GnuPG 2.2 on elder Debian & Ubuntu distros

Phil Pennock gnupg-devel at spodhuis.org
Fri Oct 27 18:24:45 CEST 2017 

On 2017-10-27 at 16:06 +0200, Bernhard Reiter wrote:
> As a number of GNU distributions are still around and maintained, 
> the questions comes up: How does someone get packages
> for GnuPG 2.2?
> 
> Right now I focus on deb based systems:
> 
>   Debian Jessie, Stretch
>   Ubuntu LTS 12.04, 14.06, 16.04

Because the package repo verification uses PGP and other bits of system
tooling have certain expectations of GnuPG as-installed, I have taken
the stance of "leave the system installs alone".  Instead, I use
`/opt/gnupg` and I install everything under there.

I then use Vagrant to build for various different OS/distribution
releases.

Thus at <https://public-packages.pennock.tech/> I have packages for 4 of
the 5 releases you mention (amd64-only).  I install the `optgnupg-gnupg`
package and I end up with:
  ii  optgnupg-gmp              6.1.2-pt2
  ii  optgnupg-gnupg            2.2.1-pt1
  ii  optgnupg-gnutls           3.5.15-pt2
  ii  optgnupg-libassuan        2.4.3-pt1
  ii  optgnupg-libgcrypt        1.8.1-pt1
  ii  optgnupg-libgpg-error     1.27-pt1
  ii  optgnupg-libksba          1.3.5-pt1
  ii  optgnupg-nettle           3.3-pt1
  ii  optgnupg-npth             1.5-pt1
  ii  optgnupg-pinentry         1.0.0-pt3

It's then just a matter of using `$PATH` for users so that I can use a
capable modern GnuPG for all my stuff, while leaving the system tooling
alone.

I'm using `aptly` for managing the apt repo setup.

There's a `swdb.lst` file (and associated signature) which tells you the
current versions of all the GnuPG software.

I have an "X depends on Y" config file which I can feed into tsort(1)
which currently produces this package dependency ordering:

  libgpg-error npth gmp libassuan libksba libgcrypt nettle pinentry gnutls gnupg22

To help you get started, I've attached two JSON files which I use as
configuration for the builds, reading them should help see how things
fit together and what options are needed.

-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: configures.json
Type: application/json
Size: 3089 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171027/caef4dca/attachment.json>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: versions.json
Type: application/json
Size: 748 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171027/caef4dca/attachment-0001.json>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171027/caef4dca/attachment.sig>

More information about the Gnupg-devel mailing list