Hello , i had a question regarding manually compiling the latest release version of gnupg on my ubuntu based Linux distro. My distro Linux Mint is using gnupg version - “noble,now 2.4.4-2ubuntu17 all” I assume this is some kind of LTS version that my distro is using . But if i see the downloads page of gnupg website it has the 2.4.7 as the latest stable release version.
So i wanted to know that is it better to compile the newest version of gnupg and use it. I am have fair knowledge about compiling stuff and the instructions look quite straightforward.
But i had concerned whether this would break some things on my computer as the dependencies required would also need to be updated. Should i stick to the version shipped with my distro repo to avoid conflicts in dependencies ?
So chat-gpt seemed to give an answer about this . Yes it could break other applications that use dependencies with older versions of libgcrypt, libassuan and libksba. So it rather suggested me installing the 2.4.7 version in the /usr/local/bin directory so it doesn’t messes up with the system installation. To do this i need to do ./configure --prefix=/usr/local to configure it to install in the /usr/local/bin directory. also the devel version of dependencies were need to be installed from the noble repo for the build to be successful.
Hopefully it told me the right steps and i can easily revert back to system installation easily.
Hi @kevin,
using the packages from a well maintained distribution is a conservative safe choice, so it is fine to do so. If you want to help your distribution, you could even check for an issue for a new stable version and create one (I haven’t seen one in Bugs : gnupg2 package : Ubuntu with a quick search.). Show them your interest in GnuPG.
Compiling GnuPG from sources is good :
- if you need a special improvement from a newer version
- or you are interested in learning GnuPG in more detail from the technical side.,
- or testing or helping GnuPG development in general.
It is fine to do so, but you will see some differences to the distribution packages.
(For example Debian used to patch in a centralized keyserver against the recommendation of the GnuPG devs, and Ubuntu seems to not use keybox by default, see https://changelogs.ubuntu.com/changelogs/pool/main/g/gnupg2/gnupg2_2.4.4-2ubuntu17/changelog ). It is probably more work because you have to do updates yourself and track GnuPG releases.
Here are the overview release notes for the last GnuPG releases in the stable line:
- 2.4.5: ⚓ T6960 Release GnuPG 2.4.5
- 2.4.6: ⚓ T7030 Release GnuPG 2.4.6
- 2.4.7: ⚓ T7353 Release GnuPG 2.4.7
In general be careful of responses from large language model for security related questions, they may lie (in the sense that it is designed in and accepted that they may issue fake answers).
./configure --prefix=/usr/local seems to be fine, though. And yes, you need the development requiremens (look into the ubuntu source package build-requirements).
If you are interested, note that there is a 2.5 release line of GnuPG which is in public testing with more algorithms to play wit. 
Also note that the mailinglists gnupg-users and gnupg-devel are your friends when compiling and using GnuPG.
Best Regards,
Bernhard
Thanks for such detailed response 
. Yeah would definitely like to try the 2.5 release and specially better support for smart card related functions.
I am generally aware that LLM tend to give solutions even if not suitable or tested, thats why checked other sources too.
Also i see the kleopatra (flatpak) uses the gpg version 2.5.1 but when i am doing any encryption function, the audit log shows a warning that the gpg-agent version 2.4.4 is used. Not sure why exactly is that the reason.
But hopefully i can compile newer version to get the newest features.
regards
kevin
Also i see the kleopatra (flatpak) uses the gpg version 2.5.1 but when i am doing any encryption function, the audit log shows a warning that the gpg-agent version 2.4.4 is used.
That is worth a question on one of the mailinglists (with the necessary details, likw which flatpak revision in particular).
I’ve also seen that there is a new flavour 2.5.5 with libs on GnuPG - Download . I haven’t tried it, but this probably is easier to build if you are interested in the 2.5 series.
Thanks for your interest in GnuPG!
Thanks , i searched the mailing list archive and got a solution for the old gpg-agent running -
I believe it's because there is gpg-agent.socket unit which activates
gpg-agent.service which has the path /usr/bin/gpg-agent. To override
There are two methods of overriding vendor settings in unit files:
copying the unit file from /lib/systemd/system to
/etc/systemd/system and modifying the chosen settings.
Alternatively, one can create a directory named unit.d/ within
/etc/systemd/system and place a drop-in file name.conf there that
only changes the specific settings one is interested in. Note that
multiple such drop-in files are read if present, processed in
lexicographic order of their filename.
So in your case the first method (as descibed in the above quote) is to
copy file
/usr/lib/systemd/user/gpg-agent.service
to
/etc/systemd/user/gpg-agent.service
and then edit the latter. The former is not used anymore because the
/etc version overrides it completely. The second method is to override
only parts of it by creating a "drop-in"
/etc/systemd/user/gpg-agent.service.d/my.conf
and define just the [Service] section and the settings one want's to
override:
[Service]
ExecStart=
ExecStart=/usr/local/bin/gpg-agent --supervised
ExecReload=
ExecReload=/usr/local/bin/gpgconf --reload gpg-agent
The empty ExecStart= and ExecReload= reset all possible previous
settings.
This should probably be added to the build readme instructions , as many would encounter this and its a very easy solution.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.