= GPG Build Scripts
A set of build scripts for GNU Privacy Guard.
[options="header"] |========================== |OS \ GPG version |2.1, 2.2 |latest |head
|Fedora 33 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33.yml/badge.svg["Fedora 33", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-latest.yml/badge.svg["Fedora 33 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-head.yml/badge.svg["Fedora 33 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/fedora-33-head.yml"]
|CentOS 8 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8.yml/badge.svg["CentOS 8", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-latest.yml/badge.svg["CentOS 8 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-head.yml/badge.svg["CentOS 8 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-8-head.yml"]
|CentOS 7 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7.yml/badge.svg["CentOS 7", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-latest.yml/badge.svg["CentOS 7 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-head.yml/badge.svg["CentOS 7 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/centos-7-head.yml"]
|Ubuntu 20.04 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04.yml/badge.svg["Ubuntu 20.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-latest.yml/badge.svg["Ubuntu 20.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-head.yml/badge.svg["Ubuntu 20.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-20.04-head.yml"]
|Ubuntu 18.04 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04.yml/badge.svg["Ubuntu 18.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-latest.yml/badge.svg["Ubuntu 18.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-head.yml/badge.svg["Ubuntu 18.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-18.04-head.yml"]
|Ubuntu 16.04 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04.yml/badge.svg["Ubuntu 16.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-latest.yml/badge.svg["Ubuntu 16.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-head.yml/badge.svg["Ubuntu 16.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-16.04-head.yml"]
|Ubuntu 14.04 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04.yml/badge.svg["Ubuntu 14.04", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-latest.yml/badge.svg["Ubuntu 14.04 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-head.yml/badge.svg["Ubuntu 14.04 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/ubuntu-14.04-head.yml"]
|macOS 11.0 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0.yml/badge.svg["macOS 11.0", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-latest.yml/badge.svg["macOS 11.0 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-head.yml/badge.svg["macOS 11.0 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-11.0-head.yml"]
|macOS 10.15 |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15.yml/badge.svg["macOS 10.15", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-latest.yml/badge.svg["macOS 10.15 (latest)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-latest.yml"] |image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-head.yml/badge.svg["macOS 10.15 (head)", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/macos-10.15-head.yml"] |==========================
image:https://github.com/rnpgp/gpg-build-scripts/actions/workflows/docker.yml/badge.svg["Docker", link="https://github.com/rnpgp/gpg-build-scripts/actions/workflows/docker.yml"]
== Prerequisites
Build should succeed on any Linux distribution, and similar systems. Popular
GNU build tools are required. For Ubuntu, following packages should be enough:
libgnutls28-dev, bzip2, make, gettext, texinfo, gnutls-bin,
build-essential, g++. (List taken from this comment:
https://gist.github.com/mattrude/3883a3801613b048d45b#gistcomment-2378027).
When building from Git, additional software is needed, in particular Git, Automake, and a recent version of Gettext. Note that Gettext available in Ubuntu Trusty is too old for this purpose--this fact must be taken into account when building from Git in CI environment.
== Scripts
TIP: Most likely you'll want to run install_gpg_all.sh, however
install_gpg_component.sh gives greater flexibility. Oh, and check out
the examples subdirectory.
=== install_gpg_component.sh
Builds and installs a specific component of GnuPG. The source code is obtained either from released tarballs, or from Git repository.
When building stable releases from tarballs, two options are mandatory:
--component-name, which specifies a component name--component-version, which specifies component version (can be latest)When building from Git repository, two options are mandatory:
--component-name, which specifies a component name--component-git-ref, which specifies a Git branch or tag (commonly master)For a complete list available options, run the script with --help option:
=== install_gpg_all.sh
Builds and installs all components of GnuPG (but not GPGME, which must be
installed separately via install_gpg_component.sh if desired).
The --suite-version parameter describes the combination of component versions.
Supported values are: 2.1, 2.2, latest, and master, which are defined as
follows:
2.1 means GnuPG 2.1, and other component as in this Gist:
https://gist.github.com/mattrude/3883a3801613b048d45b2.2 means GnuPG 2.1, and other component as in this Gist:
https://gist.github.com/vt0r/a2f8c0bcb1400131ff512.3, 2.4, etc. arguments yet. Use latest instead.latest means the latest version of GnuPG and all its components. They are
obtained from https://versions.gnupg.org/swdb.lst, which is maintained by
GnuPG developers, and which is used by GnuPG's stock software updater.master means whatever is currently on master branch in Git.TIP: Prefer latest over explicit versioning.
Any other arguments are passed to install_gpg_component.sh, which is invoked
from install_gpg_all.sh for every component once. For example, following
snippet will install the freshest GnuPG without documentation
(--configure-opts "--disable-doc" will be passed to component install
scripts):
== Tips & tricks
=== Passing options to ./configure script
The --configure-opts allows to pass options to ./configure scripts. For
example:
Setting a custom installation prefix is not that straightforward.
The ./configure script assumes that all the dependencies are installed in
/usr/lib, hence you need to override them as in example:
You may see a bunch of warnings as some of these options are relevant only to few components, but that won't break your build.
=== Verifying authenticity of tarballs
GnuPG team provides PGP signatures of released tarballs, which can be used to verify authenticity of these tarballs. Note that using this feature requires that another installation of GnuPG is available in advance.
In order to do so, firstly public keys of GnuPG team must be imported. The easiest way is to fetch them from some keyserver, for example from keyserver.ubuntu.com:
You should obtain key IDs from https://www.gnupg.org/signature_key.html[GnuPG home page] rather than trust me, therefore above snippet contains only placeholders. Key ID is the last sixteen hexadecimal digits of its fingerprint.
Alternatively, you may write a whole ASCII-armored public key block, which is
printed near the bottom of the aforementioned page, into some file, and then
import it. Given that you have saved key block to a file GPG_KEYS.gpg,
following imports it:
Keys are now imported but not trusted yet. It is enough for signature
verification, though warnings will be printed. In order to enable verfication,
use --verify option, for example:
TIP: If you want to learn how to exchange and trust keys, head to https://www.gnupg.org/gph/en/manual/x56.html[GNU Privacy Handbook].
TIP: For more information about checking integrity of GnuPG release tarballs, head to https://www.gnupg.org/download/integrity_check.html[GnuPG home page].
=== Using with CI
==== GitHub Action
The scripts have been designed to work in GitHub Action. Use following listing
as example of .github/workflows/my_workflow.yml:
name: My workflow
on: pull_request: push: branches:
env: GPG_BUILD_DIR: "$GITHUB_WORKSPACE/build_gpg" GPG_CONFIGURE_OPTS: > --disable-doc --enable-pinentry-curses --disable-pinentry-emacs --disable-pinentry-gtk2 --disable-pinentry-gnome3 --disable-pinentry-qt --disable-pinentry-qt4 --disable-pinentry-qt5 --disable-pinentry-tqt --disable-pinentry-fltk
jobs: build: runs-on: ubuntu-latest if: "!contains(github.event.head_commit.message, 'skip ci')" container: image: centos:8 strategy: matrix: env:
=== Installing GnuPG Made Easy (GPGME)
GPGME is not installed by install_gpg_all.sh script, however it can be
installed with install_gpg_component.sh like every other component.
For example:
./install_gpg_all.sh \ --suite-version latest
NOTE: GPGME requires libgpg-error and libassuan to compile. Also, other
components of GnuPG suite are typically needed in order to actually use GPGME.
== License
The MIT License (MIT)
Copyright (c) 2018 - 2021 Ribose Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.