mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-12 13:16:57 +01:00
92 lines
3.0 KiB
Plaintext
92 lines
3.0 KiB
Plaintext
@c instguide.texi - Installation guide for GnuPG
|
|
@c Copyright (C) 2006 Free Software Foundation, Inc.
|
|
@c This is part of the GnuPG manual.
|
|
@c For copying conditions, see the file gnupg.texi.
|
|
|
|
@node Installation
|
|
@chapter A short installation guide.
|
|
|
|
Unfortunately the installation guide has not been finished in time.
|
|
Instead of delaying the release of GnuPG 2.0 even further, I decided to
|
|
release without that guide. The chapter on gpg-agent and gpgsm do
|
|
include brief information on how to set up the whole thing. Please
|
|
watch the GnuPG website for updates of the documentation. In the
|
|
meantime you may search the GnuPG mailing list archives or ask on the
|
|
gnupg-users mailing listsfor advise on how to solve problems or how to
|
|
get that whole thing up and running.
|
|
|
|
** Building the software
|
|
|
|
Building the software is decribed in the file @file{INSTALL}. Given
|
|
that you are already reading this documentation we can only give some
|
|
extra hints
|
|
|
|
To comply with the rules on GNU systems you should have build time
|
|
configured @command{dirmngr} using:
|
|
|
|
@example
|
|
./configure --sysconfdir=/etc --localstatedir=/var
|
|
@end example
|
|
|
|
This is to make sure that system wide configuration files are searched
|
|
in the directory @file{/etc/gnupg} and variable data below @file{/var};
|
|
the default would be to also install them below @file{/usr/local} where
|
|
the binaries get installed. If you selected to use the
|
|
@option{--prefix=/} you obviously don't need those option as they are
|
|
the default then.
|
|
|
|
|
|
|
|
** Explain how to setup a root CA key as trusted
|
|
|
|
|
|
Such questions may also help to write a proper installation guide.
|
|
|
|
[to be written]
|
|
|
|
|
|
XXX Tell how to setup the system, install certificates, how dirmngr relates
|
|
to GnuPG etc.
|
|
|
|
** Explain how to setup a root CA key as trusted
|
|
|
|
X.509 is based on a hierarchical key infrastructure. At the root of the
|
|
tree a trusted anchor (root certificate) is required. There are usually
|
|
no other means of verifying whether this root certificate is trustworthy
|
|
than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
|
|
to keep track of all root certificates it knows about. There are 3 ways
|
|
to get certificates into this list:
|
|
|
|
@itemize
|
|
@item
|
|
Use the list which comes with GnuPG. However this list only
|
|
contains a few root certificates. Most installations will need more.
|
|
|
|
@item
|
|
Let @command{gpgsm} ask you whether you want to insert a new root
|
|
certificate. To enable this feature you need to set the option
|
|
@option{allow-mark-trusted} into @file{gpg-agent.conf}. In general it
|
|
is not a good idea to do it this way. Checking whether a root
|
|
certificate is really trustworthy requires decisions, which casual
|
|
users are not up to. Thus, by default this option is not enabled.
|
|
|
|
@item
|
|
Manually maintain the list of trusted root certificates. For a multi
|
|
user installation this can be done once for all users on a machine.
|
|
Specific changes on a per-user base are also possible.
|
|
@end itemize
|
|
|
|
XXX decribe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
|
|
|
|
|
|
** How to get the ssh support running
|
|
|
|
XXX How to use the ssh support.
|
|
|
|
|
|
@section Installation Overview
|
|
|
|
XXXX
|
|
|
|
|