keepassxc/CMakeLists.txt

534 lines
19 KiB
CMake
Raw Normal View History

2018-10-19 15:41:56 -04:00
# Copyright (C) 2018 KeePassXC Team <team@keepassxc.org>
# Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
2010-08-07 09:10:44 -04:00
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 or (at your option)
# version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
cmake_minimum_required(VERSION 3.3.0)
project(KeePassXC)
if(NOT CMAKE_BUILD_TYPE)
2018-10-19 15:41:56 -04:00
set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
"Choose the type of build, options are: Debug Release RelWithDebInfo Profile"
2018-10-19 15:41:56 -04:00
FORCE)
endif()
string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
2012-05-21 17:37:29 -04:00
set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
2017-05-05 20:20:27 -04:00
# Support Visual Studio Code
include(CMakeToolsHelpers OPTIONAL)
include(FeatureSummary)
2017-05-05 20:20:27 -04:00
include(CheckCCompilerFlag)
include(CheckCXXCompilerFlag)
include(CheckCXXSourceCompiles)
2010-08-13 12:08:06 -04:00
option(WITH_TESTS "Enable building of unit tests" ON)
2011-12-26 13:18:21 -05:00
option(WITH_GUI_TESTS "Enable building of GUI tests" OFF)
option(WITH_DEV_BUILD "Use only for development. Disables/warns about deprecated methods." OFF)
2017-10-15 18:27:07 -04:00
option(WITH_ASAN "Enable address sanitizer checks (Linux / macOS only)" OFF)
2017-03-15 10:26:40 -04:00
option(WITH_COVERAGE "Use to build with coverage tests (GCC only)." OFF)
option(WITH_APP_BUNDLE "Enable Application Bundle for macOS" ON)
option(WITH_CCACHE "Use ccache for build" OFF)
2010-08-07 09:10:44 -04:00
set(WITH_XC_ALL OFF CACHE BOOL "Build in all available plugins")
option(WITH_XC_AUTOTYPE "Include Auto-Type." ON)
option(WITH_XC_NETWORKING "Include networking code (e.g. for downloading website icons)." OFF)
option(WITH_XC_BROWSER "Include browser integration with keepassxc-browser." OFF)
2017-02-25 11:11:02 -05:00
option(WITH_XC_YUBIKEY "Include YubiKey support." OFF)
2017-10-29 11:17:24 -04:00
option(WITH_XC_SSHAGENT "Include SSH agent support." OFF)
option(WITH_XC_KEESHARE "Sharing integration with KeeShare (requires quazip5 for secure containers)" OFF)
option(WITH_XC_UPDATECHECK "Include automatic update checks; disable for controlled distributions" ON)
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC. Squashed commits: - Initial code - Add SessionAdaptor and fix build - The skeletons for all dbus objects are in place - Implement collection creation and deletion - Emit collectionChanged signal - Implement app-wise settings page - Implement error message on GUI - Implement settings - Fix uuid to dbus path - Implement app level settings - Add freedesktop logo - Implement database settings page - Change database settings to a treeview - Move all settings read/write to one place - Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets - Fix selected group can not be saved if the user hasn't click on the item - Show selected group per database in app settings - Disable editing of various readonly widgets - Remove unused warning about non exposed database - Fix method signature on dbus adaptors - Fix type derived from DBusObject not recognized as QDBusContext - Resolve a few TODOs around error handling - Remove const when passing DBus exposed objects - Move dismiss to PromptBase - Implement per collection locking/unlocking - Fix const correctness on Item::setSecret - Implement SecretService::getSecrets - Rework the signal connections around collections. - Remove generateId from DBusObject - Per spec, use encoded label as DBus object path for collections - Fix some corner cases around collection name changes - Implement alias - Fix wrong alias dbus path - Implement encryption per spec - Cleanup SessionCipher - Implement searchItems for SecretService - Use Tools::uuidToHex - Implement Item attributes and delete - Implement createItem - Always check if the database is unlocked before perform any operation - Add missing ReadAlias/SetAlias on service - Reorganize and fix OpenSession always returning empty output - Overhaul error handling - Make sure default alias is always present - Remove collection aliases early in doDelete - Handles all content types, fix setProperties not working - Fix sometimes there is an extraneous leading zero when converting from MPI - Fix session encryption negotiation - Do not expose recycle bin - Protect against the methods not called from DBus - Also emit collectionChanged signal when lock state changes - Show notification when entry secret is requested - Add a README file - Actually close session when client disconnects - Gracefully return alternative label when collection is locked - Reorganize, rename secretservice to fdosecrets - Fix issues reported by clazy - Unify UI strings and fix icon - Implement a setting to skip confirmation when deleting entries from DBus - Remove some unused debugging log - Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter. - Simplify GcryptMPI using std::unique_ptr and add unit test - Format code in fdosecrets - Move DBusReturnImpl to details namespace - Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted - Make sure Collection::searchItems works, whether it's locked or not - Fix FdoSecrets::Collection becomes empty after a database reload - Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
if(UNIX AND NOT APPLE)
option(WITH_XC_FDOSECRETS "Implement freedesktop.org Secret Storage Spec server side API." OFF)
endif()
2018-04-04 11:39:26 -04:00
if(APPLE)
2018-10-19 15:41:56 -04:00
option(WITH_XC_TOUCHID "Include TouchID support for macOS." OFF)
2018-04-04 11:39:26 -04:00
endif()
option(WITH_XC_DOCS "Enable building of documentation" ON)
if(WITH_CCACHE)
# Use the Compiler Cache (ccache) program
# (install with: sudo apt get ccache)
find_program(CCACHE_FOUND ccache)
if(NOT CCACHE_FOUND)
message(FATAL_ERROR "ccache requested but cannot be found.")
