about-filter in chroot on OpenBSD (httpd + slowcgi)

Paul W. Rankin pwr at bydasein.com
Sun Mar 28 05:35:55 UTC 2021


I'm running cgit on OpenBSD with httpd + slowcgi and can't seem to get 
the about-filter to work. Both httpd and slowcgi run in the default 
chroot of /var/www.

I've compiled lowdown with "-static -pie" to /var/www/bin/lowdown 
(chroot /bin/lowdown) with permissions:

     -rwxr-xr-x  1 root  bin  1325512 Mar  4 01:38 /var/www/bin/lowdown

In my cgitrc (cgit.conf):


However, upon visiting an About page of a repo that includes a 
README.md, I get only a blank page and the following is logged in 

     lowdown: README.md: No such file or directory

Here's the cgit server section in httpd.conf:

	server "git.bydasein.com" {
			listen on * port 80
			listen on * tls port 443
			root "/cgi-bin/cgit.cgi"
			tls {
					certificate "/etc/ssl/bydasein.com.fullchain.pem"
					key "/etc/ssl/private/bydasein.com.key"
			location "/.well-known/acme-challenge/*" {
					root "/acme"
					request strip 2
			location "/robots.txt" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			location "/favicon.ico" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			location "/cgit.css" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			location "/custom.css" {
					root "/htdocs/git.bydasein.com"
					no fastcgi
			fastcgi {
					socket "/run/slowcgi.sock"
					param CGIT_CONFIG "/conf/cgit.conf"

I'm pretty sure I can have this work if I disable the chroot in httpd 
and/or slowcgi, but I'd prefer a solution that doesn't require that.

Does anyone have any ideas? Has anyone managed to get cgit running on 
OpenBSD using httpd + slowcgi with chroot enabled?

Thanks for your time :)

Paul W. Rankin

The single best thing you can do for the world is delete your social 
media accounts.

More information about the CGit mailing list