Re: Complete Ubuntu compile of GnuPG
On 11/25/2017 01:40 PM, murphy wrote: > Yes, the permissions and gpg-agent.conf creation is a problem I would > like to find an easy way around. As it turns out a fresh install of > ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed. That, > plus the fact that libgnutls28-dev also installs a bunch of stuff on my > bash file means I can reduce it to: > Hi! I have scripted an Ubuntu 17.10 docker container recently for building any GnuPG version and it is available at [1]. More details at [2]. Once built, it runs `gpg --card-edit` by default, but with [3] one can run any command. For building desired GnuPG version use (details at [4]): ``` bash docker-build.sh --build-arg GPG_VERSION=2.2.3 ``` [1] https://github.com/Nitrokey/gpg-docker [2] https://github.com/Nitrokey/gpg-docker/wiki [3] docker-run-command.sh [4] https://docs.docker.com/engine/reference/builder/#using-arg-variables -- Best regards, Szczepan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
Yes, the permissions and gpg-agent.conf creation is a problem I would like to find an easy way around. As it turns out a fresh install of ubuntu 16.04.3 already has /usr/bin/pinentry-gnome3 installed. That, plus the fact that libgnutls28-dev also installs a bunch of stuff on my bash file means I can reduce it to: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y libreadline-dev sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools --with-pinentry-pgm=/usr/bin/pinentry-gnome3' native sudo ldconfig Of course the line "sudo make -f ... native" is all one line. This enables pinentry-gnome3 without having to do a separate creation of gpg-agent.conf and the whole issue of permissions is avoided. I would like to thank Werner, Robert, and Phil for the very helpful suggestions. murphy On 11/25/2017 04:02 AM, Dmitry Gudkov wrote: > > hi murphy, > > > i dare suggest adding this command after creating gpg-agent.conf file: > > > *chmod 600 agp-agent.conf* > > > i came across an old thread on gnupg 2.xxx where its said that .gnupg > directory must have 700 and all files inside this directory 600 > permissions > > > cheers > > Dmitry > > signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
Thanks to all for suggestions. For a complete compile on a fresh install of Ubuntu, I managed to get the bash file down to a minimum of: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y zlib1g-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y libreadline-dev sudo apt-get install -y pinentry-gtk2 sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local \ speedo_pkg_gnupg_configure='--enable-g13 \ --enable-wks-tools' native sudo ldconfig Without the libgnutls28-dev install Ubuntu is without a suitable compiler or even the make command. This installs make, gcc+-7 and probably lots of unnecessary stuff but at least it is a one-liner. For the Yubikey smart card the Ubuntu package scdaemon seems to be required as gpg --card-edit complains and fails if it is not included in the ubuntu installation list. This bash file has the advantage of using only Ubuntu packages and speedo, so the only update change needed is changing a single digit in version=gnupg-2.2.3 for the near future upgrades. No unnecessary repeat compiles are done since pinentry is a package, although it is necessary to include the configuration file at least once: nano ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-gtk-2 or the pinentry version of your choice (-gnome3, -qt, -tty, -x11, -curses packages are all available for install and configure). I'm sure this can be improved upon and I am eager to see if it can be made even smaller and faster while keeping the convenience of changing a single digit and renaming gpg223.sh to gpg224.sh. Thanks - murphy signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
