Adding this so it's tracked. I didn't see another bug for it. Background: For the initial integration into the build system, support for using a system librnp was left out intentionally as the vendored version was not a stable release. Currently, the included RNP source is from 0.15.2 and it appears that the plan is to stick to release versions going forward. The Javascript wrapper code supports using librnp from a system location, but the build system does not support it and will always produce its own build. The build system should support a --with-system-rnp option, and enabling it should also enable --with-system-zlib, --with-system-bz2, --with-system-jsonc, and --with-system-botan. It should also enforce a minimum version. According to pkgs.org, as of Sept 2021 RNP is packaged only in Debian unstable (sid), openSUSE tumbleweed (devel/unstable), and FreeBSD 12 & 13. That being the case, I don't think there's any particular rush to implement this yet. We should also keep in mind that there is the RNP patch for disabling some crypto algorithms that are too old to be considered secure anymore.
Bug 1732809 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Adding this so it's tracked. I didn't see another bug for it. Background: For the initial integration into the build system, support for using a system librnp was left out intentionally as the vendored version was not a stable release. Currently, the included RNP source is from 0.15.2 and it appears that the plan is to stick to release versions going forward. The Javascript wrapper code supports using librnp from a system location, but the build system does not support it and will always produce its own build. The build system should support a --with-system-rnp option that skips building librnp altogether, but keep MOZ_OPENPGP defined so that PGP support is still enabled. According to pkgs.org, as of Sept 2021 RNP is packaged only in Debian unstable (sid), openSUSE tumbleweed (devel/unstable), and FreeBSD 12 & 13. That being the case, I don't think there's any particular rush to implement this yet. We should also keep in mind that there is the RNP patch for disabling some crypto algorithms that are too old to be considered secure anymore. [edit - There's no compiled code on the Thunderbird side (js-ctypes only), so if --with-system-rnp is enabled, json-c, botan, zlib, and bzip2 would not need to be checked.]