From e78868121aef3dde3bbf8881c2f7c97212dc3d8e Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Mon, 4 Mar 2024 23:37:08 +0000 Subject: [PATCH 01/25] Update ffmpeg to 6.1.1 On Ubuntu 23.10, FFmpeg won't build due to the issue which is now solved in upstream FFmpeg, see https://trac.ffmpeg.org/ticket/10405 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/effadce6c756247ea8bae32dc13bb3e6f464f0eb --- misc/libav | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/libav b/misc/libav index 1529dfb7..e38092ef 160000 --- a/misc/libav +++ b/misc/libav @@ -1 +1 @@ -Subproject commit 1529dfb73a5157dcb8762051ec4c8d8341762478 +Subproject commit e38092ef9395d7049f871ef4d5411eb410e283e0 From 1807f602f182b81166fca692f7458874e0ead09b Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Thu, 7 Mar 2024 11:34:48 +0000 Subject: [PATCH 02/25] Fix build error lavf_device.cpp: In member function 'virtual int lavf_device::start()': lavf_device.cpp:102:49: error: invalid conversion from 'const AVInputFormat*' to 'AVInputFormat*' [-fpermissive] 102 | input_fmt = av_find_input_format("mjpeg"); | ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~ | | | const AVInputFormat* --- lib/lavf_device.cpp | 2 +- lib/v4l2_device_solo6x10.cpp | 2 +- lib/v4l2_device_tw5864.cpp | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/lavf_device.cpp b/lib/lavf_device.cpp index 324ea465..d32afab5 100644 --- a/lib/lavf_device.cpp +++ b/lib/lavf_device.cpp @@ -77,7 +77,7 @@ int lavf_device::start() if (ctx) return 0; AVDictionary *avopt_open_input = NULL; - AVInputFormat *input_fmt = NULL; + const AVInputFormat *input_fmt = NULL; bc_log(Debug, "Opening session from URL: %s", url); diff --git a/lib/v4l2_device_solo6x10.cpp b/lib/v4l2_device_solo6x10.cpp index 83bc4354..5281b896 100644 --- a/lib/v4l2_device_solo6x10.cpp +++ b/lib/v4l2_device_solo6x10.cpp @@ -235,7 +235,7 @@ int v4l2_device_solo6x10::start() av_dict_set(&open_opts, "input_format", fmtname, 0); av_dict_set(&open_opts, "format_whitelist", "v4l2", 0); - AVInputFormat *input_fmt = av_find_input_format("v4l2"); + const AVInputFormat *input_fmt = av_find_input_format("v4l2"); if (!input_fmt) { bc_log(Error, "v4l2 input format not found"); return -1; diff --git a/lib/v4l2_device_tw5864.cpp b/lib/v4l2_device_tw5864.cpp index 18704ebf..25bbfb35 100644 --- a/lib/v4l2_device_tw5864.cpp +++ b/lib/v4l2_device_tw5864.cpp @@ -242,7 +242,7 @@ int v4l2_device_tw5864::start() av_dict_set(&open_opts, "input_format", "h264", 0); av_dict_set(&open_opts, "format_whitelist", "v4l2", 0); - AVInputFormat *input_fmt = av_find_input_format("v4l2"); + const AVInputFormat *input_fmt = av_find_input_format("v4l2"); if (!input_fmt) { bc_log(Error, "v4l2 input format not found"); return -1; From b6beb714064c9feeaef1612ae517a300b93df615 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Thu, 7 Mar 2024 11:56:09 +0000 Subject: [PATCH 03/25] Fix build error media_writer.cpp: In member function 'int media_writer::open(const string&, const stream_properties&)': media_writer.cpp:281:50: error: invalid conversion from 'const AVOutputFormat*' to 'AVOutputFormat*' [-fpermissive] 281 | AVOutputFormat *fmt_out = av_guess_format("mp4", NULL, "video/mp4"); | ~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~ | | | const AVOutputFormat* --- server/media_writer.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/media_writer.cpp b/server/media_writer.cpp index da52c946..b88d6a6b 100644 --- a/server/media_writer.cpp +++ b/server/media_writer.cpp @@ -278,7 +278,7 @@ int media_writer::open(const std::string &path, const stream_properties &propert AVCodec *codec; /* Get the output format */ - AVOutputFormat *fmt_out = av_guess_format("mp4", NULL, "video/mp4"); + const AVOutputFormat *fmt_out = av_guess_format("mp4", NULL, "video/mp4"); if (fmt_out == NULL) { bc_log(Error, "media_writer: MP4 output format is not found!"); @@ -707,4 +707,4 @@ int snapshot_writer::write_frame(AVFrame *rawFrame) /////////////////////////////////////////////////////////////// // S.K. >> END-OF: Implementation of separated snapshot writer -/////////////////////////////////////////////////////////////// \ No newline at end of file +/////////////////////////////////////////////////////////////// From 3b225ca26186ae98ac4d60bbbd70a46934bfb7c8 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 7 Jun 2024 17:04:47 +0100 Subject: [PATCH 04/25] Drop utils/rtsp-record.c Not in use. --- utils/rtsp-record.c | 225 -------------------------------------------- 1 file changed, 225 deletions(-) delete mode 100644 utils/rtsp-record.c diff --git a/utils/rtsp-record.c b/utils/rtsp-record.c deleted file mode 100644 index 53717a46..00000000 --- a/utils/rtsp-record.c +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright 2010-2019 Bluecherry, LLC - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License as - * published by the Free Software Foundation; either version 2 of - * the License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -static void usage(void) -{ - fprintf(stderr, "Usage: rtsp-record rtsp://[USERINFO@]" - "SERVER[:PORT]/ output_file.mkv\n\n"); - exit(EXIT_FAILURE); -} - -/* Fake H.264 encoder for libavcodec. We're only muxing video, never reencoding, - * so a real encoder isn't neeeded, but one must be present for the process to - * succeed. ffmpeg does not support h264 encoding without libx264, which is GPL. - */ - -static int fake_h264_init(AVCodecContext *ctx) -{ - return 0; -} - -static int fake_h264_close(AVCodecContext *ctx) -{ - return 0; -} - -static int fake_h264_frame(AVCodecContext *ctx, uint8_t *buf, int bufsize, void *data) -{ - return -1; -} - -AVCodec fake_h264_encoder = { - .name = "fakeh264", - .type = AVMEDIA_TYPE_VIDEO, - .id = AV_CODEC_ID_H264, - .priv_data_size = 0, - .init = fake_h264_init, - .encode = fake_h264_frame, - .close = fake_h264_close, - .capabilities = CODEC_CAP_DELAY, - .pix_fmts = (const enum PixelFormat[]) { AV_PIX_FMT_YUV420P, AV_PIX_FMT_YUVJ420P, AV_PIX_FMT_NONE }, - .long_name = "Fake H.264 Encoder for RTP Muxing", -}; - -AVFormatContext *in_ctx; -AVFormatContext *out_ctx; -AVOutputFormat *fmt_out; -AVStream *vst; -int video_stream_index = -1; - -void setup_output(const char *file); - -int main(int argc, char* argv[]) -{ - int opt; - char *url; - - while ((opt = getopt(argc, argv, "h")) != -1) { - switch (opt) { - case 'h': - default: - usage(); - } - } - - if (argc <= (optind+1)) - usage(); - - url = argv[optind++]; - - avcodec_register(&fake_h264_encoder); - av_register_all(); - av_log_set_level(AV_LOG_DEBUG); - - if (avformat_open_input(&in_ctx, url, NULL, NULL) != 0) { - fprintf(stderr, "Could not open URI\n"); - exit(1); - } - - if (avformat_find_stream_info(in_ctx, NULL) < 0) { - fprintf(stderr, "Could not find stream info\n"); - exit(1); - } - - av_dump_format(in_ctx, 0, url, 0); - - setup_output(argv[optind]); - - AVPacket packet, opacket; - int cnt = 0, re; - while ((re = av_read_frame(in_ctx, &packet)) >= 0) { - if (packet.stream_index != video_stream_index) - continue; - av_init_packet(&opacket); - opacket.data = packet.data; - opacket.size = packet.size; - /* For all output framerate issues, look here. */ - opacket.pts = av_rescale_q(packet.pts, (AVRational){1, 90000}, vst->time_base); - opacket.flags = packet.flags; - opacket.stream_index = vst->index; - if (av_write_frame(out_ctx, &opacket)) { - fprintf(stderr, "Error writing video frame\n"); - } - - if (++cnt == 500) - break; - } - - printf("End; last return value %d\n", re); - av_write_trailer(out_ctx); - - exit(0); -} - -void setup_output(const char *file) -{ - AVCodec *codec = 0; - - fmt_out = av_guess_format(NULL, file, NULL); - if (!fmt_out) { - fprintf(stderr, "Could not guess output format\n"); - exit(1); - } - - out_ctx = avformat_alloc_context(); - if (!out_ctx) { - fprintf(stderr, "Could not alloc context\n"); - exit(1); - } - - out_ctx->oformat = fmt_out; - snprintf(out_ctx->filename, sizeof(out_ctx->filename), "%s", file); - - vst = avformat_new_stream(out_ctx, 0); - if (!vst) { - fprintf(stderr, "Could not add video stream\n"); - exit(1); - } - - int i; - for (i = 0; i < in_ctx->nb_streams; ++i) { - if (in_ctx->streams[i]->codecpar->codec_type != AVMEDIA_TYPE_VIDEO) - continue; - - printf("Found video codec!\n"); - video_stream_index = i; - - AVCodecContext *ic = in_ctx->streams[i]->codec; - codec = avcodec_find_encoder(in_ctx->streams[i]->codecpar->codec_id); - vst->codec->codec_id = ic->codec_id; - vst->codec->codec_type = ic->codec_type; - vst->codec->pix_fmt = ic->pix_fmt; - vst->codec->width = ic->width; - vst->codec->height = ic->height; - vst->codec->time_base = ic->time_base; - - break; - } - - if (out_ctx->oformat->flags & AVFMT_GLOBALHEADER) - vst->codec->flags |= CODEC_FLAG_GLOBAL_HEADER; - -#if 0 - if (rs->tid_a >= 0 || rs->aud_port >= 0) { - ast = avformat_new_stream(out_ctx, 1); - if (!ast) { - fprintf(stderr, "Could not add audio stream\n"); - exit(1); - } - - ast->codec->codec_id = rs->aud_codec; - ast->codec->codec_type = CODEC_TYPE_AUDIO; - ast->codec->bit_rate = rs->bitrate; - ast->codec->sample_rate = rs->samplerate; - ast->codec->channels = rs->channels; - ast->codec->time_base = (AVRational){1, rs->samplerate}; - - if (out_ctx->oformat->flags & AVFMT_GLOBALHEADER) - ast->codec->flags |= CODEC_FLAG_GLOBAL_HEADER; - } -#endif - - if (av_set_parameters(out_ctx, NULL) < 0) { - fprintf(stderr, "Could not set params\n"); - exit(1); - } - - if (codec == NULL || avcodec_open(vst->codec, codec) < 0) { - fprintf(stderr, "Could not open video encoder\n"); - exit(1); - } - - if (avio_open(&out_ctx->pb, file, AVIO_FLAG_WRITE) < 0) { - fprintf(stderr, "Could not open outfile\n"); - exit(1); - } - - av_write_header(out_ctx); -} From 509b537041a1265397df2f92012615187a11b1f4 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 7 Jun 2024 17:06:20 +0100 Subject: [PATCH 05/25] Drop fakeh264 It's not obvious that this hack is still in use. Muxing without reencoding should be possible with current ffmpeg API so the original explanation is moot. --- server/ffmpeg-init.c | 43 ------------------------------------------- 1 file changed, 43 deletions(-) diff --git a/server/ffmpeg-init.c b/server/ffmpeg-init.c index 1a0e4440..f58167a6 100644 --- a/server/ffmpeg-init.c +++ b/server/ffmpeg-init.c @@ -25,48 +25,6 @@ #include #include "logc.h" -/* Fake H.264 encoder for libavcodec. We're only muxing video, never reencoding, - * so a real encoder isn't neeeded, but one must be present for the process to - * succeed. ffmpeg does not support h264 encoding without libx264, which is GPL. - */ -static int fake_h264_init(AVCodecContext *ctx) -{ - (void)ctx; - return 0; -} - -static int fake_h264_close(AVCodecContext *ctx) -{ - (void)ctx; - return 0; -} - -static int fake_h264_frame(AVCodecContext *ctx, AVPacket *avpkt, - const AVFrame *frame, int *got_packet_ptr) -{ - (void)ctx; - (void)avpkt; - (void)frame; - (void)got_packet_ptr; - return -1; -} - -static AVCodec fake_h264_encoder = { - .name = "fakeh264", - .long_name = "Fake H.264 Encoder for RTP Muxing", - .type = AVMEDIA_TYPE_VIDEO, - .id = AV_CODEC_ID_H264, - .priv_data_size = 0, - .init = fake_h264_init, - .encode2 = fake_h264_frame, - .close = fake_h264_close, - .pix_fmts = (const enum AVPixelFormat[]) { - AV_PIX_FMT_YUV420P, - AV_PIX_FMT_YUVJ420P, - AV_PIX_FMT_NONE - }, -}; - /* Warning: Must be reentrant; this may be called from many device threads at * once */ @@ -124,7 +82,6 @@ void bc_ffmpeg_init() exit(1); } - avcodec_register(&fake_h264_encoder); // deprecated av_register_all(); // deprecated avfilter_register_all(); // deprecated avformat_network_init(); From ec59f9e37cd165b4c5fcac9816f662653eca5355 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 7 Jun 2024 17:12:59 +0100 Subject: [PATCH 06/25] Drop obsolete ffmpeg *_register_all() API calls which no longer exist --- server/ffmpeg-init.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/ffmpeg-init.c b/server/ffmpeg-init.c index f58167a6..39bf92a1 100644 --- a/server/ffmpeg-init.c +++ b/server/ffmpeg-init.c @@ -82,11 +82,8 @@ void bc_ffmpeg_init() exit(1); } - av_register_all(); // deprecated - avfilter_register_all(); // deprecated avformat_network_init(); avdevice_register_all(); - avcodec_register_all(); // deprecated av_log_set_callback(av_log_cb); } From edc6b21db3b1f4047ccc5f440cfade187be12bb4 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 7 Jun 2024 17:15:01 +0100 Subject: [PATCH 07/25] Drop av_lockmgr setup This API was obsoleted and doesn't exist anymore: 2017-12-26 - a04c2c707d - lavc 58.9.100 - avcodec.h Deprecate av_lockmgr_register(). You need to build FFmpeg with threading support enabled to get basic thread-safety (which is the default build configuration). --- server/ffmpeg-init.c | 32 +------------------------------- 1 file changed, 1 insertion(+), 31 deletions(-) diff --git a/server/ffmpeg-init.c b/server/ffmpeg-init.c index 39bf92a1..ab634020 100644 --- a/server/ffmpeg-init.c +++ b/server/ffmpeg-init.c @@ -50,38 +50,8 @@ static void av_log_cb(void *avcl, int level, const char *fmt, va_list ap) bc_vlog(bc_level, msg, ap); } -static int bc_av_lockmgr(void **mutex_p, enum AVLockOp op) -{ - pthread_mutex_t **mutex = (pthread_mutex_t**)mutex_p; - switch (op) { - case AV_LOCK_CREATE: - *mutex = (pthread_mutex_t*)malloc(sizeof(pthread_mutex_t)); - if (!*mutex) - return 1; - return !!pthread_mutex_init(*mutex, NULL); - - case AV_LOCK_OBTAIN: - return !!pthread_mutex_lock(*mutex); - - case AV_LOCK_RELEASE: - return !!pthread_mutex_unlock(*mutex); - - case AV_LOCK_DESTROY: - pthread_mutex_destroy(*mutex); - free(*mutex); - return 0; - } - - return 1; -} - void bc_ffmpeg_init() { - if (av_lockmgr_register(bc_av_lockmgr)) { - bc_log(Fatal, "libav lock registration failed"); - exit(1); - } - avformat_network_init(); avdevice_register_all(); @@ -90,5 +60,5 @@ void bc_ffmpeg_init() void bc_ffmpeg_teardown() { - av_lockmgr_register(NULL); // deprecated + ; } From 5fd464f0f73be9122430fe336dcf36b7dc2d6709 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 7 Jun 2024 17:31:59 +0100 Subject: [PATCH 08/25] Don't fail install if onvif_tool is missing --- utils/BCMK | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/BCMK b/utils/BCMK index 915f7580..c762ea9d 100644 --- a/utils/BCMK +++ b/utils/BCMK @@ -28,4 +28,4 @@ clean: install: licensecmd ptzcmd $(INSTALL_PROG) -D licensecmd $(DESTDIR)$(libexec_dir)/licensecmd $(INSTALL_PROG) -D ptzcmd $(DESTDIR)$(libexec_dir)/ptzcmd - $(INSTALL_PROG) -D onvif_tool $(DESTDIR)$(libexec_dir)/onvif_tool + $(INSTALL_PROG) -D onvif_tool $(DESTDIR)$(libexec_dir)/onvif_tool || true From 29eaba6f53876cf8356a7448de545b7854ab07fb Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Mon, 10 Jun 2024 23:46:50 +0100 Subject: [PATCH 09/25] installer: support Ubuntu 24.04 --- installer/v3.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index 73ed763d..1611c1bf 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -91,6 +91,12 @@ jammy_install() systemctl restart bluecherry } +# Ubuntu 24.04 +noble_install() +{ + jammy_install +} + centos_7_install() { setenforce 0 @@ -165,9 +171,10 @@ if [[ "$ID" == "ubuntu" && "$VERSION_ID" == "18.04" && "$VERSION_CODENAME" == elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "20.10" && "$VERSION_CODENAME" == "groovy" ]]; then groovy_install; elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "20.04" && "$VERSION_CODENAME" == "focal" ]]; then focal_install; elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "22.04" && "$VERSION_CODENAME" == "jammy" ]]; then jammy_install; +elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "24.04" && "$VERSION_CODENAME" == "noble" ]]; then noble_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "10" && "$VERSION_CODENAME" == "buster" ]]; then buster_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "11" && "$VERSION_CODENAME" == "bullseye" ]]; then bullseye_install; elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy else - echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy) and Debian 10 (Buster), Linux Mint 21.1 (Vera) for unstable testing" + echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble) and Debian 10 (Buster), Linux Mint 21.1 (Vera) for unstable testing" fi From 67a571d1b8db13b0eb96217b47f7dd9cf551c36b Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Tue, 11 Jun 2024 00:09:09 +0100 Subject: [PATCH 10/25] installer: support Debian 12 --- installer/v3.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index 1611c1bf..d5fa4a39 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -138,6 +138,12 @@ bullseye_install() apt-get -y install mariadb-server bluecherry } +# Debian 12 +bookworm_install() +{ + bullseye_install +} + check_distro() { if [[ -e /etc/lsb-release ]] @@ -174,7 +180,8 @@ elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "22.04" && "$VERSION_CODENAME" == elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "24.04" && "$VERSION_CODENAME" == "noble" ]]; then noble_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "10" && "$VERSION_CODENAME" == "buster" ]]; then buster_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "11" && "$VERSION_CODENAME" == "bullseye" ]]; then bullseye_install; +elif [[ "$ID" == "debian" && "$VERSION_ID" == "12" && "$VERSION_CODENAME" == "bookworm" ]]; then bookworm_install; elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy else - echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble) and Debian 10 (Buster), Linux Mint 21.1 (Vera) for unstable testing" + echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera) for unstable testing" fi From 6f4a9042cf47b188aa927c27fabf071261c78afb Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Tue, 11 Jun 2024 00:22:08 +0100 Subject: [PATCH 11/25] Add nginx configs for Ubuntu 24.04, Debian 12 --- nginx-configs/php/bookworm.conf | 10 ++++++++++ nginx-configs/php/noble.conf | 1 + 2 files changed, 11 insertions(+) create mode 100644 nginx-configs/php/bookworm.conf create mode 120000 nginx-configs/php/noble.conf diff --git a/nginx-configs/php/bookworm.conf b/nginx-configs/php/bookworm.conf new file mode 100644 index 00000000..b11766ff --- /dev/null +++ b/nginx-configs/php/bookworm.conf @@ -0,0 +1,10 @@ + location ~ \.php$ { + fastcgi_pass unix:/run/php/php8.2-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi.conf; + set $path_info $fastcgi_path_info; + fastcgi_read_timeout 300; + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_index index.php; + } diff --git a/nginx-configs/php/noble.conf b/nginx-configs/php/noble.conf new file mode 120000 index 00000000..45baf05a --- /dev/null +++ b/nginx-configs/php/noble.conf @@ -0,0 +1 @@ +bookworm.conf \ No newline at end of file From 35497a3db8bd65e9bd94c57d77398325f6450938 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Wed, 12 Jun 2024 15:17:57 +0100 Subject: [PATCH 12/25] Don't pip-install certbot for Debian 12 and Ubuntu 24.04 --- debian/control.in | 1 + misc/postinstall.sh | 38 +++++++++++++++++++++++++------------- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/debian/control.in b/debian/control.in index 78983b05..2df4d69a 100644 --- a/debian/control.in +++ b/debian/control.in @@ -27,6 +27,7 @@ Depends: ${shlibs:Depends}, ssl-cert, ucf, curl, sysstat, vainfo, i965-va-driver, cron, + certbot, # python3-pip, #focal php-sqlite3, php-gd, php-curl, php-mysql #jammy php-sqlite3, php-gd, php-curl, php-mysql diff --git a/misc/postinstall.sh b/misc/postinstall.sh index 76067395..96caf10a 100755 --- a/misc/postinstall.sh +++ b/misc/postinstall.sh @@ -82,14 +82,34 @@ function stop_nginx function install_pip { -if [[ $(cat /etc/os-release | grep "UBUNTU" | grep bionic) ]] - then + source /etc/os-release + if [[ "$ID" == ubuntu ]] && [[ "$VERSION_CODENAME" == bionic ]]; then wget --output-document=/tmp/get-pip.py https://bootstrap.pypa.io/pip/3.6/get-pip.py + python3 /tmp/get-pip.py else wget --output-document=/tmp/get-pip.py https://bootstrap.pypa.io/get-pip.py -fi - python3 /tmp/get-pip.py + python3 /tmp/get-pip.py + fi +} + +function install_certbot +{ + source /etc/os-release + if [[ "$ID" == ubuntu ]] && [[ "$VERSION_CODENAME" == noble ]]; then + echo 'For Ubuntu 24.04 (noble) we rely on packaged certbot' + return + elif [[ "$ID" == debian ]] && [[ "$VERSION_CODENAME" == bookworm ]]; then + echo 'For Debian 12 (bookworm) we rely on packaged certbot' + return + fi + + install_pip + # Install pip3 dependencies + /usr/local/bin/pip3 install --user --upgrade setuptools_rust certbot certbot-dns-subdomain-provider + /usr/local/bin/pip3 install --user --upgrade pip + /usr/local/bin/pip3 install --user --upgrade cryptography + /usr/local/bin/pip3 install pyopenssl --upgrade } function start_apache @@ -407,16 +427,8 @@ case "$1" in if test -f "/usr/share/bluecherry/nginx-includes/subdomain.conf"; then sed -i 's/snakeoil.conf/subdomain.conf/g' /etc/nginx/sites-enabled/bluecherry.conf fi - -# Install pip from bootstrap - - install_pip - # Install pip3 dependencies - /usr/local/bin/pip3 install --user --upgrade setuptools_rust certbot certbot-dns-subdomain-provider - /usr/local/bin/pip3 install --user --upgrade pip - /usr/local/bin/pip3 install --user --upgrade cryptography - /usr/local/bin/pip3 install pyopenssl --upgrade + install_certbot # Install crontabs for subdomain renewal and SSL renewal using certbot crontab -l 2>/dev/null || true; printf "* * */5 * * certbot renew --config-dir=/usr/share/bluecherry/nginx-includes/letsencrypt/ >/dev/null 2>&1\n*/5 * * * * curl -k https://localhost:7001/subdomainprovidercron >/dev/null 2>&1\n" | crontab - From 3bec9ceac04dd36ad28f98bfc22ccd12af43e266 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 28 Jun 2024 16:17:35 +0100 Subject: [PATCH 13/25] postinstall: rely on system packages for certbot on Ubuntu 23.10 and if installing pip fails --- misc/postinstall.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/misc/postinstall.sh b/misc/postinstall.sh index 96caf10a..1a618d4a 100755 --- a/misc/postinstall.sh +++ b/misc/postinstall.sh @@ -98,12 +98,16 @@ function install_certbot if [[ "$ID" == ubuntu ]] && [[ "$VERSION_CODENAME" == noble ]]; then echo 'For Ubuntu 24.04 (noble) we rely on packaged certbot' return + elif [[ "$ID" == ubuntu ]] && [[ "$VERSION_CODENAME" == mantic ]]; then + echo 'For Ubuntu 23.10 (mantic) we rely on packaged certbot' + return elif [[ "$ID" == debian ]] && [[ "$VERSION_CODENAME" == bookworm ]]; then echo 'For Debian 12 (bookworm) we rely on packaged certbot' return fi - install_pip + # Ubuntu 23+, Debian 12 make this step fail. Fall back to system package. + install_pip || return # Install pip3 dependencies /usr/local/bin/pip3 install --user --upgrade setuptools_rust certbot certbot-dns-subdomain-provider From 9b875107cf0aa25c101a4e71ebf7822be98e71ac Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 28 Jun 2024 16:19:38 +0100 Subject: [PATCH 14/25] installer: support Ubuntu 23.10 --- installer/v3.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index d5fa4a39..81f3e3fd 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -91,6 +91,12 @@ jammy_install() systemctl restart bluecherry } +# Ubuntu 23.10 +mantic_install() +{ + jammy_install +} + # Ubuntu 24.04 noble_install() { @@ -177,11 +183,12 @@ if [[ "$ID" == "ubuntu" && "$VERSION_ID" == "18.04" && "$VERSION_CODENAME" == elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "20.10" && "$VERSION_CODENAME" == "groovy" ]]; then groovy_install; elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "20.04" && "$VERSION_CODENAME" == "focal" ]]; then focal_install; elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "22.04" && "$VERSION_CODENAME" == "jammy" ]]; then jammy_install; +elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "23.10" && "$VERSION_CODENAME" == "mantic" ]]; then mantic_install; elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "24.04" && "$VERSION_CODENAME" == "noble" ]]; then noble_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "10" && "$VERSION_CODENAME" == "buster" ]]; then buster_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "11" && "$VERSION_CODENAME" == "bullseye" ]]; then bullseye_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "12" && "$VERSION_CODENAME" == "bookworm" ]]; then bookworm_install; elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy else - echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera) for unstable testing" + echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 23.10 (Mantic), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera) for