endif()
set_property(GLOBAL PROPERTY RULE_LAUNCH_COMPILE ${CCACHE_FOUND})
endif()
if(WITH_XC_ALL)
# Enable all options (except update check and docs)
2018-10-19 15:41:56 -04:00
set(WITH_XC_AUTOTYPE ON)
set(WITH_XC_NETWORKING ON)
set(WITH_XC_BROWSER ON)
set(WITH_XC_YUBIKEY ON)
set(WITH_XC_SSHAGENT ON)
set(WITH_XC_KEESHARE ON)
if(APPLE)
set(WITH_XC_TOUCHID ON)
endif()
Add Freedesktop.org Secret Storage Spec Server Side API (Fix #1403) This plugin implements the Secret Storage specification version 0.2. While running KeePassXC, it acts as a Secret Service server, registered on DBus, so clients like seahorse, python-secretstorage, or other implementations can connect and access the exposed database in KeePassXC. Squashed commits: - Initial code - Add SessionAdaptor and fix build - The skeletons for all dbus objects are in place - Implement collection creation and deletion - Emit collectionChanged signal - Implement app-wise settings page - Implement error message on GUI - Implement settings - Fix uuid to dbus path - Implement app level settings - Add freedesktop logo - Implement database settings page - Change database settings to a treeview - Move all settings read/write to one place - Rename SecretServiceOptionsPage to SettingsWidgetFdoSecrets - Fix selected group can not be saved if the user hasn't click on the item - Show selected group per database in app settings - Disable editing of various readonly widgets - Remove unused warning about non exposed database - Fix method signature on dbus adaptors - Fix type derived from DBusObject not recognized as QDBusContext - Resolve a few TODOs around error handling - Remove const when passing DBus exposed objects - Move dismiss to PromptBase - Implement per collection locking/unlocking - Fix const correctness on Item::setSecret - Implement SecretService::getSecrets - Rework the signal connections around collections. - Remove generateId from DBusObject - Per spec, use encoded label as DBus object path for collections - Fix some corner cases around collection name changes - Implement alias - Fix wrong alias dbus path - Implement encryption per spec - Cleanup SessionCipher - Implement searchItems for SecretService - Use Tools::uuidToHex - Implement Item attributes and delete - Implement createItem - Always check if the database is unlocked before perform any operation - Add missing ReadAlias/SetAlias on service - Reorganize and fix OpenSession always returning empty output - Overhaul error handling - Make sure default alias is always present - Remove collection aliases early in doDelete - Handles all content types, fix setProperties not working - Fix sometimes there is an extraneous leading zero when converting from MPI - Fix session encryption negotiation - Do not expose recycle bin - Protect against the methods not called from DBus - Also emit collectionChanged signal when lock state changes - Show notification when entry secret is requested - Add a README file - Actually close session when client disconnects - Gracefully return alternative label when collection is locked - Reorganize, rename secretservice to fdosecrets - Fix issues reported by clazy - Unify UI strings and fix icon - Implement a setting to skip confirmation when deleting entries from DBus - Remove some unused debugging log - Simply ignore errors when DBus context is not available. QtDBus won't set QDBusContext when deliver property get/set, and there is no way to get a QDBusMessage in property getter/setter. - Simplify GcryptMPI using std::unique_ptr and add unit test - Format code in fdosecrets - Move DBusReturnImpl to details namespace - Fix crash when locking a database: don't modify exposedGroup setting in customData when database is deleted - Make sure Collection::searchItems works, whether it's locked or not - Fix FdoSecrets::Collection becomes empty after a database reload - Fix crash when looping while modifying the list
