OpenBSD hgwebdir chroot setup

/!\ This page is not considered best practice.

The multiple repository CGI server is now described in the Publishing Repositories document together with other related information.

1. Introduction

I did this for my own personal internal server and as even I try to be careful that information is correct, there might be errors and I don't take any responsibilities. This information is provided AS IS.

Contents

  1. Introduction
  2. Pre-requisites
  3. Getting Mercurial
  4. Directory Structure
  5. Preparing the config
  6. Putting the right stuff in place
    1. Install the script
    2. Setting up Python
    3. Configuring apache for use with CGIs
  7. Some tips for troubleshooting
    1. Error: No such file or directory
    2. Error is something else
  8. You are done
  9. Disclaimer

2. Pre-requisites

The installed software is:

3. Getting Mercurial

Easiest way to install mercurial 1.2.1 is set the PKG_PATH to good place of packages and command 

# PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.6/packages/i386
# export PKG_PATH
# pkg_add mercurial

4. Directory Structure

I already had set up web Apache server in chrooted /var/www/ and I wanted to use that.

The repository folders were created under /var/www/htdocs/hg/repos 

# mkdir -p /var/www/htdocs/hg/repos
# chown -R www:www /var/www/htdocs/hg

and make sure the permissions are correct and command 

# chmod 755 /var/www/htdocs/hg

Please remember that your repository is now in served http tree.

5. Preparing the config

$ cat > /tmp/hgweb.config
[collections]
repos/ = repos/
^D

The configuration file installation is done with 

# sudo -u www cp /tmp/hgweb.config /var/www/htdocs/hg

6. Putting the right stuff in place

6.1. Install the script

Put the script in place. 

# sudo -u www cp /usr/local/share/mercurial/hgwebdir.cgi /var/www/htdocs/hg/
# sudo -u www chmod +x /var/www/htdocs/hg/hgwebdir.cgi

6.2. Setting up Python

As we are running apache in chrooted environment, we need to have Python also there.

Idea how to set up was stolen from: http://mail.python.org/pipermail/mailman-users/2008-April/061331.html

First we need to know what at least we need.

To populate chroot with libraries, create some folders first. 

# mkdir -p /var/www/usr/lib
# mkdir -p /var/www/usr/libexec
# mkdir -p /var/www/usr/local/bin
# mkdir -p /var/www/usr/local/lib

Then copy the libraries required by python. To know what it needs use ldd. 

$ ldd /usr/local/bin/python
/usr/local/bin/python:
        Start    End      Type Open Ref GrpRef Name
        1c000000 3c004000 exe  1    0   0      /usr/local/bin/python
        09139000 29183000 rlib 0    1   0      /usr/local/lib/libpython2.5.so.1.0
        04e7f000 24e83000 rlib 0    1   0      /usr/lib/libutil.so.11.0
        041f9000 2421f000 rlib 0    1   0      /usr/lib/libstdc++.so.47.0
        0011f000 20129000 rlib 0    1   0      /usr/lib/libm.so.5.0
        0e960000 2e969000 rlib 0    1   0      /usr/lib/libpthread.so.11.1
        0291a000 22953000 rlib 0    1   0      /usr/lib/libc.so.51.0
        099dd000 099dd000 rtld 0    1   0      /usr/libexec/ld.so

And the copying in my case was done like this. 

# cp /usr/local/lib/libpython2.5.so.1.0 /var/www/usr/local/lib/libpython2.5.so.1.0
# cp /usr/lib/libutil.so.11.0 /var/www/usr/lib/libutil.so.11.0
# cp /usr/lib/libstdc++.so.47.0 /var/www/usr/lib/libstdc++.so.47.0
# cp /usr/lib/libm.so.5.0 /var/www/usr/lib/libm.so.5.0
# cp /usr/lib/libpthread.so.11.1 /var/www/usr/lib/libpthread.so.11.1
# cp /usr/lib/libc.so.51.0 /var/www/usr/lib/libc.so.51.0
# cp /usr/libexec/ld.so /var/www/usr/libexec/ld.so

hgwebdir.cgi uses also hashlib module from python and dynamical library of python reguires some libraries. 

# ldd /usr/local/lib/python2.5/lib-dynload/_hashlib.so
/usr/local/lib/python2.5/lib-dynload/_hashlib.so:
        Start    End      Type Open Ref GrpRef Name
        06ebd000 26ec1000 dlib 1    0   0      /usr/local/lib/python2.5/lib-dynload/_hashlib.so
        05321000 2532e000 rlib 0    1   0      /usr/lib/libssl.so.15.0
        01c0a000 21c4a000 rlib 0    1   0      /usr/lib/libcrypto.so.18.0

And copy those libraries to chroot environment 

# cp /usr/lib/libssl.so.15.0 /var/www/usr/lib/libssl.so.15.0
# cp /usr/lib/libcrypto.so.18.0 /var/www/usr/lib/libcrypto.so.18.0

Make the symlink to python. 

# cd /var/www/usr/local/bin&&ln -s python2.5 python

I am not familiar with python, so all modules are copied. 

# cp -r /usr/local/lib/python2.5 /var/www/usr/local/lib/

This might be security risk by providing too many modules in chroot environment.

To get everything work you must create some more folders. 

# mkdir -p /var/www/usr/bin
# mkdir -p /var/www/sbin
# mkdir -p /var/www/var/run

And copy required tools. 

# cp /usr/bin/env /var/www/usr/bin/
# cp /sbin/ldconfig /var/www/sbin/

Update dynamical libraries with ldconfig. 

# chroot /var/www /sbin/ldconfig /usr/local/lib /usr/local/lib/python2.5/lib-dynload

Now python should work in chrooted environment. 

# chroot -u www /var/www /usr/local/bin/python
Python 2.5.4 (r254:67916, Jul  1 2009, 11:37:21)
[GCC 3.3.5 (propolice)] on openbsd4
Type "help", "copyright", "credits" or "license" for more information.
>>>

You get out out of python shell with CTRL-d.

And this I also copied from mailman mail archive as it was. 

# mkdir -p /var/www/etc/
# cp /etc/group /var/www/etc/
# cp /etc/localtime /var/www/etc/
# cp /etc/login.conf /var/www/etc/
# cp /etc/passwd /var/www/etc/
# cp /etc/pwd.db /var/www/etc/
# mkdir -p /var/www/usr/share
# cp -R /usr/share/nls /var/www/usr/share

Without at least some of those files, CGI script didn't work.

6.3. Configuring apache for use with CGIs

OpenBSD's Apache has little bit different configuration system than most Linuxes. Create file /var/www/conf/ hg.conf containing following lines: 

 ScriptAliasMatch        ^/hg(.*)        /var/www/htdocs/hg/hgwebdir.cgi$1
<Directory /var/hg>
  Options ExecCGI FollowSymLinks
  AllowOverride None
</Directory>

Check it with 

# apachectl configtest
Processing config directory: /var/www/conf/modules/*.conf
 Processing config file: /var/www/conf/modules/hg.conf
Syntax OK

Restart Apache. 

# apachectl stop
# apachectl start

and point your browser to it. http://server/hg/

If you receive internal error check /var/www/logs/error_log.

7. Some tips for troubleshooting

7.1. Error: No such file or directory

7.2. Error is something else

8. You are done

Hooray!

You have set the hgwebdir.cgi online. Now browse more and search what else you can do with Mercurial.

9. Disclaimer

Well, it works (worked) for me. Please do not hesitate to update this page to include small bits I've forgotten or just plainly am not aware of. Or done it terribly wrong. You should do also more than this if you are going to set it public Internet.

See also SharedSSH and HgWebDirStepByStep.

CategoryHowTo CategoryWeb

OpenBsdWebDirSetup (last edited 2011-05-13 15:05:57 by mpm)