search

kee-org / keepassrpc

The KeePassRPC plugin that needs to be installed inside KeePass in order for Kee to be able to connect your browser to your passwords
GNU General Public License v2.0
635 stars 35 forks source link

Building from source: self rebuilt 'Fleck2' is problematic #144

Closed tenzap closed 4 months ago

tenzap commented 6 months ago

I'm trying to rebuild KeePassRPC.pglx completely from source including its dependencies that you ship as dll.

Concerning Jayrock it is hosted in the current repo. However Fleck2.dll and DomainPublicSuffix.dll are not in the current repo. I found these without being sure that they are the ones you use to build the dll.

If these are correct, could there be some information somewhere telling which commit you use to build the dll? If these are not the correct repo, where can I find the sources of these components?

For now I'm using master. However, the Fleck2.dll that I manage to produce makes keepass fail when loading the plugin. Error is below. (It was produced by keepass2 --debug). Full log attached.

/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/Extensions.cs(7,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/Forms/AuthForm.cs(9,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/Forms/KeeMultiEntryUserControl.cs(6,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCClient.cs(11,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCServer.cs(2,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/DPIScaledToolStripMenuItem.cs(4,14): error CS0234: The type or namespace name `Linq' does not exist in the namespace `System'. Are you missing `System.Core' assembly reference?

/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCServer.cs(33,32): error CS1502: The best overloaded method match for `Fleck2.WebSocketServer.WebSocketServer(int, string)' has some invalid arguments
/home/user/.local/share/KeePass/PluginCache/NluQfcuwU2zlVj0EPS8Q/Fleck2.dll (Location of the symbol related to previous error)
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCServer.cs(33,52): error CS1503: Argument `#1' cannot convert `string' expression to type `int'
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCService.cs(802,68): warning CS0612: `KeePass.App.Configuration.AcePasswordGenerator.LastUsedProfile' is obsolete
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/KeePassRPCService.cs(810,66): warning CS0612: `KeePass.App.Configuration.AcePasswordGenerator.LastUsedProfile' is obsolete
/home/user/.local/share/KeePass/E61FEB404E1C3B49B5B6CD743C598795/IconConverter.cs(154,54): warning CS0618: `KeePass.UI.UIUtil.LoadImage(byte[])' is obsolete: `Use GfxUtil.LoadImage instead.'

tmp24059e2b.tmp.gz

That's how I build Fleck2.dll (it's on Debian)

xbuild /target:Fleck2 /property:Configuration=Release /property:Deterministic=True /p:TargetFrameworkVersion=v3.5

If I use your Fleck2.dll it doesn't fail. What am I doing wrong?

tenzap commented 6 months ago

By looking at the history of Flake2.dll it appears that there was a commit https://github.com/kee-org/KeeFox/commit/55fcf2c4737430f6e5c53120d374356ed845a87e on 30/Mar/2014 followed by a commit https://github.com/kee-org/KeeFox/commit/4070ffa229da29ff26c9560fd8a2839e2f8fb2d6 on 17/Apr/2014

That commit of 17/Apr/2014 changed the call to WebSocketServer by removing the 1st argument.

However if I look at https://github.com/luckyrat/Fleck2, the last pushed commit https://github.com/luckyrat/Fleck2/commit/507038f1d0950b59d502a98ce1be767791a3386a is dated 30/Mar/2014

So probably between 30/Mar & 17/Apr you made some changes in the interface of Flake2's WebSocketServer explaining the compilation error. It looks like your Flake2 repo is not up to date. Could you push the last commits and maybe also add a tag so that one knows which versions is actually used in KeePassRPC?

luckyrat commented 5 months ago

I remember having trouble with Fleck behaving differently depending on if running in a .NET2 or 4 runtime. It looks like I found a workaround but failed to commit it to the master branch. I don't know if that's because there were some other issues with the code or I just forgot but I have now pushed that new commit to the master branch (unbuilt nor tested).

Honestly, reproducible builds were not really on my priority list a decade ago - I did want to be able to achieve that but the frameworks and tools at the time meant it wasn't practical so it's possible I took some decisions that were not ideal when trying to make a reproducible build today.

I was never able to get Fleck building on anything other than Windows and have not tried to rebuild it for many years. For two reasons: 1) It works so leave it be; 2) When making changes to the bundled DLLs previously (especially Fleck2.dll) Microsoft usually blocked download and execution of the entire plugin due to a false positive in their anti-malware "feature". I don't really have any motivation to put all users through that ordeal again unless there are demonstrable benefits to the user experience.

Obviously if a security flaw were to be found in the DLL then we'd have to find a way to push out a change but I would certainly look first at whether there are any better Websockets libraries or .NET APIs available since the .NET 2 era and consider replacing the old Fleck library entirely.

Anyway, hopefully the new commit allows you to build without hitting that method signature mismatch error.

If you are able to reproduce the build, please feel free to submit a PR with instructions on how to do so in the Readme.

Thanks for your investigations so far - would be really cool if we could get a reproducible build, or at least a bit closer to it.

tenzap commented 5 months ago

Using https://github.com/luckyrat/Fleck2/commit/073f5d8b049facb8924ccbc1e9a853a2bc4942dc I am able to build Fleck2.dll and Keepassrpc with it.

BTW build succeeds with TargetFrameworkVersion=v4.5 v3.5 v2.0 (I didn't test the others) on Debian with the version of mono shipped by Debian. The plugins loads successfully with v4.5 and password is filled with firefox + kee plugin.

Build command:

    cd Fleck2 && LC_ALL=C.UTF-8 xbuild /target:Fleck2 /property:Configuration=Release /property:Deterministic=True /p:TargetFrameworkVersion=v4.5
    cp -a Fleck2/src/bin/Release/*.dll KeePassRPC
luckyrat commented 4 months ago

I've made a recent commit to https://github.com/luckyrat/Fleck2/commits/master/ (and remembered to push it this time!) so hopefully you can now build KeePassRPC v2.0.1 without any issues.

tenzap commented 4 months ago

Thanks it seems to work fine with 2.0.1 (kee on firefox + keepassrpc 2.0.1)

Maybe you could also tag Fleck2 with the same version as the keepassrpc version it is made for?

luckyrat commented 4 months ago

Good to hear. I'll bear that idea in mind but changes to Fleck are so rare that I don't want to add an additional step to the KeePassRPC release process at this stage. Will reconsider when next needing to make a change but until then it's still possible to work out which commit was used based on the date of a KeePassRPC release (assuming I remember to push the Fleck changes of course!)