FreeBSD port

[abi]

I'm making port for FreeBSD and looks like I don't understand idea of ZM_CONTENTDIR.
From INSTALL - Location of dynamic content (events and images), default: /var/lib/zoneminder
From ZM description it is mentioned that folder is relative to web root.

From PHP files

Code: Select all

// Check for valid content dirs
if ( !is_writable(ZM_DIR_EVENTS) || !is_writable(ZM_DIR_IMAGES) )
{
Fatal( "Cannot write to content dirs('".ZM_DIR_EVENTS."','".ZM_DIR_IMAGES."'). Check that these exist and are owned by the web account user");
}

Default value of ZM_DIR_EVENTS is 'events', so this check looks for directory under www root. Until I created these directories I was gettng this error. So, why I need ZM_CONTENTDIR pointed elsewhere ? Should I point it to www root?

Also, FreeBSD lacks /dev/shm. Should I disable it entirely with ZM_NO_MMAP option or I can use tmpfs?

[knight-of-ni]

ZM_CONTENTDIR is simply the parent folder to zoneminder's images, events, and temp folders.

Typically, it exists udner /var/lib/zoneminder and gets symlinked to zoneminder's webroot folder.

Note that we have already defined a set of good cmake variables that work with freebsd:
https://github.com/ZoneMinder/ZoneMinde ... s.txt#L185

There is no need to choose different values for these unless you want to use a prefix of /usr rather than /usr/local

When building, simply call cmake like so:

Code: Select all

cmake -DZM_TARGET_DISTRO="FreeBSD" .

[abi]

I see, but I'd prefer to override them.
1. ZM_WEBDIR should point to /usr/local/www/zoneminder
2. Are there any reasons to keep zms not in /usr/local/www/zoneminder/cgi-bin?
3. ZM_CONTENTDIR from my point of view should point to directory relative to ZM_WEBDIR, but if images and events MUST be in ZM_WEBDIR, I think just to create them there without any symlinks.

What do you think about /dev/shm ? Disable it entirely or make notice to put directory under tmpfs?
Also, is polkit nesessary? I see rules are used for systemctl script. Looks like it's related to systemd....

[knight-of-ni]

I see, but I'd prefer to override them.
1. ZM_WEBDIR should point to /usr/local/www/zoneminder

It's all fine and good if you are building your own local copy of ZoneMinder. Feel free to put things where you please. However, if you create something that is intended to be distributed to others, you need to follow a standard, rather than makeup folder names that suit you personal preference. Imagine if every application in FreeBSD ports did that.

When choosing destination folders, a good place to start is the Filesystem Hierarchy Standard:
https://en.wikipedia.org/wiki/Filesyste ... y_Standard

Architecture independent shared data, belongs under /usr/share/{application}, but if we look at the exceptions below the table, we can see that FreeBSD makes an exception for its ports collection. So for the case of FreeBSD, the folder becomes /usr/local/share/{application} .

2. Are there any reasons to keep zms not in /usr/local/www/zoneminder/cgi-bin?

The best place to put zms is into its own cgi-bin folder, which should be here: /usr/local/libexec/zoneminder/cgi-bin
See the hierarchy standard previously referenced and also the FreeBSD handbook (https://www.freebsd.org/doc/handbook/dirstructure.html) for a definition of the "libexec" folder.

Alternatively, you could place it into the default cgi-bin folder defined by your webserver, but that is not optimal. That folder might not be the same for all web severs. Typically it is good idea to keep files from different applications or ports in separate folders.

3. ZM_CONTENTDIR from my point of view should point to directory relative to ZM_WEBDIR, but if images and events MUST be in ZM_WEBDIR, I think just to create them there without any symlinks.

No, the files should not reside under the webdir, because those files are generated by the application, and there is spot for generated files elsewhere in the filesystem, per the standards previously mentioned.

Also note that, in a future version of ZoneMinder, no generated files will be directly accessible from zoneminder's webdir. Storing files under the webdir is a known security risk, which is why we plan to change it. You will save yourself future work if you follow the same steps all the other distros have taken by storing the files under /usr/local/var/lib/zoneminder (CONTENTDIR) and symlink the folder into the webdir. That way you simply remove the symlinks in the future version of zoneminder.

What do you think about /dev/shm ? Disable it entirely or make notice to put directory under tmpfs?

On Linux /dev/shm is simply a tmpfs with a virtual device name. For FreeBSD, you should use a tmpfs as well. I'm looking at the FreeBSD 10.2 vm I recently created and it does not already have a tmpfs setup so it looks like you might have to do some work there to get one going for ZoneMinder.

Also, is polkit nesessary? I see rules are used for systemctl script. Looks like it's related to systemd....

Polkit is needed in a systemd environment in order to allow ZoneMinder to restart itself from the web console without causing problems. ZoneMinder autodetects if init or systemd is running so you don't have to patch the source to get it to work.

To answer the question of whether or not you need polkit, you need to know the answer to the following. Can one restart zoneminder from the web console without pissing off the init daemon. Sys v init does not care, systemd will mark the application as crashed and cause subsequent start/restart problems, and I don't know what launchd does.

To find out, with zoneminder running, restart if from the command line exactly like so:

Code: Select all

zmpkg.pl restart

It should appear to restart. Now go query the init daemon to see what it thinks is the status:

Code: Select all

service zoneminder status

I think that is how one checks on FreeBSd. Provided the status is good, then you don't need polkit.

[abi]

Architecture independent shared data, belongs under /usr/share/{application}, but if we look at the exceptions below the table, we can see that FreeBSD makes an exception for its ports collection. So for the case of FreeBSD, the folder becomes /usr/local/share/{application} .

True, however scripts, indended to be executed by web servers go to /usr/local/www/<portname> . Entire port collection follows this rule.

Storing files under the webdir is a known security risk

This is the question of webserver settings. And, btw, ZMNinja relies on this.

storing the files under /usr/local/var/lib/zoneminder (CONTENTDIR)

This is changing files, better to place them to /var, actually. /var/zoneminder should do the trick.

symlink the folder into the webdir

Will fail under chrooted php-fpm.

For FreeBSD, you should use a tmpfs as well. I'm looking at the FreeBSD 10.2 vm I recently created and it does not already have a tmpfs setup so it looks like you might have to do some work there to get one going for ZoneMinder.

I think, tmpfs directory is needed for that. It can be system /tmp or something else. Mount something into /dev is not good.

To answer the question of whether or not you need polkit, you need to know the answer to the following.

Yep, already tested it. polkit is not needed, however, cmake is unhappy if it's not available. I think, I should patch source.

I propose:
1. php files goes to /usr/local/www
2. cgi file is ELF, so it goes to /usr/local/libexec
3. image folder is a big thing, better to go to /var/zoneminder
4. /dev/shm goes to /tmp (at least it works, however performance is very poor) and note added that this folder should be tmpfs. Port can't change fstab by itself anyway. Or we can use /var/tmp/zm for that ?