Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Build/install instructions for GnuPG 2.2.x on Ubuntu and similar distros (formerly for 2.1.x)

GnuPG 2.2.x Build Instructions

Below are my build instructions for GnuPG 2.2.8, released on June 8th, 2018. These instructions are built for a headless Ubuntu 16.04 LTS server (and have also been tested on Ubuntu 14.04/18.04).

If you prefer, you may use the below install script to install GnuPG 2.2.x by running the following commands:

curl -OL "https://gist.githubusercontent.com/vt0r/a2f8c0bcb1400131ff51/raw/65e3de4bade93d720ee169085307ea49b524d605/install-gnupg22.sh" && sudo -H bash ./install-gnupg22.sh

Install the needed dependencies

apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev

Setup the build

NOTE: To clean up from the older GnuPG 2.1.x builds, you probably want to delete /var/src/gnupg21 entirely.

mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

Installing libgpg-error 1.31

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.31.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.31.tar.gz.sig && \
gpg --verify libgpg-error-1.31.tar.gz.sig && tar -xzf libgpg-error-1.31.tar.gz && \
cd libgpg-error-1.31/ && ./configure && make && make install && cd ../

Installing libgcrypt 1.8.3

wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz.sig && \
gpg --verify libgcrypt-1.8.3.tar.gz.sig && tar -xzf libgcrypt-1.8.3.tar.gz && \
cd libgcrypt-1.8.3 && ./configure && make && make install && cd ../

Installing libassuan 2.5.1

wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig && \
gpg --verify libassuan-2.5.1.tar.bz2.sig && tar -xjf libassuan-2.5.1.tar.bz2 && \
cd libassuan-2.5.1 && ./configure && make && make install && cd ../

Installing libksba 1.3.5

wget -c  https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../

Installing npth 1.5

wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2.sig && \
gpg --verify npth-1.5.tar.bz2.sig && tar -xjf npth-1.5.tar.bz2 && \
cd npth-1.5 && ./configure && make && make install && cd ../

Install pinentry 1.1.0

wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig && \
gpg --verify pinentry-1.1.0.tar.bz2.sig && tar -xjf pinentry-1.1.0.tar.bz2 && \
cd pinentry-1.1.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../

Install GnuPG 2.2.8

wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2.sig && \
gpg --verify gnupg-2.2.8.tar.bz2.sig && tar -xjf gnupg-2.2.8.tar.bz2 && \
cd gnupg-2.2.8 && ./configure && make && make install

Finishing the build

echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v
#!/bin/bash
# ---------
# Script to build and install GnuPG 2.2.x
apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.31.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.31.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.8.tar.bz2.sig && \
gpg --verify libgpg-error-1.31.tar.gz.sig && tar -xzf libgpg-error-1.31.tar.gz && \
gpg --verify libgcrypt-1.8.3.tar.gz.sig && tar -xzf libgcrypt-1.8.3.tar.gz && \
gpg --verify libassuan-2.5.1.tar.bz2.sig && tar -xjf libassuan-2.5.1.tar.bz2 && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
gpg --verify npth-1.5.tar.bz2.sig && tar -xjf npth-1.5.tar.bz2 && \
gpg --verify pinentry-1.1.0.tar.bz2.sig && tar -xjf pinentry-1.1.0.tar.bz2 && \
gpg --verify gnupg-2.2.8.tar.bz2.sig && tar -xjf gnupg-2.2.8.tar.bz2 && \
cd libgpg-error-1.31/ && ./configure && make && make install && cd ../ && \
cd libgcrypt-1.8.3 && ./configure && make && make install && cd ../ && \
cd libassuan-2.5.1 && ./configure && make && make install && cd ../ && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../ && \
cd npth-1.5 && ./configure && make && make install && cd ../ && \
cd pinentry-1.1.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-2.2.8 && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"
@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Feb 6, 2016

Hi!
Why the fork?
Apart from the error with libpg-error-1.21 in Matt's script, I mean.

Also, I see you're using the newest version of pinentry.
Is it working fine? Wondering why Matt chose to stick to 0.9.5.

Hi!
Why the fork?
Apart from the error with libpg-error-1.21 in Matt's script, I mean.

Also, I see you're using the newest version of pinentry.
Is it working fine? Wondering why Matt chose to stick to 0.9.5.

