keepassxc/CMakeLists.txt

634 lines
23 KiB
CMake
Raw Normal View History

2018-10-19 15:41:56 -04:00
# Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
# Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
2010-08-07 09:10:44 -04:00
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 or (at your option)
# version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
cmake_minimum_required(VERSION 3.10.0)
project(KeePassXC)
2022-04-04 19:04:18 -04:00
set(APP_ID "org.keepassxc.${PROJECT_NAME}")
if(NOT CMAKE_BUILD_TYPE)
2018-10-19 15:41:56 -04:00
set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
"Choose the type of build, options are: Debug Release RelWithDebInfo Profile"
2018-10-19 15:41:56 -04:00
FORCE)
endif()
string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo")
set(IS_DEBUG_BUILD TRUE)
endif()
2012-05-21 17:37:29 -04:00
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
2017-05-05 20:20:27 -04:00
# Support Visual Studio Code
include(CMakeToolsHelpers OPTIONAL)
include(FeatureSummary)
include(KPXCMacDeployHelpers)
2017-05-05 20:20:27 -04:00
include(CheckCCompilerFlag)
include(CheckCXXCompilerFlag)
include(CheckCXXSourceCompiles)
2010-08-13 12:08:06 -04:00
option(WITH_TESTS "Enable building of unit tests" ON)
2011-12-26 13:18:21 -05:00
option(WITH_GUI_TESTS "Enable building of GUI tests" OFF)
option(WITH_DEV_BUILD "Use only for development. Disables/warns about deprecated methods." OFF)
2017-10-15 18:27:07 -04:00
option(WITH_ASAN "Enable address sanitizer checks (Linux / macOS only)" OFF)
2017-03-15 10:26:40 -04:00
option(WITH_COVERAGE "Use to build with coverage tests (GCC only)." OFF)
option(WITH_APP_BUNDLE "Enable Application Bundle for macOS" ON)
option(WITH_CCACHE "Use ccache for build" OFF)
2010-08-07 09:10:44 -04:00
set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")
option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
option(WITH_XC_BROWSER_PASSKEYS "Passkeys support for browser integration." OFF)
2017-02-25 11:11:02 -05:00
option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
2017-10-29 11:17:24 -04:00
option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
option(WITH_XC_KEESHARE "Sharing integration with KeeShare" OFF)
option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC. Squashed commits: - Initial code - Add SessionAdaptor and fix build - The skeletons for all dbus objects are in place - Implement collection creation and deletion - Emit collectionChanged signal - Implement app-wise settings page - Implement error message on GUI - Implement settings - Fix uuid to dbus path - Implement app level settings - Add freedesktop logo - Implement database settings page - Change database settings to a treeview - Move all settings read/write to one place - Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets - Fix selected group can not be saved if the user hasn't click on the item - Show selected group per database in app settings - Disable editing of various readonly widgets - Remove unused warning about non exposed database - Fix method signature on dbus adaptors - Fix type derived from DBusObject not recognized as QDBusContext - Resolve a few TODOs around error handling - Remove const when passing DBus exposed objects - Move dismiss to PromptBase - Implement per collection locking/unlocking - Fix const correctness on Item::setSecret - Implement SecretService::getSecrets - Rework the signal connections around collections. - Remove generateId from DBusObject - Per spec, use encoded label as DBus object path for collections - Fix some corner cases around collection name changes - Implement alias - Fix wrong alias dbus path - Implement encryption per spec - Cleanup SessionCipher - Implement searchItems for SecretService - Use Tools::uuidToHex - Implement Item attributes and delete - Implement createItem - Always check if the database is unlocked before perform any operation - Add missing ReadAlias/SetAlias on service - Reorganize and fix OpenSession always returning empty output - Overhaul error handling - Make sure default alias is always present - Remove collection aliases early in doDelete - Handles all content types, fix setProperties not working - Fix sometimes there is an extraneous leading zero when converting from MPI - Fix session encryption negotiation - Do not expose recycle bin - Protect against the methods not called from DBus - Also emit collectionChanged signal when lock state changes - Show notification when entry secret is requested - Add a README file - Actually close session when client disconnects - Gracefully return alternative label when collection is locked - Reorganize, rename secretservice to fdosecrets - Fix issues reported by clazy - Unify UI strings and fix icon - Implement a setting to skip confirmation when deleting entries from DBus - Remove some unused debugging log - Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter. - Simplify GcryptMPI using std::unique_ptr and add unit test - Format code in fdosecrets - Move DBusReturnImpl to details namespace - Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted - Make sure Collection::searchItems works, whether it's locked or not - Fix FdoSecrets::Collection becomes empty after a database reload - Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
if(UNIX AND NOT APPLE)
option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
endif()
option(WITH_XC_DOCS "Enable building of documentation" ON)
set(WITH_XC_X11 ON CACHE BOOL "Enable building with X11 deps")
if(APPLE)
# Perform the platform checks before applying the stricter compiler flags.
# Otherwise the kSecAccessControlTouchIDCurrentSet deprecation warning will result in an error.
try_compile(XC_APPLE_COMPILER_SUPPORT_BIOMETRY
${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_biometry_support.mm)
message(STATUS "Biometry compiler support: ${XC_APPLE_COMPILER_SUPPORT_BIOMETRY}")
try_compile(XC_APPLE_COMPILER_SUPPORT_TOUCH_ID
${CMAKE_CURRENT_BINARY_DIR}/touch_id_test/
${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_touch_id_support.mm)
message(STATUS "Touch ID compiler support: ${XC_APPLE_COMPILER_SUPPORT_TOUCH_ID}")
try_compile(XC_APPLE_COMPILER_SUPPORT_WATCH
${CMAKE_CURRENT_BINARY_DIR}/tiometry_test/
${CMAKE_CURRENT_SOURCE_DIR}/cmake/compiler-checks/macos/control_watch_support.mm)
message(STATUS "Apple watch compiler support: ${XC_APPLE_COMPILER_SUPPORT_WATCH}")
endif()
if(WITH_CCACHE)
# Use the Compiler Cache (ccache) program
# (install with: sudo apt get ccache)
find_program(CCACHE_FOUND ccache)
if(NOT CCACHE_FOUND)
message(FATAL_ERROR "ccache requested but cannot be found.")
endif()
set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ${CCACHE_FOUND})
endif()
if(WITH_XC_ALL)
# Enable all options (except update check and docs)
2018-10-19 15:41:56 -04:00
set(WITH_XC_AUTOTYPE ON)
set(WITH_XC_NETWORKING ON)
set(WITH_XC_BROWSER ON)
set(WITH_XC_BROWSER_PASSKEYS ON)
2018-10-19 15:41:56 -04:00
set(WITH_XC_YUBIKEY ON)
set(WITH_XC_SSHAGENT ON)
set(WITH_XC_KEESHARE ON)
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC. Squashed commits: - Initial code - Add SessionAdaptor and fix build - The skeletons for all dbus objects are in place - Implement collection creation and deletion - Emit collectionChanged signal - Implement app-wise settings page - Implement error message on GUI - Implement settings - Fix uuid to dbus path - Implement app level settings - Add freedesktop logo - Implement database settings page - Change database settings to a treeview - Move all settings read/write to one place - Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets - Fix selected group can not be saved if the user hasn't click on the item - Show selected group per database in app settings - Disable editing of various readonly widgets - Remove unused warning about non exposed database - Fix method signature on dbus adaptors - Fix type derived from DBusObject not recognized as QDBusContext - Resolve a few TODOs around error handling - Remove const when passing DBus exposed objects - Move dismiss to PromptBase - Implement per collection locking/unlocking - Fix const correctness on Item::setSecret - Implement SecretService::getSecrets - Rework the signal connections around collections. - Remove generateId from DBusObject - Per spec, use encoded label as DBus object path for collections - Fix some corner cases around collection name changes - Implement alias - Fix wrong alias dbus path - Implement encryption per spec - Cleanup SessionCipher - Implement searchItems for SecretService - Use Tools::uuidToHex - Implement Item attributes and delete - Implement createItem - Always check if the database is unlocked before perform any operation - Add missing ReadAlias/SetAlias on service - Reorganize and fix OpenSession always returning empty output - Overhaul error handling - Make sure default alias is always present - Remove collection aliases early in doDelete - Handles all content types, fix setProperties not working - Fix sometimes there is an extraneous leading zero when converting from MPI - Fix session encryption negotiation - Do not expose recycle bin - Protect against the methods not called from DBus - Also emit collectionChanged signal when lock