edgecase
Author: StJohn Piano
Published: 2019-02-27
Datafeed Article 86
This article has been digitally signed by Edgecase Datafeed.
This article has been digitally signed by its author.
2687 words - 940 lines - 24 pages





GOAL



Install GPG 1.4.10 on CentOS 7.6.




CONTENTS



- Goal
- Contents
- Brief Summary
- Summary
- Downloadable Assets
- Notes
- Installation Recipe for GPG 1.4.10
- Project Log




BRIEF SUMMARY



I have successfully installed GPG 1.4.10 on CentOS 7.6. There were some permission management problems during this project. I have written a new recipe that takes account of permissions management. It can be found in the Installation Recipe For GPG 1.4.10 section.




SUMMARY



I have successfully installed GPG 1.4.10 on CentOS 7.6 on my computer New computer: Shovel.

I followed the recipe in the Installation Recipe For GPG 1.4.10 section of the article
Compiling GPG 1.4.10 from source
which has the associated asset:
gnupg-1.4.10.tar.gz

GCC and Make were already installed on the CentOS 7.6 system.

The original recipe was developed for use with the
root
user. During this project, I worked as the user
spiano
. I have written a new version of the recipe that shows how to manage permissions for a non-
root
user. This new version can be found in the Installation Recipe For GPG 1.4.10 section of this article. It essentially summarises the work done during this project.

GPG 2.0.22 was already installed, and the command
gpg
was linked to it. After installation of GPG 1.4.10, the command
gpg
now called GPG 1. The command
gpg2
still called GPG 2.




DOWNLOADABLE ASSETS



Asset: A zipped tape archive of the GPG 1.4.10 source code. It is an asset of the article Compiling GPG 1.4.10 from source.
gnupg-1.4.10.tar.gz




NOTES



System details:
- Name: Shovel
- Specifications: HP 6005 Pro SFF. 3 GHz x86_64 processor (AMD II x4 B95 Quad Core), 4 GB RAM, 1 TB hard drive. Running CentOS 7.6.1810 (Core).
- More information: New computer: Shovel
- Installed items: GCC 4.8.5, Make 3.82.


Terms and acronyms:
- GPG or GnuPG = GNU Privacy Guard
- GNU = GNU's not Unix


Some searching and reading indicates that:
- GPG 1 and GPG 2 can exist on the same system.
- Their data formats are compatible.
- They handle key storage somewhat differently. A key can be stored in only one of the two. To synchronise, you may have to export a key from one and import it into the other.








INSTALLATION RECIPE FOR GPG 1.4.10





Parts


- Description
- Assets
- Notes
- Recipe




Description


This recipe describes a method for compiling and installing GPG 1.4.10.




Assets


Asset: A zipped tape archive of the GPG 1.4.10 source code. It is an asset of the article Compiling GPG 1.4.10 from source.
gnupg-1.4.10.tar.gz




Notes


This recipe was developed and tested on CentOS 7.6.

An earlier version of this recipe was published in the article Compiling GPG 1.4.10 from source, in the section Installation Recipe For GPG 1.4.10.

In step (9), I have tested only approach (9b).




Recipe


Requirements: Linux, Bash, GCC, Make, tar.


1) Create a work directory.


2) Browse to the Assets part of this recipe and download all the linked assets. List of assets:
- gnupg-1.4.10


3) Move the asset into the work directory.


4) Open a terminal program and change directory to the work directory.


5) Unzip the zipped tape archive file, e.g. by running the following command:
tar -zxvf gnupg-1.4.10.tar.gz

This will produce the directory containing the package's source code.


6) Run
./configure
to run the
configure
script and configure the package for your system. The script will print messages to report the features for which it is checking.


7) Run
make
to compile the package.


8) Optionally, run
make check
to run any self-tests that come with the package.


9) Choose an approach to deal with permissions. The command in the next step,
make install
, will need to install various items in the
/usr/local
directory. This directory is usually owned by the
root
user. It is likely that you will be working as a different user, referred to here as [current user].


9a) Change user to
root
. Change user back to [current user] after performing the next step. This approach will grant the installation script complete access to any directory (or file) owned by the
root
user.


9b) Change the ownership (recursively) of the
/usr/local
directory to [current user]. Change the ownership back to
root
after performing the next step. This approach temporarily allows the installation script to access
/usr/local
directory but not any other directory owned by
root
.


9c) Create an admin group (e.g.
admin
,
staff
). This group may already exist, depending on the distribution. Add both
root
and [current user] to this group. Change the group ownership (recursively) of the
/usr/local
directory to the admin group. This approach permanently allows the installation script to access
/usr/local
directory but not any other directory owned by
root
.


