Et maintenant, en vrai

“T’es mignon iMil avec tes machins développés à 3 grammes, mais en vrai, c’est utilisable ?”

Mais si, je vous ai entendu penser ça tout fort.

Et en réponse à cet affront manifeste, voici une mise en place d’apache chrooté prêt à recevoir un Wordpress utilisant la machinerie présentée dans le post précédent :


[~/services] pwd
/home/imil/services
(root@korriban)
[~/services] cat etc/apache-chroot.conf
SETSDIR=/home/imil/binary/sets
SVCDIR=/home/imil/services/apache
CHROOTDIR=${SVCDIR}/chroot

do not add a trailing slash in the following variable

SETSURL=ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0.1/amd64/binary/sets
SETS=”base xbase etc” # xbase required for apache (expat)
PREFIX=”/usr/pkg”
PACKAGES=”/home/imil/packages”
PKGLIST=”sqlite3 pkgin perl apr apr-util apache xmlcatmgr libxml2 php php5-mysql libmm libmcrypt php5-mcrypt ap22-php5 ap22-rpaf php5-mbstring php5-zlib”
MOUNTS=”/dev ${PACKAGES} /home/imilnet”
CPFILES=”${SVCDIR}/root”
SERVICES=”apache postfix”
PREFIX=”/usr/pkg”

J’ai préparé les fichiers suivants, prêts à être copiés dans le chroot :


(root@korriban)
[~/services] find apache/root
apache/root
apache/root/etc
apache/root/etc/hosts
apache/root/etc/rc.conf
apache/root/etc/resolv.conf
apache/root/etc/postfix
apache/root/etc/postfix/main.cf
apache/root/usr
apache/root/usr/pkg
apache/root/usr/pkg/etc
apache/root/usr/pkg/etc/php.ini
apache/root/usr/pkg/etc/pkgin
apache/root/usr/pkg/etc/pkgin/repositories.conf
apache/root/usr/pkg/etc/httpd
apache/root/usr/pkg/etc/httpd/httpd.conf
apache/root/usr/pkg/etc/httpd/httpd-vhosts.conf

On n’oubliera evidemment pas de placer dans etc/rc.conf les valeurs suivantes :


(root@korriban)
[~/services] cat apache/root/etc/rc.conf
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
fi

rc_configured=YES

apache=YES
postfix=YES

À noter que Wordpress considère qu’un MTA local est disponible, d’où la nénessité de démarrer postfix. La configuration de ce dernier est tout à fait basique: myhostname, mydomain, inet_interfaces (localhost) et surtout relayhost.

Le fichier php.ini est affublé des extensions nécessaires :


extension=mysql.so
extension=mcrypt.so
extension=mbstring.so
extension=zlib.so

Les fichiers httpd.conf et httpd-vhosts.conf sont à configurer selon vos besoins.

Dès lors :


(root@korriban)
[~/services] bin/mksvcchroot.sh create etc/apache-chroot.conf
/home/imil/services/apache/chroot-NetBSD-5.0.1
fetching binary sets… done
creating chroot… extracting: base xbase etc done
preparing packages…sqlite3 Creating binary package: sqlite3-3.6.17
Creating package /home/imil/packages/sqlite3-3.6.17
Using SrcDir value of /usr/pkg
pkgin Creating binary package: pkgin-0.2.5
Creating package /home/imil/packages/pkgin-0.2.5
Using SrcDir value of /usr/pkg
perl Creating binary package: perl-5.10.0nb6
Creating package /home/imil/packages/perl-5.10.0nb6
Using SrcDir value of /usr/pkg
apr Creating binary package: apr-1.3.9
Creating package /home/imil/packages/apr-1.3.9
Using SrcDir value of /usr/pkg
apr-util Creating binary package: apr-util-1.3.9
Creating package /home/imil/packages/apr-util-1.3.9
Using SrcDir value of /usr/pkg
apache Creating binary package: apache-2.2.13nb3
Creating package /home/imil/packages/apache-2.2.13nb3
Using SrcDir value of /usr/pkg
xmlcatmgr Creating binary package: xmlcatmgr-2.2nb1
Creating package /home/imil/packages/xmlcatmgr-2.2nb1
Using SrcDir value of /usr/pkg
libxml2 Creating binary package: libxml2-2.7.3nb1
Creating package /home/imil/packages/libxml2-2.7.3nb1
Using SrcDir value of /usr/pkg
php Creating binary package: php-5.2.12
Creating package /home/imil/packages/php-5.2.12
Using SrcDir value of /usr/pkg
php5-mysql Creating binary package: php5-mysql-5.2.12
Creating package /home/imil/packages/php5-mysql-5.2.12
Using SrcDir value of /usr/pkg
libmm Creating binary package: libmm-1.4.2nb1
Creating package /home/imil/packages/libmm-1.4.2nb1
Using SrcDir value of /usr/pkg
libmcrypt Creating binary package: libmcrypt-2.5.8
Creating package /home/imil/packages/libmcrypt-2.5.8
Using SrcDir value of /usr/pkg
php5-mcrypt Creating binary package: php5-mcrypt-5.2.12
Creating package /home/imil/packages/php5-mcrypt-5.2.12
Using SrcDir value of /usr/pkg
ap22-php5 Creating binary package: ap22-php5-5.2.12nb1
Creating package /home/imil/packages/ap22-php5-5.2.12nb1
Using SrcDir value of /usr/pkg
ap22-rpaf Creating binary package: ap22-rpaf-0.5
Creating package /home/imil/packages/ap22-rpaf-0.5
Using SrcDir value of /usr/pkg
php5-mbstring Creating binary package: php5-mbstring-5.2.12
Creating package /home/imil/packages/php5-mbstring-5.2.12
Using SrcDir value of /usr/pkg
php5-zlib Creating binary package: php5-zlib-5.2.12nb1
Creating package /home/imil/packages/php5-zlib-5.2.12nb1
Using SrcDir value of /usr/pkg
done
null-mounting… /dev /home/imil/packages /home/imilnet done
installing packages… sqlite3 pkgin Executing ‘/bin/mkdir -p ‘/usr/pkg’/etc/pkgin’

pkgin-0.2.5: copying /usr/pkg/share/examples/pkgin/repositories.conf.example to /usr/pkg/etc/pkgin/repositories.conf

$NetBSD: MESSAGE,v 1.1.1.1 2009/06/08 13:58:26 imil Exp $

First steps before using pkgin.

. Modify /usr/pkg/etc/pkgin/repositories.conf to suit your platform
. Initialize the database :

# pkgin update

===========================================================================
perl apr apr-util apache apache-2.2.13nb3: Creating group www'' apache-2.2.13nb3: Creating userwww’’
useradd: Warning: home directory `/nonexistent’ doesn’t exist, and -m was not specified
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-autoindex.conf to /usr/pkg/etc/httpd/httpd-autoindex.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-dav.conf to /usr/pkg/etc/httpd/httpd-dav.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-default.conf to /usr/pkg/etc/httpd/httpd-default.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-info.conf to /usr/pkg/etc/httpd/httpd-info.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-languages.conf to /usr/pkg/etc/httpd/httpd-languages.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-manual.conf to /usr/pkg/etc/httpd/httpd-manual.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-mpm.conf to /usr/pkg/etc/httpd/httpd-mpm.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-multilang-errordoc.conf to /usr/pkg/etc/httpd/httpd-multilang-errordoc.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-ssl.conf to /usr/pkg/etc/httpd/httpd-ssl.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-userdir.conf to /usr/pkg/etc/httpd/httpd-userdir.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/extra/httpd-vhosts.conf to /usr/pkg/etc/httpd/httpd-vhosts.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/httpd.conf to /usr/pkg/etc/httpd/httpd.conf
apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/magic to /usr/pkg/etc/httpd/magic

apache-2.2.13nb3: copying /usr/pkg/share/examples/httpd/mime.types to /usr/pkg/etc/httpd/mime.types

The following files should be created for apache-2.2.13nb3:

/etc/rc.d/apache (m=0755)
    [/usr/pkg/share/examples/rc.d/apache]

===========================================================================
xmlcatmgr xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.etc.sgml to /usr/pkg/etc/sgml/catalog
xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.etc.xml to /usr/pkg/etc/xml/catalog
xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.share.sgml to /usr/pkg/share/sgml/catalog

xmlcatmgr-2.2nb1: copying /usr/pkg/share/examples/xmlcatmgr/catalog.share.xml to /usr/pkg/share/xml/catalog

$NetBSD: MESSAGE,v 1.5 2004/01/23 17:12:16 jmmv Exp $

The following catalogs have been installed:

* /usr/pkg/etc/sgml/catalog
  System wide SGML catalog.  Can be edited by the administrator and
  is not changed by packages.  This is the *default* catalog when
  working in SGML mode.

* /usr/pkg/etc/xml/catalog
  System wide XML catalog.  Can be edited by the administrator and
  is not changed by packages.  This is the *default* catalog when
  working in XML mode.

* /usr/pkg/share/sgml/catalog
  Handles SGML stuff installed under /usr/pkg/share/sgml.
  Automatically handled by packages.

* /usr/pkg/share/xml/catalog
  Handles XML stuff installed under /usr/pkg/share/xml.
  Automatically handled by packages.

===========================================================================

libxml2 php php-5.2.11: copying /usr/pkg/share/examples/php/php.ini-recommended to /usr/pkg/etc/php.ini

$NetBSD: MESSAGE,v 1.9 2007/10/09 19:19:10 martti Exp $

To process PHP scripts, you will need a PHP-enabled HTTP server. You may
either configure the HTTP server to use the PHP CGI binary located in

/usr/pkg/libexec/cgi-bin/php

or you may install a PHP module for your HTTP server, e.g. www/ap-php.

Note that php-openssl is no longer a separate package as of version
5.0.5nb1 because the main PHP5 package has it built-in now.

As of version 5.2.1nb3 PEAR is no longer installed by default with the
php package. In order to use PEAR packages with PHP you will need to

install the lang/pear package.

pkg_add: A different version of php-5.2.12 is already installed: php-5.2.11
pkg_add: 1 package addition failed
php5-mysql ===========================================================================
$NetBSD: MESSAGE,v 1.1.1.1 2005/10/31 09:21:40 xtraeme Exp $

To use the mysqlhotcopy’’ script, you’ll have to install the following
packages:

databases/p5-DBD-mysql
devel/p5-File-Temp

===========================================================================

$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $

To enable this module, add the following to /usr/pkg/etc/php.ini:

extension=mysql.so

and make sure extension_dir points to the dir where mysql.so is.

Then restart your PHP5-enabled HTTP server to load this module.

libmm libmcrypt php5-mcrypt ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $

To enable this module, add the following to /usr/pkg/etc/php.ini:

extension=mcrypt.so

and make sure extension_dir points to the dir where mcrypt.so is.

Then restart your PHP5-enabled HTTP server to load this module.

ap22-php5 ===========================================================================
$NetBSD: MESSAGE,v 1.2 2005/03/30 03:25:00 darcy Exp $

In order to use this module in your Apache 1.x installation, you need to
add the following to your httpd.conf file:

LoadModule php5_module lib/httpd/mod_php5.so
AddType application/x-httpd-php .php

You may also add following if you still use .php3 files:

AddType application/x-httpd-php .php3

For Apache 2.x installation, you need following:

LoadModule php5_module lib/httpd/mod_php5.so
AddHandler application/x-httpd-php .php

You may also add following if you still use .php3 files:

AddHandler application/x-httpd-php .php3

===========================================================================
ap22-rpaf php5-mbstring ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $

To enable this module, add the following to /usr/pkg/etc/php.ini:

extension=mbstring.so

and make sure extension_dir points to the dir where mbstring.so is.

Then restart your PHP5-enabled HTTP server to load this module.

php5-zlib ===========================================================================
$NetBSD: MESSAGE.module,v 1.2 2004/11/05 21:50:11 jdolecek Exp $

To enable this module, add the following to /usr/pkg/etc/php.ini:

extension=zlib.so

and make sure extension_dir points to the dir where zlib.so is.

Then restart your PHP5-enabled HTTP server to load this module.

done
copying files… done
copying services scripts…cp: /usr/pkg/share/examples/rc.d/postfix: No such file or directory
done
starting services…Starting apache.
postfix: rebuilding /etc/mail/aliases (missing /etc/mail/aliases.db)
postfix/postfix-script: starting the Postfix mail system
done

Notre apache est prêt à répondre aux requetes.

Vous n’aurez pas manqué de remarquer que j’ai ajouté pkgin aux packages à installer dans le chroot, ce qui nous permettra de maintenir ce dernier de cette façon :


(imil@korriban)
[~] sudo chroot services/apache/chroot-NetBSD-5.0.1 /bin/ksh

pkgin up

processing local summary…
updating database: 100%
downloading pkg_summary.bz2: 100%
processing remote summary (ftp://ftp.fr.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/5.0/All)...
updating database: 100%

pkgin fug

calculating dependencies for ap22-php5-5.2.12nb1…
calculating dependencies for ap22-rpaf-0.5…
calculating dependencies for apache-2.2.14…
calculating dependencies for apr-1.3.9…
calculating dependencies for apr-util-1.3.9…
calculating dependencies for libmcrypt-2.5.8…
calculating dependencies for libmm-1.4.2nb1…
calculating dependencies for libxml2-2.7.6…
calculating dependencies for mysql-client-5.0.88…
calculating dependencies for perl-5.10.1…
calculating dependencies for php-5.2.12…
calculating dependencies for php5-mbstring-5.2.12…
calculating dependencies for php5-mcrypt-5.2.12…
calculating dependencies for php5-mysql-5.2.12…
calculating dependencies for php5-zlib-5.2.12nb1…
calculating dependencies for pkgin-0.2.5…
calculating dependencies for sqlite3-3.6.21nb1…
calculating dependencies for xmlcatmgr-2.2nb1…
5 packages to be upgraded: sqlite3-3.6.17 apache-2.2.13nb3 perl-5.10.0nb6 php-5.2.11 libxml2-2.7.3nb1
5 packages to be installed: libxml2-2.7.6 perl-5.10.1 php-5.2.12 apache-2.2.14 sqlite3-3.6.21nb1 (23M to download, 86M to install)
proceed ? [y/N] y
downloading packages…
downloading libxml2-2.7.6.tgz: 100%
downloading perl-5.10.1.tgz: 100%
downloading php-5.2.12.tgz: 100%
downloading apache-2.2.14.tgz: 100%
downloading sqlite3-3.6.21nb1.tgz: 100%
removing packages to be upgraded…
removing sqlite3-3.6.17…
Package sqlite3-3.6.17' is still required by other packages: pkgin-0.2.5 removing apache-2.2.13nb3... Packageapache-2.2.13nb3’ is still required by other packages:
ap22-php5-5.2.12nb1
ap22-rpaf-0.5

pkg_delete: Directory `/usr/pkg/share/httpd/manual/style/xsl’ disappeared, skipping

The following users are no longer being used by apache-2.2.13nb3,
and they can be removed if no other software is using them:

www

===========================================================================

The following groups are no longer being used by apache-2.2.13nb3,
and they can be removed if no other software is using them:

www

===========================================================================

The following files are no longer being used by apache-2.2.13nb3,
and they can be removed if no other packages are using them:

/usr/pkg/etc/httpd/httpd.conf
/usr/pkg/etc/httpd/httpd-vhosts.conf
/etc/rc.d/apache

===========================================================================

The following directories are no longer being used by apache-2.2.13nb3,
and they can be removed if no other packages are using them:

/var/log/httpd

===========================================================================
removing perl-5.10.0nb6…
Package perl-5.10.0nb6' is still required by other packages: mysql-client-5.0.88 removing php-5.2.11... Packagephp-5.2.11’ is still required by other packages:
php5-mysql-5.2.12
php5-mcrypt-5.2.12
ap22-php5-5.2.12nb1
php5-mbstring-5.2.12

php5-zlib-5.2.12nb1

===========================================================================
The following files are no longer being used by php-5.2.11,
and they can be removed if no other packages are using them:

