Update u2f to 0.2, which requires OpenSSL but also might solve the problems we've had with certificates.

The rust image doesn't need installing curl or tar, so removed. Also collapsed ENV lines.

Cargo.toml

@@ -14,7 +14,7 @@ build = "build.rs"
 # Empty to keep compatibility, prefer to set USE_SYSLOG=true
 enable_syslog = []
 mysql = ["diesel/mysql", "diesel_migrations/mysql"]
-postgresql = ["diesel/postgres", "diesel_migrations/postgres", "openssl"]
+postgresql = ["diesel/postgres", "diesel_migrations/postgres"]
 sqlite = ["diesel/sqlite", "diesel_migrations/sqlite", "libsqlite3-sys"]
 
 [target."cfg(not(windows))".dependencies]
@@ -75,7 +75,7 @@ data-encoding = "2.1.2"
 jsonwebtoken = "6.0.1"
 
 # U2F library
-u2f = "0.1.6"
+u2f = "0.2.0"
 
 # Yubico Library
 yubico = { version = "0.7.1", features = ["online-tokio"], default-features = false }
@@ -107,8 +107,8 @@ soup = "0.4.1"
 regex = "1.3.3"
 data-url = "0.1.0"
 
-# Required for SSL support for PostgreSQL
-openssl = { version = "0.10.26", optional = true }
+# Used by U2F, JWT and Postgres
+openssl = "0.10.26"
 
 # URL encoding library
 percent-encoding = "2.1.0"

docker/Dockerfile.j2

@@ -36,21 +36,10 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 {% if "alpine" in vault_stage_base_image %}
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
+RUN apk add --no-cache --upgrade curl tar
 {% else %}
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 {% endif %}
 
 RUN mkdir /web-vault
@@ -88,10 +77,7 @@ ARG DB=postgresql
 
 {% endif %}
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/aarch64/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/aarch64/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/mysql/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
+RUN apk add --no-cache --upgrade curl tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/postgresql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/postgresql/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
+RUN apk add --no-cache --upgrade curl tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=postgresql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/amd64/sqlite/Dockerfile.alpine

@@ -11,9 +11,7 @@ ENV VAULT_VERSION "v2.12.0b"
 
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
-RUN apk add --no-cache --upgrade \
-    curl \
-    tar
+RUN apk add --no-cache --upgrade curl tar
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -31,10 +29,7 @@ FROM clux/muslrust:nightly-2019-12-19 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv6/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv6/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv7/mysql/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=mysql
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

docker/armv7/sqlite/Dockerfile

@@ -12,16 +12,7 @@ ENV VAULT_VERSION "v2.12.0b"
 ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
-
-RUN apt-get update \
-    && apt-get install -y \
-        --no-install-recommends \
-        curl \
-        tar
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 RUN mkdir /web-vault
 WORKDIR /web-vault
@@ -40,10 +31,7 @@ FROM rust:1.40 as build
 ARG DB=sqlite
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
-ARG DEBIAN_FRONTEND=noninteractive
-ARG LANG=C.UTF-8
-ARG TZ=UTC
-ARG TERM=xterm-256color
+ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
 
 # Don't download rust docs
 RUN rustup set profile minimal

src/api/core/two_factor/u2f.rs

@@ -92,6 +92,7 @@ struct RegistrationDef {
     key_handle: Vec<u8>,
     pub_key: Vec<u8>,
     attestation_cert: Option<Vec<u8>>,
+    device_name: Option<String>,
 }
 
 #[derive(Serialize, Deserialize)]