Notes on getting Kwiki <http://www.kwiki.org> going inside the default Apache
(chrooted) on OpenBSD:

0) prepare your system for chroot CGI execution
  * mkdir -p /var/www/usr/libexec && mkdir -p /var/www/usr/lib
  * cp -p /usr/libexec/ld.so /var/www/usr/libexec/
  * cp -p /usr/lib/libc.so.* /var/www/usr/lib/
  * cp -p /usr/lib/libm.so.* /var/www/usr/lib/
  * cp -p /usr/lib/libutil.so.* /var/www/usr/lib/
### NOTE: if you want Kwiki::Archive::Rcs, you'll need to do the following:
  * cp -p /usr/bin/rcs /var/www/usr/bin/
  * cp -p /usr/bin/ci /var/www/usr/bin/
  * cp -p /usr/bin/co /var/www/usr/bin/
  * cp -p /usr/bin/diff /var/www/usr/bin/
  * cp -p /usr/bin/rlog /var/www/usr/bin/
  * mkdir /var/www/tmp && chmod 1777 /var/www/tmp
  * mkdir /var/www/dev && mknod -m 0666 /var/www/dev/null c 2 2
  * remount /var minus option 'nodev' (edit /etc/fstab to make it permanent)

1) install Perl distribution inside /var/www
  * wget ftp://ftp.perl.org/pub/CPAN/src/stable.tar.gz
  * tar xzvf stable.tar.gz && cd perl-<stable_ver>
  * ./Configure --prefix=/var/www && make && make test && sudo make install
(NOTE: the above apparently only works for versions <= 5.8.5, for 5.8.6 do:)
  * ./Configure -Dprefix=/var/www/usr && make && make test && sudo make install
  * sudo mkdir /var/www/var && cd /var/www/var && sudo ln -s .. www
    (yeah, it's necessary)

2) install Kwiki via CPAN
  * cd /var/www && sudo /var/www/usr/bin/perl -MCPAN -e 'install Kwiki'
  * when prompted, I suggest /var/www/.cpan/ as your CPAN cache dir
  * I also suggest 'prefix=/var/www' when prompted (default option is
    'prefix=~/perl')

3) create Kwiki subdir and install
  * edit /var/www/usr/bin/kwiki and change the first line from

    #!/usr/bin/perl -w

    to

    #!/var/www/usr/bin/perl -w

    If you don't, the regular system perl binary in /usr/bin/perl (not to be
    confused with the one you just installed in /var/www/usr/bin/perl) will
    complain that it can't find Kwiki.pm (because you installed it inside
    /var/www/usr and not /usr).
  * mkdir /var/www/htdocs/kwiki (or wherever you want your kwiki to live)
  * cd /var/www/htdocs/kwiki
  * /var/www/usr/bin/kwiki -new `pwd` -install

4) install Kwiki modules
  * /var/www/usr/bin/perl -MCPAN -e shell
      install Kwiki::RecentChanges
      install Kwiki::Archive::Rcs
      install Kwiki::Revisions
      install Kwiki::Search
      install Kwiki::UserPreferences
      install Kwiki::UserName
    quit
  * cd /var/www/htdocs/kwiki (or wherever your kwiki is installed) and
    /var/www/usr/bin/kwiki -add Kwiki::RecentChanges
    /var/www/usr/bin/kwiki -add Kwiki::Archive::Rcs
    /var/www/usr/bin/kwiki -add Kwiki::Revisions
    /var/www/usr/bin/kwiki -add Kwiki::Search
    /var/www/usr/bin/kwiki -add Kwiki::UserPreferences
    /var/www/usr/bin/kwiki -add Kwiki::UserName

4) set up Apache to run CGIs:

  <Directory /var/www/htdocs/kwiki>
    Order allow,deny
    Allow from all
    # the following line lets us use .htaccess to protect config files/dirs
    AllowOverride Limit
    Options +ExecCGI
    AddHandler cgi-script .cgi
    DirectoryIndex index.cgi
    AuthType Basic
    AuthName "By Invitation Only"
    AuthUserFile passwd/passwd
    Require valid-user
  </Directory>

  * NOTE: those last 4 entries (AuthType, AuthName, AuthUserFile and
Require) are there because I have my kwiki installation password-protected.
For my particular installation, I'm using kwiki to allow employees to manage
customer information, but I don't want this open to the world. If you're
setting up a standard Wiki (where the world can edit your pages), you
probably don't want those last 4 entries (although you may want
Kwiki::RecentChanges and some other modules; see the Kwiki homepage (or the
index.cgi in the Kwiki dir you just created!)

  * NOTE ON BACKUPS: using rsync in cron as an unprivileged user will backup
your kwiki installation just fine, with the exception of a couple of
TemplateToolkit (tt2) directories. I'm not sure why tt2 installs some of its
files as 0600 www:daemon, but to enable remote backups as somebody other than
root or www (neither of which you probably want to be ssh'ing as), do the
following:
$ sudo chmod go+r /path/to/my/kwiki/plugin/template/ttc/template/tt2/*
$ sudo chmod go+r /path/to/my/kwiki/plugin/template/ttc/theme/basic/template/tt2/*

FINALLY ... if you run into problems, whether documented above or not, they
will most likely manifest as Internal Server Errors from apache. Your Perl
distribution _should_ print the error message to the client browser; the best
way to debug these errors is to attempt to duplicate them from inside:
----
$ sudo mkdir /var/www/bin && sudo cp -p /bin/sh /bin/ls /var/www/bin/
$ sudo chroot -u www /var/www /bin/sh
----
Now type in whatever command your browser said caused the internal server
error, and you'll be able to see more easily what's causing the problem
(permissions, missing commands/directories, etc.). Don't forget to
$ sudo rm -r /var/www/bin/
after you're done debugging (unless you have something else in there that's
needed). Not a lot of point in putting a process in a chroot(2) jail if
you're going to leave a shell lying around for attackers to execute.

Recommended reading:
  http://www.kwiki.org?KwikiHelpIndex
  http://www.kwiki.org/?GettingStartedWithKwiki
  http://www.kwiki.org?InstallingTypicalWikiFeatures
  http://www.openbsd.org/faq/faq10.html#httpdchroot