/usr/pkg/etc/php.ini

===========================================================================

The following directories are no longer being used by php-5.2.11,
and they can be removed if no other packages are using them:

/usr/pkg/lib/php/20040412

===========================================================================
removing libxml2-2.7.3nb1…
Package `libxml2-2.7.3nb1’ is still required by other packages:
ap22-php5-5.2.12nb1
installing packages…
installing libxml2-2.7.6…
installing perl-5.10.1…
installing php-5.2.12…

php-5.2.12: /usr/pkg/etc/php.ini already exists

$NetBSD: MESSAGE,v 1.9 2007/10/09 19:19:10 martti Exp $

To process PHP scripts, you will need a PHP-enabled HTTP server. You may
either configure the HTTP server to use the PHP CGI binary located in

/usr/pkg/libexec/cgi-bin/php

or you may install a PHP module for your HTTP server, e.g. www/ap-php.

Note that php-openssl is no longer a separate package as of version
5.0.5nb1 because the main PHP5 package has it built-in now.

As of version 5.2.1nb3 PEAR is no longer installed by default with the
php package. In order to use PEAR packages with PHP you will need to

install the lang/pear package.

installing apache-2.2.14…
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-autoindex.conf to /usr/pkg/etc/httpd/httpd-autoindex.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-dav.conf to /usr/pkg/etc/httpd/httpd-dav.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-default.conf to /usr/pkg/etc/httpd/httpd-default.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-info.conf to /usr/pkg/etc/httpd/httpd-info.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-languages.conf to /usr/pkg/etc/httpd/httpd-languages.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-manual.conf to /usr/pkg/etc/httpd/httpd-manual.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-mpm.conf to /usr/pkg/etc/httpd/httpd-mpm.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-multilang-errordoc.conf to /usr/pkg/etc/httpd/httpd-multilang-errordoc.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-ssl.conf to /usr/pkg/etc/httpd/httpd-ssl.conf
apache-2.2.14: copying /usr/pkg/share/examples/httpd/extra/httpd-userdir.conf to /usr/pkg/etc/httpd/httpd-userdir.conf
apache-2.2.14: /usr/pkg/etc/httpd/httpd-vhosts.conf already exists
apache-2.2.14: /usr/pkg/etc/httpd/httpd.conf already exists
apache-2.2.14: copying /usr/pkg/share/examples/httpd/magic to /usr/pkg/etc/httpd/magic

apache-2.2.14: copying /usr/pkg/share/examples/httpd/mime.types to /usr/pkg/etc/httpd/mime.types

The following files are used by apache-2.2.14 and have
the wrong ownership and/or permissions:

/etc/rc.d/apache (m=0755)

===========================================================================
installing sqlite3-3.6.21nb1…
processing local summary…
updating database: 100%
marking php5-zlib-5.2.12nb1 as non auto-removeable
marking php5-mbstring-5.2.12 as non auto-removeable
marking ap22-rpaf-0.5 as non auto-removeable
marking ap22-php5-5.2.12nb1 as non auto-removeable
marking php5-mcrypt-5.2.12 as non auto-removeable
marking libmcrypt-2.5.8 as non auto-removeable
marking libmm-1.4.2nb1 as non auto-removeable
marking php5-mysql-5.2.12 as non auto-removeable
marking php-5.2.12 as non auto-removeable
marking libxml2-2.7.6 as non auto-removeable
marking xmlcatmgr-2.2nb1 as non auto-removeable
marking apache-2.2.14 as non auto-removeable
marking apr-util-1.3.9 as non auto-removeable
marking apr-1.3.9 as non auto-removeable
marking perl-5.10.1 as non auto-removeable
marking pkgin-0.2.5 as non auto-removeable
marking sqlite3-3.6.21nb1 as non auto-removeable

Et là j’ai envie de dire: “ça claque ou bien ?”
[tags]NetBSD,chroot,pkgin[/tags]