Refactor: Move to simple default builds

* Remove individual feature flags in favor of a single `KPXC_MINIMAL` flag that removes advanced features from the build. Basic features are no longer guarded by feature flags.
* Basic features: Auto-Type, Yubikey, KeeShare
* Advanced features include: Browser (and passkeys), SSH Agent, and Secret Service
* Networking, Documentation, and Update Checking remain as feature flags to accommodate various distro requirements.

This change also cleans up the main CMakeLists.txt by re-arranging some content and placing macros into a dedicated include file. The minimum CMake version was bumped to 3.16.0 to conform to our minimum Ubuntu support of Focal (20.04). This also allows us to default to C++20, we fall back to C++17 for Qt versions less than 5.15.0 due to lack of support.

Lastly this change removes the KEEPASSXC_BUILD_TYPE="PreRelease" which is never used. We only support "Snapshot" and "Release" now.

INSTALL.md

@@ -1,19 +1,17 @@
-Build and Install KeePassXC
-=================
+# Build and Install KeePassXC
 
 This document will guide you through the steps to build and install KeePassXC from source.
 For more information, see also the [_Building KeePassXC_](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC) page on the wiki.
 
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download).
 
-Toolchain and Build Dependencies
-================================
+## Toolchain and Build Dependencies
 
 The following build tools must exist within your PATH:
 
-* cmake (>= 3.10.0)
+* cmake (>= 3.16.0)
 * make (>= 4.2) or ninja (>= 1.10)
-* g++ (>= 4.9) or clang++ (>= 6.0)
+* g++ (>= 9.3.0) or clang++ (>= 10.0)
 * asciidoctor (>= 2.0)
 
 * Besides a working C++ toolchain, KeePassXC also has a number of direct build and runtime dependencies. For detailed information about how to install them, please refer to the GitHub wiki:
@@ -22,8 +20,8 @@ The following build tools must exist within your PATH:
 * [Set up Build Environment on Windows](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-Windows)
 * [Set up Build Environment on macOS](https://github.com/keepassxreboot/keepassxc/wiki/Set-up-Build-Environment-on-macOS)
 
-Build Steps
-===========
+## Build Steps
+
 We recommend using the release tool to perform builds, please read up-to-date instructions [on our wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC#building-using-the-release-tool).
 
 To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Command Prompt (Windows)**, or **MSYS2-MinGW shell (Windows)**. For code development on Windows, you can use Visual Studio 2022, Visual Studio Code, or CLion.
@@ -55,10 +53,10 @@ To compile from source, open a **Terminal (Linux/MacOS)**, the **MSVC Tools Comm
    ```
    mkdir build
    cd build
-   cmake -DWITH_XC_ALL=ON ..
+   cmake ..
    make
    ```
-      
+
 If you have `vcpkg` installed, add `-DCMAKE_TOOLCHAIN_FILE=${VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake` to the `cmake` command to automatically download and install all required build and runtime dependencies locally to your build directory before compiling KeePassXC. Using `vcpkg` is the preferred way to install dependencies on macOS and required on Windows if using the MSVC toolchain.
 
 For more detailed build instructions for each platform, please refer to the [GitHub wiki](https://github.com/keepassxreboot/keepassxc/wiki/Building-KeePassXC).
@@ -77,58 +75,47 @@ When building with ASAN support on macOS, you need to use `export ASAN_OPTIONS=d
 
 If you are using MSYS2, you have to add ```-G "MSYS Makefiles"``` at the beginning of the cmake command.
 
-CMake Configuration Options
-==========================
-
-## Recommended CMake Build Parameters
-
-```
--DCMAKE_VERBOSE_MAKEFILE=ON
--DCMAKE_BUILD_TYPE=<RelWithDebInfo/Debug/Release>
--DWITH_GUI_TESTS=ON
-```
-
 ## Additional CMake Parameters
 
-KeePassXC comes with a variety of build options that can turn on/off features. Most notably, we allow you to build the application with all TCP/IP networking code disabled. Please note that we still require and link against Qt5's network library in order to use local named pipes on all operating systems. Each of these build options are supplied at the time of calling cmake:
+KeePassXC comes with a variety of build options that can turn on/off features. Each of these build options are supplied at the time of calling cmake:
 
 ```
--DWITH_XC_AUTOTYPE=[ON|OFF] Enable/Disable Auto-Type (default: ON)
--DWITH_XC_YUBIKEY=[ON|OFF] Enable/Disable YubiKey HMAC-SHA1 authentication support (default: OFF)
--DWITH_XC_BROWSER=[ON|OFF] Enable/Disable KeePassXC-Browser extension support (default: OFF)
--DWITH_XC_BROWSER_PASSKEYS=[ON|OFF] Enable/Disable Passkeys support for browser integration (default: OFF)
--DWITH_XC_NETWORKING=[ON|OFF] Enable/Disable Networking support (e.g., favicon downloading) (default: OFF)
--DWITH_XC_SSHAGENT=[ON|OFF] Enable/Disable SSHAgent support (default: OFF)
--DWITH_XC_FDOSECRETS=[ON|OFF] (Linux Only) Enable/Disable Freedesktop.org Secrets Service support (default:OFF)
--DWITH_XC_KEESHARE=[ON|OFF] Enable/Disable KeeShare group synchronization extension (default: OFF)
--DWITH_XC_ALL=[ON|OFF] Enable/Disable compiling all plugins above (default: OFF)
-
--DWITH_XC_UPDATECHECK=[ON|OFF] Enable/Disable automatic updating checking (requires WITH_XC_NETWORKING) (default: ON)
+-DKPXC_MINIMAL=[ON|OFF] Build KeePassXC with the minimal feature set required for basic usage (default: OFF)
+-DKPXC_FEATURE_BROWSER=[ON|OFF] Browser integration and passkeys support (default: ON)
+-DKPXC_FEATURE_SSHAGENT=[ON|OFF] SSH Agent integration (default: ON)
+-DKPXC_FEATURE_FDOSECRETS=[ON|OFF] (Linux Only) freedesktop.org Secret Service integration; replace system keyring (default:ON)
+
+-DKPXC_FEATURE_NETWORK=[ON|OFF] Include code that reaches out to external networks (e.g. downloading icons) (default: ON)
+-DKPXC_FEATURE_UPDATES=[ON|OFF] Include automatic update checks; disable for managed distributions (requires networking) (default: ON)
+-DKPXC_FEATURE_DOCS=[ON|OFF] Build offline documentation; requires asciidoctor tool (default: ON)
 
 -DWITH_TESTS=[ON|OFF] Enable/Disable building of unit tests (default: ON)
 -DWITH_GUI_TESTS=[ON|OFF] Enable/Disable building of GUI tests (default: OFF)
--DWITH_DEV_BUILD=[ON|OFF] Enable/Disable deprecated method warnings (default: OFF)
+-DWITH_WARN_DEPRECATED=[ON|OFF] Development only: warn about deprecated methods, including Qt. (default: OFF)
 -DWITH_ASAN=[ON|OFF] Enable/Disable address sanitizer checks (Linux / macOS only) (default: OFF)
 -DWITH_COVERAGE=[ON|OFF] Enable/Disable coverage tests (GCC only) (default: OFF)
 -DWITH_APP_BUNDLE=[ON|OFF] Enable Application Bundle for macOS (default: ON)
+-DWITH_CCACHE=[ON|OFF] Use ccache for build speed optimization (default: OFF)
+-DWITH_X11=[ON|OFF] Enable building with X11 dependencies (default: ON)
 
--DKEEPASSXC_BUILD_TYPE=[Snapshot|PreRelease|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
--DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Other] Specify the distribution method (default: "Other")
+-DKEEPASSXC_BUILD_TYPE=[Snapshot|Release] Set the build type to show/hide stability warnings (default: "Snapshot")
+-DKEEPASSXC_DIST_TYPE=[Snap|AppImage|Flatpak|Native] Specify the distribution method (default: "Native")
 -DOVERRIDE_VERSION=[X.X.X] Specify a version number when building. Used with snapshot builds (default: "")
 -DGIT_HEAD_OVERRIDE=[XXXXXXX] Specify the 7 digit git commit ref for this build. Used with distribution builds (default: "")
 ```
 
-Installation
-============
+Note: Even though you can build the application with all TCP/IP networking code disabled, we still require and link against
+Qt5's network library to use local named pipes on all operating systems.
+
+## Installation
 
 After you have successfully built KeePassXC, install the binary by executing the following:
 
 ```
 sudo make install
 ```
 
-Packaging
-=========
+## Packaging
 
 You can create a package to redistribute KeePassXC (zip, deb, rpm, dmg, etc..). Refer to [keepassxc-packaging](https://github.com/keepassxreboot/keepassxc-packaging) for packaging scripts.
 
@@ -138,21 +125,23 @@ To package using CMake, run the following command using whichever [generators](h
 cpack -G "ZIP;WIX"
 ```
 
-Testing
-=======
+## Testing
 
 You can perform tests on the built executables with:
+
 ```
 make test ARGS+="--output-on-failure"
 ```
 
 On Linux, if you are not currently running on an X Server or Wayland, run the tests as follows:
+
 ```
 make test ARGS+="-E test\(cli\|gui\) --output-on-failure"
 xvfb-run -e errors -a --server-args="-screen 0 1024x768x24" make test ARGS+="-R test\(cli\|gui\) --output-on-failure"
 ```
 
 Common parameters:
+
 ```
 CTEST_OUTPUT_ON_FAILURE=1
 ARGS+=-jX

README.md

@@ -1,4 +1,5 @@
 # <img src="https://keepassxc.org/assets/img/keepassxc.svg" width="40" height="40"/> KeePassXC
+
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/6326/badge)](https://bestpractices.coreinfrastructure.org/projects/6326)
 [![TeamCity Build Status](https://ci.keepassxc.org/app/rest/builds/buildType:\(project:KeepassXC\)/statusIcon)](https://ci.keepassxc.org/?guest=1)
 [![codecov](https://codecov.io/gh/keepassxreboot/keepassxc/branch/develop/graph/badge.svg)](https://codecov.io/gh/keepassxreboot/keepassxc)
@@ -10,32 +11,37 @@
 [KeePassXC](https://keepassxc.org) is a modern, secure, and open-source password manager that stores and manages your most sensitive information. You can run KeePassXC on Windows, macOS, and Linux systems. KeePassXC is for people with extremely high demands of secure personal data management. It saves many different types of information, such as usernames, passwords, URLs, attachments, and notes in an offline, encrypted file that can be stored in any location, including private and public cloud solutions. For easy identification and management, user-defined titles and icons can be specified for entries. In addition, entries are sorted into customizable groups. An integrated search function allows you to use advanced patterns to easily find any entry in your database. A customizable, fast, and easy-to-use password generator utility allows you to create passwords with any combination of characters or easy to remember passphrases.
 
 ## Quick Start
+
 The [QuickStart Guide](https://keepassxc.org/docs/KeePassXC_GettingStarted.html) gets you started using KeePassXC on your Windows, macOS, or Linux computer using pre-compiled binaries from the [downloads page](https://keepassxc.org/download). Additionally, individual Linux distributions may ship their own versions, so please check your distribution's package list to see if KeePassXC is available. Detailed documentation is available in the [User Guide](https://keepassxc.org/docs/KeePassXC_UserGuide.html).
 
 ## Features List
+
 KeePassXC has numerous features for novice and power users alike. Our goal is to create an application that can be used by anyone while still offering advanced features to those that need them.
 
-### Basic
+### Core Features
+
 * Create, open, and save databases in the KDBX format (KeePass-compatible with KDBX4 and KDBX3)
+* All information is encrypted at rest and never exposed outside the program
 * Store sensitive information in entries that are organized by groups
-* Search for entries
 * Password generator
+* Search for entries
+* TOTP storage and generation
+* YubiKey/OnlyKey challenge-response support
 * Auto-Type passwords into applications
-* Browser integration with Google Chrome, Mozilla Firefox, Microsoft Edge, Chromium, Vivaldi, Brave, and Tor-Browser
-* Entry icon download
-* Import databases from CSV, 1Password, and KeePass1 formats
+* Browser integration with all major browsers
+* Share database entries with KeeShare
+* Import databases from CSV, 1Password, and Bitwarden formats
 
-### Advanced
-* Database reports (password health, HIBP, and statistics)
-* Database export to CSV and HTML formats
-* TOTP storage and generation
+### Additional Features
+
+* Entry icon download
+* Auto-Open databases
+* Password health reports, database statistics, and Have I Been Pwned search
+* Export to CSV, HTML, and XML formats
 * Field references between entries
 * File attachments and custom attributes
 * Entry history and data restoration
-* YubiKey/OnlyKey challenge-response support
 * Command line interface (keepassxc-cli)
-* Auto-Open databases
-* KeeShare shared databases (import, export, and synchronize)
 * SSH Agent integration
 * FreeDesktop.org Secret Service (replace Gnome keyring, etc.)
 * Additional encryption choices: Twofish and ChaCha20

cmake/CompilerFlags.cmake

@@ -0,0 +1,65 @@
+#  Copyright (C) 2024 KeePassXC Team <[email protected]>
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 or (at your option)
+#  version 3 of the License.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+macro(add_gcc_compiler_cxxflags FLAGS)
+    if(CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANGXX)
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${FLAGS}")
+    endif()
+endmacro()
+
+macro(add_gcc_compiler_cflags FLAGS)
+    if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG)
+        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${FLAGS}")
+    endif()
+endmacro()
+
+macro(add_gcc_compiler_flags FLAGS)
+    add_gcc_compiler_cxxflags("${FLAGS}")
+    add_gcc_compiler_cflags("${FLAGS}")
+endmacro()
+
+# Copies of above macros that first ensure the compiler understands a given flag
+# Because check_*_compiler_flag() sets -D with name, need to provide "safe" FLAGNAME
+macro(check_add_gcc_compiler_cxxflag FLAG FLAGNAME)
+    check_cxx_compiler_flag("${FLAG}" CXX_HAS${FLAGNAME})
+    if(CXX_HAS${FLAGNAME})
+        add_gcc_compiler_cxxflags("${FLAG}")
+    endif()
+endmacro()
+
+macro(check_add_gcc_compiler_cflag FLAG FLAGNAME)
+    check_c_compiler_flag("${FLAG}" CC_HAS${FLAGNAME})
+    if(CC_HAS${FLAGNAME})
+        add_gcc_compiler_cflags("${FLAG}")
+    endif()
+endmacro()
+
+# This is the "front-end" for the above macros
+# Optionally takes additional parameter(s) with language to check (currently "C" or "CXX")
+macro(check_add_gcc_compiler_flag FLAG)
+    string(REGEX REPLACE "[-=]" "_" FLAGNAME "${FLAG}")
+    set(check_lang_spec ${ARGN})
+    list(LENGTH check_lang_spec num_extra_args)
+    set(langs C CXX)
+    if(num_extra_args GREATER 0)
+        set(langs "${check_lang_spec}")
+    endif()
+    if("C" IN_LIST langs)
+        check_add_gcc_compiler_cflag("${FLAG}" "${FLAGNAME}")
+    endif()
+    if("CXX" IN_LIST langs)
+        check_add_gcc_compiler_cxxflag("${FLAG}" "${FLAGNAME}")
+    endif()
+endmacro()

cmake/compiler-checks/ptrace_deny_attach.cpp

@@ -0,0 +1,8 @@
+#include <sys/ptrace.h>
+#include <sys/types.h>
+
+int main()
+{
+    ptrace(PT_DENY_ATTACH, 0, 0, 0);
+    return 0;
+}

release-tool

@@ -47,7 +47,6 @@ CMAKE_OPTIONS=""
 CPACK_GENERATORS="WIX;ZIP"
 COMPILER="g++"
 MAKE_OPTIONS="-j$(getconf _NPROCESSORS_ONLN)"
-BUILD_PLUGINS="all"
 INSTALL_PREFIX="/usr/local"
 ORIG_BRANCH=""
 ORIG_CWD="$(pwd)"
@@ -132,8 +131,6 @@ Options:
   -m, --make-options      Make options for compiling sources (default: '${MAKE_OPTIONS}')
   -g, --generators        Additional CPack generators (default: '${CPACK_GENERATORS}')
   -i, --install-prefix    Install prefix (default: '${INSTALL_PREFIX}')
-  -p, --plugins           Space-separated list of plugins to build
-                          (default: ${BUILD_PLUGINS})
       --snapshot          Don't checkout the release tag
   -n, --no-source-tarball Don't build source tarball
   -h, --help              Show this help
@@ -829,10 +826,6 @@ build() {
                 INSTALL_PREFIX="$2"
                 shift ;;
 
-            -p|--plugins)
-                BUILD_PLUGINS="$2"
-                shift ;;
-
             -n|--no-source-tarball)
                 build_source_tarball=false ;;
 
@@ -870,13 +863,9 @@ build() {
         CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Snapshot -DOVERRIDE_VERSION=${RELEASE_NAME}"
     else
         checkWorkingTreeClean
-        if echo "$TAG_NAME" | grep -qE '\-(alpha|beta)[0-9]+$'; then
-            CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=PreRelease"
-            logInfo "Checking out pre-release tag '${TAG_NAME}'..."
-        else
-            CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Release"
-            logInfo "Checking out release tag '${TAG_NAME}'..."
-        fi
+
+        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_BUILD_TYPE=Release"
+        logInfo "Checking out release tag '${TAG_NAME}'..."
 
         if ! git checkout "$TAG_NAME" > /dev/null 2>&1; then
             exitError "Failed to check out target branch."
@@ -922,9 +911,6 @@ build() {
     cd "${OUTPUT_DIR}/build-release"
 
     logInfo "Configuring sources..."
-    for p in ${BUILD_PLUGINS}; do
-        CMAKE_OPTIONS="${CMAKE_OPTIONS} -DWITH_XC_$(echo $p | tr '[:lower:]' '[:upper:]')=On"
-    done
     if [ -n "$OS_LINUX" ] && ${build_appimage}; then
         CMAKE_OPTIONS="${CMAKE_OPTIONS} -DKEEPASSXC_DIST_TYPE=AppImage"
         # linuxdeploy requires /usr as install prefix