state changes - Show notification when entry secret is requested - Add a README file - Actually close session when client disconnects - Gracefully return alternative label when collection is locked - Reorganize, rename secretservice to fdosecrets - Fix issues reported by clazy - Unify UI strings and fix icon - Implement a setting to skip confirmation when deleting entries from DBus - Remove some unused debugging log - Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter. - Simplify GcryptMPI using std::unique_ptr and add unit test - Format code in fdosecrets - Move DBusReturnImpl to details namespace - Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted - Make sure Collection::searchItems works, whether it's locked or not - Fix FdoSecrets::Collection becomes empty after a database reload - Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
if(UNIX AND NOT APPLE)
set(WITH_XC_FDOSECRETS ON)
endif()
endif()
# Prefer WITH_XC_NETWORKING setting over WITH_XC_UPDATECHECK
if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
message(STATUS "Disabling WITH_XC_UPDATECHECK because WITH_XC_NETWORKING is disabled")
set(WITH_XC_UPDATECHECK OFF)
endif()
if(UNIX AND NOT APPLE AND NOT WITH_XC_X11)
message(STATUS "Disabling WITH_XC_AUTOTYPE because WITH_XC_X11 is disabled")
set(WITH_XC_AUTOTYPE OFF)
endif()
2017-05-06 11:50:05 -04:00
set(KEEPASSXC_VERSION_MAJOR "2")
2022-10-29 22:10:04 -04:00
set(KEEPASSXC_VERSION_MINOR "8")
set(KEEPASSXC_VERSION_PATCH "0")
2017-05-06 11:50:05 -04:00
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
2010-08-13 12:08:06 -04:00
2018-02-17 11:46:19 -05:00
set(KEEPASSXC_BUILD_TYPE "Snapshot" CACHE STRING "Set KeePassXC build type to distinguish between stable releases and snapshots")
set_property(CACHE KEEPASSXC_BUILD_TYPE PROPERTY STRINGS Snapshot Release PreRelease)
# Retrieve git HEAD revision hash
set(GIT_HEAD_OVERRIDE "" CACHE STRING "Manually set the Git HEAD hash when missing (eg, when no .git folder exists)")
execute_process(COMMAND git rev-parse --short=7 HEAD
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE GIT_HEAD
ERROR_QUIET)
string(STRIP "${GIT_HEAD}" GIT_HEAD)
if(GIT_HEAD STREQUAL "" AND NOT GIT_HEAD_OVERRIDE STREQUAL "")
string(SUBSTRING "${GIT_HEAD_OVERRIDE}" 0 7 GIT_HEAD)
elseif(EXISTS ${CMAKE_SOURCE_DIR}/.gitrev)
file(READ ${CMAKE_SOURCE_DIR}/.gitrev GIT_HEAD)
endif()
message(STATUS "Found Git HEAD Revision: ${GIT_HEAD}\n")
# Check if on a tag, if so build as a release
execute_process(COMMAND git tag --points-at HEAD
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE GIT_TAG
ERROR_QUIET)
string(REGEX REPLACE "latest" "" GIT_TAG "${GIT_TAG}")
if(GIT_TAG MATCHES "[0-9]+\.[0-9]+\.[0-9]+")
string(STRIP "${GIT_TAG}" GIT_TAG)
2018-10-19 15:41:56 -04:00
set(OVERRIDE_VERSION ${GIT_TAG})
elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version)
2018-10-19 15:41:56 -04:00
file(READ ${CMAKE_SOURCE_DIR}/.version OVERRIDE_VERSION)
endif()
2018-02-17 11:46:19 -05:00
string(REGEX REPLACE "(\r?\n)+" "" OVERRIDE_VERSION "${OVERRIDE_VERSION}")
if(OVERRIDE_VERSION)
if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-beta[0-9]*")
set(KEEPASSXC_BUILD_TYPE "PreRelease")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
elseif(OVERRIDE_VERSION MATCHES "^[\\.0-9]+$")
set(KEEPASSXC_BUILD_TYPE "Release")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
else()
set(KEEPASSXC_BUILD_TYPE "Snapshot")
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
endif()
else()
if(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease")
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-preview")
elseif(KEEPASSXC_BUILD_TYPE STREQUAL "Snapshot")
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-snapshot")
