Saving ownKeepass

I was trying to compile ownKeepass (https://github.com/jobe-m/ownkeepass) for aarch64 but it required libraries in the build engine that are yet to be available for 64 bit.

My trials to install and compile these libraries manually in the engine, although successful, didn’t yield success in compiling ownKeepass.

The core issue is that the developer stopped updating the app since 2019. And it’s an important app for many users.
I would gladly maintain it but have little skills in encryption and security.

So here’s a call for the community to help to revive and improve ownKeepass. I would be happy to help within my capabilities.

This is a critical app for me as well. Looks like this app has not been compiled on OBS, at least according to README build instructions.

I would suggest to use tbuilder for it and setup the project that links its dependencies. That way we should be able to build it automatically.

Where did you get stuck with the manual build?

An excellent app worth saving. Its compatibility with KDBX means one can simply transfer one’s existing database from another device. The most viable alternative of Passilic requires way too much manual setting up. In fact, I wouldn’t’ve tried it to begin with if I hadn’t noticed ownKeepass was no longer supported. And even so, it was the best choice.

I myself have so far tried building this twice. On the first try I got frustrated really quickly, on the second try I actually managed to compile it. But then I got frustrated again when the packaging stage fails…

3rd time lucky? Would be good to get that into some automated build stage (OBS and TBuilder). After that we can start looking into updating some components, as needed

Not taking it on myself yet, but at some point, if needed, I would join the effort to make it work on newer base.

I’ve manually downloaded the source code of libargon2 and libsodium and compiled them in the build engine (mersdk@localhost).
But still when building the app in the IDE, I get the same errors for aarch64:

No provider of 'pkgconfig(libargon2)' found.
No provider of 'pkgconfig(libsodium)' found.

you wound need to install the compiled packages into the target as well. Or learn how to use tbuilder that will make it for you

I use sfdk for building. I build all the packages with both the snapshot and output-prefix configuration options, so the dependencies get automatically installed on the build target. The key here being the output-prefix option, as with it sfdk searches for the dependencies in the shared output directory. The snapshot option is just there to make sure this doesn’t interfere with building other stuff.

I did install it for the aarch64 target. Something like this when compiling: sb2 -t SailfishOS-4.0.1.48-aarch64 -m sdk-install -R make and the remaining commands.

Not much familiar with the build engine and related stuff. I’ll have a better look at them after work.

I haven’t read the forums in a while and got pointed to this thread.

I just managed to compile ownKeepass for aarch64: https://openrepos.net/content/aerique/ownkeepass-aarch64

It’s pretty much in a “works for me” stage and I’m not much of a project maintainer so I will post my build steps this weekend here so someone else can hopefully pick it up.

Use at your own risk since I have not published my steps yet. I’m also using crypto libraries I just grabbed off the net (although I think they’re the same as used by the original ownKeepass).

Like others said both ownKeepass and SailOTP are critical apps for me and with the upcoming Alien Dalvik the Xperia 10 II will be daily driver material for me.

(Final word: I have been surprised how easy it is to clone the repo of an old Sailfish OS app and recompile it for aarch64 (especially if they have no third-party dependencies.)

Thank you all for your efforts!

Side question: does it make sense to also publish a newer build for the other archs? I understand it is built against some parts of KeePass, which might have important changes also for non-aarch64 as well.

I don’t think so because the Git submodule it uses is pinned at the 2.4.3 version: https://github.com/keepassxreboot/keepassxc/commit/5d6ef0c47191f1bd9e8ae296920357aeb74e8fd5

okay but while “we” re at it that could be updated as well.

Thanks @aerique !

@nephros, I don’t think it’s just updating the keepass dependency as it requires testing to make sure upping the version isn’t breaking anything.

But I’m quite ready to help in testing. And as soon as @aerique publishes his build step, it’ll try tweaking things and playing around with keepassxc and see what can be done.

Here is what I did to build ownKeepass for aarch64.

I think the biggest problem people that want to repeat these steps will face is that I’m using my own build environment (Sailfish OS Builds in Docker). I will not go into the reasons why here, but I suggest first trying to repeat these steps in the same environment and then porting it to what most people use (which is the official Sailfish OS SDK I think).

ownKeepass depends on libargon2 and libsodium. In this example we’ll use the RPMs I already uploaded to my repository, but if you’re interested in building them yourself you can check out how I did it (thanks to @abranson for some clarifications!):

• ~aerique/libargon2-spec - sourcehut git
• ~aerique/libsodium-spec - sourcehut git

Preparing Sailfish OS Builds in Docker

• mkdir ~/software (if it does not exist yet)
• cd ~/software
• git clone https://git.sr.ht/~aerique/sfosbid sfosbid-git
• cd sfosbid-git
• ./download.sh
• ./build.sh -u
• ./run.sh -u

Preparing the Build Environment

This section assumes you’ve run ./run.sh -u from the previous section and are
now in the Docker container.

