Skip to content

Instantly share code, notes, and snippets.

@mattrude
Last active July 1, 2024 22:00
Show Gist options
  • Save mattrude/3883a3801613b048d45b to your computer and use it in GitHub Desktop.
Save mattrude/3883a3801613b048d45b to your computer and use it in GitHub Desktop.
GnuPG 2.1.18 Build Instructions for Ubuntu 16.04 LTS

GnuPG 2.1.20 Build Instructions

Below you is my build instructions for GnuPG 2.1.20 released on 03-Apr-2017. These instructions are built for a headless Ubuntu 16.04 LTS server.

Or if you wish, you may use the install script to install GnuPG 2.1.20 by entring the following:

curl -sL "https://gist.github.com/mattrude/3883a3801613b048d45b/raw/install-gnupg2.sh" |sh

Install the needed depends

apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin \
build-essential g++

Setup the build

mkdir -p /var/src/gnupg21 && cd /var/src/gnupg21
gpg --list-keys
gpg --recv-keys 0x4F25E3B6 0xE0856959 0x33BD3F06 0x7EFD60D9 0xF7E48EDB

Installing libgpg-error 1.27

wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz.sig && \
gpg --verify libgpg-error-1.27.tar.gz.sig && tar -xzf libgpg-error-1.27.tar.gz && \
cd libgpg-error-1.27/ && ./configure && make && make install && cd ../

Installing libgcrypt 1.7.6

wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz.sig && \
gpg --verify libgcrypt-1.7.6.tar.gz.sig && tar -xzf libgcrypt-1.7.6.tar.gz && \
cd libgcrypt-1.7.6 && ./configure && make && make install && cd ../

Installing libassuan 2.4.3

wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
gpg --verify libassuan-2.4.3.tar.bz2.sig && tar -xjf libassuan-2.4.3.tar.bz2 && \
cd libassuan-2.4.3 && ./configure && make && make install && cd ../

Installing libksba 1.3.5

wget -c  ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../

Installing npth 1.3

wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.3.tar.bz2.sig && \
gpg --verify npth-1.3.tar.bz2.sig && tar -xjf npth-1.3.tar.bz2 && \
cd npth-1.3 && ./configure && make && make install && cd ../

Install ncurses 6.0

wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz.sig && \
gpg --verify ncurses-6.0.tar.gz.sig && tar -xzf ncurses-6.0.tar.gz && \
cd ncurses-6.0 && export CPPFLAGS="-P" && ./configure && make && make install && cd ../

Install pinentry 1.0.0

wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-1.0.0.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-1.0.0.tar.bz2.sig && \
gpg --verify pinentry-1.0.0.tar.bz2.sig && tar -xjf pinentry-1.0.0.tar.bz2 && \
cd pinentry-1.0.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../

Install GnuPG 2.1.20

wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig && \
gpg --verify gnupg-2.1.20.tar.bz2.sig && tar -xjf gnupg-2.1.20.tar.bz2 && \
cd gnupg-2.1.20 && ./configure && make && make install && echo $?

