View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0017858||CentOS-7||thunderbird||public||2020-11-15 19:23||2022-03-14 18:00|
|Summary||0017858: OpenPGP not working|
|Description||OpenPGP is not working in thunderbird-78.4.0-1.el7.centos.x86_64, because upstream is not shipping librnp.so. Please ship librnp.so in CentOS rpm.|
|Tags||No tags attached.|
|Apparently RH removed it on purpose.|
|Purpose, why the removed librnp.so is unknown right now. I suspect legal or certification reasons. Thunderbird is shipping it in their binaries. Without this library we cannot use PGP at all in new thunderbird at all.|
AFAICT this is broken for 8.2, too.
Any chance of an addon-package in extras, that supplies the library that RH removed or do we all have to rebuild that 600 MB monster of a src.rpm ourselves?
@arogge : well, if it was removed , it's best to discuss this in upstream bugzilla, and the more people will discuss it there, higher the chances it would (probably) be solved ?
Tempted myself to rebuild (as explained in bugzilla) it through copr but when I tried it failed to find some BuildRequires: and I had no time to investigate why
|@arrfab I just tried to rebuild it and it is a beast. I don't even know where to get some of the buildrequires. In fact rust-toolset-1.41 doesn't seem to be "officially" published anywhere.|
Reason why librnp was removed by upstream is described in https://bugzilla.redhat.com/show_bug.cgi?id=1837512
"It was removed based on the request from Red Hat's Security Response Team (SRT)"
"Because we really care about having all the crypto libraries (or other crypto code) in RHEL to be properly maintained, with support of downstream features such as system-wide crypto policies added, FIPS validation and compliance ensured, and so on. Any additional crypto code (even in form of bundled crypto library) breaks this story because we cannot fully support more than the existing 4 (plus kernel) RHEL core crypto libraries."
Any chance to get library back to CentOS ?
I know, there is solution
Use Thunderbird as a Flatpak from Flathub or Fedora Registry.
Migrate to Evolution."
but why use Flatpak, when I can use rpm from distro ?
Now that we have found out why this is broken, can we take action to do any of the following:
a) provide a thunderbird-librnp rpm (maybe in extras) in the long run) that ships a librnp that adds the removed library
b) provide a thunderbird rpm (maybe in centosplus in the long run) that does not remove librnp
Maybe we can join forces here?
|I'm stuck in rebuilding srpm myself on rust-toolset-1.41 of el7, which is not provided anywhere.|
|I don't think you need to rebuild it, you need to find a copy of librnp that is built for CentOS 7.|
|@TrevorH - thank you, I just tested librnp from binary distribution from thunderbird and it's working with rpm binnaries as expected|
Just to let you know that while in upstream bugzilla report they'll not fix it (read the reason why here : https://bugzilla.redhat.com/show_bug.cgi?id=1886958) , centosplus repository was exactly created for that reason : opt-in repository containing pkgs that are overriding base packages
So you can enable centosplus repository as it's now available with openpgp support :
It was also modified for c8 (and so should land in centosplus through next compose I heard) : https://koji.mbox.centos.org/koji/buildinfo?buildID=15507
relevant git change for the centosplus branch:
|@arrfab, thank you, openpgp support is working for me using centosplus repo.|
|@arrfab - openpgp stopped working again in thunderbird-91.6.0-1.el7.centos.plus.x86_64|
|I'm not the one maintaining/building it so maybe best asking the @johnnyhughes for this but it's usually not looking at this tracker, so feel free to ping him on irc instead ?|
|@arrfab - thank you, I will use IRC for contacting @johnnyhughes|
At first sight (despite commit name) the openpgp support was not enabled back :
See a previous commit that enabled it back : https://git.centos.org/rpms/thunderbird/c/f07301f42dd795234d2c701450cdab5a87ef3794?branch=c7-plus
it was in the spec file .. carried over.
(and line 434)
I also verified it is in the spec file.
We have a new thunderbird to release today, so we can test that.
|@arrfab / @JohnnyHughes - thank you, I will test it|
|2020-11-15 19:email@example.com||New Issue|
|2020-11-15 19:39||toracat||Status||new => confirmed|
|2020-11-15 19:47||ManuelWolfshant||Note Added: 0037905|
|2020-11-15 19:firstname.lastname@example.org||Note Added: 0037906|
|2020-11-17 15:43||arogge||Note Added: 0037914|
|2020-11-17 16:17||arrfab||Note Added: 0037915|
|2020-11-17 16:23||arogge||Note Added: 0037916|
|2020-11-18 07:email@example.com||Note Added: 0037918|
|2020-11-18 09:37||arogge||Note Added: 0037920|
|2020-11-18 09:firstname.lastname@example.org||Note Added: 0037921|
|2020-11-18 09:43||TrevorH||Note Added: 0037922|
|2020-11-18 12:email@example.com||Note Added: 0037924|
|2021-01-16 08:57||arrfab||Note Added: 0038181|
|2021-01-16 08:58||arrfab||Status||confirmed => feedback|
|2021-01-16 09:firstname.lastname@example.org||Note Added: 0038182|
|2021-01-16 09:email@example.com||Status||feedback => assigned|
|2022-03-14 07:firstname.lastname@example.org||Note Added: 0038874|
|2022-03-14 07:58||arrfab||Note Added: 0038875|
|2022-03-14 08:email@example.com||Note Added: 0038876|
|2022-03-14 08:51||arrfab||Note Added: 0038877|
|2022-03-14 15:41||JohnnyHughes||Note Added: 0038879|
|2022-03-14 15:41||JohnnyHughes||Note Edited: 0038879|
|2022-03-14 18:firstname.lastname@example.org||Note Added: 0038880|