NuxBSD: Free Infos

How To BSD

Zoneminder Install

pkg install zoneminder
=====
Message from freetype2-2.10.1:

--
The 2.7.x series now uses the new subpixel hinting mode (V40 port's option) as
the default, emulating a modern version of ClearType. This change inevitably
leads to different rendering results, and you might change port's options to
adapt it to your taste (or use the new "FREETYPE_PROPERTIES" environment
variable).

The environment variable "FREETYPE_PROPERTIES" can be used to control the
driver properties. Example:

FREETYPE_PROPERTIES=truetype:interpreter-version=35 \
	cff:no-stem-darkening=1 \
	autofitter:warping=1

This allows to select, say, the subpixel hinting mode at runtime for a given
application.

If LONG_PCF_NAMES port's option was enabled, the PCF family names may include
the foundry and information whether they contain wide characters. For example,
"Sony Fixed" or "Misc Fixed Wide", instead of "Fixed". This can be disabled at
run time with using pcf:no-long-family-names property, if needed. Example:

FREETYPE_PROPERTIES=pcf:no-long-family-names=1

How to recreate fontconfig cache with using such environment variable,
if needed:
# env FREETYPE_PROPERTIES=pcf:no-long-family-names=1 fc-cache -fsv

The controllable properties are listed in the section "Controlling FreeType
Modules" in the reference's table of contents
(/usr/local/share/doc/freetype2/reference/site/index.html, if documentation was installed).
=====
Message from ca_root_nss-3.47:

--
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.


This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem
=====

Message from trousers-0.3.14_2:

--
To run tcsd automatically, add the following line to /etc/rc.conf:

tcsd_enable="YES"

You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:

tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"

To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
=====

sysrc tcsd_enable="YES"
tcsd_enable:  -> YES
service tcsd start

ERREUR

/usr/local/etc/rc.d/tcsd: WARNING: failed to start tcsd

Je l'ai supprimé de /etc/rc.conf car l'erreur est liée à kerboross, pas trouvé la possibilité de résoudre !

sysrc -x tcsd_enable="YES"

Message from cyrus-sasl-2.1.27:

--
You can use sasldb2 for authentication, to add users use:

	saslpasswd2 -c username

If you want to enable SMTP AUTH with the system Sendmail, read
Sendmail.README

NOTE: This port has been compiled with a default pwcheck_method of
      auxprop.  If you want to authenticate your user by /etc/passwd,
      PAM or LDAP, install ports/security/cyrus-sasl2-saslauthd and
      set sasl_pwcheck_method to saslauthd after installing the
      Cyrus-IMAPd 2.X port.  You should also check the
      /usr/local/lib/sasl2/*.conf files for the correct
      pwcheck_method.
      If you want to use GSSAPI mechanism, install
      ports/security/cyrus-sasl2-gssapi.
      If you want to use SRP mechanism, install
      ports/security/cyrus-sasl2-srp.
      If you want to use LDAP auxprop plugin, install
      ports/security/cyrus-sasl2-ldapdb.
=====
Message from opencv-core-3.4.1_23:

--
===>   NOTICE:

The opencv-core port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
=====
Message from php72-pdo-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-pdo.ini
=====
Message from mysql57-client-5.7.27:

--
This is the mysql CLIENT without the server.
for complete server and client, please install databases/mysql57-server
=====
Message from php72-session-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-18-session.ini
=====
Message from php72-opcache-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-10-opcache.ini
=====
Message from php72-ctype-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-ctype.ini
=====
Message from php72-sockets-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-sockets.ini
=====
Message from php72-gd-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-gd.ini
=====
Message from php72-json-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-json.ini
=====
Message from php72-pecl-APCu-5.1.17:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-20-apcu.ini
=====
Message from php72-pdo_mysql-7.2.24:

--
This file has been added to automatically load the installed extension:
/usr/local/etc/php/ext-30-pdo_mysql.ini
=====
Message from zoneminder-1.32.3_4:

--
ZoneMinder is a free, open source Closed-circuit television software 
application developed for Unix-like operating systems which supports 
IP, USB and Analog cameras. 

New installs
============

ZoneMinder requires a MySQL (or MySQL forks) database backend and 
a http server, capable to execute PHP and CGI scripts.

