Thu 26 Oct 2006
Step 1 - Download source
The first thing we need to do is download the source file from GnuPG. I like to download the files directly to my server rather than downloading them to my PC and then uploading them to my server, so lets use a SSH session. There are plenty of SSH Clients available, but PuTTY is available for free and does the job. Instructions for configuring PuTTY for Westhost are available here. Once you have logged in, create a directory to download your files to (for example, apps/dl) using the mkdir
[mylogin][~]$mkdir apps
[mylogin][~]$mkdir apps/dl
The files we need are only available via FTP from GnuPG. If you clicked on the link to their site above, you will have found the latest version - at the time of writing this is 1.4.5. Hover your mouse over the FTP link and you will find that the file we want to download is located at ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.4.5.tar.bz2, that is to say the file gnupg-1.4.5.tar.bz2 is located on the server called ftp.gnupg.org in the directory gcrypt/gnupg Follow the example below to download your own copy (user input is in bold). It is good practice to download the signature file gnupg-1.4.5.tar.bz2.sig as well.
If you prefer, you can download the gzipped file gnupg-1.4.5.tar.gz instead of gnupg-1.4.5.tar.bz. You do not need both sets, although I download them in the example below. GZip is just an older piece of software. The command to extract the files would be gunzip instead of bunzip2
| User Input | System Output |
|---|---|
| cd apps/dl | [mylogin][~/apps/dl]$ |
| ftp | ftp> |
| open ftp.gnupg.org |
Connected to ftp.gnupg.org. 220 Service ready for new user. Name (ftp.gnupg.org:mylogin): |
| anonymous |
331 Send e-mail address as password. Password: |
| anon@ |
230 User logged in, proceed. Remote system type is UNIX. ftp> |
| cd gcrypt/gnupg |
250-The program GnuPG hosted here is a free software package 250-of the GNU Project, not a product of the GUUG e.V. We call it 250-”Free Software” because you are free to copy and redistribute them, 250-following the rules stated in the license of the package. For more 250-information, see http://www.gnu.org/philosophy/free-sw.html. 250- 250-If you are looking for service or support for GNU software, see 250-http://www.gnu.org/help/gethelp.html for suggestions of where to ask. 250- 250-If you would like to contribute to the development of one of these 250-packages, contact the package maintainer or the bug-reporting address 250-of the package (which should be listed in the package itself), or look 250-on www.gnu.org for more information on how to contribute. 250- 250-More information on GnuPG can be found at http://www.gnupg.org . 250- 250 Directory change successful. ftp> |
| dir |
200 Command okay. 150 About to send file list. total 0 -rw-rw-r-- 1 1000 1000 786 May 1 2003 README -rw-rw-r-- 1 1000 1000 796 Sep 24 2002 README~ -rw-rw-r-- 1 1000 1000 107191 Sep 3 1999 gnupg-0.9.10-0.9.11.diff.gz -rw-rw-r-- 1 1000 1000 143753 Sep 7 1999 gnupg-0.9.11-1.0.0.diff.gz ….. -rw-r--r-- 1 1000 1000 118281 Aug 1 13:34 gnupg-1.4.4-1.4.5.diff.bz2 -rw-r--r-- 1 1000 1000 3047120 Jun 25 15:22 gnupg-1.4.4.tar.bz2 -rw-r--r-- 1 1000 1000 158 Jun 25 15:22 gnupg-1.4.4.tar.bz2.sig -rw-r--r-- 1 1000 1000 4272825 Jun 25 15:22 gnupg-1.4.4.tar.gz -rw-r--r-- 1 1000 1000 158 Jun 25 15:22 gnupg-1.4.4.tar.gz.sig -rw-r--r-- 1 1000 1000 3089617 Aug 1 13:34 gnupg-1.4.5.tar.bz2 -rw-r--r-- 1 1000 1000 158 Aug 1 13:34 gnupg-1.4.5.tar.bz2.sig -rw-r--r-- 1 1000 1000 4348833 Aug 1 13:33 gnupg-1.4.5.tar.gz -rw-r--r-- 1 1000 1000 158 Aug 1 13:33 gnupg-1.4.5.tar.gz.sig drwxrwsr-x 2 1000 1000 4096 Sep 24 2002 nls-updates 226 Transfer complete. ftp> |
| type image |
200 Command okay. ftp> |
| passive |
Passive mode on. ftp> If you get the reply passive mode off, then type the command passive again. |
| get gnupg-1.4.5.tar.bz2 |
local: gnupg-1.4.5.tar.bz2 remote: gnupg-1.4.5.tar.bz2 227 Entering Passive Mode (217,69,76,44,163,131). 150 About to open data connection. 226 File transfer complete. 3089617 bytes received in 16.6 secs (1.8e+02 Kbytes/sec) ftp> |
| get gnupg-1.4.5.tar.bz2.sig |
local: gnupg-1.4.5.tar.bz2.sig remote: gnupg-1.4.5.tar.bz2.sig 227 Entering Passive Mode (217,69,76,44,163,131). 150 About to open data connection. 226 File transfer complete. 158 bytes received in 0.0126 secs (12 Kbytes/sec) ftp> |
| get gnupg-1.4.5.tar.gz |
local: gnupg-1.4.5.tar.gz remote: gnupg-1.4.5.tar.gz 227 Entering Passive Mode (217,69,76,44,161,185). 150 About to open data connection. 226 File transfer complete. 4348833 bytes received in 23.1 secs (1.8e+02 Kbytes/sec) ftp> |
| get gnupg-1.4.5.tar.gz.sig |
local: gnupg.gz.sig remote: gnupg-1.4.5.tar.gz.sig 227 Entering Passive Mode (217,69,76,44,161,238). 150 About to open data connection. 226 File transfer complete. 158 bytes received in 3.3e-05 secs (4.7e+03 Kbytes/sec) ftp> |
| !ls -l gnupg-1.4.5.tar* |
-rw-r--r-- 1 mylogin myuser 3089617 Oct 30 04:45 gnupg-1.4.5.tar.bz2 -rw-r--r-- 1 mylogin myuser 158 Oct 30 03:29 gnupg-1.4.5.tar.bz2.sig -rw-r--r-- 1 mylogin myuser 4348833 Oct 30 05:18 gnupg-1.4.5.tar.gz -rw-r--r-- 1 mylogin myuser 158 Oct 30 05:18 gnupg-1.4.5.tar.gz.sig ftp> |
| dir gnupg-1.4.5.tar* |
227 Entering Passive Mode (217,69,76,44,162,76). 150 About to send file list. total 0 -rw-r--r-- 1 1000 1000 3089617 Aug 1 13:34 gnupg-1.4.5.tar.bz2 -rw-r--r-- 1 1000 1000 158 Aug 1 13:34 gnupg-1.4.5.tar.bz2.sig -rw-r--r-- 1 1000 1000 4348833 Aug 1 13:33 gnupg-1.4.5.tar.gz -rw-r--r-- 1 1000 1000 158 Aug 1 13:33 gnupg-1.4.5.tar.gz.sig 226 Transfer complete. ftp> |
| quit | 221 Service closing control connection. |
Step 2 - Checking the download
Now that we have the source files on our server, we need to check that they have not been tampered with. The simplest way is to issue the command bunzip2 -t gnupg-1.4.5.tar.bz2
[mylogin][~/apps/dl]$ bunzip2 -tv gnupg-1.4.5.tar.bz2
gnupg-1.4.5.tar.bz2: ok
However, this only checks that the archive is not corrupt. You really need to check the file’s digital signature, but we don’t have any means to do that yet. We can verify the checksum but GnuPG only publish the SHA1 checksum for the code and we do not have sha1sum installed on our server. However, I can reveal 
that the MD5sum is
811525965b4c0987e6418a7729a6444d gnupg-1.4.5.tar.bz2
If you save this text to the file gnupg-1.4.5.tar.bz2.md5, then enter md5sum -c gnupg-1.4.5.tar.bz2.md5 on the command line, you should get this response
[mylogin][~/apps/dl]$ md5sum -c gnupg-1.4.5.tar.bz2.md5
gnupg-1.4.5.tar.bz2: OK
If there was a problem with your download, you will get the following error message when testing the archive
bunzip2: gnupg-1.4.5.md5: data integrity (CRC) error in data You can use the `bzip2recover’ program to attempt to recover
data from undamaged sections of corrupted files.
Step 3 - Other libraries
We need to download and install the libcurl, libiconv and gettext libraries before we can build GnuPG. Also, since we do not have root access at Westhost, we need to tell all Linux packages to install to a different directory other than /usr/local. We do this by specifying
./configure --prefix=/usr/mylocal
NOTE: Create the directory /usr/mylocal if it does not already exist
| Library | Command | Download Location |
|---|---|---|
| libicurl | wget | http://curl.haxx.se/download/curl-7.16.0.tar.bz2 |
| libicurl | wget | http://curl.haxx.se/download/curl-7.16.0.tar.bz2.asc |
| libiconv | wget | http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.11.tar.gz |
| libiconv | wget | http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.11.tar.gz.sig |
| gettext | ftp | ftp://mirrors.usc.edu/pub/gnu/gettext/gettext-0.16.tar.gz |
| gettext | ftp | ftp://mirrors.usc.edu/pub/gnu/gettext/gettext-0.16.tar.gz.sig |
libiconv and gettext depend on each other, so we need to build libiconv then gettext and the rebuild libiconv.
Build libcurl
wget http://curl.haxx.se/download/curl-7.16.0.tar.bz2
wget http://curl.haxx.se/download/curl-7.16.0.tar.bz2.asc
bunzip2 -c curl-7.16.0.tar.bz2 | tar x
cd curl-7.16.0
./configure --prefix=/usr/mylocal
make
make install
cd ..
Build libiconv
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.11.tar.gz
wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.11.tar.gz.sig
gunzip -c libiconv-1.11.tar.gz | tar x
cd libiconv-1.11
./configure --prefix=/usr/mylocal
make
make install
cd ..
Build gettext
ftp mirrors.usc.edu
anonymous
anon@
cd pub/gnu/gettext
mode image
passive
get gettext-0.16.tar.gz
get gettext-0.16.tar.gz.sig
quit
gunzip -c gettext-0.16.tar.gz |tar x
cd gettext-0.16
./configure --prefix=/usr/mylocal
make
make install
Rebuild libiconv
cd ../libiconv-1.11
make distclean
./configure --prefix=/usr/mylocal
make
make install
libtool --dry-run --finish /usr/mylocal/lib
libtool --finish /usr/mylocal/lib
cd ..
Step 4 - Creating the Executable
bunzip2 -c gnupg-1.4.5.tar.bz2 |tar x
cd gnupg-1.4.5
./configure --prefix=/usr/mylocal
make
make install
Once you have built GnuPG, you will need to create a few links as our directory is not in the PATH.
ln -s /usr/mylocal/bin/gpg /usr/local/bin/gpg
Alternatively, edit the PATH definition in /.bashrc to include /usr/mylocal/bin
You will also need to copy the configuration file
mkdir ~/.gnupg
cp -p /usr/mylocal/share/gnupg/options.skel ~/.gnupg/options
January 8th, 2007 at 1:09 pm
[...] If you installed GnuPG, verify the source file gpg –verify sha1sum.c.sig [...]