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Feb 6, 2016

Hi again.
I used your script to update gpg and received this warning when I used it.

gpg: WARNING: server 'gpg-agent' is older than us (2.1.10 < 2.1.11)

Hi again.
I used your script to update gpg and received this warning when I used it.

gpg: WARNING: server 'gpg-agent' is older than us (2.1.10 < 2.1.11)

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Feb 6, 2016

Aha, the old gpg-agent was still running.
I shut it down with
$ gpg-connect-agent /bye
and no more errors.

Aha, the old gpg-agent was still running.
I shut it down with
$ gpg-connect-agent /bye
and no more errors.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Apr 15, 2016

@NoSubstitute - Sorry for no response. Github doesn't alert me about comments on gists for some reason - tag my name if you want me to be notified. Anyway, I forked back when the original wasn't getting updated (at least not very often). I continue to maintain this separate fork, because there are some missed package dependencies in the original + no updates on some deps like pinentry, libgcrypt, etc. I'd prefer to always use the latest stable versions, assuming no compatibility issues occur between any libs.

Owner

vt0r commented Apr 15, 2016

@NoSubstitute - Sorry for no response. Github doesn't alert me about comments on gists for some reason - tag my name if you want me to be notified. Anyway, I forked back when the original wasn't getting updated (at least not very often). I continue to maintain this separate fork, because there are some missed package dependencies in the original + no updates on some deps like pinentry, libgcrypt, etc. I'd prefer to always use the latest stable versions, assuming no compatibility issues occur between any libs.

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Jun 26, 2016

Updated today. Script worked fine.

Updated today. Script worked fine.

@Smurph82

This comment has been minimized.

Show comment
Hide comment
@Smurph82

Smurph82 Jul 5, 2016

Using the install-gnupg21.sh script failed with the configure | make | make install of the ncurses. Instead I just ran sudo apt-get install libncurses-dev before i ran your script. Sorry did not copy the error I got but it had something to do with not having a ) before int. But installing the lib with apt-get worked.

Smurph82 commented Jul 5, 2016

Using the install-gnupg21.sh script failed with the configure | make | make install of the ncurses. Instead I just ran sudo apt-get install libncurses-dev before i ran your script. Sorry did not copy the error I got but it had something to do with not having a ) before int. But installing the lib with apt-get worked.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jul 15, 2016

@Smurph82 - Though I've had no such issues myself, I think it's fair to say the version in the Ubuntu repos (even back as far as Precise) seems to be current enough to just use the official package. I've updated the gist and script so that it will no longer download the ncurses source, but instead it will just install libncurses5-dev. Thanks for the suggestion.

Owner

vt0r commented Jul 15, 2016

@Smurph82 - Though I've had no such issues myself, I think it's fair to say the version in the Ubuntu repos (even back as far as Precise) seems to be current enough to just use the official package. I've updated the gist and script so that it will no longer download the ncurses source, but instead it will just install libncurses5-dev. Thanks for the suggestion.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Jul 26, 2016

@vt0r I don't know if it makes any difference (for me it didn't), but gnupg's 2.1.14 README says

After building and installing the above packages in the order as
given above [...]

the order being

npth
libgpg-error
libgcrypt
libksba
libassuan
pinentry

ghost commented Jul 26, 2016

@vt0r I don't know if it makes any difference (for me it didn't), but gnupg's 2.1.14 README says

After building and installing the above packages in the order as
given above [...]

the order being

npth
libgpg-error
libgcrypt
libksba
libassuan
pinentry

@zipizap

This comment has been minimized.

Show comment
Hide comment
@zipizap

zipizap Aug 23, 2016

@vt0r
The FTP urls are not working. Use instead the ones indicated in the gpg downloads page: https://www.gnupg.org/download/index.html which are (currently 2016/08/23):


wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.24.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.24.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.3.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.4.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.4.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.2.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.2.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2.sig && \

You can update them FTP urls from the ones in the download page by doing simply sed 's_ftp://ftp.gnupg.org_https://www.gnupg.org/ftp_g'

Update: As indicated in this email of gpg team, it seems that:

  • ftp server ftp.gnu.org is not recommended, use the download page links
  • use long-keyids (16-hex-char per key) instead of short-keyId (8-hex-char per key), so the correct would be gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9. (there was an attack made to gpgkeyservers a little while ago, and now its recommended to always use the 16-hex-char-keyid (long-keyid) to identify a key with gpg-keyservers.

