Address review remarks and small updates

- Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations - Updated web-vault to v2023.9.1
2 years ago · 79903d241b
17 changed files with 552 additions and 229 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -114,46 +114,46 @@ jobs:
          prefix-key: "v2023.07-rust"
      # End Enable Rust Caching

-      # Run cargo tests (In release mode to speed up future builds)
+      # Run cargo tests
      # First test all features together, afterwards test them separately.
      - name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
        id: test_sqlite_mysql_postgresql_mimalloc
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
+          cargo test --features sqlite,mysql,postgresql,enable_mimalloc

      - name: "test features: sqlite,mysql,postgresql"
        id: test_sqlite_mysql_postgresql
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite,mysql,postgresql
+          cargo test --features sqlite,mysql,postgresql

      - name: "test features: sqlite"
        id: test_sqlite
        if: $${{ always() }}
        run: |
-          cargo test --release --features sqlite
+          cargo test --features sqlite

      - name: "test features: mysql"
        id: test_mysql
        if: $${{ always() }}
        run: |
-          cargo test --release --features mysql
+          cargo test --features mysql

      - name: "test features: postgresql"
        id: test_postgresql
        if: $${{ always() }}
        run: |
-          cargo test --release --features postgresql
+          cargo test --features postgresql
      # End Run cargo tests


-      # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
+      # Run cargo clippy, and fail on warnings
      - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
        id: clippy
        if: ${{ always() && matrix.channel == 'rust-toolchain' }}
        run: |
-          cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
+          cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
      # End Run cargo clippy


@ -195,21 +195,3 @@ jobs:
        run: |
          echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
          echo "" >> $GITHUB_STEP_SUMMARY
-
-
-      # Build the binary to upload to the artifacts
-      - name: "build features: sqlite,mysql,postgresql"
-        if: ${{ matrix.channel == 'rust-toolchain' }}
-        run: |
-          cargo build --release --features sqlite,mysql,postgresql
-      # End Build the binary
-
-      # TODO: We should not upload these. We should extract Alpine build binaries from the containers and upload them
-      # # Upload artifact to Github Actions
-      # - name: "Upload artifact"
-      #   uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
-      #   if: ${{ matrix.channel == 'rust-toolchain' }}
-      #   with:
-      #     name: vaultwarden
-      #     path: target/release/vaultwarden
-      # # End Upload artifact to Github Actions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -14,6 +14,7 @@ on:

    branches: # Only on paths above
      - main
+      - release-build-revision

    tags: # Always, regardless of paths above
      - '*'
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -1,7 +1,7 @@
 ---
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.5.0
    hooks:
    - id: check-yaml
    - id: check-json
--- a/Cargo.lock
+++ b/Cargo.lock
@ -17,6 +17,17 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"

+[[package]]
+name = "ahash"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
+dependencies = [
+ "getrandom",
+ "once_cell",
+ "version_check",
+]
+
 [[package]]
 name = "ahash"
 version = "0.8.3"
@ -98,9 +109,9 @@ dependencies = [

 [[package]]
 name = "async-compression"
-version = "0.4.3"
+version = "0.4.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c"
+checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2"
 dependencies = [
 "brotli",
 "flate2",
@ -112,9 +123,9 @@ dependencies = [

 [[package]]
 name = "async-executor"
-version = "1.5.4"
+version = "1.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499"
+checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0"
 dependencies = [
 "async-lock",
 "async-task",
@ -153,9 +164,9 @@ dependencies = [
 "log",
 "parking",
 "polling",
- "rustix 0.37.24",
+ "rustix 0.37.26",
 "slab",
- "socket2 0.4.9",
+ "socket2 0.4.10",
 "waker-fn",
 ]

@ -181,7 +192,7 @@ dependencies = [
 "cfg-if",
 "event-listener 3.0.0",
 "futures-lite",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]

@ -197,7 +208,7 @@ dependencies = [
 "cfg-if",
 "futures-core",
 "futures-io",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "signal-hook-registry",
 "slab",
 "windows-sys",
@ -254,15 +265,15 @@ dependencies = [

 [[package]]
 name = "async-task"
-version = "4.4.1"
+version = "4.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921"
+checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1"

 [[package]]
 name = "async-trait"
-version = "0.1.73"
+version = "0.1.74"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0"
+checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9"
 dependencies = [
 "proc-macro2",
 "quote",
@ -343,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

 [[package]]
 name = "bitflags"
-version = "2.4.0"
+version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635"
+checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"

 [[package]]
 name = "blake2"
@ -432,12 +443,12 @@ version = "0.46.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5"
 dependencies = [
- "ahash",
+ "ahash 0.8.3",
 "async-trait",
 "cached_proc_macro",
 "cached_proc_macro_types",
 "futures",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 "instant",
 "once_cell",
 "thiserror",
@ -512,6 +523,16 @@ dependencies = [
 "phf_codegen",
 ]

+[[package]]
+name = "chumsky"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d"
+dependencies = [
+ "hashbrown 0.12.3",
+ "stacker",
+]
+
 [[package]]
 name = "concurrent-queue"
 version = "2.3.0"
@ -595,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"

 [[package]]
 name = "cpufeatures"
-version = "0.2.9"
+version = "0.2.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1"
+checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4"
 dependencies = [
 "libc",
 ]
@ -683,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
 dependencies = [
 "cfg-if",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 "lock_api",
 "once_cell",
 "parking_lot_core",
@ -703,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f"

 [[package]]
 name = "deranged"
-version = "0.3.8"
+version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946"
+checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3"
+dependencies = [
+ "powerfmt",
+]

 [[package]]
 name = "devise"
@ -733,7 +757,7 @@ version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "proc-macro2",
 "proc-macro2-diagnostics",
 "quote",
@ -746,7 +770,7 @@ version = "2.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "byteorder",
 "chrono",
 "diesel_derives",
@ -950,9 +974,9 @@ dependencies = [

 [[package]]
 name = "flate2"
-version = "1.0.27"
+version = "1.0.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010"
+checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
 dependencies = [
 "crc32fast",
 "miniz_oxide",
@ -1219,14 +1243,17 @@ name = "hashbrown"
 version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+dependencies = [
+ "ahash 0.7.6",
+]

 [[package]]
 name = "hashbrown"
-version = "0.14.1"
+version = "0.14.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12"
+checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156"
 dependencies = [
- "ahash",
+ "ahash 0.8.3",
 "allocator-api2",
 ]

@ -1331,7 +1358,7 @@ dependencies = [
 "httpdate",
 "itoa",
 "pin-project-lite",
- "socket2 0.4.9",
+ "socket2 0.4.10",
 "tokio",
 "tower-service",
 "tracing",
@ -1353,16 +1380,16 @@ dependencies = [

 [[package]]
 name = "iana-time-zone"
-version = "0.1.57"
+version = "0.1.58"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613"
+checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20"
 dependencies = [
 "android_system_properties",
 "core-foundation-sys",
 "iana-time-zone-haiku",
 "js-sys",
 "wasm-bindgen",
- "windows",
+ "windows-core",
 ]

 [[package]]
@ -1429,7 +1456,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897"
 dependencies = [
 "equivalent",
- "hashbrown 0.14.1",
+ "hashbrown 0.14.2",
 ]

 [[package]]
@ -1464,7 +1491,7 @@ version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
 dependencies = [
- "socket2 0.5.4",
+ "socket2 0.5.5",
 "widestring",
 "windows-sys",
 "winreg",
@ -1483,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b"
 dependencies = [
 "hermit-abi",
- "rustix 0.38.18",
+ "rustix 0.38.20",
 "windows-sys",
 ]

@ -1521,13 +1548,13 @@ dependencies = [

 [[package]]
 name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410"
 dependencies = [
 "base64 0.21.4",
 "pem",
- "ring",
+ "ring 0.17.5",
 "serde",
 "serde_json",
 "simple_asn1",
@ -1550,31 +1577,33 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"

 [[package]]
 name = "lettre"
-version = "0.10.4"
+version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d"
+checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5"
 dependencies = [
 "async-std",
 "async-trait",
 "base64 0.21.4",
+ "chumsky",
 "email-encoding",
 "email_address",
- "fastrand 1.9.0",
+ "fastrand 2.0.1",
 "futures-io",
 "futures-util",
 "hostname",
 "httpdate",
- "idna 0.3.0",
+ "idna 0.4.0",
 "mime",
 "native-tls",
 "nom",
 "once_cell",
 "quoted_printable",
 "serde",
- "socket2 0.4.9",
+ "socket2 0.5.5",
 "tokio",
 "tokio-native-tls",
 "tracing",
+ "url",
 ]

 [[package]]
@ -1624,9 +1653,9 @@ checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f"

 [[package]]
 name = "lock_api"
-version = "0.4.10"
+version = "0.4.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16"
+checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
 dependencies = [
 "autocfg",
 "scopeguard",
@ -1924,7 +1953,7 @@ version = "0.10.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "cfg-if",
 "foreign-types",
 "libc",
@ -1980,9 +2009,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"

 [[package]]
 name = "parking"
-version = "2.1.1"
+version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067"
+checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"

