Upstream Flathub patches

CMakeLists.txt

@@ -17,6 +17,7 @@
 cmake_minimum_required(VERSION 3.3.0)
 
 project(KeePassXC)
+set(APP_ID "org.keepassxc.${PROJECT_NAME}")
 
 if(NOT CMAKE_BUILD_TYPE)
     set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING
@@ -158,11 +159,13 @@ message(STATUS "Setting up build for KeePassXC v${KEEPASSXC_VERSION}\n")
 # Distribution info
 set(KEEPASSXC_DIST ON)
 set(KEEPASSXC_DIST_TYPE "Other" CACHE STRING "KeePassXC Distribution Type")
-set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Other)
+set_property(CACHE KEEPASSXC_DIST_TYPE PROPERTY STRINGS Snap AppImage Flatpak Other)
 if(KEEPASSXC_DIST_TYPE STREQUAL "Snap")
     set(KEEPASSXC_DIST_SNAP ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "AppImage")
     set(KEEPASSXC_DIST_APPIMAGE ON)
+elseif(KEEPASSXC_DIST_TYPE STREQUAL "Flatpak")
+    set(KEEPASSXC_DIST_FLATPAK ON)
 elseif(KEEPASSXC_DIST_TYPE STREQUAL "Other")
     unset(KEEPASSXC_DIST)
 endif()

share/CMakeLists.txt

@@ -23,15 +23,43 @@ install(FILES ${wordlists_files} DESTINATION ${DATA_INSTALL_DIR}/wordlists)
 file(COPY "wordlists" DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
 
 if(UNIX AND NOT APPLE AND NOT HAIKU)
-    install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
-            FILES_MATCHING PATTERN "keepassx*.png" PATTERN "keepassx*.svg"
-            PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
-    install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
-            FILES_MATCHING PATTERN "application-x-keepassxc.png" PATTERN "application-x-keepassxc.svg"
-            PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
-    install(FILES linux/org.keepassxc.KeePassXC.desktop DESTINATION ${CMAKE_INSTALL_DATADIR}/applications)
-    install(FILES linux/org.keepassxc.KeePassXC.appdata.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/metainfo)
-    install(FILES linux/keepassxc.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
+    # Flatpak requires all host accessible files to use filenames based upon the app id
+    if(KEEPASSXC_DIST_FLATPAK)
+        set(APP_ICON_NAME "${APP_ID}")
+        set(MIME_ICON "${APP_ID}-application-x-keepassxc")
+        configure_file(linux/keepassxc.xml.in ${CMAKE_CURRENT_SOURCE_DIR}/linux/${APP_ID}.xml @ONLY)
+        install(FILES linux/${APP_ID}.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
+
+        file(GLOB_RECURSE ICON_FILES LIST_DIRECTORIES false
+             "icons/application/*/keepassxc*.png"
+             "icons/application/*/*keepassxc*.svg")
+        foreach(icon_match ${ICON_FILES})
+            get_filename_component(icon_name ${icon_match} NAME)
+            get_filename_component(icon_dir ${icon_match} DIRECTORY)
+            # Prefix all icons with application id: "org.keepassxc.KeePassXC"
+            string(REGEX REPLACE "^keepassxc(.*)?(\\.png|\\.svg)$" "${APP_ID}\\1\\2" icon_name ${icon_name})
+            string(REGEX REPLACE "^(application-x-keepassxc\\.svg)$" "${APP_ID}-\\1" icon_name ${icon_name})
+            # Find icon sub dir ex. "scalable/mimetypes/"
+            file(RELATIVE_PATH icon_subdir ${CMAKE_CURRENT_SOURCE_DIR}/icons/application ${icon_dir})
+            install(FILES ${icon_match} DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor/${icon_subdir}
+                    RENAME ${icon_name})
+        endforeach()
+    else()
+        set(APP_ICON_NAME "keepassxc")
+        set(MIME_ICON "application-x-keepassxc")
+        configure_file(linux/keepassxc.xml.in ${CMAKE_CURRENT_SOURCE_DIR}/linux/keepassxc.xml @ONLY)
+        install(FILES linux/keepassxc.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/mime/packages)
+
+        install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
+                FILES_MATCHING PATTERN "keepassx*.png" PATTERN "keepassx*.svg"
+                PATTERN "status" EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
+        install(DIRECTORY icons/application/ DESTINATION ${CMAKE_INSTALL_DATADIR}/icons/hicolor
+                FILES_MATCHING PATTERN "application-x-keepassxc.svg" PATTERN "status"
+                EXCLUDE PATTERN "actions" EXCLUDE PATTERN "categories" EXCLUDE)
+    endif(KEEPASSXC_DIST_FLATPAK)
+    configure_file(linux/${APP_ID}.desktop.in ${CMAKE_CURRENT_SOURCE_DIR}/linux/${APP_ID}.desktop @ONLY)
+    install(FILES linux/${APP_ID}.desktop DESTINATION ${CMAKE_INSTALL_DATADIR}/applications)
+    install(FILES linux/${APP_ID}.appdata.xml DESTINATION ${CMAKE_INSTALL_DATADIR}/metainfo)
 endif(UNIX AND NOT APPLE AND NOT HAIKU)
 
