Beyond Linux® From Scratch (systemd Edition) - Version 11.0

Chapter 4. Security

GnuPG-2.2.29

Introduction to GnuPG

The GnuPG package is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described by several RFCs. GnuPG 2 is the stable version of GnuPG integrating support for OpenPGP and S/MIME.

This package is known to build and work properly using an LFS-11.0 platform.

Package Information

GnuPG 2 Dependencies

Required

Libassuan-2.5.5, libgcrypt-1.9.4, Libksba-1.6.0, and npth-1.6

Recommended

GnuTLS-3.7.2 (required to communicate with keyservers using https or hkps protocol) and pinentry-1.2.0 (Run-time requirement for most of the package's functionality)

Optional

cURL-7.78.0, Fuse-3.10.4, ImageMagick-7.1.0-4 (for the convert utility, used for generating the documentation), libusb-1.0.24, an MTA, OpenLDAP-2.5.7, SQLite-3.36.0, texlive-20210325 (or install-tl-unx), fig2dev (for generating documentation), and GNU adns

User Notes: https://wiki.linuxfromscratch.org/blfs/wiki/gnupg2

Installation of GnuPG

By default GnuPG doesn't install the deprecated gpg-zip script, but it is still needed by some programs. Make GnuPG install it with: 

sed -e '/noinst_SCRIPTS = gpg-zip/c sbin_SCRIPTS += gpg-zip' \
    -i tools/Makefile.in

Install GnuPG by running the following commands: 

./configure --prefix=/usr            \
            --localstatedir=/var     \
            --sysconfdir=/etc        \
            --docdir=/usr/share/doc/gnupg-2.2.29 &&
make &&

makeinfo --html --no-split -o doc/gnupg_nochunks.html doc/gnupg.texi &&
makeinfo --plaintext       -o doc/gnupg.txt           doc/gnupg.texi &&
make -C doc html

If you have texlive-20210325 installed and you wish to create documentation in alternate formats, issue the following commands (fig2dev is needed for the ps format): 

make -C doc pdf ps

To test the results, issue: make check.

Note that if you have already installed GnuPG, the instructions below will overwrite /usr/share/man/man1/gpg-zip.1. Now, as the root user: 

make install &&

install -v -m755 -d /usr/share/doc/gnupg-2.2.29/html            &&
install -v -m644    doc/gnupg_nochunks.html \
                    /usr/share/doc/gnupg-2.2.29/html/gnupg.html &&
install -v -m644    doc/*.texi doc/gnupg.txt \
                    /usr/share/doc/gnupg-2.2.29 &&
install -v -m644    doc/gnupg.html/* \
                    /usr/share/doc/gnupg-2.2.29/html

If you created alternate formats of the documentation, install them using the following command as the root user: 

install -v -m644 doc/gnupg.{pdf,dvi,ps} \
                 /usr/share/doc/gnupg-2.2.29

Command Explanations

sed ... tools/Makefile.in: This command is needed to build the gpg-zip program.

--docdir=/usr/share/doc/gnupg-2.2.29: This switch changes the default docdir to /usr/share/doc/gnupg-2.2.29.

--enable-all-tests: This switch allows more tests to be run with make check.

--enable-g13: This switch enables building the g13 program.

Contents

Installed Programs: addgnupghome, applygnupgdefaults, dirmngr, dirmngr-client, g13 (optional), gpg-agent, gpg-connect-agent, gpg, gpgconf, gpgparsemail, gpgscm, gpgsm, gpgsplit, gpgtar, gpgv, gpg-wks-server, gpg-zip, kbxutil, and watchgnupg
Installed Libraries: None
Installed Directories: /usr/share/doc/gnupg-2.2.29 and /usr/share/gnupg

Short Descriptions

addgnupghome

is used to create and populate a user's ~/.gnupg directories

applygnupgdefaults

is a wrapper script used to run gpgconf with the --apply-defaults parameter on all user's GnuPG home directories

dirmngr

is a tool that takes care of accessing the OpenPGP keyservers

dirmngr-client

is a tool to contact a running dirmngr and test whether a certificate has been revoked

g13

is a tool to create, mount or unmount an encrypted file system container (optional)

gpg-agent

is a daemon used to manage secret (private) keys independently from any protocol. It is used as a backend for gpg and gpgsm as well as for a couple of other utilities

gpg-connect-agent

is a utility used to communicate with a running gpg-agent

gpg

is the OpenPGP part of the GNU Privacy Guard (GnuPG). It is a tool used to provide digital encryption and signing services using the OpenPGP standard

gpgconf

is a utility used to automatically and reasonably safely query and modify configuration files in the ~/.gnupg home directory. It is designed not to be invoked manually by the user, but automatically by graphical user interfaces

gpgparsemail

is a utility currently only useful for debugging. Run it with --help for usage information

gpgscm

executes the given scheme program or spawns an interactive shell

gpgsm

is a tool similar to gpg used to provide digital encryption and signing services on X.509 certificates and the CMS protocol. It is mainly used as a backend for S/MIME mail processing

gpgsplit

splits an OpenPGP message into packets

gpgtar

is a tool to encrypt or sign files into an archive

gpgv

is a verify only version of gpg

gpg-wks-server

provides a server for the Web Key Service protocol

gpg-zip

encrypts or signs files into an archive

kbxutil

is used to list, export and import Keybox data

watchgnupg

is used to listen to a Unix Domain socket created by any of the GnuPG tools

Last updated on