Parallel usage of KeePassXC 2.3.4 and 2.4.0 #2899
Comments
|
This is an interesting problem. Apparently you can run snap packages in osx. Perhaps this will be a viable option. https://docs.snapcraft.io/building-the-snap-on-mac/6751 |
|
You can also try macports: https://www.macports.org/ports.php?by=category&substr=security&page=2&pagesize=50 |
|
Well, you can use both but that popup is going to annoy you every time you open a database that contains older browser extension settings. I wonder if it's possible to build KeePassXC by yourself with an older Qt version. |
|
In the same boat (of a sort) here; my mac is "stuck" on 10.11 and of course every other PC I use has updated without issue - except now once the database has synched, I can't open it any more on my mac. I tried installing snap (via brew), and after cloning the git into a directory, snapcraft stops with an error telling me I need multipass. (https://github.com/CanonicalLtd/multipass/releases) Attempting to clone that errors with "not found". It's been fun, but this one's a bit of a showstopper until I patch the OS installer to force it to upgrade... Unless someone has an idea otherwise (KeepassXC related, that is). |
It is completely possible to build KeepassXC 2.4.0 on macOS 10.11.I'm also running 10.11 (even though I could update to Mojave... idk why I haven't done that yet) and I managed to build KeepassXC 2.4.0 from source. I installed the dependencies and everything worked, except I had to fix some dynamic library linking problems with the browser integration. I have Qt 5.11.3, installed with the official installer instead of brew (I used brew for other dependencies though). I followed the build instructions and used Then I used So, it's possible to build KeepassXC on El Capitan. |
|
Yes, it's possible to build, but its impossible to run if built on a newer OS and with Qt 5.12. |
Hi, Thanks in advance. Best regards |
|
I managed to create a .dmg where the KeepassXC binaries seem to work. I had to zip it because Github does not seem to accept .dmg files. It should be clear that this package comes without any kind of warranty from my side. It is provided 'as is' and its use is at your own risk. So, if you are brave enough to use software from some random guy in the Internet, here you go :) KeePassXC-2.4.0-El-Capitan.dmg.zip The .app is not signed and macOS will complain about it. If you right click it and select "Open", you should be able to open it anyway. For record: I fixed the linking problem before packaging by editing This adds the Frameworks directory within the .app to execute_process(COMMAND /usr/bin/install_name_tool
-delete_rpath "/path/to/Qt/5.11.3/clang_64/lib"
-add_rpath "@executable_path/../Frameworks"
"$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/KeePassXC.app/Contents/MacOS/keepassxc-proxy") |
|
Thanks a lot! Yes, I am brave enough ;-) I tried and the binary is running, just the browser integration does not work. Neither Chrome or Firefox can connect to KeePassXC 2.4.0.... Any idea? |
|
Okay, I made a dumb mistake. Those quotes in the line I copied to Here's the (hopefully) fixed .dmg: KeePassXC-2.4.0-El-Capitan-fixed.dmg.zip Sorry for the mistake, let's hope this one works :) By the way, it's strange that the incorrect version seemed to work on my system. I guess the working version of the browser integration proxy was running even though I had stopped KeepassXC. |
|
Great! This one works. Thanks a lot!! |
|
Another thank you. I would have happily stumbled through your instructions and given it a go but am happy to use your provided DMG. Might be time to replace this Mac or put some kind of *nix on it... Have a great day! |
|
The dmg of Exploder98 works fine. Thank you! |
|
Hi, @Exploder98 : Do you have also 2.4.1 compiled dmg for us? Would appreciate it very much. Thanks in advance Best regards |
|
Yes, actually, I do. KeePassXC-2.4.1-el-capitan.dmg.zip However I do not want to become some kind "compile machine" that provides compatible builds for old systems. I'll definitely upgrade my laptop to some newer macos at some point and then I probably won't be able to create these builds. I think the process could be automated, but I don't know how or where I could do it. I also think there's a bug somewhere that causes the linking in |
|
@Exploder98 We made a lot of fixes to the linking of both Could you copy/paste what |
|
@varjolintu Here are the outputs for the official package:
However when I try to build 2.4.1 myself the output is this: and The official version has |
|
@Exploder98 Maybe the official Qt installer messes something up or the paths differ. We recommend using Homebrew anyway. With that I haven't seen any |
|
Well, homebrew is not an option for me since it just downloads the official .app which won't even start on El Capitan (crashes with |
|
@Exploder98 Wondering if we're lucky and you have |
|
Since commit ce1f19c, I need to this patch to make KeePassXC build on Mac OS X < 10.12: https://github.com/macports/macports-ports/blob/master/security/KeePassXC/files/devel/patch-osx10.11.diff UPDATE: the patch is merged. |
|
Can you submit that as a PR? |
Sure! Opened #3357. |
