-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HOWTO: Build GnuPG on OS X by Gordon Worley Version 2.5 (20 March 2002) Introduction: This document describes how to build GnuPG on Mac OS X 10.1+. The process is pretty much the same as normal, but requires some extra effort to get around OS X's 'features'. For the latest version of this document, check the Mac GPG Web site . How To: Begin by downloading and verifying the GnuPG archives from . Then, you need to download the patch found on for OS X and verify them. Here's what to type: curl -O ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz curl -O ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-1.0.6.tar.gz.sig curl -O http://macgpg.sf.net/patches/gnupg-1.0.6-darwin.diff Now, to verify just do: gpg --verify gnupg-1.0.6.tar.gz.sig or, if you don't have an older copy of GnuPG or another OpenPGP program (NEVER verify the version of GnuPG you download with itself), use the MD5 checksums found on the GnuPG Web site. Next, untar GnuPG: tar -xzf gnupg-1.0.6.tar.gz Copy the patch into the GnuPG folder and apply it: cp gnupg-1.0.6-darwin.diff gnupg-1.0.6/ cd gnupg-1.0.6/ patch -p 1 < gnupg-1.0.6-darwin.diff This will apply everything at once. Look at the diff files for details on what they do. Thanks to Jeremy Cooper for the asm patch, Laurie Brown for the mlock patch, and numerous folks for getting dynload working. When you run configure, you need to make sure you have the proper options set. Run configure as such for best results: ./configure Now, all you have to do is type: make sudo make install If during make you encounter an error in a file called dynload.c, see the note below. Also, it's probably a good idea to run make check before you install, to make sure that your system will be safe on which to run GnuPG. You may need to run make check with the -i option. Once you get GnuPG installed, it probably wouldn't hurt to check the quality of the random numbers being produced by /dev/random. To test this, first type: gpg --gen-random 0 > rnd & and after a little while kill the process (once you've got 20 or 30 MB of random numbers). Then, using a program like ent, check the quality of the numbers. Of particular interest will be the entropy, compressibility, and chi^2 p-value (this should be as high as possible, as low as possible, and as close to .5 as possible, respectively; see ent documentation for more details). NOTE: dynload.c won't compile On some systems dynload.c, even when patched, won't compile. The problem is that configure thinks that libraries exist on your computer that do not (this can happen if you install a lot of different Unix utilities). The solution is to open the file gnupg-1.0.6/cipher/dynload.c and add the following lines near the top of the file (don't type the '>'; that's just to show you what lines you're adding): #include #include #include > #undef HAVE_DL_DLOPEN > #undef HAVE_DLD_DLD_LINK > #undef HAVE_DL_SHL_LOAD > #define HAVE_DYLD #ifdef HAVE_DL_DLOPEN #include #elif defined(HAVE_DLD_DLD_LINK) Now run make again the the file should compile. If it still won't work and you don't really need dynamic modules, rm config.cache and run configure again with the --disable-dynload option. Otherwise, ask around macgpg-users for assistance. Contact: Questions, bug reports, etc. about this document can be sent to Gordon Worley at . Thanks: A big thank you to Sebastian Hagedorn and Bryan Blackburn , who figured out what was wrong with configure and provided fixes. Thank you to Jeremy Cooper who did the asm patch. More thanks to Laurie Brown , who came up with the secmem patch. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Darwin) Comment: http://www.rbisland.cx/publickeys.html iEYEARECAAYFAjyb6nkACgkQK8yA4fmonfHz/wCfWUqBw9+usEOq+txoB9b/M3+d 3kcAoKATyZKooFKqgV0tlbA2hZpoIc0B =MG+c -----END PGP SIGNATURE-----