 [[package]]
 name = "parking_lot"
@ -1996,13 +2025,13 @@ dependencies = [

 [[package]]
 name = "parking_lot_core"
-version = "0.9.8"
+version = "0.9.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447"
+checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
 dependencies = [
 "cfg-if",
 "libc",
- "redox_syscall",
+ "redox_syscall 0.4.1",
 "smallvec",
 "windows-targets",
 ]
@ -2058,11 +2087,12 @@ dependencies = [

 [[package]]
 name = "pem"
-version = "1.1.1"
+version = "3.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923"
 dependencies = [
- "base64 0.13.1",
+ "base64 0.21.4",
+ "serde",
 ]

 [[package]]
@ -2205,6 +2235,12 @@ dependencies = [
 "windows-sys",
 ]

+[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.17"
@ -2248,6 +2284,15 @@ version = "2.0.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"

+[[package]]
+name = "psm"
+version = "0.1.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "publicsuffix"
 version = "2.2.3"
@ -2291,9 +2336,9 @@ dependencies = [

 [[package]]
 name = "quoted_printable"
-version = "0.4.8"
+version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49"
+checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0"

 [[package]]
 name = "r2d2"
@ -2354,6 +2399,15 @@ dependencies = [
 "bitflags 1.3.2",
 ]

+[[package]]
+name = "redox_syscall"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+dependencies = [
+ "bitflags 1.3.2",
+]
+
 [[package]]
 name = "ref-cast"
 version = "1.0.20"
@ -2376,14 +2430,14 @@ dependencies = [

 [[package]]
 name = "regex"
-version = "1.10.0"
+version = "1.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87"
+checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-automata 0.4.1",
- "regex-syntax 0.8.0",
+ "regex-automata 0.4.3",
+ "regex-syntax 0.8.2",
 ]

 [[package]]
@ -2397,13 +2451,13 @@ dependencies = [

 [[package]]
 name = "regex-automata"
-version = "0.4.1"
+version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b"
+checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
 dependencies = [
 "aho-corasick",
 "memchr",
- "regex-syntax 0.8.0",
+ "regex-syntax 0.8.2",
 ]

 [[package]]
@ -2414,9 +2468,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"

 [[package]]
 name = "regex-syntax"
-version = "0.8.0"
+version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d"
+checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"

 [[package]]
 name = "reopen"
@ -2494,11 +2548,25 @@ dependencies = [
 "libc",
 "once_cell",
 "spin 0.5.2",
- "untrusted",
+ "untrusted 0.7.1",
 "web-sys",
 "winapi",
 ]

+[[package]]
+name = "ring"
+version = "0.17.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
+dependencies = [
+ "cc",
+ "getrandom",
+ "libc",
+ "spin 0.9.8",
+ "untrusted 0.9.0",
+ "windows-sys",
+]
+
 [[package]]
 name = "rmp"
 version = "0.8.12"
@ -2640,9 +2708,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"

 [[package]]
 name = "rustix"
-version = "0.37.24"
+version = "0.37.26"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d"
+checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995"
 dependencies = [
 "bitflags 1.3.2",
 "errno",
@ -2654,11 +2722,11 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "0.38.18"
+version = "0.38.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a74ee2d7c2581cd139b42447d7d9389b889bdaad3a73f1ebb16f2a3237bb19c"
+checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0"
 dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
 "errno",
 "libc",
 "linux-raw-sys 0.4.10",
@ -2672,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8"
 dependencies = [
 "log",
- "ring",
+ "ring 0.16.20",
 "rustls-webpki",
 "sct",
 ]
@ -2692,8 +2760,8 @@ version = "0.101.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe"
 dependencies = [
- "ring",
- "untrusted",
+ "ring 0.16.20",
+ "untrusted 0.7.1",
 ]

 [[package]]
@ -2753,8 +2821,8 @@ version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
 dependencies = [
- "ring",
- "untrusted",
+ "ring 0.16.20",
+ "untrusted 0.7.1",
 ]

 [[package]]
@ -2788,9 +2856,9 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"

 [[package]]
 name = "serde"
-version = "1.0.188"
+version = "1.0.189"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e"
+checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537"
 dependencies = [
 "serde_derive",
 ]
@ -2807,9 +2875,9 @@ dependencies = [

 [[package]]
 name = "serde_derive"
-version = "1.0.188"
+version = "1.0.189"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2"
+checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5"
 dependencies = [
 "proc-macro2",
 "quote",
@ -2890,6 +2958,16 @@ dependencies = [
 "lazy_static",
 ]

+[[package]]
+name = "signal-hook"
+version = "0.3.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8621587d4798caf8eb44879d42e56b9a93ea5dcd315a6487c357130095b62801"
+dependencies = [
+ "libc",
+ "signal-hook-registry",
+]
+
 [[package]]
 name = "signal-hook-registry"
 version = "1.4.1"
@ -2934,9 +3012,9 @@ checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a"

