Create Fedora package for rnp/librnp

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird

https://www.rnpgp.org

Other

198 stars 55 forks source link

Create Fedora package for rnp/librnp #1926

Open ronaldtse opened 1 year ago

ronaldtse commented 1 year ago

The goal is to make the following RPMs available in Fedora:

rnp
librnp
librnp-devel

Steps:

Upload the corresponding SRPM (from our CMake process) and the .spec file to our GitHub Releases page
Create the Fedora Bugzilla ticket https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&format=fedora-review
Complete the steps at https://docs.fedoraproject.org/en-US/package-maintainers/New_Package_Process_for_Existing_Contributors/

Since @ribose-jeffreylau is a Fedora Package Maintainer, could you please help proceed with this issue? Thanks!

remicollet commented 1 year ago

Can probably help

See https://git.remirepo.net/cgit/rpms/lib/rnp.git/tree/rnp.spec

I'm also a Fedora packager (mostly interested in PHP stack)

Main question, for now, is about which backend to use (botan-2 is too old in EPEL-8, OpenSSL is a core package for Enterprise distro)

ribose-jeffreylau commented 1 year ago

Hi @remicollet , thanks for lending a hand! The rnp.spec you provided looks much cleaner than the one I have on hand, so I'm very glad.

I can see that there is already provision for conditionally using either botan or OpenSSL in the RPM spec. I guess it makes sense to use OpenSSL in EPEL-8, and botan everywhere else, like what you already have.

remicollet commented 1 year ago

Submitted for review https://bugzilla.redhat.com/show_bug.cgi?id=2138353

ni4 commented 1 year ago

Hi @remicollet!

Main question, for now, is about which backend to use (botan-2 is too old in EPEL-8, OpenSSL is a core package for Enterprise distro)

OpenSSL backend should work fine with both OpenSSL 1.1.1 and 3.0. We have bunch of CI runners checking it, and tested locally of course as well.

bkmgit commented 1 year ago

Thanks for providing this. Maybe a comment can be added in the README or LICENSE-OCB.md that the patents have expired?

remicollet commented 1 year ago

@bkmgit Patent and License are really 2 different things ;)

@nik4 question is not about OpenSSL working, but if it should be preferred everywhere (even where Botan is available). Especially on RHEL where OpenSSL is part of the distro, when Botan is not (only in the community EPEL repo)

ni4 commented 1 year ago

@Nik4 question is not about OpenSSL working, but if it should be preferred everywhere (even where Botan is available). Especially on RHEL where OpenSSL is part of the distro, when Botan is not (only in the community EPEL repo)

@remicollet sorry, somehow missed this comment. Botan has more algorithms 'out of the box' than OpenSSL, and less variations between systems. From what we have now:

OpenSSL doesn't have and will not have Twofish support (not much loss as most are stick to AES)
AEAD cipher mode support for OpenSSL backend is not implemented yet in RNP (but is planned to be)
different installations (builds?) of OpenSSL may or may not have support for IDEA algo (not much loss as well, used only by quite old stuff), Brainpool curves, SM2-SM3-SM4 algos (not used in the base OpenPGP specification).

So, i'd suggest to stick to the strategy 'If there is a system Botan, use it, if not - fall back to the OpenSSL backend'