To simplify things, we assume, that you use MySQL and NGINX on 
the same server.

	You may choose your favourite method - ports or packages here. 

	ZoneMinder use very simple queries, however it tends to write to 
	the database quite a lot depending on your capture mode and number 
	of cameras. So tweak your MySQL instance accordantly

	Now, enable and start MySQL
		sysrc mysql_server_enable="YES"
		service mysql-server start

pkg install mysql57-server-5.7.27
=====
Message from mysql57-server-5.7.27:

--
Initial password for first time use of MySQL is saved in $HOME/.mysql_secret
ie. when you want to use "mysql -u root -p" first you should see password
in /root/.mysql_secret

MySQL57 has a default %%ETCDIR%%/my.cnf,
remember to replace it wit your own
or set `mysql_optfile="$YOUR_CNF_FILE` in rc.conf.

Attention, je ne lance pas le script de configuration de MySQL !

Enable and start MySQL

sysrc mysql_enable="YES"
mysql_enable:  -> YES

service mysql-server start
Starting mysql.

service mysql-server status
mysql is running as pid 5947.

	We provide an example for an HTTP install, however, you should use 
	HTTPS if you plan to expose your installation to the public. There 
	are plenty guides how to do it and security/letsencrypt.sh is a 
	good way to get a valid SSL certificate. Probably, your installation
	will be behind reverse proxy, so this example should work for you.

	Please, notive the following issues with ZM:

	- web interface has several hardcoded /zm in url generation, so it is
		mandatory to serve your installtion from /zm subfolder
	- if behind reverse proxy, HTTP_X_FORWARDED_PROTO must be supplied or link
		generation will use http://

	Your server block should include the following:

pkg install nginx

=====
Message from nginx-1.16.1_4,2:

--
Recent version of the NGINX introduces dynamic modules support.  In
FreeBSD ports tree this feature was enabled by default with the DSO
knob.  Several vendor's and third-party modules have been converted
to dynamic modules.  Unset the DSO knob builds an NGINX without
dynamic modules support.

To load a module at runtime, include the new `load_module'
directive in the main context, specifying the path to the shared
object file for the module, enclosed in quotation marks.  When you
reload the configuration or restart NGINX, the module is loaded in.
It is possible to specify a path relative to the source directory,
or a full path, please see
https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ and
http://nginx.org/en/docs/ngx_core_module.html#load_module for
details.

Default path for the NGINX dynamic modules is

/usr/local/libexec/nginx.

Configuration du fichier /usr/local/etc/nginx/nginx.conf

vi /usr/local/etc/nginx/nginx.conf

user  www;
worker_processes  2;
error_log /var/log/nginx/error.log info;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log /var/log/nginx/access.log;

    sendfile        on;
    keepalive_timeout  65;
    
    server {
	listen 80;
	root /usr/local/www/zoneminder;
	index index.php
	gzip off;

	location /cgi-bin/nph-zms {
		include fastcgi_params;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		fastcgi_pass  unix:/var/run/fcgiwrap/fcgiwrap.sock;
	}
	location /zm/cache {
		alias /var/cache/zoneminder;
	}

	location /zm {
		alias   /usr/local/www/zoneminder;
		location ~ \.php$ {
			if (!-f $request_filename) { return 404; }
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $request_filename;
			fastcgi_index index.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}
		location ~ \.(jpg|jpeg|gif|png|ico)$ {
			access_log      off;
			expires 33d;
		}

		location /zm/api/ {
			alias   /usr/local/www/zoneminder;
			rewrite ^/zm/api(.+)$ /zm/api/app/webroot/index.php?p=$1 last;
		}
	}
    }
}

Enable and start Nginx

sysrc nginx_enable="YES"
nginx_enable:  -> YES

service nginx start
Starting nginx.

service nginx status
nginx is running as pid 5530.

	As NGINX lacks it's own CGI wrapper, we need external one. Please 
	note that ZoneMinder's montage page use simultaneous access to all 
	cameras, so you need to use at least as many fcgiwrap workers as 
	your number of cameras. The following example assumes you have 4.

pkg install fcgiwrap

Enable and start FcgiWrap

sysrc fcgiwrap_enable="YES"
fcgiwrap_enable:  -> YES

sysrc fcgiwrap_user="www"
fcgiwrap_user:  -> www

sysrc fcgiwrap_socket_owner="www"
fcgiwrap_socket_owner:  -> www

sysrc fcgiwrap_flags="-c 4"
fcgiwrap_flags:  -> -c 4

service fcgiwrap start
Starting fcgiwrap.

service fcgiwrap status
fcgiwrap is running as pid 5879.

        However, you should tweak some of it's settings.
	Edit /usr/local/etc/php-fpm.conf and set

		listen = /var/run/php-fpm.sock
		listen.owner = www
		listen.group = www
		env[PATH] = /usr/local/bin:/usr/bin:/bin

	If you want to set another path for the socket file, make sure you 
	change it in your NGINX config well. The env[PATH] needs to be set 
	to locate the zip utility as ZoneMinder's export functions rely on 
	exec(). Sorry, chroot folks. 

	PHP throws warning if date.timezone option is not set. The best place 
	to do it is to create new ini file in /usr/local/etc/php with overrides

		date.timezone = "UTC"

Configuration de php-fpm.conf

vi /usr/local/etc/php-fpm.conf
listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
env[PATH] = /usr/local/bin:/usr/bin:/bin

Configuration de php.ini

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
vi /usr/local/etc/php.ini
date.timezone = "UTC"
ou
date.timezone = "Europe/Brussels"

Enable and start php-fpm

sysrc php_fpm_enable="YES"
php_fpm_enable:  -> YES

service php-fpm start
Starting php_fpm.

service php-fpm status
php_fpm is running as pid 6540.

        ZoneMinder constantly keeps the last N frames from its cameras to 
	preserve them when alarm occurs. This can be a performance hog if 
	placed on spindle drive. The best practice is put it on tmpfs.
	See https://www.freebsd.org/cgi/man.cgi?query=tmpfs for more 
	information.

	ZoneMinder will use /tmp for default. If you plan to change it, see 
	ZM_PATH_MAP setting.

	Mapping /tmp to tmpfs is actually a recommended step under FreeBSD.
	Edit /etc/fstab and add the following:

		tmpfs			/tmp		tmpfs	rw,nosuid,mode=01777	0	0

	The size of temporary files depends on your number of cameras 
	number and frames you plan to keep. My 12 3Mbit cameras with 25 
	last frames consumes 6 GB.

vi /etc/fstab
tmpfs			/tmp		tmpfs	rw,nosuid,mode=01777	0	0

	Connect to MySQL under root and create zm user and populate database.

	mysql -u root -p
	
		CREATE DATABASE zm;
		GRANT ALL PRIVILEGES ON zm.* TO 'zmuser'@'localhost' IDENTIFIED BY 'zmpass';
		FLUSH PRIVILEGES;
		quit;
	
	mysql -u root -p zm < /usr/local/share/zoneminder/db/zm_create.sql

Important
On exécute mysql comme ceci:

• mysql -u root -p
• le mot de passe se trouve avec cat /root/.mysql_secret ar/.hqVN.oTg
• >
• CREATE DATABASE zm;
  • ERROR 1820 (HY000) : You must reset your password using ALTER USER statement before executing this statement.
  • Il faut changer le mot de passe livré par défaut dans /root/.mysql_secret
  • > SET PASSWORD = PASSWORD('passwd');
  • > show databases;
  • Cela affiche les bases de données en cours
• Test
• mysql -u root -ppasswd
• >
• > CREATE DATABASE zm; Query OK, 1 row affected (0.01 sec)
• > GRANT ALL PRIVILEGES ON zm.* TO 'zmuser'@'localhost' IDENTIFIED BY 'zmpass'; Query OK, 0 rows affected, 1 warning (0.01 sec)
• > FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
• > quit;
• Bye

/usr/local/etc]# mysql -u root -p zm < /usr/local/share/zoneminder/db/zm_create.sql
Enter password:

On relance mySQL

service mysql-server restart
Stopping mysql.
Waiting for PIDS: 1945.
Starting mysql.

        If you have chosen to change the ZoneMinder MySQL credentials to something
	other than zmuser/zmpass then you must now edit /usr/local/etc/zm.conf. Change
	ZM_DB_USER and ZM_DB_PASS to the values you created in the previous step.