 [[package]]
 name = "socket2"
-version = "0.4.9"
+version = "0.4.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662"
+checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d"
 dependencies = [
 "libc",
 "winapi",
@ -2944,9 +3022,9 @@ dependencies = [

 [[package]]
 name = "socket2"
-version = "0.5.4"
+version = "0.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e"
+checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9"
 dependencies = [
 "libc",
 "windows-sys",
@ -2973,6 +3051,19 @@ dependencies = [
 "memchr",
 ]

+[[package]]
+name = "stacker"
+version = "0.1.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "libc",
+ "psm",
+ "winapi",
+]
+
 [[package]]
 name = "state"
 version = "0.6.0"
@ -3058,25 +3149,25 @@ checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef"
 dependencies = [
 "cfg-if",
 "fastrand 2.0.1",
- "redox_syscall",
- "rustix 0.38.18",
+ "redox_syscall 0.3.5",
+ "rustix 0.38.20",
 "windows-sys",
 ]

 [[package]]
 name = "thiserror"
-version = "1.0.49"
+version = "1.0.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4"
+checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2"
 dependencies = [
 "thiserror-impl",
 ]

 [[package]]
 name = "thiserror-impl"
-version = "1.0.49"
+version = "1.0.50"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc"
+checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3104,14 +3195,15 @@ dependencies = [

 [[package]]
 name = "time"
-version = "0.3.29"
+version = "0.3.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe"
+checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5"
 dependencies = [
 "deranged",
 "itoa",
 "libc",
 "num_threads",
+ "powerfmt",
 "serde",
 "time-core",
 "time-macros",
@ -3161,7 +3253,7 @@ dependencies = [
 "parking_lot",
 "pin-project-lite",
 "signal-hook-registry",
- "socket2 0.5.4",
+ "socket2 0.5.5",
 "tokio-macros",
 "windows-sys",
 ]
@ -3325,11 +3417,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"

 [[package]]
 name = "tracing"
-version = "0.1.37"
+version = "0.1.40"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
+checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
 dependencies = [
- "cfg-if",
 "log",
 "pin-project-lite",
 "tracing-attributes",
@ -3338,9 +3429,9 @@ dependencies = [

 [[package]]
 name = "tracing-attributes"
-version = "0.1.26"
+version = "0.1.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
+checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
 dependencies = [
 "proc-macro2",
 "quote",
@ -3349,9 +3440,9 @@ dependencies = [

 [[package]]
 name = "tracing-core"
-version = "0.1.31"
+version = "0.1.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a"
+checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
 dependencies = [
 "once_cell",
 "valuable",
@ -3388,9 +3479,9 @@ dependencies = [

 [[package]]
 name = "trust-dns-proto"
-version = "0.23.0"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69"
+checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6"
 dependencies = [
 "async-trait",
 "cfg-if",
@ -3413,9 +3504,9 @@ dependencies = [

 [[package]]
 name = "trust-dns-resolver"
-version = "0.23.0"
+version = "0.23.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f"
+checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d"
 dependencies = [
 "cfg-if",
 "futures-util",
@ -3521,6 +3612,12 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"

+[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
 [[package]]
 name = "url"
 version = "2.4.1"
@ -3541,9 +3638,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"

 [[package]]
 name = "uuid"
-version = "1.4.1"
+version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d"
+checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc"
 dependencies = [
 "getrandom",
 ]
@ -3556,9 +3653,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"

 [[package]]
 name = "value-bag"
-version = "1.4.1"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3"
+checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe"

 [[package]]
 name = "vaultwarden"
@ -3601,7 +3698,7 @@ dependencies = [
 "rand",
 "regex",
 "reqwest",
- "ring",
+ "ring 0.17.5",
 "rmpv",
 "rocket",
 "rocket_ws",
@ -3775,14 +3872,15 @@ dependencies = [

 [[package]]
 name = "which"
-version = "4.4.2"
+version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14"
 dependencies = [
 "either",
 "home",
 "once_cell",
- "rustix 0.38.18",
+ "rustix 0.38.20",
+ "windows-sys",
 ]

 [[package]]
@ -3831,6 +3929,15 @@ dependencies = [
 "windows-targets",
 ]

+[[package]]
+name = "windows-core"
+version = "0.51.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64"
+dependencies = [
+ "windows-targets",
+]
+
 [[package]]
 name = "windows-sys"
 version = "0.48.0"
@ -3899,9 +4006,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"

 [[package]]
 name = "winnow"
-version = "0.5.16"
+version = "0.5.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "037711d82167854aff2018dfd193aa0fef5370f456732f0d5a0c59b0f1b4b907"
+checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c"
 dependencies = [
 "memchr",
 ]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -42,7 +42,7 @@ syslog = "6.1.0"
 # Logging
 log = "0.4.20"
 fern = { version = "0.6.2", features = ["syslog-6", "reopen-1"] }
-tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work

 # A `dotenv` implementation for Rust
 dotenvy = { version = "0.15.7", default-features = false }
@ -71,7 +71,7 @@ futures = "0.3.28"
 tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }

 # A generic serialization/deserialization framework
-serde = { version = "1.0.188", features = ["derive"] }
+serde = { version = "1.0.189", features = ["derive"] }
 serde_json = "1.0.107"

 # A safe, extensible ORM and Query builder
@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true }

 # Crypto-related libraries
 rand = { version = "0.8.5", features = ["small_rng"] }
-ring = "0.16.20"
+ring = "0.17.5"

 # UUID generation
-uuid = { version = "1.4.1", features = ["v4"] }
+uuid = { version = "1.5.0", features = ["v4"] }

 # Date and time libraries
 chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false }
 chrono-tz = "0.8.3"
-time = "0.3.29"
+time = "0.3.30"

 # Job scheduler
 job_scheduler_ng = "2.0.4"
@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4"
 data-encoding = "2.4.0"

 # JWT library
-jsonwebtoken = "8.3.0"
+jsonwebtoken = "9.0.0"

 # TOTP library
 totp-lite = "2.0.0"
@ -116,7 +116,7 @@ webauthn-rs = "0.3.2"
 url = "2.4.1"

 # Email libraries
-lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
 percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"

@ -128,7 +128,7 @@ reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip"

 # Favicon extraction libraries
 html5gum = "0.5.7"
-regex = { version = "1.10.0", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.3.0"
 bytes = "1.5.0"

@ -158,7 +158,7 @@ semver = "1.0.20"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
-which = "4.4.2"
+which = "5.0.0"

 # Argon2 library with support for the PHC format
 argon2 = "0.5.2"
--- a/2
+++ b/2
@ -1 +1 @@
-docker/amd64/Dockerfile
+docker/Dockerfile.debian
--- a/docker/DockerSettings.yaml
+++ b/docker/DockerSettings.yaml
@ -1,6 +1,9 @@
 ---
-vault_version: "v2023.8.2"
-vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252"
+vault_version: "v2023.9.1"
+vault_image_digest: "sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd"
+# Cross Compile Docker Helper Scripts v1.3.0
+# We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
+xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc"
 rust_version: 1.73.0 # Rust version to be used
 debian_version: bookworm # Debian release name to be used
 alpine_version: 3.18 # Alpine version to be used
--- a/docker/Dockerfile.alpine
+++ b/docker/Dockerfile.alpine
@ -18,15 +18,15 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
+#     [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
+#     [docker.io/vaultwarden/web-vault:v2023.9.1]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault

 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
@ -65,11 +65,6 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
 # Shared variables across Debian and Alpine
 RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
    # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
@ -84,6 +79,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"

 ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs

 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -113,7 +114,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -123,7 +124,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM docker.io/library/alpine:3.18
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18

 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@ -18,18 +18,20 @@
 # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
 #   click the tag name to view the digest of the image it currently points to.
 # - From the command line:
-#     $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-#     [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
+#     $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
+#     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
+#     [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
 #
 # - Conversely, to get the tag name from the digest:
-#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-#     [docker.io/vaultwarden/web-vault:v2023.8.2]
+#     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
+#     [docker.io/vaultwarden/web-vault:v2023.9.1]
 #
-FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault

 ########################## Cross Compile Docker Helper Scripts ##########################
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
+## And these bash scripts do not have any significant difference if at all
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx

 ########################## BUILD IMAGE ##########################
 # hadolint ignore=DL3006
@ -51,11 +53,14 @@ ENV DEBIAN_FRONTEND=noninteractive \

 # Install clang to get `xx-cargo` working
 # Install pkg-config to allow amd64 builds to find all libraries
+# Install git so build.rs can determine the correct version
 # Install the libc cross packages based upon the debian-arch
 RUN apt-get update && \
    apt-get install -y \
        --no-install-recommends \
-        clang pkg-config \
+        clang \
+        pkg-config \
+        git \
        "libc6-$(xx-info debian-arch)-cross" \
        "libc6-dev-$(xx-info debian-arch)-cross" \
        "linux-libc-dev-$(xx-info debian-arch)-cross" && \
@ -82,11 +87,6 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
 # Environment variables for cargo across Debian and Alpine
 RUN source /env-cargo && \
    if xx-info is-cross ; then \
@ -109,6 +109,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"

 ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs

 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -138,7 +144,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -148,7 +154,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM docker.io/library/debian:bookworm-slim
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim

 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
--- a/docker/Dockerfile.j2
+++ b/docker/Dockerfile.j2
@ -30,7 +30,9 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_diges

 {% if base == "debian" %}
 ########################## Cross Compile Docker Helper Scripts ##########################
-FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
+## And these bash scripts do not have any significant difference if at all
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx
 {% elif base == "alpine" %}
 ########################## ALPINE BUILD IMAGES ##########################
 ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
@ -69,11 +71,14 @@ ENV DEBIAN_FRONTEND=noninteractive \

 # Install clang to get `xx-cargo` working
 # Install pkg-config to allow amd64 builds to find all libraries
+# Install git so build.rs can determine the correct version
 # Install the libc cross packages based upon the debian-arch
 RUN apt-get update && \
    apt-get install -y \
        --no-install-recommends \
-        clang pkg-config \
+        clang \
+        pkg-config \
+        git \
        "libc6-$(xx-info debian-arch)-cross" \
        "libc6-dev-$(xx-info debian-arch)-cross" \
        "linux-libc-dev-$(xx-info debian-arch)-cross" && \
@ -101,19 +106,14 @@ RUN mkdir -pv "${CARGO_HOME}" \
 RUN USER=root cargo new --bin /app
 WORKDIR /app

-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
 {% if base == "debian" %}
 # Environment variables for cargo across Debian and Alpine
 RUN source /env-cargo && \
    if xx-info is-cross ; then \
        # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
        # Because of this we generate the needed environment variables here which we can load in the needed steps.
-        echo "export CC_$(echo ${CARGO_TARGET} | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
-        echo "export CARGO_TARGET_$(echo ${CARGO_TARGET} | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+        echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
        echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
        echo "export CROSS_COMPILE=1" >> /env-cargo && \
        echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
@ -140,6 +140,12 @@ RUN source /env-cargo && \
    rustup target add "${CARGO_TARGET}"

 ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs

 # Builds your dependencies and removes the
 # dummy project, except the target folder
@ -169,7 +175,7 @@ RUN source /env-cargo && \
 # Create a new stage with a minimal image
 # because we already have a binary built
 #
-# For these images to be able to built you need to have qemu binfmt support.
+# To build these images you need to have qemu binfmt support.
 # See the following pages to help install these tools locally
 # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
 # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
@ -179,7 +185,9 @@ RUN source /env-cargo && \
 # See: https://github.com/tonistiigi/binfmt
 # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
 # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
-FROM {{ runtime_stage_image[base] }}
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }}

 ENV ROCKET_PROFILE="release" \
    ROCKET_ADDRESS=0.0.0.0 \
--- a/docker/Makefile
+++ b/docker/Makefile
@ -1,3 +1,4 @@
 all:
 	./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian
 	./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine
+.PHONY: all
--- a/docker/README.md
+++ b/docker/README.md
@ -67,7 +67,7 @@ docker buildx bake --file docker/docker-bake.hcl alpine-armv6

 ## Local Multi Architecture container building

-Start the the initialization, this only needs to be done once.
+Start the initialization, this only needs to be done once.

 ```bash
 # Create and use a new buildx builder instance which connects to the host network
@ -92,6 +92,7 @@ CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
 docker buildx bake --file docker/docker-bake.hcl alpine-multi
 ```

+
 ## Using the `bake.sh` script

 To make it a bit more easier to trigger a build, there also is a `bake.sh` script.<br>
@ -109,6 +110,66 @@ Or if you want to just build a Debian container from the repo root, you can run
 docker/bake.sh
 ```

+You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.<br>
+This will also append those values to the tag so you can see the builded container when running `docker images`.
+
+You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use.
+```bash
+docker/bake.sh alpine-all --print
+```
+
+### Testing baked images
+
+To test these images you can run these images by using the correct tag and provide the platform.<br>
+For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run:
+```bash
+docker run --rm -it \
+  -e DISABLE_ADMIN_TOKEN=true \
+  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
+  -p8080:80 --platform=linux/arm64 \
+  vaultwarden/server:testing-arm64
+```
+
+
+## Using the `podman-bake.sh` script
+
+To also make building easier using podman, there is a `podman-bake.sh` script.<br>
+This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.<br>
+This script can be called from both the repo root or within the docker directory.
+
+**NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers.
+
+To build an Alpine arm64 image with only sqlite support and mimalloc, run this:
+```bash
+DB="sqlite,enable_mimalloc" \
+./podman-bake.sh alpine-arm64
+```
+
+Or if you want to just build a Debian container from the repo root, you can run this.
+```bash
+docker/podman-bake.sh
+```
+
+You can append extra arguments after the target if you want. This can be useful for example to disable cache like this.
+```bash
+./podman-bake.sh alpine-arm64 --no-cache
+```
+
+For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.<br>
+
+### Testing podman builded images
+
+The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that.
+
+```bash
+podman run --rm -it \
+  -e DISABLE_ADMIN_TOKEN=true \
+  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
+  -p8080:80 --platform=linux/arm64 \
+  localhost/vaultwarden/server:testing-arm64
+```
+
+
 ## Variables supported
 | Variable              | default | description |
 | --------------------- | ------------------ | ----------- |
@ -119,3 +180,4 @@ docker/bake.sh
 | SOURCE_VERSION        | null               | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit                 |
 | BASE_TAGS             | testing            | Tags to be used. Can be a comma separated value like "latest,1.29.2"                                               |
 | CONTAINER_REGISTRIES  | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` |
+| VW_VERSION            | null               | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example                       |
--- a/docker/bake.sh
+++ b/docker/bake.sh
@ -1,25 +1,15 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash

 # Determine the basedir of this script.
 # It should be located in the same directory as the docker-bake.hcl
 # This ensures you can run this script from both inside and outside of the docker directory
 BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")

-if [ -z "${SOURCE_COMMIT}" ]; then
-    SOURCE_COMMIT="$(git rev-parse HEAD)"
-fi
+# Load build env's
+source "${BASEDIR}/bake_env.sh"

-GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
-if [ -n "${GIT_EXACT_TAG}" ]; then
-    SOURCE_VERSION="${GIT_EXACT_TAG}"
-else
-    GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
-    SOURCE_VERSION="${GIT_LAST_TAG}-$(printf '%s' "${SOURCE_COMMIT}" | cut -c 8)"
-fi
-
-# Export the rendered variables above so bake will use them
-export SOURCE_COMMIT
-export SOURCE_VERSION
+# Be verbose on what is being executed
+set -x

 # Make sure we set the context to `..` so it will go up one directory
 docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@"
--- a/docker/bake_env.sh
+++ b/docker/bake_env.sh
@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# If SOURCE_COMMIT is provided via env skip this
+if [ -z "${SOURCE_COMMIT+x}" ]; then
+    SOURCE_COMMIT="$(git rev-parse HEAD)"
+fi
+
+# If VW_VERSION is provided via env use it as SOURCE_VERSION
+# Else define it using git
+if [[ -n "${VW_VERSION}" ]]; then
+    SOURCE_VERSION="${VW_VERSION}"
+else
+    GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
+    if [[ -n "${GIT_EXACT_TAG}" ]]; then
+        SOURCE_VERSION="${GIT_EXACT_TAG}"
+    else
+        GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
+        SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
+        GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+        case "${GIT_BRANCH}" in
+            main|master|HEAD)
+                # Do not add the branch name for these branches
+                ;;
+            *)
+                SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})"
+                ;;
+        esac
+    fi
+fi
+
+# Export the rendered variables above so bake will use them
+export SOURCE_COMMIT
+export SOURCE_VERSION
--- a/docker/docker-bake.hcl
+++ b/docker/docker-bake.hcl
@ -29,6 +29,12 @@ variable "SOURCE_VERSION" {
  default = null
 }

+// This can be used to overwrite SOURCE_VERSION
+// It will be used during the build.rs building stage
+variable "VW_VERSION" {
+  default = null
+}
+
 // The base tag(s) to use
 // This can be a comma separated value like "testing,1.29.2"
 variable "BASE_TAGS" {
@ -51,9 +57,10 @@ group "default" {


 // ==== Shared Baking ====
-
-target "_default_attributes" {
-  labels = {
+function "labels" {
+  params = []
+  result = {
+    "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}"
    "org.opencontainers.image.licenses" = "AGPL-3.0-only"
    "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki"
    "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden"
