Upgrade gpg 2.27 to 2.43 Ubuntu 22.04

Version = 22.04.5 LTS Jammy Jellyfish

When I run gpg -v --quick-set-expire E________________________6 2y
(Note: the full key is not being displayed in this message)
I get…
pgp: enabled compatibility flags:
gpg: Note: signature key E______________6 expired 2025-01-24 12:47:10
gpg: WARNING: server ‘gpg-agent’ is older than us (2.2.27 < 2.4.3)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command “gpgconf --kill all” to restart them.
(Note: gpgconf -kill all does not change the event)
gpg: signing failed: No secret key
gpg: make_keysig_packet failed: No secret key

I assume the problem is because
/usr/local/bin/gnupg --version 2.43
/usr/bin/gpg --version 2.27
are different versions and the version in /usr/bin needs to be updated to 2.43.
If this is true I have been unsuccessful in updating /usr/bin.
Can you give me any pointers on how to update the gpg version in /usr/bin ?

Thanks

1 Like

Hi! To find out what I can do, say @discobot display help.

Converted from a Private Message to a public topic in the Support and Help category.

We prefer to help folks in public.

gpg version 2.27 is appropriate for Ubuntu 22.04, does include “important security fixes,” and works properly. It shouldn’t need to be updated.

Let’s take a step back: What original problem led you to the solution of having two different versions of gpg/gnupg installed?

1 Like

Not sure what OP’s use case is. But for me they finally added tilde expansion to gpg-agent 2.4.5 pinentry-program options. This is extremely useful for users that have their dotfiles under version control and like to use them across multiple platforms (macOS and linux).

So you compiled your own gnupg but did not replace everything with it, this is indeed expected to cause failures, don’t do this…

Either uninstall what you compiled yourself from /usr/local or replace the system provided (and security maintained) version completely, not just half of it…

But note that replacing the Ubuntu provided version means you will need to maintain all security fixes yourself and re-build your self-compiled version every time someone reports a new CVE upstream (so you should monitor upstream very closely all the time, like the Ubuntu security team does)

And indeed with your self compiled version you are on your own if it comes to support questions…

1 Like

This topic was automatically closed after 29 days. New replies are no longer allowed.