HOWTO:  Build GnuPG on OS X

by Gordon Worley <redbird@rbisland.cx>

Version 3.0.1 (6 Aug 2002)

Introduction:

This document describes how to build GnuPG on Mac OS X 10.1+.  The process
is pretty much the same as normal, but requires some extra effort to
get around OS X's 'features'.  For the latest version of this
document, check the Mac GPG Web site <http://macgpg.sourceforge.net/>.


How To:

Begin by downloading and verifying the GnuPG archives from
<http://www.gnupg.org/>.  Then, you need to download the patch found on
<http://macgpg.sf.net/> for OS X and verify them.  Here's what to type:

curl -O ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz
curl -O ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.7.tar.gz.sig
curl -O http://macgpg.sourceforge.net/patches/gnupg-1.0.7-darwin.diff

To verify:

gpg --verify gnupg-1.0.7.tar.gz.sig

or, if you don't have an older copy of GnuPG or another OpenPGP program
(NEVER verify the version of GnuPG you download with itself), use the MD5
checksums found on the GnuPG Web site and compare with the checksum from:

openssl md5 gnupg-1.0.7.tar.gz

Do the same with the patch (the .diff file).

Next, untar GnuPG:

tar -xzf gnupg-1.0.7.tar.gz

Copy the patch into the GnuPG folder and apply it:

cp gnupg-1.0.7-darwin.diff gnupg-1.0.7/
cd gnupg-1.0.7/
patch -p 1 < gnupg-1.0.7-darwin.diff

This will apply everything at once.  Look at the diff files for details on
what they do.  Thanks to Jeremy Cooper <jeremy@baymoo.org> for the asm
patch, Laurie Brown <laurieb@mac.com> for the mlock patch, and numerous
folks for getting dynload working.

When you run configure, you need to make sure you have the proper
options set.  Run configure as such for best results:

./configure

Now, all you have to do is type:

make
sudo make install

Also, it's probably a good idea to run make check before you install, to
make sure that your system will be safe on which to run GnuPG.  You may
need to run make check with the -i option.

make check -i

Once you get GnuPG installed, it wouldn't hurt to check the quality of the
random numbers being produced by /dev/random.  To test this, first type:

gpg --gen-random 0 > rnd &

and after a little while kill the process (once you've got 20 or 30 MB of
random numbers).  Then, using a program like ent, check the quality of the
numbers.  Of particular interest will be the entropy, compressibility, and
chi^2 p-value (this should be as high as possible, as low as possible, and
as close to .5 as possible, respectively; see ent documentation for more
details).

If you want to install IDEA, you can find instructions on the Mac GPG Web
site <http://macgpg.sf.net/>.


Caveats:

Due to complications with the current configure scripts, the tiger module is
NOT compiled and loaded when you build following these instructions.  The
solution is to build it yourself (I haven't done that, but in theory you
can) or grab it from GnuPG 1.0.6.  If you already have it installed from a
previous install, you will not have any trouble loading it.


Contact:

Questions, bug reports, etc. about this document can be sent to Gordon
Worley at <redbird@rbisland.cx>.


Thanks:

A big thank you to Sebastian Hagedorn <Hagedorn@spinfo.uni-koeln.de>
and Bryan Blackburn <blb@pobox.com>, who figured out what was wrong
with configure and provided fixes with 1.0.5/6.  Thank you to Jeremy Cooper
<jeremy@baymoo.org> who did the asm patch.  More thanks to Laurie Brown
<laurieb@mac.com>, who came up with the secmem patch.