2018-10-19 15:41:56 -04:00
endif()
endif()
2018-02-17 11:46:19 -05:00
if(KEEPASSXC_BUILD_TYPE STREQUAL "Release")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_RELEASE ON)
2018-02-17 11:46:19 -05:00
elseif(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_PRE_RELEASE ON)
2018-02-17 11:46:19 -05:00
else()
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_SNAPSHOT ON)
2018-02-17 11:46:19 -05:00
endif()
message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
# Distribution info
2018-02-17 11:46:19 -05:00
set(KEEPASSXC_DIST ON)
set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
2022-04-04 19:04:18 -04:00
set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Flatpak Other)
if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_DIST_SNAP ON)
elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_DIST_APPIMAGE ON)
2022-04-04 19:04:18 -04:00
elseif(KEEPASSXC_DIST_TYPE STREQUAL "Flatpak")
set(KEEPASSXC_DIST_FLATPAK ON)
elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
2018-10-19 15:41:56 -04:00
unset(KEEPASSXC_DIST)
endif()
2021-10-20 06:57:29 -04:00
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.14.0")
cmake_policy(SET CMP0083 NEW)
include(CheckPIESupported)
check_pie_supported()
endif()
# Find Botan early since the version affects subsequent compiler options
find_package(Botan REQUIRED)
if(BOTAN_VERSION VERSION_GREATER_EQUAL "3.0.0")
set(WITH_XC_BOTAN3 TRUE)
elseif(BOTAN_VERSION VERSION_LESS "2.11.0")
# Check for minimum Botan version
message(FATAL_ERROR "Botan 2.11.0 or higher is required")
endif()
include_directories(SYSTEM ${BOTAN_INCLUDE_DIR})
# Create position independent code for shared libraries and executables
set(CMAKE_POSITION_INDEPENDENT_CODE ON)
2018-05-09 06:47:34 -04:00
if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
2018-10-19 15:41:56 -04:00
set(IS_32BIT TRUE)
2018-05-09 06:47:34 -04:00
endif()
2019-05-19 15:58:52 -04:00
set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$")
if("${CMAKE_C_COMPILER}" MATCHES "clang$"
OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
2019-05-19 15:58:52 -04:00
OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
2018-10-19 15:41:56 -04:00
set(CMAKE_COMPILER_IS_CLANG 1)
2012-05-21 17:37:29 -04:00
endif()
if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$"
OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
2019-05-19 15:58:52 -04:00
OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
2018-10-19 15:41:56 -04:00
set(CMAKE_COMPILER_IS_CLANGXX 1)
2012-05-21 17:37:29 -04:00
endif()
2012-04-18 10:10:40 -04:00
macro(add_gcc_compiler_cxxflags FLAGS)
2018-10-19 15:41:56 -04:00
if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANGXX)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${FLAGS}")
endif()
endmacro(add_gcc_compiler_cxxflags)
macro(add_gcc_compiler_cflags FLAGS)
2018-10-19 15:41:56 -04:00
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FLAGS}")
endif()
endmacro(add_gcc_compiler_cflags)
macro(add_gcc_compiler_flags FLAGS)
2018-10-19 15:41:56 -04:00
add_gcc_compiler_cxxflags("${FLAGS}")
add_gcc_compiler_cflags("${FLAGS}")
endmacro(add_gcc_compiler_flags)
2012-04-18 10:10:40 -04:00
# Copies of above macros that first ensure the compiler understands a given flag
# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
if(CXX_HAS${FLAGNAME})
add_gcc_compiler_cxxflags("${FLAG}")
endif()
endmacro(check_add_gcc_compiler_cxxflag)
macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
if(CC_HAS${FLAGNAME})
add_gcc_compiler_cflags("${FLAG}")
endif()
endmacro(check_add_gcc_compiler_cflag)
# This is the "front-end" for the above macros
# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
macro(check_add_gcc_compiler_flag FLAG)
string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
set(check_lang_spec ${ARGN})
list(LENGTH check_lang_spec num_extra_args)
set(langs C CXX)
if(num_extra_args GREATER 0)
set(langs "${check_lang_spec}")
endif()
if("C" IN_LIST langs)
check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
endif()
if("CXX" IN_LIST langs)
check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
endif()
endmacro(check_add_gcc_compiler_flag)
add_definitions(-DQT_NO_EXCEPTIONS -DQT_STRICT_ITERATORS -DQT_NO_CAST_TO_ASCII)
if(NOT IS_DEBUG_BUILD)
add_definitions(-DQT_NO_DEBUG_OUTPUT)
endif()
2017-05-05 13:49:52 -04:00
if(WITH_APP_BUNDLE)
2018-10-19 15:41:56 -04:00
add_definitions(-DWITH_APP_BUNDLE)
2017-05-05 13:49:52 -04:00
endif()
add_gcc_compiler_flags("-fno-common")
find_package(OpenMP)
if(OpenMP_FOUND)
add_gcc_compiler_cflags(${OpenMP_C_FLAGS})
add_gcc_compiler_cxxflags(${OpenMP_CXX_FLAGS})
endif()
add_gcc_compiler_flags("-Wall -Wextra -Wundef -Wpointer-arith -Wno-long-long")
add_gcc_compiler_flags("-Wformat=2 -Wmissing-format-attribute")
add_gcc_compiler_flags("-fvisibility=hidden")
add_gcc_compiler_cxxflags("-fvisibility-inlines-hidden")
2012-04-18 10:10:40 -04:00
if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
check_add_gcc_compiler_flag("-Wshadow-compatible-local")
check_add_gcc_compiler_flag("-Wshadow-local")
2018-10-19 15:41:56 -04:00
add_gcc_compiler_flags("-Werror")
2023-12-22 15:12:07 -05:00
# This is needed since compiling against Botan3 requires compiling against C++20
if(WITH_XC_BOTAN3)
add_gcc_compiler_cxxflags("-Wno-error=deprecated-enum-enum-conversion -Wno-error=deprecated")
endif()
endif()
2019-03-24 09:26:34 -04:00
if (NOT HAIKU)
if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
add_gcc_compiler_flags("-fstack-protector-strong")
else()
add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
endif()
2019-03-24 09:26:34 -04:00
endif()
add_gcc_compiler_cxxflags("-Wnon-virtual-dtor -Wold-style-cast -Woverloaded-virtual")
add_gcc_compiler_cflags("-Wchar-subscripts -Wwrite-strings")
2017-03-14 09:29:09 -04:00
if(WITH_ASAN)
2018-10-19 15:41:56 -04:00
if(NOT (CMAKE_SYSTEM_NAME STREQUAL "Linux" OR APPLE))
message(FATAL_ERROR "WITH_ASAN is only supported on Linux / macOS at the moment.")
endif()
2018-10-19 15:41:56 -04:00
add_gcc_compiler_flags("-fsanitize=address -DWITH_ASAN")
2017-03-14 09:53:29 -04:00
2018-10-19 15:41:56 -04:00
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
if(NOT (CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9))
add_gcc_compiler_flags("-fsanitize=leak -DWITH_LSAN")
endif()
endif()
2017-03-14 09:29:09 -04:00
endif()
2018-10-19 15:41:56 -04:00
if(CMAKE_BUILD_TYPE_LOWER MATCHES "(release|relwithdebinfo|minsizerel)")
add_gcc_compiler_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2")
endif()
check_add_gcc_compiler_flag("-Werror=format-security")
check_add_gcc_compiler_flag("-Werror=implicit-function-declaration" C)
check_add_gcc_compiler_flag("-Wcast-align")
if(UNIX AND NOT APPLE)
check_add_gcc_compiler_flag("-Qunused-arguments")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--as-needed -Wl,--no-undefined")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now -pie")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--as-needed")
2018-10-19 15:41:56 -04:00
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
2012-05-21 17:37:29 -04:00
endif()
2010-08-07 09:10:44 -04:00
set(CMAKE_C_STANDARD 99)
if(WITH_XC_BOTAN3)
set(CMAKE_CXX_STANDARD 20)
else()
set(CMAKE_CXX_STANDARD 17)
endif()
set(CMAKE_CXX_STANDARD_REQUIRED ON)
2012-04-18 14:18:48 -04:00
check_cxx_compiler_flag("-fsized-deallocation" CXX_HAS_fsized_deallocation)
if(CXX_HAS_fsized_deallocation)
# Do additional check: the deallocation functions must be there too.
set(CMAKE_REQUIRED_FLAGS "-fsized-deallocation")
check_cxx_source_compiles("#include <new>
int main() { void * ptr = nullptr; std::size_t size = 1; ::operator delete(ptr, size); }"
HAVE_DEALLOCATION_FUNCTIONS)
if(HAVE_DEALLOCATION_FUNCTIONS)
check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
endif()
unset(CMAKE_REQUIRED_FLAGS)
endif()
2019-05-19 15:58:52 -04:00
if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
2018-10-19 15:41:56 -04:00
add_gcc_compiler_cxxflags("-stdlib=libc++")
2012-05-21 17:37:29 -04:00
endif()
2012-04-18 14:18:48 -04:00
if(WITH_DEV_BUILD)
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
add_definitions(-DQT_DEPRECATED_WARNINGS)
else()
add_definitions(-DQT_NO_DEPRECATED_WARNINGS)
add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
2012-06-29 08:14:58 -04:00
endif()
# MSVC specific options
if (MSVC)
if(MSVC_TOOLSET_VERSION LESS 141)
message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
endif()
add_compile_options(/permissive- /utf-8 /MP)
if(IS_DEBUG_BUILD)
add_compile_options(/Zf)
if(MSVC_TOOLSET_VERSION GREATER 141)
add_compile_definitions(/fsanitize=address)
endif()
endif()
endif()
if(WIN32)
2018-10-19 15:41:56 -04:00
set(CMAKE_RC_COMPILER_INIT windres)
enable_language(RC)
if(MINGW)
set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
endif()
if(NOT IS_DEBUG_BUILD)
if(MSVC)
# By default MSVC enables NXCOMPAT
add_compile_options(/guard:cf)
add_link_options(/DYNAMICBASE /HIGHENTROPYVA /GUARD:CF)
else(MINGW)
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
# Enable high entropy ASLR for 64-bit builds
if(NOT IS_32BIT)
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
endif()
2018-10-19 15:41:56 -04:00
endif()
2018-05-09 06:47:34 -04:00
endif()
endif()
if(APPLE AND WITH_APP_BUNDLE OR WIN32)
2018-10-19 15:41:56 -04:00
set(PROGNAME KeePassXC)
2012-05-21 17:37:29 -04:00
else()
2018-10-19 15:41:56 -04:00
set(PROGNAME keepassxc)
2012-05-21 17:37:29 -04:00
endif()
2010-08-07 09:10:44 -04:00
if(WIN32)
2018-10-19 15:41:56 -04:00
set(CLI_INSTALL_DIR ".")
set(PROXY_INSTALL_DIR ".")
set(BIN_INSTALL_DIR ".")
set(PLUGIN_INSTALL_DIR ".")
set(DATA_INSTALL_DIR "share")
2017-05-05 13:49:52 -04:00
elseif(APPLE AND WITH_APP_BUNDLE)
set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
set(CMAKE_INSTALL_MANDIR "${BUNDLE_INSTALL_DIR}/Resources/man")
set(CLI_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(PROXY_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(BIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(PLUGIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/PlugIns")
set(DATA_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/Resources")
2012-05-21 17:37:29 -04:00
else()
2018-10-19 15:41:56 -04:00
include(GNUInstallDirs)
2018-10-19 15:41:56 -04:00
set(CLI_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(PROXY_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(BIN_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(PLUGIN_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/keepassxc")
set(DATA_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/keepassxc")
2012-05-21 17:37:29 -04:00
endif()
2012-05-21 17:37:29 -04:00
if(WITH_TESTS)
2018-10-19 15:41:56 -04:00
enable_testing()
2012-05-21 17:37:29 -04:00
endif(WITH_TESTS)
2010-08-13 12:08:06 -04:00
if(WITH_COVERAGE)
2018-10-19 15:41:56 -04:00
# Include code coverage, use with -DCMAKE_BUILD_TYPE=Debug
include(CodeCoverage)
append_coverage_compiler_flags()
set(COVERAGE_EXCLUDES
"'^(.+/)?thirdparty/.*'"
"'^(.+/)?main\\.cpp$$'"
"'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
"'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
set(MAIN_BINARIES
"$<TARGET_FILE:${PROGNAME}>"
"$<TARGET_FILE:keepassxc-cli>"
"$<TARGET_FILE:keepassxc-proxy>")
setup_target_for_coverage_llvm(
NAME coverage
BINARY ${MAIN_BINARIES}
SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
)
else()
setup_target_for_coverage_gcovr(
NAME coverage
SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
)
endif()
endif()
2018-01-14 10:11:00 -05:00
include(CLangFormat)
2018-10-19 15:41:56 -04:00
set(QT_COMPONENTS Core Network Concurrent Gui Svg Widgets Test LinguistTools)
2017-10-15 18:27:07 -04:00
if(UNIX AND NOT APPLE)
if(WITH_XC_X11)
list(APPEND QT_COMPONENTS X11Extras)
endif()
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus REQUIRED)
2017-10-15 18:27:07 -04:00
elseif(APPLE)
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS
/usr/local/opt/qt@5/lib/cmake
/usr/local/Cellar/qt@5/*/lib/cmake
/opt/homebrew/opt/qt@5/lib/cmake
ENV PATH)
find_package(Qt5 COMPONENTS MacExtras HINTS
/usr/local/opt/qt@5/lib/cmake
/usr/local/Cellar/qt@5/*/lib/cmake
/opt/homebrew/opt/qt@5/lib/cmake
ENV PATH)
2017-10-15 18:27:07 -04:00
else()
2018-10-19 15:41:56 -04:00
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
2017-10-15 18:27:07 -04:00
endif()
if(Qt5Core_VERSION VERSION_LESS "5.12.0")
message(FATAL_ERROR "Qt version 5.12.0 or higher is required")
endif()
get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
if(APPLE)
# Add includes under Qt5 Prefix in case Qt6 is also installed
include_directories(SYSTEM ${Qt5_PREFIX}/include)
endif()
# Process moc automatically
2015-07-22 10:59:38 -04:00
set(CMAKE_AUTOMOC ON)
# Process .ui files automatically
2017-10-15 18:27:07 -04:00
set(CMAKE_AUTOUIC ON)
# Process .qrc files automatically
2017-10-15 18:27:07 -04:00
set(CMAKE_AUTORCC ON)
if(APPLE)
2018-10-19 15:41:56 -04:00
set(CMAKE_MACOSX_RPATH TRUE)
find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
2018-10-19 15:41:56 -04:00
if(NOT MACDEPLOYQT_EXE)
message(FATAL_ERROR "macdeployqt is required to build on macOS")
2018-10-19 15:41:56 -04:00
endif()
message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
set(MACDEPLOYQT_EXTRA_BINARIES "")
elseif(WIN32)
find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/bin ENV PATH)
if(NOT WINDEPLOYQT_EXE)
message(FATAL_ERROR "windeployqt is required to build on Windows")
endif()
message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
2017-10-15 18:27:07 -04:00
endif()
