Merge pull request #700 from knnniggett/centos7

Centos 7 rpm packaging

CMakeLists.txt

@@ -77,6 +77,12 @@ if((ZM_TARGET_DISTRO STREQUAL "f19") OR (ZM_TARGET_DISTRO STREQUAL "f20") OR (ZM
 	set(ZM_SOCKDIR "/var/lib/zoneminder/sock")
 	set(ZM_TMPDIR "/var/lib/zoneminder/temp")
 	set(ZM_LOGDIR "/var/log/zoneminder")
+elseif(ZM_TARGET_DISTRO STREQUAL "el7")
+	set(ZM_RUNDIR "/var/run/zoneminder")
+	set(ZM_SOCKDIR "/var/lib/zoneminder/sock")
+	set(ZM_TMPDIR "/var/lib/zoneminder/temp")
+	set(ZM_LOGDIR "/var/log/zoneminder")
+	set(ZM_CONFIG_DIR "/etc/zm")
 elseif(ZM_TARGET_DISTRO STREQUAL "OS13")
 	set(ZM_RUNDIR "/var/run/zoneminder")
 	set(ZM_TMPDIR "/var/run/zoneminder")
@@ -521,7 +527,7 @@ add_subdirectory(misc)
 # Process distro subdirectories
 if((ZM_TARGET_DISTRO STREQUAL "f19") OR (ZM_TARGET_DISTRO STREQUAL "f20"))
 	add_subdirectory(distros/fedora)
-elseif(ZM_TARGET_DISTRO STREQUAL "el6")
+elseif((ZM_TARGET_DISTRO STREQUAL "el6") OR (ZM_TARGET_DISTRO STREQUAL "el7"))
 	add_subdirectory(distros/redhat)
 elseif(ZM_TARGET_DISTRO STREQUAL "OS13")
 	add_subdirectory(distros/opensuse)

distros/redhat/CMakeLists.txt

@@ -1,7 +1,11 @@
 # CMakeLists.txt for the Redhat/CentOS Target Distro.
 
 # Create the zoneminder service file
-configure_file(zoneminder.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY)
+if(ZM_TARGET_DISTRO STREQUAL "el7")
+	configure_file(zoneminder.service.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder.service @ONLY)
+else(ZM_TARGET_DISTRO STREQUAL "el7")
+	configure_file(zoneminder.in ${CMAKE_CURRENT_SOURCE_DIR}/zoneminder @ONLY)
+endif(ZM_TARGET_DISTRO STREQUAL "el7")
 
 # Download jscalendar & move files into position
 file(DOWNLOAD http://softlayer-dal.dl.sourceforge.net/project/jscalendar/jscalendar/1.0/jscalendar-1.0.zip ${CMAKE_CURRENT_SOURCE_DIR}/jscalendar-1.0.zip LOG jsc_log STATUS download_jsc)
@@ -41,10 +45,17 @@ install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/imag
 install(CODE "execute_process(COMMAND ln -sf ../../../../var/lib/zoneminder/temp \"\$ENV{DESTDIR}${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/temp\")")
 
 # Install auxillary files required to run zoneminder on CentOS
-install(FILES zoneminder.conf DESTINATION /etc/httpd/conf.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
-install(FILES zm-logrotate_d DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
 install(FILES redalert.wav DESTINATION ${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_DATAROOTDIR}/zoneminder/www/sounds PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
-install(FILES zoneminder.service DESTINATION /etc/rc.d/init.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+if(ZM_TARGET_DISTRO STREQUAL "el7")
+	install(FILES zoneminder.el7.conf DESTINATION /etc/httpd/conf.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+	install(FILES zoneminder.el7.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+	install(FILES zoneminder.service DESTINATION /usr/lib/systemd/system PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+	install(FILES zoneminder.tmpfiles DESTINATION /etc/tmpfiles.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+else(ZM_TARGET_DISTRO STREQUAL "el7")
+	install(FILES zoneminder.el6.conf DESTINATION /etc/httpd/conf.d RENAME zoneminder.conf PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+	install(FILES zoneminder.el6.logrotate DESTINATION /etc/logrotate.d RENAME zoneminder PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+	install(FILES zoneminder DESTINATION /etc/rc.d/init.d PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ)
+endif(ZM_TARGET_DISTRO STREQUAL "el7")
 
