libgpg-error ============ This is a library that defines common error values for all GnuPG components. Among these are GPG, GPGSM, GPGME, GPG-Agent, libgcrypt, Libksba, DirMngr, Pinentry, SmartCard Daemon and more. libgpg-error is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. See the file COPYING.LIB for copyright and warranty information. However, some files (for example src/mkerrnos.awk) used in the build process of the library are covered by a different license. Please see the header of these files and the file COPYING for copyright and warranty information on these files. A special exception in the copyright license of these files makes sure that the output in the build process, which is used in libgpg-error, is not affected by the GPL. Installation ------------ Please read the file INSTALL! Here is a quick summary: 1) Check that you have unmodified sources. You can find instructions how to verify the sources below. Don't skip this - it is an important step! 2) Unpack the archive. With GNU tar you can do it this way: "tar xjvf libgpg-error-x.y.tar.bz2" 3) "cd libgpg-error-x.y" 4) "./configure" 5) "make" 6) "make install" How to Verify the Source ------------------------ In order to check that the version of libgpg-error which you are going to install is an original and unmodified copy of the original, you can do it in one of the following ways: a) If you already have a trusted version of GnuPG installed, you can simply check the supplied signature: $ gpg --verify libgpg-error-x.y.tar.bz2.sig This checks that the detached signature libgpg-error-x.y.tar.bz2.sig is indeed a a signature of libgpg-error-x.y.tar.bz2. Please note that you have to use an old version of GnuPG to do all this stuff. *Never* use the version which was built using the library you are trying to verify! b) If you don't have any a trusted version of GnuPG, you can attempt to verify the SHA1 checksum, using a trusted version of the sha1sum program: $ sha1sum libgpg-error-x.y.tar.bz2 This should yield an output _similar_ to this: 610064e5b77700f5771c8fde2691c4365e1ca100 libgpg-error-x.y.tar.bz2 Now check that this checksum is _exactly_ the same as the one published via the announcement list and probably via Usenet.