Fossil SCM
Amend OpenBSD httpd Fossil server instructions to use the mount_mfs -P option to automatically populate the chroot /dev tree as suggested by anon on the forum.
Commit
4b240ec31ebdeb1919de3feeeb622dd172d92483fdd1d6271fe7feb4bebde353
Parent
84f697e570a8043…
1 file changed
+11
-22
+11
-22
| --- www/server/openbsd/fastcgi.md | ||
| +++ www/server/openbsd/fastcgi.md | ||
| @@ -66,20 +66,24 @@ | ||
| 66 | 66 | ## <a name="chroot"></a>Setup chroot |
| 67 | 67 | |
| 68 | 68 | Fossil needs both `/dev/random` and `/dev/null`, which aren't accessible |
| 69 | 69 | from within the chroot, so need to be constructed; `/var`, however, is |
| 70 | 70 | mounted with the `nodev` option. Rather than removing this default |
| 71 | -setting, create a small memory filesystem with [`mount_mfs(8)`][mfs] | |
| 72 | -upon which `/var/www/dev` will be mounted so that the `random` and | |
| 73 | -`null` device files can be created. | |
| 71 | +setting, create a small memory filesystem and then mount it on to | |
| 72 | +`/var/www/dev` with [`mount_mfs(8)`][mfs] so that the `random` and | |
| 73 | +`null` device files can be created. In order to avoid neccessitating a | |
| 74 | +startup script to recreate the device files at boot, create a template | |
| 75 | +of the needed ``/dev`` tree to automatically populate the memory | |
| 76 | +filesystem. | |
| 74 | 77 | |
| 75 | 78 | ```console |
| 76 | 79 | $ doas mkdir /var/www/dev |
| 77 | - $ doas mount_mfs -s 1M /dev/sd0b /var/www/dev | |
| 78 | - $ doas cd /var/www/dev | |
| 80 | + $ doas install -d -g daemon /template/dev | |
| 81 | + $ cd /template/dev | |
| 79 | 82 | $ doas /dev/MAKEDEV urandom |
| 80 | 83 | $ doas mknod -m 666 null c 2 2 |
| 84 | + $ doas mount_mfs -s 1M -P /template/dev /dev/sd0b /var/www/dev | |
| 81 | 85 | $ ls -l |
| 82 | 86 | total 0 |
| 83 | 87 | crw-rw-rw- 1 root daemon 2, 2 Jun 20 08:56 null |
| 84 | 88 | lrwxr-xr-x 1 root daemon 7 Jun 18 06:30 random@ -> urandom |
| 85 | 89 | crw-r--r-- 1 root wheel 45, 0 Jun 18 06:30 urandom |
| @@ -90,27 +94,12 @@ | ||
| 90 | 94 | To make the mountable memory filesystem permanent, open `/etc/fstab` as |
| 91 | 95 | a privileged user and add the following line to automate creation of the |
| 92 | 96 | filesystem at startup: |
| 93 | 97 | |
| 94 | 98 | ```console |
| 95 | - swap /var/www/dev mfs rw,-s=1048576 0 0 | |
| 96 | -``` | |
| 97 | - | |
| 98 | -Then add the following to [`/etc/rc.local(8)`][rc.local] to automate | |
| 99 | -creation of the `random` and `null` device files. | |
| 100 | - | |
| 101 | -``` | |
| 102 | - echo -n "[!] create device nodes: /var/www/dev/{urandom,null}" | |
| 103 | - cwd=$(pwd) | |
| 104 | - cd /var/www/dev | |
| 105 | - /dev/MAKEDEV urandom | |
| 106 | - mknod -m 666 null c 2 2 | |
| 107 | - cd $cwd | |
| 108 | - echo "." | |
| 109 | -``` | |
| 110 | - | |
| 111 | -[rc.local]: https://man.openbsd.org/rc.conf.local.8 | |
| 99 | + swap /var/www/dev mfs rw,-s=1048576,-P=/template/dev 0 0 | |
| 100 | +``` | |
| 112 | 101 | |
| 113 | 102 | The same user that executes the fossil binary must have writable access |
| 114 | 103 | to the repository directory that resides within the chroot; on OpenBSD |
| 115 | 104 | this is `www`. In addition, grant repository directory ownership to the |
| 116 | 105 | user who will push to, pull from, and create repositories. |
| 117 | 106 |
| --- www/server/openbsd/fastcgi.md | |
| +++ www/server/openbsd/fastcgi.md | |
| @@ -66,20 +66,24 @@ | |
| 66 | ## <a name="chroot"></a>Setup chroot |
| 67 | |
| 68 | Fossil needs both `/dev/random` and `/dev/null`, which aren't accessible |
| 69 | from within the chroot, so need to be constructed; `/var`, however, is |
| 70 | mounted with the `nodev` option. Rather than removing this default |
