From e55a3f694b130374a732af0f3337a1dbacf162e2 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Mon, 27 Jan 2025 20:47:43 +0100
Subject: [PATCH 01/11] Change BrowserShared socket path to group container
---
src/browser/BrowserShared.cpp | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/browser/BrowserShared.cpp b/src/browser/BrowserShared.cpp
index 6fd2cf7ee..eac634183 100644
--- a/src/browser/BrowserShared.cpp
+++ b/src/browser/BrowserShared.cpp
@@ -53,7 +53,18 @@ namespace BrowserShared
#elif defined(Q_OS_WIN)
// Windows uses named pipes
return serverName + "_" + qgetenv("USERNAME");
-#else // Q_OS_MACOS and others
+#elif defined(Q_OS_MACOS)
+ // Get the home directory and append the desired subdirectory
+ QString homePath = QDir::homePath();
+ QString subPath = homePath + "/Library/Group Containers/org.keepassxc.KeePassXC";
+
+ // Make sure the directory exists
+ QDir().mkpath(subPath);
+
+ QString socketPath = subPath + serverName;
+
+ return socketPath;
+#else // others
return QStandardPaths::writableLocation(QStandardPaths::TempLocation) + serverName;
#endif
}
From ed7de52c2faa70a267c399e0e105a3d38f833a73 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Mon, 27 Jan 2025 21:00:58 +0100
Subject: [PATCH 02/11] Add security application group
---
share/macosx/keepassxc.entitlements | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index 7126b7ac5..1a33c68a3 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -8,5 +8,9 @@
G2S7P7J672.org.keepassxc.keepassxc
+ com.apple.security.application-groups
+
+ G2S7P7J672.org.keepassxc.keepassxc
+
From 8603e56e01c91089e79780de114cc5fc43c25bd9 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Tue, 28 Jan 2025 18:01:01 +0100
Subject: [PATCH 03/11] Add MacOS App Group used by Safari Web Extension
---
share/macosx/keepassxc.entitlements | 4 ----
src/browser/BrowserShared.cpp | 5 +++--
2 files changed, 3 insertions(+), 6 deletions(-)
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index 1a33c68a3..1247a526d 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -4,10 +4,6 @@
com.apple.application-identifier
G2S7P7J672.org.keepassxc.keepassxc
- keychain-access-groups
-
- G2S7P7J672.org.keepassxc.keepassxc
-
com.apple.security.application-groups
G2S7P7J672.org.keepassxc.keepassxc
diff --git a/src/browser/BrowserShared.cpp b/src/browser/BrowserShared.cpp
index eac634183..d3a507360 100644
--- a/src/browser/BrowserShared.cpp
+++ b/src/browser/BrowserShared.cpp
@@ -56,12 +56,13 @@ namespace BrowserShared
#elif defined(Q_OS_MACOS)
// Get the home directory and append the desired subdirectory
QString homePath = QDir::homePath();
- QString subPath = homePath + "/Library/Group Containers/org.keepassxc.KeePassXC";
+ QString subPath = homePath + "/Library/Group Containers/G2S7P7J672.org.keepassxc.KeePassXC";
// Make sure the directory exists
QDir().mkpath(subPath);
- QString socketPath = subPath + serverName;
+ // The path will become too long therefore we must cut off serverName
+ QString socketPath = subPath + "KeePassXC.BrowserServer";
return socketPath;
#else // others
From 048f67899cd20364e6e86bb5b796464b1fdd5599 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Tue, 28 Jan 2025 19:25:03 +0100
Subject: [PATCH 04/11] Missing slash results in wrong path
---
src/browser/BrowserShared.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/browser/BrowserShared.cpp b/src/browser/BrowserShared.cpp
index d3a507360..8657d18f9 100644
--- a/src/browser/BrowserShared.cpp
+++ b/src/browser/BrowserShared.cpp
@@ -62,7 +62,7 @@ namespace BrowserShared
QDir().mkpath(subPath);
// The path will become too long therefore we must cut off serverName
- QString socketPath = subPath + "KeePassXC.BrowserServer";
+ QString socketPath = subPath + "/KeePassXC.BrowserServer";
return socketPath;
#else // others
