Linux HOWTOs

About | Home | Search


ERROR: Slooooow dooooown... this page load was delayed.

HOWTO: gnupg
Description: GNU Privacy Guard
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# GnuPG
# =====
# There are two versions of GnuPG below.  The latest 1.x and the latest
# 2.x  They can both be installed at the same time.  The GnuPG v2.x
# binary is named 'gpg2'.

# Versions of GnuPG 1.x included in Slackware packages:
# Slackware 13.37: gnupg 1.4.11
# Slackware 14.0: gnupg 1.4.12
# Slackware 14.1: gnupg 1.4.15
# Slackware 14.2: gnupg 1.4.20

# Versions of GnuPG 2.x included in Slackware packages:
# Slackware 13.37: gnupg2 2.0.17
# Slackware 14.0: gnupg2 2.0.19
# Slackware 14.1: gnupg2 2.0.22
# Slackware 14.2: gnupg2 2.0.30

# If you have trouble downloading it with the URL below, try one of these:
# http://www.gnupg.org/download/mirrors.html
# https://gnupg.org/ftp/gcrypt/gnupg/
# ftp://ftp.gnupg.org/gcrypt/gnupg/

# Older versions had differently named files:
test -f ~/.gnupg/options && mv -f ~/.gnupg/options ~/.gnupg/gpg.conf

# If you have a previously installed GnuPG that went into /usr/local, or
# if you just want to clean up files from an old version before installing
# a new one, skip down to the bottom for instructions.


# GnuPG 1.4.21
# ============
# Release announcement

# Prerequisites:
# OpenLDAP's libraries (if you want ldap-based keyserver support)
# zlib
# iconv
# Perl
# sendmail
# gettext
# bison
# readline (optional)
# bzip2 (optional)
# libusb (optional)
# curl (optional; to skip it leave off --with-libcurl below)

# Get it
cd
test -f installed/gnupg-1.4.21.tar.bz2 &&
 mv installed/gnupg-1.4.21.tar.bz2 .
test ! -f gnupg-1.4.21.tar.bz2 &&
 wget https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.21.tar.bz2

# Verify tarball w/ sha1sum:
# (this came from the release announcement & my gpg verified tarball)
echo "e3bdb585026f752ae91360f45c28e76e4a15d338  gnupg-1.4.21.tar.bz2" | \
sha1sum -c

# Verify tarball w/ sha256sum:
# (this came from my gpg verified tarball)
echo "6b47a3100c857dcab3c60e6152e56a997f2c7862c1b8b2b25adf3884a1ae2276  g\
nupg-1.4.21.tar.bz2" | sha256sum -c

# Verify tarball w/ an existing version of gpg:
# [ If you are unable to get the key from a keyserver, go here:
#   https://gnupg.org/signature_key.html ]
( gpg --list-keys 4F25E3B6 > /dev/null 2>&1 || gpg --recv-keys 4F25E3B6 ) &&
 wget https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-1.4.21.tar.bz2.sig &&
  gpg --verify gnupg-1.4.21.tar.bz2.sig && rm gnupg-1.4.21.tar.bz2.sig

# Extract the source
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "gnupg-1.*" -exec rm -r {} \;
tar xjvf ~/gnupg-1.4.21.tar.bz2
cd gnupg-1.4.21
test $UID = 0 && chown -R root:root .

# Configure the build
./configure --prefix=/usr --mandir=/usr/man --disable-nls --with-libcurl

# Build it
make

# Become root to install it
su

# Remove files from old versions
test -x /sbin/removepkg && /sbin/removepkg gnupg
rm -f /usr/libexec/gnupg/gpgkeys_* /usr/local/bin/gpgkeys_*

# Install the new version
make install
chmod u+s /usr/bin/gpg

# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .

# Become yourself again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/gnupg-1.*.tar.*
mv gnupg-1.4.21.tar.bz2 installed/

# If you just upgraded from 1.2.x to 1.4.x for the first time, read through
# doc/highlights-1.4.txt

## Here are some GnuPG 1.x usage examples:

# If you haven't already done so with an older version, create a key (don't
# do this remotely)
gpg --gen-key

# Generate a revocation certificate and store it away somewhere.
# Obviously replace jschmo@foo.org with your actual e-mail address (whatever
# you specified when you created the key).
gpg --gen-revoke jschmo@foo.org

# Export your key to a text file
# Post it to http://pgp.mit.edu/ or slap it on a web page somewhere
gpg --armor --export jschmo@foo.org

# Some people like to put the fingerprint of their key in their signature.
# The fingerprint can verify that the PGP signature you see on a web site
# is real by matching it up with fingerprint in an e-mail from that person
gpg --fingerprint jschmo@foo.org

# Modify the key, to add/remove other e-mail addresses of yours, etc.
gpg --edit-key jschmo@foo.org


# GnuPG 2.0.30
# ============
# Release announcement (incorrect version in subject)

# Prerequisites (beyond those listed above):
# OpenLDAP's libraries (if you want ldap-based keyserver support)
# Perl
# tar
# GPG Error >= 1.11
# libgcrypt >= 1.5.0
# libassuan >= 2.0.0 (with Pth support)
# libksba >= 1.0.7
# libusb (optional)
# coreutils' shred
# GNU Portable Threads Library
# curl (optional; to skip it leave off --with-libcurl below)
# gettext
# iconv
# bison
# zlib
# bzip2 (optional)
# readline (optional)
# PIN Entry (optional)