2019-03-25 23:07:18 -04:00
if(UNIX AND NOT APPLE)
set(WITH_XC_FDOSECRETS ON)
endif()
endif()
# Prefer WITH_XC_NETWORKING setting over WITH_XC_UPDATECHECK
if(NOT WITH_XC_NETWORKING AND WITH_XC_UPDATECHECK)
message(STATUS "Disabling WITH_XC_UPDATECHECK because WITH_XC_NETWORKING is disabled")
set(WITH_XC_UPDATECHECK OFF)
endif()
2017-05-06 11:50:05 -04:00
set(KEEPASSXC_VERSION_MAJOR "2")
2020-10-24 10:58:23 -04:00
set(KEEPASSXC_VERSION_MINOR "7")
set(KEEPASSXC_VERSION_PATCH "0")
2017-05-06 11:50:05 -04:00
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION_MAJOR}.${KEEPASSXC_VERSION_MINOR}.${KEEPASSXC_VERSION_PATCH}")
set(OVERRIDE_VERSION "" CACHE STRING "Override the KeePassXC Version for Snapshot builds")
2010-08-13 12:08:06 -04:00
2018-02-17 11:46:19 -05:00
set(KEEPASSXC_BUILD_TYPE "Snapshot" CACHE STRING "Set KeePassXC build type to distinguish between stable releases and snapshots")
set_property(CACHE KEEPASSXC_BUILD_TYPE PROPERTY STRINGS Snapshot Release PreRelease)
# Retrieve git HEAD revision hash
set(GIT_HEAD_OVERRIDE "" CACHE STRING "Manually set the Git HEAD hash when missing (eg, when no .git folder exists)")
execute_process(COMMAND git rev-parse --short=7 HEAD
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE GIT_HEAD
ERROR_QUIET)
string(STRIP "${GIT_HEAD}" GIT_HEAD)
if(GIT_HEAD STREQUAL "" AND NOT GIT_HEAD_OVERRIDE STREQUAL "")
string(SUBSTRING "${GIT_HEAD_OVERRIDE}" 0 7 GIT_HEAD)
elseif(EXISTS ${CMAKE_SOURCE_DIR}/.gitrev)
file(READ ${CMAKE_SOURCE_DIR}/.gitrev GIT_HEAD)
endif()
message(STATUS "Found Git HEAD Revision: ${GIT_HEAD}\n")
# Check if on a tag, if so build as a release
execute_process(COMMAND git tag --points-at HEAD
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
OUTPUT_VARIABLE GIT_TAG
ERROR_QUIET)
if(GIT_TAG)
string(STRIP "${GIT_TAG}" GIT_TAG)
2018-10-19 15:41:56 -04:00
set(OVERRIDE_VERSION ${GIT_TAG})
elseif(EXISTS ${CMAKE_SOURCE_DIR}/.version)
2018-10-19 15:41:56 -04:00
file(READ ${CMAKE_SOURCE_DIR}/.version OVERRIDE_VERSION)
endif()
2018-02-17 11:46:19 -05:00
string(REGEX REPLACE "(\r?\n)+" "" OVERRIDE_VERSION "${OVERRIDE_VERSION}")
if(OVERRIDE_VERSION)
2018-10-19 15:41:56 -04:00
if(OVERRIDE_VERSION MATCHES "^[\\.0-9]+-(alpha|beta)[0-9]+$")
set(KEEPASSXC_BUILD_TYPE PreRelease)
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
elseif(OVERRIDE_VERSION MATCHES "^[\\.0-9]+$")
set(KEEPASSXC_BUILD_TYPE Release)
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
else()
set(KEEPASSXC_BUILD_TYPE Snapshot)
set(KEEPASSXC_VERSION ${OVERRIDE_VERSION})
endif()
else()
if(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease")
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-preview")
elseif(KEEPASSXC_BUILD_TYPE STREQUAL "Snapshot")
set(KEEPASSXC_VERSION "${KEEPASSXC_VERSION}-snapshot")
2018-10-19 15:41:56 -04:00
endif()
endif()
2018-02-17 11:46:19 -05:00
if(KEEPASSXC_BUILD_TYPE STREQUAL "Release")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_RELEASE ON)
2018-02-17 11:46:19 -05:00
elseif(KEEPASSXC_BUILD_TYPE STREQUAL "PreRelease")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_PRE_RELEASE ON)
2018-02-17 11:46:19 -05:00
else()
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_BUILD_TYPE_SNAPSHOT ON)
2018-02-17 11:46:19 -05:00
endif()
message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
# Distribution info
2018-02-17 11:46:19 -05:00
set(KEEPASSXC_DIST ON)
set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Other)
if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_DIST_SNAP ON)
elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
2018-10-19 15:41:56 -04:00
set(KEEPASSXC_DIST_APPIMAGE ON)
elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
2018-10-19 15:41:56 -04:00
unset(KEEPASSXC_DIST)
endif()
2018-05-09 06:47:34 -04:00
if("${CMAKE_SIZEOF_VOID_P}" EQUAL "4")
2018-10-19 15:41:56 -04:00
set(IS_32BIT TRUE)
2018-05-09 06:47:34 -04:00
endif()
2019-05-19 15:58:52 -04:00
set(CLANG_COMPILER_ID_REGEX "^(Apple)?[Cc]lang$")
if("${CMAKE_C_COMPILER}" MATCHES "clang$"
OR "${CMAKE_EXTRA_GENERATOR_C_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
2019-05-19 15:58:52 -04:00
OR "${CMAKE_C_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
2018-10-19 15:41:56 -04:00
set(CMAKE_COMPILER_IS_CLANG 1)
2012-05-21 17:37:29 -04:00
endif()
if("${CMAKE_CXX_COMPILER}" MATCHES "clang(\\+\\+)?$"
OR "${CMAKE_EXTRA_GENERATOR_CXX_SYSTEM_DEFINED_MACROS}" MATCHES "__clang__"
2019-05-19 15:58:52 -04:00
OR "${CMAKE_CXX_COMPILER_ID}" MATCHES ${CLANG_COMPILER_ID_REGEX})
2018-10-19 15:41:56 -04:00
set(CMAKE_COMPILER_IS_CLANGXX 1)
2012-05-21 17:37:29 -04:00
endif()
2012-04-18 10:10:40 -04:00
macro(add_gcc_compiler_cxxflags FLAGS)
2018-10-19 15:41:56 -04:00
if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANGXX)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${FLAGS}")
endif()
endmacro(add_gcc_compiler_cxxflags)
macro(add_gcc_compiler_cflags FLAGS)
2018-10-19 15:41:56 -04:00
if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FLAGS}")
endif()
endmacro(add_gcc_compiler_cflags)
macro(add_gcc_compiler_flags FLAGS)
2018-10-19 15:41:56 -04:00
add_gcc_compiler_cxxflags("${FLAGS}")
add_gcc_compiler_cflags("${FLAGS}")
endmacro(add_gcc_compiler_flags)
2012-04-18 10:10:40 -04:00
# Copies of above macros that first ensure the compiler understands a given flag
# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
if(CXX_HAS${FLAGNAME})
add_gcc_compiler_cxxflags("${FLAG}")
endif()
endmacro(check_add_gcc_compiler_cxxflag)
macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
if(CC_HAS${FLAGNAME})
add_gcc_compiler_cflags("${FLAG}")
endif()
endmacro(check_add_gcc_compiler_cflag)
# This is the "front-end" for the above macros
# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
macro(check_add_gcc_compiler_flag FLAG)
string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
set(check_lang_spec ${ARGN})
list(LENGTH check_lang_spec num_extra_args)
set(langs C CXX)
if(num_extra_args GREATER 0)
set(langs "${check_lang_spec}")
endif()
if("C" IN_LIST langs)
check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
endif()
if("CXX" IN_LIST langs)
check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
endif()
endmacro(check_add_gcc_compiler_flag)
add_definitions(-DQT_NO_EXCEPTIONS -DQT_STRICT_ITERATORS -DQT_NO_CAST_TO_ASCII)
2017-05-05 13:49:52 -04:00