Dear Werner, Could you give me (a gnupg newbie) clear instructions to compile the latest version for Ubuntu 16.04.3? I’m running it as a VM in VirtualBox on my Mac. Also I need you advice on my keys. Now I have rsa2048 but want to switch to rsa4096. What’s the best way of doing? Migrate or delete & create a new one? On the other hand I’ve noticed you have rsa2048. Maybe just keep rsa2048? P.S. I have been happily using GnuPG 2.1.22 on my Mac, which I installed as binary. Now it’s time to move on with building my own like a pro) on Linux Danke Dmitry 22.11.2017, 12:31 пользователь "Gnupg-users от имени Werner Koch"написал: On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said: > sudo apt-get install -y libgmp-dev > sudo apt-get install -y nettle-dev > sudo apt-get install -y libgnutls28-dev These are also not needed because the speedo Makefile will download and use ntbtls instead. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.gnupg.org%2Fmailman%2Flistinfo%2Fgnupg-users=02%7C01%7Cbereska%40hotmail.com%7C63437d0ef6f64667f31808d5318bc7e9%7C84df9e7fe9f640afb435%7C1%7C0%7C636469398771031091=RLHdOolYXmecqfk4ME6mEmRGgtLKlDhSC9%2FvoAngZE8%3D=0 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
Thanks to all for the suggested improvements!! One think I forgot to mention was to add the configuration: nano ~/.gnupg/gpg-agent.conf pinentry-program /usr/bin/pinentry-gtk-2 This is required since pinentry is not compiled from source but installed as an Ubuntu package. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said: > sudo apt-get install -y libgmp-dev > sudo apt-get install -y nettle-dev > sudo apt-get install -y libgnutls28-dev These are also not needed because the speedo Makefile will download and use ntbtls instead. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpDotj7Kshs2.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
On Wed, 22 Nov 2017 03:44, mac3...@gmail.com said: > sudo apt-get install -y adns-tools You should not need this. > sudo apt-get install -y pcscd scdaemon I guess you install scdaemon to get some infrastructure provided by Ubuntu in their scdameon package. > Specifically G13 and WKS tools are not supported. Am I missing some WKS tools is just the gpg-wks-server which is commonly not needed. The gpg-wks-client will be build anyway. --enable-g13 is too Linux specific to be enabled by default and is missing all documentation. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpTXbLS1ulRA.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Complete Ubuntu compile of GnuPG
> The bash file works on a fresh install of Ubuntu 16.04, 17.10 and > Raspbian Stretch (for Raspberry Pi). Any suggestions for improvements? Pass --enable-g13 --enable-wks-tools to your make invocation. make -f build-aux/speedo.mk INSTALL_PREFIX=/usr/local \ speedo_pkg_gnupg_configure='--enable-g13 --enable-wks-tools' \ native Also see https://wiki.gnupg.org/WKS . Hope this helps! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Complete Ubuntu compile of GnuPG
My goal is to compile the latest version of GnuPG for Ubuntu. The following bash file does pretty well: cd ~/Downloads version=gnupg-2.2.3 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/$version.tar.bz2.sig tar xf $version.tar.bz2 cd $version sudo apt-get update sudo apt-get install -y libldap2-dev sudo apt-get install -y gtk+-2 sudo apt-get install -y rng-tools sudo apt-get install -y libbz2-dev sudo apt-get install -y zlib1g-dev sudo apt-get install -y libgmp-dev sudo apt-get install -y nettle-dev sudo apt-get install -y libgnutls28-dev sudo apt-get install -y libsqlite3-dev sudo apt-get install -y adns-tools sudo apt-get install -y libreadline-dev sudo apt-get install -y pinentry-gtk2 sudo apt-get install -y pcscd scdaemon sudo make -f build-aux/speedo.mk native INSTALL_PREFIX=/usr/local sudo ldconfig But there are a couple of no answers I would like to eliminate: GnuPG v2.2.3 has been configured as follows: Revision: 97f4fea (38900) Platform: GNU/Linux (x86_64-pc-linux-gnu) OpenPGP: yes S/MIME: yes Agent: yes Smartcard: yes (without internal CCID driver) G13: no Dirmngr: yes Gpgtar: yes WKS tools: no Protect tool: (default) LDAP wrapper: (default) Default agent: (default) Default pinentry: (default) Default scdaemon: (default) Default dirmngr: (default) Dirmngr auto start: yes Readline support: yes LDAP support: yes TLS support: gnutls TOFU support: yes Tor support: yes Specifically G13 and WKS tools are not supported. Am I missing some dependencies? Preferably they should be available via 'sudo apt-get install' since this is checked for in new compiles and not reinstalled. The bash file works on a fresh install of Ubuntu 16.04, 17.10 and Raspbian Stretch (for Raspberry Pi). Any suggestions for improvements? Murphy ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users