10) Run
make install
to install the programs and any data files and documentation.


11) You can remove the program binaries and object files from the source code directory by running
make clean
.


12) To remove the files that the
configure
script created (so you can compile the package for a different kind of computer), run
make distclean
.


13) Open a new terminal tab or window. Run the following command to see if GPG 1.4.10 has been installed successfully (and that the command
gpg
has been linked to the location of the installed binary).

gpg --version


You should see something like this:

[spiano@localhost gnupg-1.4.10]$ gpg --version

gpg (GnuPG) 1.4.10 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB


The important result is the first line in the output:
gpg (GnuPG) 1.4.10











PROJECT LOG





I'll follow the recipe in the article
Compiling GPG 1.4.10 from source
which has the associated asset:
gnupg-1.4.10.tar.gz


System details:
- Name: Shovel
- Specifications: HP 6005 Pro SFF. 3 GHz x86_64 processor (AMD II x4 B95 Quad Core), 4 GB RAM, 1 TB hard drive. Running CentOS 7.6.1810 (Core).
- More information: New computer: Shovel



[spiano@localhost ~]$ gpg --version

gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

[spiano@localhost ~]$ which gpg

/usr/bin/gpg

[spiano@localhost ~]$ ls -1 /usr/bin/gpg*

/usr/bin/gpg
/usr/bin/gpg2
/usr/bin/gpg-agent
/usr/bin/gpgconf
/usr/bin/gpg-connect-agent
/usr/bin/gpg-error
/usr/bin/gpgparsemail
/usr/bin/gpgsplit
/usr/bin/gpgv
/usr/bin/gpgv2
/usr/bin/gpg-zip

[spiano@localhost ~]$ gpg2 --version

gpg (GnuPG) 2.0.22
libgcrypt 1.5.3
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ?, ?, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2





Hm.


I'd like to install GPG 1.4.10 without interfering with the existing instance of GPG 2.2.22.

Some searching and reading indicates that:
- GPG 1 and GPG 2 can exist on the same system.
- Their data formats are compatible.
- They handle key storage somewhat differently. A key can be stored in only one of the two. To synchronise, you may have to export a key from one and import it into the other.



Are GCC and Make installed?


[spiano@localhost ~]$ gcc --version

gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-36)
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[spiano@localhost ~]$ make --version

GNU Make 3.82
Built for x86_64-redhat-linux-gnu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.



GCC 4.8.5 is installed. Make 3.82 is installed.



Browse to:
Compiling GPG 1.4.10 from source
Scroll to the Downloadable Assets section.
Download gnupg-1.4.10.tar.gz


Create a work directory. Move gnupg-1.4.10.tar.gz into it.


In the article, scroll to the Installation Recipe For GPG 1.4.10 section. Follow the recipe.




[spiano@localhost gpg_on_shovel]$ cd work


[spiano@localhost work]$ ls

gnupg-1.4.10.tar.gz

[spiano@localhost work]$ ls -1

gnupg-1.4.10
gnupg-1.4.10.tar.gz

[spiano@localhost work]$ cd gnupg-1.4.10/


[spiano@localhost gnupg-1.4.10]$ ./configure


[most output not included]

Version info: gnupg 1.4.10 Configured for: GNU/Linux (x86_64-unknown-linux-gnu)


[spiano@localhost gnupg-1.4.10]$ make


[most output not included]

make[2]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10'
make[1]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10'

[spiano@localhost gnupg-1.4.10]$ make install


[most output not included]

test -z "/usr/local/bin" || /usr/bin/mkdir -p "/usr/local/bin"
/usr/bin/install -c 'gpgsplit' '/usr/local/bin/gpgsplit'
/usr/bin/install: cannot create regular file '/usr/local/bin/gpgsplit': Permission denied
make[2]: *** [install-binPROGRAMS] Error 1
make[2]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/tools'
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/tools'
make: *** [install-recursive] Error 1



Hm.

Key line:
/usr/bin/install: cannot create regular file '/usr/local/bin/gpgsplit': Permission denied



[spiano@localhost gnupg-1.4.10]$ ls -1 /usr/local/bin


[spiano@localhost gnupg-1.4.10]$ ls -l /usr/local

total 0 drwxr-xr-x. 2 root root 6 Apr 11 2018 bin drwxr-xr-x. 2 root root 6 Apr 11 2018 etc drwxr-xr-x. 2 root root 6 Apr 11 2018 games drwxr-xr-x. 2 root root 6 Apr 11 2018 include drwxr-xr-x. 2 root root 6 Apr 11 2018 lib drwxr-xr-x. 2 root root 6 Apr 11 2018 lib64 drwxr-xr-x. 2 root root 6 Apr 11 2018 libexec drwxr-xr-x. 2 root root 6 Apr 11 2018 sbin drwxr-xr-x. 5 root root 49 Dec 21 20:00 share drwxr-xr-x. 2 root root 6 Apr 11 2018 src




User "root" owns the directory /usr/local/bin and is the only user allowed to write new data there.

I am currently user "spiano".

/usr/local is reserved for local installations.

Hm.

I could use "sudo make install", but I don't want to make a habit of allowing a make script access to everything. I'd like to know that root-owned directories are offlimits to the make script, unless I grant access to specific directories.

I could create a new unix group (or use an existing one), and set this to be the group that owns the directory /usr/local/bin. Then I would add "root" and my user "spiano" to this group. This is probably a decent permanent solution.

However, as a temporary approach, I can change the owner of /usr/local/bin to "spiano", run "make install", then change the owner back to "root".




[spiano@localhost gnupg-1.4.10]$ sudo chown spiano /usr/local/bin

[sudo] password for spiano:

[spiano@localhost gnupg-1.4.10]$ ls -l /usr/local

total 0 drwxr-xr-x. 2 spiano root 6 Apr 11 2018 bin drwxr-xr-x. 2 root root 6 Apr 11 2018 etc drwxr-xr-x. 2 root root 6 Apr 11 2018 games drwxr-xr-x. 2 root root 6 Apr 11 2018 include drwxr-xr-x. 2 root root 6 Apr 11 2018 lib drwxr-xr-x. 2 root root 6 Apr 11 2018 lib64 drwxr-xr-x. 2 root root 6 Apr 11 2018 libexec drwxr-xr-x. 2 root root 6 Apr 11 2018 sbin drwxr-xr-x. 5 root root 49 Dec 21 20:00 share drwxr-xr-x. 2 root root 6 Apr 11 2018 src



Permissions changed. Now continue with the recipe. Later, change the permissions back to their original settings.


Also do this for any other directories that cause permission errors.



[spiano@localhost gnupg-1.4.10]$ make install


[most output not included]

test -z "/usr/local/share/gnupg" || /usr/bin/mkdir -p "/usr/local/share/gnupg"
/usr/bin/mkdir: cannot create directory '/usr/local/share/gnupg': Permission denied
make[2]: *** [install-dist_pkgdataDATA] Error 1
make[2]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/g10'
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/g10'
make: *** [install-recursive] Error 1

[spiano@localhost gnupg-1.4.10]$ sudo chown spiano /usr/local/share/gnupg

chown: cannot access '/usr/local/share/gnupg': No such file or directory

[spiano@localhost gnupg-1.4.10]$ sudo chown spiano /usr/local/share


[spiano@localhost gnupg-1.4.10]$ make install


[most output not included]

test -z "/usr/local/libexec/gnupg" || /usr/bin/mkdir -p "/usr/local/libexec/gnupg"
/usr/bin/mkdir: cannot create directory '/usr/local/libexec/gnupg': Permission denied
make[2]: *** [install-gpglibexecPROGRAMS] Error 1
make[2]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/keyserver'
make[1]: *** [install-am] Error 2
make[1]: Leaving directory `/home/spiano/Desktop/stuff/PROJECTS_CURRENT/gpg_on_shovel/work/gnupg-1.4.10/keyserver'
make: *** [install-recursive] Error 1

[spiano@localhost gnupg-1.4.10]$ sudo chown -R spiano /usr/local


[spiano@localhost gnupg-1.4.10]$ make install


[output not included - but run appears to have been successful]

[spiano@localhost gnupg-1.4.10]$ make check


[most output not included - but run appears to have been successful]

===================
All 27 tests passed
===================

[spiano@localhost gnupg-1.4.10]$ cd ..


[spiano@localhost work]$ du -sh gnupg-1.4.10

41M gnupg-1.4.10

[spiano@localhost work]$ cd gnupg-1.4.10


[spiano@localhost gnupg-1.4.10]$ make clean


[spiano@localhost gnupg-1.4.10]$ (cd .. && du -sh gnupg-1.4.10)

21M gnupg-1.4.10

[spiano@localhost gnupg-1.4.10]$ make distclean


[output not included - but run appears to have been successful]

[spiano@localhost gnupg-1.4.10]$ (cd .. && du -sh gnupg-1.4.10)

19M gnupg-1.4.10



Should have run "make check" before "make install".

Note that "make clean" removed 20 MB of stuff and that "make distclean" removed 2 MB of stuff.


Let's test.


[spiano@localhost gnupg-1.4.10]$ which gpg

/usr/local/bin/gpg

[spiano@localhost gnupg-1.4.10]$ gpg --version
gpg (GnuPG) 2.0.22

[most output not included]

[spiano@localhost gnupg-1.4.10]$ ls -1 /usr/local/bin

gpg
gpgsplit
gpgv
gpg-zip

[spiano@localhost gnupg-1.4.10]$ echo $PATH

/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/spiano/.local/bin:/home/spiano/bin

[spiano@localhost gnupg-1.4.10]$ /usr/local/bin/gpg --version

gpg (GnuPG) 1.4.10

[spiano@localhost gnupg-1.4.10]$ which gpg2

/usr/bin/gpg2



Hm. Why does the command "gpg" call gpg 2?

"which" reports that "gpg" calls "/usr/local/bin/gpg".

The PATH variable reports that "/usr/local/bin" comes before "/usr/bin".

Both of these pieces of information suggest that the command "gpg" should call gpg 1 in /usr/local/bin, not gpg 2 in /usr/bin.



Open new tab in Terminal application.





[spiano@localhost gnupg-1.4.10]$ gpg --version

gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB

[spiano@localhost gnupg-1.4.10]$ which gpg

/usr/local/bin/gpg

[spiano@localhost gnupg-1.4.10]$ which gpg2

/usr/bin/gpg2

[spiano@localhost gnupg-1.4.10]$ gpg2 --version

gpg (GnuPG) 2.0.22

[most output not included]

[spiano@localhost gnupg-1.4.10]$ echo $PATH

/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:/home/spiano/.local/bin:/home/spiano/bin

[spiano@localhost ~]$ which gpg2

/usr/bin/gpg2





Now "gpg" calls gpg 1 as expected. Hypothesis: Some shell setting was not reloaded/updated properly in the original terminal environment after I ran "make install".

Anyway, looks like the gpg 1 program runs (or runs well enough at least to show the version message).



[spiano@localhost ~]$ ls -l /usr/local

total 0 drwxr-xr-x. 2 spiano root 60 Feb 19 17:37 bin drwxr-xr-x. 2 spiano root 6 Apr 11 2018 etc drwxr-xr-x. 2 spiano root 6 Apr 11 2018 games drwxr-xr-x. 2 spiano root 6 Apr 11 2018 include drwxr-xr-x. 2 spiano root 6 Apr 11 2018 lib drwxr-xr-x. 2 spiano root 6 Apr 11 2018 lib64 drwxr-xr-x. 3 spiano root 19 Feb 19 17:37 libexec drwxr-xr-x. 2 spiano root 6 Apr 11 2018 sbin drwxr-xr-x. 7 spiano root 76 Feb 19 17:37 share drwxr-xr-x. 2 spiano root 6 Apr 11 2018 src


[spiano@localhost ~]$ sudo chown -R root /usr/local

[sudo] password for spiano:

[spiano@localhost ~]$ ls -l /usr/local

total 0 drwxr-xr-x. 2 root root 60 Feb 19 17:37 bin drwxr-xr-x. 2 root root 6 Apr 11 2018 etc drwxr-xr-x. 2 root root 6 Apr 11 2018 games drwxr-xr-x. 2 root root 6 Apr 11 2018 include drwxr-xr-x. 2 root root 6 Apr 11 2018 lib drwxr-xr-x. 2 root root 6 Apr 11 2018 lib64 drwxr-xr-x. 3 root root 19 Feb 19 17:37 libexec drwxr-xr-x. 2 root root 6 Apr 11 2018 sbin drwxr-xr-x. 7 root root 76 Feb 19 17:37 share drwxr-xr-x. 2 root root 6 Apr 11 2018 src





Good. Permissions back as they were originally.





Delete the work directory. I'm not going to preserve the intermediate results of the compilation.



That's the end of this project.










[start of notes]



Changes from the original text:
- I have not always preserved the format of any computer output (e.g. from running bash commands). Examples: Setting input lines in bold text, adding/removing newlines in order to make a sequence of commands easier to read, using hyphens for lists and sublists instead of indentation, breaking wide tables into consecutive sections.
- In several places, the
bash
output included some unicode bytes (curled single quotes). I have replaced them with single quotes.


[end of notes]