How can we utilize latest GPG from RPM repository?
konstantin at linuxfoundation.org
Fri Feb 16 14:38:56 CET 2018
On 02/14/18 15:20, gpg at mdsresource.net (helices) wrote:
> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
> We want to move to v2.2.x, and stay current, but we don't want to download
> source and compile for dozens of systems.
I had a similar need (because my users started to use ECC keys).
Unfortunately, there are no simple answers to this -- to upgrade GnuPG
you would need to upgrade the libraries it depends on (such as
libgcrypt, libassuan, etc), and this cascades to a lot of other things.
I suggest you build gnupg-2.2 without shared libraries and make it
available under /opt/gnupg22:
make build-aux/speedo.mk native INSTALL_DIR=/opt/gnupg22 LDFLAGS=-static
(if someone can recommend a better way that only statically links
gnupg's own libraries like libassuan and libgpg-error, but uses shared
objects for other system libraries, please let me know, as I didn't find
any quickie ways to do it!)
You will need to install at least glibc-static for this, alongside all
other compilation tools. Alternatively, you can build and RPM that does
the same thing -- with the bonus that you don't need to build it
statically if you set it up to correctly handle LD_LIBRARY_PATH bits.
> We want all users to be using the same version all of the time.
Is that for documentation purposes, or because you need features from
gnupg-2.2 that aren't in gnupg-2.0?
Director, IT Infrastructure Security
The Linux Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users