# pEp for Thunderbird on Linux (Beta)

Thanks for your interest to test pEp for Thunderbird on Linux! This page is a main point to collect info around pEp for Thunderbird, esp. during our beta phase for Linux. There is also the User Guide about pEp in general and the particular manual for pEp for Thunderbird, additionally this wiki, e.g. the page Concepts gives a broad overview on the pEp’s technology.

## Feedback

We are very happy on feedback; we will distribute what we learn from your feedback on this wikipage.

## How-To install pEp for Thunderbird?

2. Unpack the .zip (temporary location is fine)
3. Double click the install.run
4. Start installation (click button)
5. DONE! Please give us feedback! :)

## Supported operating systems?

#### Get pEp’s key from OpenPGP.org

curl -s https://keys.openpgp.org/vks/v1/by-fingerprint/47E0CAB6389156641942F2795172E549F69ACDF3 > pep.asc

#### Import the public key (one-time procedure)

gpg --import pep.asc

curl -Os https://download.pep.security/pEp4Linux.zip
curl -Os https://download.pep.security/pEp4Linux.zip.sha256.sig

#### Verify the signature file is untampered

gpg --verify pEp4Linux.zip.sha256.sig

#### Verify the checksum matches the archive

shasum -a 256 -c pEp4Linux.zip.sha256

# There is no updater yet?

In this beta version 1.1.107 there is no updater coming with this installation yet. If there is a newer version, you need to update your pEp for Thunderbird manually: The installer also serves as an updater, so just follow the instructions above (double click the install.run).

Please subscribe to our release-announce mailing list: thunderbird-announce-join(at)pep.works. That way you get to know immediately when there is a new version published. Please do that at least temporarily until the automatic updater is included (most likely with the next version).

# Other operating systems?

We recommend to backup or even clone your Thunderbird before you get started. We are collecting notes and known issues about not-officially-supported systems in this wiki, so please let us know!

#### Debian/Ubuntu based: Kubuntu, Xubuntu, Lubuntu, Mint,…

… should just work, too. If not, please give us feedback so we can support!

#### Redhat based systems: Fedora, Qubes OS, older CentOS systems,…

… should just work, too. If not, please give us feedback so we can support!

#### CentOS 7

On CentOS 7, systemd user services are intentionally disabled [CentOS website)(https://bugs.centos.org/view.php?id=8767). It is still possible to set up pEp using XDG autostart, but the installer will not attempt that due to being on a systemd-based system. We can provide a modified installer on request.

#### Arch based systems: Arch, Manjaro,…

… should just work, too. If not, please give us feedback so we can support!

#### Without systemd: Devuan (Debian based), Artix (Arch based), PCLinuxOS (Redhat based),…

Technically supported, but not tested. If you are running into problems let us know! Here are some notes what we already learned: (TBD)

# Known issues

There are few known issues, some of which we already addressed for a new release:

• Some weirdly formatted emails (e.g. happening with some spam mails) will create a crash when you click on them. (Workaround: Don’t click on them ;) or delete such email from your Thunderbird when it appears). This will be fixed in the next release. If you happen to run into such, it would be great if you can provide us the crashlogs and other info (see below), so that we can check if it’s the same issue.
• Too many passphrase prompts: This will be improved in the next release.
• Some keys are rejected as “unsecure”, like 1024 bit keys. Some (like ElGamal) are passing that check, but sending an email will be still aborted without a suitable message. This will be addressed in a future release.

# Trouble Shooting

Please let us know if you have any issues! (See feedback)

#### The installer does not work!

The installer puts an install log in the same folder where you had double clicked the install.run. Please send us this log together with information about your setup, system, Thunderbird version, etc to support@pep.security.

#### The installer does not start at all!

Please right-click and “execute” or “open with… terminal”. Still does not start? Some systems won’t allow to execute from particlar folders, e.g. if you unzip in ~/Downloads on Debian, nothing would happen - please unzip in ~/tmp instead!

#### What is happening during installation? I want to modify this!

The installer simply executes two shell scripts in the hidden .Setup/ folder in the installer bundle. You can tweak these files yourself to work for your system.

Effectively, the install process simply places a few files in your home directory:

~/.local/bin/pEp-mini-json-adapter
~/.local/share/pEp/system.db
~/.config/autostart/pEp-mini-json-adapter.desktop

Of the systemd and autostart files, you only need one, to automatically start the pEp adapter on login. You can also use other methods for that (e.g. .xinitrc). The -wrapper and -cleanup scripts manage log files created by this beta release, and are not strictly required for pEp to work.

The second part of the install process imports existing keys from Enigmail and installs the .xpi file with the Thunderbird Addon into your Thunderbird profile. This is implemented in Python (you will find the code in .Setup/) but can also be done manually using the Thunderbird UI.

#### My system is not supported!

In most cases that should work, see section on other systems. If your system is not listed there, please give us feedback. We recommend to backup your data or even clone your Thunderbird to have a playground.

#### I’ve got a crash, how to report?

First, die the installer run successfully? If you got an “Install failed” message, please send us the pEp_install.log file that you will find next to the installer, and report the distribution and version that you are using.

If the install succeeded but pEp does not work in Thunderbird (“Adapter is not running” dialogs, pEp menus not available etc.), please also report pEp_install.log.

If the installation succeeded, and pEp worked for a while, but you suddenly get “Adapter is not running” dialogs, you discovered an pEp Adapter crash. The binaries we distribute come with full debugging enabled, so you can make a crash report that helps us fix those bugs.

First, check the .pEp/core/ directory in your home folder. You should find log files for each start of the adapter there. Since the adapter automatically restarts after a crash, the useful log will typically be in the second-to-last folder there. Depending on your system configuration, you may also find a core file there. If yes, you can simply send the relevant folder to us. If not, coredumps are probably handled by systemd on your system. Use coredumpctl dump > dump.core to extract the last coredump (and validate it is actually the pEp-mini-json-adapter that crashed), and include this file, along with the log, in your report.

Caution: Coredump files may contain private information, such as the last emails you read using pEp. Do not share coredumps if you are not comfortable with disclosing such information.

While the pEp adapter automatically recovers after a crash, Thunderbird does not detect this automatically. You may need to close and restart Thunderbird after a crash to continue your work.

#### Debugging yourself

Now that you have a coredump file, you can also open it in a debugger yourself:

gdb ~/.local/bin/pEp-mini-json-adapter --core dump.core
...
> bt

Reporting the stacktrace only is less helpful to us, but easier to review for privacy. If you want to inspect the relevant source code, you can find the pEp code included in the adapter here: gitea.pep.foundation/pEp.foundation

#### Something weird is happening in Thunderbird while using pEp for Thunderbird

In the config editor about:config (Edit > Preferences, General, at the very bottom) set the preference extensions.pEp.logLevel to 2 or 3. We observed that a value 3 might cause Thunderbird not to start any more. That’s also fixed in the next release, so use 2 for the time being. Then in the error console (Tools > Developer Tools > Error Console) copy/paste the content into a file and provide that file to us.

# Other notes

#### Backup

Back-up before you start (should be done regularly anyway). Esp. backup your Thunderbird profiles /home/(username)/.thunderbird/) and your GnuPG (/home/(username)/.gnupg/) (or check if you rather wanna clone your Thunderbird to have a playground.

#### Clone Thunderbird to have a playground

We recommend this if your system is not officially supported:

Thunderbird’s concept of profiles gives you the opportunity to actually “clone” your current Thunderbird profile in total to generate a safe “playground” to test if pEp for Thunderbird is properly working on your system. The easiest way to do this is the following:

1. Go to your ~/.thunderbird folder
2. Copy your default profile, usually it is the one with the most recent changes, named something like “asdfghjkl.default”
3. Rename the copy, e.g. to “asdfghjkl.clone”
4. Edit the profiles.ini adding the “asdfghjkl.clone”.
5. Restart Thunderbird with the option -P - Thunderbird will now first ask which profile shall be used.

Note: Using the profile manager, you can administer various profiles. Please note that Thunderbird will of course only modify that profile you are using at the time, for example, if you make changes to preferences, the address book or install add-ons. If you download e-mail via POP3, it will only be stored in the current profile. In this case you should configure Thunderbird to leave a copy on the server, so you can download it again into your production profile.

[Profile1]
Path=asdfghjkl.clone