View Issue Details

IDProjectCategoryView StatusLast Update
0017858CentOS-7thunderbirdpublic2022-03-14 18:00 Assigned To 
Status assignedResolutionopen 
Product Version7.9.2009 
Summary0017858: OpenPGP not working
DescriptionOpenPGP is not working in thunderbird-78.4.0-1.el7.centos.x86_64, because upstream is not shipping Please ship in CentOS rpm.

Upstream bug:
TagsNo tags attached.




2020-11-15 19:47

manager   ~0037905

Apparently RH removed it on purpose.

2020-11-15 19:54

reporter   ~0037906

Purpose, why the removed is unknown right now. I suspect legal or certification reasons. Thunderbird is shipping it in their binaries. Without this library we cannot use PGP at all in new thunderbird at all.


2020-11-17 15:43

reporter   ~0037914

AFAICT this is broken for 8.2, too.
Any chance of an addon-package in extras, that supplies the library that RH removed or do we all have to rebuild that 600 MB monster of a src.rpm ourselves?


2020-11-17 16:17

administrator   ~0037915

@arogge : well, if it was removed , it's best to discuss this in upstream bugzilla, and the more people will discuss it there, higher the chances it would (probably) be solved ?
Tempted myself to rebuild (as explained in bugzilla) it through copr but when I tried it failed to find some BuildRequires: and I had no time to investigate why


2020-11-17 16:23

reporter   ~0037916

@arrfab I just tried to rebuild it and it is a beast. I don't even know where to get some of the buildrequires. In fact rust-toolset-1.41 doesn't seem to be "officially" published anywhere.

2020-11-18 07:35

reporter   ~0037918

Reason why librnp was removed by upstream is described in

"It was removed based on the request from Red Hat's Security Response Team (SRT)"

 "Because we really care about having all the crypto libraries (or other crypto code) in RHEL to be properly maintained, with support of downstream features such as system-wide crypto policies added, FIPS validation and compliance ensured, and so on. Any additional crypto code (even in form of bundled crypto library) breaks this story because we cannot fully support more than the existing 4 (plus kernel) RHEL core crypto libraries."

Any chance to get library back to CentOS ?

I know, there is solution
Use Thunderbird as a Flatpak from Flathub or Fedora Registry.
Migrate to Evolution."

but why use Flatpak, when I can use rpm from distro ?


2020-11-18 09:37

reporter   ~0037920

Now that we have found out why this is broken, can we take action to do any of the following:
a) provide a thunderbird-librnp rpm (maybe in extras) in the long run) that ships a librnp that adds the removed library
b) provide a thunderbird rpm (maybe in centosplus in the long run) that does not remove librnp

Maybe we can join forces here?

2020-11-18 09:40

reporter   ~0037921

I'm stuck in rebuilding srpm myself on rust-toolset-1.41 of el7, which is not provided anywhere.


2020-11-18 09:43

manager   ~0037922

I don't think you need to rebuild it, you need to find a copy of librnp that is built for CentOS 7.

2020-11-18 12:16

reporter   ~0037924

@TrevorH - thank you, I just tested librnp from binary distribution from thunderbird and it's working with rpm binnaries as expected


2021-01-16 08:57

administrator   ~0038181

Just to let you know that while in upstream bugzilla report they'll not fix it (read the reason why here : , centosplus repository was exactly created for that reason : opt-in repository containing pkgs that are overriding base packages

So you can enable centosplus repository as it's now available with openpgp support :

It was also modified for c8 (and so should land in centosplus through next compose I heard) :

relevant git change for the centosplus branch:

2021-01-16 09:06

reporter   ~0038182

@arrfab, thank you, openpgp support is working for me using centosplus repo.

2022-03-14 07:56

reporter   ~0038874

@arrfab - openpgp stopped working again in


2022-03-14 07:58

administrator   ~0038875

I'm not the one maintaining/building it so maybe best asking the @johnnyhughes for this but it's usually not looking at this tracker, so feel free to ping him on irc instead ?

2022-03-14 08:45

reporter   ~0038876

@arrfab - thank you, I will use IRC for contacting @johnnyhughes


2022-03-14 08:51

administrator   ~0038877

At first sight (despite commit name) the openpgp support was not enabled back :

See a previous commit that enabled it back :


2022-03-14 15:41

administrator   ~0038879

Last edited: 2022-03-14 15:41

it was in the spec file .. carried over.

(and line 434)

I also verified it is in the spec file.

We have a new thunderbird to release today, so we can test that.

2022-03-14 18:00

reporter   ~0038880

@arrfab / @JohnnyHughes - thank you, I will test it

Issue History

Date Modified Username Field Change
2020-11-15 19:23 New Issue
2020-11-15 19:39 toracat Status new => confirmed
2020-11-15 19:47 ManuelWolfshant Note Added: 0037905
2020-11-15 19:54 Note Added: 0037906
2020-11-17 15:43 arogge Note Added: 0037914
2020-11-17 16:17 arrfab Note Added: 0037915
2020-11-17 16:23 arogge Note Added: 0037916
2020-11-18 07:35 Note Added: 0037918
2020-11-18 09:37 arogge Note Added: 0037920
2020-11-18 09:40 Note Added: 0037921
2020-11-18 09:43 TrevorH Note Added: 0037922
2020-11-18 12:16 Note Added: 0037924
2021-01-16 08:57 arrfab Note Added: 0038181
2021-01-16 08:58 arrfab Status confirmed => feedback
2021-01-16 09:06 Note Added: 0038182
2021-01-16 09:06 Status feedback => assigned
2022-03-14 07:56 Note Added: 0038874
2022-03-14 07:58 arrfab Note Added: 0038875
2022-03-14 08:45 Note Added: 0038876
2022-03-14 08:51 arrfab Note Added: 0038877
2022-03-14 15:41 JohnnyHughes Note Added: 0038879
2022-03-14 15:41 JohnnyHughes Note Edited: 0038879
2022-03-14 18:00 Note Added: 0038880