Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
GnuPG 2.1.18 Build Instructions for Ubuntu 16.04 LTS

GnuPG 2.1.20 Build Instructions

Below you is my build instructions for GnuPG 2.1.20 released on 03-Apr-2017. These instructions are built for a headless Ubuntu 16.04 LTS server.

Or if you wish, you may use the install script to install GnuPG 2.1.20 by entring the following:

curl -sL "https://gist.github.com/mattrude/3883a3801613b048d45b/raw/install-gnupg2.sh" |sh

Install the needed depends

apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin \
build-essential g++

Setup the build

mkdir -p /var/src/gnupg21 && cd /var/src/gnupg21
gpg --list-keys
gpg --recv-keys 0x4F25E3B6 0xE0856959 0x33BD3F06 0x7EFD60D9 0xF7E48EDB

Installing libgpg-error 1.27

wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz.sig && \
gpg --verify libgpg-error-1.27.tar.gz.sig && tar -xzf libgpg-error-1.27.tar.gz && \
cd libgpg-error-1.27/ && ./configure && make && make install && cd ../

Installing libgcrypt 1.7.6

wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz.sig && \
gpg --verify libgcrypt-1.7.6.tar.gz.sig && tar -xzf libgcrypt-1.7.6.tar.gz && \
cd libgcrypt-1.7.6 && ./configure && make && make install && cd ../

Installing libassuan 2.4.3

wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
gpg --verify libassuan-2.4.3.tar.bz2.sig && tar -xjf libassuan-2.4.3.tar.bz2 && \
cd libassuan-2.4.3 && ./configure && make && make install && cd ../

Installing libksba 1.3.5

wget -c  ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../

Installing npth 1.3

wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.3.tar.bz2.sig && \
gpg --verify npth-1.3.tar.bz2.sig && tar -xjf npth-1.3.tar.bz2 && \
cd npth-1.3 && ./configure && make && make install && cd ../

Install ncurses 6.0

wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz.sig && \
gpg --verify ncurses-6.0.tar.gz.sig && tar -xzf ncurses-6.0.tar.gz && \
cd ncurses-6.0 && export CPPFLAGS="-P" && ./configure && make && make install && cd ../

Install pinentry 1.0.0

wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-1.0.0.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-1.0.0.tar.bz2.sig && \
gpg --verify pinentry-1.0.0.tar.bz2.sig && tar -xjf pinentry-1.0.0.tar.bz2 && \
cd pinentry-1.0.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../

Install GnuPG 2.1.20

wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig && \
gpg --verify gnupg-2.1.20.tar.bz2.sig && tar -xjf gnupg-2.1.20.tar.bz2 && \
cd gnupg-2.1.20 && ./configure && make && make install && echo $?

Finishing the build

echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v
#!/bin/bash
apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin build-essential g++
mkdir -p /var/src/gnupg21 && cd /var/src/gnupg21
gpg --list-keys
gpg --recv-keys 0x4F25E3B6 0xE0856959 0x33BD3F06 0x7EFD60D9 0xF7E48EDB
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.2.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.2.tar.bz2.sig && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.5.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig && \
gpg --verify libgpg-error-1.27.tar.gz.sig && tar -xzf libgpg-error-1.27.tar.gz && \
gpg --verify libgcrypt-1.7.6.tar.gz.sig && tar -xzf libgcrypt-1.7.6.tar.gz && \
gpg --verify libassuan-2.4.3.tar.bz2.sig && tar -xjf libassuan-2.4.3.tar.bz2 && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
gpg --verify npth-1.2.tar.bz2.sig && tar -xjf npth-1.2.tar.bz2 && \
gpg --verify ncurses-6.0.tar.gz.sig && tar -xzf ncurses-6.0.tar.gz && \
gpg --verify pinentry-0.9.5.tar.bz2.sig && tar -xjf pinentry-0.9.5.tar.bz2 && \
gpg --verify gnupg-2.1.20.tar.bz2.sig && tar -xjf gnupg-2.1.20.tar.bz2 && \
cd libgpg-error-1.27/ && ./configure && make && make install && cd ../ && \
cd libgcrypt-1.7.6 && ./configure && make && make install && cd ../ && \
cd libassuan-2.4.3 && ./configure && make && make install && cd ../ && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../ && \
cd npth-1.2 && ./configure && make && make install && cd ../ && \
cd ncurses-6.0 && ./configure && make && make install && cd ../ && \
cd pinentry-0.9.5 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-2.1.20 && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"
heypete commented May 29, 2015

Any tips on how to setup a .deb package for the whole thing so one can easily install/remove/upgrade GnuPG 2.1 going forward?

Hi, Matt.

The script fails for me.
I don't know if that is because I think the part with installing dependencies doesn't work for me.

You say:
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin
libgnutls28-dev build-essential g++

But when I try that it tells me I can't install both libgnutls-dev and libgnutls28-dev. As a test, I just skipped the 28 version and ran the script. Seems to have installed perfectly.

Owner
mattrude commented Oct 2, 2015

@heypete, I have not looked into making a deb packet for gnupg2 yet, but if you get anywhere with it, let me know.

@NoSubstitute, I am able to run both at the same time, but if your not receive compile errors, then I think your safe to let it ride. I will look into why this is the case shortly.

Yeah, including both libgnutls-dev and libgnutls28-dev on my Ubuntu-based systems doesn't work. Excluding the 28, it seems to work just fine. Haven't noticed any compile or usage errors.

On a side note, perhaps it could be worth to mention that the compile has to be done by root or the script and manual commands will fail. (Perhaps it's only us sudo-nerds that expect things to work as non-root and ask for root when needed. :-)

@heypete, you can use fpm to package it like this:

cd libgpg-error-1.20/ && mkdir fpm && ./configure && make DESTDIR=fpm && make install && fpm -s dir -t deb -C fpm -n libgpg-error -v 1.20 && cd ../ && \

similar for the rest of the packages.

@djhaskin987 Have you been successfully able to do this?

I'd like to automate that packaging process as much as is possible. Check out my vagrant-gnupg-modern project, it creates a VM and automates the entire process above.

What I'd really like to do is create DEB packages for all of the artifacts above. The problem I've had is determining which package owns which file, etc. Will your DESTDIR hack work to put things in their respective paths? ie: can I do the following?

libgpg-error:
    make DESTDIR=/vagrant/build/libgpg-error-1.20
libgcrypt:
    make DESTDIR=/vagrant/build/libgcrypt-1.6.4

etc. I'd be happy to package them if I could figure out how best to automate it and shove everything under a single path so I could do:

( cd /vagrant/build/libgpg-error-1.20 && fpm -s dir -t deb -n libgpg-error -v 1.20 usr/ )

Update to 2.1.9 went like a charm.
Yeah, I removed the libgnutls28-dev as before, prior to testing.

Owner

@NoSubstitute, confirmed and updated.

2.1.10 curl oneliner ran as smooth as a baby's bottom.

I get the following error i can't fix on ubuntu 14.04.3:

***
*** You need libgpg-error to build this program.
**  This library is for example available at
***   ftp://ftp.gnupg.org/gcrypt/libgpg-error
*** (at least version 1.21 is required.)
***
configure: error: 
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***

libgpg-error appears however to be correctly installed.

I get the exact same error.
This on the same system as I have installed all previous versions using your script, Matt.

I see that there is a 1.21 of libpg-error available.
ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.21.tar.gz

So I guess one just has to update that part of the script to make it work.

I've opened a git repo, because it's quite cumbersome to get around all the gists, forks and their updates
https://github.com/fermiumlabs/GnuPG-Modern-Ubuntu-Build-Scripts

There is also an update for pinentry.
ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.7.tar.bz2

But, I'm not sure if updating to it is a good idea. Can't remember exactly, but I have a faint memory of newer versions not working as well. Don't quote me on that, though, and please, do test.

Also, someone forked this script to include those two updated versions.
https://gist.github.com/vt0r/a2f8c0bcb1400131ff51

Ok, @ddavidebor, but the content on your page is quite outdated.
I mean, the actual gpg build.

Installing the latest, I received this warning.
Perhaps gpg-agent also needs to be included in the script, or is the 2.1.11 build including an old gpg-agent?

gpg: WARNING: server 'gpg-agent' is older than us (2.1.10 < 2.1.11)

Turns out the old gpg-agent was still running.
I shut it down with
$ gpg-connect-agent /bye
and no more errors.

roberto68 commented Apr 26, 2016 edited

I get this. In file included from ../ncurses/curses.priv.h:283:0, from ../ncurses/lib_gen.c:19: _22044.c:835:15: error: expected ‘)’ before ‘int’ ../include/curses.h:1594:56: note: in definition of macro ‘mouse_trafo’ #define mouse_trafo(y,x,to_screen) wmouse_trafo(stdscr,y,x,to_screen) when trying to build ncurses but I cannot find the _22044.c anywhere

@mattrude Thanks for putting together these instructions. What exactly does echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v do? I had put installing gpg v2.1 on the back burner for a few weeks because I was stuck on the following error after going through what I thought was the correct installation process several times from scratch.

gpg2: /lib/x86_64-linux-gnu/libgpg-error.so.0: no version information available (required by gpg2)
gpg2: relocation error: gpg2: symbol gpgrt_set_alloc_func, version GPG_ERROR_1.0 not defined in file libgpg-error.so.0 with link time reference

Your last line for "finishing the build" perfectly solved this error. I'm so glad I have it working now. Thanks :)!

@mattrude Well I thought i finally had everything set up right, but I'm still not able to get gpg2 to work properly. It partly works. I can view keys I've received so far, but I can't generate a new key. When I attempt to run gpg2 --debug-level advanced --expert --full-gen-key , I get the following error:

gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry

I don't know what to do about this. Any help?

zerbey commented Jul 27, 2016

Works great on 12.04 also, many thanks for the guide.

gnupg-2.1.12 says it requires libgpg-error-1.21 or greater. Upgrading to that version fixed it to allow installation.

2.1.16 released a little over a week ago.

Watzmann commented Mar 3, 2017 edited

I need to install gnupg > v2.1.11 or more precisely libgcrypt >= 1.7.6 to handle elliptic keys of type ed25519.
I work with Ubuntu 16.04.2 LTS.
These scripts only partly worked for me. Here my experience:

  • the handy "curl ....." line didn't work,

  • downloading "install-gnupg2.sh" as displayed above didn't work

    • it actually is designed to build gnupg-2.1.12 only
    • it builds libgpg-error-1.20 but I get error messages asking for libgpg-error-1.21+
    • even with libgpg-error-1.21 I get errors during compilation
      I gave up
  • success: step by step building using those individual steps as displayed above did work

    • I find the proper version of gnupg v2.1.18 in /usr/local/bin
    • the libgcrypt employed now is v1.7.6
    • elliptic keys can be used to encrypt and are handled correctly

Thanks for your help :)

Adding the following line as the second line in the script fixes the ncurses "expected ‘)’ before ‘int’" error seen by @roberto68
export CPPFLAGS="-P"

I was able to build version 2.1.19 using the script, the latest version as I type. I just had to manually update the various package versions to match the latest shown in the table on gnupg.org's download page.

Many thanks for putting this together @mattrude.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment