NethServer Version: 8
Module: Vaultwarden Dev
While Implementing the App VAultwarden, I found myself having need for pyargon2 for the hashing mechanism required by the App.
On the Create Module, At First, When implementing
#!/usr/bin/env python3
#
# Copyright (C) 2023 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-3.0-or-later
import os
import json
import sys
import agent
import secrets
import pyargon2
import binascii
data = json.load(sys.stdin)
# Generate a random hex string of length 40
def generate_random_hex(length):
random_bytes = secrets.token_bytes(length)
random_hex = binascii.hexlify(random_bytes).decode('utf-8')
return random_hex
# Generate a random admin token
VAULTWARDEN_ADMIN_TOKEN = generate_random_hex(20)
# Hash the admin token using Argon2
hashed_admin_token = pyargon2.hash.hash_password(VAULTWARDEN_ADMIN_TOKEN)
# Set the environment variable
agent.set_env("ADMIN_TOKEN", hashed_admin_token)
# Make sure everything is saved inside the environment file
# just before starting systemd unit
agent.dump_env()
I kept getting the error
import pyargon2
ModuleNotFoundError: No module named 'pyargon2'
I thought, i could attempt it another way, by using subprocess to try and install pyargon
So this is what i did
#!/usr/bin/env python3
#
# Copyright (C) 2023 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-3.0-or-later
import os
import json
import sys
import agent
import secrets
import pyargon2
import binascii
import subprocess
try:
import pyargon2
except ModuleNotFoundError:
print("pyargon2 not found. Attempting to install...")
# Try pip install
try:
subprocess.run(["pip", "install", "pyargon2"], check=True)
except subprocess.CalledProcessError:
# If pip install fails, try pip3 install
try:
subprocess.run(["pip3", "install", "pyargon2"], check=True)
except subprocess.CalledProcessError:
print("Failed to install pyargon2. Please install it manually.")
sys.exit(1)
# Try importing pyargon2 again
try:
import pyargon2
except ModuleNotFoundError:
print("pyargon2 installation successful but import still failed.")
sys.exit(1)
# Now pyargon2 is successfully imported, continue with your script
data = json.load(sys.stdin)
# Generate a random hex string of length 40
def generate_random_hex(length):
random_bytes = secrets.token_bytes(length)
random_hex = binascii.hexlify(random_bytes).decode('utf-8')
return random_hex
# Generate a random admin token
VAULTWARDEN_ADMIN_TOKEN = generate_random_hex(20)
# Hash the admin token using Argon2
hashed_admin_token = pyargon2.hash.hash_password(VAULTWARDEN_ADMIN_TOKEN)
# Set the environment variable
agent.set_env("ADMIN_TOKEN", hashed_admin_token)
# Make sure everything is saved inside the environment file
# just before starting systemd unit
agent.dump_env()
An Alternative method was to apply
#!/usr/bin/env python3
#
# Copyright (C) 2023 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-3.0-or-later
import os
import json
import sys
import agent
import secrets
import pyargon2
import binascii
import subprocess
data = json.load(sys.stdin)
# Generate a random hex string of length 40
def generate_random_hex(length):
random_bytes = secrets.token_bytes(length)
random_hex = binascii.hexlify(random_bytes).decode('utf-8')
return random_hex
# Generate a random admin token
VAULTWARDEN_ADMIN_TOKEN = generate_random_hex(20)
# Hash the admin token using Argon2
hashed_admin_token = pyargon2.hash.hash_password(VAULTWARDEN_ADMIN_TOKEN)
# Set the environment variable
agent.set_env("ADMIN_TOKEN", hashed_admin_token)
#======= Attempt using sub Proc========
# Execute the command to hash the admin token using Argon2 and print the result
proc = subprocess.Popen(
["echo", "-n", VAULTWARDEN_ADMIN_TOKEN],
stdout=subprocess.PIPE,
)
hashed_admin_token = subprocess.check_output(
["argon2", "$(openssl rand -base64 32)", "-e", "-id", "-k", "65540", "-t", "3", "-p", "4"],
stdin=proc.stdout,
text=True
)
# Set the environment variable
agent.set_env("ADMIN_TOKEN", hashed_admin_token.strip())
# Make sure everything is saved inside the environment file
# just before starting systemd unit
agent.dump_env()
Attempt using sub Proc to generate the argon, but was not possible.
When all these was not possible, the last attempt was to try make use of the builtin vaultwarden hash, and retrive the information<
this only works if the container is running, so far, gotten some issues
import os
import json
import sys
import agent
import secrets
import subprocess
import binascii
data = json.load(sys.stdin)
# Generate a random hex string of length 40
def generate_random_hex(length):
random_bytes = secrets.token_bytes(length)
random_hex = binascii.hexlify(random_bytes).decode('utf-8')
return random_hex
# Generate a random admin token
VAULTWARDEN_ADMIN_TOKEN = generate_random_hex(20)
# Execute the vaultwarden CLI command to hash the admin token
try:
hashed_admin_token = subprocess.check_output(
["/usr/bin/podman", "exec", "-i", "vaultwarden-app", "/vaultwarden", "hash"],
input=VAULTWARDEN_ADMIN_TOKEN.encode(),
text=True
).strip()
except subprocess.CalledProcessError as e:
print("Error executing vaultwarden hash command:", e)
sys.exit(1)
# Set the environment variable
agent.set_env("ADMIN_TOKEN", hashed_admin_token)
# Make sure everything is saved inside the environment file
# just before starting systemd unit
agent.dump_env()