Finishing the build

echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v
#!/bin/bash
apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin build-essential g++
mkdir -p /var/src/gnupg21 && cd /var/src/gnupg21
gpg --list-keys
gpg --recv-keys 0x4F25E3B6 0xE0856959 0x33BD3F06 0x7EFD60D9 0xF7E48EDB
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz && \
wget -c ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.7.6.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.2.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/npth/npth-1.2.tar.bz2.sig && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz && \
wget -c ftp://ftp.gnu.org/gnu/ncurses/ncurses-6.0.tar.gz.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.5.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.5.tar.bz2.sig && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2 && \
wget -c ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.20.tar.bz2.sig && \
gpg --verify libgpg-error-1.27.tar.gz.sig && tar -xzf libgpg-error-1.27.tar.gz && \
gpg --verify libgcrypt-1.7.6.tar.gz.sig && tar -xzf libgcrypt-1.7.6.tar.gz && \
gpg --verify libassuan-2.4.3.tar.bz2.sig && tar -xjf libassuan-2.4.3.tar.bz2 && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
gpg --verify npth-1.2.tar.bz2.sig && tar -xjf npth-1.2.tar.bz2 && \
gpg --verify ncurses-6.0.tar.gz.sig && tar -xzf ncurses-6.0.tar.gz && \
gpg --verify pinentry-0.9.5.tar.bz2.sig && tar -xjf pinentry-0.9.5.tar.bz2 && \
gpg --verify gnupg-2.1.20.tar.bz2.sig && tar -xjf gnupg-2.1.20.tar.bz2 && \
cd libgpg-error-1.27/ && ./configure && make && make install && cd ../ && \
cd libgcrypt-1.7.6 && ./configure && make && make install && cd ../ && \
cd libassuan-2.4.3 && ./configure && make && make install && cd ../ && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../ && \
cd npth-1.2 && ./configure && make && make install && cd ../ && \
cd ncurses-6.0 && ./configure && make && make install && cd ../ && \
cd pinentry-0.9.5 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-2.1.20 && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"
@mattrude
Copy link
Author

mattrude commented Oct 2, 2015

@heypete, I have not looked into making a deb packet for gnupg2 yet, but if you get anywhere with it, let me know.

@NoSubstitute, I am able to run both at the same time, but if your not receive compile errors, then I think your safe to let it ride. I will look into why this is the case shortly.

@NoSubstitute
Copy link

Yeah, including both libgnutls-dev and libgnutls28-dev on my Ubuntu-based systems doesn't work. Excluding the 28, it seems to work just fine. Haven't noticed any compile or usage errors.

On a side note, perhaps it could be worth to mention that the compile has to be done by root or the script and manual commands will fail. (Perhaps it's only us sudo-nerds that expect things to work as non-root and ask for root when needed. :-)

@djha-skin
Copy link

@heypete, you can use fpm to package it like this:

cd libgpg-error-1.20/ && mkdir fpm && ./configure && make DESTDIR=fpm && make install && fpm -s dir -t deb -C fpm -n libgpg-error -v 1.20 && cd ../ && \

similar for the rest of the packages.

@naftulikay
Copy link

@djhaskin987 Have you been successfully able to do this?

I'd like to automate that packaging process as much as is possible. Check out my vagrant-gnupg-modern project, it creates a VM and automates the entire process above.

What I'd really like to do is create DEB packages for all of the artifacts above. The problem I've had is determining which package owns which file, etc. Will your DESTDIR hack work to put things in their respective paths? ie: can I do the following?

libgpg-error:
    make DESTDIR=/vagrant/build/libgpg-error-1.20
libgcrypt:
    make DESTDIR=/vagrant/build/libgcrypt-1.6.4

etc. I'd be happy to package them if I could figure out how best to automate it and shove everything under a single path so I could do:

( cd /vagrant/build/libgpg-error-1.20 && fpm -s dir -t deb -n libgpg-error -v 1.20 usr/ )

@NoSubstitute
Copy link

Update to 2.1.9 went like a charm.
Yeah, I removed the libgnutls28-dev as before, prior to testing.

@mattrude
Copy link
Author

@NoSubstitute, confirmed and updated.

@NoSubstitute
Copy link

2.1.10 curl oneliner ran as smooth as a baby's bottom.

@ddavidebor
Copy link

I get the following error i can't fix on ubuntu 14.04.3:

***
*** You need libgpg-error to build this program.
**  This library is for example available at
***   ftp://ftp.gnupg.org/gcrypt/libgpg-error
*** (at least version 1.21 is required.)
***
configure: error: 
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***

libgpg-error appears however to be correctly installed.

@NoSubstitute
Copy link

I get the exact same error.
This on the same system as I have installed all previous versions using your script, Matt.

@NoSubstitute
Copy link

I see that there is a 1.21 of libpg-error available.
ftp://ftp.gnupg.org/gcrypt/libgpg-error/libgpg-error-1.21.tar.gz

So I guess one just has to update that part of the script to make it work.