 # Install jscalendar
 if(unzip_jsc STREQUAL "")

distros/redhat/README.Centos7

@@ -0,0 +1,128 @@
+What's New
+==========
+
+1. The Apache ScriptAlias has been changed from "/cgi-bin/zm/zms" to 
+   "/cgi-bin-zm/zms". This has been to done to avoid this bug:
+   https://bugzilla.redhat.com/show_bug.cgi?id=973067
+
+   IMPORTANT: ZoneMinder will not update this value during an upgrade. You must
+   manually update ZM_PATH_ZMS yourself under Options. This does not affect
+   new installs.
+
+2. ZoneMinder no longer uses PHP short tags.
+
+3. During an rpm package upgrade, zmupdate.pl will now auto-update the database
+   and the zonemidner service will restart automatically.
+
+4. The ZoneMinder config file, zm.conf, has been moved under /etc/zm.
+
+5. Systemd. CentOS 7 uses Systemd instead of the legacy Sys V Init. Under the
+   hood, Systemd does things quite a bit differently. Prepare to go through a
+   learning curve if you have not done so already.
+
+New installs
+============
+
+1. Unless you are already using MariaDB server, you need to ensure that
+   the server is configured to start during boot and properly secured
+   by running:
+
+	sudo systemctl enable mariadb
+	sudo systemctl start mariadb    
+	sudo mysql_secure_installation
+
+2. Using the password for the root account set during the previous step, you
+   will need to create the ZoneMinder database and configure a database
+   account for ZoneMinder to use:
+
+     mysql -u root -p < /usr/share/zoneminder/db/zm_create.sql
+     mysql -u root -p
+         mysql> grant select,insert,update,delete,lock tables,alter on zm.* to
+               'zmuser'@localhost identified by 'zmpass';
+         mysql> exit;
+     mysqladmin -u root -p reload
+
+   The database account credentials, zmuser/zmpass, are arbitrary. Set them to
+   anything that suits your envinroment.
+
+3. If you have chosen to change the zoneminder database account credentials to
+   something other than zmuser/zmpass, you must now edit /etc/zm/zm.conf.
+   Change ZM_DB_USER and ZM_DB_PASS to the values you created in the previous
+   step.
+
+4. Edit /etc/php.ini, uncomment the date.timezone line, and add your local
+   timezone.  For whatever reason, PHP will complain loudly if this is not set,
+   or if it is set incorrectly, and these complaints will show up in the
+   zoneminder logging system as errors.
+
+   If you are not sure of the proper timezone specification to use, look at
+   http://php.net/date.timezone
+
+5. This package will automatically configure and install an SELinux policy
+   called local_zoneminder. A copy of this policy is in the documentation
+   folder.
+
+   Maintaining an accurate SELinux policy file that does not create issues has
+   been a struggle. If SELinux blocks nortmal ZoneMinder acitivity, or you
+   feel you just don't need it, SELinux can be disabled for the current running
+   session with the following command:
+
+     sudo setenforce 0
+
+   To permanently disable SELinux, edit /etc/selinux/conf and change the
+   SELINUX line from "enforcing" to "disabled". This change will take
+   effect after a reboot.
+
+6. Now start the web server:
+
+	sudo systemctl enable httpd
+	sudo systemctl start httpd
+
+7. Now start zoneminder:
+
+	sudo systemctl enable zoneminder
+	sudo systemctl start zoneminder
+
+Upgrades
+========
+
+1. Verify /etc/zm/zm.conf.
+
+   If zm.conf was manually edited before running the upgrade, the installation
+   may not overwrite it. In this case, it will create the file
+   /etc/zm/zm.conf.rpmnew.
+
+   For example, this will happen if you are using database account credentials
+   other than zmuser/zmpass.
+
+   Compare /etc/zm/zm.conf to /etc/zm/zm.conf.rpmnew. Verify that zm.conf
+   contains any new config settings that may be in zm.conf.rpmnew.
+
+2. Verify permissions of the zmuser account.
+
+   Overtime, the database account permissions required for normal operation
+   have changed. Verify the zmuser database account has been granted select,
+   insert, update, delete, lock tables, and alter permission to the ZoneMinder
+   database:
+
+     mysql -u root -p
+         mysql> show grants for zmuser@localhost;
+         mysql> exit;
+
+3. Verify the database was upgraded automatically.
+
+   From the web console, ZoneMinder should show a status of "Running", and the
+   version number should have incremented.
+
+   If it is not running, then try to start it. The web console will indicate
+   if there is a database version conflict. If this is the case, then you may
+   need to manually update the database from the command line:
+
+     sudo zmupdate.pl
+
+   Modern versions of ZoneMinder don't require any parameters added to the 
+   zmupdate command. However, if ZoneMinder complains, you may need to call
+   zmupdate in the following manner:
+
+     sudo zmupdate.pl --user=root --pass=<mysql_root_pwd> --version=<from version>
+

distros/redhat/zoneminder.conf → distros/redhat/zoneminder.el6.conf

@@ -1,6 +1,3 @@
-# The Zoneminder web interface has been disabled by default due to a small
-# security issue in the default install.
-#
 # When using Zoneminder's own authentication, recorded CCTV images are
 # accessible from the web directly without passing the authentication. This
 # means any attacker could see your CCTV images without a password. In order
@@ -18,10 +15,8 @@ Alias /zm "/usr/share/zoneminder/www"
     AllowOverride All
     Order allow,deny
     Allow from all
-    # The code unfortunately uses short tags in many places
-    php_value short_open_tag 1
-
-Deny from all # DELETE THIS LINE
+    # ZoneMinder no longer uses short tags so this is safe to leave disabled
+    # php_value short_open_tag 1
 </Directory>
 
 ScriptAlias /cgi-bin/zm "/usr/libexec/zoneminder/cgi-bin"

distros/redhat/zoneminder.el7.conf

@@ -0,0 +1,42 @@
+# When using Zoneminder's own authentication, recorded CCTV images are
+# accessible from the web directly without passing the authentication. This
+# means any attacker could see your CCTV images without a password. In order
+# to avoid this you can disable Zoneminder's authentication and configure
+# standard Apache authentication (see the Apache documentation for details on
+# this).
+#
+# If you still wish to use Zoneminder's own authentication, or have an
+# internal site which needs no authentication, you need to delete the line
+# marked below and restart Apache.
+
+Alias /zm "/usr/share/zoneminder/www"
+<Directory "/usr/share/zoneminder/www">
+    Options -Indexes +MultiViews +FollowSymLinks
+    AllowOverride All
+    <IfModule mod_authz_core.c>
+       # Apache 2.4
+       Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order deny,allow
+        Allow from all
+    </IfModule>
+    # ZoneMinder no longer uses short tags so this is safe to leave disabled
+    # php_value short_open_tag 1
+</Directory>
+
+ScriptAlias /cgi-bin-zm "/usr/libexec/zoneminder/cgi-bin"
+<Directory "/usr/libexec/zoneminder/cgi-bin">
+    AllowOverride All
+    Options ExecCGI
+    <IfModule mod_authz_core.c>
+       # Apache 2.4
+       Require all granted
+    </IfModule>
+    <IfModule !mod_authz_core.c>
+        # Apache 2.2
+        Order deny,allow
+        Allow from all
+    </IfModule>
+</Directory>

distros/redhat/zoneminder.el7.logrotate

@@ -0,0 +1,8 @@
+/var/log/zoneminder/*.log {
+    missingok
+    notifempty
+    sharedscripts
+    postrotate
+        /usr/bin/zmpkg.pl logrot 2> /dev/null > /dev/null || :
+    endscript
+}