[squid-users] How to setup a secure(!) squid proxy

L.P.H. van Belle belle at bazuin.nl
Tue Jan 26 10:22:17 UTC 2016 

Hai, 

 

Ok, good is its working now, i was pulling my hair out for you ;-) 

 

This : sed -i 's/g++ (>= 4:5.2)/g++/g' libecap-1.0.1/debian/control

Is not any problem, because squid is reconfigured and recompiled with G++ 4.9. 

 

If you want a more secure set, you can change this to : 

sed -i 's/g++ (>= 4:5.2)/g++ (>= 4:4.9)/g' libecap-1.0.1/debian/control

This way its “locked”  to minimal g++ 4.9. 

 

And i cant think of any other restriction.  

Maybe Amos knows, but i dont know that. 

 

 

Greetz. 

 

 

 

 


Van: startrekfan [mailto:startrekfan75 at freenet.de] 
Verzonden: dinsdag 26 januari 2016 10:14
Aan: L.P.H. van Belle; squid-users at lists.squid-cache.org
Onderwerp: Re: [squid-users] How to setup a secure(!) squid proxy


 

Hi,

 


the script is working and I have a running squid 3.5. Thank you.


 


But I still think things like this:


 


echo "change GCC 5.2 to Jessie G++ 4.9 in libecap-1.0.1/debian/control"


sed -i 's/g++ (>= 4:5.2)/g++/g' libecap-1.0.1/debian/control


 


isn't a good practice. I'm pretty sure that the >=5.2 restriction has a purpose and is not only there to annoy admins. 

In this case every thing seems to work. But modifications like this can always lead to unforeseen situations.


 


But thank you again. It's working atm :)


 

L.P.H. van Belle <belle at bazuin.nl> schrieb am Mo., 25. Jan. 2016 um 17:14 Uhr:



Hai,

Ok, i missed few of my modifications i did, they arent big changes.
Sorry about that.

This script is tested on a clean debian jessie, with only ssh installed.
Have a look at the script.

The files with modifactions get the extention custom1 to so they wont mixup
Or messup original debian files.
Like :
libecap3_1.0.1-2-custom1_amd64.deb
libecap3-dev_1.0.1-2-custom1_amd64.deb

Files without modifactions keep the original debian name, when updateing to newer debian dist, its automatily upgraded.

And again this should work fine, i doing this already as of debian squeeze..
And Debian wheezy was running 3.4.8 for me, my jessie now is running 3.5.12.


Greetz,

Louis




________________________________________
Van: startrekfan [mailto:startrekfan75 at freenet.de]
Verzonden: vrijdag 22 januari 2016 16:15
Aan: squid-users at lists.squid-cache.org; L.P.H. van Belle
Onderwerp: Re: [squid-users] How to setup a secure(!) squid proxy

Found the problem:

The dependencies has changed: https://packages.debian.org/sid/squid (not sure why there is also a https://packages.debian.org/sid/squid3 entry)

Thats excactly the problem with unstable sources. squid3 3.5 requires libecap3 instead of libecap2 (squid3 version 3.4). I can't install libecap3 because it has further dependencies.
I also can't even compile libecap3 without installing n more dependencies.

So I have to use squid 3.4 with the unsafe sha1 furthermore. 

startrekfan <startrekfan75 at freenet.de> schrieb am Fr., 22. Jan. 2016 um 15:45 Uhr:
I tried to compile squid from sid repo. It fails, but I'm not sure why. 

When I only add the src-deb apt-get build-dep squid3 says libecap3-dev was not found and fails.(Im not sure why it`s needed. libecap3-dev is not listed in the dependencies. https://packages.debian.org/sid/squid3)

When I add deb and deb-src apt-get build-dep squid3  wants to update/install  adwaita-icon that is not compatible with gnome.

So I can't build squid 3.5 on an stable Jessie. Do you have any ideas why?
L.P.H. van Belle <belle at bazuin.nl> schrieb am Mo., 18. Jan. 2016 um
09:07 Uhr:

> Really this is an easy thing to do.
>
>
>
> Add in you sources.list.d/sid.list    ad the sid  repo.  ( only src-deb )
>
> Run apt-get update.
>
>
>
> apt-get source squid
>
> apt-get build-dep squid
>
>  make changes if needed, in debian/rules and debian/changelog IF you
> changed something.
>
>
>
> Build it
>
> apt-get source squid ?b
>
> it errors, thats ok, get the 2 or 3 extra packages, the same way, after
> installing them you can build squid again.
>
>
>
> put the debs in a repo you can access and your done.
>
> Did it here, works fine.
>
>
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160126/001bd4d0/attachment-0001.html>

More information about the squid-users mailing list