Build Squid with –enable-ssl on Debian

If you need an SSL-proxy connection via squid on Debian/Linux you need to recompile the squid-2.7 package with –enable-ssl option.

Here a short step by step  tutorial how to rebuild a squid .deb package with –enable-ssl option.

Enable source repository on your buildmachine. To describe it in words what we will do is downloading the source packages where the original package of squid in the Debian distribution is build from and rebuild this sources with the activated ssl option to get an self build .deb file which you can install on your Debian machine. This procedure works for the most Debian packages the same way not just for squid.

edit: /etc/apt/sources.list

for example add:

deb-src http://ftp.de.debian.org/debian lenny main contrib non-free
deb-src http://backports.debian.org/debian-backports lenny-backports main contrib non-free
deb-src http://volatile.debian.org/debian-volatile/ lenny/volatile main contrib non-free

change directory to /usr/src:

cd /usr/src

download squid sources:

apt-get source squid

download squid build dependencies:

apt-get build-dep squid

download sources for openssh:

 

apt-get build-dep openssh

download sources for openssl:

apt-get build-dep openssl

download and install necessary stuff for build process:

 

apt-get install devscripts build-essential fakeroot

change directory:

cd squid-<version>

edit the build rules and add the –enable-ssl option to the configure section:

vim debian/rules

configure the new options (don’t do a make or make install !!!) :

./configure

compile and build package:

debuild -us -uc -b

20 thoughts on “Build Squid with –enable-ssl on Debian

  1. Bill

    Tried this, step-by-step, and it failed.
    However, I substituted squid with squid3.
    Every ran without errors until the debuild:
    root@w-prd04:/usr/src/squid3-3.1.6# debuild -us -uc -b
    dpkg-buildpackage -rfakeroot -D -us -uc -b
    dpkg-buildpackage: warning: using a gain-root-command while being root
    dpkg-buildpackage: export CFLAGS from dpkg-buildflags (origin: vendor): -g -O2
    dpkg-buildpackage: export CPPFLAGS from dpkg-buildflags (origin: vendor):
    dpkg-buildpackage: export CXXFLAGS from dpkg-buildflags (origin: vendor): -g -O2
    dpkg-buildpackage: export FFLAGS from dpkg-buildflags (origin: vendor): -g -O2
    dpkg-buildpackage: export LDFLAGS from dpkg-buildflags (origin: vendor):
    dpkg-buildpackage: source package squid3
    dpkg-buildpackage: source version 3.1.6-1.2
    dpkg-buildpackage: source changed by Ben Hutchings
    dpkg-source –before-build squid3-3.1.6
    dpkg-buildpackage: host architecture amd64
    fakeroot debian/rules clean
    /usr/share/cdbs/1/rules/dpatch.mk:33: WARNING: dpatch.mk is deprecated – please use source format 3.0 (quilt) instead
    debian/rules:41: *** commands commence before first target. Stop.
    dpkg-buildpackage: error: fakeroot debian/rules clean gave error exit status 2
    debuild: fatal error at line 1325:
    dpkg-buildpackage -rfakeroot -D -us -uc -b failed

    Reply
    1. Phil

      I haven’t seen a reply to this in a while,

      I had the same problem and then realized I had left out the trailing ” \” after the previous option flag. Once I added this it fixed the issue.

      Reply
  2. Bill

    Hi,

    One important step was missed out: You forgot to mention that this procedure will build the .deb packages in /usr/src!

    Of course, not knowing this, I ran a ‘make install’ afterwards (from the INSTALL text file in the distribution), and sprayed random files across the Debian box.

    Now I have to carefully remove all this mess, and then hope that I can install the debs, without the missed files I have to remove tripping it up.

    Really messy results.

    Please update your page to note this important part, otherwise many others will end up in the same mess.

    Apart from this, the guide is really good.

    Best regards,
    B

    Reply
    1. Banym Post author

      Hi Bill,

      thanks for the hint. I added some more information.
      In this case you should be familiar with the build process of debian packages or follow exactly the tutorial. The make install did what it was made for, it installed all the mess in your system .. but not the proper Debian style I think. Most of the stuff should be located under /usr/local but I am not sure about that. I hope you get your system clean and working again.

      Regards,

      Dominik

      Reply
  3. Alex

    Hi Banym,

    Thank you for this info.

    I am trying with Squid3 but on debuild I get the following:

    debian/rules: line 1: deb-src: command not found
    debian/rules: line 3: include: command not found
    debian/rules: line 4: include: command not found
    debian/rules: line 5: include: command not found
    debian/rules: line 7: CURDIR: command not found

    Thanks again.

    Regards,

    AlexG

    Reply
  4. Alex

    Hi,
    I was able to resolve my debian/rules issue above by making the file executable:

    chmod 755 debian/rules

    I also had to install the libssl-dev package first to fix the CTX error reported by debuild.

    Thanks.

    AlexG

    Reply
    1. Banym Post author

      Thanks for sharing. I will include it in my tutorial for squid 3 as soon as possible.

