Re: Complete Ubuntu compile of GnuPG

2017-12-12 Thread Szczepan Zalega | Nitrokey 
On 11/25/2017 01:40 PM, murphy wrote:
> Yes, the permissions and gpg-agent.conf creation is a problem I would
> like to find an easy way around.  As it turns out a fresh install of
> ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed.  That,
> plus the fact that libgnutls28-dev also installs a bunch of stuff on my
> bash file means I can reduce it to:
> 

Hi!

I have scripted an Ubuntu 17.10 docker container recently for building
any GnuPG version and it is available at [1]. More details at [2].

Once built, it runs `gpg --card-edit` by default, but with [3] one can
run any command.

For building desired GnuPG version use (details at [4]):
```
bash docker-build.sh --build-arg GPG_VERSION=2.2.3
```

[1] https://github.com/Nitrokey/gpg-docker
[2] https://github.com/Nitrokey/gpg-docker/wiki
[3] docker-run-command.sh
[4] https://docs.docker.com/engine/reference/builder/#using-arg-variables

-- 
Best regards,
Szczepan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Complete Ubuntu compile of GnuPG

2017-11-25 Thread murphy 
Yes, the permissions and gpg-agent.conf creation is a problem I would
like to find an easy way around.  As it turns out a fresh install of
ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed.  That,
plus the fact that libgnutls28-dev also installs a bunch of stuff on my
bash file means I can reduce it to:


cd ~/Downloads
version=gnupg-2.2.3
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig
tar xf $version.tar.bz2
cd $version
sudo apt-get update
sudo apt-get install -y libldap2-dev
sudo apt-get install -y gtk+-2
sudo apt-get install -y rng-tools
sudo apt-get install -y libbz2-dev
sudo apt-get install -y libgnutls28-dev
sudo apt-get install -y libsqlite3-dev
sudo apt-get install -y libreadline-dev
sudo apt-get install -y pcscd scdaemon
sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local
speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools
--with-pinentry-pgm=/usr/bin/pinentry-gnome3' native
sudo ldconfig


Of course the line "sudo make -f ... native" is all one line.  This
enables pinentry-gnome3 without having to do a separate creation of
gpg-agent.conf and the whole issue of permissions is avoided.  I would
like to thank Werner, Robert, and Phil for the very helpful suggestions.


murphy


On 11/25/2017 04:02 AM, Dmitry Gudkov wrote:
>
> hi murphy,
>
>
> i dare suggest adding this command after creating gpg-agent.conf file:
>
>
> *chmod 600 agp-agent.conf*
>
>
> i came across an old thread on gnupg 2.xxx where its said that .gnupg
> directory must have 700 and all files inside this directory 600
> permissions
>
>
> cheers
>
> Dmitry
>
>



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Complete Ubuntu compile of GnuPG

2017-11-23 Thread murphy 
Thanks to all for suggestions.  For a complete compile on a fresh
install of Ubuntu, I managed to get the bash file down to a minimum of:

cd ~/Downloads
version=gnupg-2.2.3
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig
tar xf $version.tar.bz2
cd $version
sudo apt-get update
sudo apt-get install -y libldap2-dev
sudo apt-get install -y gtk+-2
sudo apt-get install -y rng-tools
sudo apt-get install -y libbz2-dev
sudo apt-get install -y zlib1g-dev
sudo apt-get install -y libgnutls28-dev
sudo apt-get install -y libsqlite3-dev
sudo apt-get install -y libreadline-dev
sudo apt-get install -y pinentry-gtk2
sudo apt-get install -y pcscd scdaemon
sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local \
  speedo_pkg_gnupg_configure='--enable-g13 \
  --enable-wks-tools' native
sudo ldconfig

Without the libgnutls28-dev install Ubuntu is without a suitable
compiler or even the make command.  This installs make, gcc+-7 and
probably lots of unnecessary stuff but at least it is a one-liner.  For
the Yubikey smart card the Ubuntu package scdaemon seems to be required
as gpg --card-edit complains and fails if it is not included in the
ubuntu installation list.  This bash file has the advantage of using
only Ubuntu packages and speedo, so the only update change needed is
changing a single digit in version=gnupg-2.2.3 for the near future
upgrades.  No unnecessary repeat compiles are done since pinentry is a
package, although it is necessary to include the configuration file at
least once:

nano ~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-gtk-2

or the pinentry version of your choice (-gnome3, -qt, -tty, -x11,
-curses packages are all available for install and configure).

I'm sure this can be improved upon and I am eager to see if it can be
made even smaller and faster while keeping the convenience of changing a
single digit and renaming gpg223.sh to gpg224.sh.

Thanks - murphy



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-11-22 Thread Dmitry Gudkov 
Dear Werner,

Could you give me (a gnupg newbie) clear instructions to compile the latest 
version for Ubuntu 16.04.3?
I’m running it as a VM in VirtualBox on my Mac.

Also I need you advice on my keys. Now I have rsa2048 but want to switch to 
rsa4096. What’s the best way of doing? Migrate or delete & create a new one? On 
the other hand I’ve noticed you have rsa2048. Maybe just keep rsa2048?

P.S. I have been happily using GnuPG 2.1.22 on my Mac, which I installed as 
binary. Now it’s time to move on with building my own like a pro) on Linux

Danke
Dmitry

22.11.2017, 12:31 пользователь "Gnupg-users от имени Werner Koch" 
 написал:

On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said:

> sudo apt-get install -y libgmp-dev
> sudo apt-get install -y nettle-dev
> sudo apt-get install -y libgnutls28-dev

These are also not needed because the speedo Makefile will download and
use ntbtls instead.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org

https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users=02%7C01%7Cbereska%40hotmail.com%7C63437d0ef6f64667f31808d5318bc7e9%7C84df9e7fe9f640afb435%7C1%7C0%7C636469398771031091=RLHdOolYXmecqfk4ME6mEmRGgtLKlDhSC9%2FvoAngZE8%3D=0



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-11-22 Thread murphy 
Thanks to all for the suggested improvements!!

One think I forgot to mention was to add the configuration:

nano ~/.gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-gtk-2

This is required since pinentry is not compiled from source but
installed as an Ubuntu package.




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-11-22 Thread Werner Koch 
On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said:

> sudo apt-get install -y libgmp-dev
> sudo apt-get install -y nettle-dev
> sudo apt-get install -y libgnutls28-dev

These are also not needed because the speedo Makefile will download and
use ntbtls instead.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpDotj7Kshs2.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-11-22 Thread Werner Koch 
On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said:

> sudo apt-get install -y adns-tools

You should not need this.  

> sudo apt-get install -y pcscd scdaemon

I guess you install scdaemon to get some infrastructure provided by
Ubuntu in their scdameon package.

> Specifically G13 and WKS tools are not supported.  Am I missing some

WKS tools is just the gpg-wks-server which is commonly not needed.  The
gpg-wks-client will be build anyway.  --enable-g13 is too Linux specific
to be enabled by default and is missing all documentation.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpTXbLS1ulRA.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Complete Ubuntu compile of GnuPG

2017-11-21 Thread Robert J. Hansen 
> The bash file works on a fresh install of Ubuntu 16.04, 17.10 and
> Raspbian Stretch (for Raspberry Pi).  Any suggestions for improvements?

Pass --enable-g13 --enable-wks-tools to your make invocation.

make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local \
  speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools' \
  native

Also see https://wiki.gnupg.org/WKS .

Hope this helps!

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Complete Ubuntu compile of GnuPG

2017-11-21 Thread murphy 
My goal is to compile the latest version of GnuPG for Ubuntu.  The
following bash file does pretty well:

cd ~/Downloads
version=gnupg-2.2.3
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2
wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig
tar xf $version.tar.bz2
cd $version
sudo apt-get update
sudo apt-get install -y libldap2-dev
sudo apt-get install -y gtk+-2
sudo apt-get install -y rng-tools
sudo apt-get install -y libbz2-dev
sudo apt-get install -y zlib1g-dev
sudo apt-get install -y libgmp-dev
sudo apt-get install -y nettle-dev
sudo apt-get install -y libgnutls28-dev
sudo apt-get install -y libsqlite3-dev
sudo apt-get install -y adns-tools
sudo apt-get install -y libreadline-dev
sudo apt-get install -y pinentry-gtk2
sudo apt-get install -y pcscd scdaemon
sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local
sudo ldconfig

But there are a couple of no answers I would like to eliminate:

GnuPG v2.2.3 has been configured as follows:

Revision:  97f4fea  (38900)
Platform:  GNU/Linux (x86_64-pc-linux-gnu)

OpenPGP:   yes
S/MIME:    yes
Agent: yes
Smartcard: yes (without internal CCID driver)
G13:   no
Dirmngr:   yes
Gpgtar:    yes
WKS tools: no

Protect tool:  (default)
LDAP wrapper:  (default)
Default agent: (default)
Default pinentry:  (default)
Default scdaemon:  (default)
Default dirmngr:   (default)

Dirmngr auto start:  yes
Readline support:    yes
LDAP support:    yes
TLS support: gnutls
TOFU support:    yes
Tor support: yes

Specifically G13 and WKS tools are not supported.  Am I missing some
dependencies?  Preferably they should be available via 'sudo apt-get
install' since this is checked for in new compiles and not reinstalled.

The bash file works on a fresh install of Ubuntu 16.04, 17.10 and
Raspbian Stretch (for Raspberry Pi).  Any suggestions for improvements?

Murphy



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users