Build/install instructions for GnuPG 2.2.x on Ubuntu and similar distros (formerly for 2.1.x)

GnuPG-2.2.md

GnuPG 2.2.1 Build Instructions

Below are my build instructions for GnuPG 2.2.1, released on September 19th, 2017. These instructions are built for a Ubuntu 16.04 LTS.

If you prefer, you may use the below install script to install GnuPG 2.2.1 by running the following commands:

curl -OL "https://gist.github.com/romen/b7bac24d679d91acabb27bfcdabbee01/raw/b93b7b00910db67c2c3332606792679802abbb32/install-gnupg22.sh" && bash ./install-gnupg22.sh

Install the needed dependencies

apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev

apt-get -y install checkinstall

# Only if you want to compile pinentry with support for gnome3 or gtk2 UI
apt-get -y install libgcr-3-dev libgtk2.0-dev

Setup the build

Note: To clean up from the older GnuPG 2.1.x builds, you probably want to delete /var/src/gnupg21 entirely.

mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

Installing libgpg-error 1.27

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.27.tar.gz.sig && \
gpg --verify libgpg-error-1.27.tar.gz.sig && tar -xzf libgpg-error-1.27.tar.gz && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd libgpg-error-1.27/ && ./configure --prefix=${PREFIX} && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="libgpg-error-alt" --pkgversion="1.27" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Installing libgcrypt 1.8.1

wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.1.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.1.tar.gz.sig && \
gpg --verify libgcrypt-1.8.1.tar.gz.sig && tar -xzf libgcrypt-1.8.1.tar.gz && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd libgcrypt-1.8.1 && ./configure --prefix=${PREFIX} && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="libgcrypt-alt" --pkgversion="1.8.1" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Installing libassuan 2.4.3

wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.4.3.tar.bz2.sig && \
gpg --verify libassuan-2.4.3.tar.bz2.sig && tar -xjf libassuan-2.4.3.tar.bz2 && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd libassuan-2.4.3 && ./configure --prefix=${PREFIX} && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="libassuan-alt" --pkgversion="2.4.3" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Installing libksba 1.3.5

wget -c  https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd libksba-1.3.5 && ./configure --prefix=${PREFIX} && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="libksba-alt" --pkgversion="1.3.5" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Installing npth 1.5

wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.5.tar.bz2.sig && \
gpg --verify npth-1.5.tar.bz2.sig && tar -xjf npth-1.5.tar.bz2 && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd npth-1.5 && ./configure --prefix=${PREFIX} && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="npth-alt" --pkgversion="1.5" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Install pinentry 1.0.0

wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.0.0.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.0.0.tar.bz2.sig && \
gpg --verify pinentry-1.0.0.tar.bz2.sig && tar -xjf pinentry-1.0.0.tar.bz2 && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd pinentry-1.0.0 && ./configure --prefix=${PREFIX} --enable-pinentry-curses --enable-pinentry-gnome3 --disable-pinentry-qt5 && \
make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="pinentry-alt" --pkgversion="1.0.0" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually

Install GnuPG 2.2.1

wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.1.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.1.tar.bz2.sig && \
gpg --verify gnupg-2.2.1.tar.bz2.sig && tar -xjf gnupg-2.2.1.tar.bz2 && \
export PREFIX="/usr/local" && \
export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib" && \
cd gnupg-2.2.1 && ./configure --prefix=${PREFIX} --enable-gpg-is-gpg2 && make && \
sudo checkinstall --strip=no --stripso=no --default --deldoc=yes \
		--pkgname="gnupg2-alt" --pkgversion="2.2.1" \
		--inspect && cd ..
# ${PREFIX/info/dir} should be removed from the contents of the
# package per the Debian guidelines and to avoid conflicts.
# Unfortunately I cannot find a way to ask checkinstall to do that
# automatically, hence the --inspect option to do it manually```

install-gnupg22.sh

#!/bin/bash
# ---------
# Script to build and install GnuPG 2.2.x

SRCDIR=/tmp/src/gnupg22
PREFIX=/usr/local

set -x
set -e

sudo apt-get update
sudo apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || sudo apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
sudo apt-get -y install checkinstall
sudo apt-get -y install libgcr-3-dev libgtk2.0-dev # Disable for headless pinentry

gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

subpkgs=(
	"[email protected]"
	"[email protected]"
	"[email protected]"
	"[email protected]"
	"[email protected]"
	"[email protected]"
	"[email protected]"
)

TARBALL_EXT="tar.bz2"

function download_subpkgs() {
	set -e
	local BASEURL="https://www.gnupg.org/ftp/gcrypt"
	for i in "${subpkgs[@]}"
	do
		local subpkg=${i%@*}
		local ver=${i#*@}

		local tarball="${subpkg}-${ver}.${TARBALL_EXT}"
		local DL_PATH="${BASEURL}/${subpkg}"

		set -x
		wget -c "${DL_PATH}/${tarball}"
		wget -c "${DL_PATH}/${tarball}.sig"
		gpg --verify "${tarball}.sig"
	done
}

function purge_subpkgs() {
	set -e
	for i in "${subpkgs[@]}"
	do
		local subpkg=${i%@*}
		local ver=${i#*@}
		local subfolder="${subpkg}-${ver}"

		rm -rf "${subfolder}"
	done
}

function untar_subpkgs() {
	set -e
	for i in "${subpkgs[@]}"
	do
		local subpkg=${i%@*}
		local ver=${i#*@}

		local tarball="${subpkg}-${ver}.${TARBALL_EXT}"
		tar -xf ${tarball}
	done
}

function submake() {
	local subpkg=$1
	local ver=$2
	local subfolder="${subpkg}-${ver}"

	set -e
	cd ${subfolder}
	if [ "${subpkg}" == "pinentry" ]; then
		local subpkg_opts='--enable-pinentry-curses --enable-pinentry-gnome3 --disable-pinentry-qt5'
	elif [ "${subpkg}" == "gnupg" ]; then
		subpkg="gnupg2"
		local subpkg_opts='--enable-gpg-is-gpg2'
	fi
	export LDFLAGS="-Wl,-rpath -Wl,${PREFIX}/lib -L${PREFIX}/lib"
	./configure --prefix=${PREFIX} ${subpkg_opts}
	make



	# ${PREFIX/info/dir} should be removed from the contents of the
	# package per the Debian guidelines and to avoid conflicts.
	# Unfortunately I cannot find a way to ask checkinstall to do that
	# automatically, hence the --inspect option to do it manually
	sudo checkinstall --strip=no --stripso=no \
		--default --deldoc=yes \
		--pkgname="${subpkg}-alt" --pkgversion="${ver}" \
		--inspect \
		make install

	cd ${SRCDIR}
}

function make_subpkgs() {
	set -e
	for i in "${subpkgs[@]}"
	do
		local subpkg=${i%@*}
		local ver=${i#*@}

		submake ${subpkg} ${ver}
	done
}

mkdir -p ${SRCDIR} && cd ${SRCDIR} && \
download_subpkgs && \
purge_subpkgs && \
untar_subpkgs && \
make_subpkgs && \
echo "Complete!!!"