# Get it
cd
test -f installed/gnupg-2.0.30.tar.bz2 &&
 mv installed/gnupg-2.0.30.tar.bz2 .
test ! -f gnupg-2.0.30.tar.bz2 &&
 wget https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2

# Verify tarball w/ sha1sum:
# (this came from the release announcement and my gpg-verified tarball)
echo "a9f024588c356a55e2fd413574bfb55b2e18794a  gnupg-2.0.30.tar.bz2" | \
sha1sum -c

# Verify tarball w/ sha256sum:
# (this came from my gpg-verified tarball)
echo "e329785a4f366ba5d72c2c678a7e388b0892ac8440c2f4e6810042123c235d71  g\
nupg-2.0.30.tar.bz2" | sha256sum -c

# Verify tarball w/ an older version of gpg:
( gpg --list-keys 4F25E3B6 > /dev/null 2>&1 || gpg --recv-keys 4F25E3B6 ) &&
 wget https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.0.30.tar.bz2.sig &&
  gpg --verify gnupg-2.0.30.tar.bz2.sig && rm gnupg-2.0.30.tar.bz2.sig

# Extract the source
mkdir -p -m 0700 src
cd src
find -maxdepth 1 -type d -name "gnupg-2.*" -exec rm -r {} \;
tar xjvf ~/gnupg-2.0.30.tar.bz2
cd gnupg-2.0.30
test $UID = 0 && chown -R root:root .

# Configure the build
./configure --prefix=/usr --docdir=/usr/doc/gnupg --mandir=/usr/man \
--disable-nls --with-libcurl

# Build it
make

# Become root to install it
su

# Remove the Slackware package, if there is one
test -x /sbin/removepkg && /sbin/removepkg gnupg2

# Install the new version
make install

# Become yourself again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/gnupg-2.*.tar.*
mv gnupg-2.0.30.tar.bz2 installed/

# If you just upgraded from 1.2.x to 1.4.x for the first time, read through
# doc/highlights-1.4.txt


# If you ever want to uninstall GnuPG 1.x, this should do it:
cd
su
test -d src/gnupg-1.* && ( cd src/gnupg-1.* ; make uninstall )
for pfx in /usr /usr/local;
do
  ( cd ${pfx}/bin ; rm -f gpg gpg-zip gpgsplit gpgv )
  ( cd ${pfx}/info ; rm -f gpg.info gpgv.info )
  test -d ${pfx}/libexec/gnupg && rm -r ${pfx}/libexec/gnupg
  ( cd ${pfx}/man/man1 ; rm -f gpg.1 gpg-zip.1 gpgv.1 )
  rm -f ${pfx}/man/man7/gnupg.7
  test -d ${pfx}/share/gnupg && rm -r ${pfx}/share/gnupg
  find ${pfx}/share/locale -type f -name "gnupg.mo" -exec rm {} \; \
   2> /dev/null
  rm -f ${pfx}/share/info/gnupg1.info
done
exit
find ~/src -maxdepth 1 -type d -name "gnupg-1.*" -exec rm -r {} \;
rm -f ~/installed/gnupg-1.*.tar.*


# If you ever want to uninstall GnuPG 2.x, this should do it:
cd
su
test -d src/gnupg-2.* && ( cd src/gnupg-2.* ; make uninstall )
for pfx in /usr /usr/local;
do
  ( cd ${pfx}/bin ; rm -f gpg-agent gpg-connect-agent gpg2 gpgconf \
    gpgkey2ssh gpgparsemail gpgsm gpgsm-gencert.sh gpgv2 kbxutil scdaemon \
    watchgnupg )
  ( cd ${pfx}/libexec ; rm -f gnupg-pcsc-wrapper gpg-preset-passphrase \
    gpg-protect-tool gpg2keys_curl gpg2keys_finger gpg2keys_hkp \
    gpg2keys_ldap scdaemon )
  ( cd ${pfx}/man/man1 ; rm -f gpg-agent.1 gpg-connect-agent.1 \
    gpg-preset-passphrase.1 gpg2.1 gpgconf.1 gpgparsemail.1 \
    gpgsm-gencert.sh.1 gpgsm.1 gpgv2.1 scdaemon.1 symcryptrun.1 \
    watchgnupg.1 )
  ( cd ${pfx}/man/man8 ; rm -f addgnupghome.8 applygnupgdefaults.8 )
  ( cd ${pfx}/share/man/man1 ; rm -f gpg-agent.1 gpg-connect-agent.1 \
    gpg-preset-passphrase.1 gpg2.1 gpgconf.1 gpgparsemail.1 \
    gpgsm-gencert.sh.1 gpgsm.1 gpgv2.1 scdaemon.1 symcryptrun.1 \
    watchgnupg.1 )
  ( cd ${pfx}/share/man/man8 ; rm -f addgnupghome.8 applygnupgdefaults.8 )
  ( cd ${pfx}/sbin ; rm -f addgnupghome applygnupgdefaults )
  test -d ${pfx}/share/gnupg && rm -r ${pfx}/share/gnupg
  rm -f ${pfx}/share/info/gnupg.info
done
exit
find ~/src -maxdepth 1 -type d -name "gnupg-2.*" -exec rm -r {} \;
rm -f ~/installed/gnupg-2.*.tar.*

Back to the list


Last updated: Tue, 07 Aug 2018 12:06:17 -0400
Jason Englander <jason at englanders dot us>