initial support for subpackages

This commit is contained in:
Andrew Bauer 2018-11-17 10:45:08 -06:00
parent b4f77077e9
commit ac0e8c9b0b
19 changed files with 261 additions and 244 deletions

View File

@ -1,5 +1,10 @@
# CMakeLists.txt for the Redhat Target Distros. # CMakeLists.txt for the Redhat Target Distros.
#
# General strategy is to configure and install all files specific to Apache and Nginx
# Then let the rpm specfile sort them into the appropriate sub-package
#
# Display a message to show the RHEL build options are being processed. # Display a message to show the RHEL build options are being processed.
if(ZM_TARGET_DISTRO MATCHES "^el") if(ZM_TARGET_DISTRO MATCHES "^el")
message([STATUS] "Starting RHEL Build Options" ...) message([STATUS] "Starting RHEL Build Options" ...)
@ -9,33 +14,38 @@ else(ZM_TARGET_DISTRO MATCHES "^el")
message([WARNING] "Unknown Build Option Detected" ...) message([WARNING] "Unknown Build Option Detected" ...)
endif(ZM_TARGET_DISTRO MATCHES "^el") endif(ZM_TARGET_DISTRO MATCHES "^el")
if((NOT ZM_TARGET_DISTRO MATCHES "^fc") AND (ZM_WEB_USER STREQUAL "nginx")) #
message([FATAL_ERROR] "Experimental Nginx support is currently only supported on Fedora" ...) # CONFIGURE STAGE
endif((NOT ZM_TARGET_DISTRO MATCHES "^fc") AND (ZM_WEB_USER STREQUAL "nginx")) #
# Configure the zoneminder service files # Configure the common zoneminder files
configure_file(systemd/zoneminder.logrotate.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.logrotate @ONLY) configure_file(common/zoneminder.logrotate.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.logrotate @ONLY)
configure_file(nginx/zoneminder.php-fpm.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.php-fpm.conf @ONLY) configure_file(common/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY)
configure_file(nginx/zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.conf @ONLY)
if(ZM_WEB_USER STREQUAL "nginx")
configure_file(nginx/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY)
configure_file(nginx/zoneminder.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.tmpfiles @ONLY)
configure_file(nginx/README.Fedora ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY)
else(ZM_WEB_USER STREQUAL "nginx")
configure_file(systemd/zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY)
configure_file(apache/zoneminder.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.conf @ONLY)
configure_file(systemd/zoneminder.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.tmpfiles @ONLY)
if( ZM_TARGET_DISTRO MATCHES "^fc")
configure_file(readme/README.Fedora ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY)
else( ZM_TARGET_DISTRO MATCHES "^fc")
configure_file(readme/README.Redhat7 ${CMAKE_CURRENT_SOURCE_DIR}/readme/README COPYONLY)
endif( ZM_TARGET_DISTRO MATCHES "^fc")
endif(ZM_WEB_USER STREQUAL "nginx")
# Create several empty folders
file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp) file(MAKE_DIRECTORY sock swap zoneminder zoneminder-upload events images temp)
# Install the empty folders # Configure the Apache zoneminder files
configure_file(apache/zm-apache.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zm-apache.conf @ONLY)
configure_file(apache/zoneminder.apache.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.apache.conf @ONLY)
configure_file(apache/zoneminder.apache.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.apache.tmpfiles.conf @ONLY)
configure_file(apache/com.zoneminder.systemctl.rules.apache.in ${CMAKE_CURRENT_SOURCE_DIR}/com.zoneminder.systemctl.rules.apache @ONLY)
# Configure the Nginx zoneminder files
configure_file(nginx/zm-nginx.conf ${CMAKE_CURRENT_SOURCE_DIR}/zm-nginx.conf COPYONLY)
configure_file(nginx/zoneminder.nginx.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.conf @ONLY)
configure_file(nginx/zoneminder.nginx.tmpfiles.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.nginx.tmpfiles.conf @ONLY)
configure_file(nginx/zm-web-user.conf ${CMAKE_CURRENT_SOURCE_DIR}/zm-web-user.conf COPYONLY)
configure_file(nginx/zoneminder.php-fpm.conf.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.php-fpm.conf @ONLY)
configure_file(nginx/com.zoneminder.systemctl.rules.nginx.in ${CMAKE_CURRENT_SOURCE_DIR}/com.zoneminder.systemctl.rules.nginx COPYONLY)
#
# INSTALLATION STAGE
#
# Install the common zoneminder files
install(FILES zoneminder.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.service DESTINATION /usr/lib/systemd/system PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(DIRECTORY sock swap DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY sock swap DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install(DIRECTORY zoneminder DESTINATION /var/log DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY zoneminder DESTINATION /var/log DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install(DIRECTORY zoneminder DESTINATION /var/run DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY zoneminder DESTINATION /var/run DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
@ -43,6 +53,22 @@ install(DIRECTORY zoneminder DESTINATION /var/cache DIRECTORY_PERMISSIONS OWNER_
install(DIRECTORY zoneminder-upload DESTINATION /var/spool DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY zoneminder-upload DESTINATION /var/spool DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(DIRECTORY events images temp DESTINATION /var/lib/zoneminder DIRECTORY_PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
# Install the Apache zoneminder files
install(FILES zm-apache.conf DESTINATION /usr/lib/systemd/system/zoneminder.service.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.apache.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.apache.tmpfiles.conf DESTINATION /usr/lib/tmpfiles.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES com.zoneminder.systemctl.rules.apache DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
# Install the Nginx zoneminder files
install(FILES zm-nginx.conf DESTINATION /usr/lib/systemd/system/zoneminder.service.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.nginx.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.nginx.tmpfiles.conf DESTINATION /usr/lib/tmpfiles.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES com.zoneminder.systemctl.rules.nginx DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zm-web-user.conf DESTINATION /etc/zm/conf.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.php-fpm.conf DESTINATION /etc/php-fpm.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
# Miscellaneous
# Symlink the cake php temp folder to the ZoneMinder temp folder # Symlink the cake php temp folder to the ZoneMinder temp folder
install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")") install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/api/app/tmp\")")
@ -50,14 +76,5 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../../../var/lib/zoneminde
install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")") install(CODE "execute_process(COMMAND ln -sf ../../java/cambozola.jar \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/cambozola.jar\")")
# Install auxiliary files # Install auxiliary files
install(FILES misc/redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) install(FILES common/redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
# Install zoneminder service files
install(FILES zoneminder.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.php-fpm.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.nginx.conf DESTINATION /etc/zm/www PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.service DESTINATION /usr/lib/systemd/system PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
install(FILES zoneminder.tmpfiles DESTINATION /usr/lib/tmpfiles.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)

