Skip to content

Instantly share code, notes, and snippets.

@RogueScholar
Forked from vt0r/GnuPG-2.2.md
Last active November 6, 2024 00:51
Show Gist options
  • Save RogueScholar/cdade8709bb392dbe112f2d60d0763fd to your computer and use it in GitHub Desktop.
Save RogueScholar/cdade8709bb392dbe112f2d60d0763fd to your computer and use it in GitHub Desktop.
Compile GnuPG 2.2.27 from source and install on Ubuntu 20.10 and similar Debian-based GNU/Linux distributions

GnuPG 2.2.x Build Instructions

Below are my build/compile instructions for GnuPG 2.2.27, released on Monday, January 11, 2021. These instructions were tested on a working Kubuntu 20.10 "The Groovy Gorilla" desktop environment but should be applicable to all Debian-derivative GNU/Linux distributions since Ubuntu 18.04 LTS "Bionic Beaver." (Go Beavers!)

If you prefer, you may use the install script below to automate the process and install GnuPG 2.2.27 with the following command on your computer's terminal:

curl -L https://mello.link/gnupg2227 | sudo -H bash

Elevated permissions needed

NOTE: This guide builds in /var/src and installs to /usr/local, both of which require root permissions to write in You can either prefix the commands below with sudo as you go, or open a root shell with sudo -H -s and run the commands as shown, issuing the exit command when done to drop the root privileges and return to your user shell.

Install the needed dependencies

apt install -y bzip2 wget2 make gettext texinfo doxygen gnutls-bin encfs fuse3 build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev libsecret-1-dev libgcr-3-dev libfltk1.3-dev libusb-1.0-0-dev policykit-1

Cleanup any old builds of GnuPG from /var/src (Optional)

rm -rf /var/src/gnupg*

Setup the build folder and configuration shell, print all keys from your gpg user keyring to stdout in case of catastrophe, and retrieve the GnuPG release signing keys

mkdir -p /var/src/gnupg2 && cd /var/src/gnupg2
typeset -gx CONFIG_SHELL="$(command -v bash)"
gpg --list-keys
gpg --keyserver keyserver.ubuntu.com --recv-keys 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9 528897B826403ADA A8DC7067E25FBABB

Installing Libgpg-error 1.41

wget2 -c https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.41.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.41.tar.bz2.sig
gpg --verify libgpg-error-1.41.tar.bz2.sig && tar xjof libgpg-error-1.41.tar.bz2
cd libgpg-error-1.41
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu --enable-threads=posix --disable-rpath && make -j$(nproc)
make check -j$(nproc) && make install
cd ..

Installing Libgcrypt 1.9.2

wget2 -c https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.9.2.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.9.2.tar.bz2.sig
gpg --verify libgcrypt-1.9.2.tar.bz2.sig && tar xjof libgcrypt-1.9.2.tar.bz2
cd libgcrypt-1.9.2
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu --enable-m-guard --enable-hmac-binary-check --with-capabilities && make -j$(nproc)
make check -j$(nproc) && make install
cd ..

Installing Libksba 1.5.0

wget2 -c https://gnupg.org/ftp/gcrypt/libksba/libksba-1.5.0.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/libksba/libksba-1.5.0.tar.bz2.sig
gpg --verify libksba-1.5.0.tar.bz2.sig && tar xjof libksba-1.5.0.tar.bz2
cd libksba-1.5.0
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu && make -j$(nproc)
make check && make install
cd ..

Installing Libassuan 2.5.4

wget2 -c https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.4.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.4.tar.bz2.sig
gpg --verify libassuan-2.5.4.tar.bz2.sig && tar xjof libassuan-2.5.4.tar.bz2
cd libassuan-2.5.4
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu && make -j$(nproc)
make check -j$(nproc) && make install
cd ..

Installing ntbTLS 0.2.0

wget2 -c https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.2.0.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.2.0.tar.bz2.sig
gpg --verify ntbtls-0.2.0.tar.bz2.sig && tar xjof ntbtls-0.2.0.tar.bz2
cd ntbtls-0.2.0
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu && make -j$(nproc) && make install
cd ..

Installing nPth 1.6

wget2 -c https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig
gpg --verify npth-1.6.tar.bz2.sig && tar xjof npth-1.6.tar.bz2
cd npth-1.6
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local \
  --runstatedir=/run --libdir=/usr/local/lib/x86_64-linux-gnu && make -j$(nproc)
make check -j$(nproc) && make install
cd ..

Install Pinentry 1.1.1

wget2 -c https://gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.1.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.1.tar.bz2.sig
gpg --verify pinentry-1.1.1.tar.bz2.sig && tar xjof pinentry-1.1.1.tar.bz2
cd pinentry-1.1.1
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu --enable-pinentry-curses --enable-fallback-curses --enable-pinentry-tty \
  --disable-rpath --enable-libsecret --disable-pinentry-gtk2 --enable-pinentry-gnome3 --enable-pinentry-fltk \
  --enable-pinentry-qt && make -j$(nproc) && make install
cd ..

Install GPGME 1.15.1

wget2 -c https://gnupg.org/ftp/gcrypt/gpgme/gpgme-1.15.1.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/gpgme/gpgme-1.15.1.tar.bz2.sig
gpg --verify gpgme-1.15.1.tar.bz2.sig && tar xjof gpgme-1.15.1.tar.bz2
cd gpgme-1.15.1
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu && make -j$(nproc)
make check -j$(nproc) && make install
cd ..

Install GPA 0.10.0

wget2 -c https://gnupg.org/ftp/gcrypt/gpa/gpa-0.10.0.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/gpa/gpa-0.10.0.tar.bz2.sig
gpg --verify gpa-0.10.0.tar.bz2.sig && tar xjof gpa-0.10.0.tar.bz2
cd gpa-0.10.0
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu --disable-rpath && make -j$(nproc) && make install
cd ..

Install GnuPG 2.2.27

wget2 -c https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2
wget2 -c https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2.sig
gpg --verify gnupg-2.2.27.tar.bz2.sig && tar xjof gnupg-2.2.27.tar.bz2
cd gnupg-2.2.27
autoreconf -fi && ./configure --sysconfdir=/etc --sharedstatedir=/var/lib --localstatedir=/var/local --runstatedir=/run \
  --libdir=/usr/local/lib/x86_64-linux-gnu --enable-g13 --enable-large-secmem --disable-rpath \
  --enable-run-gnupg-user-socket --with-capabilities && make -j$(nproc)
make check -j$(nproc) && make install

Update the library linker cache with the updated versions

ldconfig

Congratulations, you're done. Live long and encrypt.

#!/usr/bin/env bash
# =============================================================================
# Title: install-gnupg2215.sh
# Description: POSIX shell script to build and install
# GnuPG 2.2.15 from source
# Author: Peter J. Mello
# Date: 2019-06-04
# Version: 1.6.1
# Usage: [sudo] bash install-gnupg2215.sh
# Notes: Developed and tested on Kubuntu 19.04, intended for
# use on Ubuntu and its derivatives > version 18.04
# Bash Version: 5.0.3
# SPDX-License-Identifier: Apache-2.0
# =============================================================================
# Copyright 2019 Peter J. Mello
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# =============================================================================
# Basic shell built-ins to promote safe operation
set -eu -o pipefail
shopt -qs failglob
# Export environment variable to keep all build processes using bash shell
typeset -x CONFIG_SHELL=$(command -v bash)
# Stash component versions and script shortlink in variables for easy updating
GNUPG_VER=2.2.15
LIBGPG_ERROR_VER=1.36
LIBGCRYPT_VER=1.8.4
LIBKSBA_VER=1.3.5
LIBASSUAN_VER=2.5.3
NTBTLS_VER=0.1.2
NPTH_VER=1.6
PINENTRY_VER=1.1.0
GPGME_VER=1.13.0
GPA_VER=0.10.0
CURL_FETCH="$(curl -sL https://mello.link/gnupg2215)"
# Start the process with a public service announcement
echo "The author of this script encourages everyone to learn and adopt
good information security habits. As John Perry Barlow once said,
--\"Relying on the government to protect your privacy is like
asking a peeping tom to install your window blinds.\"
╭───────────╮ pub rsa2048/AC77588D3F3BCA1E 2017-01-04
│╲ ◯───╥ ╱│ Peter J. Mello <admin at petermello.net>
│╱‵───────′╲│ Sending e-mail without using public key encryption is
╰───────────╯ like sending a letter without sealing the envelope."
# Check that script is being run with necessary privileges
echo "Checking that we have the necessary permissions..."
if [[ $EUID -ne 0 ]]; then
# Prompt for the sudo password and re-execute this script with sudo
if [[ -t 1 ]]; then
typeset dialog_title
typeset pass
dialog_title="GnuPG ${GNUPG_VER} Automated Build/Install Script"
pass=$(whiptail --backtitle "$dialog_title" --title "Elevated permissions \
required" --passwordbox "The "$dialog_title" requires administrative \
privileges. Please authenticate to begin the installation.\\n\\n[sudo] \
Password for user $USER:" 12 50 3>&2 2>&1 1>&3-)
"${CURL_FETCH}" | exec sudo -kH '' bash -s -- <<< "$pass" && exit 0
else
# Use pkexec to graphically request user authentication if not in terminal
exec 1>output_file
pkexec env DISPLAY="$DISPLAY" XAUTHORITY="$XAUTHORITY" \
DBUS_SESSION_BUS_ADDRESS="$DBUS_SESSION_BUS_ADDRESS" "$CONFIG_SHELL" \
"${CURL_FETCH}"
fi
else
echo "Failed to gain necessary privileges to execute script. Try again with sudo."
exit 1
fi
# Ensure all necessary dependencies are present on the system
echo "Updating package lists and installing any missing dependencies..."
apt update
apt install -y bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential \
libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev libsecret-1-dev
# Create folder for build files
echo "Creating working directory at '/var/src/gnupg2' for build processes..."
mkdir -p /var/src/gnupg2 || echo "Unable to create directory in /var/src"
cd /var/src/gnupg2 || exit 1
# Output all current keys present in keyring to stdout in case of issues with gpg following install
echo "Printing list of all keys in user keyring in case of issues following install..."
gpg --list-keys
# Retrieve GnuPG release signing keys from Ubuntu keyserver
echo "Retrieving GnuPG release signing keys from Ubuntu keyserver..."
gpg --keyserver keyserver.ubuntu.com --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9
#Build and install libgpg-error
echo "Building and installing libgpg-error..."
wget -c https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-${LIBGPG_ERROR_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-${LIBGPG_ERROR_VER}.tar.bz2.sig
gpg --verify libgpg-error-${LIBGPG_ERROR_VER}.tar.bz2.sig
tar xjof libgpg-error-${LIBGPG_ERROR_VER}.tar.bz2
cd libgpg-error-${LIBGPG_ERROR_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make check
make install
cd ..
# Build and install libgcrypt
echo "Building and installing libgcrypt..."
wget -c https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-${LIBGCRYPT_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-${LIBGCRYPT_VER}.tar.bz2.sig
gpg --verify libgcrypt-${LIBGCRYPT_VER}.tar.bz2.sig
tar xjof libgcrypt-${LIBGCRYPT_VER}.tar.bz2
cd libgcrypt-${LIBGCRYPT_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure --enable-m-guard --with-capabilities
make -s
make check
make install
cd ..
# Build and install libksba
echo "Building and installing libksba..."
wget -c https://gnupg.org/ftp/gcrypt/libksba/libksba-${LIBKSBA_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/libksba/libksba-${LIBKSBA_VER}.tar.bz2.sig
gpg --verify libksba-${LIBKSBA_VER}.tar.bz2.sig
tar xjof libksba-${LIBKSBA_VER}.tar.bz2
cd libksba-${LIBKSBA_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make check
make install
cd ..
# Build and install libassuan
echo "Building and installing libassuan..."
wget -c https://gnupg.org/ftp/gcrypt/libassuan/libassuan-${LIBASSUAN_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/libassuan/libassuan-${LIBASSUAN_VER}.tar.bz2.sig
gpg --verify libassuan-${LIBASSUAN_VER}.tar.bz2.sig
tar xjof libassuan-${LIBASSUAN_VER}.tar.bz2
cd libassuan-${LIBASSUAN_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make check
make install
cd ..
# Build and install ntbTLS
echo "Building and installing ntbtls..."
wget -c https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-${NTBTLS_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-${NTBTLS_VER}.tar.bz2.sig
gpg --verify ntbtls-${NTBTLS_VER}.tar.bz2.sig
tar xjof ntbtls-${NTBTLS_VER}.tar.bz2
cd ntbtls-${NTBTLS_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make install
cd ..
# Build and install nPth
echo "Building and installing npth..."
wget -c https://gnupg.org/ftp/gcrypt/npth/npth-${NPTH_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/npth/npth-${NPTH_VER}.tar.bz2.sig
gpg --verify npth-${NPTH_VER}.tar.bz2.sig
tar xjof npth-${NPTH_VER}.tar.bz2
cd npth-${NPTH_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make check
make install
cd ..
# Build and install Pinentry
echo "Building and installing pinentry..."
wget -c https://gnupg.org/ftp/gcrypt/pinentry/pinentry-${PINENTRY_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/pinentry/pinentry-${PINENTRY_VER}.tar.bz2.sig
gpg --verify pinentry-${PINENTRY_VER}.tar.bz2.sig
tar xjof pinentry-${PINENTRY_VER}.tar.bz2
cd pinentry-${PINENTRY_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure --enable-libsecret --enable-pinentry-tty --enable-pinentry-qt --enable-pinentry-gnome3
make -s
make install
cd ..
# Build and install GPGME
echo "Building and installing gpgme..."
wget -c https://gnupg.org/ftp/gcrypt/gpgme/gpgme-${GPGME_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/gpgme/gpgme-${GPGME_VER}.tar.bz2.sig
gpg --verify gpgme-${GPGME_VER}.tar.bz2.sig
tar xjof gpgme-${GPGME_VER}.tar.bz2
cd gpgme-${GPGME_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make check
make install
cd ..
# Build and install GPA
echo "Building and installing gpa..."
wget -c https://gnupg.org/ftp/gcrypt/gpa/gpa-${GPA_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/gpa/gpa-${GPA_VER}.tar.bz2.sig
gpg --verify gpa-${GPA_VER}.tar.bz2.sig
tar xjof gpa-${GPA_VER}.tar.bz2
cd gpa-${GPA_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure
make -s
make install
cd ..
# Build and install GnuPG
echo "Building and installing GnuPG main package..."
wget -c https://gnupg.org/ftp/gcrypt/gnupg/gnupg-${GNUPG_VER}.tar.bz2
wget -c https://gnupg.org/ftp/gcrypt/gnupg/gnupg-${GNUPG_VER}.tar.bz2.sig
gpg --verify gnupg-${GNUPG_VER}.tar.bz2.sig
tar xjof gnupg-${GNUPG_VER}.tar.bz2
cd gnupg-${GNUPG_VER} || exit 1
autoreconf -fi 2>/dev/null
./configure --sysconfdir=/etc --localstatedir=/var --runstatedir=/run \
--enable-g13 --enable-symcryptrun --enable-large-secmem --with-capabilities
make -s
make check
make install
# Call library linker to scan library directories so newly installed files are available
echo "Calling ldconfig to scan library install locations & update system shared library linker."
ldconfig
# Inform user of the success of all processes
echo "Successfully built and installed GnuPG ${GNUPG_VER} to /usr/local"
exit 0
@NoSubstitute
Copy link

I'm getting this error.

line 37: export: `/bin/bash': not a valid identifier

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment