Build Failure with --enable-ssl-crtd flag

This is on 16.04 Xenial.

Status changed to 'Confirmed' because the bug affects multiple users.

Thank you for taking the time to file a bug report.

Since it seems likely to me that this is a local configuration problem, specific to a package recompilation issue, rather than a bug in Ubuntu, I am marking this bug as 'Invalid'.

However, if you believe that this is really a bug in Ubuntu, then we would be grateful if you would provide a more complete description of the problem with steps to reproduce, explain why you believe this is a bug in Ubuntu rather than a problem specific to your system, and then change the bug status back to "New".

For local configuration issues, you can find assistance here: http://www.ubuntu.com/support/community

I am attempting to rebuild the package with no modification apart from a change to the configuration options in debian/rules before recompiling.

apt source -y squid
cd squid* && sed -i 's/--with-large-files/--with-large-files --with-openssl --enable-ssl-crtd/g' debian/rules
debuild -b -uc -us -j$(nproc)

This used to work until the squid3_3.5.12-1ubuntu7.12 update without any modifications to the method of rebuilding.

This is occurring on two 16.04 machines, one of which was a fresh install.

Thanks

Alright, you can fix it by doing:

edit src/ssl/certificate_db.h and change

#define Here __FILE__, __LINE__

to

#ifndef Here
#define Here __FILE__, __LINE__
#endif

and that will fix your issue.

But, please, do notice that this bug is unsupported by Ubuntu and this bug is indeed invalid.

"no modification" is "not changing package configure options" and that is why we didn't catch this issue after the security fixes were applied: because we don't build with those options (including crypto) so we never faced a FTBFS after applying the patches.

I can't move on with a "SRU" (Stable Release Update) for a FTBFS in a configure option we don't use to generate our binary packages, I hope you understand. Just wanted to clarify this for further needs. Best place to discuss those issues could be Ubuntu User mailing list, or even to query someone at Ubuntu Devel mailing list.

For the record, after the fix:

$ ldd ./debian/squid/usr/sbin/squid3 | grep ssl
 libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f5b37dd0000)

Have a good one ;)

For anyone else who hits this in the future, the above patch works but only by accident. A temporary patch until this is patched by upstream is below.
---
 src/ssl/certificate_db.cc | 6 +++---
 src/ssl/certificate_db.h | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/ssl/certificate_db.cc b/src/ssl/certificate_db.cc
index 67e0ecc..5be089d 100644
--- a/src/ssl/certificate_db.cc
+++ b/src/ssl/certificate_db.cc
@@ -264,13 +264,13 @@ Ssl::CertificateDb::CertificateDb(std::string const & aDb_path, size_t aMax_db_s
 }

 bool Ssl::CertificateDb::find(std::string const & host_name, Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey) {
- const Locker locker(dbLock, Here);
+ const Locker locker(dbLock, Here_db);
     load();
     return pure_find(host_name, cert, pkey);
 }

 bool Ssl::CertificateDb::purgeCert(std::string const & key) {
- const Locker locker(dbLock, Here);
+ const Locker locker(dbLock, Here_db);
     load();
     if (!db)
         return false;
@@ -283,7 +283,7 @@ bool Ssl::CertificateDb::purgeCert(std::string const & key) {
 }

 bool Ssl::CertificateDb::addCertAndPrivateKey(Ssl::X509_Pointer & cert, Ssl::EVP_PKEY_Pointer & pkey, std::string const & useName) {
- const Locker locker(dbLock, Here);
+ const Locker locker(dbLock, Here_db);
     load();
     if (!db || !cert || !pkey)
         return false;
diff --git a/src/ssl/certificate_db.h b/src/ssl/certificate_db.h
index d9793df..bae44d2 100644
--- a/src/ssl/certificate_db.h
+++ b/src/ssl/certificate_db.h
@@ -53,7 +53,7 @@ private:
 };

 /// convenience macro to pass source code location to Locker and others
-#define Here __FILE__, __LINE__
+#define Here_db __FILE__, __LINE__

 /**
  * Database class for storing SSL certificates and their private keys.
--
2.17.1