Recent Changes - Search:
Ikiwiki /

Install

Ikiwiki setup:

First, download and verify the software: 

$ ftp http://deb.debian.org/debian/pool/main/i/ikiwiki/ikiwiki_3.20200202.3.orig.tar.xz
$ ftp http://deb.debian.org/debian/pool/main/i/ikiwiki/ikiwiki_3.20200202.3-1.dsc
$ ftp https://keys.openpgp.org/vks/v1/by-fingerprint/DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90

You may need to install GPG: 

$ doas pkg_add gnupg
$ gpg --import DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90
$ gpg --verify ikiwiki_3.20200202.3-1.dsc

gpg: Signature made Thu Feb 13 05:12:05 2020 EST
gpg:                using RSA key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
gpg:                issuer "smcv@debian.org"
gpg: Good signature from "Simon McVittie <smcv@pseudorandom.co.uk>" [unknown]
gpg:                 aka "Simon McVittie <smcv@debian.org>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: DA98 F25C 0871 C49A 59EA  FF2C 4DE8 FF2A 63C7 CC90
     Subkey fingerprint: 36EC 5A64 48A4 F5EF 79BE  FE98 E05A E147 8F81 4C4F

$ sha256 ikiwiki_3.20200202.3.orig.tar.xz                                
SHA256 (ikiwiki_3.20200202.3.orig.tar.xz) = 594f13bcee8959356376a42eed6c5a8e295d325724b1c09f9395404e3262796a
$ rm DA98F25C0871C49A59EAFF2C4DE8FF2A63C7CC90

Once the signature and hash has been confirmed, you can extract the software: 

$ doas pkg_add xz
$ unxz ikiwiki_3.20200202.3.orig.tar.xz
$ tar xvf ikiwiki_3.20200202.3.orig.tar

Install the required dependencies: 

$ doas pkg_add p5-CGI-FormBuilder p5-CGI-Session p5-Class-Date \
p5-HTML-Parser p5-HTML-Scrubber p5-HTML-Template p5-Text-Markdown \
p5-URI p5-XML-Simple p5-YAML-XS p5-CGI gmake git
$ cpan Mail::Sendmail

If you did not configure CPAN to use sudo, you may need to run make with doas: 

$ cd ~/.cpan/build/Mail-Sendmail*
$ doas make install

Next, build ikiwiki: 

$ cd ~/ikiwiki-3.20200202.3
$ ./Makefile.PL
$ gmake
$ doas gmake install

Copy to chroot: 

$ doas mkdir -p /var/www/usr/local/libdata/perl5/
$ doas cp -R /usr/local/libdata/perl5/site_perl /var/www/usr/local/libdata/perl5/
$ doas mkdir -p /var/www/usr/local/share/ikiwiki
$ doas cp -R /usr/local/share/ikiwiki /var/www/usr/local/share/
$ doas mkdir -p /var/www/usr/local/sbin
$ doas cp -R /usr/local/sbin/ikiwiki-mass-rebuild /var/www/usr/local/sbin/
$ doas mkdir -p /var/www/usr/local/lib/w3m/cgi-bin/
$ doas cp -R /usr/local/lib/w3m/cgi-bin/ikiwiki-w3m.cgi /var/www/usr/local/lib/w3m/cgi-bin/
$ doas mkdir -p /var/www/usr/local/bin
$ doas cp /usr/local/bin/ikiwiki* /var/www/usr/local/bin/
$ doas mkdir -p /var/www/etc/
$ doas cp -R /etc/ikiwiki /var/www/etc/
$ doas mkdir -p /var/www/usr/libdata/
$ doas cp -R /usr/libdata/perl5 /var/www/usr/libdata/

We will need to copy the Mail::Sendmail module into the chroot. Assuming cpan installed it locally (not using sudo), we run: 

$ doas cp -R ~/perl5/lib/perl5/Mail/Sendmail.pm /var/www/usr/local/libdata/perl5/site_perl/Mail/

Set up unbound and place this inside /var/www/etc/resolv.conf: 

lookup file bind
nameserver 127.0.0.1

We will need to setup a chroot for perl: 

$ doas mkdir -p /var/www/usr/{bin,lib,libexec}
$ doas cp /usr/bin/perl /var/www/usr/bin/
$ doas cp -p /usr/lib/lib{c,m,perl}.so* /var/www/usr/lib/
$ doas cp /usr/libexec/ld.so /var/www/usr/libexec/

Next, setup a chroot for git: 

$ doas cp /usr/local/bin/git{,-upload-pack,-shell,-upload-archive,-receive-pack} /var/www/usr/local/bin/
$ doas cp /usr/lib/libz.so.7.0 /var/www/usr/lib/
$ doas cp /usr/local/lib/{libiconv.so.7.1,libintl.so.7.0} /var/www/usr/local/lib/
$ doas cp /usr/lib/{libpthread.so.27.0,libc.so.97.0} /var/www/usr/lib/
$ doas cp /usr/libexec/ld.so /var/www/usr/libexec/

In order to run ikiwiki inside a chroot, git must also be inside the chroot. However, git requires certain devices files which inside the /var partition. By default, OpenBSD mounts /var with the nodev flag for security.

To resolve this, we have two options:

  1. Mount a separate partition as /var/www/dev which allows devices (more complex)
  2. Remount /var to allow device files (less secure)

WARNING: Do not copy the instructions below blindly. You may wipe out data irreversibly if you format the wrong partition.

To mount a separate partition, you will need to create a new partition, add it to /etc/fstab, and mount it.

$ doas disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a ... @]

Then write the changes to disk and quit: 

sd0*> w
sd0> q
No label changes.

Next, you'll want to format the partition: 

$ doas newfs sd0a

Next, edit /etc/fstab and mount /var/www/dev.

WARNING: Mounting /var to allow device files will compromise OpenBSD security

Another option is to remount /var to allow device files. 

$ doas mount -u -o dev /var

Make sure to also update /etc/fstab.

Create device files

$ doas mkdir -p /var/www/dev
$ doas mknod -m 644 /var/www/dev/random c 45 0
$ doas mknod -m 644 /var/www/dev/urandom c 45 2
$ doas mknod -m 666 /var/www/dev/null c 2 2

$ export SRCDIR=/var/www/wiki/markdown/
$ export DESTDIR=/var/www/htdocs/wiki/
$ doas mkdir -p $SRCDIR $DESTDIR
$ doas chown $USER:daemon $SRCDIR $DESTDIR
$ vim $SRCDIR/index.mdwn

Put this inside the sample index page: 

Welcome to your new wiki.

All wikis are supposed to have a [[SandBox]],
so this one does too.

----

This wiki is powered by [ikiwiki](http://ikiwiki.info).

Then setup the wiki: 

$ ikiwiki --verbose $SRCDIR $DESTDIR --url=https://example.com/

To dump the setup file: 

$ doas chown -R $USER:daemon /var/www/wiki/
$ ikiwiki $SRCDIR $DESTDIR --url=http://example.com/ --dumpsetup /var/www/wiki/ikiwiki.setup

Edit ikiwiki.setup with correct values. Then, rebuild: 

# where the source of the wiki is located
srcdir: /var/www/wiki/markdown/
# where to build the wiki
destdir: /var/www/htdocs/wiki/
# base url to the wiki
url: https://example.com/
# url to the ikiwiki.cgi
cgiurl: 'https://example.com/ikiwiki.cgi'
# do not adjust cgiurl if CGI is accessed via different URL
reverse_proxy: 0
# filename of cgi wrapper to generate
cgi_wrapper: '/var/www/htdocs/wiki/ikiwiki.cgi'
# mode for cgi_wrapper (can safely be made suid)
cgi_wrappermode: 00755
# number of seconds to delay CGI requests when overloaded
cgi_overload_delay: ''
# message to display when overloaded (may contain html)
cgi_overload_message: ''
# enable optimization of only refreshing committed changes?
only_committed_changes: 0
# rcs backend to use
rcs: 'git'
# plugins to add to the default configuration
add_plugins:
- goodstuff
- websetup

...

allow_symlinks_before_srcdir: 1

We create the wiki itself and initialize the git repo: 

$ export REPOSITORY=/var/git/wiki/
$ doas mkdir -p /var/git/

Make sure you have write access: 

$ doas chmod g+w /var/git/
$ ikiwiki-makerepo git $SRCDIR $REPOSITORY

Next, we move the git repo and create a symbolic link: 

$ doas mkdir -p /var/www/var/git/
$ doas mv /var/git/wiki /var/www/var/git/
$ doas ln -s /var/www/var/git/wiki /var/git/wiki

By default, cgi_wrapper is configured to use SUIDs, but on OpenBSD, /var is usually mounted nosuid. For this reason, we edit cgi_wrappermode to be 00755 instead of 06755. 

$ ikiwiki --setup /var/www/wiki/ikiwiki.setup

Next we make sure that ikiwiki can write to /var/www/wiki. It is necessary to create a symlink because when the CGI script attempts to open this directory, it actually visits /var/www/var/www/wiki: 

$ doas mkdir -p /var/www/var/www/wiki
$ doas ln -s /wiki/markdown /var/www/var/www/wiki/markdown
$ doas chown -R www:daemon $SRCDIR

Create the htdocs folder: 

$ doas mkdir -p /var/www/var/www/htdocs
$ doas mv /var/www/htdocs/wiki /var/www/var/www/htdocs/

And set up a necessary symlink: 

$ doas ln -s /var/www/htdocs/wiki/ /var/www/htdocs/wiki

Edit /etc/httpd.conf to handle the CGI script. Replace example.com with your server: 

server "example.com" {
	listen on * port 80
	root "/htdocs/wiki"
	location "*.cgi" {
		fastcgi
	}
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

server "example.com" {
	listen on * tls port 443
		tls {
		certificate "/etc/ssl/example.com.fullchain.pem"
		key "/etc/ssl/private/example.com.key"
	}
	root "/htdocs/wiki"
	location "*.cgi" {
		fastcgi
	}
	location "/.well-known/acme-challenge/*" {
		root "/acme"
		request strip 2
	}
}

Enable Fast CGI: 

$ doas rcctl enable slowcgi 
$ doas rcctl start slowcgi

You will want to download the markdown files:

Attach:ikiwiki-markdown.tgz 

$ ftp https://ircnow.org/software/ikiwiki-markdown.tgz
$ tar xvzf ikiwiki-markdown.tgz
$ doas mv ircnow/* /var/www/wiki/markdown/
$ rmdir ircnow/

Then rebuild ikiwiki: 

$ ikiwiki --rebuild --setup /var/www/wiki/ikiwiki.setup

Set the correct file ownership: 

$ doas chown -R www:daemon /var/www/wiki/
$ doas chown -R www:daemon /var/www//var/www/htdocs/wiki/