WIP: Qt6 transition

.github/workflows/codeql.yml

@@ -37,11 +37,11 @@ jobs:
       run: |
         sudo apt update
         sudo apt install build-essential cmake g++
-        sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev  libqt5x11extras5-dev
+        sudo apt install qt6-base-dev qt6-base-private-dev qt6-tools-dev qt6-base-dev-tools qt6-svg-dev qt6-5compat-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -62,9 +62,9 @@ jobs:
     # If this step fails, then you should remove it and run the build manually (see below)
     - if: matrix.language != 'cpp'
       name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"

INSTALL.md

@@ -1,19 +1,17 @@
-Build and Install KeePassXC
-=================
+# Build and Install KeePassXC
 
 This document will guide you through the steps to build and install KeePassXC from source.
 For more information, see also the [_Building KeePassXC_](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC) page on the wiki.
 
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).
 
-Toolchain and Build Dependencies
-================================
+## Toolchain and Build Dependencies
 
 The following build tools must exist within your PATH:
 
-* cmake (>= 3.10.0)
+* cmake (>= 3.16.0)
 * make (>= 4.2) or ninja (>= 1.10)
-* g++ (>= 4.9) or clang++ (>= 6.0)
+* g++ (>= 9.3.0) or clang++ (>= 10.0)
 * asciidoctor (>= 2.0)
 
 * Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
@@ -22,8 +20,8 @@ The following build tools must exist within your PATH:
 * [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
 * [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
 
-Build Steps
-===========
+## Build Steps
+
 We recommend using the release tool to perform builds, please read up-to-date instructions [on our wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#building-using-the-release-tool).
 
 To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Command Prompt (Windows)**, or **MSYS2-MinGW shell (Windows)**. For code development on Windows, you can use Visual Studio 2022, Visual Studio Code, or CLion.
@@ -55,10 +53,10 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    ```
    mkdir build
    cd build
-   cmake -DWITH_XC_ALL=ON ..
+   cmake ..
    make
    ```
-      
+
 If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
 
 For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
@@ -69,66 +67,55 @@ Note: These steps place the compiled KeePassXC binary inside the `./build/src/`
 
 If you installed Qt@5 via Homebrew and CMake fails to find your Qt installation, you can specify it manually by adding the following parameter:
 
-`-DCMAKE_PREFIX_PATH=$(brew --prefix qt@5)/lib/cmake`
+`-DCMAKE_PREFIX_PATH=$(brew --prefix qt)/lib/cmake`
 
 When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=detect_leaks=0` before running the tests (LSAN is no supported on macOS).
 
 ## Windows Build Notes
 
 If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
 
-CMake Configuration Options
-==========================
-
-## Recommended CMake Build Parameters
-
-```
--DCMAKE_VERBOSE_MAKEFILE=ON
--DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
--DWITH_GUI_TESTS=ON
-```
-
 ## Additional CMake Parameters
 
-KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
+KeePassXC comes with a variety of build options that can turn on/off features. Each of these build options are supplied at the time of calling cmake:
 
 ```
--DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
--DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
--DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
--DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
--DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
--DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
--DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
--DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
--DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
-
--DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
+-DKPXC_MINIMAL=[ON|OFF] Build KeePassXC with the minimal feature set required for basic usage (default: OFF)
+-DKPXC_FEATURE_BROWSER=[ON|OFF] Browser integration and passkeys support (default: ON)
+-DKPXC_FEATURE_SSHAGENT=[ON|OFF] SSH Agent integration (default: ON)
+-DKPXC_FEATURE_FDOSECRETS=[ON|OFF] (Linux Only) freedesktop.org Secret Service integration; replace system keyring (default:ON)
+
+-DKPXC_FEATURE_NETWORK=[ON|OFF] Include code that reaches out to external networks (e.g. downloading icons) (default: ON)
+-DKPXC_FEATURE_UPDATES=[ON|OFF] Include automatic update checks; disable for managed distributions (requires networking) (default: ON)
+-DKPXC_FEATURE_DOCS=[ON|OFF] Build offline documentation; requires asciidoctor tool (default: ON)
 
 -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
 -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
--DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
+-DWITH_WARN_DEPRECATED=[ON|OFF] Development only: warn about deprecated methods, including Qt. (default: OFF)
 -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
 -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
 -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
+-DWITH_CCACHE=[ON|OFF] Use ccache for build speed optimization (default: OFF)
+-DWITH_X11=[ON|OFF] Enable building with X11 dependencies (default: ON)
 
--DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
--DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
+-DKEEPASSXC_BUILD_TYPE=[Snapshot|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
+-DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Flatpak|Native] Specify the distribution method (default: "Native")
 -DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
 -DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
 ```
 
-Installation
-============
+Note: Even though you can build the application with all TCP/IP networking code disabled, we still require and link against
+Qt6's network library to use local named pipes on all operating systems.
+
+## Installation
 
 After you have successfully built KeePassXC, install the binary by executing the following:
 
 ```
 sudo make install
 ```
 
-Packaging
-=========
+## Packaging
 
 You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging) for packaging scripts.
 
@@ -138,21 +125,23 @@ To package using CMake, run the following command using whichever [generators](h
 cpack -G "ZIP;WIX"
 ```
 
-Testing
-=======
+## Testing
 
 You can perform tests on the built executables with:
+
 ```
 make test ARGS+="--output-on-failure"
 ```
 
 On Linux, if you are not currently running on an X Server or Wayland, run the tests as follows:
+
 ```
 make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
 xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"
 ```
 
 Common parameters:
+
 ```
 CTEST_OUTPUT_ON_FAILURE=1
 ARGS+=-jX

README.md

@@ -1,4 +1,5 @@
 # <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
 [![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
 [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
@@ -10,16 +11,22 @@
 [KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.
 
 ## Quick Start
+
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the [User Guide](https://keepassxc.org/docs/KeePassXC_UserGuide.html).
 
 ## Features List
+
 KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.
 
-### Basic
+### Core Features
+
 * Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
+* All information is encrypted at rest and never exposed outside the program
 * Store sensitive information in entries that are organized by groups
-* Search for entries
 * Password generator
+* Search for entries
+* TOTP storage and generation
+* YubiKey/OnlyKey challenge-response support
 * Auto-Type passwords into applications
 * Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
 * Support for passkeys using the browser integration
@@ -33,10 +40,7 @@ KeePassXC has numerous features for novice and power users alike. Our goal is to
 * Field references between entries
 * File attachments and custom attributes
 * Entry history and data restoration
-* YubiKey/OnlyKey challenge-response support
 * Command line interface (keepassxc-cli)
-* Auto-Open databases
-* KeeShare shared databases (import, export, and synchronize)
 * SSH Agent integration
 * FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
 * Additional encryption choices: Twofish and ChaCha20

cmake/CompilerFlags.cmake

@@ -0,0 +1,65 @@
+#  Copyright (C) 2024 KeePassXC Team <team@keepassxc.org>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+macro(add_gcc_compiler_cxxflags FLAGS)
+    if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANGXX)
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${FLAGS}")
+    endif()
+endmacro()
+
+macro(add_gcc_compiler_cflags FLAGS)
+    if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FLAGS}")
+    endif()
+endmacro()
+
+macro(add_gcc_compiler_flags FLAGS)
+    add_gcc_compiler_cxxflags("${FLAGS}")
+    add_gcc_compiler_cflags("${FLAGS}")
+endmacro()
+
+# Copies of above macros that first ensure the compiler understands a given flag
+# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
+macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
+    check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
+    if(CXX_HAS${FLAGNAME})
+        add_gcc_compiler_cxxflags("${FLAG}")
+    endif()
+endmacro()
+
+macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
+    check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
+    if(CC_HAS${FLAGNAME})
+        add_gcc_compiler_cflags("${FLAG}")
+    endif()
+endmacro()
+
+# This is the "front-end" for the above macros
+# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
+macro(check_add_gcc_compiler_flag FLAG)
+    string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
+    set(check_lang_spec ${ARGN})
+    list(LENGTH check_lang_spec num_extra_args)
+    set(langs C CXX)
+    if(num_extra_args GREATER 0)
+        set(langs "${check_lang_spec}")
+    endif()
+    if("C" IN_LIST langs)
+        check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
+    endif()
+    if("CXX" IN_LIST langs)
+        check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
+    endif()
+endmacro()

cmake/compiler-checks/ptrace_deny_attach.cpp

@@ -0,0 +1,8 @@
+#include <sys/ptrace.h>
+#include <sys/types.h>
+
+int main()
+{
+    ptrace(PT_DENY_ATTACH, 0, 0, 0);
+    return 0;
+}

release-tool.py

@@ -644,6 +644,7 @@ def setup_arg_parser(cls, parser: argparse.ArgumentParser):
                             help='Build parallelism (default: %(default)s).')
         parser.add_argument('-y', '--yes', help='Bypass confirmation prompts.', action='store_true')
         parser.add_argument('--with-tests', help='Build and run tests.', action='store_true')
+        parser.add_argument('--minimal', help='Build with minimal feature set.', action='store_true')
 
         if sys.platform == 'darwin':
             parser.add_argument('--macos-target', default=12, metavar='MACOSX_DEPLOYMENT_TARGET',
@@ -665,6 +666,7 @@ def setup_arg_parser(cls, parser: argparse.ArgumentParser):
         elif sys.platform == 'win32':
             parser.add_argument('-p', '--platform-target', help='Build target platform (default: %(default)s).',
                                 choices=['amd64', 'arm64'], default='amd64')
+            parser.add_argument('--mingw', help='Build using MinGW-w64 toolchain.', action='store_true')
             parser.add_argument('--sign', help='Sign binaries prior to packaging.', action='store_true')
             parser.add_argument('--sign-identity', help='SHA1 fingerprint of the signing certificate.')
             parser.add_argument('--sign-timestamp-url', help='Timestamp URL for signing binaries.',
@@ -689,12 +691,13 @@ def run(self, version, src_dir, output_dir, tag_name, snapshot, cmake_generator,
         tag_name = tag_name or version
         kwargs['with_tests'] = with_tests
         with_tests = 'ON' if with_tests else 'OFF'
+        minimal = 'ON' if kwargs['minimal'] else 'OFF'
         cmake_opts = [
-            '-DWITH_XC_ALL=ON',
             '-DCMAKE_BUILD_TYPE=Release',
             '-DCMAKE_INSTALL_PREFIX=' + kwargs['install_prefix'],
             '-DWITH_TESTS=' + with_tests,
             '-DWITH_GUI_TESTS=' + with_tests,
+            '-DKPXC_MINIMAL=' + minimal
         ]
 
         if not kwargs['use_system_deps'] and not kwargs.get('docker_image'):
@@ -748,25 +751,30 @@ def _run_tests(cwd, ctest_cmd='ctest', parallelism=4):
 
     # noinspection PyMethodMayBeStatic
     def build_windows(self, version, src_dir, output_dir, *, parallelism, cmake_opts, platform_target,
-                      sign, sign_identity, sign_timestamp_url, with_tests, **_):
-        # Check for required tools
-        if not _cmd_exists('candle.exe') or not _cmd_exists('light.exe') or not _cmd_exists('heat.exe'):
-            raise Error('WiX Toolset not found on the PATH (candle.exe, light.exe, heat.exe).')
-
+                      sign, sign_identity, sign_timestamp_url, with_tests, mingw, **_):
         # Setup build signing if requested
         if sign:
             cmake_opts.append(f'-DWITH_XC_CODESIGN_IDENTITY={sign_identity}')
             cmake_opts.append(f'-WITH_XC_CODESIGN_TIMESTAMP_URL={sign_timestamp_url}')
         # Use vcpkg for dependency deployment
         cmake_opts.append('-DX_VCPKG_APPLOCAL_DEPS_INSTALL=ON')
 
-        # Find Visual Studio and capture build environment
-        vs_env = _capture_vs_env(arch=platform_target)
+        if mingw:
+            vs_env = os.environ.copy()
+        else:
+            # Find Visual Studio and capture build environment
+            vs_env = _capture_vs_env(arch=platform_target)
 
         # Use vs_env to resolve common tools
         cmake_cmd = shutil.which('cmake', path=vs_env.get('PATH'))
         cpack_cmd = shutil.which('cpack', path=vs_env.get('PATH'))
         ctest_cmd = shutil.which('ctest', path=vs_env.get('PATH'))
+
+        if not cmake_cmd or not cpack_cmd or not ctest_cmd:
+            raise Error('CMake tools (cmake, cpack, ctest) not found on PATH!')
+        if not _cmd_exists('candle.exe', path=vs_env.get('PATH')) or not _cmd_exists('light.exe', path=vs_env.get('PATH')) \
+            or not _cmd_exists('heat.exe', path=vs_env.get('PATH')):
+            raise Error('WiX Toolset (candle.exe, light.exe, heat.exe) not found on the PATH!')
 
         # Start the build
         with tempfile.TemporaryDirectory() as build_dir: