cURL with SFTP support on Ubuntu

For reasons totally beyond my comprehension, Ubuntu repositories contain a special version of libcurl4 compiled without sftp protocol support. This is not the case for Ubuntu’s parent distribution, Debian, but it is difficult to install the Debian version on Ubuntu because of versioning scheme incompatibilities.

Unfortunately the simplest fix that withstands package manager upgrades is pretty annoying… you have to recompile all the .deb files for curl and libcurl4 yourself. Start by going to a directory where you are okay with a ton of files getting dumped, then run:

sudo apt install build-essential debhelper libssh2-1-dev libssl-dev
sudo apt build-dep curl
apt source curl

A directory should have been created in the current working directory with a name similar to curl-x.xx.x (where x.xx.x is the same version of curl the package manager provides), enter it and edit the file debian/rules to change –without-libssh2 to –with-libssh2. Then run:

dpkg-buildpackage
cd ..
sudo dpkg -i libcurl4_x.xx.x-xubuntu2_arch.deb
sudo dpkg -i <other .deb files created by the previous command; those ending in -dev are optional>
sudo apt-mark hold libcurl4
sudo apt-mark hold curl

Essentially dpkg-buildpackage runs ./configure and make, then runs 3000+ tests and builds multiple .deb packages from the curl source (depending on your processor this could take 10 minutes to two hours). It puts the packages (among other things) in the directory above the one you are in when you run it (hence the cd .. and the warning to do this in a clean directory). Once the packages have been installed you may delete all the files created by this process, including the .deb packages and the curl-x.xx.x directory.

Note: The last line prevents apt from overwriting your custom curl version, effectively freezing the packages at the versions you just installed. Eventually, these freezes could become an issue if newer versions of other packages depend on newer versions of libcurl4 than the one frozen in place. If this occurs, you must manually run most of the above commands again to build and install the package again. This is one situation where Gentoo users have a definite leg up.

Note 2: This build process has the strange side effect of removing NPM if you installed it via apt (on my system libssl-dev conflicted with libssl1.0-dev node-gyp nodejs-dev npm). You can reinstall it after building and installing the curl packages, but as far as I know there is no way to avoid this entirely.