Table of Contents
installation
step1 config.site
prefix $HOME/local/prefix/gnupg-2.2.27
mkdir -p $HOME/local/prefix/gnupg-2.2.27/share cat << EOF > $HOME/local/prefix/gnupg-2.2.27/share/config.site CPPFLAGS=-I$HOME/local/prefix/gnupg-2.2.27/include LDFLAGS=-L$HOME/local/prefix/gnupg-2.2.27/lib EOF
https://stackoverflow.com/questions/7561509/how-to-add-include-and-lib-paths-to-configure-make-cycle
~/local ~/local/share ~/local/include ~/local/lib
mkdir -p ~/local/share cat << EOF > ~/local/share/config.site CPPFLAGS=-I$HOME/local/include LDFLAGS=-L$HOME/local/lib EOF
step2 download
wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.42.tar.bz2 wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.9.2.tar.bz2 wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.7.tar.bz2 wget https://gnupg.org/ftp/gcrypt/libksba/libksba-1.5.0.tar.bz2 wget https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.5.tar.bz2 wget https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.2.0.tar.bz2 wget https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 wget https://gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.1.tar.bz2 wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2 wget https://gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.42.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.9.2.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.7.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/libksba/libksba-1.5.0.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.5.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.2.0.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.1.tar.bz2.sig wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.27.tar.bz2.sig
gpg --verify gnupg-2.2.27.tar.bz2.sig gnupg-2.2.27.tar.bz2 gpg --verify gnupg-2.2.27.tar.bz2.sig
gpg --verify libgcrypt-1.8.7.tar.bz2.sig gpg: assuming signed data in 'libgcrypt-1.8.7.tar.bz2' gpg: Signature made Sat Oct 24 01:31:25 2020 CST gpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
step3 untar
tar xf libgpg-error-1.42.tar.bz2 tar xf libgcrypt-1.8.7.tar.bz2 tar xf libksba-1.5.0.tar.bz2 tar xf libassuan-2.5.5.tar.bz2 tar xf ntbtls-0.2.0.tar.bz2 tar xf pinentry-1.1.1.tar.bz2 tar xf gnupg-2.2.27.tar.bz2 tar xf npth-1.6.tar.bz2
env
gcc --version Configured with: --prefix=/Library/Developer/CommandLineTools/usr --with-gxx-include-dir=/Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk/usr/include/c++/4.2.1 Apple LLVM version 10.0.1 (clang-1001.0.46.4) Target: x86_64-apple-darwin18.7.0 Thread model: posix InstalledDir: /Library/Developer/CommandLineTools/usr/bin
step4 install
./configure –help
cd npth-1.6 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd libgpg-error-1.42 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd libgcrypt-1.8.7 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd libksba-1.5.0 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd libassuan-2.5.5 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd ntbtls-0.2.0 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libgcrypt-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-ksba-prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
cd pinentry-1.1.1 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libassuan-prefix=$HOME/local/prefix/gnupg-2.2.27 \ --disable-pinentry-qt \ --disable-pinentry-qt5 make install cd ..
cd gnupg-2.2.27 #./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 ./configure --prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-ksba-prefix=$HOME/local/prefix/gnupg-2.2.27 \ --with-npth-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libgpg-error-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libgcrypt-prefix=$HOME/local/prefix/gnupg-2.2.27 \ -with-libassuan-prefix=$HOME/local/prefix/gnupg-2.2.27 make install cd ..
step5 PATH, otool -L
export PATH=$HOME/local/prefix/gnupg-2.2.27/bin:$PATH
otool -L /Users/ming/local/prefix/gnupg-2.2.27/bin/gpg /Users/ming/local/prefix/gnupg-2.2.27/bin/gpg: /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11) /usr/lib/libbz2.1.0.dylib (compatibility version 1.0.0, current version 1.0.5) /Users/ming/local/prefix/gnupg-2.2.27/lib/libgcrypt.20.dylib (compatibility version 23.0.0, current version 23.8.0) /Users/ming/local/prefix/gnupg-2.2.27/lib/libgpg-error.0.dylib (compatibility version 33.0.0, current version 33.0.0) /Users/ming/local/prefix/gnupg-2.2.27/lib/libassuan.0.dylib (compatibility version 9.0.0, current version 9.5.0) /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.250.1)
reference
Download https://gnupg.org/download/index.html
How to Build GnuPG 2 from Source on OS X https://carreno.me/articles/how-to-build-gnupg-2-from-source-on-os-x
Integrity Check
Signature Key: public key block
https://gnupg.org/signature_key.html
-----BEGIN PGP PUBLIC KEY BLOCK----- mQENBE0ti4EBCACqGtKlX9jI/enhlBdy2cyQP6Q7JoyxtaG6/ckAKWHYrqFTQk3I Ue8TuDrGT742XFncG9PoMBfJDUNltIPgKFn8E9tYQqAOlpSA25bOb30cA2ADkrjg jvDAH8cZ+fkIayWtObTxwqLfPivjFxEM//IdShFFVQj+QHmXYBJggWyEIil8Bje7 KRw6B5ucs4qSzp5VH4CqDr9PDnLD8lBGHk0x8jpwh4V/yEODJKATY0Vj00793L8u qA35ZiyczUvvJSLYvf7STO943GswkxdAfqxXbYifiK2gjE/7SAmB+2jFxsonUDOB 1BAY5s3FKqrkaxZr3BBjeuGGoCuiSX/cXRIhABEBAAG0Fldlcm5lciBLb2NoIChk aXN0IHNpZymJAVUEEwEIAD8CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEE 2GkhI8QGXepeDzq1JJs50k8l47YFAl4MxBkFCRShVzYACgkQJJs50k8l47YImQf9 HaqHWor+aSmaEwQnaAN0zRa4kPbAWya182aJtsFzLZJf6BbS0aoiMhwtREN/DMvB jzxARKep/cELaM+mc7oDK4mEwqSX/u6BE8D7FaNA9sut8P+4xjpoLPU+UzILMg29 t1remjyT9rs6sbu8BqufIxueArkjoi4WCOSRiVTdw+YDd88volPkXlPfS8hg9Rct wZ8kEEDywa+NrxiLx+kDgDNTNdk3PJdfcnesf8S1a+KLUTNRds5+xGTYz0JSQ9BZ 7Q9r4VQ/NL55muQZi5W7lVxdp3HxQFUNjHzzBfGtkpS4xqZpJvNjW50Wh5Vi5RYZ LZ3M1EuIHXHmRiY4dmqqcpkBDQRUUDsjAQgA5hBwN9F3OqKf+9mXCXUDK4lb5wMj dti96xG04gAn7wWo7On6c5ntriZQuRdR5GHcdw73XC6CFehHeo/eSVYiWqBNBAfE 9UzbkES+cY+4wDzqVacqhKxd70XmHQgyK7ppRG/MwkL1UyArCGGAKN6MV/2fzO6I GQw3jntRue3/2PGGnGaisNAKlvttHWZ91uy4KY5fBM19uQCgZdx4v8/rP0+yQqsW TwJUKvymx5GIfNaCJvgF+v+aPrwspxBMf9jpHXqDXnh4Lo8C/GsQMD6GClVfQjsv vzUHKH2eoL4oNfku+Ua5BuAHYi+uAuzqV9TdpF9PCpQMyPfuuZclMPLdMwARAQAB tDJOSUlCRSBZdXRha2EgKEdudVBHIFJlbGVhc2UgS2V5KSA8Z25paWJlQGZzaWou b3JnPokBPAQTAQgAJgIbAwULBwgJAwQVCAkKBRYCAwEAAh4BAheABQJYDxRZBQkL S5A2AAoJECBxsIozvT8GvG8IAMBIlGz9voYcSSXAdQOuvz2gM2kOjvMHzN6VlS9V P06IjnTz2DnejFZwLmxJw8e8mZjUo0jw22uo1HREQhDrne3S1IazPMeTUCUNzpWF