754 Commits

Author SHA1 Message Date
Scott Lamb
79351eb84c run CI on bionic, not xenial
xenial is too old for 6fb346c to work. From comparing release dates, I
think it's reasonable to guess people won't have trouble running
something newer. In particular, there have been two major Raspbian
releases since then, so current Pi systems will be more bionic-like than
xenial-like.

https://wiki.ubuntu.com/Releases
* xenial (LTS) was relesed 2016-04-21
* bionic (LTS) was released 2018-04-26

https://en.wikipedia.org/wiki/Raspbian
* stretch was released 2017-08-17
* buster was released 2019-06-24

https://www.debian.org/releases/
* stretch was released 2017-06-17
* buster was released 2019-07-06
  (interesting that Raspbian buster was released before Debian buster)
2019-12-30 06:51:01 -06:00
Scott Lamb
6fb346cc8b address AVStream::codec deprecation
The codec -> codecpar move was sufficiently long ago (libavformat
57.5.0 on 2016-04-11) that I think we can just get away with requiring
the new version. Let's try it.

But if someone complains, AVCodecParameters and AVCodecContext look
sufficiently similar we could probably just use one or the other based on
the version we're compiling with.
2019-12-29 08:35:39 -06:00
Scott Lamb
7179ea04e3 address av_lockmgr_register deprecation 2019-12-29 08:20:25 -06:00
Scott Lamb
2ab7dbc9fb stop using deprecated try! 2019-12-28 08:07:33 -06:00
Scott Lamb
e8a00d4639 use parking_lot::Once in ffmpeg
I'm getting deprecation warnings for std::sync::ONCE_INIT, and I'm
not sure when std::sync::Once::new() became a const fn. Just as easy to
switch to parking_lot.
2019-12-28 08:03:05 -06:00
Scott Lamb
154d0c30c0 note caveat on signals schema 2019-12-28 08:00:38 -06:00
Scott Lamb
72d301af6e get rid of deprecated mem::uninitialized()
This requires a Rust version bump, as MaybeUninit was introduced in Rust
1.36.
2019-12-28 07:51:47 -06:00
Scott Lamb
2bd8963961 garbage collection for signals 2019-12-28 07:48:08 -06:00
Scott Lamb
1fdf6eb022 better logging for ffmpeg errors 2019-09-26 16:10:13 -07:00
Scott Lamb
0a29f62fd3 better logs during normal operation
* don't log every time we delete stuff; leave it for the flush
* when flushing, break apart counts by sample file dir and include
  human-readable sizes
2019-09-26 16:09:58 -07:00
Scott Lamb
54e06a5326 clean up old garbage files on v5 upgrade 2019-07-24 22:18:44 -07:00
Scott Lamb
fe575e1b63 stop using sync::ONCE_INIT
This addressed a deprecation warning on nightly (will be in Rust 1.38).
Use parking_lot instead, which in theory is faster (although I doubt
it's significant here).
2019-07-24 21:52:55 -07:00
Scott Lamb
433be217ac improve test of upgrade from v0 on up; fix bugs
Now the test actually has a recording and garbage with matching files.
This caught a few problems in the upgrade procedure:

* it didn't work with foreign keys enabled because the new recording
  table was set up after the new camera table, and the old recording
  table was destroyed after the old camera table. And now I enable
  foreign keys all the time. Reorder the procedure to fix.

* the pathname manipulation in the v2 to v3 procedure was incorrect
  since my introduction of nix because I gave it a &[u8] with the
  trailing nul, where I should have used CStr::from_bytes_with_nul.

* it wasn't removing garbage files. It'd be most natural to do this
  in the v2 to v3 upgrade (with the rename) but I historically removed
  the table when upgrading to v2. I can't redefine the schema now, so
  do it unnaturally.

  I'm considering also renaming all uuid-like files on upgrade to v4/v5
  to clean up this mess automatically for installations that have
  already done this upgrade.
2019-07-21 22:49:50 -07:00
Scott Lamb
01d20960ef improve error messages on unparseable text protos
Takes advantage of stepancheg/rust-protobuf#428
2019-07-20 16:22:24 -07:00
Scott Lamb
79ac89dc7c use the nix repository again
nix-rust/nix#1097 is merged so it does what we need now.
2019-07-20 16:13:12 -07:00
Scott Lamb
81ae879ac6 mount options for fewer write operations 2019-07-20 15:33:51 -07:00
Scott Lamb
2ead8f8332 keep frame poiners in release mode
This makes it easier to get call graphs with perf.
2019-07-20 15:33:12 -07:00
Scott Lamb
18c693fa46 update deps
The immediate motivation is that Cargo.lock referred to a commit version
in a PR branch of my nix fork that no longer exists. (I didn't know, but
it makes sense, that "git push -f" not only forcibly updates the branch
to refer to a new commit but also gets rid of orphaned commits.) Use a
moonfire branch that I'll keep stable until I'm ready to move on.

I also updated parking_lot and rusqlite to new major versions (nothing
in the interface that I care about has changed) and did a full cargo
update.
2019-07-17 14:32:09 -07:00
Scott Lamb
e52e725958 s/std::fs::read_dir/nix::dir::Dir/ in a few spots
This is nicer in a few ways:

   * I can use openat so there's no possibility of any kind of a race
     involving scanning a different directory than the one used in
     other ways (locking, metadata file, adding/removing sample files)
   * filename() doesn't need to allocate memory, so it's a bit more
     efficient
   * dogfooding - I wrote nix::dir.
2019-07-12 11:07:14 -07:00
Scott Lamb
bb227491b6 use nix to remove many uses of unsafe 2019-07-11 21:59:01 -07:00
Scott Lamb
d75157af56 fix d7a918d regression in SQLite required version
The pragma_* table-valued-functions require SQLite 3.16.0 (2017-01-02).
2019-07-11 14:00:09 -07:00
Scott Lamb
d7a918d397 schema comparison in new upgrade tests, "moonfire-nvr check"
The .sql files here are copied from earlier revisions:

v0.sql  fee4141:src/schema.sql
v1.sql  0d69f4f:src/schema.sql
v3.sql  422cd2a:db/schema.sql
2019-07-11 13:31:33 -07:00
Scott Lamb
f1112031c2 Merge branch 'master' into new-schema 2019-07-10 17:03:30 -07:00
Scott Lamb
856c01918b Update test to allow ffmpeg 4.x edit list behavior
Fixes #10
2019-07-10 17:02:45 -07:00
Scott Lamb
d2e18ca5e2 improve flush_if_sec docs 2019-07-10 15:17:55 -07:00
Scott Lamb
fb50617a7b add links to the wiki 2019-07-10 11:45:25 -07:00
Scott Lamb
34253fb96a add links to the wiki 2019-07-10 11:43:58 -07:00
Scott Lamb
106cf8cb4b Merge branch 'master' into new-schema 2019-07-10 02:03:13 -07:00
Scott Lamb
81d4fd67d4 suggest RequireMountsFor in systemd service file
Besides using one line instead of two, this avoids the need to do hex
escaping of characters like hyphens.
2019-07-10 02:00:10 -07:00
Scott Lamb
8159acf703 Merge branch 'master' into new-schema 2019-07-10 01:11:25 -07:00
Scott Lamb
f80c99a43f set sqlite3 options for full durability 2019-07-10 01:09:52 -07:00
Scott Lamb
71c64908ec Merge branch 'master' into new-schema 2019-07-10 00:59:42 -07:00
Scott Lamb
1c904b925a many improvements to install docs/procedures
* in markdown files, use code fences rather than indented blocks.
    This is harder to screw up (one of them was off by a space so didn't
    render properly) and allows me to add info strings.

  * uniformly use "useradd" to create the user and group in all three
    places (install-manual.md, script-functions.sh, Dockerfile) rather
    than addgroup + adduser. Create a full home dir, which I suspect was
    the problem in #67. Don't allow customizing group name; it's always
    the same as the user.

  * install the sqlite3 package so that the "moonfire-nvr sql" command
    works properly.

  * remove "setup_db" function, which was out of place. Since the
    creation of the "moonfire-nvr init" command, this has to happen
    after installation of the binary. install.md gives instructions on
    this part anyway so remove it from the script.

  * give a proper command to create the db dir. It was creating it
    within the current directory, not within /var/lib/moonfire-nvr.
    Don't bother creating sample directory; "moonfire-nvr config"
    will do this.

  * when setting owners on a newly created directory, use a single
    "install -d" command rather than "mkdir" + "chown".

  * address confusion about whether sample file dirs need to be
    precreated. (Only when Moonfire NVR doesn't have write permissions
    on the parent.)

  * always just install the packaged version of ffmpeg rather than
    building our own. This has been usable since Debian/Raspbian 9
    Stretch; Debian/Raspbian 10 Buster is out now so there's no excuse
    for still running Debian/Raspbian 8 Jessie.

  * don't chown the UI directory; it can be owned by root as with
    the binary.

  * in scripts/install.sh, don't enable/start the service yet. It hasn't
    been configured.
2019-07-10 00:56:43 -07:00
Scott Lamb
d61b5e1bdd Use fixed-size directory meta files
Add a new schema version 5; now 4 means the directory meta may or may
not be upgraded.

Fixes #65: now it's possible to open the directory even if it lies on a
completely full disk.
2019-07-04 23:30:37 -05:00
Scott Lamb
13b192949d use cstr crate rather than unsafe
This removes a few uses of unsafe, and it verifies statically that there
are no interior NUL bytes.
2019-07-04 16:51:38 -05:00
Scott Lamb
06d7815f9c fix upgrade procedure with newer SQLite
Newer SQLite library versions (such as what you get when using
--features=bundled) actually enforce foreign keys. Unfortunately there's
no way to drop foreign key constraints, so you have to transitively
recreate all the tables with foreign key constraints on the table you're
recreating.
2019-07-01 00:33:36 -05:00
Scott Lamb
866a8cc4fc fix "cargo test" errors and warnings in a9f6479 2019-07-01 00:06:22 -05:00
Scott Lamb
a9f64798d6 store full rtsp urls
My dad's "GW-GW4089IP" cameras use separate ports for the main and sub
streams:

rtsp://192.168.1.110:5050/H264?channel=0&subtype=0&unicast=true&proto=Onvif
rtsp://192.168.1.110:5049/H264?channel=0&subtype=1&unicast=true&proto=Onvif

Previously I could get one of the streams to work by including :5050 or
:5049 in the host field of the camera. But not both. Now make the
camera's host field reflect the ONVIF port (which is also non-standard
on these cameras, :85). It's not directly used yet but probably will be
sooner or later. Make each stream know its full URL.
2019-06-30 23:54:52 -05:00
Scott Lamb
afe693ef95 fix obsolete flag name 2019-06-20 16:22:46 -07:00
Scott Lamb
eaf6608597 tweak and document version 3->4 upgrade 2019-06-20 16:03:59 -07:00
Scott Lamb
4f25412c3f remove debug logs mistakenly added in 644ea4e6 2019-06-20 14:59:04 -07:00
Scott Lamb
abf4eba42d unbreak test --features=nightly 2019-06-20 14:57:13 -07:00
Scott Lamb
644ea4e6ea expose signal id in api
...and update api.md which described a different format than before or
after.
2019-06-20 12:10:23 -07:00
Scott Lamb
1c1a823759 fix db auth tests for domain being optional
These broke in 49a8e5c
2019-06-20 12:06:57 -07:00
Scott Lamb
49a8e5c5a1 Add "moonfire-nvr login username" command
This should be useful when creating sessions for robot users without
ever having to set a password for them.
2019-06-20 09:07:01 -07:00
Scott Lamb
004aa5d6ce extend "moonfire-nvr sql" to pass args to sqlite3 2019-06-19 21:15:25 -07:00
Scott Lamb
a6ebf2d10d add "sql" subcommand
This delegates to the "sqlite3" CLI but has a couple benefits over using
sqlite3 directly:

  * safer because it does the same locking as other moonfire-nvr invocations
  * more convenient because it takes the same argument format as other
    moonfire-nvr subcommands:
      * --db-dir rather than full path including /db suffix
      * has the --db-dir default value
      * --read-only rather than file:...?mode=ro

Use like "moonfire-nvr sql" or "moonfire-nvr sql --read-only".
2019-06-19 17:20:44 -07:00
Scott Lamb
80306064a3 add missing build.rs 2019-06-19 16:53:14 -07:00
Scott Lamb
a5ffe3ca2c bump minimum Rust version
The master version of rust-protobuf requires the TryFrom feature,
stabilized in 1.34.
2019-06-19 15:56:04 -07:00
Scott Lamb
fda7e4ca2b add concept of user/session permissions
(I also considered the names "capabilities" and "scopes", but I think
"permissions" is the most widely understood.)

This is increasingly necessary as the web API becomes more capable.
Among other things, it allows:

* non-administrator users who can view but not access camera passwords
  or change any state
* workers that update signal state based on cameras' built-in motion
  detection or a security system's events but don't need to view videos
* control over what can be done without authenticating

Currently session permissions are just copied from user permissions, but
you can also imagine admin sessions vs not, as a checkbox when signing
in. This would match the standard Unix workflow of using a
non-administrative session most of the time.

Relevant to my current signals work (#28) and to the addition of an
administrative API (#35, including #66).
2019-06-19 15:34:20 -07:00