How can we utilize latest GPG from RPM repository?

Konstantin Ryabitsev konstantin at
Fri Feb 16 14:38:56 CET 2018

On 02/14/18 15:20, gpg at (helices) wrote:
> CentOS 7 uses gnupg2 v2.0.22. EPEL doesn't have anything newer.
> We want to move to v2.2.x, and stay current, but we don't want to download
> source and compile for dozens of systems.

I had a similar need (because my users started to use ECC keys).
Unfortunately, there are no simple answers to this -- to upgrade GnuPG
you would need to upgrade the libraries it depends on (such as
libgcrypt, libassuan, etc), and this cascades to a lot of other things.

I suggest you build gnupg-2.2 without shared libraries and make it
available under /opt/gnupg22:

make build-aux/ native INSTALL_DIR=/opt/gnupg22 LDFLAGS=-static

(if someone can recommend a better way that only statically links
gnupg's own libraries like libassuan and libgpg-error, but uses shared
objects for other system libraries, please let me know, as I didn't find
any quickie ways to do it!)

You will need to install at least glibc-static for this, alongside all
other compilation tools. Alternatively, you can build and RPM that does
the same thing -- with the bonus that you don't need to build it
statically if you set it up to correctly handle LD_LIBRARY_PATH bits.

> We want all users to be using the same version all of the time.

Is that for documentation purposes, or because you need features from
gnupg-2.2 that aren't in gnupg-2.0?

Konstantin Ryabitsev
Director, IT Infrastructure Security
The Linux Foundation

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list