@ -62,9 +69,14 @@ target "_default_attributes" {
    "org.opencontainers.image.revision" = "${SOURCE_COMMIT}"
    "org.opencontainers.image.version" = "${SOURCE_VERSION}"
  }
+}
+
+target "_default_attributes" {
+  labels = labels()
  args = {
    DB = "${DB}"
    CARGO_PROFILE = "${CARGO_PROFILE}"
+    VW_VERSION = "${VW_VERSION}"
  }
 }

@ -75,8 +87,8 @@ target "_default_attributes" {
 target "debian" {
  inherits = ["_default_attributes"]
  dockerfile = "docker/Dockerfile.debian"
-  output = ["type=docker"]
  tags = generate_tags("", platform_tag())
+  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
 }

 // Multi Platform target, will build one tagged manifest with all supported architectures
@ -85,7 +97,7 @@ target "debian-multi" {
  inherits = ["debian"]
  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
  tags = generate_tags("", "")
-  output = ["type=registry"]
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
 }

 // Per platform targets, to individually test building per platform locally
@ -125,8 +137,8 @@ group "debian-all" {
 target "alpine" {
  inherits = ["_default_attributes"]
  dockerfile = "docker/Dockerfile.alpine"
-  output = ["type=docker"]
  tags = generate_tags("-alpine", platform_tag())
+  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
 }

 // Multi Platform target, will build one tagged manifest with all supported architectures
@ -135,7 +147,7 @@ target "alpine-multi" {
  inherits = ["alpine"]
  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
  tags = generate_tags("-alpine", "")
-  output = ["type=registry"]
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
 }

 // Per platform targets, to individually test building per platform locally
@ -207,3 +219,11 @@ function "generate_tags" {
        concat(["${registry}:${base_tag}${suffix}${platform}"])]
  ])
 }
+
+function "image_index_annotations" {
+  params = []
+  result = flatten([
+    for key, value in labels() :
+      value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : []
+  ])
+}
--- a/docker/healthcheck.sh
+++ b/docker/healthcheck.sh
@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json
 # Given a config key, return the corresponding config value from the
 # config file. If the key doesn't exist, return an empty string.
 get_config_val() {
-    local key="$1"
+    key="$1"
    # Extract a line of the form:
    #   "domain": "https://bw.example.com/path",
    grep "\"${key}\":" "${CONFIG_FILE}" |
--- a/docker/podman-bake.sh
+++ b/docker/podman-bake.sh
@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+# Determine the basedir of this script.
+# It should be located in the same directory as the docker-bake.hcl
+# This ensures you can run this script from both inside and outside of the docker directory
+BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")
+
+# Load build env's
+source "${BASEDIR}/bake_env.sh"
+
+# Check if a target is given as first argument
+# If not we assume the defaults and pass the given arguments to the podman command
+case "${1}" in
+    alpine*|debian*)
+        TARGET="${1}"
+        # Now shift the $@ array so we only have the rest of the arguments
+        # This allows us too append these as extra arguments too the podman buildx build command
+        shift
+    ;;
+esac
+
+LABEL_ARGS=(
+    --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust"
+    --label org.opencontainers.image.licenses="AGPL-3.0-only"
+    --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
+    --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
+    --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
+)
+if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then
+    LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}")
+fi
+if [[ -n "${SOURCE_COMMIT}" ]]; then
+    LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}")
+fi
+if [[ -n "${SOURCE_VERSION}" ]]; then
+    LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}")
+fi
+
+# Check if and which --build-arg arguments we need to configure
+BUILD_ARGS=()
+if [[ -n "${DB}" ]]; then
+    BUILD_ARGS+=(--build-arg DB="${DB}")
+fi
+if [[ -n "${CARGO_PROFILE}" ]]; then
+    BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}")
+fi
+if [[ -n "${VW_VERSION}" ]]; then
+    BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}")
+fi
+
+# Set the default BASE_TAGS if non are provided
+if [[ -z "${BASE_TAGS}" ]]; then
+    BASE_TAGS="testing"
+fi
+
+# Set the default CONTAINER_REGISTRIES if non are provided
+if [[ -z "${CONTAINER_REGISTRIES}" ]]; then
+    CONTAINER_REGISTRIES="vaultwarden/server"
+fi
+
+# Check which Dockerfile we need to use, default is debian
+case "${TARGET}" in
+    alpine*)
+        BASE_TAGS="${BASE_TAGS}-alpine"
+        DOCKERFILE="Dockerfile.alpine"
+        ;;
+    *)
+        DOCKERFILE="Dockerfile.debian"
+        ;;
+esac
+
+# Check which platform we need to build and append the BASE_TAGS with the architecture
+case "${TARGET}" in
+    *-arm64)
+        BASE_TAGS="${BASE_TAGS}-arm64"
+        PLATFORM="linux/arm64"
+        ;;
+    *-armv7)
+        BASE_TAGS="${BASE_TAGS}-armv7"
+        PLATFORM="linux/arm/v7"
+        ;;
+    *-armv6)
+        BASE_TAGS="${BASE_TAGS}-armv6"
+        PLATFORM="linux/arm/v6"
+        ;;
+    *)
+        BASE_TAGS="${BASE_TAGS}-amd64"
+        PLATFORM="linux/amd64"
+        ;;
+esac
+
+# Be verbose on what is being executed
+set -x
+
+# Build the image with podman
+# We use the docker format here since we are using `SHELL`, which is not supported by OCI
+# shellcheck disable=SC2086
+podman buildx build \
+  --platform="${PLATFORM}" \
+  --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \
+  --format=docker \
+  "${LABEL_ARGS[@]}" \
+  "${BUILD_ARGS[@]}" \
+  --file="${BASEDIR}/${DOCKERFILE}" "$@" \
+  "${BASEDIR}/.."