MxXNc6SAyrw9apWa8gouGUWJv3HOwVs8EFA2E9UdtDJ2uG7MY/+eC5K/aeOAyudZ EbvS8rgZypTFrBtBcNKUWZhz7FRn63HxEmYLE3p6I19ZDXrc1WTazF2oz18zym6c uURr6waRbdSemUTshpLnKCBZXzJ82bXBgXNnfdmc3gtS24ZmM3ZfK/rYztEDkiTk s2R1gwDwf5RtDpaf5LD2ufESdbLuT+8blAlscbgYLBcwDquZAY0EWMu6rgEMAKcz vM1IhpUwBpxPCNdrlMZh7XeLqKUd7hUvQ1KHOuDONxCDnfXdxGCKKI0Ds5I7Kkyp Wzvcl7PplRy2fYZWwcGtL+Kj01y4L2lXB/xrrVaVwRr4S0FrcbseUGYRafBpR0C1 Yo24CL1ef4ivsfbER2SyaZ3lrT9Ccv6xfvTluhU8X+2li1ssak/Frvy02u3EORLD LxaaLQgANgsjnIjv/JQZ4l3xFIJT98tEoL18btg5lGrS2w4yFU1aa1SNsbp7vcu7 wsqcJmCzX98LyG8/IBGJ5JXmZ03yzWhZ3uhhy1+Avi4GV4Mi0ADwaGMp6O63Mc3w SL8A/DoCKJLISOc+D5xNfw6C8sYlaOSzQfqY9l4HW/+QbJmEFL2+bnjSHb8yaVU3 ae2IIrlNkZ5Jamp12Kq6x9Vei0xGk3gd4sqhmHhECdxoJtkX9L5gt436QxdjiTcW q3V+NNfq94UJu2Ej2kN0fNT0t9RU2n0P/mS0L+1gw5Ex6BX7BIzGL0bZhYomQwAR AQABiQHOBB8BCAA4FiEEW4DFdUKY8MtV2O1qvO9+KUsJLigFAljLwN0XDIABlKXJ oDwv5co7CV2OH99yPPRitrECBwAACgkQvO9+KUsJLig2Cgv/T4rXEjHwlbsuTkzp tgK80Dh92URzBAhPhSJ0kUz2b6y7FgVYgZ95u8elGUS4lOB0GOQSK3y4sCgldTQF GQpMuvNMX6oNQTv1Z/H9H7Sc6AntozKRA6LQC+7DMxjPh2DEhVLYNqi7gMXtuH8o Xz5+quarw/xbVmuS4UNqcxakd4A/HW6PayRhuju4+oV2+UmGU0etzGVwKSN/UicC 3Re3mUy8SwJFQ9/3EAfiY0SGzSWH1z7bTRg9Ga2ctYDNzUpyQsgLxD6ZRHcONkOo GUMEQ96BeSsjT4yW9ED70CcCbhg+pMxR+lnpk4BZ4WML/plBjEb8B1YaRvhYWKd3 OSVB/JsS6J6Q/y9TTsAJDBLAfw9h7RQKibViuVFSNftAuSdktah5mDwFnL0ZMzVS 3tDVDa5PDqbHEhK55/5EWBg4eNbAukVZmmoLzzERGXuj+LOIRElG3/n3chy1uM73 B6da3al4gDDNHifPsuozpkVN1EAROZx1K9hGGDZC3yFQTjsJtCRBbmRyZSBIZWlu ZWNrZSAoUmVsZWFzZSBTaWduaW5nIEtleSmJAdQEEwEIAD4WIQRbgMV1Qpjwy1XY 7Wq8734pSwkuKAUCWMu6rgIbAwUJEswDAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIX gAAKCRC8734pSwkuKEL9DACEIL5IS9wUty62Bnwd9wK2hmwihXNkTLsOOoi8aCdO ywPwcIucgAcIO+c/t0lbe4y4sJ1KrKbdyOUQiJAyxobLCSV/MkhIDAmsZB1ZIpF3 nfmNekRdCVcMpqX8jAwoBS3Q9m2UJz1LeDCLFCvLF0nbyUnqHZP19UOvxmzAyZMA Ub3W5y1+GMo4yA+3xSFI8ZbjzhawixCCRs69/4p+zCXR4e7LBf6koAHllD/0ZULp SDjF+t2IkvRrMlM+e+Mxjklinr8v1FRGzmE/kCcdHaP88+iwC2wUKOZtFs4yIBLO SWdQk9tLPmR8uWgNZmatRJyNvOaxd6EbK3jfckbJGFkmXjH+M9vMqFpoAewZ359F qjq+Us7AXLAMNUynom7IrtR5Rvsjx6RNtKQYUD6XY5rc7r9js9iGruHDAAW5lyRg j3wikc0IbV9L1bTsXIp29BsrU9sXUkVEp+xQJZgwqoOduoSjmOK88QdkibDqJiGF dzIRiXx+Nxv1Pr9L7A4/tq+YMwRfQ+WJFgkrBgEEAdpHDwEBB0DPvkeV6RzXomGF 8jQwp0RXEt2TGFwwI7RkbpYwECY2l7QfV2VybmVyIEtvY2ggKGRpc3Qgc2lnbmlu ZyAyMDIwKYiaBBMWCgBCFiEEbapuZKdtKEBXG0kCUoiXuCZAOtoFAl9D7DUCGwMF CRKFxxEFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEFKIl7gmQDraea4A /24v8c50HSC/Basf4WlREkuzhudplo8iT0BGtTQRdGAmAP9gIZ8dBekg9PRlpe7A l7ErThn6owVH9szWrUt6jkKOBg== =h7e4 -----END PGP PUBLIC KEY BLOCK-----
step1 gpg
gpg --version gpg (GnuPG) 2.2.5 libgcrypt 1.8.2
verify
gpg --verify gnupg-2.2.27.tar.bz2.sig gpg: assuming signed data in 'gnupg-2.2.27.tar.bz2' gpg: Signature made Tue Jan 12 02:17:18 2021 CST gpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA gpg: Can't check signature: No public key
step2 list key
gpg --list-keys
It is empty output in my case.
step3 import key
gpg --import public.key
gpg --list-keys /pretir/008/.gnupg/pubring.kbx ------------------------------ pub rsa2048 2011-01-12 [SC] [expires: 2021-12-31] D8692123C4065DEA5E0F3AB5249B39D24F25E3B6 uid [ unknown] Werner Koch (dist sig) pub rsa2048 2014-10-29 [SC] [expired: 2020-10-30] 031EC2536E580D8EA286A9F22071B08A33BD3F06 uid [ expired] NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org> pub rsa3072 2017-03-17 [SC] [expires: 2027-03-15] 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28 uid [ unknown] Andre Heinecke (Release Signing Key) pub ed25519 2020-08-24 [SC] [expires: 2030-06-30] 6DAA6E64A76D2840571B4902528897B826403ADA uid [ unknown] Werner Koch (dist signing 2020)
step4 verify
gpg --verify gnupg-2.2.27.tar.bz2.sig gpg: assuming signed data in 'gnupg-2.2.27.tar.bz2' gpg: Signature made Tue Jan 12 02:17:18 2021 CST gpg: using EDDSA key 6DAA6E64A76D2840571B4902528897B826403ADA gpg: Good signature from "Werner Koch (dist signing 2020)" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6DAA 6E64 A76D 2840 571B 4902 5288 97B8 2640 3ADA
misc: gpg1, seems not working
gpg1 --version gpg (GnuPG) 1.4.23
gpg1 --import public.key
gpg1 --list-keys /Users/ming/.gnupg/pubring.gpg ------------------------------ pub 2048R/4F25E3B6 2011-01-12 [expires: 2021-12-31] uid Werner Koch (dist sig) pub 2048R/33BD3F06 2014-10-29 [expired: 2020-10-30] uid NIIBE Yutaka (GnuPG Release Key) <gniibe@fsij.org> pub 3072R/4B092E28 2017-03-17 [expires: 2027-03-15] uid Andre Heinecke (Release Signing Key)
gpg1 --verify libgcrypt-1.8.7.tar.bz2.sig gpg: assuming signed data in `libgcrypt-1.8.7.tar.bz2' gpg: Signature made Sat Oct 24 01:31:25 2020 CST using ? key ID 26403ADA gpg: Can't check signature: unknown pubkey algorithm
misc
https://superuser.com/questions/594116/clean-up-my-gnupg-keyring gpg –delete-key "User Name"
Further Reading
What does a PGP signature on a git commit prove? https://people.kernel.org/monsieuricon/what-does-a-pgp-signature-on-a-git-commit-prove
Protecting Code Integrity guide https://github.com/lfit/itpol/blob/master/protecting-code-integrity.md
GnuPG 1 vs. 2 Making sure you always use GnuPG v.2
Kernel Maintainer PGP Guide. https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html