feat: Update to QEMU 8.1

feat: Update to QEMU 8.1

.github/workflows/build.yml

@@ -12,7 +12,6 @@ on:
       - '.dockerignore'
       - '.github/**'
       - '.github/workflows/**'
-      - 'Dockerfile'
 
 jobs:
   shellcheck:

.github/workflows/check.yml

@@ -11,4 +11,4 @@ jobs:
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
 env:
-        SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 -e SC2317 -e SC2028
+        SHELLCHECK_OPTS: -x -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 -e SC2317 -e SC2028 -e SC2153

Dockerfile

@@ -7,28 +7,29 @@ FROM qemux/qemu-host as builder
 #  RUN go mod download
 #  RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /qemu-host.bin .
 
-FROM debian:bookworm-slim
+FROM debian:trixie-slim
 
 ARG DEBCONF_NOWARNINGS="yes"
 ARG DEBIAN_FRONTEND noninteractive
 
 RUN apt-get update && apt-get -y upgrade && \
     apt-get --no-install-recommends -y install \
-	curl \
+        tini \    
-	cpio \
+        curl \
-	wget \
+        cpio \
-	fdisk \
+        wget \
-	unzip \
+        fdisk \
-	socat \	
+        unzip \
-	procps \
+        socat \
-	xz-utils \
+        procps \
-	iptables \
+        xz-utils \
-	iproute2 \
+        iptables \
- 	dnsmasq \
+        iproute2 \
-  	net-tools \
+        dnsmasq \
-	ca-certificates \
+        net-tools \
-	netcat-openbsd \
+        ca-certificates \
-	qemu-system-x86 \
+        netcat-openbsd \
+        qemu-system-x86 \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -56,12 +57,15 @@ ARG BUILD_ARG=0
 ARG VERSION_ARG="0.0"
 ENV VERSION=$VERSION_ARG
 
+LABEL org.opencontainers.image.licenses="MIT"
+LABEL org.opencontainers.image.title="Virtual DSM"
 LABEL org.opencontainers.image.created=${DATE_ARG}
 LABEL org.opencontainers.image.revision=${BUILD_ARG}
 LABEL org.opencontainers.image.version=${VERSION_ARG}
-LABEL org.opencontainers.image.source=https://github.com/kroese/virtual-dsm/
+LABEL org.opencontainers.image.source="https://github.com/kroese/virtual-dsm/"
-LABEL org.opencontainers.image.url=https://hub.docker.com/r/kroese/virtual-dsm/
+LABEL org.opencontainers.image.url="https://hub.docker.com/r/kroese/virtual-dsm/"
+LABEL org.opencontainers.image.description="Virtual DSM in a docker container"
 
 HEALTHCHECK --interval=60s --retries=2 CMD /run/check.sh
 
-ENTRYPOINT ["/run/run.sh"]
+ENTRYPOINT ["/usr/bin/tini", "-s", "/run/run.sh"]

readme.md

@@ -16,7 +16,8 @@ Virtual DSM in a docker container.
 
  - Multi-platform
  - KVM acceleration
- - Graceful shutdown
+ - GPU passthrough
+ - Graceful shutdowns
  - Upgrades supported
  
 ## Usage
@@ -26,22 +27,22 @@ Via `docker-compose.yml`
 ```yaml
 version: "3"
 services:
-    dsm:
+  dsm:
-        container_name: dsm
+    container_name: dsm
-        image: kroese/virtual-dsm:latest
+    image: kroese/virtual-dsm:latest
-        environment:
+    environment:
-            DISK_SIZE: "16G"
+      DISK_SIZE: "16G"
-        devices:
+    devices:
-            - /dev/kvm
+      - /dev/kvm
-            - /dev/vhost-net
+      - /dev/vhost-net
-        cap_add:
+    cap_add:
-            - NET_ADMIN                       
+      - NET_ADMIN
-        ports:
+    ports:
-            - 5000:5000
+      - 5000:5000
-        volumes:
+    volumes:
-            - /opt/dsm:/storage
+      - /opt/dsm:/storage
-        restart: on-failure
+    restart: on-failure
-        stop_grace_period: 1m
+    stop_grace_period: 1m
 ```
 
 Via `docker run`
@@ -58,7 +59,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     environment:
-        DISK_SIZE: "256G"
+      DISK_SIZE: "256G"
     ```
     
     This can also be used to resize the existing disk to a larger capacity without data loss. 
@@ -69,7 +70,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     volumes:
-        - /home/user/data:/storage
+      - /home/user/data:/storage
     ```
 
     Replace the example path `/home/user/data` with the desired storage folder.
@@ -80,7 +81,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     environment:
-        ALLOCATE: "N"
+      ALLOCATE: "N"
     ```
 
     Keep in mind that this will not affect any of your existing disks, it only applies to newly created disks.
@@ -91,8 +92,8 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     environment:
-        CPU_CORES: "4"
+      CPU_CORES: "4"
-        RAM_SIZE: "2048M"
+      RAM_SIZE: "2048M"
     ```
 
   * ### How do I verify if my system supports KVM?
@@ -126,16 +127,16 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     services:
-        dsm:
+      dsm:
-            container_name: dsm
+        container_name: dsm
-            ..<snip>..
+        ..<snip>..
-            networks:
+        networks:
-                vdsm:             
+          vdsm:
-                    ipv4_address: 192.168.0.100
+            ipv4_address: 192.168.0.100
 
     networks:
-        vdsm:
+      vdsm:
-            external: true
+        external: true
     ```
    
     An added benefit of this approach is that you won't have to perform any port mapping anymore since all ports will be exposed by default.
@@ -150,11 +151,11 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     environment:
-        DHCP: "Y"
+      DHCP: "Y"
     devices:
-        - /dev/vhost-net
+      - /dev/vhost-net
     device_cgroup_rules:
-        - 'c *:* rwm'
+      - 'c *:* rwm'
     ```
 
     Please note that even if you don't need DHCP, it's still recommended to enable this feature as it prevents NAT issues and increases performance by using a `macvtap` interface.
@@ -165,11 +166,24 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
 
     ```yaml
     environment:
-        URL: "https://global.synologydownload.com/download/DSM/release/7.0.1/42218/DSM_VirtualDSM_42218.pat"
+      URL: "https://global.synologydownload.com/download/DSM/release/7.0.1/42218/DSM_VirtualDSM_42218.pat"
     ```
 
     With this method, you are able to switch between different versions while keeping your file data.
 
+  * ### How do I passthrough my GPU?
+
+    To passthrough your GPU, add the following lines to your compose file:
+
+    ```yaml
+    environment:
+      GPU: "Y"
+    devices:
+      - /dev/dri
+    ```
+
+    This can be used to enable facial recognition in Synology Photos for example.
+    
   * ### What are the differences compared to the standard DSM?
 
     There are only two minor differences: the Virtual Machine Manager package is not provided, and Surveillance Station doesn't include any free licenses.

run/disk.sh

@@ -136,13 +136,6 @@ if [[ SIZE -ne DATA_SIZE ]]; then
   error "Virtual disk has the wrong size: ${SIZE}" && exit 89
 fi
 
-AGENT="${STORAGE}/${BASE}.agent"
-[ -f "$AGENT" ] && AGENT_VERSION=$(cat "${AGENT}") || AGENT_VERSION=1
-
-if ((AGENT_VERSION < 5)); then
-  info "The installed VirtualDSM Agent v${AGENT_VERSION} is an outdated version, please upgrade it."
-fi
-
 DISK_OPTS="\
     -device virtio-scsi-pci,id=hw-synoboot,bus=pcie.0,addr=0xa \
     -drive file=${BOOT},if=none,id=drive-synoboot,format=raw,cache=${DISK_CACHE},aio=${DISK_IO},discard=${DISK_DISCARD},detect-zeroes=on \
@@ -153,3 +146,46 @@ DISK_OPTS="\
     -device virtio-scsi-pci,id=hw-userdata,bus=pcie.0,addr=0xc \
     -drive file=${DATA},if=none,id=drive-userdata,format=raw,cache=${DISK_CACHE},aio=${DISK_IO},discard=${DISK_DISCARD},detect-zeroes=on \
     -device scsi-hd,bus=hw-userdata.0,channel=0,scsi-id=0,lun=0,drive=drive-userdata,id=userdata0,rotation_rate=${DISK_ROTATION},bootindex=3"
+
+EXTRA_DISK="/storage2/data.img"
+
+if [ -f "${EXTRA_DISK}" ]; then
+
+  DISK_OPTS="${DISK_OPTS} \
+    -device virtio-scsi-pci,id=hw-userdata2,bus=pcie.0,addr=0xd \
+    -drive file=${EXTRA_DISK},if=none,id=drive-userdata2,format=raw,cache=${DISK_CACHE},aio=${DISK_IO},discard=${DISK_DISCARD},detect-zeroes=on \
+    -device scsi-hd,bus=hw-userdata2.0,channel=0,scsi-id=0,lun=0,drive=drive-userdata2,id=userdata2,rotation_rate=${DISK_ROTATION},bootindex=4"
+
+else
+
+  [ -d "$(dirname "${EXTRA_DISK}")" ] && error "Disk image ${EXTRA_DISK} does not exist! Please supply an empty file of at least 6 GB." && exit 53
+
+fi
+
+EXTRA_DISK="/storage3/data.img"
+
+if [ -f "${EXTRA_DISK}" ]; then
+
+  DISK_OPTS="${DISK_OPTS} \
+    -device virtio-scsi-pci,id=hw-userdata3,bus=pcie.0,addr=0xe \
+    -drive file=${EXTRA_DISK},if=none,id=drive-userdata3,format=raw,cache=${DISK_CACHE},aio=${DISK_IO},discard=${DISK_DISCARD},detect-zeroes=on \
+    -device scsi-hd,bus=hw-userdata3.0,channel=0,scsi-id=0,lun=0,drive=drive-userdata3,id=userdata3,rotation_rate=${DISK_ROTATION},bootindex=5"
+
+else
+
+  [ -d "$(dirname "${EXTRA_DISK}")" ] && error "Disk image ${EXTRA_DISK} does not exist! Please supply an empty file of at least 6 GB." && exit 54
+
+fi
+
+: ${DEVICE:=''}        # Docker variable to passthrough a block device, like /dev/vdc1.
+
+if [ -n "${DEVICE}" ]; then
+
+  [ ! -b "${DEVICE}" ] && error "Device ${DEVICE} cannot be found! Please add it to the 'devices' section of your compose file." && exit 55
+
+  DISK_OPTS="${DISK_OPTS} \
+    -device virtio-scsi-pci,id=hw-userdata4,bus=pcie.0,addr=0xf \
+    -drive file=${DEVICE},if=none,id=drive-userdata4,format=raw,cache=${DISK_CACHE},aio=${DISK_IO},discard=${DISK_DISCARD},detect-zeroes=on \
+    -device scsi-hd,bus=hw-userdata4.0,channel=0,scsi-id=0,lun=0,drive=drive-userdata4,id=userdata4,rotation_rate=${DISK_ROTATION},bootindex=6"
+
+fi

run/gpu.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -Eeuo pipefail
+
+[ ! -d /dev/dri ] && mkdir -m 755 /dev/dri
+
+if [ ! -c /dev/dri/card0 ]; then
+  mknod /dev/dri/card0 c 226 0
+fi
+
+if [ ! -c /dev/dri/renderD128 ]; then
+  mknod /dev/dri/renderD128 c 226 128
+fi
+
+chmod 666 /dev/dri/card0
+chmod 666 /dev/dri/renderD128
+
+DEF_OPTS="-nodefaults -boot strict=on -display egl-headless,rendernode=/dev/dri/renderD128"
+DEF_OPTS="${DEF_OPTS} -device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x1"
+
+if ! apt-mark showinstall | grep -q "xserver-xorg-video-intel"; then
+
+  info "Installing Intel GPU drivers..."
+
+  export DEBCONF_NOWARNINGS="yes"
+  export DEBIAN_FRONTEND="noninteractive"
+
+  apt-get -qq update
+  apt-get -qq --no-install-recommends -y install xserver-xorg-video-intel > /dev/null
+
+fi
+
+if ! apt-mark showinstall | grep -q "qemu-system-modules-opengl"; then
+
+  info "Installing OpenGL module..."
+
+  export DEBCONF_NOWARNINGS="yes"
+  export DEBIAN_FRONTEND="noninteractive"
+
+  apt-get -qq update
+  apt-get -qq --no-install-recommends -y install qemu-system-modules-opengl > /dev/null
+
+fi

run/install.sh

@@ -127,28 +127,27 @@ if ((SIZE<250000000)); then
   error "The specified PAT file is probably an update pack as it's too small." && exit 62
 fi
 
-info "Install: Extracting downloaded image..."
-
 if { tar tf "$PAT"; } >/dev/null 2>&1; then
 
+  info "Install: Extracting downloaded image..."
   tar xpf "$PAT" -C "$TMP/."
 
 else
 
   if [ "$ARCH" != "amd64" ]; then
 
+    info "Install: Installing QEMU..."
+
     export DEBCONF_NOWARNINGS="yes"
     export DEBIAN_FRONTEND="noninteractive"
 
     apt-get -qq update
-    apt-get -qq -y upgrade
     apt-get -qq --no-install-recommends -y install qemu-user > /dev/null
 
-    export DEBIAN_FRONTEND=""
-    export DEBCONF_NOWARNINGS=""
-
   fi
 
+  info "Install: Extracting downloaded image..."
+
   export LD_LIBRARY_PATH="/run/extract"
 
   if [ "$ARCH" == "amd64" ]; then
@@ -205,14 +204,14 @@ SIZE=$(stat -c%s "${SYSTEM}")
 
 PART="$TMP/partition.fdisk"
 
-{	echo "label: dos"
+{       echo "label: dos"
-	echo "label-id: 0x6f9ee2e9"
+        echo "label-id: 0x6f9ee2e9"
-	echo "device: ${SYSTEM}"
+        echo "device: ${SYSTEM}"
-	echo "unit: sectors"
+        echo "unit: sectors"
-	echo "sector-size: 512"
+        echo "sector-size: 512"
-	echo ""
+        echo ""
-	echo "${SYSTEM}1 : start=        2048, size=     4980480, type=83"
+        echo "${SYSTEM}1 : start=        2048, size=     4980480, type=83"
-	echo "${SYSTEM}2 : start=     4982528, size=     4194304, type=82"
+        echo "${SYSTEM}2 : start=     4982528, size=     4194304, type=82"
 } > "$PART"
 
 sfdisk -q "$SYSTEM" < "$PART"
@@ -243,9 +242,6 @@ mkdir -p "$LOC"
 cp /agent/service.sh "$LOC/agent.sh"
 chmod 755 "$LOC/agent.sh"
 
-# Store agent version
-echo "7" > "$STORAGE"/"$BASE".agent
-
 info "Install: Installing system partition..."
 
 LABEL="1.44.1-42218"

run/network.sh

@@ -146,7 +146,6 @@ configureNAT () {
 
   ip link set dev "${VM_NET_TAP}" master dockerbridge
 
-
   # Add internet connection to the VM
   IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
 
@@ -235,7 +234,11 @@ fi
 if [[ "${DHCP}" == [Yy1]* ]]; then
 
   if [[ "$GATEWAY" == "172."* ]]; then
-    error "You can only enable DHCP while the container is on a macvlan network!" && exit 86
+    if [[ "${DEBUG}" == [Yy1]* ]]; then
+      info "Warning: Are you sure the container is on a macvlan network?"
+    else
+      error "You can only enable DHCP while the container is on a macvlan network!" && exit 86
+    fi
   fi
 
   # Configuration for DHCP IP

run/power.sh

@@ -39,28 +39,14 @@ _graceful_shutdown() {
 
     echo && error "Could not send shutdown command to the guest ($RESPONSE)"
 
-    # If we cannot shutdown the usual way, fallback to the NMI method
+    # Send a NMI interrupt which will be detected by the agent script
-
+    if ! echo 'nmi' | nc -q 1 -w 1 localhost "${QEMU_MONPORT}" > /dev/null ; then
-    AGENT="${STORAGE}/${BASE}.agent"
-    [ -f "$AGENT" ] && AGENT_VERSION=$(cat "${AGENT}") || AGENT_VERSION=1
-
-    if ((AGENT_VERSION > 1)); then
-
-      # Send a NMI interrupt which will be detected by the kernel
-      if ! echo 'nmi' | nc -q 1 -w 1 localhost "${QEMU_MONPORT}" > /dev/null ; then
-        AGENT_VERSION=0
-      fi
-
-    fi
-
-    if ((AGENT_VERSION < 2)); then
-
-      echo && info "Please update the VirtualDSM Agent to allow for gracefull shutdowns..."
 
       kill -15 "$(cat "${_QEMU_PID}")"
       pkill -f qemu-system-x86_64 || true
 
     fi
+
   fi
 
   while [ "$(cat ${_QEMU_SHUTDOWN_COUNTER})" -lt "${QEMU_POWERDOWN_TIMEOUT}" ]; do
@@ -72,7 +58,8 @@ _graceful_shutdown() {
     if echo 'info version'| nc -q 1 -w 1 localhost "${QEMU_MONPORT}" >/dev/null 2>&1 ; then
 
       sleep 1
-      #info "Shutting down, waiting... ($(cat ${_QEMU_SHUTDOWN_COUNTER})/${QEMU_POWERDOWN_TIMEOUT})"
+      CNT="$(cat ${_QEMU_SHUTDOWN_COUNTER})/${QEMU_POWERDOWN_TIMEOUT}"
+      [[ "${DEBUG}" == [Yy1]* ]] && info "Shutting down, waiting... (${CNT})"
 
     fi
 

run/run.sh

@@ -4,7 +4,8 @@ set -Eeuo pipefail
 # Docker environment variables
 
 : ${URL:=''}            # URL of the PAT file
-: ${DEBUG:='N'}         # Enable debug mode
+: ${GPU:='N'}           # Enable GPU passthrough
+: ${DEBUG:='N'}         # Enable debugging mode
 : ${ALLOCATE:='Y'}      # Preallocate diskspace
 : ${ARGUMENTS:=''}      # Extra QEMU parameters
 : ${CPU_CORES:='1'}     # Amount of CPU cores
@@ -41,17 +42,10 @@ if [[ ! -f "$STORAGE/$BASE.boot.img" ]] || [[ ! -f "$STORAGE/$BASE.system.img" ]
   . /run/install.sh
 fi
 
-# Initialize disks
+. /run/disk.sh     # Initialize disks
-. /run/disk.sh
+. /run/network.sh  # Initialize network
-
+. /run/serial.sh   # Initialize serialport
-# Initialize network
+. /run/power.sh    # Configure shutdown
-. /run/network.sh
-
-# Initialize serialport
-. /run/serial.sh
-
-# Configure shutdown
-. /run/power.sh
 
 KVM_ERR=""
 KVM_OPTS=""
@@ -81,6 +75,8 @@ EXTRA_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
 EXTRA_OPTS="$EXTRA_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
 EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
 
+[[ "${GPU}" == [Yy1]* ]] && [[ "$ARCH" == "amd64" ]] && . /run/gpu.sh
+
 ARGS="${DEF_OPTS} ${CPU_OPTS} ${RAM_OPTS} ${MAC_OPTS} ${MON_OPTS} ${SERIAL_OPTS} ${NET_OPTS} ${DISK_OPTS} ${EXTRA_OPTS} ${ARGUMENTS}"
 ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
 

run/serial.sh

@@ -52,8 +52,8 @@ fi
 
 SERIAL_OPTS="\
 	-serial mon:stdio \
-	-device virtio-serial-pci,id=virtio-serial0,bus=pcie.0,addr=0x3 \
+        -device virtio-serial-pci,id=virtio-serial0,bus=pcie.0,addr=0x3 \
-	-chardev pty,id=charserial0 \
+        -chardev pty,id=charserial0 \
-	-device isa-serial,chardev=charserial0,id=serial0 \
+        -device isa-serial,chardev=charserial0,id=serial0 \
-	-chardev socket,id=charchannel0,host=127.0.0.1,port=12345,reconnect=10 \
+        -chardev socket,id=charchannel0,host=127.0.0.1,port=12345,reconnect=10 \
-	-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=vchannel"
+        -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=vchannel"