rnp icon indicating copy to clipboard operation
rnp copied to clipboard

Published 20 hours ago verified publisher icon rnpgp

Create Fedora package for rnp/librnp

Open ronaldtse opened this issue 2 years ago • 7 comments

The goal is to make the following RPMs available in Fedora:

  • rnp
  • librnp
  • librnp-devel

Steps:

  1. Upload the corresponding SRPM (from our CMake process) and the .spec file to our GitHub Releases page
  2. Create the Fedora Bugzilla ticket https://bugzilla.redhat.com/bugzilla/enter_bug.cgi?product=Fedora&format=fedora-review
  3. Complete the steps at https://docs.fedoraproject.org/en-US/package-maintainers/New_Package_Process_for_Existing_Contributors/

Since @ribose-jeffreylau is a Fedora Package Maintainer, could you please help proceed with this issue? Thanks!

ronaldtse avatar Oct 25 '22 04:10 ronaldtse

Can probably help

See https://git.remirepo.net/cgit/rpms/lib/rnp.git/tree/rnp.spec

I'm also a Fedora packager (mostly interested in PHP stack)

Main question, for now, is about which backend to use (botan-2 is too old in EPEL-8, OpenSSL is a core package for Enterprise distro)

remicollet avatar Oct 28 '22 08:10 remicollet

Hi @remicollet , thanks for lending a hand! The rnp.spec you provided looks much cleaner than the one I have on hand, so I'm very glad.

I can see that there is already provision for conditionally using either botan or OpenSSL in the RPM spec. I guess it makes sense to use OpenSSL in EPEL-8, and botan everywhere else, like what you already have.

ribose-jeffreylau avatar Oct 28 '22 09:10 ribose-jeffreylau

Submitted for review https://bugzilla.redhat.com/show_bug.cgi?id=2138353

remicollet avatar Oct 28 '22 09:10 remicollet

Hi @remicollet!

Main question, for now, is about which backend to use (botan-2 is too old in EPEL-8, OpenSSL is a core package for Enterprise distro)

OpenSSL backend should work fine with both OpenSSL 1.1.1 and 3.0. We have bunch of CI runners checking it, and tested locally of course as well.

ni4 avatar Oct 28 '22 09:10 ni4

Thanks for providing this. Maybe a comment can be added in the README or LICENSE-OCB.md that the patents have expired?

bkmgit avatar Nov 02 '22 07:11 bkmgit

@bkmgit Patent and License are really 2 different things ;)

@nik4 question is not about OpenSSL working, but if it should be preferred everywhere (even where Botan is available). Especially on RHEL where OpenSSL is part of the distro, when Botan is not (only in the community EPEL repo)

remicollet avatar Nov 02 '22 10:11 remicollet

@Nik4 question is not about OpenSSL working, but if it should be preferred everywhere (even where Botan is available). Especially on RHEL where OpenSSL is part of the distro, when Botan is not (only in the community EPEL repo)

@remicollet sorry, somehow missed this comment. Botan has more algorithms 'out of the box' than OpenSSL, and less variations between systems. From what we have now:

  • OpenSSL doesn't have and will not have Twofish support (not much loss as most are stick to AES)
  • AEAD cipher mode support for OpenSSL backend is not implemented yet in RNP (but is planned to be)
  • different installations (builds?) of OpenSSL may or may not have support for IDEA algo (not much loss as well, used only by quite old stuff), Brainpool curves, SM2-SM3-SM4 algos (not used in the base OpenPGP specification).

So, i'd suggest to stick to the strategy 'If there is a system Botan, use it, if not - fall back to the OpenSSL backend'

ni4 avatar Nov 06 '22 10:11 ni4