View File

@ -0,0 +1,7 @@
polkit.addRule(function(action, subject) {
if (action.id == "com.zoneminder.policykit.pkexec.run-zmsystemctl" &&
subject.user != "@WEB_USER@") {
return polkit.Result.NO;
}
});

View File

@ -0,0 +1,8 @@
# Additional config directions for ZoneMinder with Apache web server
[Unit]
After=httpd.service
[Service]
User=@WEB_USER@
Group=@WEB_GROUP@

View File

@ -1,9 +1,10 @@
# ZoneMinder systemd unit file for RedHat distros and clones # ZoneMinder systemd unit file for RedHat distros and clones
# See drop-in folder for additional config directives
[Unit] [Unit]
Description=ZoneMinder CCTV recording and security system Description=ZoneMinder CCTV recording and security system
After=network.target mariadb.service httpd.service After=network.target mariadb.service
Requires=mariadb.service httpd.service Requires=mariadb.service
[Service] [Service]
User=@WEB_USER@ User=@WEB_USER@

View File

@ -1,125 +0,0 @@
module local_zoneminder 1.2;
require {
type afs_ka_port_t;
type netsupport_port_t;
type port_t;
type presence_port_t;
type postfix_master_t;
type postfix_qmgr_t;
type postfix_pickup_t;
type httpd_t;
type var_lib_t;
type ionixnetmon_port_t;
type glance_port_t;
type mmcc_port_t;
type postfix_master_t;
type commplex_port_t;
type syslogd_port_t;
type dcc_port_t;
type sip_port_t;
type amqp_port_t;
type condor_port_t;
type afs_fs_port_t;
type nodejs_debug_port_t;
type httpd_var_lib_t;
type websm_port_t;
type afs_pt_port_t;
type postfix_qmgr_t;
type git_port_t;
type ipp_port_t;
type aol_port_t;
type unconfined_t;
type kernel_t;
type init_t;
type auditd_t;
type mysqld_t;
type httpd_log_t;
type syslogd_t;
type httpd_t;
type initrc_state_t;
type initrc_t;
type var_lib_t;
type udev_t;
type mysqld_safe_t;
type sshd_t;
type crond_t;
type getty_t;
type httpd_var_lib_t;
type initrc_var_run_t;
type tmpfs_t;
type dhcpc_t;
type v4l_device_t;
type file_t;
class sock_file { write create unlink };
class unix_stream_socket { read connectto };
class lnk_file { write create getattr read lock unlink };
class dir {search getattr };
class udp_socket name_bind;
class file { write getattr read lock unlink open };
class shm { unix_read unix_write associate read write getattr };
class chr_file getattr;
}
#============= httpd_t ==============
allow httpd_t auditd_t:dir { search getattr };
allow httpd_t auditd_t:file { read getattr open };
allow httpd_t crond_t:dir { search getattr };
allow httpd_t crond_t:file { read getattr open };
allow httpd_t dhcpc_t:dir { search getattr };
allow httpd_t dhcpc_t:file { read getattr open };
allow httpd_t getty_t:dir { search getattr };
allow httpd_t getty_t:file { read getattr open };
allow httpd_t httpd_log_t:file write;
allow httpd_t httpd_var_lib_t:lnk_file { write getattr read lock unlink };
allow httpd_t init_t:dir { search getattr };
allow httpd_t init_t:file { read getattr open };
#!!!! The source type 'httpd_t' can write to a 'file' of the following types:
#squirrelmail_spool_t, mirrormanager_var_run_t, dirsrvadmin_config_t, httpd_lock_t, httpd_tmp_t, dirsrv_config_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_run_t, dirsrv_var_log_t, httpd_var_lib_t, httpd_var_run_t, zarafa_var_lib_t, httpd_prewikka_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, passenger_var_run_t, httpd_smokeping_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_collectd_rw_content_t, cluster_var_lib_t, cluster_var_run_t, httpd_user_rw_content_t, httpd_awstats_rw_content_t, httpdcontent, root_t, httpd_cobbler_rw_content_t, httpd_munin_rw_content_t, cluster_conf_t, httpd_bugzilla_rw_content_t, passenger_tmp_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_dspam_rw_content_t
allow httpd_t initrc_state_t:file { read write getattr unlink open };
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t initrc_t:shm { unix_read unix_write associate read write getattr };
allow httpd_t initrc_var_run_t:file { write read lock open };
allow httpd_t kernel_t:dir { search getattr };
allow httpd_t kernel_t:file { read getattr open };
allow httpd_t mysqld_safe_t:dir { search getattr };
allow httpd_t mysqld_safe_t:file { read getattr open };
allow httpd_t mysqld_t:dir { search getattr };
allow httpd_t mysqld_t:file { read getattr open };
allow httpd_t sshd_t:dir { search getattr };
allow httpd_t sshd_t:file { read getattr open };
allow httpd_t syslogd_t:dir { search getattr };
allow httpd_t syslogd_t:file { read getattr open };
allow httpd_t tmpfs_t:sock_file write;
allow httpd_t udev_t:dir { search getattr };
allow httpd_t udev_t:file { read getattr open };
allow httpd_t unconfined_t:dir { search getattr };
allow httpd_t unconfined_t:file { read getattr open };
allow httpd_t var_lib_t:lnk_file { write getattr read lock unlink };
allow httpd_t var_lib_t:sock_file { write unlink };
allow httpd_t v4l_device_t:chr_file getattr;
allow httpd_t afs_fs_port_t:udp_socket name_bind;
allow httpd_t afs_ka_port_t:udp_socket name_bind;
allow httpd_t afs_pt_port_t:udp_socket name_bind;
allow httpd_t amqp_port_t:udp_socket name_bind;
allow httpd_t aol_port_t:udp_socket name_bind;
allow httpd_t commplex_port_t:udp_socket name_bind;
allow httpd_t condor_port_t:udp_socket name_bind;
allow httpd_t dcc_port_t:udp_socket name_bind;
allow httpd_t git_port_t:udp_socket name_bind;
allow httpd_t glance_port_t:udp_socket name_bind;
allow httpd_t httpd_var_lib_t:lnk_file create;
allow httpd_t ionixnetmon_port_t:udp_socket name_bind;
allow httpd_t ipp_port_t:udp_socket name_bind;
allow httpd_t mmcc_port_t:udp_socket name_bind;
allow httpd_t netsupport_port_t:udp_socket name_bind;
allow httpd_t nodejs_debug_port_t:udp_socket name_bind;
allow httpd_t port_t:udp_socket name_bind;
allow httpd_t postfix_master_t:dir { search getattr };
allow httpd_t postfix_master_t:file { read getattr open };
allow httpd_t postfix_pickup_t:dir { search getattr };
allow httpd_t postfix_pickup_t:file { read getattr open };
allow httpd_t postfix_qmgr_t:dir { search getattr };
allow httpd_t postfix_qmgr_t:file { read getattr open };
allow httpd_t presence_port_t:udp_socket name_bind;

View File

@ -0,0 +1,7 @@
polkit.addRule(function(action, subject) {
if (action.id == "com.zoneminder.policykit.pkexec.run-zmsystemctl" &&
subject.user != "nginx") {
return polkit.Result.NO;
}
});

View File

@ -0,0 +1,9 @@
# Additional config directives for ZoneMinder with Nginx web server
[Unit]
After=nginx.service php-fpm.service fcgiwrap.service
Requires=php-fpm.service fcgiwrap.service
[Service]
User=nginx
Group=nginx

View File

@ -0,0 +1,3 @@
ZM_WEB_USER=nginx
ZM_WEB_GROUP=nginx

View File

@ -0,0 +1,8 @@
D @ZM_TMPDIR@ 0755 nginx nginx
D @ZM_SOCKDIR@ 0755 nginx nginx
D @ZM_CACHEDIR@ 0755 nginx nginx
d @ZM_DIR_EVENTS@ 0755 nginx nginx
D @ZM_DIR_IMAGES@ 0755 nginx nginx
D /var/lib/php/session 770 root nginx
D /var/lib/php/wsdlcache 770 root nginx

View File

@ -1,22 +0,0 @@
# ZoneMinder systemd unit file for Fedora
# Replace mariadb with community-mysql if using mysql service instead of mariadb
[Unit]
Description=ZoneMinder CCTV recording and security system
After=network.target mariadb.service nginx.service php-fpm.service fcgiwrap.service
Requires=mariadb.service nginx.service php-fpm.service fcgiwrap.service
[Service]
User=@WEB_USER@
Group=@WEB_GROUP@
Type=forking
ExecStart=@BINDIR@/zmpkg.pl start
ExecReload=@BINDIR@/zmpkg.pl restart
ExecStop=@BINDIR@/zmpkg.pl stop
PIDFile=@ZM_RUNDIR@/zm.pid
Environment=TZ=/etc/localtime
RuntimeDirectory=zoneminder
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target

View File

@ -1,8 +0,0 @@
D @ZM_TMPDIR@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_SOCKDIR@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_CACHEDIR@ 0755 @WEB_USER@ @WEB_GROUP@
d @ZM_DIR_EVENTS@ 0755 @WEB_USER@ @WEB_GROUP@
D @ZM_DIR_IMAGES@ 0755 @WEB_USER@ @WEB_GROUP@
D /var/lib/php/session 770 root @WEB_GROUP@
D /var/lib/php/wsdlcache 770 root @WEB_GROUP@

View File

@ -0,0 +1,29 @@
What's New
==========
1. See the ZoneMinder release notes for a list of new features:
https://github.com/ZoneMinder/zoneminder/releases
2. The contents of the ZoneMinder Apache config file have changed. In
addition, this ZoneMinder package now requires you to manually symlink the
ZoneMinder Apache config file. See new install step 6 and upgrade step 3
below for details.
3. This package has been split into sub-packages to allow compatibility with
other web servers. Here is a breakdown of the available packages:
zoneminder - Meta-package installs zoneminder-common and zoneminder-httpd
This exists soley for backwards compaitilibty.
zoneminder-common - Common files that do not differ based on the web server
zoneminder-httpd - Files needed for compatibility with the Apache web server
zoneminder-nginx - Files needed for compatibility with the Nginx web server
You can switch between different subpackages with dnf/yum. Be advised that,
if you modified any of the default config files supplied by the package,
rpm may not update the config file to the proper version. This is by design.
Use drop-in files instead, to avoid this issue.
4. Continue on to the next README that corresponds to the chosen webserver:
README.httpd - Follow these steps when using Apache
README.nginx - Follow these steps when using Nginx

View File

@ -1,3 +1,4 @@
# Leaving this to allow one to build zoneminder-http subpackage using arbitrary user account
%global zmuid_final apache %global zmuid_final apache
%global zmgid_final apache %global zmgid_final apache
@ -7,10 +8,6 @@
# CakePHP-Enum-Behavior is configured as a git submodule # CakePHP-Enum-Behavior is configured as a git submodule
%global ceb_version 1.0-zm %global ceb_version 1.0-zm
%if "%{zmuid_final}" == "nginx"
%global with_nginx 1
%endif
%global sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt %global sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
%global sslkey %{_sysconfdir}/pki/tls/private/localhost.key %global sslkey %{_sysconfdir}/pki/tls/private/localhost.key
@ -22,11 +19,12 @@
%global with_apcu_bc 1 %global with_apcu_bc 1
%endif %endif
# The default for everything but el7 these days
%global _hardened_build 1 %global _hardened_build 1
Name: zoneminder Name: zoneminder
Version: 1.32.2 Version: 1.32.2
Release: 1%{?dist} Release: 2%{?dist}
Summary: A camera monitoring and analysis tool Summary: A camera monitoring and analysis tool
Group: System Environment/Daemons Group: System Environment/Daemons
# Mootools is inder the MIT license: http://mootools.net/ # Mootools is inder the MIT license: http://mootools.net/
@ -74,6 +72,7 @@ BuildRequires: vlc-devel
BuildRequires: libcurl-devel BuildRequires: libcurl-devel
BuildRequires: libv4l-devel BuildRequires: libv4l-devel
BuildRequires: desktop-file-utils BuildRequires: desktop-file-utils
BuildRequires: gzip
# ZoneMinder looks for and records the location of the ffmpeg binary during build # ZoneMinder looks for and records the location of the ffmpeg binary during build
BuildRequires: ffmpeg BuildRequires: ffmpeg
@ -83,10 +82,25 @@ BuildRequires: ffmpeg-devel
BuildRequires: libmp4v2-devel BuildRequires: libmp4v2-devel
BuildRequires: x264-devel BuildRequires: x264-devel
%{?with_nginx:Requires: nginx} # Allow existing user base to seamlessly transition to sub-packages
%{?with_nginx:Requires: php-fpm} Requires: %{name}-common%{?_isa} = %{version}-%{release}
%{!?with_nginx:Requires: httpd} Requires: %{name}-httpd%{?_isa} = %{version}-%{release}
%{!?with_nginx:Requires: php}
%description
ZoneMinder is a set of applications which is intended to provide a complete
solution allowing you to capture, analyze, record and monitor any cameras you
have attached to a Linux based machine. It is designed to run on kernels which
support the Video For Linux (V4L) interface and has been tested with cameras
attached to BTTV cards, various USB cameras and IP network cameras. It is
designed to support as many cameras as you can attach to your computer without
too much degradation of performance.
This is a meta package for backwards compatibility with the existing
ZoneMinder user base.
%package common
Summary: Common files for ZoneMinder, not tied to a specific web server
Requires: php-mysqli Requires: php-mysqli
Requires: php-common Requires: php-common
Requires: php-gd Requires: php-gd
@ -111,16 +125,12 @@ Requires: perl(Net::FTP)
Requires: perl(LWP::Protocol::https) Requires: perl(LWP::Protocol::https)
Requires: ca-certificates Requires: ca-certificates
Requires: zip Requires: zip
%{systemd_requires}
Requires(post): systemd
Requires(post): systemd-sysv
Requires(preun): systemd
Requires(postun): systemd
Requires(post): %{_bindir}/gpasswd Requires(post): %{_bindir}/gpasswd
Requires(post): %{_bindir}/less Requires(post): %{_bindir}/less
%description %description common
ZoneMinder is a set of applications which is intended to provide a complete ZoneMinder is a set of applications which is intended to provide a complete
solution allowing you to capture, analyze, record and monitor any cameras you solution allowing you to capture, analyze, record and monitor any cameras you
have attached to a Linux based machine. It is designed to run on kernels which have attached to a Linux based machine. It is designed to run on kernels which
@ -129,15 +139,56 @@ attached to BTTV cards, various USB cameras and IP network cameras. It is
designed to support as many cameras as you can attach to your computer without designed to support as many cameras as you can attach to your computer without
too much degradation of performance. too much degradation of performance.
This is a meta-package that exists solely to allow the existing user base to
seamlessly transition to sub-packages.
%package httpd
Summary: ZoneMinder configuration for Apache web server
Requires: %{name}-common%{?_isa} = %{version}-%{release}
Requires: httpd
Requires: php
Conflicts: %{name}-nginx
%description httpd
ZoneMinder is a set of applications which is intended to provide a complete
solution allowing you to capture, analyze, record and monitor any cameras you
have attached to a Linux based machine. It is designed to run on kernels which
support the Video For Linux (V4L) interface and has been tested with cameras
attached to BTTV cards, various USB cameras and IP network cameras. It is
designed to support as many cameras as you can attach to your computer without
too much degradation of performance.
This sub-package contains configuration specific to Apache web server
%package nginx
Summary: ZoneMinder configuration for Nginx web server
Requires: %{name}-common%{?_isa} = %{version}-%{release}
Requires: nginx
Requires: php-fpm
Conflicts: %{name}-httpd
%description nginx
ZoneMinder is a set of applications which is intended to provide a complete
solution allowing you to capture, analyze, record and monitor any cameras you
have attached to a Linux based machine. It is designed to run on kernels which
support the Video For Linux (V4L) interface and has been tested with cameras
attached to BTTV cards, various USB cameras and IP network cameras. It is
designed to support as many cameras as you can attach to your computer without
too much degradation of performance.
This sub-package contains support for ZoneMinder with the Nginx web server
%prep %prep
%autosetup -p 1 -a 1 %autosetup -p 1 -a 1
%{__rm} -rf ./web/api/app/Plugin/Crud rm -rf ./web/api/app/Plugin/Crud
%{__mv} -f crud-%{crud_version} ./web/api/app/Plugin/Crud mv -f crud-%{crud_version} ./web/api/app/Plugin/Crud
# The all powerful autosetup macro does not work after the second source tarball # The all powerful autosetup macro does not work after the second source tarball
%{__gzip} -dc %{_sourcedir}/cakephp-enum-behavior-%{ceb_version}.tar.gz | tar -xvvf - gzip -dc %{_sourcedir}/cakephp-enum-behavior-%{ceb_version}.tar.gz | tar -xvvf -
%{__rm} -rf ./web/api/app/Plugin/CakePHP-Enum-Behavior rm -rf ./web/api/app/Plugin/CakePHP-Enum-Behavior
%{__mv} -f CakePHP-Enum-Behavior-%{ceb_version} ./web/api/app/Plugin/CakePHP-Enum-Behavior mv -f CakePHP-Enum-Behavior-%{ceb_version} ./web/api/app/Plugin/CakePHP-Enum-Behavior
# Change the following default values # Change the following default values
./utils/zmeditconfigdata.sh ZM_OPT_CAMBOZOLA yes ./utils/zmeditconfigdata.sh ZM_OPT_CAMBOZOLA yes
@ -150,7 +201,7 @@ too much degradation of performance.
%build %build
%cmake \ %cmake \
-DZM_WEB_USER="%{zmuid_final}" \ -DZM_WEB_USER="%{zmuid_final}" \
-DZM_WEB_GROUP="%{zmuid_final}" \ -DZM_WEB_GROUP="%{zmgid_final}" \
-DZM_TARGET_DISTRO="%{zmtargetdistro}" \ -DZM_TARGET_DISTRO="%{zmtargetdistro}" \
. .
@ -172,10 +223,13 @@ find %{buildroot} \( -name .htaccess -or -name .editorconfig -or -name .packlist
find %{buildroot}%{_datadir}/zoneminder/www/api \( -name cake -or -name cake.php \) -type f -exec sed -i 's\^#!/usr/bin/env bash$\#!%{_buildshell}\' {} \; -exec %{__chmod} 755 {} \; find %{buildroot}%{_datadir}/zoneminder/www/api \( -name cake -or -name cake.php \) -type f -exec sed -i 's\^#!/usr/bin/env bash$\#!%{_buildshell}\' {} \; -exec %{__chmod} 755 {} \;
# Use the system cacert file rather then the one bundled with CakePHP # Use the system cacert file rather then the one bundled with CakePHP
%{__rm} -f %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem rm -f %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem
%{__ln_s} ../../../../../../../..%{_sysconfdir}/pki/tls/certs/ca-bundle.crt %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem ln -s ../../../../../../../..%{_sysconfdir}/pki/tls/certs/ca-bundle.crt %{buildroot}%{_datadir}/zoneminder/www/api/lib/Cake/Config/cacert.pem
%post # Handle the polkit file differently for web server agnostic support (see post)
rm -f %{buildroot}%{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
%post common
# Initial installation # Initial installation
if [ $1 -eq 1 ] ; then if [ $1 -eq 1 ] ; then
%systemd_post %{name}.service %systemd_post %{name}.service
@ -183,28 +237,38 @@ fi
# Upgrade from a previous version of zoneminder # Upgrade from a previous version of zoneminder
if [ $1 -eq 2 ] ; then if [ $1 -eq 2 ] ; then
# Add any new PTZ control configurations to the database (will not overwrite) # Add any new PTZ control configurations to the database (will not overwrite)
%{_bindir}/zmcamtool.pl --import >/dev/null 2>&1 || : %{_bindir}/zmcamtool.pl --import >/dev/null 2>&1 || :
# Freshen the database # Freshen the database
%{_bindir}/zmupdate.pl -f >/dev/null 2>&1 || : %{_bindir}/zmupdate.pl -f >/dev/null 2>&1 || :
# We can't run this automatically when new sql account permissions need to
# be manually added first
# Run zmupdate non-interactively
# zmupdate.pl --nointeractive
fi fi
# Allow zoneminder access to local video sources, serial ports, and x10
%{_bindir}/gpasswd -a %{zmuid_final} video >/dev/null 2>&1 || :
%{_bindir}/gpasswd -a %{zmuid_final} dialout >/dev/null 2>&1 || :
# Warn the end user to read the README file # Warn the end user to read the README file
echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, you must read the README file\nto finish the installation or upgrade!" echo -e "\nVERY IMPORTANT: Before starting ZoneMinder, you must read the README file\nto finish the installation or upgrade!"
echo -e "\nThe README file is located here: %{_pkgdocdir}/README\n" echo -e "\nThe README file is located here: %{_pkgdocdir}/README\n"
%if 0%{?with_nginx} %post httpd
ln -s %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.apache %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
# backwards compatibility
ln -s %{_sysconfdir}/zm/www/zoneminder.apache.conf %{_sysconfdir}/zm/www/zoneminder.conf
# Allow zoneminder access to local video sources, serial ports, and x10
%{_bindir}/gpasswd -a %{zmuid_final} video >/dev/null 2>&1 || :
%{_bindir}/gpasswd -a %{zmuid_final} dialout >/dev/null 2>&1 || :
%post nginx
ln -s %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.nginx %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
#
# TO-DO: configure the README's
#
# Allow zoneminder access to local video sources, serial ports, and x10
%{_bindir}/gpasswd -a nginx video >/dev/null 2>&1 || :
%{_bindir}/gpasswd -a nginx dialout >/dev/null 2>&1 || :
# Nginx does not create an SSL certificate like the apache package does so lets do that here # Nginx does not create an SSL certificate like the apache package does so lets do that here
if [ -f %{sslkey} -o -f %{sslcert} ]; then if [ -f %{sslkey} -o -f %{sslcert} ]; then
exit 0 exit 0
@ -230,7 +294,6 @@ SomeOrganizationalUnit
${FQDN} ${FQDN}
root@${FQDN} root@${FQDN}
EOF EOF
%endif
%preun %preun
%systemd_preun %{name}.service %systemd_preun %{name}.service
@ -238,17 +301,10 @@ EOF
%postun %postun
%systemd_postun_with_restart %{name}.service %systemd_postun_with_restart %{name}.service
%triggerun -- zoneminder < 1.25.0-4
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply zoneminder
# to migrate them to systemd targets
%{_bindir}/systemd-sysv-convert --save zoneminder >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del zoneminder >/dev/null 2>&1 || :
/bin/systemctl try-restart zoneminder.service >/dev/null 2>&1 || :
%files %files
# nothing
%files common
%license COPYING %license COPYING
%doc AUTHORS README.md distros/redhat/readme/README distros/redhat/readme/README.https %doc AUTHORS README.md distros/redhat/readme/README distros/redhat/readme/README.https
@ -260,18 +316,12 @@ EOF
# Config folder contents contain sensitive info # Config folder contents contain sensitive info
# and should not be readable by normal users # and should not be readable by normal users
%{_sysconfdir}/zm/conf.d/README %{_sysconfdir}/zm/conf.d/README
%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf
%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/*.conf
%ghost %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/zmcustom.conf
%config(noreplace) %attr(644,root,root) %{_sysconfdir}/zm/www/zoneminder.conf
%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.php-fpm.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/zoneminder %config(noreplace) %{_sysconfdir}/logrotate.d/zoneminder
%{_tmpfilesdir}/zoneminder.conf %{_tmpfilesdir}/zoneminder.conf
%{_unitdir}/zoneminder.service %{_unitdir}/zoneminder.service
%{_datadir}/polkit-1/actions/com.zoneminder.systemctl.policy %{_datadir}/polkit-1/actions/com.zoneminder.systemctl.policy
%{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
%{_bindir}/zmsystemctl.pl %{_bindir}/zmsystemctl.pl
%{_bindir}/zma %{_bindir}/zma
@ -304,6 +354,15 @@ EOF
%{_datadir}/zoneminder/ %{_datadir}/zoneminder/
%{_datadir}/applications/*zoneminder.desktop %{_datadir}/applications/*zoneminder.desktop
%files httpd
%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf
%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/0*.conf
%ghost %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/conf.d/zmcustom.conf
%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.apache.conf
%config(noreplace) %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.apache
%ghost %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
%{_unitdir}/zoneminder.service.d/zm-apache.conf
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/events %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/events
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/images %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_sharedstatedir}/zoneminder/images
@ -313,9 +372,33 @@ EOF
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/cache/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/cache/zoneminder
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/log/zoneminder %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/log/zoneminder
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload %dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/spool/zoneminder-upload
%dir %attr(755,%{zmuid_final},%{zmgid_final}) %{_localstatedir}/run/zoneminder
%files nginx
%config(noreplace) %attr(640,root,nginx) %{_sysconfdir}/zm/zm.conf
%config(noreplace) %attr(640,root,nginx) %{_sysconfdir}/zm/conf.d/*.conf
%ghost %attr(640,root,nginx) %{_sysconfdir}/zm/conf.d/zmcustom.conf
%config(noreplace) %{_sysconfdir}/zm/www/zoneminder.nginx.conf
%config(noreplace) %{_sysconfdir}/zm/www/com.zoneminder.systemctl.rules.nginx
%ghost %{_datadir}/polkit-1/rules.d/com.zoneminder.systemctl.rules
%config(noreplace) %{_sysconfdir}/php-fpm.d/zoneminder.php-fpm.conf
%{_unitdir}/zoneminder.service.d/zm-nginx.conf
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/events
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/images
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/sock
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/swap
%dir %attr(755,nginx,nginx) %{_sharedstatedir}/zoneminder/temp
%dir %attr(755,nginx,nginx) %{_localstatedir}/cache/zoneminder
%dir %attr(755,nginx,nginx) %{_localstatedir}/log/zoneminder
%dir %attr(755,nginx,nginx) %{_localstatedir}/spool/zoneminder-upload
%changelog %changelog
* Wed Nov 14 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.32.2-2
- Break into sub-packages
* Sat Oct 13 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.32.2-1 * Sat Oct 13 2018 Andrew Bauer <zonexpertconsulting@outlook.com> - 1.32.2-1
- 1.32.2 release - 1.32.2 release
- Bug fix release - Bug fix release