Skip to content

Instantly share code, notes, and snippets.

@vt0r

vt0r/GnuPG-2.2.md

Forked from mattrude/GnuPG-2.1.md
Last active February 13, 2024 09:03
Show Gist options
  • Save vt0r/a2f8c0bcb1400131ff51 to your computer and use it in GitHub Desktop.
Save vt0r/a2f8c0bcb1400131ff51 to your computer and use it in GitHub Desktop.
Download ZIP
Build/install instructions for GnuPG 2.2.x on Ubuntu and similar distros (formerly for 2.1.x)
Raw
GnuPG-2.2.md

GnuPG 2.2.x Build Instructions

Below are my build instructions for GnuPG 2.2.10, released on August 30th, 2018. These instructions are built for a headless Ubuntu 18.04 LTS server (and have also been tested on Ubuntu 14.04/16.04).

If you prefer, you may use the below install script to install GnuPG 2.2.x by running the following commands:

curl -OL "https://gist.githubusercontent.com/vt0r/a2f8c0bcb1400131ff51/raw/e0d2011d7b89bfe5b83c3f29f21949fb21354dd9/install-gnupg22.sh" && sudo -H bash ./install-gnupg22.sh

Install the needed dependencies

apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev

Setup the build

NOTE: To clean up from the older GnuPG 2.1.x builds, you probably want to delete /var/src/gnupg21 entirely.

mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

Installing libgpg-error 1.32

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.gz.sig && \
gpg --verify libgpg-error-1.32.tar.gz.sig && tar -xzf libgpg-error-1.32.tar.gz && \
cd libgpg-error-1.32/ && ./configure && make && make install && cd ../

Installing libgcrypt 1.8.3

wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz.sig && \
gpg --verify libgcrypt-1.8.3.tar.gz.sig && tar -xzf libgcrypt-1.8.3.tar.gz && \
cd libgcrypt-1.8.3 && ./configure && make && make install && cd ../

Installing libassuan 2.5.1

wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig && \
gpg --verify libassuan-2.5.1.tar.bz2.sig && tar -xjf libassuan-2.5.1.tar.bz2 && \
cd libassuan-2.5.1 && ./configure && make && make install && cd ../

Installing libksba 1.3.5

wget -c  https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../

Installing npth 1.6

wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig && \
gpg --verify npth-1.6.tar.bz2.sig && tar -xjf npth-1.6.tar.bz2 && \
cd npth-1.6 && ./configure && make && make install && cd ../

Install pinentry 1.1.0

wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig && \
gpg --verify pinentry-1.1.0.tar.bz2.sig && tar -xjf pinentry-1.1.0.tar.bz2 && \
cd pinentry-1.1.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../

Install GnuPG 2.2.10

wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2.sig && \
gpg --verify gnupg-2.2.10.tar.bz2.sig && tar -xjf gnupg-2.2.10.tar.bz2 && \
cd gnupg-2.2.10 && ./configure && make && make install

Finishing the build

echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v
Raw
install-gnupg22.sh
#!/bin/bash
# ---------
# Script to build and install GnuPG 2.2.x
apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.32.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.3.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.1.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.10.tar.bz2.sig && \
gpg --verify libgpg-error-1.32.tar.gz.sig && tar -xzf libgpg-error-1.32.tar.gz && \
gpg --verify libgcrypt-1.8.3.tar.gz.sig && tar -xzf libgcrypt-1.8.3.tar.gz && \
gpg --verify libassuan-2.5.1.tar.bz2.sig && tar -xjf libassuan-2.5.1.tar.bz2 && \
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 && \
gpg --verify npth-1.6.tar.bz2.sig && tar -xjf npth-1.6.tar.bz2 && \
gpg --verify pinentry-1.1.0.tar.bz2.sig && tar -xjf pinentry-1.1.0.tar.bz2 && \
gpg --verify gnupg-2.2.10.tar.bz2.sig && tar -xjf gnupg-2.2.10.tar.bz2 && \
cd libgpg-error-1.32/ && ./configure && make && make install && cd ../ && \
cd libgcrypt-1.8.3 && ./configure && make && make install && cd ../ && \
cd libassuan-2.5.1 && ./configure && make && make install && cd ../ && \
cd libksba-1.3.5 && ./configure && make && make install && cd ../ && \
cd npth-1.6 && ./configure && make && make install && cd ../ && \
cd pinentry-1.1.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-2.2.10 && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"
@NoSubstitute
Copy link