 if(APPLE)

share/linux/.gitignore

@@ -0,0 +1,3 @@
+keepassxc.xml
+org.keepassxc.KeePassXC.xml
+org.keepassxc.KeePassXC.desktop

share/linux/keepassxc.xml → share/linux/keepassxc.xml.in

@@ -3,6 +3,6 @@
   <mime-type type="application/x-keepass2">
     <comment>KeePass 2 Database</comment>
     <glob pattern="*.kdbx"/>
-    <icon name="application-x-keepassxc"/>
+    <icon name="@MIME_ICON@"/>
   </mime-type>
 </mime-info>

share/linux/org.keepassxc.KeePassXC.appdata.xml

@@ -94,7 +94,7 @@
                     <li>FdoSecrets: Major Refactor and Code Consolidation [#5747][#5660][#7043][#6915]</li>
                     <li>FdoSecrets: Implement unlock before search [#6943]</li>
                     <li>Reports: Add browser statistics report [#7197]</li>
-                    <li>Port crypto backend to [Botan](https://github.com/randombit/botan) [#6209]</li>
+                    <li>Port crypto backend to Botan [#6209]</li>
                     <li>Improve attachment handling and security [#6606][#5034][#7083]</li>
                     <li>Allow selecting any open database in unlock dialog [#5427]</li>
                     <li>KeeShare: Remove checking signed container and QuaZip dependency [#7223]</li>

share/linux/org.keepassxc.KeePassXC.desktop → share/linux/org.keepassxc.KeePassXC.desktop.in

@@ -37,7 +37,7 @@ Comment[et]=Kogukonna arendatav port Windowsi programmist KeePass Password Safe
 Comment[ru]=Разработанный сообществом порт Windows-приложения KeePass Password Safe
 Exec=keepassxc %f
 TryExec=keepassxc
-Icon=keepassxc
+Icon=@APP_ICON_NAME@
 StartupWMClass=keepassxc
 StartupNotify=true
 Terminal=false

src/browser/BrowserSettingsWidget.cpp

@@ -158,6 +158,18 @@ void BrowserSettingsWidget::loadSettings()
     m_ui->browserGlobalWarningWidget->setCloseButtonVisible(false);
     m_ui->browserGlobalWarningWidget->setAutoHideTimeout(-1);
 #endif
+#ifdef KEEPASSXC_DIST_FLATPAK
+    // Guarantees proxy path works with different flatpak installations
+    m_ui->updateBinaryPath->setChecked(true);
+    m_ui->updateBinaryPath->setEnabled(false);
+    // The sandbox makes custom proxy locations very unintuitive
+    m_ui->useCustomProxy->setChecked(false);
+    m_ui->useCustomProxy->setEnabled(false);
+    m_ui->useCustomProxy->setVisible(false);
+    m_ui->customProxyLocation->setVisible(false);
+    // Won't work with xdg portals and executables that must be browser accessible
+    m_ui->customProxyLocationBrowseButton->setVisible(false);
+#endif
 
     const auto customBrowserSet = settings->customBrowserSupport();
     m_ui->customBrowserSupport->setChecked(customBrowserSet);

src/browser/BrowserShared.cpp

@@ -31,6 +31,9 @@ namespace BrowserShared
         const auto serverName = QStringLiteral("/org.keepassxc.KeePassXC.BrowserServer");
 #if defined(KEEPASSXC_DIST_SNAP)
         return QProcessEnvironment::systemEnvironment().value("SNAP_USER_COMMON") + serverName;
+#elif defined(KEEPASSXC_DIST_FLATPAK)
+        return QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation) + "/app/" + "org.keepassxc.KeePassXC"
+               + serverName;
 #elif defined(Q_OS_UNIX) && !defined(Q_OS_MACOS)
         // Use XDG_RUNTIME_DIR instead of /tmp if it's available
         QString path = QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation);

src/browser/NativeMessageInstaller.cpp

@@ -28,6 +28,7 @@
 #include <QJsonObject>
 #include <QMessageBox>
 #include <QProcessEnvironment>
+#include <QRegularExpression>
 #include <QSettings>
 #include <QStandardPaths>
 
