Building and Installing QPDF
This chapter describes how to build and install qpdf.
qpdf has few external dependencies. This section describes what you need to build qpdf in various circumstances.
A C++ compiler that supports C++-17
CMake version 3.16 or later
zlib or a compatible zlib implementation
A libjpeg-compatible library such as jpeg or libjpeg-turbo
Recommended but not required: gnutls to be able to use the gnutls crypto provider and/or openssl to be able to use the openssl crypto provider
The qpdf source tree includes a few automatically generated files. The code generator uses Python 3. Automatic code generation is off by default. For a discussion, refer to Build Options.
qpdf’s test suite is run by
ctest, which is part of CMake, but
the tests themselves are implemented using an embedded copy of qtest, which is implemented in perl. On
Windows, MSYS2’s perl is known to work.
qtest requires GNU diffutils or any other diff that
supports diff -u. The default
diff command works on
GNU/Linux and MacOS.
Part of qpdf’s test suite does comparisons of the contents PDF files
by converting them to images and comparing the images. The image
comparison tests are disabled by default. Those tests are not required
for determining correctness of a qpdf build since the test suite also
contains expected output files that are compared literally. The image
comparison tests provide an extra check to make sure that any content
transformations don’t break the rendering of pages. Transformations
that affect the content streams themselves are off by default and are
only provided to help developers look into the contents of PDF files.
If you are making deep changes to the library that cause changes in
the contents of the files that qpdf generates, then you should enable
the image comparison tests. Enable them by setting the
QPDF_TEST_COMPARE_IMAGES environment variable to
running tests. Image comparison tests add these additional
libtiff command-line utilities
GhostScript version 8.60 or newer
Note: prior to qpdf 11, image comparison tests were enabled within
qpdf.test, and you had to disable them by setting
1. This was done
./configure. Now you have to enable image
comparison tests by setting an environment variable. This change was
made because developers have to set the environment variable
themselves now rather than setting it through the build. Either way,
they are off by default.
Additional Requirements on Windows
To build qpdf with Visual Studio, there are no additional requirements when the default cmake options are used. You can build qpdf from a Visual C++ command-line shell.
To build with mingw, MSYS2 is recommended with the mingw32 and/or mingw64 tool chains. You can also build with MSVC from an MSYS2 environment.
qpdf’s test suite can run within the MSYS2 environment for both mingw and MSVC-based builds.
For additional notes, see
README-windows.md in the source
Requirements for Building Documentation
The qpdf manual is written in reStructured Text and built with Sphinx using the Read the Docs Sphinx Theme. Versions of sphinx prior
to version 4.3.2 probably won’t work. Sphinx requires Python 3. In
order to build the HTML documentation from source, you need to install
sphinx and the theme, which you can typically do with
sphinx sphinx_rtd_theme. To build the PDF version of the
documentation, you need
latexmk, and a fairly
complete LaTeX installation. Detailed requirements can be found in the
Sphinx documentation. To see how the documentation is built for the
qpdf distribution, refer to the
in the qpdf source distribution.
Starting with qpdf 11, qpdf is built with CMake.
Basic Build Invocation
qpdf uses cmake in an ordinary way, so refer to the CMake
documentation for details about how to run
cmake. Here is a
You can usually just run
cmake -S . -B build cmake --build build
If you are using a multi-configuration generator such as MSVC, you
--config <Config> (where
MinSizeRel as discussed in the
CMake documentation) to the build command. If you are running a
single configuration generator such as the default Makefile generators
in Linux or MSYS, you may want to pass
to the original
ctest to run the test suite. Since the real tests are
implemented with qtest, you will
want to pass
cmake so you can see the individual
test outputs. Otherwise, you will see a small number of
commands that take a very long to run. If you want to run only a
specific test file in a specific test suite, you can set the
environment variable (used by
qtest-driver) and pass the
ctest. For example:
TESTS=qutil ctest --verbose -R libtests
would run only
qutil.test from the
libtests test suite.
Installation and Packaging
Installation can be performed using
cmake --install or
For most normal use cases,
cmake --install or
cpack can be run
in the normal way as described in CMake documentation. qpdf follows
all normal installation conventions and uses CMake-defined variables
for standard behavior.
There are several components that can be installed separately:
The runtime libraries; required if you built with shared libraries
Static libraries, header files, and other files needed by developers
Documentation and, if selected for installation, the manual
Example source files
Note that the
lib component installs only runtime libraries, not
header files or other files/links needed to build against qpdf. For
that, you need
dev. If you are using shared libraries, the
will install files or create symbolic links that depend on files
lib, so you will need to install both. If you wanted
to build software against the qpdf library and only wanted to install
the files you needed for that purpose, here are some examples:
Install development files with static libraries only:
cmake -S . -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=OFF cmake --build build --parallel --target libqpdf cmake --install build --component dev
Install development files with shared libraries only:
cmake -S . -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_STATIC_LIBS=OFF cmake --build build --parallel --target libqpdf cmake --install build --component lib cmake --install build --component dev
Install development files with shared and static libraries:
cmake -S . -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo cmake --build build --parallel --target libqpdf libqpdf_static cmake --install build --component lib cmake --install build --component dev
There are also separate options, discussed in Build Options, that control how certain specific parts of the software are installed.
All available build options are defined in the the top-level
CMakeLists.txt file and have help text. You can see them using
any standard cmake front-end (like
section describes options that apply to most users. If you are trying
to map autoconf options (from prior to qpdf 11) to cmake options,
please see Converting From autoconf to cmake.
If you are packaging qpdf for a distribution, you should also read Notes for Packagers.
Basic Build Options
Whether to build documentation with sphinx. You must have the required tools installed.
Visible when BUILD_DOC is selected. This option controls building HTML documentation separately from PDF documentation since the sphinx theme is only needed for the HTML documentation.
Visible when BUILD_DOC is selected. This option controls building PDF documentation separately from HTML documentation since additional tools are required to build the PDF documentation.
- BUILD_SHARED_LIBS, BUILD_STATIC_LIBS
You can configure whether to build shared libraries, static libraries, or both. You must select at least one of these options. For rapid iteration, select only one as this cuts the build time in half.
On Windows, if you build with shared libraries, you must have the output directory for libqpdf (e.g.
libqpdfwithin the build directory) in your path so that the compiled executables can find the DLL. Updating your path is not necessary if you build with static libraries only.
Turn this on or off to control whether qtest uses color in its output.
Options for Working on qpdf
The source file
qpdf/sizes.ccis used to display the sizes of all objects in the public API. Consistency of its output between releases is used as part of the check against accidental breakage of the binary interface (ABI). Turning this on causes a test to be run that ensures an exact match between classes in
sizes.ccand classes in the library’s public API. This option requires Python 3.
This is off by default, except in maintainer mode. When off,
QTC::TCcalls are compiled out by having
QTC::TCbe an empty inline function. The underlying
QTC::TCremains in the library, so it is possible to build and package the qpdf library with
ENABLE_QTCturned off while still allowing developer code to use
QTC::TCif desired. If you are modifying qpdf code, it’s a good idea to have this on for more robust automated testing. Otherwise, there’s no reason to have it on.
Some qpdf source files are automatically generated from
job.ymland the CLI documentation. If you are adding new command-line arguments to the qpdf CLI or updating
manual/cli.rstin the qpdf sources, you should turn this on. This option requires Python 3.
Make any compiler warnings into errors. We want qpdf to compile free of warnings whenever possible, but there’s always a chance that a compiler upgrade or tool change may cause warnings to appear that weren’t there before. If you are testing qpdf with a new compiler, you should turn this on.
Ordinarily, qtest (which drives qpdf’s test suite) writes detailed information about its output to the file
qtest.login the build output directory. If you are running a build in a continuous integration or automated environment where you can’t get to those files, you should enable this option and also run
ctest --output-on-failure. This will cause detailed test failure output to be written into the build log.
Turning this on sets options used in qpdf’s continuous integration environment to ensure we catch as many problems as possible. Specifically, this option enables
WERRORand forces the native crypto provider to be built.
Turning this option on sets options that should be on if you are maintaining qpdf. In turns on the following:
It is possible to turn
BUILD_DOCoff in maintainer mode so that the extra requirements for building documentation don’t have to be available.
Build-time Crypto Selection
Since version 9.1.0, qpdf can use external crypto providers in addition to its native provider. For a general discussion, see Crypto Providers. This section discusses how to configure which crypto providers are compiled into qpdf.
In nearly all cases, external crypto providers should be preferred over the native one. However, if you are not concerned about working with encrypted files and want to reduce the number of dependencies, the native crypto provider is fully supported.
By default, qpdf’s build enables every external crypto providers whose dependencies are available and only enables the native crypto provider if no external providers are available. You can change this behavior with the options described here.
This is on by default. If turned off, only explicitly selected crypto providers will be built. You must use at least one of the
This option is only available when USE_IMPLICIT_CRYPTO is selected, in which case it is on by default. Turning it off prevents qpdf from falling back to the native crypto provider when no external provider is available.
Build the native crypto provider even if other options are available.
Require the gnutls crypto provider. Turning this on makes in an error if the gnutls library is not available.
Require the openssl crypto provider. Turning this on makes in an error if the openssl library is not available.
Explicitly select which crypto provider is used by default. See Runtime Crypto Provider Selection for information about run-time selection of the crypto provider. If not specified, qpdf will pick gnutls if available, otherwise openssl if available, and finally native as a last priority.
Example: if you wanted to build with only the gnutls crypto provider,
you should run cmake with
Advanced Build Options
These options are used only for special purposes and are not relevant to most users.
Disable use of the
HANDLEtype in Windows. This can be useful if you are building for certain embedded Windows environments. Some functionality won’t work, but you can still process PDF files from memory in this configuration.
- BUILD_DOC_DIST, INSTALL_MANUAL
By default, installing qpdf does not include a pre-built copy of the manual. Instead, it installs a README file that tells people where to find the manual online. If you want to install the manual, you must enable the
INSTALL_MANUALoption, and you must have a
doc-distdirectory in the manual directory of the build. The
doc-distdirectory is created if
BUILD_DOC_DISTis selected and
BUILD_DOC_HTMLare both on.
INSTALL_MANUALoptions are separate and independent because of the additional tools required to build documentation. In particular, for qpdf’s official release preparation, a
doc-distdirectory is built in Linux and then extracted into the Windows builds so that it can be included in the Windows installers. This prevents us from having to build the documentation in a Windows environment. For additional discussion, see Documentation Packaging Rationale.
Controls whether or not to install qpdf’s cmake configuration file (on by default).
Controls whether or not to install qpdf’s example source files with documentation (on by default).
Controls whether or not to install qpdf’s pkg-config configuration file (on by default).
Turning this option on changes the build of the fuzzers in a manner specifically required by Google’s oss-fuzz project. There is no reason to turn this on for any other reason. It is enabled by the build script that builds qpdf from that context.
- SKIP_OS_SECURE_RANDOM, USE_INSECURE_RANDOM
The native crypto implementation uses the operating systems’s secure random number source when available. It is not used when an external crypto provider is in use. If you are building in a very specialized environment where you are not using an external crypto provider but can’t use the OS-provided secure random number generator, you can turn both of these options on. This will cause qpdf to fall back to an insecure random number generator, which may generate guessable random numbers. The resulting qpdf is still secure, but encrypted files may be more subject to brute force attacks. Unless you know you need these options for a specialized purpose, you don’t need them. These options were added to qpdf in response to a special request from a user who needed to run a specialized PDF-related task in an embedded environment that didn’t have a secure random number source.
Building without wchar_t
It is possible to build qpdf on a system that doesn’t have
wchar_t. The resulting build of qpdf is not API-compatible with a
regular qpdf build, so this option cannot be selected from cmake. This
option was added to qpdf to support installation on a very stripped
down embedded environment that included only a partial implementation
of the standard C++ library.
You can disable use of
wchar_t in qpdf’s code by defining the
QPDF_NO_WCHAR_T preprocessor symbol in your build (e.g. by
wchar_t is part of the C++ standard library and should be
present on virtually every system, there are some stripped down
systems, such as those targeting certain embedded environments, that
wchar_t. Internally, qpdf uses UTF-8 encoding for everything,
so there is nothing important in qpdf’s API that uses
However, there are some helper methods for converting between
If you are building in an environment that does not support
wchar_t, you can define the preprocessor symbol
QPDF_NO_WCHAR_T in your build. This will work whether you are
building qpdf and need to avoid compiling the code that uses wchar_t
or whether you are building client code that uses qpdf.
Note that, when you build code with libqpdf, it is not necessary to
have the definition of
QPDF_NO_WCHAR_T in your build match what
was defined when the library was built as long as you are not calling
any of the methods that use
Starting with qpdf 9.1.0, the qpdf library can be built with multiple implementations of providers of cryptographic functions, which we refer to as “crypto providers.” At the time of writing, a crypto implementation must provide MD5 and SHA2 (256, 384, and 512-bit) hashes and RC4 and AES256 with and without CBC encryption. In the future, if digital signature is added to qpdf, there may be additional requirements beyond this. Some of these are weak cryptographic algorithms. For a discussion of why they’re needed, see Weak Cryptography.
The available crypto provider implementations are
native. OpenSSL support was added in qpdf 10.0.0
with support for OpenSSL added in 10.4.0. GnuTLS support was
introduced in qpdf 9.1.0. Additional implementations can be added as
needed. It is also possible for a developer to provide their own
implementation without modifying the qpdf library.
For information about selecting which crypto providers are compiled into qpdf, see Build-time Crypto Selection.
Runtime Crypto Provider Selection
You can use the
--show-crypto option to qpdf to
get a list of available crypto providers. The default provider is
always listed first, and the rest are listed in lexical order. Each
crypto provider is listed on a line by itself with no other text,
enabling the output of this command to be used easily in scripts.
You can override which crypto provider is used by setting the
QPDF_CRYPTO_PROVIDER environment variable. There are few reasons
to ever do this, but you might want to do it if you were explicitly
trying to compare behavior of two different crypto providers while
testing performance or reproducing a bug. It could also be useful for
people who are implementing their own crypto providers.
Crypto Provider Information for Developers
If you are writing code that uses libqpdf and you want to force a
certain crypto provider to be used, you can call the method
QPDFCryptoProvider::setDefaultProvider. The argument is the name
of a built-in or developer-supplied provider. To add your own crypto
provider, you have to create a class derived from
and register it with
QPDFCryptoProvider. For additional
information, see comments in
Crypto Provider Design Notes
This section describes a few bits of rationale for why the crypto provider interface was set up the way it was. You don’t need to know any of this information, but it’s provided for the record and in case it’s interesting.
As a general rule, I want to avoid as much as possible including large blocks of code that are conditionally compiled such that, in most builds, some code is never built. This is dangerous because it makes it very easy for invalid code to creep in unnoticed. As such, I want it to be possible to build qpdf with all available crypto providers, and this is the way I build qpdf for local development. At the same time, if a particular packager feels that it is a security liability for qpdf to use crypto functionality from other than a library that gets considerable scrutiny for this specific purpose (such as gnutls, openssl, or nettle), then I want to give that packager the ability to completely disable qpdf’s native implementation. Or if someone wants to avoid adding a dependency on one of the external crypto providers, I don’t want the availability of the provider to impose additional external dependencies within that environment. Both of these are situations that I know to be true for some users of qpdf.
I want registration and selection of crypto providers to be thread-safe,
and I want it to work deterministically for a developer to provide their
own crypto provider and be able to set it up as the default. This was
the primary motivation behind requiring C++-11 as doing so enabled me to
exploit the guaranteed thread safety of local block static
QPDFCryptoProvider class uses a singleton
pattern with thread-safe initialization to create the singleton instance
QPDFCryptoProvider and exposes only static methods in its public
interface. In this way, if a developer wants to call any
QPDFCryptoProvider methods, the library guarantees the
QPDFCryptoProvider is fully initialized and all built-in crypto
providers are registered. Making
QPDFCryptoProvider actually know
about all the built-in providers may seem a bit sad at first, but this
choice makes it extremely clear exactly what the initialization behavior
is. There’s no question about provider implementations automatically
registering themselves in a nondeterministic order. It also means that
implementations do not need to know anything about the provider
interface, which makes them easier to test in isolation. Another
advantage of this approach is that a developer who wants to develop
their own crypto provider can do so in complete isolation from the qpdf
library and, with just two calls, can make qpdf use their provider in
their application. If they decided to contribute their code, plugging it
into the qpdf library would require a very small change to qpdf’s source
The decision to make the crypto provider selectable at runtime was one I
struggled with a little, but I decided to do it for various reasons.
Allowing an end user to switch crypto providers easily could be very
useful for reproducing a potential bug. If a user reports a bug that
some cryptographic thing is broken, I can easily ask that person to try
QPDF_CRYPTO_PROVIDER variable set to different values. The
same could apply in the event of a performance problem. This also makes
it easier for qpdf’s own test suite to exercise code with different
providers without having to make every program that links with qpdf
aware of the possibility of multiple providers. In qpdf’s continuous
integration environment, the entire test suite is run for each supported
crypto provider. This is made simple by being able to select the
provider using an environment variable.
Finally, making crypto providers selectable in this way establish a
pattern that I may follow again in the future for stream filter
providers. One could imagine a future enhancement where someone could
provide their own implementations for basic filters like
/FlateDecode or for other filters that qpdf doesn’t support.
Implementing the registration functions and internal storage of
registered providers was also easier using C++-11’s functional
interfaces, which was another reason to require C++-11 at this time.
Converting From autoconf to cmake
Versions of qpdf before qpdf 11 were built with
autoconf and a
home-grown GNU Make-based build system. If you built qpdf with special
./configure options, this section can help you switch them over to
In most cases, there is a one-to-one mapping between configure options and cmake options. There are a few exceptions:
The cmake build behaves differently with respect to whether or not to include support for the native crypto provider. Specifically, it is not implicitly enabled unless explicitly requested if there are other options available. You can force it to be included by enabling
REQUIRE_CRYPTO_NATIVE. For details, see Build-time Crypto Selection.
--enable-external-libsoption is no longer available. The cmake build detects the presence of
README-windows.mdin the source distribution for a more in-depth discussion.
The sense of the option representing use of the OS-provided secure random number generator has been reversed: the
--enable-os-secure-random, which was on by default, has been replaced by the
SKIP_OS_SECURE_RANDOMoption, which is off by default. The option’s new name and behavior match the preprocessor symbol that it turns on.
Non-default test configuration is selected with environment variables rather than cmake. The old
./configureoptions just set environment variables. Note that the sense of the variable for image comparison tests has been reversed. It used to be that you had to set
1to disable image comparison tests. This was done by default. Now you have to set
1to enable image comparison tests. Either way, they are off by default.
Non-user-visible change: the preprocessor symbol that triggers the export of functions into the public ABI (application binary interface) has been changed from
libqpdf_EXPORTS. This detail is encapsulated in the build and is only relevant to people who are building qpdf on their own or who may have previously needed to work around a collision between qpdf’s use of
DLL_EXPORTand someone else’s use of the same symbol.
A handful of options that were specific to autoconf or the old build system have been dropped.
cmake --installinstalls example source code in
examplesinstallation component. Packagers are encouraged to package this with development files if there is no separate doc package. This can be turned off by disabling the
There are some new options available in the cmake build that were not available in the autoconf build. This table shows the old options and their equivalents in cmake.
none – not relevant to cmake
REQUIRE_CRYPTO_NATIVE (but see above)
none – detected automatically
none – detected automatically
MAINTAINER_MODE (slight differences)
enable-os-secure-random (on by default)
SKIP_OS_SECURE_RANDOM (off by default)
none – cmake handles rpath correctly
none – not relevant to cmake