Open Bug 1797095 Opened 3 years ago Updated 2 years ago

Tier 2 build/tests for Thunderbird w/ OpenSSL-enabled librnp

Categories

(Thunderbird :: Build Config, task)

Product:
Thunderbird
Component:
Build Config
Type:
task

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: rjl, Assigned: rjl)

References

Details

Attachments

(2 files, 1 obsolete file)

WIP: Bug 1797095 - Build openssl libs as tier 2 toolchain. r=dandarnell
48 bytes, text/x-phabricator-request
Details
WIP: Bug 1797095 - Allow setting RPATH in librnp.so. r=dandarnell
48 bytes, text/x-phabricator-request
Details

From Ronald Tse of Ribose:

RedHat has officially approved RNP in the ROSI program (RedHat for Open Source Infrastructure), so we can make RNP work on RHEL using official RHEL images (production + beta across all platforms).

If Red Hat is going to ship Thunderbird using OpenSSL-enabled librnp on RHEL, it would be helpful to have a tier 2 build and tests using that configuration. Bugs will inevitably be filed.

My thought is to repackage an official build: Remove the RNP binaries, and substitute librnp, rnp-cli, and rnpkeys built against OpenSSL. This minimizes the differences between the tier 1 builds and these new tier 2 builds.

Depending on how this goes, the substituted librnp could come from a Red Hat RPM, or I might have to build it in a separate step. If possible, I'd prefer to use a built version. Those don't appear to be available right now though.

Could do something similar with the "rust-sequoia-octopus-librnp" binary packages as well.

This appears to be the package that RH is evaluating: https://git.remirepo.net/cgit/rpms/lib/rnp.git/

I'll note that only the RHEL8 variant is set to build against OpenSSL; RHEL9 is using Botan.

I have a Docker image based on Rocky Linux 9 (I guess you could call Rocky the new old CentOS?) that builds RNP RPMs using the SPEC file from the above repository, but built against OpenSSL 3.0.1 (the packaged version in RHEL9).

I'll extract librnp.so from that RPM and what I need from the OpenSSL RPMs and make a Thunderbird repack build. It should mostly work; I might need to use patchelf to set RPATHs right.

Change of plans... Bug 1799123 came into the picture, which adds support for using OpenSSL directly when building Thunderbird.

Now, this bug will be implemented something like:

  • toolchain build OpenSSL 1.1.1s
  • toolchain build OpenSSL 3.0.7
  • Thunderbird build for each of those versions with tests

Originally the goal was to test against Red Hat OpenSSL/RNP, but this is better as tests will run against generic OpenSSL and will be more applicable to other Linux distributions.

Assignee: nobody → rob
Status: NEW → ASSIGNED
Depends on: 1799123

The RPATH isn't needed usually. However, for the tier 2 tests with librnp
built against OpenSSL, it is helpful in order to load the intended libssl.so
library at runtime.

It is only usable by exporting an environment variable prior to running
mach configure. That's intentional. If other use cases come up, it can be
turned into a proper configure option.

Depends on D161805

Attachment #9302860 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: