»Liboath API
     »PSKC Tutorial
     »Libpskc API
OATH Toolkit
One-time password components
Download, build and self-check version controlled sources:
git clone https://gitlab.com/oath-toolkit/oath-toolkit.git
cd oath-toolkit
make check

Links to resources that may be useful if you want to get involved the project:

We rely on several tools to build the software, including:

The software is typically distributed with your operating system, and the instructions for installing them differ. Here are some hints:

Debian/Ubuntu dependencies:
apt-get install make git autoconf automake libtool bison gengetopt valgrind
apt-get install libpam0g-dev libxmlsec1-dev libxml2-utils
apt-get install help2man gtk-doc-tools libglib2.0-dev dblatex

If you have hints on how to install the required dependencies on other operating systems, please let us know.

When building from version controlled sources, some developer specific flags are automatically enabled. For example, the self-checks are run under valgrind if available. For various reasons, you may run into valgrind false positives that will cause self-checks to fail. First be sure to install debug symbols for system libraries. We ship a Valgrind suppression file to address common issues. You can use it by putting the following in your ~/.valgrindrc:


To prepare a release you need some additional tools:

Debian/Ubuntu dependencies:
apt-get install groff asciidoc xsltproc lcov clang rsync

The release rules are implemented in cfg.mk, and to make new official release the following steps are made:

  1. Make sure you have updated to latest gnulib files. make glimport git rm -f … git add … git commit -m "Update gnulib files." -a

  2. Make sure you have pushed git to GitLab and that CI/CD passes. https://gitlab.com/oath-toolkit/oath-toolkit/-/pipelines

  3. Make sure NEWS reflect all changes made since the last release. make review-diff

  4. Make sure the (unreleased) string in NEWS is changed into (released XXXX-YY-ZZ) for the release.

  5. Make sure you have committed everything and have a clean checkout. git clean -d -x -f git status git reset --hard

  6. Run make tag VERSION=1.2.3 for the version number. Use git tag -d … to remove tags if you made mistakes.

  7. Make sure ../www-oath-toolkit/ contains a git checkout of the website git repository, and ../www-oath-toolkit-cvs/ contains a CVS checkout of the website. cd .. git clone git@gitlab.com:oath-toolkit/website.git www-oath-toolkit cvs -z3 -d:ext:USER@cvs.savannah.nongnu.org:/web/oath-toolkit co -d www-oath-toolkit-cvs oath-toolkit

  8. Create release artifacts. ./bootstrap ./configure --enable-gtk-doc --enable-gtk-doc-pdf --enable-gcc-warnings --enable-root-tests --enable-valgrind-tests make make release-check

  9. Upload release artifacts. make release-upload-www release-upload-ftp

  10. Manually update the CVS website that will be synchronized to the main website via savannah cd ../www-oath-toolkit-cvs/ sh -x ./synk-from-git.sh cvs add … cvs rm -f … cvs commit -mUpdate.

  11. Post release announcement based on doc/announce.txt, updating announcement in git.

  12. On major releases, update webpages with information.

  13. Start next development cycle by bumping version number in NEWS and use the (unreleased) to indicate that it is not released yet.

Happy hacking!