From 39fa41a6105bccf760894858ea3e6f7b2f6f0e38 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Sat, 1 Feb 2025 17:15:25 +0100
Subject: [PATCH 05/11] Update app group entitlement
---
share/macosx/keepassxc.entitlements | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index 1247a526d..3be17e44d 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -6,7 +6,7 @@
G2S7P7J672.org.keepassxc.keepassxc
com.apple.security.application-groups
- G2S7P7J672.org.keepassxc.keepassxc
+ G2S7P7J672.org.keepassxc.KeePassXC
From ea499a48315adee0b727235a3bb797391d7dc6ee Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Sat, 1 Feb 2025 17:18:33 +0100
Subject: [PATCH 06/11] Use of macOS Foundation framework to get app group URL
---
.../{BrowserShared.cpp => BrowserShared.mm} | 19 ++++++++++++++-----
src/browser/CMakeLists.txt | 2 +-
src/proxy/CMakeLists.txt | 4 +++-
3 files changed, 18 insertions(+), 7 deletions(-)
rename src/browser/{BrowserShared.cpp => BrowserShared.mm} (79%)
diff --git a/src/browser/BrowserShared.cpp b/src/browser/BrowserShared.mm
similarity index 79%
rename from src/browser/BrowserShared.cpp
rename to src/browser/BrowserShared.mm
index 8657d18f9..eec2c13c6 100644
--- a/src/browser/BrowserShared.cpp
+++ b/src/browser/BrowserShared.mm
@@ -15,6 +15,8 @@
* along with this program. If not, see .
*/
+#include
+
#include "BrowserShared.h"
#include "config-keepassx.h"
@@ -54,15 +56,22 @@ namespace BrowserShared
// Windows uses named pipes
return serverName + "_" + qgetenv("USERNAME");
#elif defined(Q_OS_MACOS)
- // Get the home directory and append the desired subdirectory
- QString homePath = QDir::homePath();
- QString subPath = homePath + "/Library/Group Containers/G2S7P7J672.org.keepassxc.KeePassXC";
+ NSString *appGroupIdentifier = @"G2S7P7J672.org.keepassxc.KeePassXC";
+
+ // Get the container URL for the app group identifier
+ NSURL *containerURL = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:appGroupIdentifier];
+
+ // Convert the NSURL to a string (path)
+ NSString *containerPath = [containerURL path];
+
+ // Convert NSString to QString
+ QString homePath = QString::fromNSString(containerPath);
// Make sure the directory exists
- QDir().mkpath(subPath);
+ QDir().mkpath(homePath);
// The path will become too long therefore we must cut off serverName
- QString socketPath = subPath + "/KeePassXC.BrowserServer";
+ QString socketPath = homePath + "/KeePassXC.BrowserServer";
return socketPath;
#else // others
diff --git a/src/browser/CMakeLists.txt b/src/browser/CMakeLists.txt
index 7942be430..663a61e78 100644
--- a/src/browser/CMakeLists.txt
+++ b/src/browser/CMakeLists.txt
@@ -27,7 +27,7 @@ if(WITH_XC_BROWSER)
BrowserSettingsWidget.cpp
BrowserService.cpp
BrowserSettings.cpp
- BrowserShared.cpp
+ BrowserShared.mm
CustomTableWidget.cpp
NativeMessageInstaller.cpp)
diff --git a/src/proxy/CMakeLists.txt b/src/proxy/CMakeLists.txt
index be756672d..f893c2880 100644
--- a/src/proxy/CMakeLists.txt
+++ b/src/proxy/CMakeLists.txt
@@ -15,7 +15,7 @@
if(WITH_XC_BROWSER)
set(proxy_SOURCES
- ../browser/BrowserShared.cpp
+ ../browser/BrowserShared.mm
keepassxc-proxy.cpp
NativeMessagingProxy.cpp)
@@ -39,6 +39,8 @@ if(WITH_XC_BROWSER)
set_property(GLOBAL APPEND PROPERTY
_MACDEPLOYQT_EXTRA_BINARIES "${PROXY_INSTALL_DIR}/keepassxc-proxy")
+
+ target_link_libraries(keepassxc-proxy "-framework Foundation")
endif()
if(WIN32)
From 40b6ea426489344ed836704e31364ff485385646 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Sat, 1 Feb 2025 18:32:29 +0100
Subject: [PATCH 07/11] Include Foundation framework only on macOS
---
src/browser/BrowserShared.mm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/browser/BrowserShared.mm b/src/browser/BrowserShared.mm
index eec2c13c6..543482af6 100644
--- a/src/browser/BrowserShared.mm
+++ b/src/browser/BrowserShared.mm
@@ -15,8 +15,6 @@
* along with this program. If not, see .
*/
-#include
-
#include "BrowserShared.h"
#include "config-keepassx.h"
@@ -27,6 +25,10 @@
#include
#endif
+#if defined(Q_OS_MACOS)
+#include
+#endif
+
namespace BrowserShared
{
QString localServerPath()
From bb5559efe234b035da746775964ee4e76862bd5f Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Mon, 24 Feb 2025 19:23:48 +0100
Subject: [PATCH 08/11] Replace g++ with gobjc++ (GNU Objective-C++ compiler)
---
.github/workflows/codeql.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 80af12490..788443f23 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,7 +36,7 @@ jobs:
name: Install dependencies
run: |
sudo apt update
- sudo apt install build-essential cmake g++
+ sudo apt install build-essential cmake gobjc++
sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev libqt5x11extras5-dev
# Initializes the CodeQL tools for scanning.
From 7f954aeb3e3d784334f04ae8acd20956c6c5a70b Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Mon, 24 Feb 2025 19:53:34 +0100
Subject: [PATCH 09/11] Undo gobcj++ and move loca server path code for macos
into its own Objective-C++ file
---
.github/workflows/codeql.yml | 2 +-
.../{BrowserShared.mm => BrowserShared.cpp} | 21 ++--------------
src/browser/BrowserSharedMac.h | 6 +++++
src/browser/BrowserSharedMac.mm | 25 +++++++++++++++++++
src/browser/CMakeLists.txt | 7 +++++-
src/proxy/CMakeLists.txt | 7 +++++-
6 files changed, 46 insertions(+), 22 deletions(-)
rename src/browser/{BrowserShared.mm => BrowserShared.cpp} (74%)
create mode 100644 src/browser/BrowserSharedMac.h
create mode 100644 src/browser/BrowserSharedMac.mm
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 788443f23..80af12490 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,7 +36,7 @@ jobs:
name: Install dependencies
run: |
sudo apt update
- sudo apt install build-essential cmake gobjc++
+ sudo apt install build-essential cmake g++
sudo apt install qtbase5-dev qtbase5-private-dev qttools5-dev qttools5-dev-tools libqt5svg5-dev libargon2-dev libkeyutils-dev libminizip-dev libbotan-2-dev libqrencode-dev zlib1g-dev asciidoctor libreadline-dev libpcsclite-dev libusb-1.0-0-dev libxi-dev libxtst-dev libqt5x11extras5-dev
# Initializes the CodeQL tools for scanning.
diff --git a/src/browser/BrowserShared.mm b/src/browser/BrowserShared.cpp
similarity index 74%
rename from src/browser/BrowserShared.mm
rename to src/browser/BrowserShared.cpp
index 543482af6..e07c8290e 100644
--- a/src/browser/BrowserShared.mm
+++ b/src/browser/BrowserShared.cpp
@@ -26,7 +26,7 @@
#endif
#if defined(Q_OS_MACOS)
-#include
+#include "BrowserSharedMac.h"
#endif
namespace BrowserShared
@@ -58,24 +58,7 @@ namespace BrowserShared
// Windows uses named pipes
return serverName + "_" + qgetenv("USERNAME");
#elif defined(Q_OS_MACOS)
- NSString *appGroupIdentifier = @"G2S7P7J672.org.keepassxc.KeePassXC";
-
- // Get the container URL for the app group identifier
- NSURL *containerURL = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:appGroupIdentifier];
-
- // Convert the NSURL to a string (path)
- NSString *containerPath = [containerURL path];
-
- // Convert NSString to QString
- QString homePath = QString::fromNSString(containerPath);
-
- // Make sure the directory exists
- QDir().mkpath(homePath);
-
- // The path will become too long therefore we must cut off serverName
- QString socketPath = homePath + "/KeePassXC.BrowserServer";
-
- return socketPath;
+ return macOSLocalServerPath();
#else // others
return QStandardPaths::writableLocation(QStandardPaths::TempLocation) + serverName;
#endif
diff --git a/src/browser/BrowserSharedMac.h b/src/browser/BrowserSharedMac.h
new file mode 100644
index 000000000..24f7e60cf
--- /dev/null
+++ b/src/browser/BrowserSharedMac.h
@@ -0,0 +1,6 @@
+#include
+
+namespace BrowserShared
+{
+ QString macOSLocalServerPath();
+}
\ No newline at end of file
diff --git a/src/browser/BrowserSharedMac.mm b/src/browser/BrowserSharedMac.mm
new file mode 100644
index 000000000..c942d63aa
--- /dev/null
+++ b/src/browser/BrowserSharedMac.mm
@@ -0,0 +1,25 @@
+#include
+#include
+#include
+
+namespace BrowserShared
+{
+ QString macOSLocalServerPath()
+ {
+ NSString *appGroupIdentifier = @"G2S7P7J672.org.keepassxc.KeePassXC";
+
+ // Get the container URL for the app group identifier
+ NSURL *containerURL = [[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:appGroupIdentifier];
+
+ NSString *containerPath = [containerURL path];
+
+ QString homePath = QString::fromNSString(containerPath);
+
+ QDir().mkpath(homePath);
+
+ // The path will become too long therefore we must cut off serverName
+ QString socketPath = homePath + "/KeePassXC.BrowserServer";
+
+ return socketPath;
+ }
+}
\ No newline at end of file
diff --git a/src/browser/CMakeLists.txt b/src/browser/CMakeLists.txt
index 663a61e78..b0579aef7 100644
--- a/src/browser/CMakeLists.txt
+++ b/src/browser/CMakeLists.txt
@@ -27,10 +27,15 @@ if(WITH_XC_BROWSER)
BrowserSettingsWidget.cpp
BrowserService.cpp
BrowserSettings.cpp
- BrowserShared.mm
+ BrowserShared.cpp
CustomTableWidget.cpp
NativeMessageInstaller.cpp)
+ if(APPLE)
+ list(APPEND browser_SOURCES
+ BrowserSharedMac.mm)
+ endif()
+
if(WITH_XC_BROWSER_PASSKEYS)
list(APPEND browser_SOURCES
BrowserCbor.cpp
diff --git a/src/proxy/CMakeLists.txt b/src/proxy/CMakeLists.txt
index f893c2880..818eecf20 100644
--- a/src/proxy/CMakeLists.txt
+++ b/src/proxy/CMakeLists.txt
@@ -15,10 +15,15 @@
if(WITH_XC_BROWSER)
set(proxy_SOURCES
- ../browser/BrowserShared.mm
+ ../browser/BrowserShared.cpp
keepassxc-proxy.cpp
NativeMessagingProxy.cpp)
+ if(APPLE)
+ list(APPEND proxy_SOURCES
+ ../browser/BrowserSharedMac.mm)
+ endif()
+
# Alloc must be defined in a static library to prevent clashing with clang ASAN definitions
add_library(proxy_alloc STATIC ../core/Alloc.cpp)
target_link_libraries(proxy_alloc PRIVATE Qt5::Core ${BOTAN_LIBRARIES})
From ed4eade9f1128a02f4159f614eb866fefa895e99 Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Tue, 25 Feb 2025 09:19:22 +0100
Subject: [PATCH 10/11] Readd keychain-access-groups entitlement
Keychain Access Group is needed on macOS even though application group entitlements
---
share/macosx/keepassxc.entitlements | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index 3be17e44d..f380a1e1e 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -4,9 +4,13 @@
com.apple.application-identifier
G2S7P7J672.org.keepassxc.keepassxc
+ keychain-access-groups
+
+ G2S7P7J672.org.keepassxc.keepassxc
+
com.apple.security.application-groups
- G2S7P7J672.org.keepassxc.KeePassXC
+ G2S7P7J672.org.keepassxc.keepassxc
From 113a4284f5e6fc08435cec1320f583e28d4a4fbf Mon Sep 17 00:00:00 2001
From: Sebastian Livoni <29739749+sebastianlivoni@users.noreply.github.com>
Date: Tue, 25 Feb 2025 09:19:55 +0100
Subject: [PATCH 11/11] Update keepassxc.entitlements
---
share/macosx/keepassxc.entitlements | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/share/macosx/keepassxc.entitlements b/share/macosx/keepassxc.entitlements
index f380a1e1e..e647d15b0 100644
--- a/share/macosx/keepassxc.entitlements
+++ b/share/macosx/keepassxc.entitlements
@@ -4,7 +4,7 @@
com.apple.application-identifier
G2S7P7J672.org.keepassxc.keepassxc
- keychain-access-groups
+ keychain-access-groups
G2S7P7J672.org.keepassxc.keepassxc