| 71 | setting, create a small memory filesystem with [`mount_mfs(8)`][mfs] |
| 72 | upon which `/var/www/dev` will be mounted so that the `random` and |
| 73 | `null` device files can be created. |
| 74 | |
| 75 | ```console |
| 76 | $ doas mkdir /var/www/dev |
| 77 | $ doas mount_mfs -s 1M /dev/sd0b /var/www/dev |
| 78 | $ doas cd /var/www/dev |
| 79 | $ doas /dev/MAKEDEV urandom |
| 80 | $ doas mknod -m 666 null c 2 2 |
| 81 | $ ls -l |
| 82 | total 0 |
| 83 | crw-rw-rw- 1 root daemon 2, 2 Jun 20 08:56 null |
| 84 | lrwxr-xr-x 1 root daemon 7 Jun 18 06:30 random@ -> urandom |
| 85 | crw-r--r-- 1 root wheel 45, 0 Jun 18 06:30 urandom |
| @@ -90,27 +94,12 @@ | |
| 90 | To make the mountable memory filesystem permanent, open `/etc/fstab` as |
| 91 | a privileged user and add the following line to automate creation of the |
| 92 | filesystem at startup: |
| 93 | |
| 94 | ```console |
| 95 | swap /var/www/dev mfs rw,-s=1048576 0 0 |
| 96 | ``` |
| 97 | |
| 98 | Then add the following to [`/etc/rc.local(8)`][rc.local] to automate |
| 99 | creation of the `random` and `null` device files. |
| 100 | |
| 101 | ``` |
| 102 | echo -n "[!] create device nodes: /var/www/dev/{urandom,null}" |
| 103 | cwd=$(pwd) |
| 104 | cd /var/www/dev |
| 105 | /dev/MAKEDEV urandom |
| 106 | mknod -m 666 null c 2 2 |
| 107 | cd $cwd |
| 108 | echo "." |
| 109 | ``` |
| 110 | |
| 111 | [rc.local]: https://man.openbsd.org/rc.conf.local.8 |
| 112 | |
| 113 | The same user that executes the fossil binary must have writable access |
| 114 | to the repository directory that resides within the chroot; on OpenBSD |
| 115 | this is `www`. In addition, grant repository directory ownership to the |
| 116 | user who will push to, pull from, and create repositories. |
| 117 |
| --- www/server/openbsd/fastcgi.md | |
| +++ www/server/openbsd/fastcgi.md | |
| @@ -66,20 +66,24 @@ | |
| 66 | ## <a name="chroot"></a>Setup chroot |
| 67 | |
| 68 | Fossil needs both `/dev/random` and `/dev/null`, which aren't accessible |
| 69 | from within the chroot, so need to be constructed; `/var`, however, is |
| 70 | mounted with the `nodev` option. Rather than removing this default |
| 71 | setting, create a small memory filesystem and then mount it on to |
| 72 | `/var/www/dev` with [`mount_mfs(8)`][mfs] so that the `random` and |
| 73 | `null` device files can be created. In order to avoid neccessitating a |
| 74 | startup script to recreate the device files at boot, create a template |
| 75 | of the needed ``/dev`` tree to automatically populate the memory |
| 76 | filesystem. |
| 77 | |
| 78 | ```console |
| 79 | $ doas mkdir /var/www/dev |
| 80 | $ doas install -d -g daemon /template/dev |
| 81 | $ cd /template/dev |
| 82 | $ doas /dev/MAKEDEV urandom |
| 83 | $ doas mknod -m 666 null c 2 2 |
| 84 | $ doas mount_mfs -s 1M -P /template/dev /dev/sd0b /var/www/dev |
| 85 | $ ls -l |
| 86 | total 0 |
| 87 | crw-rw-rw- 1 root daemon 2, 2 Jun 20 08:56 null |
| 88 | lrwxr-xr-x 1 root daemon 7 Jun 18 06:30 random@ -> urandom |
| 89 | crw-r--r-- 1 root wheel 45, 0 Jun 18 06:30 urandom |
| @@ -90,27 +94,12 @@ | |
| 94 | To make the mountable memory filesystem permanent, open `/etc/fstab` as |
| 95 | a privileged user and add the following line to automate creation of the |
| 96 | filesystem at startup: |
| 97 | |
| 98 | ```console |
| 99 | swap /var/www/dev mfs rw,-s=1048576,-P=/template/dev 0 0 |
| 100 | ``` |
| 101 | |
| 102 | The same user that executes the fossil binary must have writable access |
| 103 | to the repository directory that resides within the chroot; on OpenBSD |
| 104 | this is `www`. In addition, grant repository directory ownership to the |
| 105 | user who will push to, pull from, and create repositories. |
| 106 |