List for cgit developers and users
 help / color / mirror / Atom feed
* about-filter in chroot on OpenBSD (httpd + slowcgi)
@ 2021-03-28  5:35 Paul W. Rankin
       [not found] ` <87sg4fpulm.fsf@oscarnajera.com>
  0 siblings, 1 reply; 2+ messages in thread
From: Paul W. Rankin @ 2021-03-28  5:35 UTC (permalink / raw)
  To: cgit

Hello,

I'm running cgit on OpenBSD with httpd + slowcgi and can't seem to get 
the about-filter to work. Both httpd and slowcgi run in the default 
chroot of /var/www.

I've compiled lowdown with "-static -pie" to /var/www/bin/lowdown 
(chroot /bin/lowdown) with permissions:

     -rwxr-xr-x  1 root  bin  1325512 Mar  4 01:38 /var/www/bin/lowdown

In my cgitrc (cgit.conf):

     about-filter=/bin/lowdown
     readme=:README.md

However, upon visiting an About page of a repo that includes a 
README.md, I get only a blank page and the following is logged in 
error.log:

     lowdown: README.md: No such file or directory

Here's the cgit server section in httpd.conf:

	server "git.bydasein.com" {
			listen on * port 80
			listen on * tls port 443
			root "/cgi-bin/cgit.cgi"
			tls {
					certificate "/etc/ssl/bydasein.com.fullchain.pem"
					key "/etc/ssl/private/bydasein.com.key"
			}
			location "/.well-known/acme-challenge/*" {
					root "/acme"
					request strip 2
			}
			location "/robots.txt" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			}
			location "/favicon.ico" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			}
			location "/cgit.css" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			}
			location "/custom.css" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			}
			fastcgi {
					socket "/run/slowcgi.sock"
					param CGIT_CONFIG "/conf/cgit.conf"
			}
	}

I'm pretty sure I can have this work if I disable the chroot in httpd 
and/or slowcgi, but I'd prefer a solution that doesn't require that.

Does anyone have any ideas? Has anyone managed to get cgit running on 
OpenBSD using httpd + slowcgi with chroot enabled?

Thanks for your time :)

-- 
Paul W. Rankin
https://bydasein.com

The single best thing you can do for the world is delete your social 
media accounts.

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: about-filter in chroot on OpenBSD (httpd + slowcgi)
       [not found] ` <87sg4fpulm.fsf@oscarnajera.com>
@ 2021-03-28  9:05   ` Paul W. Rankin
  0 siblings, 0 replies; 2+ messages in thread
From: Paul W. Rankin @ 2021-03-28  9:05 UTC (permalink / raw)
  To: Oscar Najera; +Cc: cgit


On 2021-03-28 18:09, Oscar Najera wrote:
> Paths are absolute on. Try
> 
> about-filter=/var/www/bin/lowdown

Thanks Oscar, but cgit is running in chroot at /var/www so this path 
would become /var/www/var/www/bin/lowdown.

This is now solved. I was making two mistakes; the first is that 
about-filter doesn't want an executable to do the conversion, it wants a 
the command to pass to do the conversion. The second is that my script 
was #!/bin/sh but sh wasn't in the chroot, so I needed to copy the sh 
binary into /var/www/bin.

But with some help from the OpenBSD list I was able to make a little 
static C program that works:

	#include <unistd.h>

	int main(void) {
		execl("/bin/lowdown", "lowdown", NULL);
		return 1;
	}

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-03-28  9:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-28  5:35 about-filter in chroot on OpenBSD (httpd + slowcgi) Paul W. Rankin
     [not found] ` <87sg4fpulm.fsf@oscarnajera.com>
2021-03-28  9:05   ` Paul W. Rankin

List for cgit developers and users

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/cgit

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 cgit cgit/ http://inbox.vuxu.org/cgit \
		cgit@lists.zx2c4.com
	public-inbox-index cgit

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.cgit


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git