Tarsnap - Compiling

System preparation

Necessary software

Before you can compile Tarsnap, you need certain programs and libraries:

A C compiler (gcc or clang), make, system header files
OpenSSL (including header files)
zlib (including header files)
Linux only: the ext2fs/ext2_fs.h header
- (which is NOT the same as the linux/ext2_fs.h header file)

On many UNIX systems all the necessary packages will already be present. We provide a few sample commands for installing the required software on systems which do not include them by default:

Debian, Ubuntu, and related Linux distributions:

sudo apt-get install gcc libc6-dev make libssl-dev zlib1g-dev e2fslibs-dev

RedHat, CentOS, SuSE, Amazon Linux, and related Linux distributions:

sudo yum install gcc make glibc-devel openssl-devel zlib-devel e2fsprogs-devel

Alpine Linux:

sudo apk add gcc libc-dev make openssl openssl-dev zlib-dev e2fsprogs-dev

macOS: in addition to the normal build toolchain (probably installed via XCode), you need the OpenSSL development library. This could be installed manually, or via a package manager:
- Homebrew:
```
brew install openssl
```
- MacPorts:
```
sudo port install openssl
```

Download verification

We recommend that everybody verify any downloaded tarballs with GnuPG.

Download the Tarsnap 2024 code signing GPG key.
Optionally, verify the key:
```
gpg --list-packets tarsnap-signing-key-2024.asc | grep signature
:signature packet: algo 1, keyid 1EF1354792C56BEA
:signature packet: algo 17, keyid 38CECA690C6A6A6E
```
The first keyid is the Tarsnap source code signing key, while the second is Colin Percival's key (0x38CECA690C6A6A6E). These keyid values should match those on a public key server search for 0x1EF1354792C56BEA.
If you are not familiar with GnuPG, we recommend PGP & GPG, a book by Michael W. Lucas (who also wrote Tarsnap Mastery).
Import the key. Older versions are signed with older keys.
```
gpg --import tarsnap-signing-key-2024.asc
```
Expected output:
```
gpg: key 1EF1354792C56BEA: public key "Tarsnap source code signing key (Tarsnap Backup Inc.) <cperciva@tarsnap.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
...
```
with some additional lines depending on your GnuPG setup.
Problem? signatures using the SHA1 algorithm are rejected
If your version of gpg is 2.2.18 or later, you may see the warning:
```
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: key 1EF1354792C56BEA: 1 bad signature
```
This arises because Colin Percival's personal key 0x38CECA690C6A6A6E was created in 2009 and uses SHA-1. He is creating a new one, but the old key has been signed by many people (see the public key server search for 0x38ceca690c6a6a6e) so it will take some time until his new key has sufficient endorsements in the "web of trust".

The code signing key itself uses SHA-256; you can check this with:
```
gpg --list-packets tarsnap-signing-key-2024.asc | grep -B2 "digest algo"
:signature packet: algo 1, keyid 1EF1354792C56BEA
	version 4, created 1696201856, md5len 0, sigclass 0x13
	digest algo 8, begin of digest d9 d4
--
:signature packet: algo 17, keyid 38CECA690C6A6A6E
	version 4, created 1696202196, md5len 0, sigclass 0x10
	digest algo 2, begin of digest 71 9b
```
The digest algo 8 for keyid 1EF1354792C56BEA indicates SHA-256, as specified in RFC 4880.

Installing or upgrading Tarsnap from source

These instructions are valid for installing or upgrading; upgrading simply overwrites the previous Tarsnap files.

1. Download the source tarball and signature

If you have not done so already, download the source tarball and signed SHA256 hash file from the Tarsnap source download page.

2. Verify the files

Verify the GPG signature on the SHA256 hash file using:

gpg --decrypt tarsnap-sigs-1.0.40.asc

Problem? This key is not certified with a trusted signature

If your version of gpg is 2.2.18 or later, you may see the warning:

gpg: Good signature from "Tarsnap source code signing key (Tarsnap Backup Inc.) <cperciva@tarsnap.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 06DC C628 8BD0 7A21 5DF8  7ACA 1EF1 3547 92C5 6BEA

This arises because Colin Percival's personal key 0x38CECA690C6A6A6E was created in 2009 and uses SHA-1. He is creating a new one, but the old key has been signed by many people (see the public key server search for 0x38ceca690c6a6a6e) so it will take some time until his new key has sufficient endorsements in the "web of trust".

The code signing key itself uses SHA-256; you can check this with:

gpg --list-packets tarsnap-signing-key-2024.asc | grep -B2 "digest algo"
:signature packet: algo 1, keyid 1EF1354792C56BEA
	version 4, created 1696201856, md5len 0, sigclass 0x13
	digest algo 8, begin of digest d9 d4
--
:signature packet: algo 17, keyid 38CECA690C6A6A6E
	version 4, created 1696202196, md5len 0, sigclass 0x10
	digest algo 2, begin of digest 71 9b

The digest algo 8 for keyid 1EF1354792C56BEA indicates SHA-256, as specified in RFC 4880.

Verify that the SHA256 hash of the tarball matches the value in the signed SHA256 hash file.
- Linux and macOS:
```
shasum -a 256 tarsnap-autoconf-1.0.40.tgz
```
- FreeBSD:
```
sha256 tarsnap-autoconf-1.0.40.tgz
```
In either case, the displayed hash should match the one you saw in the gpg --decrypt command.

3. Compile the software

Extract the file and change into that directory.

tar -xzf tarsnap-autoconf-1.0.40.tgz

cd tarsnap-autoconf-1.0.40/

Configure Tarsnap for your system.
```
./configure
```
If the configure script complains about OpenSSL, zlib, or ext2_fs.h not being present, you didn't install the right dependent packages. Make sure that you have the "development" versions (which have the header files Tarsnap needs) and not just the "library" versions.

If you installed a library to non-standard directory (such as within your $HOME directory), please read about configure and local libraries.
Compile Tarsnap.
```
make all
```
Install (or upgrade) Tarsnap.
On most systems (Linux, macOS, etc.)
```
sudo make install
```
Other systems (without sudo)
```
su
```
```
make install
```
```
exit
```

These instructions assume that:

You have root access to your system.
You want to install Tarsnap to /usr/local/bin/.

If those assumptions are incorrect, no problem! Simply call:

./configure --prefix=/MY/OTHER/DIR

make

make install

assuming you have write access to /MY/OTHER/DIR.

After installing

If you are installing for the first time, we suggest that you proceed to Getting started with Tarsnap. If you are upgrading to a new version of Tarsnap, then no further action is required.