Closed16
GnuPGを作ってみる
ピン留めされたアイテム
zundaビルド手順のまとめ
今回sudo apt installしたパッケージ:
texinfofig2devbisontexinfo
$HOME/local/gpg/src以下にcloneしたレポジトリ:
$ git clone git://git.gnupg.org/gnupg.git
$ git clone git://git.gnupg.org/libgpg-error.git
$ git clone git://git.gnupg.org/libgcrypt.git
$ git clone git://git.gnupg.org/libassuan.git
$ git clone git://git.gnupg.org/libksba.git
$ git clone git://git.gnupg.org/npth.git
configure時にLDFLAGSでリンカに非標準ライブラリパスを渡すことでLD_LIBRARY_PATHの設定が不要になった。
$ export LDFLAGS=-Wl,--rpath=$HOME/local/gpg/lib/
$ cd ~/local/gpg/src/libgpg-error
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
$ make install
$ cd ~/local/gpg/src/libgcrypt
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src/libksba
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src/npth
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
$ make install
$ cd ~/local/gpg/src/gnupg
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg --disable-doc
$ make
$ make install
バイナリの実行
$ ~/local/gpg/bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
ピン留めされたアイテム
zunda結論
gpg --show-keyでnotationを表示させるには--with-sig-listオプションが、gpg --list-keysでnotationを表示させるには--with-sig-list --list-options show-notationsが必要。g10/gpg.cとg10/keylist.cをいじりまわしてやっとわかった。
例
$ gpg --show-key --with-sig-list ~/Downloads/9F0048AC0B23301E1F77E994909F6BD6F80F485D.asc | head
pub rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid Yarmo Mackenbach <yarmo@yarmo.eu>
sig 3 N 909F6BD6F80F485D 2021-01-13 Yarmo Mackenbach <yarmo@yarmo.eu>
Signature notation: proof@metacode.biz=https://codeberg.org/yarmo/gitea_proof
Signature notation: proof@metacode.biz=xmpp:yarmo@404.city?omemo-sid-172925472=3fc7cbdcff2644e1daa772555f47973b062b9d9fc238017dd536f422b5cc187c;omemo-sid-867444219=a46bb6abdd8c73b8a4d6c2ebfcfd66eff6a6be1a27480f2334babf932eed2d16
Signature notation: proof@metacode.biz=https://dev.to/yarmo/openpgp-identity-proof-2hbl
Signature notation: proof@metacode.biz=https://community.home-assistant.io/u/yarmom
Signature notation: proof@metacode.biz=https://news.ycombinator.com/user?id=Yolta
Signature notation: proof@metacode.biz=dns:yarmo.eu?type=TXT
$ gpg --list-keys --with-sig-list --list-options show-notations 9F0048AC0B23301E1F77E994909F6BD6F80F485D | head
pub rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid [ unknown] Yarmo Mackenbach <yarmo@yarmo.eu>
sig 3 N 909F6BD6F80F485D 2021-01-13 Yarmo Mackenbach <yarmo@yarmo.eu>
Signature notation: proof@metacode.biz=https://codeberg.org/yarmo/gitea_proof
Signature notation: proof@metacode.biz=xmpp:yarmo@404.city?omemo-sid-172925472=3fc7cbdcff2644e1daa772555f47973b062b9d9fc238017dd536f422b5cc187c;omemo-sid-867444219=a46bb6abdd8c73b8a4d6c2ebfcfd66eff6a6be1a27480f2334babf932eed2d16
Signature notation: proof@metacode.biz=https://dev.to/yarmo/openpgp-identity-proof-2hbl
Signature notation: proof@metacode.biz=https://community.home-assistant.io/u/yarmom
Signature notation: proof@metacode.biz=https://news.ycombinator.com/user?id=Yolta
Signature notation: proof@metacode.biz=dns:yarmo.eu?type=TXT
$ mkdir -p ~/local/gpg
$ cd !$
$ git clone git://git.gnupg.org/gnupg.git
$ cd gnupg
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
:
configure:
***
*** You need libgpg-error to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/gpgrt
*** (at least version 1.41 is required.)
***
configure:
***
*** You need libgcrypt to build this program.
** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libgcrypt/
*** (at least version 1.9.0 (API 1) is required.)
***
configure:
***
*** You need libassuan to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libassuan/
*** (at least version 2.5.0 (API 2) is required).
***
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
configure:
***
*** It is now required to build with support for the
*** New Portable Threads Library (nPth). Please install this
*** library first. The library is for example available at
*** https://gnupg.org/ftp/gcrypt/npth/
*** (at least version 1.2 (API 1) is required).
***
configure: error:
***
*** Required libraries not found. Please consult the above messages
*** and install them before running configure again.
***
$ cd ~/local/gpg
$ git clone git://git.gnupg.org/libgpg-error.git
$ cd libgpg-error
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
:
/home/zunda/local/gpg/src/libgpg-error/build-aux/missing: line 81: makeinfo: command not found
WARNING: 'makeinfo' is missing on your system.
$ makeinfo
Command 'makeinfo' not found, but can be installed with:
sudo apt install texinfo
$ sudo apt install texinfo
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libtext-unidecode-perl libxml-libxml-perl libxml-namespacesupport-perl
libxml-sax-base-perl libxml-sax-expat-perl libxml-sax-perl tex-common
:
$ cd ~/local/gpg/libgpg-error
$ make
$ make install
$ cd ~/local/gpg
$ git clone git://git.gnupg.org/libgcrypt.git
$ cd libgcrypt/
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
:
checking for GPG Error - version >= 1.27... no
:
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
:
make[2]: Entering directory '/home/zunda/local/gpg/src/libgcrypt/doc'
fig2dev -L eps `test -f 'libgcrypt-modules.fig' || echo './'`libgcrypt-modules.fig libgcrypt-modules.eps
/bin/bash: fig2dev: command not found
:
$ sudo apt install fig2dev
:
The following additional packages will be installed:
gawk
:
$ cd ~/local/gpg/libgcrypt
$ make
$ make install
$ cd ~/local/gpg/src
$ git clone git://git.gnupg.org/libassuan.git
$ cd libassuan/
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
:
configure: error: libgpg-error was not found
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
$ make install
$ cd ~/local/gpg/src
$ git clone git://git.gnupg.org/libksba.git
$ cd libksba
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
:
configure: error: libgpg-error is needed.
See ftp://ftp.gnupg.org/gcrypt/libgpg-error/ .
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg
$ make
:
make[2]: Entering directory '/home/zunda/local/gpg/src/libksba/src'
/bin/bash ../build-aux/ylwrap asn1-parse.y y.tab.c asn1-parse.c y.tab.h `echo asn1-parse.c | sed -e s/cc$/hh/ -e s/cpp$/hpp/ -e s/cxx$/hxx/ -e s/c++$/h++/ -e s/c$/h/` y.output asn1-parse.output -- yacc
../build-aux/ylwrap: line 175: yacc: command not found
:
$ yacc
Command 'yacc' not found, but can be installed with:
sudo apt install bison # version 2:3.5.1+dfsg-1, or
sudo apt install bison++ # version 1.21.11-4build1
sudo apt install btyacc # version 3.0-5build1
sudo apt install byacc # version 20140715-1build1
sudo apt install byacc-j # version 1.15-1build3
sudo apt install perl-byacc # version 2.0-8
$ sudo apt install bison
$ cd ~/local/gpg/src/libksba
$ make
$ make install
$ cd ~/local/gpg/src
$ git clone git://git.gnupg.org/npth.git
$ cd npth
$ ./autogen.sh
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode
$ make
$ make install
$ cd ~/local/gpg/src/gnupg
$ $ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg
:
configure:
***
*** You need libksba to build this program.
*** This library is for example available at
*** https://gnupg.org/ftp/gcrypt/libksba/
*** (at least version 1.3.4 using API 1 is required).
***
:
あれれ?
--with-ksba-prefixも指定する必要があった。
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg
:
GnuPG v2.3.0-beta1592 has been configured as follows:
Revision: 5c2ff8833 (23599)
Platform: GNU/Linux (x86_64-pc-linux-gnu)
OpenPGP: yes
S/MIME: yes
Agent: yes
Smartcard: yes (without internal CCID driver)
G13: no
Dirmngr: no
Keyboxd: yes
Gpgtar: yes
WKS tools: yes
Protect tool: (default)
LDAP wrapper: (default)
Default agent: (default)
Default pinentry: (default)
Default scdaemon: (default)
Default keyboxd: (default)
Default dirmngr: (default)
Dirmngr auto start: yes
Readline support: yes
LDAP support: n/a
TLS support: no
TOFU support: yes
Tor support: only .onion
makeにすすむ
$ make
:
Making all in doc
make[2]: Entering directory '/home/zunda/local/gpg/src/gnupg/doc'
convert `test -f 'gnupg-module-overview.svg' || echo './'`gnupg-module-overview.svg gnupg-module-overview.png
convert `test -f 'gnupg-module-overview.svg' || echo './'`gnupg-module-overview.svg gnupg-module-overview.pdf
convert-im6.q16: attempt to perform an operation not allowed by the security policy `PDF' @ error/constitute.c/IsCoderAuthorized/408.
そうきたかw
$ ./configure --prefix=$HOME/local/gpg --enable-maintainer-mode --with-libgpg-error-prefix=$HOME/local/gpg --with-libgcrypt-prefix=$HOME/local/gpg --with-libassuan-prefix=$HOME/local/gpg --with-ksba-prefix=$HOME/local/gpg --with-libksba-prefix=$HOME/local/gpg --with-npth-prefix=$HOME/local/gpg --disable-doc
$ make
$ make install
$ ~/local/gpg/bin/gpg --version
/home/zunda/local/gpg/bin/gpg: symbol lookup error: /home/zunda/local/gpg/bin/gpg: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
あれれ?makeしなおしてみると文句を言われていた。
make[3]: Entering directory '/home/zunda/local/gpg/src/gnupg/tests'
gcc -DHAVE_CONFIG_H -I. -I.. -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-format-zero-length -Wno-missing-field-initializers -Wdeclaration-after-statement -Wlogical-op -Wvla -Wno-pointer-sign -Wpointer-arith -g -O2 -MT asschk.o -MD -MP -MF .deps/asschk.Tpo -c -o asschk.o asschk.c
mv -f .deps/asschk.Tpo .deps/asschk.Po
gcc -O3 -Wall -Wcast-align -Wshadow -Wstrict-prototypes -Wformat -Wno-format-y2k -Wformat-security -W -Wno-sign-compare -Wno-format-zero-length -Wno-missing-field-initializers -Wdeclaration-after-statement -Wlogical-op -Wvla -Wno-pointer-sign -Wpointer-arith -g -O2 -o asschk asschk.o
srcdir=. GNUPGHOME=`/bin/pwd` GPG_AGENT_INFO= LC_ALL=C GPGSM="../sm/gpgsm" "./runtest" ./inittests
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
../sm/gpgsm: symbol lookup error: ../sm/gpgsm: undefined symbol: gpgrt_set_confdir, version GPG_ERROR_1.0
echo timestamp >./inittests.stamp
ldしてみるとそもそもlibgpg-error等へのパスが記録されていない
$ cd ~/local/gpg
$ ldd bin/gpg
linux-vdso.so.1 (0x00007ffe579f9000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fc286dfe000)
libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007fc286cd5000)
libgcrypt.so.20 => /lib/x86_64-linux-gnu/libgcrypt.so.20 (0x00007fc286bb7000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007fc286b94000)
libreadline.so.8 => /lib/x86_64-linux-gnu/libreadline.so.8 (0x00007fc286b44000)
libassuan.so.0 => /lib/x86_64-linux-gnu/libassuan.so.0 (0x00007fc286b2f000)
libnpth.so.0 => /lib/x86_64-linux-gnu/libnpth.so.0 (0x00007fc286b27000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fc286b04000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc286912000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc2867c3000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fc2867bd000)
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007fc28678d000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc286f51000)
LD_LIBRARY_PATHを設定しておくことでライブラリを見つけられるようになった。
$ LD_LIBRARY_PATH=$HOME/local/gpg/lib ldd bin/gpg
linux-vdso.so.1 (0x00007ffe53ba3000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f3a223cc000)
libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f3a222a3000)
libgcrypt.so.20 => /home/zunda/local/gpg/lib/libgcrypt.so.20 (0x00007f3a22175000)
libgpg-error.so.0 => /home/zunda/local/gpg/lib/libgpg-error.so.0 (0x00007f3a2214e000)
libreadline.so.8 => /lib/x86_64-linux-gnu/libreadline.so.8 (0x00007f3a220fe000)
libassuan.so.0 => /home/zunda/local/gpg/lib/libassuan.so.0 (0x00007f3a220e8000)
libnpth.so.0 => /home/zunda/local/gpg/lib/libnpth.so.0 (0x00007f3a220df000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f3a220bc000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3a21eca000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f3a21d7b000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f3a21d75000)
libtinfo.so.6 => /lib/x86_64-linux-gnu/libtinfo.so.6 (0x00007f3a21d45000)
/lib64/ld-linux-x86-64.so.2 (0x00007f3a2251f000)
$ LD_LIBRARY_PATH=$HOME/local/gpg/lib bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
ビルドしなおしておこう。
$ cd src/gnupg/
$ export LD_LIBRARY_PATH=$HOME/local/gpg/lib
$ make clean
$ make
$ make check
:
Checking trust signature with domain restrictions...
gpgscm: error running '/home/zunda/local/gpg/src/gnupg/tools/gpgconf': terminated
*** stack smashing detected ***: terminated
0: tests.scm:129: (throw (:stderr result))
1: defs.scm:151: (call-popen `(,(tool-hardcoded 'gpgconf) ,@(if installed? '() (list '--build-prefix (getenv "objdir"))) ,@args) input)
2: defs.scm:185: (gpg-conf' (string-append key ":0:" (percent-encode value')) `(--change-options ,component))
3: common.scm:59: ((*colon-hook* 'update trust-model) "pgp")
FAIL: <standard>tests/openpgp/trust-pgp-4.scm
===================
61 tests run, 54 succeeded, 6 failed, 0 failed expectedly, 0 succeeded unexpectedly, 1 skipped.
Failed tests: <standard>tests/openpgp/trust-pgp-4.scm <standard>tests/openpgp/gpgconf.scm <standard>tests/openpgp/trust-pgp-3.scm <standard>tests/openpgp/trust-pgp-2.scm <standard>tests/openpgp/trust-pgp-1.scm <standard>tests/openpgp/tofu.scm
Skipped tests: <standard>tests/openpgp/4gb-packet.scm
===================
make[2]: *** [Makefile:922: xcheck] Error 6
make[2]: Leaving directory '/home/zunda/local/gpg/src/gnupg/tests/openpgp'
make[1]: *** [Makefile:551: check-recursive] Error 1
make[1]: Leaving directory '/home/zunda/local/gpg/src/gnupg/tests'
make: *** [Makefile:619: check-recursive] Error 1
ありゃりゃ。しかし進む。
$ make install
$ ~/local/gpg/bin/gpg --version
gpg (GnuPG) 2.3.0-beta1592
libgcrypt 1.9.3-beta4
NOTE: THIS IS A DEVELOPMENT VERSION!
It is only intended for test purposes and should NOT be
used in a production environment or with production keys!
Copyright (C) 2020 Free Software Foundation, Inc.
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/zunda/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
AEAD: EAX, OCB
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB
しかしnotationは見えないなあ
$ LD_LIBRARY_PATH=$HOME/local/gpg/lib ~/local/gpg/bin/gpg --show-key ~/Downloads/9F0048AC0B23301E1F77E994909F6BD6F80F485D.asc;
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
pub rsa4096 2019-07-10 [SC] [expires: 2022-12-23]
9F0048AC0B23301E1F77E994909F6BD6F80F485D
uid Yarmo Mackenbach <yarmo@yarmo.eu>
uid Yarmo Mackenbach <yarmo@keyoxide.org>
uid Yarmo Mackenbach <yarmo@mackenba.ch>
sub rsa2048 2020-12-09 [A]
sub rsa3072 2019-07-10 [E]
sub rsa4096 2019-08-16 [S]
このスクラップは2021/02/26にクローズされました