dependencies/conflicts not fulfilled; abort
dpkg-buildpackage: Warning: (Use -d to override.)
debuild: fatal error at line 1184:
dpkg-buildpackage -us -uc -ui -i -I failed
gbp:error: 'debuild -i -I' failed: it exited with 29

But

cargo -V
cargo 1.78.0 (54d8815d0 2024-03-26)

which cargo
/usr/bin/cargo

So what exactly is it complaining about?

When starting vaultwarden the first time it throws an error, after trying to save the newly created key in /var/lib/vaultwarden/data.

It would help to change the owner of this folder to the vaultwarden user.

Since v1.28.0 vaultwarden added the option and recommendation to use argon2 as admin token instead of plaintext. For this they added both options as comments to their env template.

This sed currently appends the ADMIN_TOKEN_FILE option after each # ADMIN_TOKEN=.* pattern, which now exists twice.

Be my guest if someone has more knowledge in sed or awk as I'd like have a fairly safe and understandable replacement for it. It should append it only once after the whole comment block.

I'm trying to compile the deb again in a Debian Stable VM, as I originally compiled it on Testing, but that won't be able to run on a Stable system. But the Stable systm doesn't have enough space for compiling. I've installed everything needed, including both the rust 1.78 toolchain via rustup and cargo (and with that the rust toolchain of Stable). For some reason toolchain 1.76 is being installed by the script (either by it or vaultwarden), but compilation fails with this message:

riscv:

  error: failed to run custom build command for `ring v0.16.20`
  
  Caused by:
    process didn't exit successfully: `/work/vaultwarden-1.27.0/target/release/build/ring-03adbee9b7db2dc2/build-script-build` (exit status: 101)
    --- stderr
    thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/ring-0.16.20/build.rs:358:10
    note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

• briansmith/ring#1455

armv7:

  error: failed to compile `vaultwarden v1.0.0 (/work/vaultwarden-1.27.0)`, intermediate artifacts can be found at `/work/vaultwarden-1.27.0/target`
  
  Caused by:
    failed to load source for dependency `multer`
  
  Caused by:
    Unable to update https://github.com/BlackDex/multer-rs?rev=477d16b7fa0f361b5c2a5ba18a5b28bec6d26a8a
  
  Caused by:
    failed to clone into: /root/.cargo/git/db/multer-rs-4345aff1a2cb4345aff1a2cb7639
  
  Caused by:
    could not read directory '/root/.cargo/git/db/multer-rs-4345aff1a2cb7639/refs': Value too large for defined data type; class=Os (2)

• rust-lang/cargo#8719

aarch64:

error: could not compile `vaultwarden`
  
  Caused by:
    process didn't exit successfully: `rustc --crate-name vaultwarden --edition=2021 ... (signal: 9, SIGKILL: kill)
  error: failed to compile `vaultwarden v1.0.0 (/work/vaultwarden-1.27.0)`, intermediate artifacts can be found at `/work/vaultwarden-1.27.0/target`

• github runners probably killing job for taking too long (at ~3h run time). Once it ran through taking 5h30min (probably luck). A better and more efficient way is needed to offer cross compiled packages.

Hi,

I don't know if this issue is linked to your repo or the original vaultwarden.
But neither at the cmd or the admin page I can see the version I installed.

cmd:

root@host:~# vaultwarden -v
vaultwarden (Version info from Git not present)

web:

What is going wrong?