# Compiling e2guardian with ssl support



## Jose Torres (Jul 9, 2016)

I have being searching for compilation procedure for applications from source, but could not find one that I could understand.

I want to compile www/e2guardian for FreeBSD with SSL support enabled.

First I want to compile it with the default options but I fail from  the start. Latter I will add/change configure options as needed for SSL support.

The instructions on e2guardian page says:

You need the standard development tools installed such as glibc, autoconf, automake, gcc, libadns1-dev and make

I could install autoconf, automake, gcc successfully, but glibc, libadns1-dev and make are not found on FreeBSD ports.  From other threads I saw that gmake replaces make in FreeBSD so I installed it.  But it remains two items that I don't know what to replace them with.

I tried running the ./configure without those but it failed with a syntax error.  I open configure.log and found that it is failing on many header files, so it needs the missing items.


----------



## Murph (Jul 9, 2016)

Why are you not just using the www/e2guardian port?  In theory, it should take care of all of the above for you.  `make -C /usr/ports/www/e2guardian showconfig` tells me that the port does have a SSL option.

Manual build and installation is somewhat discouraged on FreeBSD, unless there is a good reason for it, as the ports(7) system does all that for you in a more repeatable fashion.  See also pkg(8), https://www.freebsd.org/ports/, and Chapter 4. Installing Applications: Packages and Ports in the handbook

N.B. deep content filtering of SSL traffic in the middle of the network invalidates the security offered by SSL.  It will be correctly identified as a "man in the middle" attack by good SSL clients.


----------



## Jose Torres (Jul 12, 2016)

When I executed the showconfig, I received in the output that the e2g version there is 3.0.4_1 which is really old version.  Also the SSL protocol support is off.  The MITM option is not even shown, probably because the old version does not have it, it must be 3.1 over.

I want to test MITM to see how it works.  If I consider it OK may use it or not but I need to see it to judge.

Besides I will like to learn how to compile from source.


----------



## SirDice (Jul 12, 2016)

Jose Torres said:


> I received in the output that the e2g version there is 3.0.4_1 which is really old version.


Update your ports tree, the port's version is currently at 3.4.0.3.


----------



## Murph (Jul 12, 2016)

The www/e2guardian port is currently on 3.4.0.3, the latest release published by the official site.  You may need to update your ports tree.

Yes, `make showconfig` will show SSL=off by default, but you just do a `make config` and turn it on.  I suspect, but don't know, that SSL may be disabled by default due to it fundamentally being a bad thing for security to let this port anywhere near SSL traffic.  Many modern browsers will block all HTTPS when forced through any form of content filter, rendering HSTS-enabled sites (e.g. English Wikipedia, all banks/financial sites (hopefully), and any site where security is highly important) unviewable.  Fundamentally, content filtering and SSL are incompatible by design (and that is a good thing).

Using the port is compiling from source.  It is just automated to take the pain out of it.


----------



## Jose Torres (Jul 12, 2016)

On a thread I posted on e2guardian forums I was suggested to perform:

-----------

```
# portsnap fetch extract update && cd /usr/ports/www/e2guardian
# make config
```
At this stage you need to check SSL to build e2g with SSL support or check other build options you need.

`# make install clean`
-----------

So I will try it.  It includes the update of the ports tree.

Once I do this will go back to continue the thread


----------



## Jose Torres (Jul 13, 2016)

After performing the suggested procedure the application got install in the compilation system.  

Now how do I create a package for personal use in other FreeBSD computer with the new binaries?


----------



## Murph (Jul 13, 2016)

Jose Torres said:


> After performing the suggested procedure the application got install in the compilation system.
> 
> Now how do I create a package for personal use in other FreeBSD computer with the new binaries?


`make package` or `make package-recursive` or various tools such as ports-mgmt/poudriere.  See ports(7), and the handbook link posted above.  Alternatively, NFS mount the ports directory from the build machine to other machines and just `make install` on them after building.


----------



## Jose Torres (Jul 13, 2016)

Looking for the make package terms, I got
https://www.freebsd.org/doc/en/articles/linux-users/software.html

There it says:
--------------------------
FreeBSD provides two methods for installing applications: binary packages and compiled ports. Each method has its own benefits:

Binary Packages

Faster installation as compared to compiling large applications.
Does not require an understanding of how to compile software.
No need to install a compiler.
Ports

Ability to customize installation options.
Custom patches can be applied.
-------------------------

I need to make a Binary Package as the client FreeBSD will not have compilation tools.  
Is make package suitable for this?  Can you  provide a link for a tutorial for dummies?

Looking into poudriere I found this too complex, do you have a link with a tutorial for dummies?
Will poudriere be better suitable for getting Binary Package?

The NFS mount seems the easiest but the client may not be capable to do this approach.

By the way the client is a pfsense device/computer.


----------



## SirDice (Jul 14, 2016)

Jose Torres said:


> Looking into poudriere I found this too complex, do you have a link with a tutorial for dummies?


You do know there's a search option on the forum?

https://forums.freebsd.org/threads/38859/



> Will poudriere be better suitable for getting Binary Package?


It will give you a complete repository to use. 



> By the way the client is a pfsense device/computer.


Packages built for FreeBSD may or may not work on pfSense. pfSense is highly customized. Obligatory link: PC-BSD, FreeNAS, NAS4Free, and all other FreeBSD Derivatives


----------



## kpa (Jul 14, 2016)

If Poudriere is a bit too complex for you there is Synth that doesn't require that much initial set up to get going.

You won't be able to use FreeBSD's ports/packages directly on the latest pfSense, they have their own defaults that differ quite a bit from the FreeBSD defaults. I do know that they use poudriere for building their packages so you'll have to first figure out what those defaults are and then you can build your own pfSense packages.


----------