zipizap commented Aug 23, 2016

@vt0r
The FTP urls are not working. Use instead the ones indicated in the gpg downloads page: https://www.gnupg.org/download/index.html which are (currently 2016/08/23):


wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.24.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.24.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.7.3.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.4.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.4.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.2.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.2.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2.sig && \

You can update them FTP urls from the ones in the download page by doing simply sed 's_ftp://ftp.gnupg.org_https://www.gnupg.org/ftp_g'

Update: As indicated in this email of gpg team, it seems that:

  • ftp server ftp.gnu.org is not recommended, use the download page links
  • use long-keyids (16-hex-char per key) instead of short-keyId (8-hex-char per key), so the correct would be gpg --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9. (there was an attack made to gpgkeyservers a little while ago, and now its recommended to always use the 16-hex-char-keyid (long-keyid) to identify a key with gpg-keyservers.
@zipizap

This comment has been minimized.

Show comment
Hide comment
@zipizap

zipizap Aug 24, 2016

@vt0r, I've made a fork of the script - https://gist.github.com/zipizap/3c0bdf4f271ff12b63acd0a729f1d67e
Tested in Debian Jessie (8.5)

zipizap commented Aug 24, 2016

@vt0r, I've made a fork of the script - https://gist.github.com/zipizap/3c0bdf4f271ff12b63acd0a729f1d67e
Tested in Debian Jessie (8.5)

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Sep 2, 2016

@zipizap - Thanks for the info. I was able to use the FTP URLs without trouble a few days ago, but I do agree it makes more sense for global usability to stick with HTTPS, so I've updated the URLs accordingly. In addition, I also agree that using the long key-ids is much safer, so I've updated the command in the markdown / script parts. Finally, I added a brief comment to the script for identification outside of the name itself. Doesn't seem like Github notifies you of gist comments, even when you've been tagged, so I guess I'll only see replies when I check to see if anything has happened...

Owner

vt0r commented Sep 2, 2016

@zipizap - Thanks for the info. I was able to use the FTP URLs without trouble a few days ago, but I do agree it makes more sense for global usability to stick with HTTPS, so I've updated the URLs accordingly. In addition, I also agree that using the long key-ids is much safer, so I've updated the command in the markdown / script parts. Finally, I added a brief comment to the script for identification outside of the name itself. Doesn't seem like Github notifies you of gist comments, even when you've been tagged, so I guess I'll only see replies when I check to see if anything has happened...

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Dec 1, 2016

2.1.16 released a little over a week ago.

2.1.16 released a little over a week ago.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Dec 9, 2016

Ah well I tried. Updated the gist finally. Sorry for the delay, guys. Work has had me very busy.

Owner

vt0r commented Dec 9, 2016

Ah well I tried. Updated the gist finally. Sorry for the delay, guys. Work has had me very busy.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Dec 17, 2016

Updated libgcrypt to 1.7.5, which was released two days ago.

Also added libsqlite3-dev & libldap2-dev packages to make sure TOFU and X.509 are supported, just in case someone uses those features.

Check your current libgcrypt version by running /usr/local/bin/gpg2 --version

If your GnuPG version was built using libgcrypt 1.7.3 or 1.7.4, I recommend rebuilding libgcrypt + gnupg, even if you already have 2.1.16 installed, as the libgcrypt update contains security and bug fixes.

Owner

vt0r commented Dec 17, 2016

Updated libgcrypt to 1.7.5, which was released two days ago.

Also added libsqlite3-dev & libldap2-dev packages to make sure TOFU and X.509 are supported, just in case someone uses those features.

Check your current libgcrypt version by running /usr/local/bin/gpg2 --version

If your GnuPG version was built using libgcrypt 1.7.3 or 1.7.4, I recommend rebuilding libgcrypt + gnupg, even if you already have 2.1.16 installed, as the libgcrypt update contains security and bug fixes.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Dec 22, 2016

Updated to GnuPG 2.1.17

Also made it compatible with Ubuntu 16.10 by adding an or condition to the end of the dependency installation. The libgnutls-dev package is no longer present, and you need to use libgnutls28-dev instead, so when running the script (or the command near the top of the page), a failure is expected on 16.10, which will cause the second apt command to run (and it should succeed).

Owner

vt0r commented Dec 22, 2016

Updated to GnuPG 2.1.17

Also made it compatible with Ubuntu 16.10 by adding an or condition to the end of the dependency installation. The libgnutls-dev package is no longer present, and you need to use libgnutls28-dev instead, so when running the script (or the command near the top of the page), a failure is expected on 16.10, which will cause the second apt command to run (and it should succeed).

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Jan 5, 2017

Thanks, 2.1.17 installed without any noticeable problems on Ubuntu Server 16.04.1 LTS with 64bit 4.4.0-57-generic.

Thanks, 2.1.17 installed without any noticeable problems on Ubuntu Server 16.04.1 LTS with 64bit 4.4.0-57-generic.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jan 23, 2017

Updated to GnuPG 2.1.18.

Also made the following changes:

  • Change keyserver to keyserver.ubuntu.com's port 80 listener, in case of some restrictive firewalls.
  • Add -H option to sudo to prevent the script from altering the local user's trustdb
Owner

vt0r commented Jan 23, 2017

Updated to GnuPG 2.1.18.

Also made the following changes:

  • Change keyserver to keyserver.ubuntu.com's port 80 listener, in case of some restrictive firewalls.
  • Add -H option to sudo to prevent the script from altering the local user's trustdb
@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Mar 1, 2017

Updated to GnuPG 2.1.19, libgpg-error 1.27 and libgcrypt 1.7.6

Owner

vt0r commented Mar 1, 2017

Updated to GnuPG 2.1.19, libgpg-error 1.27 and libgcrypt 1.7.6

@jans23

This comment has been minimized.

Show comment
Hide comment
@jans23

jans23 Mar 16, 2017

On Ubuntu 16.10 I get the following:

$ /usr/local/bin/gpg2 --card-status
gpg: WARNING: server 'gpg-agent' is older than us (2.1.15 < 2.1.19)
gpg: WARNING: server 'scdaemon' is older than us (2.1.15 < 2.1.19)

Also $ gpg-connect-agent /bye didn't help (for the first warning). Any idea? Thank you.

jans23 commented Mar 16, 2017

On Ubuntu 16.10 I get the following:

$ /usr/local/bin/gpg2 --card-status
gpg: WARNING: server 'gpg-agent' is older than us (2.1.15 < 2.1.19)
gpg: WARNING: server 'scdaemon' is older than us (2.1.15 < 2.1.19)

Also $ gpg-connect-agent /bye didn't help (for the first warning). Any idea? Thank you.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r May 15, 2017

@jans23 and anyone else experiencing this issue, you'll need to kill the old gpg-agent and scdaemon processes any time you upgrade to get rid of these warnings. This was also mentioned by a previous commenter.

Updated GPG to 2.1.21

Owner

vt0r commented May 15, 2017

@jans23 and anyone else experiencing this issue, you'll need to kill the old gpg-agent and scdaemon processes any time you upgrade to get rid of these warnings. This was also mentioned by a previous commenter.

Updated GPG to 2.1.21

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jun 5, 2017

  • Updated libgcrypt to 1.7.7
  • Updated npth to 1.5
Owner

vt0r commented Jun 5, 2017

  • Updated libgcrypt to 1.7.7
  • Updated npth to 1.5
@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Jun 10, 2017

Thank you for keeping this up to date. Just installed with the curl-script without a problem.

Thank you for keeping this up to date. Just installed with the curl-script without a problem.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jun 30, 2017

No problem. Glad it helps.

  • Updated libgcrypt to 1.7.8 to patch CVE-2017-7526. It's highly recommended to upgrade
Owner

vt0r commented Jun 30, 2017

No problem. Glad it helps.

  • Updated libgcrypt to 1.7.8 to patch CVE-2017-7526. It's highly recommended to upgrade
@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Jul 16, 2017

Reinstalled with Libgcrypt 1.7.8, Better safe than sorry.

Reinstalled with Libgcrypt 1.7.8, Better safe than sorry.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jul 18, 2017

  • Updated libgcrypt to 1.8.0. This is a feature/bugfix release, with no attached CVE, so while it's still recommended to upgrade, it's not critical like 1.7.8 was.
Owner

vt0r commented Jul 18, 2017

  • Updated libgcrypt to 1.8.0. This is a feature/bugfix release, with no attached CVE, so while it's still recommended to upgrade, it's not critical like 1.7.8 was.
@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Aug 1, 2017

  • Updated GnuPG to 2.1.22.
Owner

vt0r commented Aug 1, 2017

  • Updated GnuPG to 2.1.22.
@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Aug 28, 2017

  • Updated GnuPG to 2.2.0
  • Updated Libgcrypt to 1.8.1 for both regular improvements and to mitigate CVE-2017-0379. Though this CVE requires the ability to run arbitrary code on the machine/device where the keys are stored, it's still recommended to upgrade if you're using Ed25519/Curve25519 at all.

