View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017858||CentOS-7||thunderbird||public||2020-11-15 19:23||2020-11-18 12:16|
|Target Version||Fixed in Version|
|Summary||0017858: OpenPGP not working|
|Description||OpenPGP is not working in thunderbird-78.4.0-1.el7.centos.x86_64, because upstream is not shipping librnp.so. Please ship librnp.so in CentOS rpm.|
|Tags||No tags attached.|
|Apparently RH removed it on purpose.|
|Purpose, why the removed librnp.so is unknown right now. I suspect legal or certification reasons. Thunderbird is shipping it in their binaries. Without this library we cannot use PGP at all in new thunderbird at all.|
AFAICT this is broken for 8.2, too.
Any chance of an addon-package in extras, that supplies the library that RH removed or do we all have to rebuild that 600 MB monster of a src.rpm ourselves?
@arogge : well, if it was removed , it's best to discuss this in upstream bugzilla, and the more people will discuss it there, higher the chances it would (probably) be solved ?
Tempted myself to rebuild (as explained in bugzilla) it through copr but when I tried it failed to find some BuildRequires: and I had no time to investigate why
|@arrfab I just tried to rebuild it and it is a beast. I don't even know where to get some of the buildrequires. In fact rust-toolset-1.41 doesn't seem to be "officially" published anywhere.|
Reason why librnp was removed by upstream is described in https://bugzilla.redhat.com/show_bug.cgi?id=1837512
"It was removed based on the request from Red Hat's Security Response Team (SRT)"
"Because we really care about having all the crypto libraries (or other crypto code) in RHEL to be properly maintained, with support of downstream features such as system-wide crypto policies added, FIPS validation and compliance ensured, and so on. Any additional crypto code (even in form of bundled crypto library) breaks this story because we cannot fully support more than the existing 4 (plus kernel) RHEL core crypto libraries."
Any chance to get library back to CentOS ?
I know, there is solution
Use Thunderbird as a Flatpak from Flathub or Fedora Registry.
Migrate to Evolution."
but why use Flatpak, when I can use rpm from distro ?
Now that we have found out why this is broken, can we take action to do any of the following:
a) provide a thunderbird-librnp rpm (maybe in extras) in the long run) that ships a librnp that adds the removed library
b) provide a thunderbird rpm (maybe in centosplus in the long run) that does not remove librnp
Maybe we can join forces here?
|I'm stuck in rebuilding srpm myself on rust-toolset-1.41 of el7, which is not provided anywhere.|
|I don't think you need to rebuild it, you need to find a copy of librnp that is built for CentOS 7.|
|@TrevorH - thank you, I just tested librnp from binary distribution from thunderbird and it's working with rpm binnaries as expected|
|2020-11-15 19:firstname.lastname@example.org||New Issue|
|2020-11-15 19:39||toracat||Status||new => confirmed|
|2020-11-15 19:47||ManuelWolfshant||Note Added: 0037905|
|2020-11-15 19:email@example.com||Note Added: 0037906|
|2020-11-17 15:43||arogge||Note Added: 0037914|
|2020-11-17 16:17||arrfab||Note Added: 0037915|
|2020-11-17 16:23||arogge||Note Added: 0037916|
|2020-11-18 07:firstname.lastname@example.org||Note Added: 0037918|
|2020-11-18 09:37||arogge||Note Added: 0037920|
|2020-11-18 09:email@example.com||Note Added: 0037921|
|2020-11-18 09:43||TrevorH||Note Added: 0037922|
|2020-11-18 12:firstname.lastname@example.org||Note Added: 0037924|