Installing Gallery 2 on OpenBSD 4.3
Installing Gallery 2 on OpenBSD is a bit more involved than installing
Wordpress. Gallery 2 requires a few binaries and libraries to exist
within the /var/www
chroot in order to function properly. After
getting my “production” installation working, I took a spare machine
loaded with OpenBSD 4.3 base and documented the entire installation
process for Gallery 2, installing (hopefully) no more than was
necessary.
To start the process, you’ll need to install a few packages and their associated dependencies; namely, MySQL, the GraphicsMagick suite of utilities, and PHP5:
# pkg_add -i mysql-server mysql-client GraphicsMagick php5-core
Ambiguous: choose package for GraphicsMagick
0:
1: GraphicsMagick-1.1.11p0
2: GraphicsMagick-1.1.11p0-no_x11
Your choice: 2
mysql-client-5.0.51a: complete
p5-DBD-mysql-4.005:p5-Net-Daemon-0.43: complete
p5-DBD-mysql-4.005:p5-PlRPC-0.2018p0: complete
p5-DBD-mysql-4.005:p5-DBI-1.59: complete
p5-DBD-mysql-4.005: complete
mysql-server-5.0.51a: complete
Ambiguous: choose dependency for GraphicsMagick-1.1.11p0-no_x11:
0: ghostscript-8.60-no_x11
[snip]
Your choice: 0
GraphicsMagick-1.1.11p0-no_x11:bzip2-1.0.4: complete
GraphicsMagick-1.1.11p0-no_x11:jasper-1.900.1: complete
GraphicsMagick-1.1.11p0-no_x11:jbigkit-1.6p1: complete
GraphicsMagick-1.1.11p0-no_x11:jpeg-6bp3: complete
GraphicsMagick-1.1.11p0-no_x11:tiff-3.8.2p0: complete
GraphicsMagick-1.1.11p0-no_x11:lcms-1.15: complete
GraphicsMagick-1.1.11p0-no_x11:png-1.2.22: complete
GraphicsMagick-1.1.11p0-no_x11:libiconv-1.9.2p5: complete
GraphicsMagick-1.1.11p0-no_x11:ghostscript-fonts-8.11p0: complete
GraphicsMagick-1.1.11p0-no_x11:ijs-0.35: complete
GraphicsMagick-1.1.11p0-no_x11:ghostscript-8.60-no_x11: complete
GraphicsMagick-1.1.11p0-no_x11:libxml-2.6.30: complete
GraphicsMagick-1.1.11p0-no_x11: complete
php5-core-5.2.5p2:gettext-0.16.1: complete
php5-core-5.2.5p2: complete
php5-mysql-5.2.5: complete
You may wish to update your font path for /usr/local/share/ghostscript/fonts
Fontconfig error: Cannot load default config file
--- ghostscript-fonts-8.11p0 -------------------
To install these fonts for X11, just make sure that the fontpath
lists the 75dpi or 100dpi bitmap fonts before the ghostscript fonts,
and make sure you have the string ":unscaled" appended to the bitmap
mfont's fontpath. This way, the bitmap fonts will be used if they
match, and the Type 1 versions will be used if the font needs to be
scaled. Below is the relevant section from a typical xorg.conf file.
FontPath "/usr/X11R6/lib/X11/fonts/misc/"
FontPath "/usr/X11R6/lib/X11/fonts/75dpi/:unscaled"
FontPath "/usr/X11R6/lib/X11/fonts/100dpi/:unscaled"
FontPath "/usr/local/lib/X11/fonts/ghostscript/"
FontPath "/usr/X11R6/lib/X11/fonts/Type1/"
--- mysql-server-5.0.51a -------------------
You can find detailed instructions on how to install a database
in /usr/local/share/doc/mysql/README.OpenBSD.
--- php5-core-5.2.5p2 -------------------
To enable the php5 module please create a symbolic
link from /var/www/conf/modules.sample/php5.conf
to /var/www/conf/modules/php5.conf.
ln -s /var/www/conf/modules.sample/php5.conf /var/www/conf/modules
The recommended php configuration has been installed
to /var/www/conf/php.ini.
Don't forget that the default OpenBSD httpd is chrooted
into /var/www by default, so you may need to create support
directories such as /var/www/tmp for PHP to work correctly.
--- php5-mysql-5.2.5 -------------------
You can enable this module by creating a symbolic
link from /var/www/conf/php5.sample/mysql.ini to
/var/www/conf/php5/mysql.ini.
There are some directions about various symlinks to create and
documentation to read given at the end of the pkg_add(1)
process. Create
those symlinks now:
# ln -fs /var/www/conf/php5.sample/mysql.ini /var/www/conf/php5/mysql.ini
# ln -s /var/www/conf/modules.sample/php5.conf /var/www/conf/modules
Reading the MySQL documentation states that the system databases need to be created. Use the following command to do that:
# mysql_install_db
Installing MySQL system tables...
OK
Filling help tables...
OK
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/local/bin/mysqladmin -u root password 'new-password'
/usr/local/bin/mysqladmin -u root -h test.crosse.org password 'new-password'
Alternatively you can run:
/usr/local/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
Please report any problems with the /usr/local/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
Next, start the MySQL server:
# mysqld_safe &
[1] 10598
# Starting mysqld daemon with databases from /var/mysql
We’re going to take the mysql database installer’s advice and run the
mysql_secure_installation
command to secure the server a bit:
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Now that MySQL is started, and the root password has been set, a database and database user should be created for Gallery to use. Modify the database name, user name, and password values to match your environment.
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.0.51a-log OpenBSD port: mysql-server-5.0.51a
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> CREATE DATABASE gallery2;
Query OK, 1 row affected (0.01 sec)
mysql> GRANT ALL ON gallery2.* TO gallery_user IDENTIFIED BY 'gallery_pass';
Query OK, 0 rows affected (0.05 sec)
mysql> quit
Bye
As long as we’re still setting up MySQL, go ahead and edit the file
/etc/rc.local
to start MySQL on boot:
if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c mysql root -c '/usr/local/bin/mysqld_safe >/dev/null 2>&1 &'
echo -n ' mysql'
fi
Next we need to get Apache up and running. Edit /etc/rc.conf
and look
for the line
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8))
and change it to
httpd_flags="" # for normal use: "" (or "-DSSL" after reading ssl(8))
Making this change will also start httpd(8) on boot. Now start Apache:
# apachectl start
/usr/sbin/apachectl start: httpd started
There are a couple of files that need to be copied into /var/www/etc
to make life a little easier:
# mkdir -p /var/www/etc
# cp /etc/resolv.conf /var/www/etc/
# cp /etc/hosts /var/www/etc/
Now that MySQL and Apache are set up and started, it’s time to get the
Gallery source from their website. This can be done a number of
different ways, but the easiest method is to use the ftp(1)
command
(yes, ftp(1)
can download from http as well. Go figure.):
# ftp http://downloads.sourceforge.net/gallery/gallery-2.2.5-typical.tar.gz
Trying 216.34.181.60...
Requesting http://downloads.sourceforge.net/gallery/gallery-2.2.5-typical.tar.gz
Redirected to http://voxel.dl.sourceforge.net/sourceforge/gallery/gallery-2.2.5-typical.tar.gz
Trying 208.122.32.195...
Requesting http://voxel.dl.sourceforge.net/sourceforge/gallery/gallery-2.2.5-typical.tar.gz
100% |*****************************************************************| 7122 KB 00:22
Successfully retrieved file.
Untar this file to /var/www
:
# tar xvfz gallery-2.2.5-typical.tar.gz -C /var/www/
The next command symlinks /var/www/gallery2
to
/var/www/htdocs/gallery
. If you want to use a different path–say,
http://yourserver.com/photos instead of http://yourserver.com/gallery,
change ‘../gallery2’ to ‘../photos’:
# ln -s ../gallery2 /var/www/htdocs/gallery
A couple of edits to the php.ini
file need to be made. The first will
disable output buffering. This is really optional; however, if you
disable output buffering things like progress bars will work better.
The second edit is to tell PHP where its temp directory is. Since httpd
is running in a chroot jail, you should be able to just uncomment the
line and leave the default value of “/tmp” in place. However, in my
testing there was just something about that path that PHP did not like;
I had to use a different directory name.
In the file /var/www/conf/php.ini
, search for the following lines:
output_buffering = 4096
;session.save_path = "/tmp"
And change them to:
;output_buffering = 4096
session.save_path = "/phptmp"
Now edit /var/www/conf/httpd.conf
. Uncomment the LoadModule
line to enable mod_rewrite:
LoadModule rewrite_module /usr/lib/apache/modules/mod_rewrite.so
and a little farther down (after the <Directory "/var/www/htdocs">
section is good) add the following to enable mod_rewrite to work for the
gallery directory:
<Directory "/var/www/gallery">
Options FollowSymlinks
AllowOverride FileInfo
</Directory>
Save and quit vi (or whatever you used to edit httpd.conf).
In order for Gallery to be able to correctly set up and configure its
“URL Rewrite” plugin create a .htaccess
file and give httpd(8) permission
to edit it (this can be set back to root:daemon after you’re done
configuring the URL Rewrite plugin, if you want).
# touch /var/www/gallery2/.htaccess
# chown www:www /var/www/gallery2/.htaccess
Create the directory specified earlier in the php.ini
file as PHP’s
temporary directory:
# mkdir /var/www/phptmp
# chown www:www /var/www/phptmp
Create the directory that will store your photos and give the www
user
access:
# mkdir /var/www/g2data
# chown www:www /var/www/g2data
Create an empty config.php
file in advance so that Gallery doesn’t ask
you about it later:
# touch /var/www/gallery2/config.php && chown www:www /var/www/gallery2/config.php
Now create a directory structure at /var/www
to put the various
binaries and libraries:
# mkdir -p/var/www/usr{,/local}{/bin,/lib}
# mkdir -p /var/www/usr/libexec
…and then start copying needed files into the chroot:
# cp {,/var/www}/usr/bin/nice
# cp {,/var/www}/bin/sh
# cp {,/var/www}/usr/libexec/ld.so
# cp {,/var/www}/var/run/ld.so.hints
This next little snippet will read the file listing for the GraphicsMagick and ffmpeg packages and copy all the necessary files into the chroot:
# for i in `pkg_info -L GraphicsMagick | grep -e mgk -e bin -e lib`
> do mkdir -p /var/www`dirname $i`
> cp {,/var/www}$i
> done
# for i in `pkg_info -L ffmpeg | egrep -e bin -e lib`
> do mkdir -p /var/www`dirname $i`
> cp {,/var/www}$i
> done
Once this has been done, use my reSyncJail script to copy in all the necessary support libraries. I don’t believe you need to do it for this application, but it would be a good idea to run this script until no exclamation points appear. (An “!” is printed for every dynamic library that is copied into the chroot; if one of the libraries copied depends on another dynamic library, the script won’t notice this. Running it until no more “!“s appear ensure that all necessary libraries are present in the chroot jail.)
# ./reSyncJail.sh
syncing jail with base OS
.....................................................done.
checking that all support libraries are present
!!!!!!!!!!!!!.!!!....!!!!!!!!!!!!!!!!!done.
# ./reSyncJail.sh
syncing jail with base OS
......................................................................................done.
checking that all support libraries are present
......................................done.
Once you’ve done all that, you’re (mostly) done! Start your web browser of choice and go to the URL of your gallery. For instance, this might be: http://test.domain.local/gallery/install. Follow the instructions for each step. Some hints:
- All files and directories should have been created above, but if anything got missed Gallery will let you know and tell you to create it.
- In Step 4, the “Directory path” should be “/g2data”.
- In Step 5, make sure to use “localhost:3306” for the database server.
Once the installer has finished there is one last thing that needs to be done to get the URL Rewrite module working:
- Login as admin
- Click “Site Admin” → “Plugins” → “URL Rewrite: configure”
- Choose “mod_rewrite”
- Click the “URL Rewrite: activate” link
There you go! You should now have a fully functional Gallery 2 installation on OpenBSD!