Créer les répertoire pour les images et les events

cd /var/db/zoneminder/
mkdir images events
chown -R www:www events/ images/

Enable and start ZoneMinder

sysrc zoneminder_enable="YES"
zoneminder_enable:  -> YES

service zoneminder start

11/01/19 10:14:05.476867 zmpkg[8274].INF [main:57] [Command: start]
11/01/19 10:14:05.481977 zmpkg[8274].INF [main:305] [Sanity checking States table...]
11/01/19 10:14:05.487843 zmpkg[8274].INF [main:97] [Command: start]
11/01/19 10:14:07.419347 zmpkg[8274].INF [main:205] [Single server configuration detected. Starting up services.]

service zoneminder status

11/01/19 10:14:43.731289 zmpkg[8351].INF [main:57] [Command: status]
11/01/19 10:14:43.738010 zmpkg[8351].INF [main:305] [Sanity checking States table...]
11/01/19 10:14:43.739884 zmpkg[8351].INF [main:97] [Command: status]
running

1. Stop ZoneMinder
	service zoneminder stop

2. Upgrade database
	sudo -u www zmupdate.pl
	
3. Start ZoneMinder
	service zoneminder start

Upgrading from www/zoneminder 1.30.x or www/zoneminder-h264
=====================================================

Before proceeding to upgrade sequence listed above,

1. Connect to mysql server with root and issue
	set global log_bin_trust_function_creators=1;

2. Add write access to www user to /usr/local/etc/zoneminder/zmcustom.conf

3. Take notice, that default monitor files are not under ${WWWDIR} anymore.
	Old setup will work, but as security concideration it is recommended to
	move them to /var/db/zoneminder (default) or to any place not under www root.

Fin d'install

Si la préférence est l'installation de ZoneMiner par les dépôts !

portsnap fetch
portsnap extract
portsnap update
portsnap fetch update

cd /usr/ports/multimedia/zoneminder/ && make install clean

ERREURS

Lorsque l'on installe MariaDB par pkg, celui-ci désinstalle le paquet Zoneminder !

SOLUS
emplacement par défaut des bases de données : /var/db/mysql/
- j'ai viré MariaDB et installé

• mysql57-client-5.7.27
• mysql57-server-5.7.27

ERREUR

Au lancement du serveur mysql
service mysql-server start
j'avais cette erreur dans /var/db/mysql/asterix.err
[ERROR] InnoDB: The Auto-extending innodb_system data file '/var/db/mysql/ibdata1' is of a different size 4864
pages (rounded down to MB) than specified in the .cnf file: initial 8192 pages, max 0 (relevant if non-zero) pages!

SOLUS

• J'ai viré ibdata1 rm /var/db/mysql/ibdata1
• relancer service mysql-server start
• service mysql-server status –> mysql is running as pid 9405.
• ls /tmp/ –> mysql.sock
• reboot
• service mysql-server status –> mysql is running as pid 1960.

ERREURS

Installation des bases de données de base pour le fonctionnement de MySQL

/usr/local/bin/mysql_install_db
2019-10-29 16:00:06 [WARNING] mysql_install_db is deprecated. Please consider switching to mysqld --initialize
2019-10-29 16:00:06 [ERROR]   The data directory needs to be specified.

Configuration de MySQL à l'aide du script

mysql_secure_installation

mysql -u root -p zm < /usr/local/share/zoneminder/db/zm_create.sql
su: /usr/local/share/zoneminder/db/zm_create.sql: No such file or directory

SOLUS
zominder n'était pas complètement installé !

ERREURS

mysql -u root -p zm < /usr/local/share/zoneminder/db/zm_create.sql
Enter password:

MySQL – ERROR 1819 (HY000): Your password does not satisfy the current policy requirements. 
If you run into this error it's a strong indicator that the Password Validation Plugin is installed.
The quick and dirty way to fix this is to uninstall the plugin. You will need to be the root user in the database.

SOLUS

mysql -u root -p
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'MyNewPass';
mysql> SHOW VARIABLES LIKE 'validate_password%';
mysql> SET GLOABAL validate_password_lenghth = 6;
mysql> SET GLOABAL validate_password_mixed_case_count = 0;
mysql> SET GLOABAL validate_password_number_count = 0
mysql> SET GLOABAL validate_password_special_char_count = 0
mysql> SHOW VARIABLES LIKE 'validate_password%';

How To BSD