OpenBSD hgwebdir chroot setup
This page is not considered best practice.
The multiple repository CGI server is now described in the Publishing Repositories document together with other related information.
1. Introduction
I did this for my own personal internal server and as even I try to be careful that information is correct, there might be errors and I don't take any responsibilities. This information is provided AS IS.
Contents
2. Pre-requisites
The installed software is:
- A webserver that can run CGI scripts such as apache 1.3.29 from OpenBSD packages
- Python:
- 4.6 has Python 2.5 in packages collection.
- sudo
3. Getting Mercurial
Easiest way to install mercurial 1.2.1 is set the PKG_PATH to good place of packages and command
# PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386 # export PKG_PATH # pkg_add mercurial
4. Directory Structure
I already had set up web Apache server in chrooted /var/www/ and I wanted to use that.
The repository folders were created under /var/www/htdocs/hg/repos
# mkdir -p /var/www/htdocs/hg/repos # chown -R www:www /var/www/htdocs/hg
and make sure the permissions are correct and command
# chmod 755 /var/www/htdocs/hg
Please remember that your repository is now in served http tree.
5. Preparing the config
$ cat > /tmp/hgweb.config [collections] repos/ = repos/ ^D
The configuration file installation is done with
# sudo -u www cp /tmp/hgweb.config /var/www/htdocs/hg
6. Putting the right stuff in place
6.1. Install the script
Put the script in place.
# sudo -u www cp /usr/local/share/mercurial/hgwebdir.cgi /var/www/htdocs/hg/ # sudo -u www chmod +x /var/www/htdocs/hg/hgwebdir.cgi
6.2. Setting up Python
As we are running apache in chrooted environment, we need to have Python also there.
Idea how to set up was stolen from: http://mail.python.org/pipermail/mailman-users/2008-April/061331.html
First we need to know what at least we need.
To populate chroot with libraries, create some folders first.
# mkdir -p /var/www/usr/lib # mkdir -p /var/www/usr/libexec # mkdir -p /var/www/usr/local/bin # mkdir -p /var/www/usr/local/lib
Then copy the libraries required by python. To know what it needs use ldd.
$ ldd /usr/local/bin/python /usr/local/bin/python: Start End Type Open Ref GrpRef Name 1c000000 3c004000 exe 1 0 0 /usr/local/bin/python 09139000 29183000 rlib 0 1 0 /usr/local/lib/libpython2.5.so.1.0 04e7f000 24e83000 rlib 0 1 0 /usr/lib/libutil.so.11.0 041f9000 2421f000 rlib 0 1 0 /usr/lib/libstdc++.so.47.0 0011f000 20129000 rlib 0 1 0 /usr/lib/libm.so.5.0 0e960000 2e969000 rlib 0 1 0 /usr/lib/libpthread.so.11.1 0291a000 22953000 rlib 0 1 0 /usr/lib/libc.so.51.0 099dd000 099dd000 rtld 0 1 0 /usr/libexec/ld.so
And the copying in my case was done like this.
# cp /usr/local/lib/libpython2.5.so.1.0 /var/www/usr/local/lib/libpython2.5.so.1.0 # cp /usr/lib/libutil.so.11.0 /var/www/usr/lib/libutil.so.11.0 # cp /usr/lib/libstdc++.so.47.0 /var/www/usr/lib/libstdc++.so.47.0 # cp /usr/lib/libm.so.5.0 /var/www/usr/lib/libm.so.5.0 # cp /usr/lib/libpthread.so.11.1 /var/www/usr/lib/libpthread.so.11.1 # cp /usr/lib/libc.so.51.0 /var/www/usr/lib/libc.so.51.0 # cp /usr/libexec/ld.so /var/www/usr/libexec/ld.so
hgwebdir.cgi uses also hashlib module from python and dynamical library of python reguires some libraries.
# ldd /usr/local/lib/python2.5/lib-dynload/_hashlib.so /usr/local/lib/python2.5/lib-dynload/_hashlib.so: Start End Type Open Ref GrpRef Name 06ebd000 26ec1000 dlib 1 0 0 /usr/local/lib/python2.5/lib-dynload/_hashlib.so 05321000 2532e000 rlib 0 1 0 /usr/lib/libssl.so.15.0 01c0a000 21c4a000 rlib 0 1 0 /usr/lib/libcrypto.so.18.0
And copy those libraries to chroot environment
# cp /usr/lib/libssl.so.15.0 /var/www/usr/lib/libssl.so.15.0 # cp /usr/lib/libcrypto.so.18.0 /var/www/usr/lib/libcrypto.so.18.0
Make the symlink to python.
# cd /var/www/usr/local/bin&&ln -s python2.5 python
I am not familiar with python, so all modules are copied.
# cp -r /usr/local/lib/python2.5 /var/www/usr/local/lib/
This might be security risk by providing too many modules in chroot environment.
To get everything work you must create some more folders.
# mkdir -p /var/www/usr/bin # mkdir -p /var/www/sbin # mkdir -p /var/www/var/run
And copy required tools.
# cp /usr/bin/env /var/www/usr/bin/ # cp /sbin/ldconfig /var/www/sbin/
Update dynamical libraries with ldconfig.
# chroot /var/www /sbin/ldconfig /usr/local/lib /usr/local/lib/python2.5/lib-dynload
Now python should work in chrooted environment.
# chroot -u www /var/www /usr/local/bin/python Python 2.5.4 (r254:67916, Jul 1 2009, 11:37:21) [GCC 3.3.5 (propolice)] on openbsd4 Type "help", "copyright", "credits" or "license" for more information. >>>
You get out out of python shell with CTRL-d.
And this I also copied from mailman mail archive as it was.
# mkdir -p /var/www/etc/ # cp /etc/group /var/www/etc/ # cp /etc/localtime /var/www/etc/ # cp /etc/login.conf /var/www/etc/ # cp /etc/passwd /var/www/etc/ # cp /etc/pwd.db /var/www/etc/ # mkdir -p /var/www/usr/share # cp -R /usr/share/nls /var/www/usr/share
Without at least some of those files, CGI script didn't work.
6.3. Configuring apache for use with CGIs
OpenBSD's Apache has little bit different configuration system than most Linuxes. Create file /var/www/conf/ hg.conf containing following lines:
ScriptAliasMatch ^/hg(.*) /var/www/htdocs/hg/hgwebdir.cgi$1 <Directory /var/hg> Options ExecCGI FollowSymLinks AllowOverride None </Directory>
Check it with
# apachectl configtest Processing config directory: /var/www/conf/modules/*.conf Processing config file: /var/www/conf/modules/hg.conf Syntax OK
Restart Apache.
# apachectl stop # apachectl start
and point your browser to it. http://server/hg/
If you receive internal error check /var/www/logs/error_log.
7. Some tips for troubleshooting
7.1. Error: No such file or directory
- Is the path name correct in /var/www/conf/modules/hg.conf
- Did you symlinked python
- Did you copied /usr/bin/env?
- Did you run succesfully ldconfig in chroot? /var/www/var/run/ is needed for this.
7.2. Error is something else
- Did you copied the /etc files?
- Did you copied python modules?
8. You are done
Hooray!
You have set the hgwebdir.cgi online. Now browse more and search what else you can do with Mercurial.
9. Disclaimer
Well, it works (worked) for me. Please do not hesitate to update this page to include small bits I've forgotten or just plainly am not aware of. Or done it terribly wrong. You should do also more than this if you are going to set it public Internet.
See also SharedSSH and HgWebDirStepByStep.