Note

If OS vendors will start packaging 2.2 across the board, I may not continue supporting this doc, unless there's some serious demand for it, as I only ever used the 2.1.x builds to support EdDSA, which is now included in 2.2.x and beyond. Please feel free to comment below if you have some reason you may want to continue building 2.2.x manually, assuming packages actually get built for all common distros within a reasonable time frame.

Edited to add CVE info

Owner

vt0r commented Aug 28, 2017

  • Updated GnuPG to 2.2.0
  • Updated Libgcrypt to 1.8.1 for both regular improvements and to mitigate CVE-2017-0379. Though this CVE requires the ability to run arbitrary code on the machine/device where the keys are stored, it's still recommended to upgrade if you're using Ed25519/Curve25519 at all.

Note

If OS vendors will start packaging 2.2 across the board, I may not continue supporting this doc, unless there's some serious demand for it, as I only ever used the 2.1.x builds to support EdDSA, which is now included in 2.2.x and beyond. Please feel free to comment below if you have some reason you may want to continue building 2.2.x manually, assuming packages actually get built for all common distros within a reasonable time frame.

Edited to add CVE info

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Sep 20, 2017

  • Updated GnuPG to 2.2.1
Owner

vt0r commented Sep 20, 2017

  • Updated GnuPG to 2.2.1
@neuhaus

This comment has been minimized.

Show comment
Hide comment
@neuhaus

neuhaus Oct 11, 2017

It would be great if you could keep this gist updated until gnupg 2.2 ships with a Debian release and a Ubuntu LTS release (Ubuntu 18.04 LTS I reckon). Ubuntu 17.10 will ship with gnupg 2.1.15 later this month 😞

neuhaus commented Oct 11, 2017

It would be great if you could keep this gist updated until gnupg 2.2 ships with a Debian release and a Ubuntu LTS release (Ubuntu 18.04 LTS I reckon). Ubuntu 17.10 will ship with gnupg 2.1.15 later this month 😞

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Nov 4, 2017

I'd love to see you updating this until it's not needed anymore. Like neauhaus say, maybe when 2.2 is included in LTS.

I'd love to see you updating this until it's not needed anymore. Like neauhaus say, maybe when 2.2 is included in LTS.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Nov 8, 2017

No worries, @neuhaus and @NoSubstitute. I still haven't seen the major distros pick up 2.2.x yet, so no plans to stop any time soon.

  • Updated GnuPG to 2.2.2
Owner

vt0r commented Nov 8, 2017

No worries, @neuhaus and @NoSubstitute. I still haven't seen the major distros pick up 2.2.x yet, so no plans to stop any time soon.

  • Updated GnuPG to 2.2.2
@utkonos

This comment has been minimized.

Show comment
Hide comment
@utkonos

utkonos Nov 12, 2017

This is a great gist/script. Thanks for maintaining this. I can report that this works flawlessly on Ubuntu 17.10. I verifed it using a fresh Vagrant install of box "ubuntu/artful64".

utkonos commented Nov 12, 2017

This is a great gist/script. Thanks for maintaining this. I can report that this works flawlessly on Ubuntu 17.10. I verifed it using a fresh Vagrant install of box "ubuntu/artful64".

@NoSubstitute

This comment has been minimized.

Show comment
Hide comment
@NoSubstitute

NoSubstitute Nov 15, 2017

Thanks, running the 2.2.2 install now on a Lubuntu 16.04.3 LTS with 4.4.0-66. Usually runs without a hitch. Also this time.

One noteworthy thing, though. 2.2.2 installs as gpg and not gpg2. So if you have previous installs of GPG Modern they will still be around as gpg2. Also, I assume this means it will overwrite previous non-Modern local versions of GPG.

Thanks, running the 2.2.2 install now on a Lubuntu 16.04.3 LTS with 4.4.0-66. Usually runs without a hitch. Also this time.

One noteworthy thing, though. 2.2.2 installs as gpg and not gpg2. So if you have previous installs of GPG Modern they will still be around as gpg2. Also, I assume this means it will overwrite previous non-Modern local versions of GPG.

@DeathCamel57

This comment has been minimized.

Show comment
Hide comment
@DeathCamel57

DeathCamel57 Nov 28, 2017

Hey @vt0r, there were some updated packages, including a new version of GnuPG. Check out my gist, and test it. It should be updated.
Updated Script

Hey @vt0r, there were some updated packages, including a new version of GnuPG. Check out my gist, and test it. It should be updated.
Updated Script

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Nov 28, 2017

Yeah, sorry, @DeathCamel57. I got busy with work and holidays stuff. I've finally updated to include the new libassuan and GnuPG

  • Updated libassuan to 2.4.4
  • Updated gnupg to 2.2.3
Owner

vt0r commented Nov 28, 2017

Yeah, sorry, @DeathCamel57. I got busy with work and holidays stuff. I've finally updated to include the new libassuan and GnuPG

  • Updated libassuan to 2.4.4
  • Updated gnupg to 2.2.3
@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Dec 27, 2017

  • Updated libassuan to 2.5.1
  • Updated pinentry to 1.1.0
  • Updated gnupg to 2.2.4
Owner

vt0r commented Dec 27, 2017

  • Updated libassuan to 2.5.1
  • Updated pinentry to 1.1.0
  • Updated gnupg to 2.2.4
@catalinif

This comment has been minimized.

Show comment
Hide comment
@catalinif

catalinif Feb 12, 2018

Any ideea why, after installing from the above instructions on ubuntu 16.04
gpg --version
gpg: Fatal: libgcrypt is too old (need 1.7.0, have 1.6.5)

Any ideea why, after installing from the above instructions on ubuntu 16.04
gpg --version
gpg: Fatal: libgcrypt is too old (need 1.7.0, have 1.6.5)

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Mar 1, 2018

@catalinif - I'm going to need more information to help out. Did you get some sort of errors during the build? It looks like you didn't build and install the newest version of libgcrypt, so it's probably trying to use a system version.

  • Updated gnupg to 2.2.5
Owner

vt0r commented Mar 1, 2018

@catalinif - I'm going to need more information to help out. Did you get some sort of errors during the build? It looks like you didn't build and install the newest version of libgcrypt, so it's probably trying to use a system version.

  • Updated gnupg to 2.2.5
@jamesob

This comment has been minimized.

Show comment
Hide comment
@jamesob

jamesob Apr 2, 2018

This is awesome! Thanks so much.

jamesob commented Apr 2, 2018

This is awesome! Thanks so much.

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Apr 12, 2018

@jamesob - No problem. Happy to help.

  • Updated libgpg-error to 1.29
  • Updated gnupg to 2.2.6
Owner

vt0r commented Apr 12, 2018

@jamesob - No problem. Happy to help.

  • Updated libgpg-error to 1.29
  • Updated gnupg to 2.2.6
@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r May 9, 2018

  • Updated libgpg-error to 1.31
  • Updated gnupg to 2.2.7
Owner

vt0r commented May 9, 2018

  • Updated libgpg-error to 1.31
  • Updated gnupg to 2.2.7
@craigphicks

This comment has been minimized.

Show comment
Hide comment
@craigphicks

craigphicks May 19, 2018

Your script was very helpful. Kudos & Thank you!

Your script was very helpful. Kudos & Thank you!

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jun 8, 2018

@craigphicks - Glad it helped.

  • Updated gnupg to 2.2.8

NOTE: Please upgrade to version 2.2.8 as soon as possible, as this release resolves a fairly significant security vulnerability

Owner

vt0r commented Jun 8, 2018

@craigphicks - Glad it helped.

  • Updated gnupg to 2.2.8

NOTE: Please upgrade to version 2.2.8 as soon as possible, as this release resolves a fairly significant security vulnerability

@vt0r

This comment has been minimized.

Show comment
Hide comment
@vt0r

vt0r Jun 14, 2018

  • Updated libgcrypt to 1.8.3

NOTE: Please also upgrade to libgcrypt version 1.8.3 as soon as possible, as it resolves another significant security vulnerability

Owner

vt0r commented Jun 14, 2018

  • Updated libgcrypt to 1.8.3

NOTE: Please also upgrade to libgcrypt version 1.8.3 as soon as possible, as it resolves another significant security vulnerability

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment