From owner-freebsd-ports@freebsd.org Fri Jan 22 08:44:50 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A798DA8D560 for ; Fri, 22 Jan 2016 08:44:50 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Received: from mail-wm0-x236.google.com (mail-wm0-x236.google.com [IPv6:2a00:1450:400c:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 373771BA4 for ; Fri, 22 Jan 2016 08:44:50 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Received: by mail-wm0-x236.google.com with SMTP id u188so9713676wmu.1 for ; Fri, 22 Jan 2016 00:44:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=9NN7vDtqQtC5HA5TYUJJjh0BGQx340JPW5HtXTC0QXY=; b=oKEMpOFjRuAjybUUDJ25C5Issz1Gml8Ry9ZOg2bL0apEPW30r+T6wZAJ//eIytuCk/ kM11VqKmYDIH9FDc6TrUNX+nbiiOMqo+qqGvgZV4Lps1uiDpfrKXzdOslGVVDFlxsSWu AmGx3LhAucAwV/RqJHHmEaMBsBWYBXDVe8bh/D2qJR8LdnPwTSUlwTWpfjL3Ol/AVLpk +vxdCuFrm/SiL6vE1IesqRdzjZ09t8T4HKvDI+BYpXjvF9v0akm/vNB7WVQaCAR6zIoT DRyZQ5ASU7pGW5UdFwprzzPcxBNoMT9Wu41Yf9Ml1e/e/LBXgemWdXNMWdeCoohRsnvr GfTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-type:content-disposition:user-agent; bh=9NN7vDtqQtC5HA5TYUJJjh0BGQx340JPW5HtXTC0QXY=; b=SWvBp1OaD8LMN60Y8wXUY9YeETywpUNM87RSYd+QQhlU5Lj+hdE5ht/SlwTGOMf9pO vxOsUFGQuiNgWE1sVyK3+Md30sU9FDVYcAm4OimASGHMay9L/7VbD7w5vZu2jFrrXnPb ExsQ7ashrERlq0c7Ykvht/5NpHp+UO6WNx3KoZm0irlJqzsoGNiOL2cnR1B9WSJxkZiT qSGFBdJ/OXZ9y187Ah/7Tzg4edLVuTRnL/mIlB779xUBKjhyE6crN5X8ZMTMda0AQeZO TgUjWLyN/omfY4fXDIkV31Hs5eFiDdH5uwk85enbecbxbI1mvwECC0dlGnfkcfaJ3czr PSyg== X-Gm-Message-State: AG10YORM8+8IJy7N7beW6VVUZBFORJ20U+IqaJL15afaGli3FQwH+A1ixKcMmBiAbwKM+Q== X-Received: by 10.28.180.193 with SMTP id d184mr2085722wmf.64.1453452288694; Fri, 22 Jan 2016 00:44:48 -0800 (PST) Received: from fbsd.intel1 (intel1.epfl.ch. [128.179.67.108]) by smtp.gmail.com with ESMTPSA id w80sm1878661wme.17.2016.01.22.00.44.47 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jan 2016 00:44:48 -0800 (PST) Date: Wed, 20 Jan 2016 23:10:04 +0100 From: Stanislaw Adaszewski To: freebsd-ports@freebsd.org Cc: s.adaszewski@gmail.com Subject: OpenBSD's httpd port Message-ID: <20160120221004.GB3039@fbsd.intel1> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2016 08:44:50 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi guys, I have a semi-working port of OpenBSD's new httpd running on FreeBSD. It is based on the current (i.e. as of today) sources from OpenBSD repo. Furthermore I've pulled in imsg.c, imsg.h, imsg-buffer.c from OpenBSD's libutil. Also, libressl and libevent2 need to be installed from FreeBSD's port collection. In spite of this, some things are missing, notably: - tls_handshake() is not implemented in FreeBSD's libressl I didn't investigate how to handle this, I presume the SSL support is not functioning until a workaround is implemented or libressl updated to OpenBSD's version - crypt_checkpass() is not implemented in FreeBSD, it should be pretty trivial to port/implement it, it's used for checking .htaccess/.htpasswd type hashes; right now this mechanism is non-functional Other than that after applying the following patch (attached) the daemon manages to start in a chroot-ted environment and serve both raw and PHP files (via fastcgi to PHP-FPM). I wanted to ask if there's a chance to get this put into FreeBSD's port tree while I keep working on the missing functionality? The rationale for this is that httpd is one of the smallest and most robust ways of setting up e.g. WordPress installation. Doing the same with nginx was at least cumbersome. There's another patch of mine in the openbsd-tech list which adds URL rewriting support to httpd. I feel that there's a niche for such simple lightweight daemon and efforts should be made to collaborate with OpenBSD people on this one. Best, S. --ZPt4rx8FFjLCG7dd Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="httpd_freebsd.patch" Only in .: 1 Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/CVS and ./CVS diff ../../../../openbsd.orig/src/usr.sbin/httpd/Makefile ./Makefile 6a7 > SRCS+= imsg.c imsg-buffer.c 12c13 < LDADD= -levent -ltls -lssl -lcrypto -lutil --- > LDADD= -L/usr/local/lib -levent -ltls -lssl -lcrypto -lutil 15c16 < CFLAGS+= -Wall -I${.CURDIR} --- > CFLAGS+= -Wall -I${.CURDIR} -I/usr/local/include Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/cgi-bin and ./cgi-bin Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/conf and ./conf Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/htdocs and ./htdocs diff ../../../../openbsd.orig/src/usr.sbin/httpd/http.h ./http.h 24a25,28 > #ifndef HOST_NAME_MAX > #define HOST_NAME_MAX 256 > #endif > diff ../../../../openbsd.orig/src/usr.sbin/httpd/httpd.c ./httpd.c 50c50 < __dead void usage(void); --- > void usage(void); 147c147 < __dead void --- > void 254c254 < if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd", --- > /* if (pledge("stdio rpath wpath cpath inet dns proc ioctl sendfd", 256c256 < fatal("pledge"); --- > fatal("pledge"); */ 951a952,957 > int getdtablecount(); > > int getdtablecount() { > return 0; > } > diff ../../../../openbsd.orig/src/usr.sbin/httpd/httpd.h ./httpd.h 40a41,44 > #ifndef HOST_NAME_MAX > #define HOST_NAME_MAX 256 > #endif > 682c686 < __dead void fatal(const char *, ...) --- > void fatal(const char *, ...) 684c688 < __dead void fatalx(const char *, ...) --- > void fatalx(const char *, ...) Only in .: httpd_freebsd.patch Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/icons and ./icons Only in .: imsg-buffer.c Only in .: imsg.c Only in .: imsg.h diff ../../../../openbsd.orig/src/usr.sbin/httpd/log.c ./log.c 46c46 < __dead void fatal(const char *, ...) --- > void fatal(const char *, ...) 48c48 < __dead void fatalx(const char *, ...) --- > void fatalx(const char *, ...) diff ../../../../openbsd.orig/src/usr.sbin/httpd/logger.c ./logger.c 73,74c73,74 < if (pledge("stdio recvfd", NULL) == -1) < fatal("pledge"); --- > /* if (pledge("stdio recvfd", NULL) == -1) > fatal("pledge"); */ 139a140,141 > #define dprintf > Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/logs and ./logs diff ../../../../openbsd.orig/src/usr.sbin/httpd/parse.y ./parse.y 53a54,55 > #include > 1789c1791 < if (error == EAI_AGAIN || error == EAI_NODATA || error == EAI_NONAME) --- > if (error == EAI_AGAIN || /* error == EAI_NODATA || */ error == EAI_NONAME) diff ../../../../openbsd.orig/src/usr.sbin/httpd/server.c ./server.c 72c72 < extern void bufferevent_read_pressure_cb(struct evbuffer *, size_t, --- > static void bufferevent_read_pressure_cb(struct evbuffer *, size_t, 74a75,90 > static void > bufferevent_read_pressure_cb(struct evbuffer *buf, size_t old, size_t now, > void *arg) { > struct bufferevent *bufev = arg; > /* > * If we are below the watermark then reschedule reading if it's > * still enabled. > */ > if (bufev->wm_read.high == 0 || now < bufev->wm_read.high) { > evbuffer_setcb(buf, NULL, NULL); > > if (bufev->enabled & EV_READ) > server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec); > } > } > 218,219c234,235 < explicit_bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); < explicit_bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); --- > bzero(srv->srv_conf.tls_cert, srv->srv_conf.tls_cert_len); > bzero(srv->srv_conf.tls_key, srv->srv_conf.tls_key_len); 247,248c263,264 < if (pledge("stdio rpath inet unix recvfd", NULL) == -1) < fatal("pledge"); --- > /* if (pledge("stdio rpath inet unix recvfd", NULL) == -1) > fatal("pledge"); */ 324c340 < explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); --- > bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); 329c345 < explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); --- > bzero(srv_conf->tls_key, srv_conf->tls_key_len); 500c516 < if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { --- > /* if (srv_conf->tcpflags & (TCPFLAG_SACK|TCPFLAG_NSACK)) { 508c524 < } --- > } */ 569a586 > size_t outlen; 579,580c596,597 < ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch); < if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { --- > ret = tls_read(clt->clt_tls_ctx, rbuf, howmuch, &outlen); > if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 598c615 < server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); --- > server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec); 615c632 < server_bufferevent_add(&bufev->ev_read, bufev->timeout_read); --- > server_bufferevent_add(&bufev->ev_read, bufev->timeout_read.tv_sec); 629a647 > size_t outlen; 639,640c657,658 < EVBUFFER_LENGTH(bufev->output)); < if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT) { --- > EVBUFFER_LENGTH(bufev->output), &outlen); > if (ret == TLS_READ_AGAIN || ret == TLS_WRITE_AGAIN) { 651c669 < server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); --- > server_bufferevent_add(&bufev->ev_write, bufev->timeout_write.tv_sec); 659c677 < server_bufferevent_add(&bufev->ev_write, bufev->timeout_write); --- > server_bufferevent_add(&bufev->ev_write, bufev->timeout_write.tv_sec); 747a766,767 > size_t outlen; > 758c778 < (void)tls_write(clt->clt_tls_ctx, buf, len); --- > (void)tls_write(clt->clt_tls_ctx, buf, len, &outlen); 958c978 < ret = tls_handshake(clt->clt_tls_ctx); --- > // ret = tls_handshake(clt->clt_tls_ctx); 961c981 < } else if (ret == TLS_WANT_POLLIN) { --- > } else if (ret == TLS_READ_AGAIN) { 965c985 < } else if (ret == TLS_WANT_POLLOUT) { --- > } else if (ret == TLS_WRITE_AGAIN) { 1218c1238 < ret = server_bufferevent_write(clt, buf->buffer, size); --- > ret = server_bufferevent_write(clt, EVBUFFER_DATA(buf), size); diff ../../../../openbsd.orig/src/usr.sbin/httpd/server_http.c ./server_http.c 32a33 > #define _WITH_GETLINE 56a58,65 > int stravis(char **dst, const char *src, int flags); > > int stravis(char **dst, const char *src, int flags) { > *dst = (char*) malloc(4 * strlen(src) + 1); > if (*dst == 0) return -1; > return strvis(*dst, src, flags); > } > 172c181 < explicit_bzero(line, linelen); --- > bzero(line, linelen); 179c188 < explicit_bzero(line, linelen); --- > bzero(line, linelen); 183,184c192,193 < if (crypt_checkpass(clt_pass, pass) == 0) { < explicit_bzero(line, linelen); --- > if (0) { // crypt_checkpass(clt_pass, pass) == 0) { > bzero(line, linelen); 195,196c204,205 < explicit_bzero(ba->kv_value, strlen(ba->kv_value)); < explicit_bzero(decoded, sizeof(decoded)); --- > bzero(ba->kv_value, strlen(ba->kv_value)); > bzero(decoded, sizeof(decoded)); 779c788 < if (stravis(&escapedmsg, msg, VIS_DQ) == -1) { --- > if (stravis(&escapedmsg, msg, 0) == -1) { Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/src and ./src Common subdirectories: ../../../../openbsd.orig/src/usr.sbin/httpd/support and ./support --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="httpd.conf" chroot "/var/www" server "default" { listen on * port 80 root "/htdocs/test" location "*.php" { fastcgi socket "/run/php-fpm.sock" } } --ZPt4rx8FFjLCG7dd--