@@ -214,12 +215,20 @@ QString NativeMessageInstaller::getNativeMessagePath(SupportedBrowsers browser)
         basePath = QStandardPaths::writableLocation(QStandardPaths::DataLocation);
     }
     return QStringLiteral("%1/%2_%3.json").arg(basePath, HOST_NAME, getBrowserName(browser));
+#elif defined(KEEPASSXC_DIST_FLATPAK)
+    // Flatpak sandboxes do not have access to the XDG_DATA_HOME and XDG_CONFIG_HOME variables
+    // defined in the host, so we must hardcode them here.
+    if (browser == SupportedBrowsers::TOR_BROWSER) {
+        basePath = QDir::homePath() + "/.local/share";
+    } else if (browser == SupportedBrowsers::FIREFOX) {
+        basePath = QDir::homePath();
+    } else {
+        basePath = QDir::homePath() + "/.config";
+    }
 #elif defined(Q_OS_LINUX)
     if (browser == SupportedBrowsers::TOR_BROWSER) {
-        // Tor Browser launcher stores its config in ~/.local/share/...
         basePath = QStandardPaths::writableLocation(QStandardPaths::GenericDataLocation);
     } else if (browser == SupportedBrowsers::FIREFOX) {
-        // Firefox stores its config in ~/
         basePath = QDir::homePath();
     } else {
         basePath = QStandardPaths::writableLocation(QStandardPaths::ConfigLocation);
@@ -234,6 +243,34 @@ QString NativeMessageInstaller::getNativeMessagePath(SupportedBrowsers browser)
     return QStringLiteral("%1%2/%3.json").arg(basePath, getTargetPath(browser), HOST_NAME);
 }
 
+#ifdef KEEPASSXC_DIST_FLATPAK
+/** Constructs a host accessible proxy path for use with flatpak
+ *
+ * @return path Path to host accessible wrapper script (org.keepassxc.KeePassXC)
+ */
+QString constructFlatpakPath()
+{
+    // Find and extract the host flatpak data directory (in /var)
+    QString path;
+    QSettings settings("/.flatpak-info", QSettings::IniFormat);
+    settings.beginGroup("Instance");
+    QString appPath = settings.value("app-path").toString();
+
+    QRegularExpression re("^((?:/[\\.\\w-]*)+)+/app");
+    QRegularExpressionMatch match = re.match(appPath);
+    if (match.hasMatch()) {
+        // Construct a proxy path that should work with all flatpak installations
+        path = match.captured(1) + "/exports/bin/" + "org.keepassxc.KeePassXC";
+    } else {
+        // Fallback to the most common and default flatpak installation path
+        path = "/var/lib/flatpak/exports/bin/org.keepassxc.KeePassXC";
+    }
+    settings.endGroup();
+
+    return path;
+}
+#endif
+
 /**
  * Gets the path to keepassxc-proxy binary
  *
@@ -247,8 +284,10 @@ QString NativeMessageInstaller::getProxyPath() const
     }
 
     QString path;
-#ifdef KEEPASSXC_DIST_APPIMAGE
+#if defined(KEEPASSXC_DIST_APPIMAGE)
     path = QProcessEnvironment::systemEnvironment().value("APPIMAGE");
+#elif defined(KEEPASSXC_DIST_FLATPAK)
+    path = constructFlatpakPath();
 #else
     path = QCoreApplication::applicationDirPath() + QStringLiteral("/keepassxc-proxy");
 #ifdef Q_OS_WIN

src/config-keepassx.h.cmake

@@ -31,6 +31,7 @@
 #cmakedefine KEEPASSXC_DIST_TYPE "@KEEPASSXC_DIST_TYPE@"
 #cmakedefine KEEPASSXC_DIST_SNAP
 #cmakedefine KEEPASSXC_DIST_APPIMAGE
+#cmakedefine KEEPASSXC_DIST_FLATPAK
 
 #cmakedefine HAVE_PR_SET_DUMPABLE 1
 #cmakedefine HAVE_RLIMIT_CORE 1

src/core/EntryAttachments.cpp

@@ -17,6 +17,7 @@
 
 #include "EntryAttachments.h"
 