      Regards,

      Dominik

      Reply
  5. Kay

    Hi Banym,
    I followed your instructions to the letter. Everything was fine until I reached debuild.

    FYI – I’m currently working on Debian Squeeze ( 6.0.2 )

    $ sudo debuild -us -uc -b
    Output –
    [..]
    dpkg-gencontrol -isp -psquid
    dpkg –build debian/tmp ..
    dpkg-deb: building package `squid’ in `../squid_2.7.STABLE9-2.1_amd64.deb’.
    rm -f debian/substvars
    rm -rf debian/tmp
    dpkg-genchanges -b >../squid_2.7.STABLE9-2.1_amd64.changes
    dpkg-genchanges: binary-only upload – not including any source code
    dpkg-source –after-build squid-2.7.STABLE9
    dpkg-buildpackage: binary only upload (no source included)
    Now running lintian…
    warning: lintian’s authors do not recommend running it with root privileges!
    E: squid: possible-gpl-code-linked-with-openssl
    N: 6 tags overridden (6 warnings)
    Finished running lintian.

    The file ../squid_2.7.STABLE9-2.1_amd64.deb is not created because of the error, “E: squid: possible-gpl-code-linked-with-openssl”.

    I’ve even tried ‘checkinstall’, but it failed too.
    $ sudo checkinstall
    log file output –
    (Reading database … 54269 files and directories currently installed.)
    Unpacking squid (from …/squid_2.7.STABLE9-1_amd64.deb) …
    dpkg: error processing /usr/src/squid-2.7.STABLE9/squid_2.7.STABLE9-1_amd64.deb (–install):
    unable to create `/etc/squid/mime.conf.default.dpkg-new’ (while processing `./etc/squid/mime.conf.default’): No such file or directory
    dpkg-deb: subprocess paste killed by signal (Broken pipe)
    Errors were encountered while processing:
    /usr/src/squid-2.7.STABLE9/squid_2.7.STABLE9-1_amd64.deb

    Where have I gone wrong?

    Reply
  6. Joachim Otahal

    You should include for the newbies who never recomplled a debian package the debian way:

    ———-
    Normal compile ending:

    dpkg-buildpackage: binary only upload (no source included)
    Now running lintian…
    warning: lintian’s authors do not recommend running it with root privileges!
    E: squid: possible-gpl-code-linked-with-openssl
    N: 6 tags overridden (6 warnings)
    Finished running lintian.

    .deb package is in /usr/src, so cd /usr/src

    then:

    dpkg -i squid_2.7.STABLE9-2.1_amd64.deb squid-common_2.7.STABLE9-2.1_all.deb

    Something for this posting form captcha: When klicking the captcha box the cursor jumps back to “Website”, I had to click and hold the mouse while typing the captcha

    Reply
  7. Kay

    Hi,

    I figured it out. I ran debuild as non root user, and this time it worked ( even with those errors from lintian ) –

    I had to get the sources from non root user.
    $ apt-get sources squid3

    for Squid3, the following deb files were generated –
    squid3_3.1.6-1.2+squeeze1_i386.deb
    squid3-common_3.1.6-1.2+squeeze1_all.deb
    squid3-dbg_3.1.6-1.2+squeeze1_i386.deb
    squid-cgi_3.1.6-1.2+squeeze1_i386.deb
    squidclient_3.1.6-1.2+squeeze1_i386.deb

    And for Squid, the following deb files were generated –
    squid_2.7.STABLE9-4_i386.deb
    squid-common_2.7.STABLE9-4_all.deb

    Reply
  8. cantek

    Are openssh sources necessary?
    On problem with OpenSSL MD5 headers (error during compilation: “Cannot find OpenSSL MD5 headers”) one should install ssl headers:
    apt-get install libssl-dev
    (on Debian 6.0 Squeeze)

    Reply
  9. pric

    Also received build failures similar to Bill at top:

    dpkg-buildpackage: error: fakeroot debian/rules clean gave error exit status 2
    debuild: fatal error at line 1325:

    My issue was also with the compilation on Debian – and was related to my syntax in the debian/rules file

    Ultimately – I placed the –enable-ssl file towards the bottom of the options and did not escape the last entry with “\” char before enable-ssl

    Moved enable-ssl towards the top of options and added “\” after to solve.

    I also used “–enable-ssl-crtd \”

    For the dynamic cert gen

    Reply
  10. Pingback: 飘雪的博客 » debian 6 编译squid 3增加ssl支持

  11. Failed

    Sorry… wrong post.
    Works on wheezy but without –enable-ssl-crtd

    It seems wheezy doesn’t support exclusive-access file locking yet?

    Reply
  12. Davide Mirtillo

    Whoever’s trying to enable ssl and the dynamic certificate generation, there is a bug on the squid sources in the debian repo.

    To fix the dpkg-source errors during the compilation, try opening the file:
    src/ssl/certificate_db.cc

    and add:

    #include

    It compiled successfully for me, after that

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *