4 This is a library that defines common error values for all GnuPG
5 components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt,
6 Libksba, DirMngr, Pinentry, SmartCard Daemon and more.
8 libgpg-error is free software; you can redistribute it and/or modify
9 it under the terms of the GNU Lesser General Public License as
10 published by the Free Software Foundation; either version 2.1 of the
11 License, or (at your option) any later version. See the file
12 COPYING.LIB for copyright and warranty information.
14 However, some files (for example src/mkerrnos.awk) used in the build
15 process of the library are covered by a different license. Please see
16 the header of these files and the file COPYING for copyright and
17 warranty information on these files. A special exception in the
18 copyright license of these files makes sure that the output in the
19 build process, which is used in libgpg-error, is not affected by the
26 Please read the file INSTALL!
28 Here is a quick summary:
30 1) Check that you have unmodified sources. You can find instructions
31 how to verify the sources below. Don't skip this - it is an
34 2) Unpack the archive. With GNU tar you can do it this way:
35 "tar xjvf libgpg-error-x.y.tar.bz2"
37 3) "cd libgpg-error-x.y"
46 How to Verify the Source
47 ------------------------
49 In order to check that the version of libgpg-error which you are going
50 to install is an original and unmodified copy of the original, you can
51 do it in one of the following ways:
53 a) If you already have a trusted version of GnuPG installed, you can
54 simply check the supplied signature:
56 $ gpg --verify libgpg-error-x.y.tar.bz2.sig
58 This checks that the detached signature libgpg-error-x.y.tar.bz2.sig
59 is indeed a a signature of libgpg-error-x.y.tar.bz2.
61 Please note that you have to use an old version of GnuPG to do all
62 this stuff. *Never* use the version which was built using the
63 library you are trying to verify!
65 b) If you don't have any a trusted version of GnuPG, you can attempt
66 to verify the SHA1 checksum, using a trusted version of the sha1sum
69 $ sha1sum libgpg-error-x.y.tar.bz2
71 This should yield an output _similar_ to this:
73 610064e5b77700f5771c8fde2691c4365e1ca100 libgpg-error-x.y.tar.bz2
75 Now check that this checksum is _exactly_ the same as the one
76 published via the announcement list and probably via Usenet.