Enigmail pEp/Build Enigmail

Enigmail 2 build/install instructions

These instructions will eventually cover various Linux distributions, and currently work on OpenSUSE 42.2. Debian 9 is in the works.

See also: https://dev.pep.foundation/Packaged versions of dependencies on various platforms

Update ~/.hgrc of your build user, to include the necessary fingerprints for checking out code. Account configuration is not needed for just checking out. See: /DevOps/Admin Commons

Install the cacert certificates in your system, to check out code from cacert.pep.foundation:


apt install -y ca-cacert


zypper install ca-certificates-cacert

If you create a separate user account for compilation (to not mess up anything in your current account) the following command is suggested:


adduser --gecos "Build" build



All code repositories will be checked out to ~/code in these instructions.

Build the PEP Engine

The pEp Engine repository contains build instructions in the doc directory. Those instructions have been tested on Debian 9. The below instructions were written for OpenSUSE, but with the “old” engine build system (before the make files were refactored). The instructions are useful for the OpenSUSE-specific parts of the build process, but anything engine-specific is probably outdated now.

Install the basics.

zypper install mercurial python
mkdir ~/code
mkdir ~/code/yml2
hg clone https://cacert.pep.foundation/dev/repos/yml2/ ~/code/yml2
zypper install -t pattern devel_basis
zypper install git
mkdir ~/code/libetpan
git clone https://github.com/fdik/libetpan ~/code/libetpan
cd ~/code/libetpan
./autogen.sh --prefix="$HOME"
make install
zypper install python-lxml libuuid-devel libgpgme-devel sqlite3

OpenSUSE (as asn1c is not packaged):

mkdir ~/code/asn1c
git clone git://github.com/vlm/asn1c.git ~/code/asn1c
cd ~/code/asn1c
# Check out the latest release (git tag) here
autoreconf -iv
./configure --prefix="$HOME"
make install
mkdir ~/code/pep-engine
hg clone https://cacert.pep.foundation/dev/repos/pEpEngine/ ~/code/pep-engine
cd ~/code/pep-engine



OpenSUSE only (because libs go in ~/lib64, but the build system expects ~/lib):

pushd ~
ln -s lib64 lib

As root:

mkdir -p /usr/local/share/pEp
touch /usr/local/share/pEp/system.db
chmod 777 /usr/local/share/pEp/system.db

Don’t do this on a production system. Making system.db world-writable is not smart, this is just for testing.

make all
make install
make db
make -C db install # This works, if the user can write /usr/local/share/pEp


See documentation in the source distribution for testing.

Build the PEP JSON Server Adapter

mkdir ~/code/pep-json-server-adapter
hg clone https://cacert.pep.foundation/dev/repos/pEpJSONServerAdapter/ ~/code/pep-json-server-adapter
cd ~/code/pep-json-server-adapter/libevent-2.0.22-stable
./configure --prefix="$HOME" --disable-openssl

Optionally, run tests:

make verify
make install


apt install -y libboost1.62-dev libboost-system1.62-dev libboost-filesystem1.62-dev libboost-program-options1.62-dev libboost-thread1.62-dev


apt install -y libboost1.58-dev libboost-system1.58-dev libboost-filesystem1.58-dev libboost-program-options1.58-dev libboost-thread1.58-dev


zypper install boost_1_61-devel 
cd ~/code/pep-json-server-adapter/server/

If you want to forgo using “LD_LIBRARY_PATH” when running the server later on, edit Makefile, and add the option:


to the LDFLAGS variable.

Also, if the pEpEngine is in a different location than the one make expects, you will have to adjust the following line in Makefile:

	$(CXX) $(CXXFLAGS)  -o $@ $^ ../../pEpEngine/asn.1/libasn1.a  $(LDFLAGS)

On Debian, if make returns the error /usr/bin/ld: cannot find -lgpgme-pthread, change -lgpgme-pthread in the Makefile to -lgpgme.


Now, optionally, the server’s test can be run:

# LD_LIBRARY_PATH="$HOME/lib" ./servertest

The server is started like this:

# LD_LIBRARY_PATH="$HOME/lib" ./pep-json-server

Build Enigmail


apt install -y perl zip
mkdir /usr/lib/enigmail
chmod 777 /usr/lib/enigmail # Only do this on dev machines, not a good idea for production!
chmod 777 /usr/lib/thunderbird/extensions # Only do this on dev machines, not a good idea for production!


apt install -y perl zip

Instructions on how to install Enigmail system-wide are not included. The directories are not the same as on Debian.


zypper install -y perl zip
mkdir /usr/lib/enigmail
chmod 777 /usr/lib/enigmail # Only do this on dev machines, not a good idea for production!
chmod 777 /usr/lib64/thunderbird/extensions # Only do this on dev machines, not a good idea for production!
mkdir ~/code/enigmail
git clone https://git.code.sf.net/p/enigmail/source ~/code/enigmail
cd ~/code/enigmail

For a system-wide installation (Debian/OpenSUSE only):

unzip build/enigmail-2.0.xpi -d /usr/lib/enigmail/


ln -s '../../enigmail' '/usr/lib/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}'


ln -s '../../../lib/enigmail' '/usr/lib64/thunderbird/extensions/{847b3a00-7ab1-11d4-8f02-006008948af5}'

Testing Enigmail on Linux

Important: Ensure that the pep-json-server binary is found by Enigmail (by symlinking it from ~/bin, for example). Currently, Enigmail will call the pEp installer stub when the binary is not found. This is the case even when the adapter was started manually, instead of letting Enigmail do it.

For a clean test setup, the following procedure is suggested:

  • Without having Enigmail installed, create a basic thunderbird profile, that is: start thunderbird, and configure an email account.
  • Install the Enigmail addon, and close Thunderbird (but do not restart it).
  • Back up the thunderbird profile, to be able to restore it for future test runs easily: cd ~/.thunderbird; cp -r *.default default.bak.
  • When restoring the profile, you can pick an arbitrary name, but then need to adjust the default profile name in the ini file in ~/.thunderbird.
  • Reset the state of GPG: rm -r ~/.gnupg (Don’t do this for a user account that has useful things in your GPG state!).
  • Reset the state of pEp with rm -r ~/.pEp_management.db.
  • For GPG > 2.0 tests, the agent also has to be restarted. Darthmama suggest rebooting the machine, as gpg-agent is hard to kill properly.

Now, install enigmail and perform your tests.