gnupg

pinotj at club-internet.fr pinotj at club-internet.fr
Sun Mar 27 04:35:56 PST 2005


oops, forgot the list. Sorry for double post, Robert.

here is the patch. You can find it here too (will be removed later):
http://ngc891.blogdns.net/projects/hlfs/hlfs-429-gnupg-1.patch 

--8<----------------------------
diff -Naur HLFS/BOOK/security/gnupg.xml HLFS-mod/BOOK/security/gnupg.xml
--- HLFS/BOOK/security/gnupg.xml	1970-01-01 00:00:00.000000000 +0000
+++ HLFS-mod/BOOK/security/gnupg.xml	2005-03-27 08:20:06.783754704 +0000
@@ -0,0 +1,152 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN" "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../general.ent">
+  %general-entities;
+
+<!-- Don't forget to time the build and check build size, etc.-->
+
+<!ENTITY gnupg-download-http "http://public.ftp.planetmirror.com/pub/gnupg/gnupg-&gnupg-version;.tar.bz2">
+<!ENTITY gnupg-download-ftp "ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-&gnupg-version;.tar.bz2">
+<!ENTITY gnupg-size "?? KB">
+<!ENTITY gnupg-buildsize "?? MB">
+<!ENTITY gnupg-time "?? SBU">
+<!ENTITY gnupg-version "1.4.1">
+
+]>
+<sect1 id="GnuPG" role="wrap" xreflabel="GnuPG-&gnupg-version;">
+<title>GnuPG-&gnupg-version;</title>
+<?dbhtml filename="gnupg.html"?>
+
+<indexterm zone="GnuPG"><primary sortas="a-GnuPG">GnuPG</primary></indexterm>
+
+<sect2 role="package"><title/>
+
+<para>The <application>GnuPG</application> package contains a 
+public/private key encryptor. This is becoming useful for signing files or emails 
+as proof of identity and preventing tampering with contents of the file or email.
+</para>
+
+<segmentedlist>
+<segtitle>Download (HTTP)</segtitle>
+<segtitle>Download (FTP)</segtitle>
+<segtitle>Download size</segtitle>
+<segtitle>&buildtime;</segtitle>
+<segtitle>&diskspace;</segtitle>
+<seglistitem>
+<seg><ulink url="&gnupg-download-http;"/></seg>
+<seg><ulink url="&gnupg-download-ftp;"/></seg>
+<seg>&gnupg-size;</seg>
+<seg>&gnupg-time;</seg>
+<seg>&gnupg-buildsize;</seg>
+</seglistitem>
+</segmentedlist>
+
+<bridgehead renderas="sect3">Additional downloads</bridgehead>
+<itemizedlist>
+<listitem><para>Required Patch to increase password 
+iteration and thus slow down dictionary attacks against gpg encrypted key files: <ulink
+url="&patches-root;gnupg-&gnupg-version;-loop_AES-3.0c.patch"/></para></listitem>
+</itemizedlist>
+
+</sect2>
+
+<sect2 role="installation">
+<title>Installation of GnuPG</title>
+
+<para>Apply the patch:</para>
+
+<screen><userinput>patch -Np1 -i ../gnupg-&gnupg-version;-loop_AES-3.0c.patch</userinput></screen>
+
+<para>Fix makefiles to use -pie:</para>
+
+<screen><userinput>sed -e 's/^CFLAGS .*$/& -pie -fpie/' -i `find . -name Makefile.in`
+</userinput></screen>
+
+<para>Prepare GnuPG for compilation:</para>
+
+<screen><userinput>./configure --prefix=/usr --enable-static-rnd=linux \
+ --libexecdir=/usr/lib</userinput></screen>
+
+<para>The meaning of the configure options:</para>
+
+<variablelist>
+<varlistentry>
+<term><parameter>--enable-static-rnd=linux</parameter></term>
+<listitem><para>This flag forces GnuPG to use <filename class="device">/dev/random</filename> 
+for access to random data.</para></listitem>
+</varlistentry>
+</variablelist>
+
+<variablelist>
+<varlistentry>
+<term><parameter>--libexecdir=/usr/lib</parameter></term>
+<listitem><para>This command creates a <filename>gnupg</filename> directory in 
+<filename>/usr/lib</filename> instead of <filename>/usr/libexec</filename>.</para></listitem>
+</varlistentry>
+</variablelist>
+
+<para>Compile the package:</para>
+
+<screen><userinput>make</userinput></screen>
+
+<para>Now, as the root user, install the package:</para>
+
+<screen><userinput>make install &&
+chmod 4755 /usr/bin/gpg</userinput></screen>
+
+<variablelist>
+<varlistentry>
+<term><parameter>chmod 4755 /usr/bin/gpg</parameter></term>
+<listitem><para>gpg is installed setuid root to avoid swapping out sensitive data.</para></listitem>
+</varlistentry>
+</variablelist>
+</sect2>
+
+
+<sect2 role="content"><title>Contents of GnuPG</title>
+
+<segmentedlist>
+<segtitle>Installed programs</segtitle>
+<segtitle>Installed libraries</segtitle>
+<segtitle>Installed directories</segtitle>
+<seglistitem><seg>gpg, gpgsplit and gpgv</seg>
+<seg>none</seg>
+<seg>/usr/lib/gnupg and /usr/share/gnupg</seg>
+</seglistitem>
+</segmentedlist>
+
+<variablelist><bridgehead renderas="sect3">Short Descriptions</bridgehead>
+<?dbfo list-presentation="list"?>
+<?dbhtml list-presentation="table"?>
+
+<varlistentry id="gpg">
+<term><command>gpg</command></term>
+<listitem><para>is the backend (command-line interface) for this 
+OpenPGP implementation.</para>
+<indexterm zone="GnuPG gpg">
+<primary sortas="b-gpg">gpg</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="gpgsplit">
+<term><command>gpgsplit</command></term>
+<listitem><para>separates key rings.</para>
+<indexterm zone="GnuPG gpgsplit">
+<primary sortas="b-gpgsplit">gpgsplit</primary></indexterm>
+</listitem>
+</varlistentry>
+
+<varlistentry id="gpgv">
+<term><command>gpgv</command></term>
+<listitem><para>is a verify only version of gpg.</para>
+<indexterm zone="GnuPG gpgv">
+<primary sortas="b-gpgv">gpgv</primary></indexterm>
+</listitem>
+</varlistentry>
+
+</variablelist>
+
+</sect2>
+
+</sect1>
+
diff -Naur HLFS/BOOK/security/security.xml HLFS-mod/BOOK/security/security.xml
--- HLFS/BOOK/security/security.xml	2005-03-27 06:10:08.265657104 +0000
+++ HLFS-mod/BOOK/security/security.xml	2005-03-27 07:55:55.556374800 +0000
@@ -10,5 +10,6 @@
 
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="introduction.xml"/>
 <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssl.xml"/>
+<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="gnupg.xml"/>
 
 </chapter>
--8<----------------------------




More information about the hlfs-dev mailing list