NoSubstitute commented Mar 30, 2019
edited
Loading

Alright, updated a few lines in my downloaded copy of install-gnupg22.sh to reflect the most recent updates, and included ntbTLS, though I don't know if it matters. Just pasting it here, since I don't really know how to do a proper fork and pull request. :-)

#!/bin/bash

---------

Script to build and install GnuPG 2.2.x

apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg22 && cd /var/src/gnupg22
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.gz &&
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-1.36.tar.gz.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.gz &&
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.gz.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.3.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-2.5.3.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-1.3.5.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-1.6.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-1.1.0.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.1.2.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-0.1.2.tar.bz2.sig &&
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.15.tar.bz2 &&
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-2.2.15.tar.bz2.sig &&
gpg --verify libgpg-error-1.36.tar.gz.sig && tar -xzf libgpg-error-1.36.tar.gz &&
gpg --verify libgcrypt-1.8.4.tar.gz.sig && tar -xzf libgcrypt-1.8.4.tar.gz &&
gpg --verify libassuan-2.5.3.tar.bz2.sig && tar -xjf libassuan-2.5.3.tar.bz2 &&
gpg --verify libksba-1.3.5.tar.bz2.sig && tar -xjf libksba-1.3.5.tar.bz2 &&
gpg --verify npth-1.6.tar.bz2.sig && tar -xjf npth-1.6.tar.bz2 &&
gpg --verify pinentry-1.1.0.tar.bz2.sig && tar -xjf pinentry-1.1.0.tar.bz2 &&
gpg --verify ntbtls-0.1.2.tar.bz2.sig && tar -xjf ntbtls-0.1.2.tar.bz2 &&
gpg --verify gnupg-2.2.15.tar.bz2.sig && tar -xjf gnupg-2.2.15.tar.bz2 &&
cd libgpg-error-1.36/ && ./configure && make && make install && cd ../ &&
cd libgcrypt-1.8.4 && ./configure && make && make install && cd ../ &&
cd libassuan-2.5.3 && ./configure && make && make install && cd ../ &&
cd libksba-1.3.5 && ./configure && make && make install && cd ../ &&
cd npth-1.6 && ./configure && make && make install && cd ../ &&
cd ntbtls-0.1.2 && ./configure && make && make install && cd ../ &&
cd pinentry-1.1.0 && ./configure --enable-pinentry-curses --disable-pinentry-qt4 &&
make && make install && cd ../ &&
cd gnupg-2.2.15 && ./configure && make && make install &&
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v &&
echo "Complete!!!"

@CryptAnalitic
Copy link

Where is the new build GPG ?

@louiskounios
Copy link

@vt0r Thanks a lot for this, it worked with zero trouble!

I made some minor changes to compile the latest GnuPG version which at the time of writing this is 2.2.15. I also moved the version numbers of GnuPG and its dependencies closer to the top of the file to make it easier to update to newer versions.

Snippet follows, feel free to use if you think it is useful:

#!/bin/bash
# ---------
# Script to build and install GnuPG 2.2.x

GNUPG_VER=2.2.15

apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg-$GNUPG_VER && cd /var/src/gnupg-$GNUPG_VER
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06 8A861B1C7EFD60D9

LIBGPG_ERROR_VER=1.36
LIBGCRYPT_VER=1.8.4
LIBKSBA_VER=1.3.5
LIBASSUAN_VER=2.5.3
NPTH_VER=1.6
PINENTRY_VER=1.1.0

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2.sig && \
gpg --verify libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && tar -xzf libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
gpg --verify libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && tar -xzf libgcrypt-$LIBGCRYPT_VER.tar.gz && \
gpg --verify libassuan-$LIBASSUAN_VER.tar.bz2.sig && tar -xjf libassuan-$LIBASSUAN_VER.tar.bz2 && \
gpg --verify libksba-$LIBKSBA_VER.tar.bz2.sig && tar -xjf libksba-$LIBKSBA_VER.tar.bz2 && \
gpg --verify npth-$NPTH_VER.tar.bz2.sig && tar -xjf npth-$NPTH_VER.tar.bz2 && \
gpg --verify pinentry-$PINENTRY_VER.tar.bz2.sig && tar -xjf pinentry-$PINENTRY_VER.tar.bz2 && \
gpg --verify gnupg-$GNUPG_VER.tar.bz2.sig && tar -xjf gnupg-$GNUPG_VER.tar.bz2 && \
cd libgpg-error-$LIBGPG_ERROR_VER && ./configure && make && make install && cd ../ && \
cd libgcrypt-$LIBGCRYPT_VER && ./configure && make && make install && cd ../ && \
cd libassuan-$LIBASSUAN_VER && ./configure && make && make install && cd ../ && \
cd libksba-$LIBKSBA_VER && ./configure && make && make install && cd ../ && \
cd npth-$NPTH_VER && ./configure && make && make install && cd ../ && \
cd pinentry-$PINENTRY_VER && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-$GNUPG_VER && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"

@RogueScholar
Copy link

Looks like we both had a lot of the same ideas, @loizoskounios. I forked this super handy script by @vt0r and did some of what you did, as well as building in the ability to grant it sudo privileges using the pkexec function in most Linux desktop environments, so there's never any password tracks left in the terminal history.

It's available here for anyone that wants to put it to work, and I'm happy to get any comments or suggestions for improvements in the comments to meet any use cases I didn't already consider.

@NoSubstitute
Copy link

Awesome, @loizoskounios , thanks.
Your script worked fine (I added the reference to ntbtls in my copy of your script).

Sadly, @RogueScholar your script failed with an error about something wrong with bash. Ubuntu Server 18.04 LTS.

@okkymabruri
Copy link

okkymabruri commented Dec 26, 2020
edited
Loading

Script install latest GNUPG in Ubuntu 20.10
(Thanks to @loizoskounios, I've modified your script and work)

#!/bin/bash
# ---------
# Script to build and install GnuPG 2.2.x

GNUPG_VER=2.2.26

apt-get update
apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg-$GNUPG_VER && cd /var/src/gnupg-$GNUPG_VER
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 BCEF7E294B092E28 2071B08A33BD3F06 528897B826403ADA

LIBGPG_ERROR_VER=1.41
LIBGCRYPT_VER=1.8.7
LIBKSBA_VER=1.5.0
LIBASSUAN_VER=2.5.4
NPTH_VER=1.6
PINENTRY_VER=1.1.0

wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2.sig && \
gpg --verify libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && tar -xzf libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
gpg --verify libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && tar -xzf libgcrypt-$LIBGCRYPT_VER.tar.gz && \
gpg --verify libassuan-$LIBASSUAN_VER.tar.bz2.sig && tar -xjf libassuan-$LIBASSUAN_VER.tar.bz2 && \
gpg --verify libksba-$LIBKSBA_VER.tar.bz2.sig && tar -xjf libksba-$LIBKSBA_VER.tar.bz2 && \
gpg --verify npth-$NPTH_VER.tar.bz2.sig && tar -xjf npth-$NPTH_VER.tar.bz2 && \
gpg --verify pinentry-$PINENTRY_VER.tar.bz2.sig && tar -xjf pinentry-$PINENTRY_VER.tar.bz2 && \
gpg --verify gnupg-$GNUPG_VER.tar.bz2.sig && tar -xjf gnupg-$GNUPG_VER.tar.bz2 && \
cd libgpg-error-$LIBGPG_ERROR_VER && ./configure && make && make install && cd ../ && \
cd libgcrypt-$LIBGCRYPT_VER && ./configure && make && make install && cd ../ && \
cd libassuan-$LIBASSUAN_VER && ./configure && make && make install && cd ../ && \
cd libksba-$LIBKSBA_VER && ./configure && make && make install && cd ../ && \
cd npth-$NPTH_VER && ./configure && make && make install && cd ../ && \
cd pinentry-$PINENTRY_VER && ./configure --enable-pinentry-curses --disable-pinentry-qt4 && \
make && make install && cd ../ && \
cd gnupg-$GNUPG_VER && ./configure && make && make install && \
echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && ldconfig -v && \
echo "Complete!!!"

@NoSubstitute
Copy link

@okkymabruri , why did you remove the 'gpg --verify' lines from the code?
Or, rather, why would you install unverified software on your system?

Script install latest GNUPG in Ubuntu 20.10
(Thanks to @loizoskounios, I've modified your script and work)

@okkymabruri
Copy link

@NoSubstitute, thanks, I missed it

@bachmanity1
Copy link

I have gpg 2.0.22 installed on my machine after running this script everything seems to work and message Complete!!! is printed however I'm not able to find gpg 2.2.9 anywhere in my filesystem. (I have checked /usr/bin and /usr/local/bin). Where can I find installed binaries?

@NoSubstitute
Copy link

@bachmanity1 - oh, 2.2.9 is really old.

Here is my most recent script, which includes grabbing a current version of Scute directly from git.

#!/bin/bash
# ---------
# Script to download sources, build and install GnuPG 2.x.x

# Set version of new gpg
GNUPG_VER=2.4.0

sudo apt-get update
sudo apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev \
zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo \
gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg-$GNUPG_VER && cd /var/src/gnupg-$GNUPG_VER
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8A861B1C7EFD60D9 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 6DAA6E64A76D2840571B4902528897B826403ADA
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 02F38DFF731FF97CB039A1DA549E695E905BA208

# Set versions of current helper tools necessary for gpg
LIBGPG_ERROR_VER=1.46
LIBGCRYPT_VER=1.10.1
LIBKSBA_VER=1.6.3
LIBASSUAN_VER=2.5.5
NTBTLS_VER=0.3.1
NPTH_VER=1.6
PINENTRY_VER=1.2.1
GPGME_VER=1.18.0
SCUTE_VER=1.7.0

# Download source code for each tool.
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-$NTBTLS_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-$NTBTLS_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-$GPGME_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-$GPGME_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2.sig && \
# Getting Scute from git, since the old 1.7.0 release has a bug which fails if certain tools aren't installed.
git clone git://git.gnupg.org/scute.git
mv scute scute-$SCUTE_VER

# Verify everything but Scute
gpg --verify libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && tar -xzf libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
gpg --verify libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && tar -xzf libgcrypt-$LIBGCRYPT_VER.tar.gz && \
gpg --verify libassuan-$LIBASSUAN_VER.tar.bz2.sig && tar -xjf libassuan-$LIBASSUAN_VER.tar.bz2 && \
gpg --verify libksba-$LIBKSBA_VER.tar.bz2.sig && tar -xjf libksba-$LIBKSBA_VER.tar.bz2 && \
gpg --verify npth-$NPTH_VER.tar.bz2.sig && tar -xjf npth-$NPTH_VER.tar.bz2 && \
gpg --verify ntbtls-$NTBTLS_VER.tar.bz2.sig && tar -xjf ntbtls-$NTBTLS_VER.tar.bz2 && \
gpg --verify pinentry-$PINENTRY_VER.tar.bz2.sig && tar -xjf pinentry-$PINENTRY_VER.tar.bz2 && \
gpg --verify gpgme-$GPGME_VER.tar.bz2.sig && tar -xjf gpgme-$GPGME_VER.tar.bz2 && \
gpg --verify gnupg-$GNUPG_VER.tar.bz2.sig && tar -xjf gnupg-$GNUPG_VER.tar.bz2 && \

# Compiling and installing
cd libgpg-error-$LIBGPG_ERROR_VER && ./configure && make && sudo make install && cd ../ && \
cd libgcrypt-$LIBGCRYPT_VER && ./configure && make && sudo make install && cd ../ && \
cd libassuan-$LIBASSUAN_VER && ./configure && make && sudo make install && cd ../ && \
cd libksba-$LIBKSBA_VER && ./configure && make && sudo make install && cd ../ && \
cd npth-$NPTH_VER && ./configure && make && sudo make install && cd ../ && \
cd ntbtls-$NTBTLS_VER && ./configure && make && sudo make install && cd ../ && \

# Had to disable pinentry-efl as it expects openssl 1.1 which has been replaced by openssl 3.
cd pinentry-$PINENTRY_VER && ./configure --enable-pinentry-curses --disable-pinentry-qt4 --disable-pinentry-efl && \
make && sudo make install && cd ../ && \
cd gpgme-$GPGME_VER && ./configure && make && sudo make install && cd ../ && \
cd scute-$SCUTE_VER && ./autogen.sh && ./configure --enable-maintainer-mode && make && sudo make install && cd ../ && \
cd gnupg-$GNUPG_VER && ./configure && make && sudo make install && \

sudo echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && sudo ldconfig -v && \
echo "Complete!!!"

Afterwards I also check for running gpg daemons and kill them before trying a gpg command.

ps aux | grep gpg
killall gpg-agent

If you get a a warning about gpg-agent being "older than", then you may have gpg installed from your distro's repo too, and not only a compiled version. A reboot will probably fix that, or uninstall the system version.

@roelds
Copy link

roelds commented Sep 1, 2023

@bachmanity1 - oh, 2.2.9 is really old.

Here is my most recent script, which includes grabbing a current version of Scute directly from git.

#!/bin/bash
# ---------
# Script to download sources, build and install GnuPG 2.x.x

# Set version of new gpg
GNUPG_VER=2.4.0

sudo apt-get update
sudo apt-get -y install libgnutls-dev bzip2 make gettext texinfo gnutls-bin libgnutls28-dev build-essential libbz2-dev \
zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev || apt-get -y install libgnutls28-dev bzip2 make gettext texinfo \
gnutls-bin build-essential libbz2-dev zlib1g-dev libncurses5-dev libsqlite3-dev libldap2-dev
mkdir -p /var/src/gnupg-$GNUPG_VER && cd /var/src/gnupg-$GNUPG_VER
gpg --list-keys
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 249B39D24F25E3B6 04376F3EE0856959 2071B08A33BD3F06
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 8A861B1C7EFD60D9 5B80C5754298F0CB55D8ED6ABCEF7E294B092E28
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 6DAA6E64A76D2840571B4902528897B826403ADA
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys AC8E115BF73E2D8D47FA9908E98E9B2D19C6C8BD
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 02F38DFF731FF97CB039A1DA549E695E905BA208

# Set versions of current helper tools necessary for gpg
LIBGPG_ERROR_VER=1.46
LIBGCRYPT_VER=1.10.1
LIBKSBA_VER=1.6.3
LIBASSUAN_VER=2.5.5
NTBTLS_VER=0.3.1
NPTH_VER=1.6
PINENTRY_VER=1.2.1
GPGME_VER=1.18.0
SCUTE_VER=1.7.0

# Download source code for each tool.
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgpg-error/libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz && \
wget -c https://www.gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libassuan/libassuan-$LIBASSUAN_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/libksba/libksba-$LIBKSBA_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/npth/npth-$NPTH_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-$NTBTLS_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/ntbtls/ntbtls-$NTBTLS_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/pinentry/pinentry-$PINENTRY_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-$GPGME_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gpgme/gpgme-$GPGME_VER.tar.bz2.sig && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2 && \
wget -c https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-$GNUPG_VER.tar.bz2.sig && \
# Getting Scute from git, since the old 1.7.0 release has a bug which fails if certain tools aren't installed.
git clone git://git.gnupg.org/scute.git
mv scute scute-$SCUTE_VER

# Verify everything but Scute
gpg --verify libgpg-error-$LIBGPG_ERROR_VER.tar.gz.sig && tar -xzf libgpg-error-$LIBGPG_ERROR_VER.tar.gz && \
gpg --verify libgcrypt-$LIBGCRYPT_VER.tar.gz.sig && tar -xzf libgcrypt-$LIBGCRYPT_VER.tar.gz && \
gpg --verify libassuan-$LIBASSUAN_VER.tar.bz2.sig && tar -xjf libassuan-$LIBASSUAN_VER.tar.bz2 && \
gpg --verify libksba-$LIBKSBA_VER.tar.bz2.sig && tar -xjf libksba-$LIBKSBA_VER.tar.bz2 && \
gpg --verify npth-$NPTH_VER.tar.bz2.sig && tar -xjf npth-$NPTH_VER.tar.bz2 && \
gpg --verify ntbtls-$NTBTLS_VER.tar.bz2.sig && tar -xjf ntbtls-$NTBTLS_VER.tar.bz2 && \
gpg --verify pinentry-$PINENTRY_VER.tar.bz2.sig && tar -xjf pinentry-$PINENTRY_VER.tar.bz2 && \
gpg --verify gpgme-$GPGME_VER.tar.bz2.sig && tar -xjf gpgme-$GPGME_VER.tar.bz2 && \
gpg --verify gnupg-$GNUPG_VER.tar.bz2.sig && tar -xjf gnupg-$GNUPG_VER.tar.bz2 && \

# Compiling and installing
cd libgpg-error-$LIBGPG_ERROR_VER && ./configure && make && sudo make install && cd ../ && \
cd libgcrypt-$LIBGCRYPT_VER && ./configure && make && sudo make install && cd ../ && \
cd libassuan-$LIBASSUAN_VER && ./configure && make && sudo make install && cd ../ && \
cd libksba-$LIBKSBA_VER && ./configure && make && sudo make install && cd ../ && \
cd npth-$NPTH_VER && ./configure && make && sudo make install && cd ../ && \
cd ntbtls-$NTBTLS_VER && ./configure && make && sudo make install && cd ../ && \

# Had to disable pinentry-efl as it expects openssl 1.1 which has been replaced by openssl 3.
cd pinentry-$PINENTRY_VER && ./configure --enable-pinentry-curses --disable-pinentry-qt4 --disable-pinentry-efl && \
make && sudo make install && cd ../ && \
cd gpgme-$GPGME_VER && ./configure && make && sudo make install && cd ../ && \
cd scute-$SCUTE_VER && ./autogen.sh && ./configure --enable-maintainer-mode && make && sudo make install && cd ../ && \
cd gnupg-$GNUPG_VER && ./configure && make && sudo make install && \

sudo echo "/usr/local/lib" > /etc/ld.so.conf.d/gpg2.conf && sudo ldconfig -v && \
echo "Complete!!!"

Afterwards I also check for running gpg daemons and kill them before trying a gpg command.

ps aux | grep gpg
killall gpg-agent

If you get a a warning about gpg-agent being "older than", then you may have gpg installed from your distro's repo too, and not only a compiled version. A reboot will probably fix that, or uninstall the system version.

Works great for 2.4.x ! Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment