diff --git a/db/zm_create.sql.in b/db/zm_create.sql.in index 91c34163d..b2824b075 100644 --- a/db/zm_create.sql.in +++ b/db/zm_create.sql.in @@ -556,7 +556,10 @@ INSERT INTO States (Name,Definition,IsActive) VALUES ('default','','1'); DROP TABLE IF EXISTS `Servers`; CREATE TABLE `Servers` ( `Id` int(10) unsigned NOT NULL auto_increment, + `Protocol` TEXT, `Hostname` TEXT, + `Port` INTEGER UNSIGNED, + `PathPrefix` TEXT, `Name` varchar(64) NOT NULL default '', `State_Id` int(10) unsigned, `Status` enum('Unknown','NotRunning','Running') NOT NULL default 'Unknown', diff --git a/db/zm_update-1.31.47.sql b/db/zm_update-1.31.47.sql index 155fb29cc..714afd133 100644 --- a/db/zm_update-1.31.47.sql +++ b/db/zm_update-1.31.47.sql @@ -1,2 +1 @@ ALTER TABLE Frames MODIFY COLUMN EventId bigint unsigned NOT NULL; - diff --git a/db/zm_update-1.32.3.sql b/db/zm_update-1.32.3.sql index fe38baede..68d617824 100644 --- a/db/zm_update-1.32.3.sql +++ b/db/zm_update-1.32.3.sql @@ -7,3 +7,51 @@ -- INSERT INTO MonitorPresets VALUES (NULL,'D-link DCS-930L, 640x480, mjpeg','Remote','http',0,0,'http','simple','',80,'/mjpeg.cgi',NULL,640,480,3,NULL,0,NULL,NULL,NULL,100,100); + +-- +-- Add Protocol column to Storage +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Servers' + AND column_name = 'Protocol' + ) > 0, +"SELECT 'Column Protocol already exists in Servers'", +"ALTER TABLE Servers ADD `Protocol` TEXT AFTER `Id`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +-- +-- Add Prefix column to Storage +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Servers' + AND column_name = 'PathPrefix' + ) > 0, +"SELECT 'Column PathPrefix already exists in Servers'", +"ALTER TABLE Servers ADD `PathPrefix` TEXT AFTER `Hostname`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; + +-- +-- Add Port column to Storage +-- + +SET @s = (SELECT IF( + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS WHERE table_schema = DATABASE() + AND table_name = 'Servers' + AND column_name = 'Port' + ) > 0, +"SELECT 'Column Port already exists in Servers'", +"ALTER TABLE Servers ADD `Port` INTEGER UNSIGNED AFTER `Hostname`" +)); + +PREPARE stmt FROM @s; +EXECUTE stmt; diff --git a/distros/redhat/CMakeLists.txt b/distros/redhat/CMakeLists.txt index 37643cd89..716faea4c 100644 --- a/distros/redhat/CMakeLists.txt +++ b/distros/redhat/CMakeLists.txt @@ -1,5 +1,10 @@ # CMakeLists.txt for the Redhat Target Distros. +# +# General strategy is to configure and install all files specific to Apache and Nginx +# Then let the rpm specfile sort them into the appropriate sub-package +# + # Display a message to show the RHEL build options are being processed. if(ZM_TARGET_DISTRO MATCHES "^el") message([STATUS] "Starting RHEL Build Options" ...) @@ -9,33 +14,38 @@ else(ZM_TARGET_DISTRO MATCHES "^el") message([WARNING] "Unknown Build Option Detected" ...) endif(ZM_TARGET_DISTRO MATCHES "^el") -if((NOT ZM_TARGET_DISTRO MATCHES "^fc") AND (ZM_WEB_USER STREQUAL "nginx")) - message([FATAL_ERROR] "Experimental Nginx support is currently only supported on Fedora" ...) -endif((NOT ZM_TARGET_DISTRO MATCHES "^fc") AND (ZM_WEB_USER STREQUAL "nginx")) +# +# CONFIGURE STAGE +# -# Configure the zoneminder service files -configure_file(systemd/zoneminder.logrotate.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.logrotate @ONLY) -configure_file(nginx/zoneminder.php-fpm.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.php-fpm.conf @ONLY) -configure_file(nginx/zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.conf @ONLY) -if(ZM_WEB_USER STREQUAL "nginx") - configure_file(nginx/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY) - configure_file(nginx/zoneminder.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.tmpfiles @ONLY) - configure_file(nginx/README.Fedora ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY) -else(ZM_WEB_USER STREQUAL "nginx") - configure_file(systemd/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY) - configure_file(apache/zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.conf @ONLY) - configure_file(systemd/zoneminder.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.tmpfiles @ONLY) - if( ZM_TARGET_DISTRO MATCHES "^fc") - configure_file(readme/README.Fedora ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY) - else( ZM_TARGET_DISTRO MATCHES "^fc") - configure_file(readme/README.Redhat7 ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY) - endif( ZM_TARGET_DISTRO MATCHES "^fc") -endif(ZM_WEB_USER STREQUAL "nginx") - -# Create several empty folders +# Configure the common zoneminder files +configure_file(common/zoneminder.logrotate.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.logrotate @ONLY) +configure_file(common/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY) file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp) -# Install the empty folders +# Configure the Apache zoneminder files +configure_file(httpd/zm-httpd.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zm-httpd.conf @ONLY) +configure_file(httpd/zoneminder.httpd.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.httpd.conf @ONLY) +configure_file(httpd/zoneminder.httpd.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.httpd.tmpfiles.conf @ONLY) +configure_file(httpd/com.zoneminder.systemctl.rules.httpd.in ${CMAKE_CURRENT_SOURCE_DIR}/com.zoneminder.systemctl.rules.httpd @ONLY) + +# Configure the Nginx zoneminder files +configure_file(nginx/zm-nginx.conf ${CMAKE_CURRENT_SOURCE_DIR}/zm-nginx.conf COPYONLY) +configure_file(nginx/zoneminder.nginx.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.conf @ONLY) +configure_file(nginx/zoneminder.nginx.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.tmpfiles.conf @ONLY) +configure_file(nginx/zm-web-user.conf ${CMAKE_CURRENT_SOURCE_DIR}/zm-web-user.conf COPYONLY) +configure_file(nginx/zoneminder.php-fpm.conf ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.php-fpm.conf COPYONLY) +configure_file(nginx/com.zoneminder.systemctl.rules.nginx ${CMAKE_CURRENT_SOURCE_DIR}/com.zoneminder.systemctl.rules.nginx COPYONLY) + +# +# INSTALLATION STAGE +# + + +# Install the common zoneminder files +install(FILES zoneminder.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.service DESTINATION /usr/lib/systemd/system PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) + install(DIRECTORY sock swap DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY zoneminder DESTINATION /var/log DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY zoneminder DESTINATION /var/run DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) @@ -43,6 +53,22 @@ install(DIRECTORY zoneminder DESTINATION /var/cache DIRECTORY_PERMISSIONS OWNER_ install(DIRECTORY zoneminder-upload DESTINATION /var/spool DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) +# Install the Apache zoneminder files +install(FILES zm-httpd.conf DESTINATION /usr/lib/systemd/system/zoneminder.service.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.httpd.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.httpd.tmpfiles.conf DESTINATION /usr/lib/tmpfiles.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES com.zoneminder.systemctl.rules.httpd DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) + +# Install the Nginx zoneminder files +install(FILES zm-nginx.conf DESTINATION /usr/lib/systemd/system/zoneminder.service.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.nginx.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.nginx.tmpfiles.conf DESTINATION /usr/lib/tmpfiles.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES com.zoneminder.systemctl.rules.nginx DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zm-web-user.conf DESTINATION /etc/zm/conf.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES zoneminder.php-fpm.conf DESTINATION /etc/php-fpm.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) + +# Miscellaneous + # Symlink the cake php temp folder to the ZoneMinder temp folder install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") @@ -50,14 +76,5 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminde install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") # Install auxiliary files -install(FILES misc/redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -# Install zoneminder service files -install(FILES zoneminder.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) -install(FILES zoneminder.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) -install(FILES zoneminder.php-fpm.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) -install(FILES zoneminder.nginx.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) - -install(FILES zoneminder.service DESTINATION /usr/lib/systemd/system PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) -install(FILES zoneminder.tmpfiles DESTINATION /usr/lib/tmpfiles.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) +install(FILES common/redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/distros/redhat/misc/redalert.wav b/distros/redhat/common/redalert.wav similarity index 100% rename from distros/redhat/misc/redalert.wav rename to distros/redhat/common/redalert.wav diff --git a/distros/redhat/systemd/zoneminder.logrotate.in b/distros/redhat/common/zoneminder.logrotate.in similarity index 100% rename from distros/redhat/systemd/zoneminder.logrotate.in rename to distros/redhat/common/zoneminder.logrotate.in diff --git a/distros/redhat/systemd/zoneminder.service.in b/distros/redhat/common/zoneminder.service.in similarity index 76% rename from distros/redhat/systemd/zoneminder.service.in rename to distros/redhat/common/zoneminder.service.in index 68918ab9e..8551a60e2 100644 --- a/distros/redhat/systemd/zoneminder.service.in +++ b/distros/redhat/common/zoneminder.service.in @@ -1,13 +1,12 @@ # ZoneMinder systemd unit file for RedHat distros and clones +# See drop-in folder for additional config directives [Unit] Description=ZoneMinder CCTV recording and security system -After=network.target mariadb.service httpd.service -Requires=mariadb.service httpd.service +After=network.target mariadb.service +Requires=mariadb.service [Service] -User=@WEB_USER@ -Group=@WEB_GROUP@ Type=forking ExecStart=@BINDIR@/zmpkg.pl start ExecReload=@BINDIR@/zmpkg.pl restart diff --git a/distros/redhat/httpd/com.zoneminder.systemctl.rules.httpd.in b/distros/redhat/httpd/com.zoneminder.systemctl.rules.httpd.in new file mode 100644 index 000000000..d101dad69 --- /dev/null +++ b/distros/redhat/httpd/com.zoneminder.systemctl.rules.httpd.in @@ -0,0 +1,7 @@ +polkit.addRule(function(action, subject) { + if (action.id == "com.zoneminder.policykit.pkexec.run-zmsystemctl" && + subject.user != "@WEB_USER@") { + return polkit.Result.NO; + } + +}); diff --git a/distros/redhat/httpd/zm-httpd.conf.in b/distros/redhat/httpd/zm-httpd.conf.in new file mode 100644 index 000000000..1a00d8d9b --- /dev/null +++ b/distros/redhat/httpd/zm-httpd.conf.in @@ -0,0 +1,8 @@ +# Additional config directives for ZoneMinder with Apache web server + +[Unit] +After=httpd.service + +[Service] +User=@WEB_USER@ +Group=@WEB_GROUP@ diff --git a/distros/redhat/apache/zoneminder.conf.in b/distros/redhat/httpd/zoneminder.httpd.conf.in similarity index 100% rename from distros/redhat/apache/zoneminder.conf.in rename to distros/redhat/httpd/zoneminder.httpd.conf.in diff --git a/distros/redhat/systemd/zoneminder.tmpfiles.in b/distros/redhat/httpd/zoneminder.httpd.tmpfiles.in similarity index 99% rename from distros/redhat/systemd/zoneminder.tmpfiles.in rename to distros/redhat/httpd/zoneminder.httpd.tmpfiles.in index 21e6119fe..f24babdc6 100644 --- a/distros/redhat/systemd/zoneminder.tmpfiles.in +++ b/distros/redhat/httpd/zoneminder.httpd.tmpfiles.in @@ -3,3 +3,4 @@ D @ZM_SOCKDIR@ 0755 @WEB_USER@ @WEB_GROUP@ D @ZM_CACHEDIR@ 0755 @WEB_USER@ @WEB_GROUP@ d @ZM_DIR_EVENTS@ 0755 @WEB_USER@ @WEB_GROUP@ D @ZM_DIR_IMAGES@ 0755 @WEB_USER@ @WEB_GROUP@ + diff --git a/distros/redhat/misc/local_zoneminder.te b/distros/redhat/misc/local_zoneminder.te deleted file mode 100644 index c49505785..000000000 --- a/distros/redhat/misc/local_zoneminder.te +++ /dev/null @@ -1,125 +0,0 @@ -module local_zoneminder 1.2; - -require { - type afs_ka_port_t; - type netsupport_port_t; - type port_t; - type presence_port_t; - type postfix_master_t; - type postfix_qmgr_t; - type postfix_pickup_t; - type httpd_t; - type var_lib_t; - type ionixnetmon_port_t; - type glance_port_t; - type mmcc_port_t; - type postfix_master_t; - type commplex_port_t; - type syslogd_port_t; - type dcc_port_t; - type sip_port_t; - type amqp_port_t; - type condor_port_t; - type afs_fs_port_t; - type nodejs_debug_port_t; - type httpd_var_lib_t; - type websm_port_t; - type afs_pt_port_t; - type postfix_qmgr_t; - type git_port_t; - type ipp_port_t; - type aol_port_t; - type unconfined_t; - type kernel_t; - type init_t; - type auditd_t; - type mysqld_t; - type httpd_log_t; - type syslogd_t; - type httpd_t; - type initrc_state_t; - type initrc_t; - type var_lib_t; - type udev_t; - type mysqld_safe_t; - type sshd_t; - type crond_t; - type getty_t; - type httpd_var_lib_t; - type initrc_var_run_t; - type tmpfs_t; - type dhcpc_t; - type v4l_device_t; - type file_t; - class sock_file { write create unlink }; - class unix_stream_socket { read connectto }; - class lnk_file { write create getattr read lock unlink }; - class dir {search getattr }; - class udp_socket name_bind; - class file { write getattr read lock unlink open }; - class shm { unix_read unix_write associate read write getattr }; - class chr_file getattr; -} - -#============= httpd_t ============== -allow httpd_t auditd_t:dir { search getattr }; -allow httpd_t auditd_t:file { read getattr open }; -allow httpd_t crond_t:dir { search getattr }; -allow httpd_t crond_t:file { read getattr open }; -allow httpd_t dhcpc_t:dir { search getattr }; -allow httpd_t dhcpc_t:file { read getattr open }; -allow httpd_t getty_t:dir { search getattr }; -allow httpd_t getty_t:file { read getattr open }; -allow httpd_t httpd_log_t:file write; -allow httpd_t httpd_var_lib_t:lnk_file { write getattr read lock unlink }; -allow httpd_t init_t:dir { search getattr }; -allow httpd_t init_t:file { read getattr open }; -#!!!! The source type 'httpd_t' can write to a 'file' of the following types: -#squirrelmail_spool_t, mirrormanager_var_run_t, dirsrvadmin_config_t, httpd_lock_t, httpd_tmp_t, dirsrv_config_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_run_t, dirsrv_var_log_t, httpd_var_lib_t, httpd_var_run_t, zarafa_var_lib_t, httpd_prewikka_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t, httpd_smokeping_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_collectd_rw_content_t, cluster_var_lib_t, cluster_var_run_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpdcontent, root_t, httpd_cobbler_rw_content_t, httpd_munin_rw_content_t, cluster_conf_t, httpd_bugzilla_rw_content_t, passenger_tmp_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_dspam_rw_content_t - -allow httpd_t initrc_state_t:file { read write getattr unlink open }; -allow httpd_t initrc_t:unix_stream_socket connectto; -allow httpd_t initrc_t:shm { unix_read unix_write associate read write getattr }; -allow httpd_t initrc_var_run_t:file { write read lock open }; -allow httpd_t kernel_t:dir { search getattr }; -allow httpd_t kernel_t:file { read getattr open }; -allow httpd_t mysqld_safe_t:dir { search getattr }; -allow httpd_t mysqld_safe_t:file { read getattr open }; -allow httpd_t mysqld_t:dir { search getattr }; -allow httpd_t mysqld_t:file { read getattr open }; -allow httpd_t sshd_t:dir { search getattr }; -allow httpd_t sshd_t:file { read getattr open }; -allow httpd_t syslogd_t:dir { search getattr }; -allow httpd_t syslogd_t:file { read getattr open }; -allow httpd_t tmpfs_t:sock_file write; -allow httpd_t udev_t:dir { search getattr }; -allow httpd_t udev_t:file { read getattr open }; -allow httpd_t unconfined_t:dir { search getattr }; -allow httpd_t unconfined_t:file { read getattr open }; -allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink }; -allow httpd_t var_lib_t:sock_file { write unlink }; -allow httpd_t v4l_device_t:chr_file getattr; -allow httpd_t afs_fs_port_t:udp_socket name_bind; -allow httpd_t afs_ka_port_t:udp_socket name_bind; -allow httpd_t afs_pt_port_t:udp_socket name_bind; -allow httpd_t amqp_port_t:udp_socket name_bind; -allow httpd_t aol_port_t:udp_socket name_bind; -allow httpd_t commplex_port_t:udp_socket name_bind; -allow httpd_t condor_port_t:udp_socket name_bind; -allow httpd_t dcc_port_t:udp_socket name_bind; -allow httpd_t git_port_t:udp_socket name_bind; -allow httpd_t glance_port_t:udp_socket name_bind; -allow httpd_t httpd_var_lib_t:lnk_file create; -allow httpd_t ionixnetmon_port_t:udp_socket name_bind; -allow httpd_t ipp_port_t:udp_socket name_bind; -allow httpd_t mmcc_port_t:udp_socket name_bind; -allow httpd_t netsupport_port_t:udp_socket name_bind; -allow httpd_t nodejs_debug_port_t:udp_socket name_bind; -allow httpd_t port_t:udp_socket name_bind; -allow httpd_t postfix_master_t:dir { search getattr }; -allow httpd_t postfix_master_t:file { read getattr open }; -allow httpd_t postfix_pickup_t:dir { search getattr }; -allow httpd_t postfix_pickup_t:file { read getattr open }; -allow httpd_t postfix_qmgr_t:dir { search getattr }; -allow httpd_t postfix_qmgr_t:file { read getattr open }; -allow httpd_t presence_port_t:udp_socket name_bind; diff --git a/distros/redhat/nginx/README.Fedora b/distros/redhat/nginx/README.Fedora deleted file mode 100644 index 90d760952..000000000 --- a/distros/redhat/nginx/README.Fedora +++ /dev/null @@ -1,201 +0,0 @@ -What's New -========== - -1. See the ZoneMinder release notes for a list of new features: - https://github.com/ZoneMinder/zoneminder/releases - -2. The contents of the ZoneMinder Apache config file have changed. In - addition, this ZoneMinder package now requires you to manually symlink the - ZoneMinder Apache config file. See new install step 6 and upgrade step 3 - below for details. - -3. This is an experimental build of ZoneMinder supporting nginx, rather than - apache web server. - -4. If you have installed ZoneMinder from the FedBerry repositories, this build - of ZoneMinder has support for Raspberry Pi hardware acceleration when using - ffmpeg. Unforunately, there is a problem with the same hardware acceleration - when using libvlc. Consequently, libvlc support in this build of ZoneMinder - has been disabled until the problem is resolved. See the following bug - report for details: https://trac.videolan.org/vlc/ticket/18594 - -New installs -============ - -1. Unless you are already using MariaDB server, you need to ensure that the - server is configured to start during boot and properly secured by running: - - sudo dnf install mariadb-server - sudo systemctl enable mariadb - sudo systemctl start mariadb.service - mysql_secure_installation - -2. Assuming the database is local and using the password for the root account - set during the previous step, you will need to create the ZoneMinder - database and configure a database account for ZoneMinder to use: - - mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql - mysql -uroot -p -e "grant all on zm.* to \ - 'zmuser'@localhost identified by 'zmpass';" - mysqladmin -uroot -p reload - - The database account credentials, zmuser/zmpass, are arbitrary. Set them to - anything that suits your environment. - -3. If you have chosen to change the zoneminder database account credentials to - something other than zmuser/zmpass, you must now create a config file under - /etc/zm/conf.d and set your credentials there. For example, create the file - /etc/zm/conf.d/zm-db-user.conf and add the following content to it: - - ZM_DB_USER = {username of the sql account you want to use} - ZM_DB_PASS = {password of the sql account you want to use} - - Once the file has been saved, set proper file & ownership permissions on it: - - sudo chown root:apache *.conf - sudo chmod 640 *.conf - -4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local - timezone. PHP will complain loudly if this is not set, or if it is set - incorrectly, and these complaints will show up in the zoneminder logging - system as errors. - - If you are not sure of the proper timezone specification to use, look at - http://php.net/date.timezone - -5. Disable SELinux - - We currently do not have the resources to create and maintain an accurate - SELinux policy for ZoneMinder on Fedora. We will gladly accept pull - reqeusts from anyone who wishes to do the work. In the meantime, SELinux - will need to be disabled or put into permissive mode. - - To immediately disbale SELinux for the current seesion, issue the following - from the command line: - - sudo setenforce 0 - - To permanently disable SELinux, edit /etc/selinux/config and change the - SELINUX line from "enforcing" to "disabled". This change will take - effect after a reboot. - -6. Configure the web server - - This package uses the HTTPS protocol by default to access the web portal, - using the default self signed certificate on your system. Requests using - HTTP will auto-redirect to HTTPS. - - Inspect the web server configuration file and verify it meets your needs: - - /etc/zm/www/zoneminder.conf - - If you are running other web enabled services then you may need to edit - this file to suite. See README.https to learn about other alternatives. - - When in doubt, proceed with the default: - - sudo ln -s /etc/zm/www/zoneminder.conf /etc/nginx/default.d/ - -7. Fcgiwrap is required when using ZoneMinder with Nginx. At the time of this - writing, fcgiwrap is not yet available in the Fedora repos. Until it - becomes available, you may install it from my Copr repository: - - https://copr.fedorainfracloud.org/coprs/kni/fcgiwrap/ - - Follow the intructions on that site to enable the repo. Once enabled, - install fcgiwrap: - - sudo dnf install fcgiwrap - - After fcgiwrap is installed, it must be configured. Edit - /etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of - simulatneous streams the server should support. Generally, a good minimum - value for this equals the total number of cameras you expect to view at the - same time. - -8. Now start the web server: - - sudo systemctl enable nginx - sudo systemctl start nginx - -9. Now start zoneminder: - - sudo systemctl enable zoneminder - sudo systemctl start zoneminder - -10. Optionally configure the firewall - - All Redhat distros ship with the firewall enabled. That means you will not - be able to access the ZoneMinder web console from a remote machine until - changes are made to the firewall. - - What follows are a set of minimal commands to allow remote access to the - ZoneMinder web console and also allow ZoneMinder's ONVIF discovery to - work. The following commands do not put any restrictions on which remote - machine(s) have access to the listed ports or services. - - sudo firewall-cmd --permanent --zone=public --add-service=http - sudo firewall-cmd --permanent --zone=public --add-service=https - sudo firewall-cmd --permanent --zone=public --add-port=3702/udp - sudo firewall-cmd --reload - - Additional changes to the firewall may be required, depending on your - security requirements and how you use the system. It is up to you to verify - these commands are sufficient. - -11. Access the ZoneMinder web console - - You may now access the ZoneMinder web console from your web browser using - an appropriate url. Here are some examples: - - http://localhost/zm (works from the local machine only) - http://{machine name}/zm (works only if dns is configured for your network) - http://{ip address}/zm - -Upgrades -======== - -1. Conf.d folder support has been added to ZoneMinder. Any custom - changes previously made to zm.conf must now be made in one or more custom - config files, created under the conf.d folder. Do this now. See - /etc/zm/conf.d/README for details. Once you recreate any custom config changes - under the conf.d folder, they will remain in place indefinitely. - -2. Verify permissions of the zmuser account. - - Over time, the database account permissions required for normal operation - have increased. Verify the zmuser database account has been granted all - permission to the ZoneMinder database: - - mysql -uroot -p -e "show grants for zmuser@localhost;" - - See step 2 of the Installation section to add missing permissions. - -3. Verify the ZoneMinder Nginx configuration file in the folder - /etc/zm/www. You will have a file called "zoneminder.conf" and there - may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file - exists, inspect it and merge anything new in that file with zoneminder.conf. - Verify the SSL REquirements meet your needs. Read README.https if necessary. - - The contents of this file must be merged into your Nginx configuration. - See step 6 of the installation section if you have not already done this - during a previous upgrade. - -4. Upgrade the database before starting ZoneMinder. - - Most upgrades can be performed by executing the following command: - - sudo zmupdate.pl - - Recent versions of ZoneMinder don't require any parameters added to the - zmupdate command. However, if ZoneMinder complains, you may need to call - zmupdate in the following manner: - - sudo zmupdate.pl --user=root --pass= --version= - -5. Now restart nginx and php-fpm then start and zoneminder: - - sudo systemctl restart nginx - sudo systemctl restart php-fpm - sudo systemctl start zoneminder - diff --git a/distros/redhat/nginx/com.zoneminder.systemctl.rules.nginx b/distros/redhat/nginx/com.zoneminder.systemctl.rules.nginx new file mode 100644 index 000000000..8eaa78d5c --- /dev/null +++ b/distros/redhat/nginx/com.zoneminder.systemctl.rules.nginx @@ -0,0 +1,7 @@ +polkit.addRule(function(action, subject) { + if (action.id == "com.zoneminder.policykit.pkexec.run-zmsystemctl" && + subject.user != "nginx") { + return polkit.Result.NO; + } + +}); diff --git a/distros/redhat/nginx/zm-nginx.conf b/distros/redhat/nginx/zm-nginx.conf new file mode 100644 index 000000000..5f0319b17 --- /dev/null +++ b/distros/redhat/nginx/zm-nginx.conf @@ -0,0 +1,9 @@ +# Additional config directives for ZoneMinder with Nginx web server + +[Unit] +After=nginx.service php-fpm.service fcgiwrap.service +Requires=php-fpm.service fcgiwrap@nginx.service + +[Service] +User=nginx +Group=nginx diff --git a/distros/redhat/nginx/zm-web-user.conf b/distros/redhat/nginx/zm-web-user.conf new file mode 100644 index 000000000..3146679fd --- /dev/null +++ b/distros/redhat/nginx/zm-web-user.conf @@ -0,0 +1,3 @@ +ZM_WEB_USER=nginx +ZM_WEB_GROUP=nginx + diff --git a/distros/redhat/nginx/zoneminder.conf.in b/distros/redhat/nginx/zoneminder.nginx.conf.in similarity index 94% rename from distros/redhat/nginx/zoneminder.conf.in rename to distros/redhat/nginx/zoneminder.nginx.conf.in index cca9af54f..fb8141c74 100644 --- a/distros/redhat/nginx/zoneminder.conf.in +++ b/distros/redhat/nginx/zoneminder.nginx.conf.in @@ -47,7 +47,7 @@ location /zm { location /zm/api/ { alias "@ZM_WEBDIR@"; - rewrite ^/zm/api(.+)$ /zm/api/index.php?p=$1 last; + rewrite ^/zm/api(.+)$ /zm/api/app/webroot/index.php?p=$1 last; } } diff --git a/distros/redhat/nginx/zoneminder.nginx.tmpfiles.in b/distros/redhat/nginx/zoneminder.nginx.tmpfiles.in new file mode 100644 index 000000000..1c581fcb9 --- /dev/null +++ b/distros/redhat/nginx/zoneminder.nginx.tmpfiles.in @@ -0,0 +1,6 @@ +D @ZM_TMPDIR@ 0755 nginx nginx +D @ZM_SOCKDIR@ 0755 nginx nginx +D @ZM_CACHEDIR@ 0755 nginx nginx +d @ZM_DIR_EVENTS@ 0755 nginx nginx +D @ZM_DIR_IMAGES@ 0755 nginx nginx + diff --git a/distros/redhat/nginx/zoneminder.php-fpm.conf.in b/distros/redhat/nginx/zoneminder.php-fpm.conf similarity index 91% rename from distros/redhat/nginx/zoneminder.php-fpm.conf.in rename to distros/redhat/nginx/zoneminder.php-fpm.conf index a4537b236..cd60a5120 100644 --- a/distros/redhat/nginx/zoneminder.php-fpm.conf.in +++ b/distros/redhat/nginx/zoneminder.php-fpm.conf @@ -3,8 +3,8 @@ ; Change the user and group of the default pool to the web server account [www] -user = @WEB_USER@ -group = @WEB_GROUP@ +user = nginx +group = nginx ; These parameters are typically a tradoff between performance and memory ; consumption. See the contents of www.conf for details. diff --git a/distros/redhat/nginx/zoneminder.service.in b/distros/redhat/nginx/zoneminder.service.in deleted file mode 100644 index 7e2e36585..000000000 --- a/distros/redhat/nginx/zoneminder.service.in +++ /dev/null @@ -1,22 +0,0 @@ -# ZoneMinder systemd unit file for Fedora -# Replace mariadb with community-mysql if using mysql service instead of mariadb - -[Unit] -Description=ZoneMinder CCTV recording and security system -After=network.target mariadb.service nginx.service php-fpm.service fcgiwrap.service -Requires=mariadb.service nginx.service php-fpm.service fcgiwrap.service - -[Service] -User=@WEB_USER@ -Group=@WEB_GROUP@ -Type=forking -ExecStart=@BINDIR@/zmpkg.pl start -ExecReload=@BINDIR@/zmpkg.pl restart -ExecStop=@BINDIR@/zmpkg.pl stop -PIDFile=@ZM_RUNDIR@/zm.pid -Environment=TZ=/etc/localtime -RuntimeDirectory=zoneminder -RuntimeDirectoryMode=0755 - -[Install] -WantedBy=multi-user.target diff --git a/distros/redhat/nginx/zoneminder.tmpfiles.in b/distros/redhat/nginx/zoneminder.tmpfiles.in deleted file mode 100644 index 07bae0900..000000000 --- a/distros/redhat/nginx/zoneminder.tmpfiles.in +++ /dev/null @@ -1,8 +0,0 @@ -D @ZM_TMPDIR@ 0755 @WEB_USER@ @WEB_GROUP@ -D @ZM_SOCKDIR@ 0755 @WEB_USER@ @WEB_GROUP@ -D @ZM_CACHEDIR@ 0755 @WEB_USER@ @WEB_GROUP@ -d @ZM_DIR_EVENTS@ 0755 @WEB_USER@ @WEB_GROUP@ -D @ZM_DIR_IMAGES@ 0755 @WEB_USER@ @WEB_GROUP@ -D /var/lib/php/session 770 root @WEB_GROUP@ -D /var/lib/php/wsdlcache 770 root @WEB_GROUP@ - diff --git a/distros/redhat/readme/README b/distros/redhat/readme/README new file mode 100644 index 000000000..065628321 --- /dev/null +++ b/distros/redhat/readme/README @@ -0,0 +1,37 @@ +What's New +========== + +1. See the ZoneMinder release notes for a list of new features: + https://github.com/ZoneMinder/zoneminder/releases + +2. The contents of the ZoneMinder Apache config file have changed. In + addition, this ZoneMinder package now requires you to manually symlink the + ZoneMinder Apache config file. See new install step 6 and upgrade step 3 + below for details. + +3. This package has been split into sub-packages to allow compatibility with + other web servers. Here is a breakdown of the available packages: + + zoneminder - Meta-package installs zoneminder-common and zoneminder-httpd + This exists soley for backwards compatibility. + zoneminder-common - Common files that do not differ based on the web server + zoneminder-httpd - Files needed for compatibility with the Apache web server + zoneminder-nginx - Files needed for compatibility with the Nginx web server + + You can switch between different subpackages with dnf/yum. Be advised that, + if you modified any of the default config files supplied by the package, + rpm may not update the config file to the proper version. This is by design. + To avoid this issue, use drop-in files instead. + +4. If you have installed ZoneMinder from the FedBerry repositories, this build + of ZoneMinder has support for Raspberry Pi hardware acceleration when using + ffmpeg. Unforunately, there is a problem with the same hardware acceleration + when using libvlc. Consequently, libvlc support in this build of ZoneMinder + has been disabled until the problem is resolved. See the following bug + report for details: https://trac.videolan.org/vlc/ticket/18594 + +5. Continue on to the next README that corresponds to the chosen webserver: + + README.httpd - Follow these steps when using Apache + README.nginx - Follow these steps when using Nginx + diff --git a/distros/redhat/readme/README.Fedora b/distros/redhat/readme/README.httpd similarity index 89% rename from distros/redhat/readme/README.Fedora rename to distros/redhat/readme/README.httpd index 9c5061e28..5301850df 100644 --- a/distros/redhat/readme/README.Fedora +++ b/distros/redhat/readme/README.httpd @@ -1,17 +1,8 @@ -What's New -========== - -1. See the ZoneMinder release notes for a list of new features: - https://github.com/ZoneMinder/zoneminder/releases - -2. The contents of the ZoneMinder Apache config file have changed. In - addition, this ZoneMinder package now requires you to manually symlink the - ZoneMinder Apache config file. See new install step 6 and upgrade step 3 - below for details. - New installs ============ +NOTE: EL7 users should replace "dnf" with "yum" in the instructions below. + 1. Unless you are already using MariaDB server, you need to ensure that the server is configured to start during boot and properly secured by running: @@ -77,14 +68,14 @@ New installs Inspect the web server configuration file and verify it meets your needs: - /etc/zm/www/zoneminder.conf + /etc/zm/www/zoneminder.httpd.conf If you are running other web enabled services then you may need to edit this file to suite. See README.https to learn about other alternatives. When in doubt, proceed with the default: - sudo ln -s /etc/zm/www/zoneminder.conf /etc/httpd/conf.d/ + sudo ln -sf /etc/zm/www/zoneminder.httpd.conf /etc/httpd/conf.d/ sudo dnf install mod_ssl 7. Now start the web server: @@ -146,15 +137,18 @@ Upgrades See step 2 of the Installation section to add missing permissions. 3. Verify the ZoneMinder Apache configuration file in the folder - /etc/zm/www. You will have a file called "zoneminder.conf" and there - may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file + /etc/zm/www. You will have a file called "zoneminder.httpd.conf" and there + may also be one or more files with "rpmnew" extenstion. If the rpmnew file exists, inspect it and merge anything new in that file with zoneminder.conf. - Verify the SSL REquirements meet your needs. Read README.https if necessary. + Verify the SSL Requirements meet your needs. Read README.https if necessary. The contents of this file must be merged into your Apache configuration. See step 6 of the installation section if you have not already done this during a previous upgrade. + IMPORTANT: Failure to complete this step properly will result in a mostly + empty or significantly corrupted web console post-upgrade. + 4. Upgrade the database before starting ZoneMinder. Most upgrades can be performed by executing the following command: diff --git a/distros/redhat/readme/README.https b/distros/redhat/readme/README.https index 4b02aaa0d..620588bf9 100644 --- a/distros/redhat/readme/README.https +++ b/distros/redhat/readme/README.https @@ -20,7 +20,8 @@ experience. to do this: https://wiki.centos.org/HowTos/Https . Additionally, Googling "centos certificate" reveals many articles on the subject. -3. You can turn off HTTPS entirely by simply commenting out the SSLRequireSSL - directives found in /etc/httpd/conf.d/zoneminder.conf. You should also - comment out the HTTP -> HTTPS Rewrite rule. +3. When using Apache, you can turn off HTTPS entirely by simply commenting + out the SSLRequireSSL directives found in + /etc/zm/www/zoneminder.apache.conf. You should also comment out the + HTTP -> HTTPS Rewrite rule. diff --git a/distros/redhat/readme/README.Redhat7 b/distros/redhat/readme/README.nginx similarity index 80% rename from distros/redhat/readme/README.Redhat7 rename to distros/redhat/readme/README.nginx index c78d02042..b55d26428 100644 --- a/distros/redhat/readme/README.Redhat7 +++ b/distros/redhat/readme/README.nginx @@ -1,28 +1,17 @@ -What's New -========== - -1. See the ZoneMinder release notes for a list of new features: - https://github.com/ZoneMinder/zoneminder/releases - -2. The contents of the ZoneMinder Apache config file have changed. In - addition, this ZoneMinder package now requires you to manually symlink the - ZoneMinder Apache config file. See new install step 6 and upgrade step 3 - below for details. - New installs ============ 1. Unless you are already using MariaDB server, you need to ensure that the server is configured to start during boot and properly secured by running: - sudo yum install mariadb-server + sudo dnf install mariadb-server sudo systemctl enable mariadb sudo systemctl start mariadb.service mysql_secure_installation -2. Using the password for the root account set during the previous step, you - will need to create the ZoneMinder database and configure a database - account for ZoneMinder to use: +2. Assuming the database is local and using the password for the root account + set during the previous step, you will need to create the ZoneMinder + database and configure a database account for ZoneMinder to use: mysql -uroot -p < /usr/share/zoneminder/db/zm_create.sql mysql -uroot -p -e "grant all on zm.* to \ @@ -42,8 +31,8 @@ New installs Once the file has been saved, set proper file & ownership permissions on it: - sudo chown root:apache *.conf - sudo chmod 640 *.conf + sudo chown root:nginx *.conf + sudo chmod 640 *.conf 4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local timezone. PHP will complain loudly if this is not set, or if it is set @@ -56,7 +45,7 @@ New installs 5. Disable SELinux We currently do not have the resources to create and maintain an accurate - SELinux policy for ZoneMinder on CentOS 7. We will gladly accept pull + SELinux policy for ZoneMinder on Fedora. We will gladly accept pull reqeusts from anyone who wishes to do the work. In the meantime, SELinux will need to be disabled or put into permissive mode. @@ -84,20 +73,24 @@ New installs When in doubt, proceed with the default: - sudo ln -s /etc/zm/www/zoneminder.conf /etc/httpd/conf.d/ - sudo yum install mod_ssl + sudo ln -sf /etc/zm/www/zoneminder.nginx.conf /etc/nginx/default.d/ -7. Now start the web server: +7. Edit /etc/sysconfig/fcgiwrap and set DAEMON_PROCS to the maximum number of + simulatneous streams the server should support. Generally, a good minimum + value for this equals the total number of cameras you expect to view at the + same time. - sudo systemctl enable httpd - sudo systemctl start httpd +8. Now start the web server: -8. Now start zoneminder: + sudo systemctl enable nginx + sudo systemctl start nginx + +9. Now start zoneminder: sudo systemctl enable zoneminder sudo systemctl start zoneminder -9. Optionally configure the firewall +10. Optionally configure the firewall All Redhat distros ship with the firewall enabled. That means you will not be able to access the ZoneMinder web console from a remote machine until @@ -117,7 +110,7 @@ New installs security requirements and how you use the system. It is up to you to verify these commands are sufficient. -10. Access the ZoneMinder web console +11. Access the ZoneMinder web console You may now access the ZoneMinder web console from your web browser using an appropriate url. Here are some examples: @@ -144,14 +137,14 @@ Upgrades mysql -uroot -p -e "show grants for zmuser@localhost;" See step 2 of the Installation section to add missing permissions. - -3. Verify the ZoneMinder Apache configuration file in the folder + +3. Verify the ZoneMinder Nginx configuration file in the folder /etc/zm/www. You will have a file called "zoneminder.conf" and there - may also be a file called "zoneminder.conf.rpmnew". If an rpmnew file + may also be a file called "zoneminder.conf.rpmnew". If the rpmnew file exists, inspect it and merge anything new in that file with zoneminder.conf. Verify the SSL REquirements meet your needs. Read README.https if necessary. - The contents of this file must be merged into your Apache configuration. + The contents of this file must be merged into your Nginx configuration. See step 6 of the installation section if you have not already done this during a previous upgrade. @@ -167,9 +160,9 @@ Upgrades sudo zmupdate.pl --user=root --pass= --version= -5. Now restart the web server then start zoneminder: +5. Now restart nginx and php-fpm then start zoneminder: - sudo systemctl restart httpd + sudo systemctl restart nginx + sudo systemctl restart php-fpm sudo systemctl start zoneminder - diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 27cc59ba9..3ff68b080 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -1,3 +1,4 @@ +# Leaving this to allow one to build zoneminder-http subpackage using arbitrary user account %global zmuid_final apache %global zmgid_final apache @@ -7,10 +8,6 @@ # CakePHP-Enum-Behavior is configured as a git submodule %global ceb_version 1.0-zm -%if "%{zmuid_final}" == "nginx" -%global with_nginx 1 -%endif - %global sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt %global sslkey %{_sysconfdir}/pki/tls/private/localhost.key @@ -22,11 +19,12 @@ %global with_apcu_bc 1 %endif +# The default for everything but el7 these days %global _hardened_build 1 Name: zoneminder Version: 1.32.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons # Mootools is inder the MIT license: http://mootools.net/ @@ -74,6 +72,7 @@ BuildRequires: vlc-devel BuildRequires: libcurl-devel BuildRequires: libv4l-devel BuildRequires: desktop-file-utils +BuildRequires: gzip # ZoneMinder looks for and records the location of the ffmpeg binary during build BuildRequires: ffmpeg @@ -83,10 +82,25 @@ BuildRequires: ffmpeg-devel BuildRequires: libmp4v2-devel BuildRequires: x264-devel -%{?with_nginx:Requires: nginx} -%{?with_nginx:Requires: php-fpm} -%{!?with_nginx:Requires: httpd} -%{!?with_nginx:Requires: php} +# Allow existing user base to seamlessly transition to sub-packages +Requires: %{name}-common%{?_isa} = %{version}-%{release} +Requires: %{name}-httpd%{?_isa} = %{version}-%{release} + +%description +ZoneMinder is a set of applications which is intended to provide a complete +solution allowing you to capture, analyze, record and monitor any cameras you +have attached to a Linux based machine. It is designed to run on kernels which +support the Video For Linux (V4L) interface and has been tested with cameras +attached to BTTV cards, various USB cameras and IP network cameras. It is +designed to support as many cameras as you can attach to your computer without +too much degradation of performance. + +This is a meta package for backwards compatibility with the existing +ZoneMinder user base. + +%package common +Summary: Common files for ZoneMinder, not tied to a specific web server + Requires: php-mysqli Requires: php-common Requires: php-gd @@ -111,16 +125,12 @@ Requires: perl(Net::FTP) Requires: perl(LWP::Protocol::https) Requires: ca-certificates Requires: zip - -Requires(post): systemd -Requires(post): systemd-sysv -Requires(preun): systemd -Requires(postun): systemd +%{systemd_requires} Requires(post): %{_bindir}/gpasswd -Requires(post): %{_bindir}/less +Requires(post): %{_bindir}/chown -%description +%description common ZoneMinder is a set of applications which is intended to provide a complete solution allowing you to capture, analyze, record and monitor any cameras you have attached to a Linux based machine. It is designed to run on kernels which @@ -129,15 +139,57 @@ attached to BTTV cards, various USB cameras and IP network cameras. It is designed to support as many cameras as you can attach to your computer without too much degradation of performance. +This is a meta-package that exists solely to allow the existing user base to +seamlessly transition to sub-packages. + +%package httpd +Summary: ZoneMinder configuration for Apache web server +Requires: %{name}-common%{?_isa} = %{version}-%{release} +Requires: httpd +Requires: php + +Conflicts: %{name}-nginx + +%description httpd +ZoneMinder is a set of applications which is intended to provide a complete +solution allowing you to capture, analyze, record and monitor any cameras you +have attached to a Linux based machine. It is designed to run on kernels which +support the Video For Linux (V4L) interface and has been tested with cameras +attached to BTTV cards, various USB cameras and IP network cameras. It is +designed to support as many cameras as you can attach to your computer without +too much degradation of performance. + +This sub-package contains configuration specific to Apache web server + +%package nginx +Summary: ZoneMinder configuration for Nginx web server +Requires: %{name}-common%{?_isa} = %{version}-%{release} +Requires: nginx +Requires: php-fpm +Requires: fcgiwrap + +Conflicts: %{name}-httpd + +%description nginx +ZoneMinder is a set of applications which is intended to provide a complete +solution allowing you to capture, analyze, record and monitor any cameras you +have attached to a Linux based machine. It is designed to run on kernels which +support the Video For Linux (V4L) interface and has been tested with cameras +attached to BTTV cards, various USB cameras and IP network cameras. It is +designed to support as many cameras as you can attach to your computer without +too much degradation of performance. + +This sub-package contains support for ZoneMinder with the Nginx web server + %prep %autosetup -p 1 -a 1 -%{__rm} -rf ./web/api/app/Plugin/Crud -%{__mv} -f crud-%{crud_version} ./web/api/app/Plugin/Crud +rm -rf ./web/api/app/Plugin/Crud +mv -f crud-%{crud_version} ./web/api/app/Plugin/Crud # The all powerful autosetup macro does not work after the second source tarball -%{__gzip} -dc %{_sourcedir}/cakephp-enum-behavior-%{ceb_version}.tar.gz | tar -xvvf - -%{__rm} -rf ./web/api/app/Plugin/CakePHP-Enum-Behavior -%{__mv} -f CakePHP-Enum-Behavior-%{ceb_version} ./web/api/app/Plugin/CakePHP-Enum-Behavior +gzip -dc %{_sourcedir}/cakephp-enum-behavior-%{ceb_version}.tar.gz | tar -xvvf - +rm -rf ./web/api/app/Plugin/CakePHP-Enum-Behavior +mv -f CakePHP-Enum-Behavior-%{ceb_version} ./web/api/app/Plugin/CakePHP-Enum-Behavior # Change the following default values ./utils/zmeditconfigdata.sh ZM_OPT_CAMBOZOLA yes @@ -150,7 +202,7 @@ too much degradation of performance. %build %cmake \ -DZM_WEB_USER="%{zmuid_final}" \ - -DZM_WEB_GROUP="%{zmuid_final}" \ + -DZM_WEB_GROUP="%{zmgid_final}" \ -DZM_TARGET_DISTRO="%{zmtargetdistro}" \ . @@ -172,10 +224,13 @@ find %{buildroot} \( -name .htaccess -or -name .editorconfig -or -name .packlist find %{buildroot}%{_datadir}/zoneminder/www/api \( -name cake -or -name cake.php \) -type f -exec sed -i 's\^#!/usr/bin/env bash$\#!%{_buildshell}\' {} \; -exec %{__chmod} 755 {} \; # Use the system cacert file rather then the one bundled with CakePHP -%{__rm} -f %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem -%{__ln_s} ../../../../../../../..%{_sysconfdir}/pki/tls/certs/ca-bundle.crt %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem +rm -f %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem +ln -s ../../../../../../../..%{_sysconfdir}/pki/tls/certs/ca-bundle.crt %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem -%post +# Handle the polkit file differently for web server agnostic support (see post) +rm -f %{buildroot}%{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules + +%post common # Initial installation if [ $1 -eq 1 ] ; then %systemd_post %{name}.service @@ -183,28 +238,50 @@ fi # Upgrade from a previous version of zoneminder if [ $1 -eq 2 ] ; then - # Add any new PTZ control configurations to the database (will not overwrite) %{_bindir}/zmcamtool.pl --import >/dev/null 2>&1 || : # Freshen the database %{_bindir}/zmupdate.pl -f >/dev/null 2>&1 || : - - # We can't run this automatically when new sql account permissions need to - # be manually added first - # Run zmupdate non-interactively - # zmupdate.pl --nointeractive fi +# Warn the end user to read the README file +echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, you must read the README file\nto finish the installation or upgrade!" +echo -e "\nThe README file is located here: %{_pkgdocdir}-common/README\n" + +%post httpd +# For the case of changing from nginx <-> httpd, files in these folders must change ownership if they exist +%{_bindir}/chown -R %{zmuid_final}:%{zmgid_final} %{_sharedstatedir}/php/session/* >/dev/null 2>&1 || : +%{_bindir}/chown -R %{zmuid_final}:%{zmgid_final} %{_localstatedir}/log/zoneminder/* >/dev/null 2>&1 || : +%{_bindir}/chown -R %{zmuid_final}:%{zmgid_final} %{_sharedstatedir}/zoneminder/events/* >/dev/null 2>&1 || : + +ln -sf %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.httpd %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules +# backwards compatibility +ln -sf %{_sysconfdir}/zm/www/zoneminder.httpd.conf %{_sysconfdir}/zm/www/zoneminder.conf + # Allow zoneminder access to local video sources, serial ports, and x10 %{_bindir}/gpasswd -a %{zmuid_final} video >/dev/null 2>&1 || : %{_bindir}/gpasswd -a %{zmuid_final} dialout >/dev/null 2>&1 || : -# Warn the end user to read the README file -echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, you must read the README file\nto finish the installation or upgrade!" -echo -e "\nThe README file is located here: %{_pkgdocdir}/README\n" +%post nginx + +# Php package owns the session folder and sets group ownership to apache account +# We could override the folder permission, but adding nginx to the apache group works better +%{_bindir}/gpasswd -a nginx apache >/dev/null 2>&1 || : + +# For the case of changing from httpd <-> nginx, files in these folders must change ownership if they exist +%{_bindir}/chown -R nginx:nginx %{_sharedstatedir}/php/session/* >/dev/null 2>&1 || : +%{_bindir}/chown -R nginx:nginx %{_localstatedir}/log/zoneminder/* >/dev/null 2>&1 || : +%{_bindir}/chown -R nginx:nginx %{_sharedstatedir}/zoneminder/events/* >/dev/null 2>&1 || : + +ln -sf %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.nginx %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules +# backwards compatibility +ln -sf %{_sysconfdir}/zm/www/zoneminder.nginx.conf %{_sysconfdir}/zm/www/zoneminder.conf + +# Allow zoneminder access to local video sources, serial ports, and x10 +%{_bindir}/gpasswd -a nginx video >/dev/null 2>&1 || : +%{_bindir}/gpasswd -a nginx dialout >/dev/null 2>&1 || : -%if 0%{?with_nginx} # Nginx does not create an SSL certificate like the apache package does so lets do that here if [ -f %{sslkey} -o -f %{sslcert} ]; then exit 0 @@ -230,7 +307,6 @@ SomeOrganizationalUnit ${FQDN} root@${FQDN} EOF -%endif %preun %systemd_preun %{name}.service @@ -238,19 +314,12 @@ EOF %postun %systemd_postun_with_restart %{name}.service -%triggerun -- zoneminder < 1.25.0-4 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply zoneminder -# to migrate them to systemd targets -%{_bindir}/systemd-sysv-convert --save zoneminder >/dev/null 2>&1 ||: - -# Run these because the SysV package being removed won't do them -/sbin/chkconfig --del zoneminder >/dev/null 2>&1 || : -/bin/systemctl try-restart zoneminder.service >/dev/null 2>&1 || : - %files +# nothing + +%files common %license COPYING -%doc AUTHORS README.md distros/redhat/readme/README distros/redhat/readme/README.https +%doc AUTHORS README.md distros/redhat/readme/README distros/redhat/readme/README.httpd distros/redhat/readme/README.nginx distros/redhat/readme/README.https # We want these two folders to have "normal" read permission # compared to the folder contents @@ -260,18 +329,11 @@ EOF # Config folder contents contain sensitive info # and should not be readable by normal users %{_sysconfdir}/zm/conf.d/README -%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf -%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/*.conf -%ghost %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/zmcustom.conf -%config(noreplace) %attr(644,root,root) %{_sysconfdir}/zm/www/zoneminder.conf -%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.php-fpm.conf %config(noreplace) %{_sysconfdir}/logrotate.d/zoneminder -%{_tmpfilesdir}/zoneminder.conf %{_unitdir}/zoneminder.service %{_datadir}/polkit-1/actions/com.zoneminder.systemctl.policy -%{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules %{_bindir}/zmsystemctl.pl %{_bindir}/zma @@ -304,6 +366,17 @@ EOF %{_datadir}/zoneminder/ %{_datadir}/applications/*zoneminder.desktop +%files httpd +%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf +%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/0*.conf +%ghost %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/zmcustom.conf +%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.httpd.conf +%ghost %{_sysconfdir}/zm/www/zoneminder.conf +%config(noreplace) %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.httpd +%ghost %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules + +%{_unitdir}/zoneminder.service.d/zm-httpd.conf +%{_tmpfilesdir}/zoneminder.httpd.tmpfiles.conf %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/events %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/images @@ -313,9 +386,35 @@ EOF %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/cache/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/log/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload -%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/run/zoneminder + +%files nginx +%config(noreplace) %attr(640,root,nginx) %{_sysconfdir}/zm/zm.conf +%config(noreplace) %attr(640,root,nginx) %{_sysconfdir}/zm/conf.d/*.conf +%ghost %attr(640,root,nginx) %{_sysconfdir}/zm/conf.d/zmcustom.conf +%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.nginx.conf +%ghost %{_sysconfdir}/zm/www/zoneminder.conf +%config(noreplace) %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.nginx +%ghost %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules + +%config(noreplace) %{_sysconfdir}/php-fpm.d/zoneminder.php-fpm.conf + + +%{_unitdir}/zoneminder.service.d/zm-nginx.conf +%{_tmpfilesdir}/zoneminder.nginx.tmpfiles.conf +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/events +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/images +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/sock +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/swap +%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/temp +%dir %attr(755,nginx,nginx) %{_localstatedir}/cache/zoneminder +%dir %attr(755,nginx,nginx) %{_localstatedir}/log/zoneminder +%dir %attr(755,nginx,nginx) %{_localstatedir}/spool/zoneminder-upload %changelog +* Wed Nov 14 2018 Andrew Bauer - 1.32.2-2 +- Break into sub-packages + * Sat Oct 13 2018 Andrew Bauer - 1.32.2-1 - 1.32.2 release - Bug fix release diff --git a/web/includes/Event.php b/web/includes/Event.php index fb7af931e..2046f5ddf 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -198,26 +198,28 @@ class Event { public function getStreamSrc( $args=array(), $querySep='&' ) { - $streamSrc = ZM_BASE_PROTOCOL.'://'; + $streamSrc = ''; + $Server = null; if ( $this->Storage()->ServerId() ) { + # The Event may have been moved to Storage on another server, + # So prefer viewing the Event from the Server that is actually + # storing the video $Server = $this->Storage()->Server(); - $streamSrc .= $Server->Hostname(); - if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= ':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); - } } else if ( $this->Monitor()->ServerId() ) { # Assume that the server that recorded it has it $Server = $this->Monitor()->Server(); - $streamSrc .= $Server->Hostname(); - if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= ':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); - } - } else if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= $_SERVER['SERVER_NAME'].':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); } else { - $streamSrc .= $_SERVER['HTTP_HOST']; + # A default Server will result in the use of ZM_DIR_EVENTS + $Server = new Server(); } + # If we are in a multi-port setup, then use the multiport, else by + # passing null Server->Url will use the Port set in the Server setting + $streamSrc .= $Server->Url( + ZM_MIN_STREAMING_PORT ? + ZM_MIN_STREAMING_PORT+$this->{'MonitorId'} : + null); + if ( $this->{'DefaultVideo'} and $args['mode'] != 'jpeg' ) { $streamSrc .= ( ZM_BASE_PATH != '/' ? ZM_BASE_PATH : '' ).'/index.php'; $args['eid'] = $this->{'Id'}; @@ -238,10 +240,10 @@ class Event { if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $args['auth'] = generateAuthHash(ZM_AUTH_HASH_IPS); - } elseif ( ZM_AUTH_RELAY == 'plain' ) { + } else if ( ZM_AUTH_RELAY == 'plain' ) { $args['user'] = $_SESSION['username']; $args['pass'] = $_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { + } else if ( ZM_AUTH_RELAY == 'none' ) { $args['user'] = $_SESSION['username']; } } @@ -328,25 +330,20 @@ class Event { # The thumbnail is theoretically the image with the most motion. # We always store at least 1 image when capturing - $streamSrc = ZM_BASE_PROTOCOL.'://'; + $streamSrc = ''; + $Server = null; if ( $this->Storage()->ServerId() ) { $Server = $this->Storage()->Server(); - $streamSrc .= $Server->Hostname(); - if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= ':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); - } } else if ( $this->Monitor()->ServerId() ) { + # Assume that the server that recorded it has it $Server = $this->Monitor()->Server(); - $streamSrc .= $Server->Hostname(); - if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= ':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); - } - - } else if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= $_SERVER['SERVER_NAME'].':'.(ZM_MIN_STREAMING_PORT+$this->{'MonitorId'}); } else { - $streamSrc .= $_SERVER['HTTP_HOST']; - } + $Server = new Server(); + } + $streamSrc .= $Server->Url( + ZM_MIN_STREAMING_PORT ? + ZM_MIN_STREAMING_PORT+$this->{'MonitorId'} : + null); $streamSrc .= ( ZM_BASE_PATH != '/' ? ZM_BASE_PATH : '' ).'/index.php'; $args['eid'] = $this->{'Id'}; @@ -358,10 +355,10 @@ class Event { if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $args['auth'] = generateAuthHash(ZM_AUTH_HASH_IPS); - } elseif ( ZM_AUTH_RELAY == 'plain' ) { + } else if ( ZM_AUTH_RELAY == 'plain' ) { $args['user'] = $_SESSION['username']; $args['pass'] = $_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { + } else if ( ZM_AUTH_RELAY == 'none' ) { $args['user'] = $_SESSION['username']; } } diff --git a/web/includes/Monitor.php b/web/includes/Monitor.php index 977c14993..5f2730a49 100644 --- a/web/includes/Monitor.php +++ b/web/includes/Monitor.php @@ -280,20 +280,13 @@ private $control_fields = array( } } - public function getStreamSrc( $args, $querySep='&' ) { + public function getStreamSrc($args, $querySep='&') { + + $streamSrc = $this->Server()->Url( + ZM_MIN_STREAMING_PORT ? + ZM_MIN_STREAMING_PORT+$this->{'Id'} : + null); - $streamSrc = ZM_BASE_PROTOCOL.'://'; - if ( isset($this->{'ServerId'}) and $this->{'ServerId'} ) { - $Server = new Server( $this->{'ServerId'} ); - $streamSrc .= $Server->Hostname(); - if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= ':'.(ZM_MIN_STREAMING_PORT+$this->{'Id'}); - } - } else if ( ZM_MIN_STREAMING_PORT ) { - $streamSrc .= $_SERVER['SERVER_NAME'].':'.(ZM_MIN_STREAMING_PORT+$this->{'Id'}); - } else { - $streamSrc .= $_SERVER['HTTP_HOST']; - } $streamSrc .= ZM_PATH_ZMS; $args['monitor'] = $this->{'Id'}; @@ -315,9 +308,9 @@ private $control_fields = array( $args['rand'] = time(); } - $streamSrc .= '?'.http_build_query( $args,'', $querySep ); + $streamSrc .= '?'.http_build_query($args,'', $querySep); - return( $streamSrc ); + return $streamSrc; } // end function getStreamSrc public function Width($new = null) { @@ -618,13 +611,15 @@ private $control_fields = array( $source = preg_replace( '/^.*\//', '', $this->{'Path'} ); } elseif ( $this->{'Type'} == 'Ffmpeg' || $this->{'Type'} == 'Libvlc' || $this->{'Type'} == 'WebSite' ) { $url_parts = parse_url( $this->{'Path'} ); - if ( ZM_WEB_FILTER_SOURCE == 'Hostname' ) { # Filter out everything but the hostname + if ( ZM_WEB_FILTER_SOURCE == 'Hostname' ) { + # Filter out everything but the hostname if ( isset($url_parts['host']) ) { $source = $url_parts['host']; } else { $source = $this->{'Path'}; } - } elseif ( ZM_WEB_FILTER_SOURCE == "NoCredentials" ) { # Filter out sensitive and common items + } elseif ( ZM_WEB_FILTER_SOURCE == "NoCredentials" ) { + # Filter out sensitive and common items unset($url_parts['user']); unset($url_parts['pass']); #unset($url_parts['scheme']); diff --git a/web/includes/Server.php b/web/includes/Server.php index 09d415e63..e39c92a3e 100644 --- a/web/includes/Server.php +++ b/web/includes/Server.php @@ -5,23 +5,25 @@ $server_cache = array(); class Server { private $defaults = array( - 'Id' => null, - 'Name' => '', - 'Hostname' => '', - 'zmaudit' => 1, - 'zmstats' => 1, - 'zmtrigger' => 0, + 'Id' => null, + 'Name' => '', + 'Protocol' => '', + 'Hostname' => '', + 'Port' => null, + 'PathPrefix' => '/zm', + 'zmaudit' => 1, + 'zmstats' => 1, + 'zmtrigger' => 0, ); - - public function __construct( $IdOrRow = NULL ) { - global $server_cache; + public function __construct($IdOrRow = NULL) { + global $server_cache; $row = NULL; if ( $IdOrRow ) { if ( is_integer($IdOrRow) or ctype_digit($IdOrRow) ) { $row = dbFetchOne('SELECT * FROM Servers WHERE Id=?', NULL, array($IdOrRow)); if ( !$row ) { - Error("Unable to load Server record for Id=" . $IdOrRow); + Error('Unable to load Server record for Id='.$IdOrRow); } } elseif ( is_array($IdOrRow) ) { $row = $IdOrRow; @@ -33,13 +35,45 @@ class Server { } $server_cache[$row['Id']] = $this; } else { - $this->{'Name'} = ''; - $this->{'Hostname'} = ''; + # Set defaults + foreach ( $this->defaults as $k => $v ) $this->{$k} = $v; } } + public function Hostname( $new = null ) { + if ( $new != null ) + $this->{'Hostname'} = $new; + + if ( isset( $this->{'Hostname'}) and ( $this->{'Hostname'} != '' ) ) { + return $this->{'Hostname'}; + } else if ( $this->Id() ) { + return $this->{'Name'}; + } + return $_SERVER['SERVER_NAME']; + } + + public function Protocol( $new = null ) { + if ( $new != null ) + $this->{'Protocol'} = $new; + + if ( isset($this->{'Protocol'}) and ( $this->{'Protocol'} != '' ) ) { + return $this->{'Protocol'}; + } + return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? 'https' : 'http'; + } + + public function Port( $new = '' ) { + if ( $new != '' ) + $this->{'Port'} = $new; + + if ( isset($this->{'Port'}) and $this->{'Port'} ) { + return $this->{'Port'}; + } + return $_SERVER['SERVER_PORT']; + } + public function Url( $port = null ) { - $url = ZM_BASE_PROTOCOL . '://'; + $url = $this->Protocol().'://'; if ( $this->Id() ) { $url .= $this->Hostname(); } else { @@ -48,17 +82,23 @@ class Server { if ( $port ) { $url .= ':'.$port; } else { - $url .= ':'.$_SERVER['SERVER_PORT']; + $url .= ':'.$this->Port(); } - $url .= $_SERVER['PHP_SELF']; + $url .= $this->PathPrefix(); return $url; } - public function Hostname() { - if ( isset( $this->{'Hostname'} ) and ( $this->{'Hostname'} != '' ) ) { - return $this->{'Hostname'}; - } - return $this->{'Name'}; - } + + public function PathPrefix( $new = null ) { + if ( $new != null ) + $this->{'PathPrefix'} = $new; + + if ( isset($this->{'PathPrefix'}) and $this->{'PathPrefix'} ) { + return $this->{'PathPrefix'}; + } + return ''; + //return $_SERVER['PHP_SELF']; + } + public function __call($fn, array $args){ if ( count($args) ) { $this->{$fn} = $args[0]; @@ -66,13 +106,13 @@ class Server { if ( array_key_exists($fn, $this) ) { return $this->{$fn}; } else { - if ( array_key_exists( $fn, $this->defaults ) ) { + if ( array_key_exists($fn, $this->defaults) ) { return $this->defaults{$fn}; } else { $backTrace = debug_backtrace(); $file = $backTrace[1]['file']; $line = $backTrace[1]['line']; - Warning( "Unknown function call Server->$fn from $file:$line" ); + Warning("Unknown function call Server->$fn from $file:$line"); } } } @@ -117,7 +157,7 @@ class Server { } $results = dbFetchAll( $sql, NULL, $values ); if ( $results ) { - return array_map( function($id){ return new Server($id); }, $results ); + return array_map(function($id){ return new Server($id); }, $results); } return array(); } @@ -137,5 +177,5 @@ class Server { return $results[0]; } -} +} # end class Server ?> diff --git a/web/js/Server.js b/web/js/Server.js new file mode 100644 index 000000000..6e3254f65 --- /dev/null +++ b/web/js/Server.js @@ -0,0 +1,12 @@ +class Server { + constructor(json) { + for( var k in json ) { + this[k] = json[k]; + } + } + url(port=0){ + return location.protocol+'//'+this.Hostname+ + (port ? ':'+port : '') + + ( ( this.PathPrefix && this.PathPrefix != 'null') ? this.PathPrefix : ''); + } +}; diff --git a/web/lang/en_gb.php b/web/lang/en_gb.php index 7b2addeb4..83f5e1f73 100644 --- a/web/lang/en_gb.php +++ b/web/lang/en_gb.php @@ -586,6 +586,7 @@ $SLANG = array( 'Parameter' => 'Parameter', 'Password' => 'Password', 'PasswordsDifferent' => 'The new and confirm passwords are different', + 'PathPrefix' => 'Path Prefix', 'Paths' => 'Paths', 'Pause' => 'Pause', 'PhoneBW' => 'Phone B/W', diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index b21157607..50dd19f7c 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -119,6 +119,7 @@ echo output_link_if_exists( array( + - - ; var currentView = ''; var thisUrl = ""; var skinPath = ""; +var serverId = ''; var canEditSystem = ; var canViewSystem = ; diff --git a/web/skins/classic/views/js/montagereview.js b/web/skins/classic/views/js/montagereview.js index eacb9c0d4..aad114325 100644 --- a/web/skins/classic/views/js/montagereview.js +++ b/web/skins/classic/views/js/montagereview.js @@ -117,24 +117,21 @@ function getImageSource( monId, time ) { Event = events[Frame.EventId]; var storage = Storage[Event.StorageId]; - if ( storage.ServerId ) { - var server = Servers[storage.ServerId]; - if ( server ) { - //console.log( server.Hostname + " for event " + eId[i] ); - return location.protocol + '//' + server.Hostname + - //'/cgi-bin/zms?mode=jpeg&replay=single&event=' + event_id + - //'&frame='+Frame.FrameId + - '/zm/index.php?view=image&eid=' + Frame.EventId + '&fid='+Frame.FrameId + - "&width=" + monitorCanvasObj[monId].width + - "&height=" + monitorCanvasObj[monId].height; - } else { - console.log("No server found for " + storage.ServerId ); - } + var server = storage.ServerId ? Servers[storage.ServerId] : Servers[serverId]; + if ( server ) { + return server.url() + + //location.protocol + '//' + server.Hostname + + //'/cgi-bin/zms?mode=jpeg&replay=single&event=' + event_id + + //'&frame='+Frame.FrameId + + '/index.php?view=image&eid=' + Frame.EventId + '&fid='+Frame.FrameId + + "&width=" + monitorCanvasObj[monId].width + + "&height=" + monitorCanvasObj[monId].height; } + console.log("No server found for " + ( storage.ServerId ? storage.ServerId : serverId )); //console.log("No storage found for " + eStorageId[i] ); return '/zm/index.php?view=image&eid=' + Frame.EventId + '&fid='+frame_id + "&width=" + monitorCanvasObj[monId].width + "&height=" + monitorCanvasObj[monId].height; //return "/cgi-bin/zms?mode=single&replay=single&event=" + Frame.EventId + '&time='+time+ "&width=" + monitorCanvasObj[monId].width + "&height=" + monitorCanvasObj[monId].height; - return "/cgi-bin/zms?mode=jpeg&replay=single&event=" + Frame.EventId + '&frame='+frame_id + "&width=" + monitorCanvasObj[monId].width + "&height=" + monitorCanvasObj[monId].height; + //return "/cgi-bin/zms?mode=jpeg&replay=single&event=" + Frame.EventId + '&frame='+frame_id + "&width=" + monitorCanvasObj[monId].width + "&height=" + monitorCanvasObj[monId].height; } // end found Frame return ''; //return "no data"; @@ -168,7 +165,7 @@ function imagedone( obj, monId, success ) { } } else { if ( monitorLoadingStageURL[monId] == "" ) { - console.log("Not showing image for " + monId ); + //console.log("Not showing image for " + monId ); // This means that there wasn't a loading image placeholder. // So we weren't actually loading an image... which seems weird. return; @@ -246,7 +243,7 @@ console.log("Current time " + currentTimeSecs + " + " + playSecsperInterval + " setSpeed(0); outputUpdate(currentTimeSecs); } else { -console.log("Current time " + currentTimeSecs + " + " + playSecsperInterval ); +//console.log("Current time " + currentTimeSecs + " + " + playSecsperInterval ); outputUpdate(playSecsperInterval + currentTimeSecs); } return; @@ -368,7 +365,7 @@ function drawGraph() { underSlider=undefined; return; } - var rowHeight=parseInt(cHeight / (numMonitors + 1) ); // Leave room for a scale of some sort + var rowHeight = parseInt(cHeight / (numMonitors + 1) ); // Leave room for a scale of some sort // first fill in the bars for the events (not alarms) @@ -473,7 +470,7 @@ function outputUpdate(time) { drawSliderOnGraph(time); for ( var i=0; i < numMonitors; i++ ) { var src = getImageSource(monitorPtr[i],time); - console.log("New image src: " + src); + //console.log("New image src: " + src); loadImage2Monitor(monitorPtr[i],src); } currentTimeSecs = time; diff --git a/web/skins/classic/views/js/montagereview.js.php b/web/skins/classic/views/js/montagereview.js.php index 1acb3ada0..2afab05d3 100644 --- a/web/skins/classic/views/js/montagereview.js.php +++ b/web/skins/classic/views/js/montagereview.js.php @@ -118,13 +118,13 @@ echo " };\n"; echo "var maxScore=$maxScore;\n"; // used to skip frame load if we find no alarms. } // end if initialmodeislive -echo "var Storage = [];\n"; +echo "\nvar Storage = [];\n"; foreach ( Storage::find() as $Storage ) { -echo 'Storage[' . $Storage->Id() . '] = ' . json_encode($Storage). ";\n"; + echo 'Storage[' . $Storage->Id() . '] = ' . json_encode($Storage). ";\n"; } echo "\nvar Servers = [];\n"; foreach ( Server::find() as $Server ) { -echo 'Servers[' . $Server->Id() . '] = ' . json_encode($Server). ";\n"; + echo 'Servers[' . $Server->Id() . '] = new Server(' . json_encode($Server). ");\n"; } echo ' var monitorName = []; diff --git a/web/skins/classic/views/js/watch.js.php b/web/skins/classic/views/js/watch.js.php index 51c1801e8..d9826c66f 100644 --- a/web/skins/classic/views/js/watch.js.php +++ b/web/skins/classic/views/js/watch.js.php @@ -48,7 +48,7 @@ var maxDisplayEvents = ; var monitorId = Id() ?>; var monitorWidth = Width() ?>; var monitorHeight = Height() ?>; -var monitorUrl = 'Url(); ?>'; +var monitorUrl = 'Url(); ?>/index.php'; var monitorType = 'Type() ) ?>'; var monitorRefresh = 'Refresh() ) ?>'; diff --git a/web/skins/classic/views/options.php b/web/skins/classic/views/options.php index 00e59c85b..7d595ee06 100644 --- a/web/skins/classic/views/options.php +++ b/web/skins/classic/views/options.php @@ -208,7 +208,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI - + @@ -222,27 +222,31 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI - - - - - - - - - - + Id(), 'zmServer', 'server', validHtmlStr($Server->Name()), $canEdit) ?> + Id(), 'zmServer', 'server', validHtmlStr($Server->Url()), $canEdit) ?> + + Id(), 'zmServer', 'server', validHtmlStr($Server->Status()), $canEdit) ?> + + Id(), 'zmServer', 'server', validHtmlStr($monitor_counts[$Server->Id()]), $canEdit) ?> + + + Id(), 'zmServer', 'server',$Server->CpuLoad(), $canEdit) ?> + + + Id(), 'zmServer', 'server', human_filesize($Server->FreeMem()) . ' / ' . human_filesize($Server->TotalMem()), $canEdit) ?> + + + Id(), 'zmServer', 'server', human_filesize($Server->FreeSwap()) . ' / ' . human_filesize($Server->TotalSwap()) , $canEdit) ?> + + Id(), 'zmServer', 'server', $Server->zmstats() ? 'yes' : 'no', $canEdit) ?> + Id(), 'zmServer', 'server', $Server->zmaudit() ? 'yes' : 'no', $canEdit) ?> + Id(), 'zmServer', 'server', $Server->zmtrigger() ? 'yes' : 'no', $canEdit) ?> - disabled="disabled"/> + disabled="disabled"/> diff --git a/web/skins/classic/views/server.php b/web/skins/classic/views/server.php index 1203d9b6d..2a4ebe785 100644 --- a/web/skins/classic/views/server.php +++ b/web/skins/classic/views/server.php @@ -31,7 +31,9 @@ if ( $_REQUEST['id'] ) { } else { $newServer = array(); $newServer['Name'] = translate('NewServer'); + $newServer['Protocol'] = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? 'https' : 'http'; $newServer['Hostname'] = ''; + $newServer['PathPrefix'] = '/zm'; $newServer['zmstats'] = ''; $newServer['zmaudit'] = ''; $newServer['zmtrigger'] = ''; @@ -57,10 +59,22 @@ xhtmlHeaders(__FILE__, translate('Server').' - '.$newServer['Name']); + + + + + + + + + + + +