keepassxc/INSTALL.md
Jonathan White 4f0710350f Add support for Windows Hello
* Special thanks to @HexF and @smlu for their contributions towards this feature.

* Add MVP support for Windows Hello as a Quick Unlock solution using the WinRT API. This works by signing a random challenge vector with the Windows Hello protected key store (typically from TPM). The signed challenge is hashed using SHA-256 and then used as the encryption key to encrypt the database credentials. Credentials are encrypted using AES-256/GCM. This ensures the database password can only be decrypted following a successful authentication with Windows Hello in the future.

* Unify Touch ID and Windows Hello behavior under the Quick Unlock branding. Remove all timeout features of Touch ID as they are unnecessary and complicate the feature for no security gain.

* Quick Unlock is automatically reset only when the database key is changed vice whenever database settings are modified.

* Don't set database unlock dialog as always on top. This allows Touch ID and Windows Hello prompts to appear above the dialog properly.

* Prevent quick unlock when using AutoOpen or opening from the command line.
2022-02-22 17:53:50 -05:00

6.2 KiB

Build and Install KeePassXC

This document will guide you through the steps to build and install KeePassXC from source. For more information, see also the Building KeePassXC page on the wiki.

The QuickStart Guide gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the downloads page.

Build Dependencies

The following tools must exist within your PATH:

  • make
  • cmake (>= 3.3.0)
  • g++ (>= 4.7) or clang++ (>= 6.0)
  • asciidoctor

The following libraries are required:

  • Qt 5 (>= 5.9.5): qtbase5, qtbase5-private, libqt5svg5, qttools5, qt5-image-formats-plugins
  • botan (>= 2.12)
  • zlib
  • minizip
  • readline (for completion in cli)
  • libqt5x11extras5, libxi, and libxtst (for auto-type on X11)
  • qrencode
  • libusb-1.0, pcsclite (optional to support YubiKey on Linux)

Prepare the Building Environment

Build Steps

We recommend using the release tool to perform builds, please read up-to-date instructions on our wiki.

To compile from source, open a Terminal (on Linux/MacOS) or a MSYS2-MinGW shell (on Windows)
Note: on Windows you can also use MSVC to build natively, we recommend Visual Studio 2019

First, download the KeePassXC source tarball or check out the latest version from our Git repository.

To clone the project from Git, cd to a suitable location and run

git clone https://github.com/keepassxreboot/keepassxc.git

This will clone the entire contents of the repository and check out the current develop branch.

To update the project from within the project's folder, you can run the following command:

git pull

For a stable build, it is recommended to checkout the master branch.

git checkout master

NOTE: See the Windows Build Instructions for building with MSVC.

Navigate to the directory where you have downloaded KeePassXC and type these commands:

mkdir build
cd build
cmake -DWITH_XC_ALL=ON ..
make

NOTE: If you are using MSYS2, you may have to add -G "MSYS Makefiles" to the beginning of the cmake command.

These steps place the compiled KeePassXC binary inside the ./build/src/ directory. (Note the cmake notes/options below.)

Cmake Notes:

  • Common cmake parameters

    -DCMAKE_INSTALL_PREFIX=/usr/local
    -DCMAKE_VERBOSE_MAKEFILE=ON
    -DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
    -DWITH_GUI_TESTS=ON
    
  • cmake accepts the following options:

      -DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
      -DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
      -DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
      -DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
      -DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
      -DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
      -DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
      -DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
    
      -DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
    
      -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
      -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
      -DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
      -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
      -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
      -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
    
      -DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
      -DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
      -DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
      -DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
    
  • If you are on MacOS you must add this parameter to Cmake, with the Qt version you have installed
    -DCMAKE_PREFIX_PATH=/usr/local/Cellar/qt5/5.6.2/lib/cmake/

When building with ASan support on macOS, you need to use export ASAN_OPTIONS=detect_leaks=0 before running the tests (no LSan support in macOS).

Installation

After you have successfully built KeePassXC, install the binary by executing the following:

sudo make install

You can specify the destination dir with

DESTDIR=X

Packaging

You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to keepassxc-packaging

Testing

You can perform tests on the built executables with:

make test ARGS+="--output-on-failure"

If you are not currently running on an X Server or Wayland, run the tests as follows:

make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"

Common parameters:

CTEST_OUTPUT_ON_FAILURE=1
ARGS+=-jX
ARGS+="-E testgui"