Enigmail pEp/Build Enigmail

Enigmail 2 build/install instructions

These instructions will eventually cover various Linux distributions, and currently work on OpenSUSE 42.2. Debian 9 is in the works.

See also: https://dev.pep.foundation/Packaged versions of dependencies on various platforms

Update ~/.hgrc of your build user, to include the necessary fingerprints for checking out code. Account configuration is not needed for just checking out. See: /DevOps/Admin Commons

Install the cacert certificates in your system, to check out code from cacert.pep.foundation:

Debian/Ubuntu:

apt install -y ca-cacert

openSUSE:

zypper install ca-certificates-cacert

If you create a separate user account for compilation (to not mess up anything in your current account) the following command is suggested:

Debian/Ubuntu:

adduser --gecos "Build" build

openSUSE:

???

All code repositories will be checked out to ~/code in these instructions.

Build the PEP Engine

The pEp Engine repository contains build instructions in the doc directory. Those instructions have been tested on Debian 9. The below instructions were written for OpenSUSE, but with the “old” engine build system (before the make files were refactored). The instructions are useful for the OpenSUSE-specific parts of the build process, but anything engine-specific is probably outdated now.

Install the basics.

zypper install mercurial python
mkdir ~/code
mkdir ~/code/yml2
hg clone https://cacert.pep.foundation/dev/repos/yml2/ ~/code/yml2
zypper install -t pattern devel_basis
zypper install git
mkdir ~/code/libetpan
git clone https://github.com/fdik/libetpan ~/code/libetpan
cd ~/code/libetpan
./autogen.sh --prefix="$HOME"
make
make install
zypper install python-lxml libuuid-devel libgpgme-devel sqlite3

OpenSUSE (as asn1c is not packaged):

mkdir ~/code/asn1c
git clone git://github.com/vlm/asn1c.git ~/code/asn1c
cd ~/code/asn1c
# Check out the latest release (git tag) here
autoreconf -iv
./configure --prefix="$HOME"
make
make install
mkdir ~/code/pep-engine
hg clone https://cacert.pep.foundation/dev/repos/pEpEngine/ ~/code/pep-engine
cd ~/code/pep-engine

Makefile.conf:

YML2PROC=$(HOME)/code/yml2/yml2proc
YML_PATH=$(HOME)/code/yml2
ASN1C_INCLUDE=$(HOME)/share/asn1c

OpenSUSE only (because libs go in ~/lib64, but the build system expects ~/lib):

pushd ~
ln -s lib64 lib
popd

As root:

mkdir -p /usr/local/share/pEp
touch /usr/local/share/pEp/system.db
chmod 777 /usr/local/share/pEp/system.db

Don’t do this on a production system. Making system.db world-writable is not smart, this is just for testing.

make all
make install
make db
make -C db install # This works, if the user can write /usr/local/share/pEp

Test

See documentation in the source distribution for testing.

Build the PEP JSON Server Adapter

mkdir ~/code/pep-json-server-adapter
hg clone https://cacert.pep.foundation/dev/repos/pEpJSONServerAdapter/ ~/code/pep-json-server-adapter
cd ~/code/pep-json-server-adapter/libevent-2.0.22-stable
./configure --prefix="$HOME" --disable-openssl
make

Optionally, run tests:

make verify
make install

Debian:

apt install -y libboost1.62-dev libboost-system1.62-dev libboost-filesystem1.62-dev libboost-program-options1.62-dev libboost-thread1.62-dev

Ubuntu:

apt install -y libboost1.58-dev libboost-system1.58-dev libboost-filesystem1.58-dev libboost-program-options1.58-dev libboost-thread1.58-dev

openSUSE:

zypper install boost_1_61-devel 
cd ~/code/pep-json-server-adapter/server/

If you want to forgo using “LD_LIBRARY_PATH” when running the server later on, edit Makefile, and add the option:

-Wl,-rpath,"$(HOME)/lib"

to the LDFLAGS variable.

Also, if the pEpEngine is in a different location than the one make expects, you will have to adjust the following line in Makefile:

	$(CXX) $(CXXFLAGS)  -o $@ $^ ../../pEpEngine/asn.1/libasn1.a  $(LDFLAGS)

On Debian, if make returns the error /usr/bin/ld: cannot find -lgpgme-pthread, change -lgpgme-pthread in the Makefile to -lgpgme.

make

Now, optionally, the server’s test can be run:

# LD_LIBRARY_PATH="$HOME/lib" ./servertest
./servertest

The server is started like this:

# LD_LIBRARY_PATH="$HOME/lib" ./pep-json-server
./pep-json-server

Build Enigmail

Debian:

apt install -y perl zip
mkdir /usr/lib/enigmail
chmod 777 /usr/lib/enigmail # Only do this on dev machines, not a good idea for production!
chmod 777 /usr/lib/thunderbird/extensions # Only do this on dev machines, not a good idea for production!

Ubuntu:

apt install -y perl zip

Instructions on how to install Enigmail system-wide are not included. The directories are not the same as on Debian.

OpenSUSE:

zypper install -y perl zip
mkdir /usr/lib/enigmail
chmod 777 /usr/lib/enigmail # Only do this on dev machines, not a good idea for production!
chmod 777 /usr/lib64/thunderbird/extensions # Only do this on dev machines, not a good idea for production!
mkdir ~/code/enigmail
git clone https://git.code.sf.net/p/enigmail/source ~/code/enigmail
cd ~/code/enigmail
./configure
make

For a system-wide installation (Debian/OpenSUSE only):

unzip build/enigmail-2.0.xpi -d /usr/lib/enigmail/

Debian:

ln -s '../../enigmail' '/usr/lib/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}'

OpenSUSE:

ln -s '../../../lib/enigmail' '/usr/lib64/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}'

Testing Enigmail on Linux

Important: Ensure that the pep-json-server binary is found by Enigmail (by symlinking it from ~/bin, for example). Currently, Enigmail will call the pEp installer stub when the binary is not found. This is the case even when the adapter was started manually, instead of letting Enigmail do it.

For a clean test setup, the following procedure is suggested:

  • Without having Enigmail installed, create a basic thunderbird profile, that is: start thunderbird, and configure an email account.
  • Install the Enigmail addon, and close Thunderbird (but do not restart it).
  • Back up the thunderbird profile, to be able to restore it for future test runs easily: cd ~/.thunderbird; cp -r *.default default.bak.
  • When restoring the profile, you can pick an arbitrary name, but then need to adjust the default profile name in the ini file in ~/.thunderbird.
  • Reset the state of GPG: rm -r ~/.gnupg (Don’t do this for a user account that has useful things in your GPG state!).
  • Reset the state of pEp with rm -r ~/.pEp_management.db.
  • For GPG > 2.0 tests, the agent also has to be restarted. Darthmama suggest rebooting the machine, as gpg-agent is hard to kill properly.

Now, install enigmail and perform your tests.