• sb2 -t SailfishOS-latest-aarch64 -m sdk-install -R
• rpm --import https://sailfish.openrepos.net/openrepos.key
• zypper addrepo -f https://sailfish.openrepos.net/aerique/personal-main.repo
• zypper install libargon2-devel libsodium-devel libgcrypt-devel
• exit
  • this exits the sb2 sdk-install environment from above, it does not exit the Docker container

Building ownKeepass

(This is still in the Docker container.)

We will not use the official repository but @samule’s slightly updated one that has already improved the libgcrypt situation for us:

• cd projects
• git clone https://github.com/24mu13/ownkeepass.git ownkeepass-git
• cd ownkeepass-git
• git submodule update --init --recursive
• cd Sailfish
• in ownKeepass.pro change ARCH_LIBS from armv7hl to aarch64
• in rpm/harbour-ownkeepass.yaml remove - libargon2 in the PkgCongfigBR list
• mb2 -t SailfishOS-latest-aarch64 build

If the build was successfull you’ll have an ownKeepass RPM in the RPMS
directory.

Thanks @aerique for the detailed instruction

I only use Sailfish IDE and it’s build engine, I’ll see if I can replicate your instructions and compile a working RPM without using Docker and a specific build environment.

I have not tested anything, but looking at the commands I believe you could just replace sb2 -t SailfishOS-latest-aarch64 -m sdk-install -R with sfdk tools exec SailfishOS-4.1.0.23EA-aarch64 and mb2 -t SailfishOS-latest-aarch64 build with sfdk build. Please note however that this installs the build dependencies directly in the target. I’d prefer having them in shared output directory and installing them automatically in a target snapshot. So this might work better:

• Download the dependencies and place them in /home/foobar/keepass-rpms
• sfdk config target=SailfishOS-4.1.0.23EA-aarch64
• sfdk config snapshot
• sfdk config output-dir=/home/foobar/keepass-rpms
• sfdk build

Very nice work @aerique, and everyone, thank you.

Myself I use coderus work from Docker Hub to build in docker.

I write Gitlab CI scripts to do that, because they can then be used both on a local machine using gitlab-runner, or using the CI feature on gitlab.

Anyway I have taken the recipe above and put it in a gitlab-ci file. Posting below in case anyone is interested in building that way.
Not too much interesting or new in there, but it stores the output rpms in a dir in docker, and creates a local repo for zypper to install from instead of using online repos.

stages:
  - build

image: "coderus/sailfishos-platform-sdk-${TARGET}:${SFOS_VERSION}"
tags:
  - docker

default:

variables:
  #SFOS_VERSION: "4.0.1.45"
  SFOS_VERSION: "4.1.0.23"
  GIT_SUBMODULE_STRATEGY: recursive
  OUTDIR: $CI_PROJECT_DIR/output
  #BLDDIR: ~/build # this does not work because ~ does not expand. use a shell variable instead
  YAMLNAME: ownkeepass.yaml
  SPECNAME: ownkeepass.spec
  TARGET: armv7hl # set this globally for local builds because gitlab-ci-runner can not deal with extends: foo

.build-local:
  stage: build
  script:
    # prep
    - BLDDIR=~/build
    - mkdir -p $OUTDIR/$SFOS_VERSION/
    - mkdir -p ${BLDDIR}
    - cp -r $CI_PROJECT_DIR/* $BLDDIR/
    - pushd $BLDDIR
    # argon
    - git clone https://git.sr.ht/~aerique/libargon2-spec libargon2-spec-git
    - pushd libargon2-spec-git
    - git submodule update --init --recursive
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version prepare | tee $OUTDIR/prepare.log
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version build   | tee $OUTDIR/build.log
    - cp -r RPMS/* $OUTDIR/$SFOS_VERSION/
    - popd
    # sodium
    - git clone https://git.sr.ht/~aerique/libsodium-spec libsodium-spec-git
    - pushd libsodium-spec-git
    - curl -o libsodium-1.0.18-stable.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.18-stable.tar.gz
    - tar xvfz libsodium-1.0.18-stable.tar.gz
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version prepare | tee $OUTDIR/prepare.log
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version build   | tee $OUTDIR/build.log
    - cp -r RPMS/* $OUTDIR/$SFOS_VERSION/
    - popd
    # main
    - LR=~/myrepo
    - mkdir -p $LR
    - for f in $(find $OUTDIR/$SFOS_VERSION -type f -name *.rpm); do cp ${f} $LR; done
    - sb2 -t SailfishOS-$SFOS_VERSION-$TARGET -m sdk-install -R zypper ar --no-gpgcheck $LR localfiles
    - sb2 -t SailfishOS-$SFOS_VERSION-$TARGET -m sdk-install -R zypper ref
    - sb2 -t SailfishOS-$SFOS_VERSION-$TARGET -m sdk-install -R zypper --non-interactive install libgcrypt-devel
    - sb2 -t SailfishOS-$SFOS_VERSION-$TARGET -m sdk-install -R zypper --non-interactive install --from localfiles libargon2-devel libsodium-devel
    - git clone https://github.com/24mu13/ownkeepass.git ownkeepass
    - pushd ownkeepass
    - git submodule update --init --recursive
    - cd Sailfish
    - sed -i -e '/.*libargon2.*/d' rpm/harbour-ownkeepass.yaml
    - sed -i -e '/.*libargon2.*/d' rpm/harbour-ownkeepass.spec
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version prepare | tee $OUTDIR/prepare.log
    - mb2 -t SailfishOS-$SFOS_VERSION-$TARGET --no-fix-version build   | tee $OUTDIR/build.log
    - cp -r RPMS/* $OUTDIR/$SFOS_VERSION/
    - rm -r $BLDDIR/
  artifacts:
      when: always
      paths:
        - "output/*.log"
        - "output/*.spec"
        - "output/*.yaml"
        - "output/$SFOS_VERSION"
  cache:
    key: ${CI_PROJECT_NAME}_${CI_JOB_NAME}
    paths:
      - $SRCNAME-$SRCTAG
      - /home/.zypp-cache
      - /srv/mer/targets/SailfishOS-$SFOS_VERSION-$TARGET/var/cache/zypp/
      - /var/cache/zypp/
      - /home/nemo/src

build-arm64:
  stage: build
  extends: .build-local
  variables:
    TARGET: aarch64

build-arm:
  stage: build
  extends: .build-local
  variables:
    TARGET: armv7hl

build-x86:
  stage: build
  extends: .build-local
  variables:
    TARGET: i486

If you have gitlab-runner instaled locally, this will run the build:

#!/usr/bin/env bash

BASE_DIR=$PWD
BUILD_DIR=$BASE_DIR/build
CACHE_DIR=${HOME}/.cache/gitlab-runner-cache
mkdir -p $BUILD_DIR
builder="$1"
if [[ x"$1" = x"" ]]; then
  builder='.build-local'
fi
case $1 in
  '-h'|'list'|'help')
	echo these local builders exist:
	grep '^\..*local' .gitlab-ci.yml
	exit 0
	;;
esac

DOPTS="--docker-pull-policy=never --docker-volumes "$BUILD_DIR/:/builds:rw" --docker-cache-dir $CACHE_DIR "
[[ -e $BASE_DIR/build.log ]] && mv $BASE_DIR/build.log $BASE_DIR/build.log.old
gitlab-ci-multi-runner -l warn exec docker $DOPTS $builder 2>&1 | tee $BASE_DIR/build.log  |  grep -v 'ERROR: Could not create cache adapter'

Now that SailSync ownCloud have a 64bit version, and thanks to @aerique build of ownkeepass, my workflow to sync (through nextcloud) and use my keepass passwords is working fully again natively.
Thank you all.

ownKeepass is now available at OBS via sailfishos:chum repositories. Currently, builds are available for all architectures and released SFOS versions starting from 3.4.0.24 till 4.1.0.24.

To make it possible, I have used @aerique work, adjusted his packaging scripts for libargon2 and libsodium that got also published in Chum repos.

ownKeepass had some libs bundled in binary format within the sources to simplify packaging. Those got removed. I also dropped generation of SPEC from YAML, SPEC got cleaned up and now the application is built from the root of the project.

When someone gets to develop ownKeepass further, please look into the changes made at sailfishos-chum/ownkeepass. Had to remove forking as it leads to submitting of local PRs into other repositories upstream of the forking tree.

Note that testing is limited, seems to work for my database and allowed to create new one as well which I successfully opened on PC. That’s on 4.1.0.24/aarch64.

@aerique mentioned something regarding libgcrypt - I have not used any updated version of the lib. It looks to be available in SFOS repos and I don’t know whether it needs to be updated for earlier SFOS versions. Please chip in and let me know. In that case we may have to add that to Chum repos as well.

Enjoy, hopefully all works with this build.