# Debian sets the build type to None for package builds.
# Make sure we don't enable asserts there.
set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG)
2010-08-07 09:10:44 -04:00
# Find Argon2 -- Botan 2.18 and below does not support threaded Argon2
find_library(ARGON2_LIBRARIES NAMES argon2)
find_path(ARGON2_INCLUDE_DIR NAMES argon2.h PATH_SUFFIXES local/include)
include_directories(SYSTEM ${ARGON2_INCLUDE_DIR})
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
# Find zlib
find_package(ZLIB REQUIRED)
2017-10-15 08:02:34 -04:00
if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
2018-10-19 15:41:56 -04:00
message(FATAL_ERROR "zlib 1.2.0 or higher is required to use the gzip format")
2012-05-21 17:37:29 -04:00
endif()
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
# Find Minizip
find_package(Minizip REQUIRED)
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) * Support NFC readers for hardware tokens using PC/SC This requires a new library dependency: PCSC. The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used. * Split hardware key access into multiple classes to handle different methods of communicating with the keys. * Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB. * Add PC/SC interface for YubiKey challenge-response This new interface uses the PC/SC protocol and API instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device. Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader. This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library. * Remove PC/SC ATR whitelist, instead scan for AIDs Before, a whitelist of ATR codes (answer to reset, hardware-specific) was used to scan for compatible (Yubi)Keys. Now, every connected smartcard is scanned for AIDs (applet identifier), which are known to implement the HMAC-SHA1 protocol. This enables the support of currently unknown or unreleased hardware. Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
if(WITH_XC_YUBIKEY)
find_package(PCSC REQUIRED)
include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
if(UNIX AND NOT APPLE)
find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED)
find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED)
include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR})
endif()
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) * Support NFC readers for hardware tokens using PC/SC This requires a new library dependency: PCSC. The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used. * Split hardware key access into multiple classes to handle different methods of communicating with the keys. * Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB. * Add PC/SC interface for YubiKey challenge-response This new interface uses the PC/SC protocol and API instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device. Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader. This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library. * Remove PC/SC ATR whitelist, instead scan for AIDs Before, a whitelist of ATR codes (answer to reset, hardware-specific) was used to scan for compatible (Yubi)Keys. Now, every connected smartcard is scanned for AIDs (applet identifier), which are known to implement the HMAC-SHA1 protocol. This enables the support of currently unknown or unreleased hardware. Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
endif()
if(UNIX)
2018-10-19 15:41:56 -04:00
check_cxx_source_compiles("#include <sys/prctl.h>
int main() { prctl(PR_SET_DUMPABLE, 0); return 0; }"
2018-10-19 15:41:56 -04:00
HAVE_PR_SET_DUMPABLE)
check_cxx_source_compiles("#include <malloc.h>
int main() { return 0; }"
HAVE_MALLOC_H)
check_cxx_source_compiles("#include <malloc.h>
int main() { malloc_usable_size(NULL); return 0; }"
HAVE_MALLOC_USABLE_SIZE)
2018-10-19 15:41:56 -04:00
check_cxx_source_compiles("#include <sys/resource.h>
int main() {
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
setrlimit(RLIMIT_CORE, &limit);
return 0;
}" HAVE_RLIMIT_CORE)
2018-10-19 15:41:56 -04:00
if(APPLE)
check_cxx_source_compiles("#include <sys/types.h>
#include <sys/ptrace.h>
int main() { ptrace(PT_DENY_ATTACH, 0, 0, 0); return 0; }"
2018-10-19 15:41:56 -04:00
HAVE_PT_DENY_ATTACH)
endif()
endif()
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
find_library(ZXCVBN_LIBRARIES zxcvbn)
if(NOT ZXCVBN_LIBRARIES)
add_subdirectory(src/thirdparty/zxcvbn)
set(ZXCVBN_LIBRARIES zxcvbn)
endif(NOT ZXCVBN_LIBRARIES)
2010-08-07 09:10:44 -04:00
add_subdirectory(src)
add_subdirectory(share)
2012-05-21 17:37:29 -04:00
if(WITH_TESTS)
2018-10-19 15:41:56 -04:00
add_subdirectory(tests)
2012-05-21 17:37:29 -04:00
endif(WITH_TESTS)
if(WITH_XC_DOCS)
add_subdirectory(docs)
endif()
if(PRINT_SUMMARY)
2018-10-19 15:41:56 -04:00
# This will print ENABLED, REQUIRED and DISABLED
feature_summary(WHAT ALL)
else()
2018-10-19 15:41:56 -04:00
# This will only print ENABLED and DISABLED feature
feature_summary(WHAT ENABLED_FEATURES DESCRIPTION "Enabled features:")
feature_summary(WHAT DISABLED_FEATURES DESCRIPTION "Disabled features:")
endif()