Tuesday, June 24, 2014

Compiling GnuPG on OS X

First make a directory to hold the compiled files:

sudo mkdir /usr/local/gpg

Create a text file /etc/paths.d/gpg with the following contents:

/usr/local/gpg/bin

Open a new terminal for the PATH changes to take effect, or just append /usr/local/gpg/bin to your $PATH.

Download the latest GnuPG from https://www.gnupg.org/download/index.html. The latest version is 2.0.24 as of today. Download the signature file and verify the signature. Extract the archive:

tar xjf ~/Downloads/gnupg-2.0.24.tar.bz2
cd gnupg-2.0.24

In the README file you'll see that you need the following dependencies

GnuPG 2.0 depends on the following packages:

libgpg-error     (ftp://ftp.gnupg.org/gcrypt/libgpg-error/)
libgcrypt        (ftp://ftp.gnupg.org/gcrypt/libgcrypt/)
libksba          (ftp://ftp.gnupg.org/gcrypt/libksba/)
libassuan >= 2.0 (ftp://ftp.gnupg.org/gcrypt/libassuan/)

You also need the Pinentry package for most function of GnuPG; however
it is not a build requirement.  Pinentry is available at
ftp://ftp.gnupg.org/gcrypt/pinentry/ .

Download the latest libgpg-error, along with its signature file, and verify the signature. Extract the archive, configure, make and install:

tar xzf ~/Downloads/libgpg-error-1.13.tar.gz
cd libgpg-error-1.13
./configure --prefix /usr/local/gpg
make
sudo make install

Download the latest libgcrypt, along with its signature file. Extract the archive, configure, make and install:

tar xzf ~/Downloads/libgcrypt-1.6.1.tar.gz
cd libgcrypt-1.6.1
./configure --prefix /usr/local/gpg --disable-aesni-support --disable-asm
make
make check
sudo make install

As you can see, I disabled AESNI support, because while I can examine the source code of this software to get some confidence that there are no backdoors, I can't examine the implementation of the AESNI instructions in the CPU. Therefore I can't trust that hardware AESNI doesn't have a backdoor. I also disabled assembly, because otherwise it fails to compile on OS X.

Download the latest libksba, along with its signature file. Extract the archive, configure, make and install:

tar xjf ~/Downloads/libksba-1.3.0.tar.bz2
cd libksba-1.3.0
./configure --prefix /usr/local/gpg
make
sudo make install

Download the latest libassuan, along with its signature file, and verify the signature. Extract the archive, configure, make and install:

tar xjf ~/Downloads/libassuan-2.1.1.tar.bz2
cd libassuan-2.1.1
./configure --prefix /usr/local/gpg
make
sudo make install

Download the latest pinentry, along with its signature file, and verify the signature. Extract the archive, configure, make and install:

tar xjf ~/Downloads/pinentry-0.8.3.tar.bz2
cd pinentry-0.8.3
./configure --prefix /usr/local/gpg --disable-pinentry-gtk --disable-pinentry-gtk2 --disable-pinentry-qt --disable-pinentry-qt4
make
make install

If you don't disable gtk and qt options, it will complain about not finding X.

You also need to download the latest pth, along with its signature file. Extract the archive, configure, make and install:

tar xzf ~/Downloads/pth-2.0.7.tar.gz
cd pth-2.0.7
./configure --prefix /usr/local/gpg
make
make test
make install

Back to gnupg:

cd gnupg-2.0.24
./configure --prefix /usr/local/gpg
make

You run into a problem here, the compilation fails:

...
Making all in gl
...
gcc -DHAVE_CONFIG_H -I. -I..     -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -MT allocsa.o -MD -MP -MF .deps/allocsa.Tpo -c -o allocsa.o allocsa.c
In file included from allocsa.c:21:
In file included from ./allocsa.h:23:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/stdlib.h:65:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/sys/wait.h:110:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/sys/resource.h:72:
In file included from ./stdint.h:66:
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/inttypes.h:235:8: error: 
      unknown type name 'intmax_t'
extern intmax_t
...

If you look at /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/sys/resource.h:72, you can see that it says

#include <stdint.h>

It's meant to include /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/stdint.h, which would get intmax_t defined by including _types/_intmax_t.h. Unfortunately instead of including the correct stdint.h, it ends up including gl/stdint.h from GnuPG. If you look at gl/stdint.h on line 46, you see:

# include "///Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/../lib/clang/5.1/include/stdint.h"

If you replace that line with

# include "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/stdint.h"

and then type make, everything compiles just fine. Then you run sudo make install and everything's done.

4 comments:

steve said...
This comment has been removed by the author.
steve said...

Thanks for your GPG post Gary. After fixing the #include in stdint.h and running make I get one more make error. Any ideas?

This thread http://www.gossamer-threads.com/lists/gnupg/users/66259 mentions using the latest version of libgpg-error (of which I'm using version 1.13, which I believe to be the latest).

$ make
[ ... snip ... ]
gcc -I/usr/local/include -I/usr/local/include -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -Wpointer-arith -o t-sexputil t-sexputil.o libcommon.a ../gl/libgnu.a -L/usr/local/lib -lgcrypt -lgpg-error -lassuan -L/usr/local/lib -lgpg-error -L/usr/local/lib -lgpg-error -liconv
Undefined symbols for architecture x86_64:
"_default_errsource", referenced from:
_parse_ber_header in libcommon.a(libcommon_a-tlv.o)
_parse_sexp in libcommon.a(libcommon_a-tlv.o)
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)

make[3]: *** [t-sexputil] Error 1
make[2]: *** [all] Error 2
make[1]: *** [all-recursive] Error 1
make: *** [all] Error 2


$ clang -v
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.3.0
Thread model: posix

steve said...

Heh, found the solution... Use a linux workstation :)

$ gpg2 --version
gpg (GnuPG) 2.1.0-beta751
libgcrypt 1.6.1

gpg:$ uname -a
Linux localhostname 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

Vinod Kumar said...

Awesome!!! It worked...