Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/rnpgp/gpg-build-scripts

Build scripts to automatically install GnuPG (GNU Privacy Guard) on Linux
https://github.com/rnpgp/gpg-build-scripts

Last synced: 4 months ago
JSON representation

Build scripts to automatically install GnuPG (GNU Privacy Guard) on Linux

Awesome Lists containing this project

README 

          
= GPG Build Scripts



A set of build scripts for GNU Privacy Guard.



[options="header"]

|==========================

|OS \ GPG version |2.1, 2.2  |latest   |head



|Fedora 33

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33.yml/badge.svg["Fedora 33", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-latest.yml/badge.svg["Fedora 33 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-head.yml/badge.svg["Fedora 33 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-head.yml"]



|CentOS 8

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8.yml/badge.svg["CentOS 8", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-latest.yml/badge.svg["CentOS 8 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-head.yml/badge.svg["CentOS 8 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-head.yml"]



|CentOS 7

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7.yml/badge.svg["CentOS 7", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-latest.yml/badge.svg["CentOS 7 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-head.yml/badge.svg["CentOS 7 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-head.yml"]



|Ubuntu 20.04

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04.yml/badge.svg["Ubuntu 20.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-latest.yml/badge.svg["Ubuntu 20.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-head.yml/badge.svg["Ubuntu 20.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-head.yml"]



|Ubuntu 18.04

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04.yml/badge.svg["Ubuntu 18.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-latest.yml/badge.svg["Ubuntu 18.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-head.yml/badge.svg["Ubuntu 18.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-head.yml"]



|Ubuntu 16.04

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04.yml/badge.svg["Ubuntu 16.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-latest.yml/badge.svg["Ubuntu 16.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-head.yml/badge.svg["Ubuntu 16.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-head.yml"]



|Ubuntu 14.04

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04.yml/badge.svg["Ubuntu 14.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-latest.yml/badge.svg["Ubuntu 14.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-head.yml/badge.svg["Ubuntu 14.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-head.yml"]



|macOS 11.0

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0.yml/badge.svg["macOS 11.0", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-latest.yml/badge.svg["macOS 11.0 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-head.yml/badge.svg["macOS 11.0 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-head.yml"]



|macOS 10.15

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15.yml/badge.svg["macOS 10.15", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-latest.yml/badge.svg["macOS 10.15 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-latest.yml"]

|image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-head.yml/badge.svg["macOS 10.15 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-head.yml"]

|==========================



image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/docker.yml/badge.svg["Docker", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/docker.yml"]



== Prerequisites



Build should succeed on any Linux distribution, and similar systems.  Popular

GNU build tools are required.  For Ubuntu, following packages should be enough:

`libgnutls28-dev`, `bzip2`, `make`, `gettext`, `texinfo`, `gnutls-bin`,

`build-essential`, `g++`.  (List taken from this comment:

https://gist.github.com/mattrude/3883a3801613b048d45b#gistcomment-2378027).



When building from Git, additional software is needed, in particular Git,

Automake, and a recent version of Gettext.  Note that Gettext available in

Ubuntu Trusty is too old for this purpose--this fact must be taken into account

when building from Git in CI environment.



== Scripts



TIP: Most likely you'll want to run `install_gpg_all.sh`, however

`install_gpg_component.sh` gives greater flexibility.  Oh, and check out

the `examples` subdirectory.



=== `install_gpg_component.sh`



Builds and installs a specific component of GnuPG.  The source code is obtained

either from released tarballs, or from Git repository.



When building stable releases from tarballs, two options are mandatory:



* `--component-name`, which specifies a component name

* `--component-version`, which specifies component version (can be `latest`)



.Example: building the most recent release of Pinentry.

[source,bash]

----

./install_gpg_component.sh \

  --component-name pinentry \

  --component-version latest

----



.Example: building Pinentry version 1.1.0.

[source,bash]

----

./install_gpg_component.sh \

  --component-name pinentry \

  --component-version 1.1.0

----



When building from Git repository, two options are mandatory:



* `--component-name`, which specifies a component name

* `--component-git-ref`, which specifies a Git branch or tag (commonly `master`)



.Example: building Pinentry from Git as of current master.

[source,bash]

----

./install_gpg_component.sh \

  --component-name pinentry \

  --component-git-ref master

----



For a complete list available options, run the script with `--help` option:



.Example: printing script help.

[source,bash]

----

./install_gpg_component.sh --help

----



=== `install_gpg_all.sh`



Builds and installs all components of GnuPG (but not GPGME, which must be

installed separately via `install_gpg_component.sh` if desired).



The `--suite-version` parameter describes the combination of component versions.

Supported values are: `2.1`, `2.2`, `latest`, and `master`, which are defined as

follows:



* `2.1` means GnuPG 2.1, and other component as in this Gist:

  https://gist.github.com/mattrude/3883a3801613b048d45b

* `2.2` means GnuPG 2.1, and other component as in this Gist:

  https://gist.github.com/vt0r/a2f8c0bcb1400131ff51

* Currently no all in one support for explicit versioning with 

  `2.3`, `2.4`, etc. arguments yet. Use `latest` instead.

* `latest` means the latest version of GnuPG and all its components.  They are

  obtained from https://versions.gnupg.org/swdb.lst, which is maintained by

  GnuPG developers, and which is used by GnuPG's stock software updater.

* `master` means whatever is currently on `master` branch in Git.



TIP: Prefer `latest` over explicit versioning.



Any other arguments are passed to `install_gpg_component.sh`, which is invoked

from `install_gpg_all.sh` for every component once.  For example, following

snippet will install the freshest GnuPG without documentation

(`--configure-opts "--disable-doc"` will be passed to component install

scripts):



[source,bash]

----

./install_gpg_all.sh \

  --suite-version latest \

  --configure-opts "--disable-doc"

----



== Tips & tricks



=== Passing options to `./configure` script



The `--configure-opts` allows to pass options to `./configure` scripts.  For

example:



[source,bash]

----

./install_gpg_component.sh \

  --component-name pinentry \

  --component-version latest \

  --configure-opts "--enable-pinentry-qt --enable-pinentry-curses"

----



Setting a custom installation prefix is not that straightforward.

The `./configure` script assumes that all the dependencies are installed in

`/usr/lib`, hence you need to override them as in example:



[source,bash]

----

./install_gpg_all.sh \

  --suite-version latest \

  --configure-opts "\

    --prefix=/opt/gpg \

    --with-libgpg-error-prefix=/opt/gpg \

    --with-libassuan-prefix=/opt/gpg \

    --with-libgpg-error-prefix=/opt/gpg \

    --with-libgcrypt-prefix=/opt/gpg \

    --with-libassuan-prefix=/opt/gpg \

    --with-ksba-prefix=/opt/gpg \

    --with-npth-prefix=/opt/gpg"

----



You may see a bunch of warnings as some of these options are relevant only to

few components, but that won't break your build.



=== Verifying authenticity of tarballs



GnuPG team provides PGP signatures of released tarballs, which can be used

to verify authenticity of these tarballs.  Note that using this feature requires

that another installation of GnuPG is available in advance.



In order to do so, firstly public keys of GnuPG team must be imported.

The easiest way is to fetch them from some keyserver, for example from

keyserver.ubuntu.com:



[source,bash]

----

gpg \

  --keyserver hkp://keyserver.ubuntu.com:80 \

  --recv-keys AAAAAAAAAAAAAAAA BBBBBBBBBBBBBBBBBBBB CCCCCCCCCCCCCCCCCC

----



You should obtain key IDs from https://www.gnupg.org/signature_key.html[GnuPG

home page] rather than trust me, therefore above snippet contains only

placeholders.  Key ID is the last sixteen hexadecimal digits of its fingerprint.



Alternatively, you may write a whole ASCII-armored public key block, which is

printed near the bottom of the aforementioned page, into some file, and then

import it.  Given that you have saved key block to a file `GPG_KEYS.gpg`,

following imports it:



[source,bash]

----

gpg --import GPG_KEYS.gpg

----



Keys are now imported but not trusted yet.  It is enough for signature

verification, though warnings will be printed.  In order to enable verfication,

use `--verify` option, for example:



[source,bash]

----

./install_gpg_all.sh \

  --suite-version latest \

  --verify

----



TIP: If you want to learn how to exchange and trust keys, head to

https://www.gnupg.org/gph/en/manual/x56.html[GNU Privacy Handbook].



TIP: For more information about checking integrity of GnuPG release tarballs,

head to https://www.gnupg.org/download/integrity_check.html[GnuPG home page].



=== Using with CI



==== GitHub Action



The scripts have been designed to work in GitHub Action.  Use following listing

as example of `.github/workflows/my_workflow.yml`:



[source,yaml]

----

name: My workflow



on:

  pull_request:

  push:

    branches:

      - master

      - 'release/**'



env:

  GPG_BUILD_DIR: "$GITHUB_WORKSPACE/build_gpg"

  GPG_CONFIGURE_OPTS: >

      --disable-doc --enable-pinentry-curses

      --disable-pinentry-emacs --disable-pinentry-gtk2 --disable-pinentry-gnome3

      --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-qt5

      --disable-pinentry-tqt --disable-pinentry-fltk



jobs:

  build:

    runs-on: ubuntu-latest

    if: "!contains(github.event.head_commit.message, 'skip ci')"

    container:

      image: centos:8

    strategy:

      matrix:

        env:

          - GPG_VERSION: "latest"

          - GPG_VERSION: "2.1"

    env: ${{ matrix.env }}

    steps:

      - name: Set up build environment

        run: |

          dnf -y -q update

          dnf -y -q install --skip-broken \

            git \

            clang gcc gcc-c++ make autoconf automake libtool byacc bison \

            bzip2 gzip ncurses-devel bzip2-devel zlib-devel gettext-devel \

            patch \

            texinfo \

            file \

            which

      - uses: actions/checkout@v2

        with:

          fetch-depth: 0

      - name: Build GPG

        run: >

          ./install_gpg_all.sh

          --suite-version "$GPG_VERSION"

          --build-dir "$GPG_BUILD_DIR"

          --configure-opts "$GPG_CONFIGURE_OPTS"

----



=== Installing GnuPG Made Easy (GPGME)



GPGME is not installed by `install_gpg_all.sh` script, however it can be

installed with `install_gpg_component.sh` like every other component.



For example:



[source,bash]

----

./install_gpg_all.sh \

  --suite-version latest



./install_gpg_component.sh \

  --component-name gpgme \

  --component-version latest

----



NOTE: GPGME requires `libgpg-error` and `libassuan` to compile.  Also, other

components of GnuPG suite are typically needed in order to actually use GPGME.



== License



The MIT License (MIT)



Copyright (c) 2018 - 2021 Ribose Inc.



Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal

in the Software without restriction, including without limitation the rights

to use, copy, modify, merge, publish, distribute, sublicense, and/or sell

copies of the Software, and to permit persons to whom the Software is

furnished to do so, subject to the following conditions:



The above copyright notice and this permission notice shall be included in

all copies or substantial portions of the Software.



THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE

AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER

LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN

THE SOFTWARE.