This patch is inspired by a compatibility header in old WebKit. See https://github.com/WebKit/webkit/blob/1262b1fbf85ae267aab0c946500527ef3b97bac8/Source/WTF/wtf/mac/AppKitCompatibilityDeclarations.h Ref: #2899
This commit reverts #3357. The previous PR is for the new symbol NSEventMaskKeyDown, which is introduced in #3347. In #3794, #3347 is reverted, so the workaround in #3357 is no longer needed. Furthermore, it causes build failures on 10.11 (#3932) as the header file for type NSEventMask is removed in #3794, too. Note that this is not a complete fix. A complete patch can be found at [1]. In MacPorts, the OS version for building a package is the same as the OS that installs it, so #ifdef can be used to replace @available. The latter language feature is not available until Xcode 9. With the patch mentioned in the previous paragraph, KeePassXC 2.5.1 can be built on Mac OS X 10.9 or newer. Ref: #2899 [1] https://github.com/macports/macports-ports/blob/de1bb703ad19c258ad27eb903cf510dc1930107c/security/KeePassXC/files/patch-old-mac.diff
|
@droidmonkey @yan12125 Will we get pre-built releases to download? |
Yes, that. |
|
Ok, thanks for letting me know! Well, if there's any volunteer out there, I'd be highly grateful for a built package 🙏 |
|
FWIW, I previously maintained unofficial binary packages at MacPorts, but I'm no longer working on it as I don't use macOS as my daily driver anymore. |
|
someone should mention here, that it is absolutely NOT ok to use the build of an unknown person for the use of storing ALL passwords! either keepassxc developers forbid this methods OR they deliver a build themselves OR they officially announce, that keepassxc is not supporting osx10.11 anymore and el capitan users should switch to macpass instead. last one is what i will do. if devs cannot keep such a security-tool actual for my system, then there is no sense in using it. i liked keepassxc more than macpass, but in security it is not about 'liking', and therefore... now i like macpass more :) |
|
@michaelbliem It was announced:
|
|
right! i didn't want to blame anybody here. in fact i do understand everybody in this thread. but as it is nowhere written here, how it should be (or in this case: how it should definitely NOT be!) i felt like i have to do this. yes, the source can be compiled, but it is not compiled by devs anymore. so there are only two possibilities left: compile it YOURSELF or switch to another software. using builds of unknown persons is NOT an alternative! and devs of keepassxc should tell so as well if they want to be kept serious in matters of security... reading this thread gives the impression that it is ok to download password-management-software of unknown source! |
@michaelbliem I agree! That's why I said "if you are brave enough to use software from some random guy in the Internet". I just wanted to be helpful and spare others from finding out how to fix the build - and not everyone knows how to build software, let alone fix strange linking issues. @varjolintu Maybe builds for older macOS/OS X versions could somehow be included in the CI process as there seems to be one? If that's OK I think I could try to figure out how it works at some point, right now I don't have time for that. |
|
@Exploder98 @phoerious maintains the macOS builds so maybe we could ask him. Could you reply when you have time? Thanks. |
|
@Exploder98 i understand you and the users who can't compile themselves (as me). i didn't want to blame you at all! but still i can't use your binary, even so i would honestly like to do so! |
|
@michaelbliem couple points here:
|
|
do you switch to ad-mode now? i didn't blame you! and no, i will not install a password-manager from unknown source because i anyway have an os without security updates. is this, what you want to recommend? why not be honest HERE (in this thread only!) and just tell politely that it is not a good idea to use a build of unknown source. even so it is seducing to use it! you are responsible for keepassxc and its users, not for any os! and for many users here in this thread you accept an (additional) security hole? to be honest: this feedback makes me start liking macpass even more... |
|
Please use Macpass, dont bother mansplaining IT security to us any further. We gave you the facts and we don't need you to start swearing at us. Thank you very much and stay healthy. |
Hello all,
Unfortunately I am running among other systems a MacBook from 2009, where the last supported macOS version is 10.11 (El Capitan) and I cannot upgrade to Mojave.
Therefore I cannot install KeePassXC 2.4.0 on that MacBook, as the new version required 10.12 due to the QT update, but I have upgraded on my other systems (mainly Windows). The KDBX database is shared across the devices via Dropbox.
So I am using 2.3.4 and 2.4.0 in parallel on the same KDBX database.
Whenever I am using now 2.4.0 it wants to migrate the KeePassCX Browser settings into the database. When I am using 2.3.4 it creates them outside again. Subsequently I am losing permanently my browser integration settings.
Is there a way to avoid that (except buying a new MacBook with Mojave of course ;-)
Thanks in advance
Best regards
Bernd
The text was updated successfully, but these errors were encountered: