Closed

GnuPGを作ってみる

16
ピン留めされたアイテム

ビルド手順のまとめ

今回sudo apt installしたパッケージ:

  • texinfo
  • fig2dev
  • bison
  • texinfo

$HOME/local/gpg/src以下にcloneしたレポジトリ:

$ git clone git://git.gnupg.org/gnupg.git
$ git clone git://git.gnupg.org/libgpg-error.git
$ git clone git://git.gnupg.org/libgcrypt.git
$ git clone git://git.gnupg.org/libassuan.git
$ git clone git://git.gnupg.org/libksba.git
$ git clone git://git.gnupg.org/npth.git

configure時にLDFLAGSでリンカに非標準ライブラリパスを渡すことでLD_LIBRARY_PATHの設定が不要になった。

$ export LDFLAGS=-Wl,--rpath=$HOME/local/gpg/lib/
$ cd ~/local/gpg/src/libgpg-error
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
$ make install
$ cd ~/local/gpg/src/libgcrypt
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src/libksba
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src/npth
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
$ make install
$ cd ~/local/gpg/src/gnupg
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg --disable-doc
$ make
$ make install

バイナリの実行

$ ~/local/gpg/bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
ピン留めされたアイテム

結論

gpg --show-keyでnotationを表示させるには--with-sig-listオプションが、gpg --list-keysでnotationを表示させるには--with-sig-list --list-options show-notationsが必要。g10/gpg.cg10/keylist.cをいじりまわしてやっとわかった。

$ gpg --show-key --with-sig-list ~/Downloads/9F0048AC0B23301E1F77E994909F6BD6F80F485D.asc | head
pub   rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
      9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid                      Yarmo Mackenbach <yarmo@yarmo.eu>
sig 3    N   909F6BD6F80F485D 2021-01-13  Yarmo Mackenbach <yarmo@yarmo.eu>
   Signature notation: proof@metacode.biz=https://codeberg.org/yarmo/gitea_proof
   Signature notation: proof@metacode.biz=xmpp:yarmo@404.city?omemo-sid-172925472=3fc7cbdcff2644e1daa772555f47973b062b9d9fc238017dd536f422b5cc187c;omemo-sid-867444219=a46bb6abdd8c73b8a4d6c2ebfcfd66eff6a6be1a27480f2334babf932eed2d16
   Signature notation: proof@metacode.biz=https://dev.to/yarmo/openpgp-identity-proof-2hbl
   Signature notation: proof@metacode.biz=https://community.home-assistant.io/u/yarmom
   Signature notation: proof@metacode.biz=https://news.ycombinator.com/user?id=Yolta
   Signature notation: proof@metacode.biz=dns:yarmo.eu?type=TXT
$ gpg --list-keys --with-sig-list --list-options show-notations 9F0048AC0B23301E1F77E994909F6BD6F80F485D | head
pub   rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
      9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid           [ unknown] Yarmo Mackenbach <yarmo@yarmo.eu>
sig 3    N   909F6BD6F80F485D 2021-01-13  Yarmo Mackenbach <yarmo@yarmo.eu>
   Signature notation: proof@metacode.biz=https://codeberg.org/yarmo/gitea_proof
   Signature notation: proof@metacode.biz=xmpp:yarmo@404.city?omemo-sid-172925472=3fc7cbdcff2644e1daa772555f47973b062b9d9fc238017dd536f422b5cc187c;omemo-sid-867444219=a46bb6abdd8c73b8a4d6c2ebfcfd66eff6a6be1a27480f2334babf932eed2d16
   Signature notation: proof@metacode.biz=https://dev.to/yarmo/openpgp-identity-proof-2hbl
   Signature notation: proof@metacode.biz=https://community.home-assistant.io/u/yarmom
   Signature notation: proof@metacode.biz=https://news.ycombinator.com/user?id=Yolta
   Signature notation: proof@metacode.biz=dns:yarmo.eu?type=TXT
$ mkdir -p ~/local/gpg
$ cd !$
$ git clone git://git.gnupg.org/gnupg.git
$ cd gnupg
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
  :
configure:
***
*** You need libgpg-error to build this program.
**  This library is for example available at
***   https://gnupg.org/ftp/gcrypt/gpgrt
*** (at least version 1.41 is required.)
***
configure:
***
*** You need libgcrypt to build this program.
**  This library is for example available at
***   https://gnupg.org/ftp/gcrypt/libgcrypt/
*** (at least version 1.9.0 (API 1) is required.)
***
configure:
***
*** You need libassuan to build this program.
*** This library is for example available at
***   https://gnupg.org/ftp/gcrypt/libassuan/
*** (at least version 2.5.0 (API 2) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
***   https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
configure:
***
*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install this
*** library first.  The library is for example available at
***   https://gnupg.org/ftp/gcrypt/npth/
*** (at least version 1.2 (API 1) is required).
***
configure: error: 
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***
$ cd ~/local/gpg
$ git clone git://git.gnupg.org/libgpg-error.git
$ cd libgpg-error
$ ./autogen.sh 
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
  :
/home/zunda/local/gpg/src/libgpg-error/build-aux/missing: line 81: makeinfo: command not found
WARNING: 'makeinfo' is missing on your system.
$ makeinfo

Command 'makeinfo' not found, but can be installed with:

sudo apt install texinfo

$ sudo apt install texinfo
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libtext-unidecode-perl libxml-libxml-perl libxml-namespacesupport-perl
  libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl tex-common
  :
$ cd ~/local/gpg/libgpg-error
$ make
$ make install
$ cd ~/local/gpg
$ git clone git://git.gnupg.org/libgcrypt.git
$ cd libgcrypt/
$ ./autogen.sh 
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
  :
checking for GPG Error - version >= 1.27... no
  :
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
  :
make[2]: Entering directory '/home/zunda/local/gpg/src/libgcrypt/doc'
fig2dev -L eps `test -f 'libgcrypt-modules.fig' || echo './'`libgcrypt-modules.fig libgcrypt-modules.eps
/bin/bash: fig2dev: command not found
  :
$ sudo apt install fig2dev
  :
The following additional packages will be installed:
  gawk
  :
$ cd ~/local/gpg/libgcrypt
$ make
$ make install
$ cd ~/local/gpg/src 
$ git clone git://git.gnupg.org/libassuan.git
$ cd libassuan/
$ ./autogen.sh 
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode 
  :
configure: error: libgpg-error was not found
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src 
$ git clone git://git.gnupg.org/libksba.git
$ cd libksba
$ ./autogen.sh 
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode 
  :
configure: error: libgpg-error is needed.
                See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
  :
make[2]: Entering directory '/home/zunda/local/gpg/src/libksba/src'
/bin/bash ../build-aux/ylwrap asn1-parse.y y.tab.c asn1-parse.c y.tab.h `echo asn1-parse.c | sed -e s/cc$/hh/ -e s/cpp$/hpp/ -e s/cxx$/hxx/ -e s/c++$/h++/ -e s/c$/h/` y.output asn1-parse.output -- yacc  
../build-aux/ylwrap: line 175: yacc: command not found
  :
$ yacc

Command 'yacc' not found, but can be installed with:

sudo apt install bison       # version 2:3.5.1+dfsg-1, or
sudo apt install bison++     # version 1.21.11-4build1
sudo apt install btyacc      # version 3.0-5build1
sudo apt install byacc       # version 20140715-1build1
sudo apt install byacc-j     # version 1.15-1build3
sudo apt install perl-byacc  # version 2.0-8

$ sudo apt install bison
$ cd ~/local/gpg/src/libksba
$ make
$ make install
$ cd ~/local/gpg/src 
$ git clone git://git.gnupg.org/npth.git
$ cd npth
$ ./autogen.sh 
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode 
$ make
$ make install
$ cd ~/local/gpg/src/gnupg
$ $ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg
  :
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
***   https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
  :

あれれ?

--with-ksba-prefixも指定する必要があった。

$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg
  :

        GnuPG v2.3.0-beta1592 has been configured as follows:

        Revision:  5c2ff8833  (23599)
        Platform:  GNU/Linux (x86_64-pc-linux-gnu)

        OpenPGP:   yes
        S/MIME:    yes
        Agent:     yes
        Smartcard: yes (without internal CCID driver)
        G13:       no
        Dirmngr:   no
        Keyboxd:   yes
        Gpgtar:    yes
        WKS tools: yes

        Protect tool:      (default)
        LDAP wrapper:      (default)
        Default agent:     (default)
        Default pinentry:  (default)
        Default scdaemon:  (default)
        Default keyboxd:   (default)
        Default dirmngr:   (default)

        Dirmngr auto start:  yes
        Readline support:    yes
        LDAP support:        n/a
        TLS support:         no
        TOFU support:        yes
        Tor support:         only .onion

makeにすすむ

 $ make
  :
Making all in doc
make[2]: Entering directory '/home/zunda/local/gpg/src/gnupg/doc'
convert `test -f 'gnupg-module-overview.svg' || echo './'`gnupg-module-overview.svg gnupg-module-overview.png
convert `test -f 'gnupg-module-overview.svg' || echo './'`gnupg-module-overview.svg gnupg-module-overview.pdf
convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.

そうきたかw

$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg --disable-doc
$ make
$ make install
$ ~/local/gpg/bin/gpg --version
/home/zunda/local/gpg/bin/gpg: symbol lookup error: /home/zunda/local/gpg/bin/gpg: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0

あれれ?makeしなおしてみると文句を言われていた。

make[3]: Entering directory '/home/zunda/local/gpg/src/gnupg/tests'
gcc -DHAVE_CONFIG_H -I. -I..     -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-format-zero-length -Wno-missing-field-initializers -Wdeclaration-after-statement -Wlogical-op -Wvla -Wno-pointer-sign -Wpointer-arith -g -O2 -MT asschk.o -MD -MP -MF .deps/asschk.Tpo -c -o asschk.o asschk.c
mv -f .deps/asschk.Tpo .deps/asschk.Po
gcc  -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-format-zero-length -Wno-missing-field-initializers -Wdeclaration-after-statement -Wlogical-op -Wvla -Wno-pointer-sign -Wpointer-arith -g -O2   -o asschk asschk.o  
srcdir=. GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM="../sm/gpgsm" "./runtest" ./inittests
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
echo timestamp >./inittests.stamp

ldしてみるとそもそもlibgpg-error等へのパスが記録されていない

$ cd ~/local/gpg
$ ldd bin/gpg
	linux-vdso.so.1 (0x00007ffe579f9000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fc286dfe000)
	libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007fc286cd5000)
	libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007fc286bb7000)
	libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007fc286b94000)
	libreadline.so.8 => /lib/x86_64-linux-gnu/libreadline.so.8 (0x00007fc286b44000)
	libassuan.so.0 => /lib/x86_64-linux-gnu/libassuan.so.0 (0x00007fc286b2f000)
	libnpth.so.0 => /lib/x86_64-linux-gnu/libnpth.so.0 (0x00007fc286b27000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fc286b04000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc286912000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc2867c3000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fc2867bd000)
	libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007fc28678d000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fc286f51000)

LD_LIBRARY_PATHを設定しておくことでライブラリを見つけられるようになった。

$ LD_LIBRARY_PATH=$HOME/local/gpg/lib ldd bin/gpg
	linux-vdso.so.1 (0x00007ffe53ba3000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f3a223cc000)
	libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f3a222a3000)
	libgcrypt.so.20 => /home/zunda/local/gpg/lib/libgcrypt.so.20 (0x00007f3a22175000)
	libgpg-error.so.0 => /home/zunda/local/gpg/lib/libgpg-error.so.0 (0x00007f3a2214e000)
	libreadline.so.8 => /lib/x86_64-linux-gnu/libreadline.so.8 (0x00007f3a220fe000)
	libassuan.so.0 => /home/zunda/local/gpg/lib/libassuan.so.0 (0x00007f3a220e8000)
	libnpth.so.0 => /home/zunda/local/gpg/lib/libnpth.so.0 (0x00007f3a220df000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f3a220bc000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3a21eca000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f3a21d7b000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3a21d75000)
	libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f3a21d45000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f3a2251f000)
$ LD_LIBRARY_PATH=$HOME/local/gpg/lib bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB

ビルドしなおしておこう。

$ cd src/gnupg/
$ export LD_LIBRARY_PATH=$HOME/local/gpg/lib 
$ make clean
$ make
$ make check
  :
Checking trust signature with domain restrictions...
gpgscm: error running '/home/zunda/local/gpg/src/gnupg/tools/gpgconf': terminated
*** stack smashing detected ***: terminated

0: tests.scm:129: (throw (:stderr result))
1: defs.scm:151: (call-popen `(,(tool-hardcoded 'gpgconf) ,@(if installed? '() (list '--build-prefix (getenv "objdir"))) ,@args) input)
2: defs.scm:185: (gpg-conf' (string-append key ":0:" (percent-encode value')) `(--change-options ,component))
3: common.scm:59: ((*colon-hook* 'update trust-model) "pgp")
FAIL: <standard>tests/openpgp/trust-pgp-4.scm 
=================== 
61 tests run, 54 succeeded, 6 failed, 0 failed expectedly, 0 succeeded unexpectedly, 1 skipped. 
Failed tests: <standard>tests/openpgp/trust-pgp-4.scm <standard>tests/openpgp/gpgconf.scm <standard>tests/openpgp/trust-pgp-3.scm <standard>tests/openpgp/trust-pgp-2.scm <standard>tests/openpgp/trust-pgp-1.scm <standard>tests/openpgp/tofu.scm 
Skipped tests: <standard>tests/openpgp/4gb-packet.scm 
=================== 
make[2]: *** [Makefile:922: xcheck] Error 6
make[2]: Leaving directory '/home/zunda/local/gpg/src/gnupg/tests/openpgp'
make[1]: *** [Makefile:551: check-recursive] Error 1
make[1]: Leaving directory '/home/zunda/local/gpg/src/gnupg/tests'
make: *** [Makefile:619: check-recursive] Error 1

ありゃりゃ。しかし進む。

$ make install
$ ~/local/gpg/bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB

しかしnotationは見えないなあ

$ LD_LIBRARY_PATH=$HOME/local/gpg/lib ~/local/gpg/bin/gpg --show-key ~/Downloads/9F0048AC0B23301E1F77E994909F6BD6F80F485D.asc;
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub   rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
      9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid                      Yarmo Mackenbach <yarmo@yarmo.eu>
uid                      Yarmo Mackenbach <yarmo@keyoxide.org>
uid                      Yarmo Mackenbach <yarmo@mackenba.ch>
sub   rsa2048 2020-12-09 [A]
sub   rsa3072 2019-07-10 [E]
sub   rsa4096 2019-08-16 [S]

このスクラップは5日前にクローズされました
ログインするとコメントできます