@ddavidebor
Copy link

I've opened a git repo, because it's quite cumbersome to get around all the gists, forks and their updates
https://github.com/fermiumlabs/GnuPG-Modern-Ubuntu-Build-Scripts

@NoSubstitute
Copy link

There is also an update for pinentry.
ftp://ftp.gnupg.org/gcrypt/pinentry/pinentry-0.9.7.tar.bz2

But, I'm not sure if updating to it is a good idea. Can't remember exactly, but I have a faint memory of newer versions not working as well. Don't quote me on that, though, and please, do test.

Also, someone forked this script to include those two updated versions.
https://gist.github.com/vt0r/a2f8c0bcb1400131ff51

@NoSubstitute
Copy link

Ok, @ddavidebor, but the content on your page is quite outdated.
I mean, the actual gpg build.

@NoSubstitute
Copy link

Installing the latest, I received this warning.
Perhaps gpg-agent also needs to be included in the script, or is the 2.1.11 build including an old gpg-agent?

gpg: WARNING: server 'gpg-agent' is older than us (2.1.10 < 2.1.11)

@NoSubstitute
Copy link

Turns out the old gpg-agent was still running.
I shut it down with
$ gpg-connect-agent /bye
and no more errors.

@roberto68
Copy link

roberto68 commented Apr 26, 2016

I get this. In file included from ../ncurses/curses.priv.h:283:0, from ../ncurses/lib_gen.c:19: _22044.c:835:15: error: expected ‘)’ before ‘int’ ../include/curses.h:1594:56: note: in definition of macro ‘mouse_trafo’ #define mouse_trafo(y,x,to_screen) wmouse_trafo(stdscr,y,x,to_screen) when trying to build ncurses but I cannot find the _22044.c anywhere

@RuinedSubmartingale
Copy link

@mattrude Thanks for putting together these instructions. What exactly does echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v do? I had put installing gpg v2.1 on the back burner for a few weeks because I was stuck on the following error after going through what I thought was the correct installation process several times from scratch.

gpg2: /lib/x86_64-linux-gnu/libgpg-error.so.0: no version information available (required by gpg2)
gpg2: relocation error: gpg2: symbol gpgrt_set_alloc_func, version GPG_ERROR_1.0 not defined in file libgpg-error.so.0 with link time reference

Your last line for "finishing the build" perfectly solved this error. I'm so glad I have it working now. Thanks :)!

@RuinedSubmartingale
Copy link

@mattrude Well I thought i finally had everything set up right, but I'm still not able to get gpg2 to work properly. It partly works. I can view keys I've received so far, but I can't generate a new key. When I attempt to run gpg2 --debug-level advanced --expert --full-gen-key , I get the following error:

gpg: agent_genkey failed: No pinentry
Key generation failed: No pinentry

I don't know what to do about this. Any help?

@zerbey
Copy link

zerbey commented Jul 27, 2016

Works great on 12.04 also, many thanks for the guide.

@instagibbs
Copy link

gnupg-2.1.12 says it requires libgpg-error-1.21 or greater. Upgrading to that version fixed it to allow installation.

@NoSubstitute
Copy link

2.1.16 released a little over a week ago.

@Watzmann
Copy link

Watzmann commented Mar 3, 2017

I need to install gnupg > v2.1.11 or more precisely libgcrypt >= 1.7.6 to handle elliptic keys of type ed25519.
I work with Ubuntu 16.04.2 LTS.
These scripts only partly worked for me. Here my experience:

  • the handy "curl ....." line didn't work,

  • downloading "install-gnupg2.sh" as displayed above didn't work

    • it actually is designed to build gnupg-2.1.12 only
    • it builds libgpg-error-1.20 but I get error messages asking for libgpg-error-1.21+
    • even with libgpg-error-1.21 I get errors during compilation
      I gave up
  • success: step by step building using those individual steps as displayed above did work

    • I find the proper version of gnupg v2.1.18 in /usr/local/bin
    • the libgcrypt employed now is v1.7.6
    • elliptic keys can be used to encrypt and are handled correctly

Thanks for your help :)

@mirumu
Copy link

mirumu commented Mar 9, 2017

Adding the following line as the second line in the script fixes the ncurses "expected ‘)’ before ‘int’" error seen by @roberto68
export CPPFLAGS="-P"

I was able to build version 2.1.19 using the script, the latest version as I type. I just had to manually update the various package versions to match the latest shown in the table on gnupg.org's download page.

Many thanks for putting this together @mattrude.

@jgburet
Copy link

jgburet commented Jul 5, 2017

For later reads, the compiled binary ends at /usr/local/bin/gpg2 on Mint/Ubuntu.
So you just need to

sudo mv /usr/bin/gpg /usr/bin/gpg1
sudo ln -s /usr/local/bin/gpg2 /usr/bin/gpg

I struggled too long to find it 🙈

@racitup
Copy link

racitup commented Oct 17, 2017

On Ubuntu 16.04.3 using revision 47, the curl command failed at building ncurses for the export CPPFLAGS="-P" reason.
The description has been updated but unfortunately not the shell script..
Don't forget to do sudo su first. You paradoxically need gnupg installed, but Ubuntu won't let you uninstall both gnupg and gnupg2 it would seem.
Thanks @mirumu and @mattrude

@jgburet since this script installs gpg2 into /usr/local/bin which is by default before /usr/bin in your PATH, you just need to do the following instead of moving gpg:
sudo ln -s /usr/local/bin/gpg2 /usr/local/bin/gpg

@wuliuxiansheng
Copy link

I think you need to update keys in order to finish installation.

@rasa
Copy link

rasa commented Mar 12, 2018

This works for 2.2.5:

#!/usr/bin/env bash

set -e -x

sudo apt-get update
sudo apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential g++

mkdir -p gnupg22
pushd gnupg22

wget -c https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz{,.sig}
wget -c https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.2.tar.gz{,.sig}
wget -c https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2{,.sig} 
wget -c https://gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2{,.sig}
wget -c https://gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2{,.sig}
wget -c https://ftp.gnu.org/gnu/ncurses/ncurses-6.1.tar.gz{,.sig}
wget -c https://gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2{,.sig}
wget -c https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.5.tar.bz2{,.sig}

gpg --list-keys
gpg --recv-keys 0x4F25E3B6 0xE0856959 0x33BD3F06 0x7EFD60D9 0xF7E48EDB

for i in *.sig; do
	gpg --verify "$i"
done
for i in *.gz; do
	tar -xzf "$i"
done
for i in *.bz2; do
  tar -xjf "$i"
done
dirs="libgpg-error libgcrypt libassuan libksba npth ncurses pinentry gnupg"
for i in $dirs; do
	CONFIGURE_OPTS=
	if [[ "$i" =~ ^pinentry ]]; then
		CONFIGURE_OPTS="${CONFIGURE_OPTS} --enable-pinentry-curses --disable-pinentry-qt4"
	fi
	pushd $i*/
	./configure $CONFIGURE_OPTS
	make
	sudo make install
	popd
done
sudo tee -a /etc/ld.so.conf.d/gpg2.conf <<<"/usr/local/lib"
sudo ldconfig -v
echo "Complete!!!"
popd

@tuttlem
Copy link

tuttlem commented Oct 18, 2018

Thanks for this!

In order to get ncurses-6.0 to build, I needed the following:

export CPPFLAGS="-P"

@kailash-c
Copy link

kailash-c commented Jul 21, 2021

Thanks for script.
But I face a problem related to supported compression algorithms.

After Installation:

gpg (GnuPG) 2.2.5
libgcrypt 1.8.2
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed

I want ZLIB, ZIP, BZIP2 in compression algorithm list.
So Is there any way to support for above compression algorithm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment