Beyond Linux® From Scratch - Version 7.9

Chapter 4. Security

GnuPG-2.1.11

Introduction to GnuPG

The GnuPG package is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and S/MIME.

This package is known to build and work properly using an LFS-7.9 platform.

Package Information

GnuPG 2 Dependencies

Required

Libassuan-2.4.2, libgcrypt-1.6.5, Libksba-1.3.3, and NPth-1.2

Recommended

PIN-Entry-0.9.7 (Run-time requirement for most of the package's functionality)

Optional

cURL-7.47.1, libusb-compat-0.1.5, an MTA, OpenLDAP-2.4.44, SQLite-3.11.0, texlive-20150521 (or install-tl-unx), and GNU adns

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/gnupg2

Installation of GnuPG

[Warning]

Warning

If you are upgrading from gnupg prior to version 2.1, upstream developers recommend to backup ~/.gnupg, because some additional configuration will probably be necessary, and you could lose your keys. You can find instructions at http://jo-ke.name/wp/?p=111 and https://wiki.archlinux.org/index.php/GnuPG#.22Lost.22_keys.2C_upgrading_to_gnupg_version_2.1.

If the top directory path where the source is unpacked contains symbolic links, the openpgp tests might fail. If this is your case and you wish to run the test suite, fix that with: 

sed -e 's|\(GNUPGHOME\)=\$(abs_builddir)|\1=`/bin/pwd`|' \
    -i tests/openpgp/Makefile.in

Install GnuPG by running the following commands: 

./configure --prefix=/usr \
            --enable-symcryptrun \
            --docdir=/usr/share/doc/gnupg-2.1.11 &&
make &&

makeinfo --html --no-split \
         -o doc/gnupg_nochunks.html doc/gnupg.texi &&
makeinfo --plaintext       \
         -o doc/gnupg.txt           doc/gnupg.texi

If you have texlive-20150521 installed and you wish to create documentation in alternate formats, issue the following commands: 

make -C doc pdf ps html

To test the results, issue: make check.

Note that if you have already installed GnuPG, the instructions below will overwrite /usr/share/man/man1/gpg-zip.1. Now, as the root user: 

make install &&

install -v -m755 -d /usr/share/doc/gnupg-2.1.11/html            &&
install -v -m644    doc/gnupg_nochunks.html \
                    /usr/share/doc/gnupg-2.1.11/html/gnupg.html &&
install -v -m644    doc/*.texi doc/gnupg.txt \
                    /usr/share/doc/gnupg-2.1.11

We recommend the creation of symlinks for compatibility with the first version of GnuPG, because some programs or scripts need them. Issue, as root user: 

for f in gpg gpgv
do
  ln -svf ${f}2.1 /usr/share/man/man1/$f.1 &&
  ln -svf ${f}2   /usr/bin/$f
done
unset f

If you created alternate formats of the documentation, install it using the following command as the root user: 

install -v -m644 doc/gnupg.html/* \
                 /usr/share/doc/gnupg-2.1.11/html &&
install -v -m644 doc/gnupg.{pdf,dvi,ps} \
                 /usr/share/doc/gnupg-2.1.11

Command Explanations

--docdir=/usr/share/doc/gnupg-2.1.11: This switch changes the default docdir to /usr/share/doc/gnupg-2.1.11.

--enable-symcryptrun: This switch enables building the symcryptrun program.

--enable-g13: This switch enables building the g13 program.

Contents

Installed Programs: addgnupghome, applygnupgdefaults, dirmngr, dirmngr-client, g13, gpg-agent, gpg-connect-agent, gpg, gpg2, gpgconf, gpgparsemail, gpgsm, gpgtar, gpgv, gpgv2, kbxutil, symcryptrun, and watchgnupg
Installed Libraries: None
Installed Directories: /usr/share/doc/gnupg-2.1.11 and /usr/share/gnupg

Short Descriptions

addgnupghome

is used to create and populate user's ~/.gnupg directories

applygnupgdefaults

is a wrapper script used to run gpgconf with the --apply-defaults parameter on all user's GnuPG home directories.

dirmngr

is a tool that takes care of accessing the OpenPGP keyservers.

dirmngr-client

is a tool to contact a running dirmngr and test whether a certificate has been revoked.

g13

is a tool to create, mount or unmount an encrypted file system container (optional).

gpg-agent

is a daemon used to manage secret (private) keys independently from any protocol. It is used as a backend for gpg2 and gpgsm as well as for a couple of other utilities.

gpg-connect-agent

is a utility used to communicate with a running gpg-agent.

gpg

(optional) is a symlink to gpg2 for compatibility with the first version of GnuPG.

gpg2

is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool used to provide digital encryption and signing services using the OpenPGP standard.

gpgconf

is a utility used to automatically and reasonably safely query and modify configuration files in the ~/.gnupg home directory. It is designed not to be invoked manually by the user, but automatically by graphical user interfaces.

gpgparsemail

is a utility currently only useful for debugging. Run it with --help for usage information.

gpgsm

is a tool similar to gpg2 used to provide digital encryption and signing services on X.509 certificates and the CMS protocol. It is mainly used as a backend for S/MIME mail processing.

gpgtar

is a tool to encrypt or sign files into an archive.

gpgv

(optional) is a symlink to gpgv2 for compatibility with the first version of GnuPG.

gpgv2

is a verify only version of gpg2.

kbxutil

is used to list, export and import Keybox data.

symcryptrun

is a simple symmetric encryption tool.

watchgnupg

is used to listen to a Unix Domain socket created by any of the GnuPG tools.

Last updated on 2016-02-26 19:14:42 -0800