unstable testing" fi From 8f4046845cd934e3741dab1461f6b161a5dd506b Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 28 Jun 2024 23:02:46 +0100 Subject: [PATCH 15/25] ffmpeg: add TLS protocol explicitly to the bundled build Because of this warning which is shown at build time: WARNING: Disabled https_protocol because some selected dependency is unsatisfied: tls_protocol --- misc/BCMK | 1 + 1 file changed, 1 insertion(+) diff --git a/misc/BCMK b/misc/BCMK index 89edf40e..89066380 100644 --- a/misc/BCMK +++ b/misc/BCMK @@ -63,6 +63,7 @@ libav/config.mak: --enable-protocol=pipe \ --enable-protocol=http \ --enable-protocol=https \ + --enable-protocol=tls \ \ --enable-muxer=matroska \ --enable-muxer=mjpeg \ From 3d04f6158fe9458f58e61e95c51fc272a6665817 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Mon, 1 Jul 2024 01:20:18 +0100 Subject: [PATCH 16/25] installer: don't enable ppa:ondrej/php on Ubuntu 23.10 (mantic) Because it makes apt update fail: + apt -y update ... Hit:10 http://archive.ubuntu.com/ubuntu mantic-updates InRelease Ign:11 https://ppa.launchpadcontent.net/ondrej/php/ubuntu mantic InRelease Err:12 https://ppa.launchpadcontent.net/ondrej/php/ubuntu mantic Release 404 Not Found [IP: 185.125.190.80 443] Reading package lists... Done E: The repository 'https://ppa.launchpadcontent.net/ondrej/php/ubuntu mantic Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. --- installer/v3.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index 81f3e3fd..9fa718e8 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -94,7 +94,18 @@ jammy_install() # Ubuntu 23.10 mantic_install() { - jammy_install + # Differences from jammy: + # Don't add ppa:ondrej/php, it fails for Mantic. + apt-get update + apt -y install gpg software-properties-common wget + wget -q https://dl.bluecherrydvr.com/key/bluecherry.asc -O- | sudo tee /etc/apt/trusted.gpg.d/bluecherry.asc + VERSION_CODENAME=mantic + : "${SRCLIST_URL:=https://dl.bluecherrydvr.com/sources.list.d/bluecherry-"$VERSION_CODENAME"-unstable.list}" + wget --output-document=/etc/apt/sources.list.d/bluecherry-"$VERSION_CODENAME".list "$SRCLIST_URL" + apt -y update + apt -y install php7.4-fpm php7.4-sqlite3 php7.4-curl php7.4-mysql php7.4-gd php-mail php-mail-mime php-mysql php7.4-fpm php7.4-mysql + apt -y install bluecherry + systemctl restart bluecherry } # Ubuntu 24.04 From c8428c5b70d678bc4cde85744bd1e8f3cf3ab935 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Mon, 1 Jul 2024 02:06:37 +0100 Subject: [PATCH 17/25] installer: Try to not explicitly install php packages in Ubuntu 23.10 --- installer/v3.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index 9fa718e8..214d3a8f 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -96,6 +96,7 @@ mantic_install() { # Differences from jammy: # Don't add ppa:ondrej/php, it fails for Mantic. + # Don't explicitly state which php packages to install apt-get update apt -y install gpg software-properties-common wget wget -q https://dl.bluecherrydvr.com/key/bluecherry.asc -O- | sudo tee /etc/apt/trusted.gpg.d/bluecherry.asc @@ -103,7 +104,6 @@ mantic_install() : "${SRCLIST_URL:=https://dl.bluecherrydvr.com/sources.list.d/bluecherry-"$VERSION_CODENAME"-unstable.list}" wget --output-document=/etc/apt/sources.list.d/bluecherry-"$VERSION_CODENAME".list "$SRCLIST_URL" apt -y update - apt -y install php7.4-fpm php7.4-sqlite3 php7.4-curl php7.4-mysql php7.4-gd php-mail php-mail-mime php-mysql php7.4-fpm php7.4-mysql apt -y install bluecherry systemctl restart bluecherry } From 7a6229e9f83d5ef68e18dc098cd47e196941af79 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Mon, 1 Jul 2024 10:35:35 +0100 Subject: [PATCH 18/25] Use generic nginx php config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is preferable to not have to add such a file for every distro - a lot of work and risk of manual error. Encountered this error while testing Ubuntu 23.10 (Mantic). Setting up nginx (1.24.0-1ubuntu1) ... Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details. invoke-rc.d: initscript nginx, action "start" failed. × nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled) Active: failed (Result: exit-code) since Mon 2024-07-01 01:10:56 UTC; 8ms ago Docs: man:nginx(8) Process: 12474 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE) CPU: 5ms Jul 01 01:10:56 ubuntu-23-10-p systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server... Jul 01 01:10:56 ubuntu-23-10-p nginx[12474]: 2024/07/01 01:10:56 [emerg] 12474#12474: open() "/usr/share/bluecherry/nginx-includes/mantic.conf" failed (2: No such file or directory) in /etc/nginx/sites-enabled/bluecherry.conf:12 Jul 01 01:10:56 ubuntu-23-10-p nginx[12474]: nginx: configuration file /etc/nginx/nginx.conf test failed Jul 01 01:10:56 ubuntu-23-10-p systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE Jul 01 01:10:56 ubuntu-23-10-p systemd[1]: nginx.service: Failed with result 'exit-code'. Jul 01 01:10:56 ubuntu-23-10-p systemd[1]: Failed to start nginx.service - A high performance web server and a reverse proxy server. dpkg: error processing package nginx (--configure): installed nginx package post-installation script subprocess returned error exit status 1 ... dpkg: dependency problems prevent configuration of bluecherry: bluecherry depends on nginx; however: Package nginx is not configured yet. dpkg: error processing package bluecherry (--configure): dependency problems - leaving unconfigured --- nginx-configs/bluecherry.conf | 2 +- nginx-configs/php/bionic.conf | 3 ++- nginx-configs/php/bookworm.conf | 1 + nginx-configs/php/bullseye.conf | 1 + nginx-configs/php/buster.conf | 1 + nginx-configs/php/focal.conf | 1 + nginx-configs/php/groovy.conf | 1 + nginx-configs/php/hirsute.conf | 1 + nginx-configs/php/jammy.conf | 1 + nginx-configs/php/php-generic.conf | 11 ++++++++ nginx-configs/snakeoil.conf | 2 ++ scripts/build_helper/post_make_install.sh | 32 +++-------------------- 12 files changed, 26 insertions(+), 31 deletions(-) create mode 100644 nginx-configs/php/php-generic.conf create mode 100644 nginx-configs/snakeoil.conf diff --git a/nginx-configs/bluecherry.conf b/nginx-configs/bluecherry.conf index 1a6c4138..f4e303cb 100644 --- a/nginx-configs/bluecherry.conf +++ b/nginx-configs/bluecherry.conf @@ -9,7 +9,7 @@ server { access_log /var/log/nginx/bluecherry-access.log; include /usr/share/bluecherry/nginx-includes/snakeoil.conf; - include /usr/share/bluecherry/nginx-includes/__BLUECHERRY_DIST_CODENAME__.conf; + include /usr/share/bluecherry/nginx-includes/php-generic.conf; # this is required for letsencrypt www challange location /.well-known/ { diff --git a/nginx-configs/php/bionic.conf b/nginx-configs/php/bionic.conf index ae03b5dd..3029440e 100644 --- a/nginx-configs/php/bionic.conf +++ b/nginx-configs/php/bionic.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; @@ -7,4 +8,4 @@ fastcgi_param PATH_INFO $path_info; fastcgi_param SCRIPT_FILENAME $document_root/index.php; fastcgi_index index.php; - } \ No newline at end of file + } diff --git a/nginx-configs/php/bookworm.conf b/nginx-configs/php/bookworm.conf index b11766ff..24deb449 100644 --- a/nginx-configs/php/bookworm.conf +++ b/nginx-configs/php/bookworm.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/bullseye.conf b/nginx-configs/php/bullseye.conf index 1ea15ef3..94faf9e5 100644 --- a/nginx-configs/php/bullseye.conf +++ b/nginx-configs/php/bullseye.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/buster.conf b/nginx-configs/php/buster.conf index b44e87fc..64a98af1 100644 --- a/nginx-configs/php/buster.conf +++ b/nginx-configs/php/buster.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/focal.conf b/nginx-configs/php/focal.conf index 2097e86a..8ef6069a 100644 --- a/nginx-configs/php/focal.conf +++ b/nginx-configs/php/focal.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/groovy.conf b/nginx-configs/php/groovy.conf index 2097e86a..8ef6069a 100644 --- a/nginx-configs/php/groovy.conf +++ b/nginx-configs/php/groovy.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/hirsute.conf b/nginx-configs/php/hirsute.conf index 2097e86a..8ef6069a 100644 --- a/nginx-configs/php/hirsute.conf +++ b/nginx-configs/php/hirsute.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/jammy.conf b/nginx-configs/php/jammy.conf index 2097e86a..8ef6069a 100644 --- a/nginx-configs/php/jammy.conf +++ b/nginx-configs/php/jammy.conf @@ -1,3 +1,4 @@ +# Deprecated - use php-generic.conf location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; diff --git a/nginx-configs/php/php-generic.conf b/nginx-configs/php/php-generic.conf new file mode 100644 index 00000000..0f7f769a --- /dev/null +++ b/nginx-configs/php/php-generic.conf @@ -0,0 +1,11 @@ +# Deprecated - use php-generic.conf + location ~ \.php$ { + fastcgi_pass unix:/run/php/php-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi.conf; + set $path_info $fastcgi_path_info; + fastcgi_read_timeout 300; + fastcgi_param PATH_INFO $path_info; + fastcgi_param SCRIPT_FILENAME $document_root/index.php; + fastcgi_index index.php; + } diff --git a/nginx-configs/snakeoil.conf b/nginx-configs/snakeoil.conf new file mode 100644 index 00000000..d2366415 --- /dev/null +++ b/nginx-configs/snakeoil.conf @@ -0,0 +1,2 @@ +ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; +ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; diff --git a/scripts/build_helper/post_make_install.sh b/scripts/build_helper/post_make_install.sh index 8c2a950a..add334ae 100755 --- a/scripts/build_helper/post_make_install.sh +++ b/scripts/build_helper/post_make_install.sh @@ -50,6 +50,7 @@ then mkdir -p ${DST_DIR}/usr/share/bluecherry/nginx-includes/ cp ${SRC_PATH}/nginx-configs/php/* ${DST_DIR}/usr/share/bluecherry/nginx-includes/ + cp ${SRC_PATH}/nginx-configs/snakeoil.conf ${DST_DIR}/usr/share/bluecherry/nginx-includes/ if [[ $(cat /etc/os-release | grep "^ID=" | grep debian) ]] then @@ -60,38 +61,11 @@ then mkdir -p ${DST_DIR}/etc/nginx/sites-enabled/ + # This handling is probably because of snakeoil.conf/subdomain.conf dynamicity if test -f /etc/nginx/sites-enabled/bluecherry.conf; then cp /etc/nginx/sites-enabled/bluecherry.conf \ ${DST_DIR}/etc/nginx/sites-enabled/ else - cat ${SRC_PATH}/nginx-configs/bluecherry.conf | sed \ - -e "s/__BLUECHERRY_DIST_CODENAME__/$_CODENAME_/" \ - > ${DST_DIR}/etc/nginx/sites-enabled/bluecherry.conf + cp ${SRC_PATH}/nginx-configs/bluecherry.conf ${DST_DIR}/etc/nginx/sites-enabled/bluecherry.conf fi - - touch ${DST_DIR}/usr/share/bluecherry/nginx-includes/snakeoil.conf - echo "ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;" >> ${DST_DIR}/usr/share/bluecherry/nginx-includes/snakeoil.conf - echo "ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;" >> ${DST_DIR}/usr/share/bluecherry/nginx-includes/snakeoil.conf fi - -# Apache configurations are no more required -#if [[ ${PKG_TYPE} == "deb" ]] -#then -# install -d ${DST_DIR}/etc/apache2/sites-available -# cat ${SRC_PATH}/debian/apache.conf | sed \ -# -e "s/__BLUECHERRY_APACHE_ERROR_LOG__/\/var\/log\/apache2\/bluecherry-error.log/" \ -# -e "s/__BLUECHERRY_APACHE_ACCESS_LOG__/\/var\/log\/apache2\/bluecherry-access.log/" \ -# -e "s/__BLUECHERRY_APACHE_CERTIFICATE_FILE__/\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/" \ -# -e "s/__BLUECHERRY_APACHE_CERTIFICATE_KEY_FILE__/\/etc\/ssl\/private\/ssl-cert-snakeoil.key/" \ -# > ${DST_DIR}/etc/apache2/sites-available/bluecherry.conf -#else -# install -d ${DST_DIR}/etc/httpd/sites-available -# cat ${SRC_PATH}/debian/apache.conf | sed \ -# -e "s/__BLUECHERRY_APACHE_ERROR_LOG__/\/var\/log\/httpd\/bluecherry_error_log/" \ -# -e "s/__BLUECHERRY_APACHE_ACCESS_LOG__/\/var\/log\/httpd\/bluecherry_access_log/" \ -# -e "s/__BLUECHERRY_APACHE_CERTIFICATE_FILE__/\/etc\/pki\/tls\/certs\/localhost.crt/" \ -# -e "s/__BLUECHERRY_APACHE_CERTIFICATE_KEY_FILE__/\/etc\/pki\/tls\/private\/localhost.key/" \ -# > ${DST_DIR}/etc/httpd/sites-available/bluecherry.conf -#fi -# install -m644${DST_DIR}.apparmor \ -# ${DST_DIR}/etc/apparmor.d/usr.sbin.bc-server From 43fb4c6334b508fabb3d5e5872f32bdc6ad88a9b Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 5 Jul 2024 10:37:49 +0100 Subject: [PATCH 19/25] installer: add Mint 21.2, 21.3 --- installer/v3.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/installer/v3.sh b/installer/v3.sh index 214d3a8f..0bb2f3e1 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -200,6 +200,8 @@ elif [[ "$ID" == "debian" && "$VERSION_ID" == "10" && "$VERSION_CODENAME" == elif [[ "$ID" == "debian" && "$VERSION_ID" == "11" && "$VERSION_CODENAME" == "bullseye" ]]; then bullseye_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "12" && "$VERSION_CODENAME" == "bookworm" ]]; then bookworm_install; elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy +elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.2" && "$VERSION_CODENAME" == "victoria" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy +elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.3" && "$VERSION_CODENAME" == "virginia" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy else - echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 23.10 (Mantic), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera) for unstable testing" + echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 23.10 (Mantic), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera), 21.2 (Victoria), 21.3 (Virginia) for unstable testing" fi From 4e85ddf4ec878ae33340eade53d201f62cb1c2a5 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 5 Jul 2024 11:00:10 +0100 Subject: [PATCH 20/25] postinstall: don't try to install pip if it's already there MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Debian 10, using our installer, `apt install bluecherry` step fails. We still want a recent certbot on Debian 10, not the extra-old deb-packaged one. ++ wget --output-document=/tmp/get-pip.py https://bootstrap.pypa.io/get-pip.py --2024-07-05 09:34:20-- https://bootstrap.pypa.io/get-pip.py Resolving bootstrap.pypa.io (bootstrap.pypa.io)... 199.232.72.175, 2a04:4e42:52::175 Connecting to bootstrap.pypa.io (bootstrap.pypa.io)|199.232.72.175|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 2277800 (2.2M) [text/x-python] Saving to: ‘/tmp/get-pip.py’ /tmp/get-pip.py 100%[==============================================================================>] 2.17M --.-KB/s in 0.06s 2024-07-05 09:34:20 (34.0 MB/s) - ‘/tmp/get-pip.py’ saved [2277800/2277800] ++ python3 /tmp/get-pip.py ERROR: This script does not work on Python 3.7. The minimum supported Python version is 3.8. Please use https://bootstrap.pypa.io/pip/3.7/get-pip.py instead. ++ return dpkg: error processing package bluecherry (--configure): installed bluecherry package post-installation script subprocess returned error exit status 1 Processing triggers for libc-bin (2.28-10+deb10u4) ... Errors were encountered while processing: bluecherry E: Sub-process /usr/bin/dpkg returned an error code (1) --- misc/postinstall.sh | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/misc/postinstall.sh b/misc/postinstall.sh index 1a618d4a..a009ec67 100755 --- a/misc/postinstall.sh +++ b/misc/postinstall.sh @@ -81,6 +81,10 @@ function stop_nginx function install_pip { + # If already installed - nothing to do + if which pip3 >/dev/null; then + return + fi source /etc/os-release if [[ "$ID" == ubuntu ]] && [[ "$VERSION_CODENAME" == bionic ]]; then @@ -106,14 +110,16 @@ function install_certbot return fi + export PATH=/usr/local/bin:"$PATH" + # Ubuntu 23+, Debian 12 make this step fail. Fall back to system package. install_pip || return # Install pip3 dependencies - /usr/local/bin/pip3 install --user --upgrade setuptools_rust certbot certbot-dns-subdomain-provider - /usr/local/bin/pip3 install --user --upgrade pip - /usr/local/bin/pip3 install --user --upgrade cryptography - /usr/local/bin/pip3 install pyopenssl --upgrade + pip3 install --user --upgrade setuptools_rust certbot certbot-dns-subdomain-provider + pip3 install --user --upgrade pip || true + pip3 install --user --upgrade cryptography + pip3 install pyopenssl --upgrade } function start_apache From 33b2e51aa78eb8ac4ed24c16cd449bca2ad0f451 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 5 Jul 2024 14:37:02 +0100 Subject: [PATCH 21/25] installer: fix conditional for Mint --- installer/v3.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/installer/v3.sh b/installer/v3.sh index 0bb2f3e1..423a7313 100644 --- a/installer/v3.sh +++ b/installer/v3.sh @@ -199,9 +199,9 @@ elif [[ "$ID" == "ubuntu" && "$VERSION_ID" == "24.04" && "$VERSION_CODENAME" == elif [[ "$ID" == "debian" && "$VERSION_ID" == "10" && "$VERSION_CODENAME" == "buster" ]]; then buster_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "11" && "$VERSION_CODENAME" == "bullseye" ]]; then bullseye_install; elif [[ "$ID" == "debian" && "$VERSION_ID" == "12" && "$VERSION_CODENAME" == "bookworm" ]]; then bookworm_install; -elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy -elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.2" && "$VERSION_CODENAME" == "victoria" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy -elif [[ "$ID" == "mint" && "$VERSION_ID" == "21.3" && "$VERSION_CODENAME" == "virginia" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy +elif [[ "$ID" == "linuxmint" && "$VERSION_ID" == "21.1" && "$VERSION_CODENAME" == "vera" ]]; then jammy_install; # Mint 21.1 Vera, based on Ubuntu 22.04 Jammy +elif [[ "$ID" == "linuxmint" && "$VERSION_ID" == "21.2" && "$VERSION_CODENAME" == "victoria" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy +elif [[ "$ID" == "linuxmint" && "$VERSION_ID" == "21.3" && "$VERSION_CODENAME" == "virginia" ]]; then jammy_install; # based on Ubuntu 22.04 Jammy else echo "Currently we only support Ubuntu 18.04 (Bionic), Ubuntu 20.04 (Focal), Ubuntu 22.04 (Jammy), Ubuntu 23.10 (Mantic), Ubuntu 24.04 (Noble) and Debian 10 (Buster), 11 (Bullseye), 12 (Bookworm), Linux Mint 21.1 (Vera), 21.2 (Victoria), 21.3 (Virginia) for unstable testing" fi From 52102a1edf87fd3f49538049171d037219865d02 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Fri, 5 Jul 2024 22:28:54 +0100 Subject: [PATCH 22/25] postinstall: supply missing "alternatives" php-fpm.sock on Debian 10 --- misc/postinstall.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/misc/postinstall.sh b/misc/postinstall.sh index a009ec67..31dcc623 100755 --- a/misc/postinstall.sh +++ b/misc/postinstall.sh @@ -438,6 +438,11 @@ case "$1" in sed -i 's/snakeoil.conf/subdomain.conf/g' /etc/nginx/sites-enabled/bluecherry.conf fi + # Debian 10 lacks version-agnostic link for php-fpm.sock. Add it in a compatible way. + if ! [[ -f /run/php/php-fpm.sock ]]; then + update-alternatives --install /run/php/php-fpm.sock php-fpm.sock /run/php/php*-fpm.sock 0 + fi + install_certbot # Install crontabs for subdomain renewal and SSL renewal using certbot From b9dda2a1e8e56df4cb4fc9d3c711d9821b57b649 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Sat, 6 Jul 2024 12:50:28 +0100 Subject: [PATCH 23/25] Point to php-fpm.sock in /etc/alternatives, because of Debian 10 We do supply lacking "alternatives" link in /run/php/, but /run is ephemeral mount so the link has to be installed on every system startup, which is cumbersome. --- nginx-configs/php/php-generic.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx-configs/php/php-generic.conf b/nginx-configs/php/php-generic.conf index 0f7f769a..8d0fdf7b 100644 --- a/nginx-configs/php/php-generic.conf +++ b/nginx-configs/php/php-generic.conf @@ -1,6 +1,6 @@ -# Deprecated - use php-generic.conf location ~ \.php$ { - fastcgi_pass unix:/run/php/php-fpm.sock; + # Debian 10 php-fpm doesn't maintain /run/php/php-fpm.sock + fastcgi_pass unix:/etc/alternatives/php-fpm.sock; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi.conf; set $path_info $fastcgi_path_info; From 7a668cfdf29a4d863e534ec0e18ecf09fe73ddc5 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Sun, 7 Jul 2024 00:47:33 +0100 Subject: [PATCH 24/25] Fix update-alternatives use Fixed the condition (was test -f, now test -L), made the wildcard more specific just in case. ++ [[ -f /run/php/php-fpm.sock ]] ++ update-alternatives --install /run/php/php-fpm.sock php-fpm.sock /run/php/php-fpm.sock /run/php/php7.4-fpm.sock 0 update-alternatives: and can't be the same Use 'update-alternatives --help' for program usage information. dpkg: error processing package bluecherry (--configure): installed bluecherry package post-installation script subprocess returned error exit status 2 Setting up libcgi-fast-perl (1:2.15-1) ... Processing triggers for rsyslog (8.2112.0-2ubuntu2.2) ... Processing triggers for libc-bin (2.35-0ubuntu3.8) ... Errors were encountered while processing: bluecherry E: Sub-process /usr/bin/dpkg returned an error code (1) --- misc/postinstall.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/postinstall.sh b/misc/postinstall.sh index 31dcc623..87c7a1e5 100755 --- a/misc/postinstall.sh +++ b/misc/postinstall.sh @@ -439,8 +439,8 @@ case "$1" in fi # Debian 10 lacks version-agnostic link for php-fpm.sock. Add it in a compatible way. - if ! [[ -f /run/php/php-fpm.sock ]]; then - update-alternatives --install /run/php/php-fpm.sock php-fpm.sock /run/php/php*-fpm.sock 0 + if ! [[ -L /run/php/php-fpm.sock ]]; then + update-alternatives --install /run/php/php-fpm.sock php-fpm.sock /run/php/php*.*-fpm.sock 0 fi install_certbot From dd6f6fffdb78e5afa26499aaf22a1e77c37fc119 Mon Sep 17 00:00:00 2001 From: Andriy Utkin Date: Wed, 10 Jul 2024 20:20:43 +0100 Subject: [PATCH 25/25] Fix bug in camera adding code which is fatal in PHP 8.2.0 (Ubuntu 23.10) Was: #4 {main} thrown in /usr/share/bluecherry/www/lib/lib.php on line 883" while reading response header from upstream, client: 192.168.86.151, server: , request: "POST /discover-cameras/add HTTP/1.1", upstream: "fastcgi://unix:/etc/alternatives/php-fpm.sock:", host: "192.168.86.115:7001" 2024/07/10 19:10:06 [error] 279#279: *15 FastCGI sent in stderr: " PHP message: PHP Warning: Undefined array key "query" in /usr/share/bluecherry/www/ajax/discoverCameras.php on line 362; PHP message: PHP Fatal error: Uncaught Error: Non-static method ipCamera::checkLimitDevices() cannot be called statically in /usr/share/bluecherry/www/lib/lib.php:883 Stack trace: #0 /usr/share/bluecherry/www/ajax/discoverCameras.php(381): ipCamera::create() #1 /usr/share/bluecherry/www/lib/Controller.php(119): discoverCameras->postAdd() #2 /usr/share/bluecherry/www/lib/Route.php(75): Controller->start() #3 /usr/share/bluecherry/www/index.php(16): Route->start() #4 {main} thrown in /usr/share/bluecherry/www/lib/lib.php on line 883" while reading response header from upstream, client: 192.168.86.151, server: , request: "POST /discover-cameras/add HTTP/1.1", upstream: "fastcgi://unix:/etc/alternatives/php-fpm.sock:", host: "192.168.86.115:7001" Became: 2024/07/10 19:20:18 [error] 281#281: *21 FastCGI sent in stderr: " PHP message: PHP Warning: Undefined array key "query" in /usr/share/bluecherry/www/ajax/discoverCameras.php on line 362; PHP message: PHP Warning: Undefined array key "hls_segment_duration" in /usr/share/bluecherry/www/lib/lib.php on line 855; PHP message: PHP Warning: Undefined array key "hls_segment_size" in /usr/share/bluecherry/www/lib/lib.php on line 856; PHP message: PHP Warning: Trying to access array offset on value of type bool in /usr/share/bluecherry/www/lib/lib.php on line 861; PHP message: PHP Warning: Trying to access array offset on value of type null in /usr/share/bluecherry/www/lib/lib.php on line 861" while reading response header from upstream, client: 192.168.86.151, server: , request: "POST /discover-cameras/add HTTP/1.1", upstream: "fastcgi://unix:/etc/alternatives/php-fpm.sock:", host: "192.168.86.115:7001" Both were processed with %s/PHP message:/^M&/g --- www/lib/lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/www/lib/lib.php b/www/lib/lib.php index ad3e2e84..9289e891 100644 --- a/www/lib/lib.php +++ b/www/lib/lib.php @@ -933,7 +933,7 @@ public function changeState(){ if (!$this->info['disabled']) { self::autoConfigure($this->info['driver'], $this->info); } return array(data::query("UPDATE Devices SET disabled=".(($this->info['disabled']) ? 0 : 1)." WHERE id={$this->info['id']}", true)); } - private function checkLimitDevices(){ + private static function checkLimitDevices(){ $info = data::query("SELECT COUNT(*) as n FROM Devices WHERE protocol in ('IP-RTSP', 'IP-MJPEG', 'IP')"); $total_devices = $info[0]['n'];