+#include "config-keepassx.h"
 #include "core/Global.h"
 #include "crypto/Random.h"
 
@@ -218,9 +219,13 @@ bool EntryAttachments::openAttachment(const QString& key, QString* errorMessage)
         const QByteArray attachmentData = value(key);
         auto ext = key.contains(".") ? "." + key.split(".").last() : "";
 
-#ifdef KEEPASSXC_DIST_SNAP
+#if defined(KEEPASSXC_DIST_SNAP)
         const QString tmpFileTemplate =
             QString("%1/XXXXXXXXXXXX%2").arg(QProcessEnvironment::systemEnvironment().value("SNAP_USER_DATA"), ext);
+#elif defined(KEEPASSXC_DIST_FLATPAK)
+        const QString tmpFileTemplate =
+            QString("%1/app/%2/XXXXXX.%3")
+                .arg(QStandardPaths::writableLocation(QStandardPaths::RuntimeLocation), "org.keepassxc.KeePassXC", ext);
 #else
         const QString tmpFileTemplate = QDir::temp().absoluteFilePath(QString("XXXXXXXXXXXX").append(ext));
 #endif

src/gui/Icons.cpp

@@ -52,9 +52,18 @@ Icons::Icons()
 {
 }
 
+QString Icons::applicationIconName()
+{
+#ifdef KEEPASSXC_DIST_FLATPAK
+    return QString("org.keepassxc.KeePassXC");
+#else
+    return QString("keepassxc");
+#endif
+}
+
 QIcon Icons::applicationIcon()
 {
-    return icon("keepassxc", false);
+    return icon(applicationIconName(), false);
 }
 
 QString Icons::trayIconAppearance() const
@@ -81,7 +90,7 @@ QIcon Icons::trayIcon(QString style)
 
     auto iconApperance = trayIconAppearance();
     if (!iconApperance.startsWith("monochrome")) {
-        return icon(QString("keepassxc%1").arg(style), false);
+        return icon(QString("%1%2").arg(applicationIconName(), style), false);
     }
 
     QIcon i;
@@ -92,7 +101,7 @@ QIcon Icons::trayIcon(QString style)
         i = icon(QString("keepassxc-monochrome-dark%1").arg(style), false);
     }
 #else
-    i = icon(QString("keepassxc-%1%2").arg(iconApperance, style), false);
+    i = icon(QString("%1-%2%3").arg(applicationIconName(), iconApperance, style), false);
 #endif
 #if QT_VERSION >= QT_VERSION_CHECK(5, 6, 0)
     // Set as mask to allow the operating system to recolour the tray icon. This may look weird

src/gui/Icons.h

@@ -27,6 +27,7 @@
 class Icons
 {
 public:
+    QString applicationIconName();
     QIcon applicationIcon();
     QIcon trayIcon(QString style = "unlocked");
     QIcon trayIconLocked();

utils/keepassxc-flatpak-wrapper.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+#
+# Flatpak Multiple Commands Wrapper
+# Copyright (C) 2022 KeePassXC team <https://keepassxc.org/>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 2 or (at your option)
+# version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# This script is a workaround to the limitation of one command per Flatpak
+# manifest. It solves this by redirecting stdio to keepassxc-proxy, as
+# necessary, based upon matching command line arguments.
+
+# For format of parsed arguments, see "Connection-based messaging" at:
+# https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/Native_messaging
+
+readonly appId='org.keepassxc.KeePassXC'
+# Chromium, Google Chrome, Vivaldi & Brave
+readonly arg1='chrome-extension://oboonakemofpalcgghocfoadofidjkkk'
+# Firefox & Tor Browser
+readonly arg2='[email protected]'
+
+# Browser integration is enabled if unix socket exists
+if [[ -S "${XDG_RUNTIME_DIR}/app/${appId}/${appId}.BrowserServer" ]]; then
+    # Using the =~ operator is intended to allow small variations
+    # in the parameters, like and ending slash.
+    # shellcheck disable=2076
+    if [[ "$1" =~ "${arg1}" ]] || [[ "$2" =~ "${arg2}" ]]; then
+        exec keepassxc-proxy "$@"
+    fi
+fi
+
+# If the first argument is "cli", execute keepassxc-cli instead.
+if [[ "$1" == "cli" ]]; then
+    exec keepassxc-cli "${@:2}"
+fi
+
+# If no arguments are matched or browser integration is off, execute keepassxc
+exec keepassxc "$@"