Merge pull request #330 from amintong/master

dnat rule add dst restrictions

.github/workflows/build.yml

@@ -28,10 +28,10 @@ jobs:
     steps:
       - 
         name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       -
         name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
       -
@@ -54,13 +54,13 @@ jobs:
           echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
       -
         name: Login into Docker Hub
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

.github/workflows/check.yml

@@ -7,7 +7,7 @@ jobs:
     name: shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
 env:

.github/workflows/hub.yml

@@ -12,7 +12,7 @@ jobs:
   dockerHubDescription:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - 
       name: Docker Hub Description
       uses: peter-evans/dockerhub-description@v3

Dockerfile

@@ -1,4 +1,4 @@
-FROM ghcr.io/qemu-tools/qemu-host as builder
+FROM qemux/qemu-host as builder
 
 #  FROM golang as builder
 #  WORKDIR /
@@ -21,14 +21,13 @@ RUN apt-get update && apt-get -y upgrade && \
 	unzip \
 	socat \	
 	procps \
-	dnsmasq \
 	xz-utils \
 	iptables \
 	iproute2 \
-	net-tools \
-	btrfs-progs \
-	netcat-openbsd \
+ 	dnsmasq \
+  	net-tools \
 	ca-certificates \
+	netcat-openbsd \
 	qemu-system-x86 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

readme.md

@@ -60,6 +60,8 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
     environment:
         DISK_SIZE: "256G"
     ```
+    
+    This can also be used to resize the existing disk to a larger capacity without data loss. 
 
   * ### How do I change the location of the virtual disk?
 
@@ -176,7 +178,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     Yes, this project contains only open-source code and does not distribute any copyrighted material. Neither does it try to circumvent any copyright protection measures. So under all applicable laws, this project would be considered legal. 
     
-    However, by installing Synology's Virtual DSM, you must accept their end-user license agreement, which does not permit installation on non-Synology hardware. So only run this project on an official Synology NAS via the Container Manager package, as any other use will be a violation of their terms and conditions.
+    However, by installing Synology's Virtual DSM, you must accept their end-user license agreement, which does not permit installation on non-Synology hardware. So only run this project on an official Synology NAS, as any other use will be a violation of their terms and conditions.
 
 ## Disclaimer
 
@@ -189,4 +191,4 @@ Only run this container on Synology hardware, any other use is not permitted by
 [Build]: https://github.com/kroese/virtual-dsm/actions/workflows/build.yml/badge.svg
 [Size]: https://img.shields.io/docker/image-size/kroese/virtual-dsm/latest?color=066da5&label=size
 [Pulls]: https://img.shields.io/docker/pulls/kroese/virtual-dsm.svg?style=flat&label=pulls&logo=docker
-[Version]: https://img.shields.io/docker/v/kroese/virtual-dsm?arch=amd64&sort=date&color=066da5
+[Version]: https://img.shields.io/docker/v/kroese/virtual-dsm/latest?arch=amd64&sort=semver&color=066da5

run/disk.sh

@@ -39,13 +39,15 @@ if [ -f "${DATA}" ]; then
     if [[ "${ALLOCATE}" == [Nn]* ]]; then
 
       # Resize file by changing its length
-      truncate -s "${DATA_SIZE}" "${DATA}"; 
+      if ! truncate -s "${DATA_SIZE}" "${DATA}"; then
+        error "Could not resize the file for the virtual disk." && exit 85
+      fi
 
     else
 
       REQ=$((DATA_SIZE-OLD_SIZE))
 
-      # Check free diskspace    
+      # Check free diskspace
       SPACE=$(df --output=avail -B 1 "${STORAGE}" | tail -n 1)
 
       if (( REQ > SPACE )); then
@@ -55,7 +57,9 @@ if [ -f "${DATA}" ]; then
 
       # Resize file by allocating more space
       if ! fallocate -l "${DATA_SIZE}" "${DATA}"; then
-        error "Could not allocate a file for the virtual disk." && exit 85
+        if ! truncate -s "${DATA_SIZE}" "${DATA}"; then
+          error "Could not resize the file for the virtual disk." && exit 85
+        fi
       fi
 
       if [[ "${ALLOCATE}" == [Zz]* ]]; then
@@ -84,7 +88,10 @@ if [ ! -f "${DATA}" ]; then
   if [[ "${ALLOCATE}" == [Nn]* ]]; then
 
     # Create an empty file
-    truncate -s "${DATA_SIZE}" "${DATA}"
+    if ! truncate -s "${DATA_SIZE}" "${DATA}"; then
+      rm -f "${DATA}"
+      error "Could not create a file for the virtual disk." && exit 87
+    fi
 
   else
 
@@ -98,8 +105,10 @@ if [ ! -f "${DATA}" ]; then
 
     # Create an empty file
     if ! fallocate -l "${DATA_SIZE}" "${DATA}"; then
-      rm -f "${DATA}"
-      error "Could not allocate a file for the virtual disk." && exit 87
+      if ! truncate -s "${DATA_SIZE}" "${DATA}"; then
+        rm -f "${DATA}"
+        error "Could not create a file for the virtual disk." && exit 87
+      fi
     fi
 
     if [[ "${ALLOCATE}" == [Zz]* ]]; then
@@ -116,7 +125,7 @@ if [ ! -f "${DATA}" ]; then
   fi
 
   # Format as BTRFS filesystem
-  mkfs.btrfs -q -L data -d single -m dup "${DATA}" > /dev/null
+  # mkfs.btrfs -q -L data -d single -m dup "${DATA}" > /dev/null
 
 fi
 

run/install.sh

@@ -31,13 +31,20 @@ rm -f "$STORAGE"/"$BASE".agent
 rm -f "$STORAGE"/"$BASE".boot.img
 rm -f "$STORAGE"/"$BASE".system.img
 
-TMP="$STORAGE/tmp"
-RDC="$STORAGE/dsm.rd"
-
+TMP="/tmp/dsm"
+FS=$(stat -f -c %T "$STORAGE")
+[[ "$FS" == "ext"* ]] && TMP="$STORAGE/tmp"
 rm -rf "$TMP" && mkdir -p "$TMP"
 
+# Check free diskspace
+MIN_SPACE=5842450944
+SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
+(( MIN_SPACE > SPACE )) && error "Not enough free space for installation." && exit 95
+
 [[ "${DEBUG}" == [Yy1]* ]] && set -x
 
+RDC="$STORAGE/dsm.rd"
+
 if [ ! -f "${RDC}" ]; then
 
   info "Install: Downloading installer..."
@@ -179,7 +186,9 @@ SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
 (( SYSTEM_SIZE > SPACE )) && error "Not enough free space to create a 4 GB system disk." && exit 87
 
 if ! fallocate -l "${SYSTEM_SIZE}" "${SYSTEM}"; then
-  rm -f "${SYSTEM}" && error "Could not allocate a file for the system disk." && exit 88
+  if ! truncate -s "${SYSTEM_SIZE}" "${SYSTEM}"; then
+    rm -f "${SYSTEM}" && error "Could not allocate a file for the system disk." && exit 88
+  fi
 fi
 
 if [[ "${ALLOCATE}" == [Zz]* ]]; then
@@ -248,6 +257,11 @@ mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYST
 rm -rf "$MOUNT"
 
 echo "$BASE" > "$STORAGE"/dsm.ver
+
+# Check free diskspace
+SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
+(( MIN_SPACE > SPACE )) && error "Not enough free space in storage folder." && exit 94
+
 mv -f "$PAT" "$STORAGE"/"$BASE".pat
 mv -f "$BOOT" "$STORAGE"/"$BASE".boot.img
 mv -f "$SYSTEM" "$STORAGE"/"$BASE".system.img

run/network.sh

@@ -31,7 +31,10 @@ configureDHCP() {
     error "and that the NET_ADMIN capability has been added to the container config: --cap-add NET_ADMIN" && exit 16
   fi
 
-  ip link set "${VM_NET_TAP}" up
+  while ! ip link set "${VM_NET_TAP}" up; do
+    info "Waiting for address to become available..."
+    sleep 2
+  done
 
   TAP_NR=$(</sys/class/net/"${VM_NET_TAP}"/ifindex)
   TAP_PATH="/dev/tap${TAP_NR}"
@@ -127,17 +130,29 @@ configureNAT () {
   fi
 
   ip address add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge
-  ip link set dockerbridge up
+
+  while ! ip link set dockerbridge up; do
+    info "Waiting for address to become available..."
+    sleep 2
+  done
 
   # QEMU Works with taps, set tap to the bridge created
   ip tuntap add dev "${VM_NET_TAP}" mode tap
-  ip link set "${VM_NET_TAP}" up promisc on
+
+  while ! ip link set "${VM_NET_TAP}" up promisc on; do
+    info "Waiting for tap to become available..."
+    sleep 2
+  done
+
   ip link set dev "${VM_NET_TAP}" master dockerbridge
 
+
   # Add internet connection to the VM
+  IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+
   iptables -t nat -A POSTROUTING -o "${VM_NET_DEV}" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p tcp  -j DNAT --to $VM_NET_IP
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p udp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p tcp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p udp  -j DNAT --to $VM_NET_IP
 
   if (( KERNEL > 4 )); then
     # Hack for guest VMs complaining about "bad udp checksums in 5 packets"
@@ -165,6 +180,24 @@ configureNAT () {
   return 0
 }
 
+closeNetwork () {
+
+  if [[ "${DHCP}" == [Yy1]* ]]; then
+
+    ip link set "${VM_NET_TAP}" down || true
+    ip link delete "${VM_NET_TAP}" || true
+
+  else
+
+    ip link set "${VM_NET_TAP}" down promisc off || true
+    ip link delete "${VM_NET_TAP}" || true
+
+    ip link set dockerbridge down || true
+    ip link delete dockerbridge || true
+
+  fi
+}
+
 # ######################################
 #  Configure Network
 # ######################################

run/power.sh

@@ -81,6 +81,8 @@ _graceful_shutdown() {
   echo && echo "❯ Quitting..."
   echo 'quit' | nc -q 1 -w 1 localhost "${QEMU_MONPORT}" >/dev/null 2>&1 || true
 
+  closeNetwork
+
   return
 }
 

run/run.sh

@@ -6,6 +6,7 @@ set -Eeuo pipefail
 : ${URL:=''}            # URL of the PAT file
 : ${DEBUG:='N'}         # Enable debug mode
 : ${ALLOCATE:='Y'}      # Preallocate diskspace
+: ${ARGUMENTS:=''}      # Extra QEMU parameters
 : ${CPU_CORES:='1'}     # Amount of CPU cores
 : ${DISK_SIZE:='16G'}   # Initial data disk size
 : ${RAM_SIZE:='512M'}   # Maximum RAM amount
@@ -21,6 +22,7 @@ trap 'error "Status $? while: ${BASH_COMMAND} (line $LINENO/$BASH_LINENO)"' ERR
 
 STORAGE="/storage"
 KERNEL=$(uname -r | cut -b 1)
+MINOR=$(uname -r | cut -d '.' -f2)
 ARCH=$(dpkg --print-architecture)
 VERS=$(qemu-system-x86_64 --version | head -n 1 | cut -d '(' -f 1)
 
@@ -79,7 +81,7 @@ EXTRA_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
 EXTRA_OPTS="$EXTRA_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
 EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
 
-ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS}"
+ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS} ${ARGUMENTS}"
 ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
 
 trap - ERR
@@ -92,8 +94,8 @@ set -m
 )
 set +m
 
-if (( KERNEL > 4 )); then
-  pidwait -F "${_QEMU_PID}" & wait $!
-else
-  tail --pid "$(cat "${_QEMU_PID}")" --follow /dev/null & wait $!
-fi
+#if (( KERNEL > 5 )) || ( (( KERNEL == 5 )) && (( MINOR > 2 )) ); then
+#  pidwait -F "${_QEMU_PID}" & wait $!
+#else
+
+tail --pid "$(cat "${_QEMU_PID}")" --follow /dev/null & wait $!