Hi Orvis, let me try to answer a few of the question that you have.
So u do not want to do the 'hardening' of the system.
No real 'security' style hardening was done on the Raspbian, the design was only made read-only to allow for a longer endurance of the SD card. It's a know problem that SD cards used in Raspberry Pi's wear out after a certain amount of time if you don't do this.
SD cards are not created for heavy IO traffic, hence that change. Like I said, it's a thing to contribute to the stability of the IP camera.
Here are the lines I do not implement. Please confirm if they are absolutely necessary
# Make your partition a bit larger so it will fit this install
sudo parted /dev/mmcblk0 resizepart 2 1600
sudo resize2fs /dev/mmcblk0p2
I think that the second one generates an error. Anyway, I've got a 32gb microSD card, I guess it is large enough.
Well, if I recall correctly, the default partition size on the foundations Raspbian Lite image wasn't large enough to hold al the software I needed for the design, above commands just resizes your partitions to a larger size.
You can instead use raspi-config to expand your SD card to max. size, that will work too.
# Enable the Raspberry Pi Camera Module
sudo mount -o remount rw /boot
echo "start_x=1" | sudo tee -a /boot/config.txt
echo "gpu_mem=256" | sudo tee -a /boot/config.txt
echo "disable_camera_led=1" | sudo tee -a /boot/config.txt
I've manually enabled the cam and the 256M just after installation with raspi-config
If you enable the Camera via raspi-config you can indeed cancel all the other steps.
# First get rid of some unnecessary pagkages.
sudo apt-get -y remove --purge logrotate triggerhappy dphys-swapfile fake-hwclock samba-common
sudo apt-get -y autoremove --purge
# remove rsyslog and install a memory resident variant
sudo apt-get -y remove --purge rsyslog
sudo apt-get -y install busybox-syslogd
I skip this hardening block
Yes you can skip this, all this was done in an effort to make the image 'smaller' for redistribution on the internet.
# now remap some folders to temp space
sudo rm -rf /var/lib/dhcp/ /var/spool /var/lock
sudo rm /etc/resolv.conf
sudo ln -s /tmp /var/lib/dhcp
sudo ln -s /tmp /var/spool
sudo ln -s /tmp /var/lock
sudo ln -s /tmp/resolv.conf /etc/resolv.conf
sudo rm -rf /var/lib/php5/sessions
sudo ln -s /tmp/phpsessions /var/lib/php5/sessions
I skip this hardening block.
Some commands are very weird...
Well, this is done to make the system read only, it's just remapping some folders with writeable content to a memory resident location.
# configure the boot options to be read-only on next boot
sudo mount -o remount rw /boot
echo "dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro" | sudo tee /boot/cmdline.txt
I skip this hardening block
In the /boot/cmdline.txt we make some modification which will mount the root partition read-only on next boot.
That way, nothing can be written on the SD card, makes it last longer ...
# Datei /etc/fstab
proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat ro,defaults 0 2
/dev/mmcblk0p2 / ext4 ro,defaults,noatime 0 1
tmpfs /var/log tmpfs nodev,nosuid 0 0
tmpfs /var/tmp tmpfs nodev,nosuid 0 0
tmpfs /tmp tmpfs nodev,nosuid 0 0
I guess this block is a mistake ?
Not really, on boot the fstab file will tell the system what to mount where and how.
Since we remapped some folders, we need to make sure these are remounted and accessible somehow, this time not on the sd card but in temp (memory) space.
OK, if I stop here and give it a try, I can connect to the webadmin, but there is no camera view and the stream is not accessible through the URL http://192.168.2.35:8080/stream/video.mjpeg
The output of sudo systemctl status uv4l_raspicam.service :
● uv4l_raspicam.service - LSB: Userspace Camera Driver
Loaded: loaded (/etc/init.d/uv4l_raspicam)
Active: active (running) since mer. 2016-04-20 11:29:01 CEST; 7min ago
Process: 113 ExecStart=/etc/init.d/uv4l_raspicam start (code=exited, status=0/SUCCESS)
└─209 /usr/bin/uv4l -k --sched-fifo --mem-lock --config-file=/etc/uv4l/uv4l-raspicam.conf --driver raspicam --driver-config-file=/etc/uv4l/uv4l-raspicam.conf --server-option=--server-config-file=/etc/uv4l/uv4l-server.conf
avril 20 11:29:00 raspberrypi uv4l_raspicam: <warning> [core] Driver 'raspicam' not found
avril 20 11:29:00 raspberrypi uv4l_raspicam: <notice> [core] Trying driver 'raspicam' from external plug-in's...
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [driver] Dual Raspicam Video4Linux2 Driver v1.9.36 built Apr 8 2016
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [driver] Selected format: 1280x720, encoding: mjpeg, JPEG Video Capture
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [driver] Framerate max. 15 fps
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [driver] ROI: 0, 0, 1, 1
avril 20 11:29:01 raspberrypi uv4l_raspicam: <info> [driver] RAW data will be included in the JPEG captures
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [core] Device detected!
avril 20 11:29:01 raspberrypi uv4l_raspicam: <notice> [core] Registering device node /dev/video0
avril 20 11:29:01 raspberrypi systemd: Started LSB: Userspace Camera Driver.
So it seems correct.
Hrmm, at first sight it seems correct indeed.
If I go further through the installation.sh (126 -> 132) and I skip the cleaning block (135->143), and then I reboot, then I can not reach the webadmin anymore (connexion fails, as if there is no website available). I must :
and the website is available again, but with the same issue (no camera view and no stream)
If you start nginx that way, it will only be running under your user session I believe.
In Raspbian Jessie, systemd is used as the service manager, and is responsible for stopping and starting stuff at boot or shutdown time.
If your nginx doesn't start during boot, it might not be enabled.
You can verify that by executing:
sudo systemctl status nginx.service
you should see a line:
Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
The enabled at the end means it will try to start at boot.