View Issue Details

IDProjectCategoryView StatusLast Update
0017858CentOS-7thunderbirdpublic2020-11-18 12:16
Reporterzidek@master.cz 
PrioritynormalSeveritymajorReproducibilityalways
Status confirmedResolutionopen 
Product Version7.9.2009 
Target VersionFixed in Version 
Summary0017858: OpenPGP not working
DescriptionOpenPGP is not working in thunderbird-78.4.0-1.el7.centos.x86_64, because upstream is not shipping librnp.so. Please ship librnp.so in CentOS rpm.

Upstream bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1886958
TagsNo tags attached.
abrt_hash
URL

Activities

ManuelWolfshant

ManuelWolfshant

2020-11-15 19:47

manager   ~0037905

Apparently RH removed it on purpose.
zidek@master.cz

zidek@master.cz

2020-11-15 19:54

reporter   ~0037906

Purpose, why the removed librnp.so is unknown right now. I suspect legal or certification reasons. Thunderbird is shipping it in their binaries. Without this library we cannot use PGP at all in new thunderbird at all.
arogge

arogge

2020-11-17 15:43

reporter   ~0037914

AFAICT this is broken for 8.2, too.
Any chance of an addon-package in extras, that supplies the library that RH removed or do we all have to rebuild that 600 MB monster of a src.rpm ourselves?
arrfab

arrfab

2020-11-17 16:17

administrator   ~0037915

@arogge : well, if it was removed , it's best to discuss this in upstream bugzilla, and the more people will discuss it there, higher the chances it would (probably) be solved ?
Tempted myself to rebuild (as explained in bugzilla) it through copr but when I tried it failed to find some BuildRequires: and I had no time to investigate why
arogge

arogge

2020-11-17 16:23

reporter   ~0037916

@arrfab I just tried to rebuild it and it is a beast. I don't even know where to get some of the buildrequires. In fact rust-toolset-1.41 doesn't seem to be "officially" published anywhere.
zidek@master.cz

zidek@master.cz

2020-11-18 07:35

reporter   ~0037918

Reason why librnp was removed by upstream is described in https://bugzilla.redhat.com/show_bug.cgi?id=1837512

"It was removed based on the request from Red Hat's Security Response Team (SRT)"

 "Because we really care about having all the crypto libraries (or other crypto code) in RHEL to be properly maintained, with support of downstream features such as system-wide crypto policies added, FIPS validation and compliance ensured, and so on. Any additional crypto code (even in form of bundled crypto library) breaks this story because we cannot fully support more than the existing 4 (plus kernel) RHEL core crypto libraries."

Any chance to get library back to CentOS ?

I know, there is solution
"
Use Thunderbird as a Flatpak from Flathub or Fedora Registry.
or
Migrate to Evolution."

but why use Flatpak, when I can use rpm from distro ?
arogge

arogge

2020-11-18 09:37

reporter   ~0037920

Now that we have found out why this is broken, can we take action to do any of the following:
a) provide a thunderbird-librnp rpm (maybe in extras) in the long run) that ships a librnp that adds the removed library
b) provide a thunderbird rpm (maybe in centosplus in the long run) that does not remove librnp

Maybe we can join forces here?
zidek@master.cz

zidek@master.cz

2020-11-18 09:40

reporter   ~0037921

I'm stuck in rebuilding srpm myself on rust-toolset-1.41 of el7, which is not provided anywhere.
TrevorH

TrevorH

2020-11-18 09:43

manager   ~0037922

I don't think you need to rebuild it, you need to find a copy of librnp that is built for CentOS 7.
zidek@master.cz

zidek@master.cz

2020-11-18 12:16

reporter   ~0037924

@TrevorH - thank you, I just tested librnp from binary distribution from thunderbird and it's working with rpm binnaries as expected

Issue History

Date Modified Username Field Change
2020-11-15 19:23 zidek@master.cz New Issue
2020-11-15 19:39 toracat Status new => confirmed
2020-11-15 19:47 ManuelWolfshant Note Added: 0037905
2020-11-15 19:54 zidek@master.cz Note Added: 0037906
2020-11-17 15:43 arogge Note Added: 0037914
2020-11-17 16:17 arrfab Note Added: 0037915
2020-11-17 16:23 arogge Note Added: 0037916
2020-11-18 07:35 zidek@master.cz Note Added: 0037918
2020-11-18 09:37 arogge Note Added: 0037920
2020-11-18 09:40 zidek@master.cz Note Added: 0037921
2020-11-18 09:43 TrevorH Note Added: 0037922
2020-11-18 12:16 zidek@master.cz Note Added: 0037924