Skip to content

EdoardoLaGreca/werc-on-openbsd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

93 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
setup.sh
setup.sh
 
 
unsetup.sh
unsetup.sh
 
 

Repository files navigation

werc-on-openbsd

Automate Werc setup on OpenBSD.

Both the setup.sh and unsetup.sh scripts (in their current version) have been successfully tested on OpenBSD 7.5. Prior or later versions of OpenBSD may not work.

Performing an OpenBSD release upgrade (e.g. by using sysupgrade(8)) or updating the plan9port package may break the current Werc installation. It is advised to always test your Werc installation after performing either a system upgrade or a plan9port update, and to reinstall Werc (using the two scripts) when it stops working.

To preserve the original config files that are going to be modified, the setup script makes a copy (backup) of them and adds .bk at the end of their name. For example, the original /etc/httpd.conf file is copied to /etc/httpd.conf.bk. To restore the original files, the unsetup script renames the backup files with their original name. For this reason, before running setup.sh, make sure to NOT have /etc/httpd.conf.bk or /etc/fstab.bk in your filesystem.

Rationale and Details

Werc, defined as a "sane web anti-framework", is a set of CGI scripts that take markdown files and HTML templates and spit out a complete HTML page. It is simple (highly functional core is 150 lines), easily extensible, and fast enough.

Werc is quite popular among the Plan 9 (and 9front) users. Two possible and logical reasons are that:

  1. It was written using Plan 9's default shell, Rc.
  2. Like I said before, it is simple, and Plan 9 folks like simplicity.

I didn't have much knowledge or experience with Plan 9 at the time. However, I did have knowledge and experience with Unix-like systems (a lot more, compared to Plan 9) and I knew about the existence of plan9port, a port of the Plan 9 user space to Unix-like systems (thank you Russ Cox). A Unix-like operating system and plan9port were all I needed to make Werc work outside of Plan 9. On one hand, an operating system family that I was familiar with. On the other, the simplicity of Werc and the Plan 9 user space.

The choice I made regarding the specific operating system to use was backed by one main thought: if it is exposed to the internet, it must be secure. I could have chosen Linux, but OpenBSD is much more closely related to Unix (Unix as it was intended by its creators), and it has way stricter policies regarding security.

Another thing I really cared about, back when I started writing this script, is that it had to have the least external dependencies possible. In other words, with the reasonable exception of plan9port, it only had to use things that were already available in the default OpenBSD install. I took this decision for two reasons: the first is that I hate when something installs a zillion dependencies and bloats your system, the second is that external dependencies may introduce security breaches.

In addition to all I said before, and this was by far the hardest goal to achieve, it had to comply with OpenBSD's httpd way of doing things. That is, the hosted website had to be chroot'ed into /var/www, so that potential breaches would only be limited to that portion of the file system. At first, since symlinks cannot be accessed from a chroot'ed environment, I solved it the naïve way: I just copied all the Plan 9 utilities, together with their dependencies, into /var/www. That was not the best solution, not even close, but it worked for a while. With recent changes now everything is just hard links, which consume way less data on disk. I'm happy with this new solution and I don't think I will change it any time soon.

How-To

The following procedures download scripts using the latest release's tarball, which is usually tested before publication. Although it is NOT recommended, you can download the scripts from the main branch with the following command

ftp https://raw.githubusercontent.com/EdoardoLaGreca/werc-on-openbsd/main/<script>

where <script> needs to be replaced with the appropriate script name.

Setup

  1. download the latest release tarball and extract it 
    ftp https://github.com/EdoardoLaGreca/werc-on-openbsd/archive/refs/tags/v1.2.tar.gz
tar -xzf v1.2.tar.gz
cd werc-on-openbsd-1.2
  2. verify its checksum (see Checksums) 
    sha256 -q setup.sh
  3. change the domain variable (and webdir if necessary) in setup.sh
  4. make it executable 
    chmod 744 setup.sh
  5. start the script as root 
    doas ./setup.sh

Un-setup

  1. download the latest release tarball and extract it 
    ftp https://github.com/EdoardoLaGreca/werc-on-openbsd/archive/refs/tags/v1.2.tar.gz
tar -xzf v1.2.tar.gz
cd werc-on-openbsd-1.2
  2. verify its checksum (see Checksums) 
    sha256 -q unsetup.sh
  3. change the domain and webdir variables as they were in setup.sh
  4. make it executable 
    chmod 744 unsetup.sh
  5. start the script as root 
    doas ./unsetup.sh

Checksums

setup.sh

SHA-256: f11ddd1dd6ba82f002dbbc8e756ea090b99715fb9d23b6803594008fb3f49451

unsetup.sh

SHA-256: 0524bab3fc6c5b0f1e9ffe4d953df3c94d456b70bff6746f3545b1574e770c90

About

Automate Werc setup on OpenBSD.

Topics

openbsd httpd werc

Resources

Readme

License

CC0-1.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 3

v1.2 Latest
Apr 22, 2024
+ 2 releases

Languages