if(WITH_APP_BUNDLE)
2018-10-19 15:41:56 -04:00
add_definitions(-DWITH_APP_BUNDLE)
2017-05-05 13:49:52 -04:00
endif()
add_gcc_compiler_flags("-fno-common")
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
check_add_gcc_compiler_flag("-fopenmp")
add_gcc_compiler_flags("-Wall -Wextra -Wundef -Wpointer-arith -Wno-long-long")
add_gcc_compiler_flags("-Wformat=2 -Wmissing-format-attribute")
add_gcc_compiler_flags("-fvisibility=hidden")
add_gcc_compiler_cxxflags("-fvisibility-inlines-hidden")
2012-04-18 10:10:40 -04:00
if(CMAKE_BUILD_TYPE_LOWER STREQUAL "debug")
check_add_gcc_compiler_flag("-Wshadow-compatible-local")
check_add_gcc_compiler_flag("-Wshadow-local")
2018-10-19 15:41:56 -04:00
add_gcc_compiler_flags("-Werror")
endif()
2019-03-24 09:26:34 -04:00
if (NOT HAIKU)
if((CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_GREATER 4.8.999) OR CMAKE_COMPILER_IS_CLANGXX)
add_gcc_compiler_flags("-fstack-protector-strong")
else()
add_gcc_compiler_flags("-fstack-protector --param=ssp-buffer-size=4")
endif()
2019-03-24 09:26:34 -04:00
endif()
add_gcc_compiler_cxxflags("-Wnon-virtual-dtor -Wold-style-cast -Woverloaded-virtual")
add_gcc_compiler_cflags("-Wchar-subscripts -Wwrite-strings")
2017-03-14 09:29:09 -04:00
if(WITH_ASAN)
2018-10-19 15:41:56 -04:00
if(NOT (CMAKE_SYSTEM_NAME STREQUAL "Linux" OR APPLE))
message(FATAL_ERROR "WITH_ASAN is only supported on Linux / macOS at the moment.")
endif()
2018-10-19 15:41:56 -04:00
add_gcc_compiler_flags("-fsanitize=address -DWITH_ASAN")
2017-03-14 09:53:29 -04:00
2018-10-19 15:41:56 -04:00
if(CMAKE_SYSTEM_NAME STREQUAL "Linux")
if(NOT (CMAKE_COMPILER_IS_GNUCXX AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9))
add_gcc_compiler_flags("-fsanitize=leak -DWITH_LSAN")
endif()
endif()
2017-03-14 09:29:09 -04:00
endif()
2018-10-19 15:41:56 -04:00
if(CMAKE_BUILD_TYPE_LOWER MATCHES "(release|relwithdebinfo|minsizerel)")
add_gcc_compiler_flags("-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2")
endif()
check_add_gcc_compiler_flag("-Werror=format-security")
check_add_gcc_compiler_flag("-Werror=implicit-function-declaration" C)
check_add_gcc_compiler_flag("-Wcast-align")
if(UNIX AND NOT APPLE)
check_add_gcc_compiler_flag("-Qunused-arguments")
check_add_gcc_compiler_flag("-fPIC")
2018-10-19 15:41:56 -04:00
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed -Wl,--no-undefined")
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-z,relro,-z,now -pie")
2018-10-19 15:41:56 -04:00
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--no-add-needed -Wl,--as-needed")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,-z,relro,-z,now")
2012-05-21 17:37:29 -04:00
endif()
2010-08-07 09:10:44 -04:00
add_gcc_compiler_cflags("-std=c99")
add_gcc_compiler_cxxflags("-std=c++11")
2012-04-18 14:18:48 -04:00
check_add_gcc_compiler_flag("-fsized-deallocation" CXX)
2019-05-19 15:58:52 -04:00
if(APPLE AND CMAKE_COMPILER_IS_CLANGXX)
2018-10-19 15:41:56 -04:00
add_gcc_compiler_cxxflags("-stdlib=libc++")
2012-05-21 17:37:29 -04:00
endif()
2012-04-18 14:18:48 -04:00
if(WITH_DEV_BUILD)
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
add_definitions(-DQT_DEPRECATED_WARNINGS)
else()
add_definitions(-DQT_NO_DEPRECATED_WARNINGS)
add_gcc_compiler_cxxflags("-Wno-deprecated-declarations")
2012-06-29 08:14:58 -04:00
endif()
if (MSVC)
if(MSVC_VERSION LESS 1910)
message(FATAL_ERROR "Only Microsoft Visual Studio 17 and newer are supported!")
endif()
set(CMAKE_CXX_STANDARD 17)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
add_compile_options(/permissive- /utf-8)
endif()
if(WIN32)
2018-10-19 15:41:56 -04:00
set(CMAKE_RC_COMPILER_INIT windres)
enable_language(RC)
if(MINGW)
set(CMAKE_RC_COMPILE_OBJECT "<CMAKE_RC_COMPILER> <FLAGS> -O coff <DEFINES> -i <SOURCE> -o <OBJECT>")
endif()
if(NOT (CMAKE_BUILD_TYPE_LOWER STREQUAL "debug" OR CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithdebinfo"))
# Enable DEP, ASLR and on VS additional enable
# control flow guard and buffer security check
if(MSVC)
add_compile_options(/DYNAMICBASE:YES /guard:cf /GS)
add_link_options(/NXCOMPAT /guard:cf)
else(MINGW)
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--nxcompat -Wl,--dynamicbase")
# Enable high entropy ASLR for 64-bit builds
if(NOT IS_32BIT)
set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--high-entropy-va")
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -Wl,--high-entropy-va")
endif()
2018-10-19 15:41:56 -04:00
endif()
2018-05-09 06:47:34 -04:00
endif()
endif()
if(APPLE AND WITH_APP_BUNDLE OR WIN32)
2018-10-19 15:41:56 -04:00
set(PROGNAME KeePassXC)
2012-05-21 17:37:29 -04:00
else()
2018-10-19 15:41:56 -04:00
set(PROGNAME keepassxc)
2012-05-21 17:37:29 -04:00
endif()
2010-08-07 09:10:44 -04:00
if(WIN32)
2018-10-19 15:41:56 -04:00
set(CLI_INSTALL_DIR ".")
set(PROXY_INSTALL_DIR ".")
set(BIN_INSTALL_DIR ".")
set(PLUGIN_INSTALL_DIR ".")
set(DATA_INSTALL_DIR "share")
2017-05-05 13:49:52 -04:00
elseif(APPLE AND WITH_APP_BUNDLE)
set(BUNDLE_INSTALL_DIR "${PROGNAME}.app/Contents")
set(CMAKE_INSTALL_MANDIR "${BUNDLE_INSTALL_DIR}/Resources/man")
set(CLI_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(PROXY_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(BIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/MacOS")
set(PLUGIN_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/PlugIns")
set(DATA_INSTALL_DIR "${BUNDLE_INSTALL_DIR}/Resources")
2012-05-21 17:37:29 -04:00
else()
2018-10-19 15:41:56 -04:00
include(GNUInstallDirs)
2018-10-19 15:41:56 -04:00
set(CLI_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(PROXY_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(BIN_INSTALL_DIR "${CMAKE_INSTALL_BINDIR}")
set(PLUGIN_INSTALL_DIR "${CMAKE_INSTALL_LIBDIR}/keepassxc")
set(DATA_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/keepassxc")
2012-05-21 17:37:29 -04:00
endif()
2012-05-21 17:37:29 -04:00
if(WITH_TESTS)
2018-10-19 15:41:56 -04:00
enable_testing()
2012-05-21 17:37:29 -04:00
endif(WITH_TESTS)
2010-08-13 12:08:06 -04:00
if(WITH_COVERAGE)
2018-10-19 15:41:56 -04:00
# Include code coverage, use with -DCMAKE_BUILD_TYPE=Debug
include(CodeCoverage)
append_coverage_compiler_flags()
set(COVERAGE_EXCLUDES
"'^(.+/)?(thirdparty|zxcvbn)/.*'"
"'^(.+/)?main\\.cpp$$'"
"'^(.+/)?cli/keepassxc-cli\\.cpp$$'"
"'^(.+/)?proxy/keepassxc-proxy\\.cpp$$'")
if(WITH_COVERAGE AND CMAKE_COMPILER_IS_CLANGXX)
set(MAIN_BINARIES
"$<TARGET_FILE:${PROGNAME}>"
"$<TARGET_FILE:keepassxc-cli>"
"$<TARGET_FILE:keepassxc-proxy>")
setup_target_for_coverage_llvm(
NAME coverage
BINARY ${MAIN_BINARIES}
SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
)
else()
setup_target_for_coverage_gcovr(
NAME coverage
SOURCES_ROOT ${CMAKE_SOURCE_DIR}/src
)
endif()
endif()
2018-01-14 10:11:00 -05:00
include(CLangFormat)
2018-10-19 15:41:56 -04:00
set(QT_COMPONENTS Core Network Concurrent Gui Svg Widgets Test LinguistTools)
2017-10-15 18:27:07 -04:00
if(UNIX AND NOT APPLE)
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} DBus X11Extras REQUIRED)
2017-10-15 18:27:07 -04:00
elseif(APPLE)
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED HINTS
/usr/local/opt/qt/lib/cmake
/usr/local/Cellar/qt/*/lib/cmake
/opt/homebrew/opt/qt/lib/cmake
ENV PATH)
find_package(Qt5 COMPONENTS MacExtras HINTS
/usr/local/opt/qt/lib/cmake
/usr/local/Cellar/qt/*/lib/cmake
/opt/homebrew/opt/qt/lib/cmake
ENV PATH)
2017-10-15 18:27:07 -04:00
else()
2018-10-19 15:41:56 -04:00
find_package(Qt5 COMPONENTS ${QT_COMPONENTS} REQUIRED)
2017-10-15 18:27:07 -04:00
endif()
if(Qt5Core_VERSION VERSION_LESS "5.2.0")
2018-10-19 15:41:56 -04:00
message(FATAL_ERROR "Qt version 5.2.0 or higher is required")
endif()
2017-10-15 18:27:07 -04:00
get_filename_component(Qt5_PREFIX ${Qt5_DIR}/../../.. REALPATH)
# Process moc automatically
2015-07-22 10:59:38 -04:00
set(CMAKE_AUTOMOC ON)
# Process .ui files automatically
2017-10-15 18:27:07 -04:00
set(CMAKE_AUTOUIC ON)
# Process .qrc files automatically
2017-10-15 18:27:07 -04:00
set(CMAKE_AUTORCC ON)
if(APPLE)
2018-10-19 15:41:56 -04:00
set(CMAKE_MACOSX_RPATH TRUE)
find_program(MACDEPLOYQT_EXE macdeployqt HINTS ${Qt5_PREFIX}/bin ENV PATH)
if(NOT MACDEPLOYQT_EXE)
message(FATAL_ERROR "macdeployqt is required to build on macOS")
2018-10-19 15:41:56 -04:00
endif()
message(STATUS "Using macdeployqt: ${MACDEPLOYQT_EXE}")
elseif(WIN32)
find_program(WINDEPLOYQT_EXE windeployqt HINTS ${Qt5_PREFIX}/bin ${Qt5_PREFIX}/tools/qt5/debug/bin ENV PATH)
if(NOT WINDEPLOYQT_EXE)
message(FATAL_ERROR "windeployqt is required to build on Windows")
endif()
message(STATUS "Using windeployqt: ${WINDEPLOYQT_EXE}")
2017-10-15 18:27:07 -04:00
endif()
# Debian sets the the build type to None for package builds.
# Make sure we don't enable asserts there.
set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_NONE QT_NO_DEBUG)
2010-08-07 09:10:44 -04:00
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
# Find Botan2
find_package(Botan2 REQUIRED)
if(BOTAN2_VERSION VERSION_LESS "2.11.0")
message(FATAL_ERROR "Botan2 2.11.0 or higher is required")
endif()
include_directories(SYSTEM ${BOTAN2_INCLUDE_DIR})
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
# Find zlib
find_package(ZLIB REQUIRED)
2017-10-15 08:02:34 -04:00
if(ZLIB_VERSION_STRING VERSION_LESS "1.2.0")
2018-10-19 15:41:56 -04:00
message(FATAL_ERROR "zlib 1.2.0 or higher is required to use the gzip format")
2012-05-21 17:37:29 -04:00
endif()
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
Implement support for Yubikeys and potential other tokens via wireless NFC using smartcard readers (Rebase) (#6895) * Support NFC readers for hardware tokens using PC/SC This requires a new library dependency: PCSC. The PCSC library provides methods to access smartcards. On Linux, the third-party pcsc-lite package is used. On Windows, the native Windows API (Winscard.dll) is used. On Mac OSX, the native OSX API (framework-PCSC) is used. * Split hardware key access into multiple classes to handle different methods of communicating with the keys. * Since the Yubikey can now be a wireless token as well, the verb "plug in" was replaced with a more generic "interface with". This shall indicate that the user has to present their token to the reader, or plug it in via USB. * Add PC/SC interface for YubiKey challenge-response This new interface uses the PC/SC protocol and API instead of the USB protocol via ykpers. Many YubiKeys expose their functionality as a CCID device, which can be interfaced with using PC/SC. This is especially useful for NFC-only or NFC-capable Yubikeys, when they are used together with a PC/SC compliant NFC reader device. Although many (not all) Yubikeys expose their CCID functionality over their own USB connection as well, the HMAC-SHA1 functionality is often locked in this mode, as it requires eg. a touch on the gold button. When accessing the CCID functionality wirelessly via NFC (like this code can do using a reader), then the user interaction is to present the key to the reader. This implementation has been tested on Linux using pcsc-lite, Windows using the native Winscard.dll library, and Mac OSX using the native PCSC-framework library. * Remove PC/SC ATR whitelist, instead scan for AIDs Before, a whitelist of ATR codes (answer to reset, hardware-specific) was used to scan for compatible (Yubi)Keys. Now, every connected smartcard is scanned for AIDs (applet identifier), which are known to implement the HMAC-SHA1 protocol. This enables the support of currently unknown or unreleased hardware. Co-authored-by: Jonathan White <support@dmapps.us>
2021-10-01 10:39:07 -04:00
if(WITH_XC_YUBIKEY)
find_package(PCSC REQUIRED)
include_directories(SYSTEM ${PCSC_INCLUDE_DIRS})
endif()
if(UNIX)
2018-10-19 15:41:56 -04:00
check_cxx_source_compiles("#include <sys/prctl.h>
int main() { prctl(PR_SET_DUMPABLE, 0); return 0; }"
2018-10-19 15:41:56 -04:00
HAVE_PR_SET_DUMPABLE)
check_cxx_source_compiles("#include <malloc.h>
int main() { return 0; }"
HAVE_MALLOC_H)
check_cxx_source_compiles("#include <malloc.h>
int main() { malloc_usable_size(NULL, 0); return 0; }"
HAVE_MALLOC_USABLE_SIZE)
2018-10-19 15:41:56 -04:00
check_cxx_source_compiles("#include <sys/resource.h>
int main() {
struct rlimit limit;
limit.rlim_cur = 0;
limit.rlim_max = 0;
setrlimit(RLIMIT_CORE, &limit);
return 0;
}" HAVE_RLIMIT_CORE)
2018-10-19 15:41:56 -04:00
if(APPLE)
check_cxx_source_compiles("#include <sys/types.h>
#include <sys/ptrace.h>
int main() { ptrace(PT_DENY_ATTACH, 0, 0, 0); return 0; }"
2018-10-19 15:41:56 -04:00
HAVE_PT_DENY_ATTACH)
endif()
endif()
Replace all crypto libraries with Botan Selected the [Botan crypto library](https://github.com/randombit/botan) due to its feature list, maintainer support, availability across all deployment platforms, and ease of use. Also evaluated Crypto++ as a viable candidate, but the additional features of Botan (PKCS#11, TPM, etc) won out. The random number generator received a backend upgrade. Botan prefers hardware-based RNG's and will provide one if available. This is transparent to KeePassXC and a significant improvement over gcrypt. Replaced Argon2 library with built-in Botan implementation that supports i, d, and id. This requires Botan 2.11.0 or higher. Also simplified the parameter test across KDF's. Aligned SymmetricCipher parameters with available modes. All encrypt and decrypt operations are done in-place instead of returning new objects. This allows use of secure vectors in the future with no additional overhead. Took this opportunity to decouple KeeShare from SSH Agent. Removed leftover code from OpenSSHKey and consolidated the SSH Agent code into the same directory. Removed bcrypt and blowfish inserts since they are provided by Botan. Additionally simplified KeeShare settings interface by removing raw certificate byte data from the user interface. KeeShare will be further refactored in a future PR. NOTE: This PR breaks backwards compatibility with KeeShare certificates due to different RSA key storage with Botan. As a result, new "own" certificates will need to be generated and trust re-established. Removed YKChallengeResponseKeyCLI in favor of just using the original implementation with signal/slots. Removed TestRandom stub since it was just faking random numbers and not actually using the backend. TestRandomGenerator now uses the actual RNG. Greatly simplified Secret Service plugin's use of crypto functions with Botan.
2021-04-04 08:56:00 -04:00
include_directories(SYSTEM ${ZLIB_INCLUDE_DIR})
2010-08-07 09:10:44 -04:00
add_subdirectory(src)
add_subdirectory(share)
2012-05-21 17:37:29 -04:00
if(WITH_TESTS)
2018-10-19 15:41:56 -04:00
add_subdirectory(tests)
2012-05-21 17:37:29 -04:00
endif(WITH_TESTS)
if(WITH_XC_DOCS)
add_subdirectory(docs)
endif()
if(PRINT_SUMMARY)
2018-10-19 15:41:56 -04:00
# This will print ENABLED, REQUIRED and DISABLED
feature_summary(WHAT ALL)
else()
2018-10-19 15:41:56 -04:00
# This will only print ENABLED and DISABLED feature
feature_summary(WHAT ENABLED_FEATURES DESCRIPTION "Enabled features:")
feature_summary(WHAT DISABLED_FEATURES DESCRIPTION "Disabled features:")
endif()