This section explains how and where to get the gpoll program, and the steps to take before installation, including downloading, verifying, and unpacking.
gpoll should be downloaded only from this web page:
http://www.gtsm.com/gpoll.html
Each version of gpoll comes with two files: a bzipped tar file, which contains the program itself, and a signature file, which contains the digital signature of the first file. Download both files, making sure you have the latest version (the files gpoll.tar.bz2 and gpoll.tar.bz2.asc are symlinks to the latest version and can always be safely used).
Once you have downloaded the two files, you should perform the verification. This ensures that the version you have was written by me, and that nobody has tampered with it. You will need the Gnu Privacy Guard program (GPG) to do the verifying: chances are good that it is already installed, but use the above link to make sure you are using the latest version: as of this writing, the version is 1.0.7. Use this command to find out what version you are running:
gpg --version
You will also need a copy of my key. You can find it on www.biglumber.com, or on a keyserver by looking for the key id of 14964AC8. You can also import it directly into your keyring with this command:
gpg --keyserver pgp.mit.edu --recv-key 0x14964AC8
Using gpg, you can then verify the gpoll package with the following command, where gpoll.tar.bz2.asc is the signed file:
gpg --verify gpoll.tar.bz2.asc gpoll.tar.bz2
You can also get away with simply doing this:
gpg gpoll.tar.bz2.asc
In either case, you will see a lot of output. The important thing to look for is the second line, which will either say "Good signature" or "Bad signature" on it. If it says you have a bad signature, please do not use the program until you have figured out why this is. If you get really stuck, feel free to email me.
You will probably also see some words similar to this:
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
This simply means that GPG has no way of knowing if that key truly belongs to me. Developing a web of trust and establishing trust in GPG is beyond the scope of this help file. For more information, see the GnuPG Keysigning Party HOWTO. and the GnuPG home page.
The final step is to decompress the the file and put the files in the proper locations. You may be able to decompress and untar the file in a single command:
tar -I -xvf gpoll.tar.bz2
If that does not work, you may need to do it like this:
bzip -dc gpoll.tar.bz2 | tar -cf -
Either way will create a gpoll directory, which contains all the files that you need. Change into that directory, and take a look at the files there. First, decide where you want the help files to go. These files are linked to from within the gpolladmin program, so they must go into a directory that can be accessed by your web browser. A good place (and the default) is to put them in the "Pics" directory in the root directory your web server uses. This directory may need to be created. If you choose not to put them there, make sure you change the settings inside of the gpolladmin script (this will be covered in detail later on).
You will also see two scripts named gpoll and gpolladmin. These are the main scripts for the program, and need to be moved to a directory that the web server uses to run scripts, typically the cgi-bin directory. This can wait until the next step, the installation.
The other files inside the gpoll directory are explained below:
You are now ready to begin the actual installation of gpoll.