diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 259 |
1 files changed, 259 insertions, 0 deletions
@@ -0,0 +1,259 @@ + The GNU Privacy Guard 2 + ========================= + Version 2.2 + + Copyright 1997-2019 Werner Koch + Copyright 1998-2021 Free Software Foundation, Inc. + Copyright 2003-2021 g10 Code GmbH + + +* INTRODUCTION + + GnuPG is a complete and free implementation of the OpenPGP standard + as defined by RFC4880 (also known as PGP). GnuPG enables encryption + and signing of data and communication, and features a versatile key + management system as well as access modules for public key + directories. + + GnuPG, also known as GPG, is a command line tool with features for + easy integration with other applications. A wealth of frontend + applications and libraries are available that make use of GnuPG. + Starting with version 2 GnuPG provides support for S/MIME and Secure + Shell in addition to OpenPGP. + + GnuPG is Free Software (meaning that it respects your freedom). It + can be freely used, modified and distributed under the terms of the + GNU General Public License. + + Note that the 2.0 series of GnuPG reached end-of-life on 2017-12-31. + It is not possible to install a 2.2.x version along with any 2.0.x + version. + +* BUILD INSTRUCTIONS + + GnuPG 2.2 depends on the following GnuPG related packages: + + npth (https://gnupg.org/ftp/gcrypt/npth/) + libgpg-error (https://gnupg.org/ftp/gcrypt/libgpg-error/) + libgcrypt (https://gnupg.org/ftp/gcrypt/libgcrypt/) + libksba (https://gnupg.org/ftp/gcrypt/libksba/) + libassuan (https://gnupg.org/ftp/gcrypt/libassuan/) + + You should get the latest versions of course, the GnuPG configure + script complains if a version is not sufficient. + + For some advanced features several other libraries are required. + The configure script prints diagnostic messages if one of these + libraries is not available and a feature will not be available.. + + You also need the Pinentry package for most functions of GnuPG; + however it is not a build requirement. Pinentry is available at + https://gnupg.org/ftp/gcrypt/pinentry/ . + + After building and installing the above packages in the order as + given above, you may continue with GnuPG installation (you may also + just try to build GnuPG to see whether your already installed + versions are sufficient). + + As with all packages, you just have to do + + ./configure + make + make check + make install + + The "make check" is optional but highly recommended. To run even + more tests you may add "--enable-all-tests" to the configure run. + Before running the "make install" you might need to become root. + + If everything succeeds, you have a working GnuPG with support for + OpenPGP, S/MIME, ssh-agent, and smartcards. Note that there is no + binary gpg but a gpg2 so that this package won't conflict with a + GnuPG 1.4 installation. gpg2 behaves just like gpg. + + In case of problem please ask on the gnupg-users@gnupg.org mailing + list for advise. + + Instruction on how to build for Windows can be found in the file + doc/HACKING in the section "How to build an installer for Windows". + This requires some experience as developer. + + Note that the PKITS tests are always skipped unless you copy the + PKITS test data file into the tests/pkits directory. There is no + need to run these test and some of them may even fail because the + test scripts are not yet complete. + + You may run + + gpgconf --list-dirs + + to view the default directories used by GnuPG. + + To quickly build all required software without installing it, the + Speedo method may be used: + + make -f build-aux/speedo.mk native + + This method downloads all required libraries and does a native build + of GnuPG to PLAY/inst/. GNU make is required and you need to set + LD_LIBRARY_PATH to $(pwd)/PLAY/inst/lib to test the binaries. + +** Specific build problems on some machines: + +*** Apple OSX 10.x using XCode + + On some versions the correct location of a header file can't be + detected by configure. To fix that you should run configure like + this + + ./configure gl_cv_absolute_stdint_h=/usr/include/stdint.h + + Add other options as needed. + + +*** Systems without a full C99 compiler + + If you run into problems with your compiler complaining about dns.c + you may use + + ./configure --disable-libdns + + Add other options as needed. + +* MIGRATION from 1.4 or 2.0 to 2.2 + + The major change in 2.2 is gpg-agent taking care of the OpenPGP + secret keys (those managed by GPG). The former file "secring.gpg" + will not be used anymore. Newly generated keys are stored in the + agent's key store directory "~/.gnupg/private-keys-v1.d/". The + first time gpg needs a secret key it checks whether a "secring.gpg" + exists and copies them to the new store. The old secring.gpg is + kept for use by older versions of gpg. + + Note that gpg-agent now uses a fixed socket. All tools will start + the gpg-agent as needed. The formerly used environment variable + GPG_AGENT_INFO is ignored by 2.2. The SSH_AUTH_SOCK environment + variable should be set to a fixed value. + + The Dirmngr is now part of GnuPG proper and also used to access + OpenPGP keyservers. The directory layout of Dirmngr changed to make + use of the GnuPG directories. Dirmngr is started by gpg or gpgsm as + needed. There is no more need to install a separate Dirmngr package. + + All changes introduced with GnuPG 2.2 have been developed in the 2.1 + series of releases. See the respective entries in the file NEWS. + +* RECOMMENDATIONS + +** Socket directory + + GnuPG uses Unix domain sockets to connect its components (on Windows + an emulation of these sockets is used). Depending on the type of + the file system, it is sometimes not possible to use the GnuPG home + directory (i.e. ~/.gnupg) as the location for the sockets. To solve + this problem GnuPG prefers the use of a per-user directory below the + the /run (or /var/run) hierarchy for the the sockets. It is thus + suggested to create per-user directories on system or session + startup. For example the following snippet can be used in + /etc/rc.local to create these directories: + + [ ! -d /run/user ] && mkdir /run/user + awk -F: </etc/passwd '$3 >= 1000 && $3 < 65000 {print $3}' \ + | ( while read uid rest; do + if [ ! -d "/run/user/$uid" ]; then + mkdir /run/user/$uid + chown $uid /run/user/$uid + chmod 700 /run/user/$uid + fi + done ) + +* DOCUMENTATION + + The complete documentation is in the texinfo manual named + `gnupg.info'. Run "info gnupg" to read it. If you want a a + printable copy of the manual, change to the "doc" directory and + enter "make pdf" For a HTML version enter "make html" and point your + browser to gnupg.html/index.html. Standard man pages for all + components are provided as well. An online version of the manual is + available at [[https://gnupg.org/documentation/manuals/gnupg/]] . A + version of the manual pertaining to the current development snapshot + is at [[https://gnupg.org/documentation/manuals/gnupg-devel/]] . + +* Installing GnuPG 2.2. and GnuPG 1.4 + + GnuPG 2.2 is a current version of GnuPG with state of the art + security design and many more features. To install both versions + alongside, it is suggested to rename the 1.4 version of "gpg" to + "gpg1" as well as the corresponding man page. Newer releases of the + 1.4 branch will likely do this by default. In case this is not + possible, the 2.2 version can be installed under the name "gpg2" + using the configure option --enable-gpg-is-gpg2. + +* HOW TO GET MORE INFORMATION + + A description of new features and changes since version 2.1 can be + found in the file "doc/whats-new-in-2.1.txt" and online at + "https://gnupg.org/faq/whats-new-in-2.1.html" . + + The primary WWW page is "https://gnupg.org" + or using Tor "http://ic6au7wa3f6naxjq.onion" + The primary FTP site is "https://gnupg.org/ftp/gcrypt/" + + See [[https://gnupg.org/download/mirrors.html]] for a list of + mirrors and use them if possible. You may also find GnuPG mirrored + on some of the regular GNU mirrors. + + We have some mailing lists dedicated to GnuPG: + + gnupg-announce@gnupg.org For important announcements like new + versions and such stuff. This is a + moderated list and has very low traffic. + Do not post to this list. + + gnupg-users@gnupg.org For general user discussion and + help (English). + + gnupg-de@gnupg.org German speaking counterpart of + gnupg-users. + + gnupg-ru@gnupg.org Russian speaking counterpart of + gnupg-users. + + gnupg-devel@gnupg.org GnuPG developers main forum. + + You subscribe to one of the list by sending mail with a subject of + "subscribe" to x-request@gnupg.org, where x is the name of the + mailing list (gnupg-announce, gnupg-users, etc.). See + https://gnupg.org/documentation/mailing-lists.html for archives + of the mailing lists. + + Please direct bug reports to [[https://bugs.gnupg.org]] or post them + direct to the mailing list <gnupg-devel@gnupg.org>. + + Please direct questions about GnuPG to the users mailing list or one + of the PGP newsgroups; please do not direct questions to one of the + authors directly as we are busy working on improvements and bug + fixes. The English and German mailing lists are watched by the + authors and we try to answer questions when time allows us. + + Commercial grade support for GnuPG is available; for a listing of + offers see https://gnupg.org/service.html. Maintaining and + improving GnuPG requires a lot of time. Since 2001 g10 Code GmbH, a + German company owned and headed by GnuPG's principal author Werner + Koch and Gpg4win maintainer Andre Heinecke, is bearing the majority + of these costs. Under the brand https://gnupg.com g10 Code GmbH + does now provide commercial offers. Donations are also appreciated; + see https://gnupg.org/donate/ . + + +# This file is Free Software; as a special exception the authors gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. For conditions +# of the whole package, please see the file COPYING. This file is +# distributed in the hope that it will be useful, but WITHOUT ANY +# WARRANTY, to the extent permitted by law; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Local Variables: +# mode:org +# End: |