feat: Improve support for unprivileged hosts (including LXC) (#479)

* * Add fakeroot to extract the dsm system without elevated permissions
* Remove obsolete docker variable "DEV" used to exclude extraction of device nodes

* feat: Detect unprivileged container

* fix: Use fakeroot for mke2fs

---------

Co-authored-by: Kroese <kroese@users.noreply.github.com>

Dockerfile

@@ -29,6 +29,7 @@ RUN apt-get update && apt-get -y upgrade \
         iptables \
         iproute2 \
         dnsmasq \
+        fakeroot \        
         net-tools \
         qemu-utils \
         ca-certificates \

src/check.sh

@@ -1,6 +1,8 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
+: ${VM_NET_DEV:='eth0'}
+
 [ ! -f "/run/qemu.pid" ] && echo "QEMU not running yet.." && exit 0
 [ -f "/run/qemu.count" ] && echo "QEMU is shutting down.." && exit 1
 
@@ -10,7 +12,18 @@ file="/run/dsm.url"
 location=$(cat "$file")
 
 if ! curl -m 20 -ILfSs "http://$location/" > /dev/null; then
-  echo "Failed to reach page at http://$location" && exit 1
+
+  if [[ "$location" == "20.20"* ]]; then
+    ip="20.20.20.1"
+    port="${location##*:}"
+    echo "Failed to reach DSM at port $port"
+  else
+    echo "Failed to reach DSM at http://$location"
+    ip=$(ip address show dev "$VM_NET_DEV" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+  fi
+
+  echo "You might need to whitelist IP $ip in the DSM firewall." && exit 1
+
 fi
 
 echo "Healthcheck OK"

src/disk.sh

@@ -8,7 +8,7 @@ set -Eeuo pipefail
 : ${DISK_CACHE:='none'}         # Caching mode, can be set to 'writeback' for better performance
 : ${DISK_DISCARD:='on'}         # Controls whether unmap (TRIM) commands are passed to the host.
 : ${DISK_ROTATION:='1'}         # Rotation rate, set to 1 for SSD storage and increase for HDD
-: ${DISK_FLAGS:='nocow=on'}     # Specifies the options for use with the qcow2 disk format
+: ${DISK_FLAGS:=''}             # Specifies the options for use with the qcow2 disk format
 
 BOOT="$STORAGE/$BASE.boot.img"
 SYSTEM="$STORAGE/$BASE.system.img"
@@ -82,30 +82,32 @@ createDisk() {
   local DISK_SPACE=$2
   local DISK_DESC=$3
   local DISK_FMT=$4
-  local DIR SPACE DATA_SIZE
+  local DATA_SIZE DIR SPACE
+
+  DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
 
   if [[ "$ALLOCATE" != [Nn]* ]]; then
 
     # Check free diskspace
     DIR=$(dirname "$DISK_FILE")
     SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
-    local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
-    DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
 
     if (( DATA_SIZE > SPACE )); then
+      local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
       error "Not enough free space to create a $DISK_DESC of $DISK_SPACE in $DIR, it has only $SPACE_GB GB available..."
       error "Please specify a smaller ${DISK_DESC^^}_SIZE or disable preallocation by setting ALLOCATE=N." && exit 76
     fi
   fi
 
-  local FAIL="Could not create a $DISK_SPACE $DISK_FMT file for $DISK_DESC ($DISK_FILE)"
+  info "Creating a $DISK_TYPE $DISK_DESC image in $DISK_FMT format with a size of $DISK_SPACE..."
+  local FAIL="Could not create a $DISK_TYPE $DISK_FMT $DISK_DESC image of $DISK_SPACE ($DISK_FILE)"
 
   case "${DISK_FMT,,}" in
     raw)
       if [[ "$ALLOCATE" == [Nn]* ]]; then
 
         # Create an empty file
-        if ! truncate -s "$DISK_SPACE" "$DISK_FILE"; then
+        if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
           rm -f "$DISK_FILE"
           error "$FAIL" && exit 77
         fi
@@ -113,8 +115,8 @@ createDisk() {
       else
 
         # Create an empty file
-        if ! fallocate -l "$DISK_SPACE" "$DISK_FILE"; then
-          if ! truncate -s "$DISK_SPACE" "$DISK_FILE"; then
+        if ! fallocate -l "$DATA_SIZE" "$DISK_FILE"; then
+          if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
             rm -f "$DISK_FILE"
             error "$FAIL" && exit 77
           fi
@@ -125,7 +127,7 @@ createDisk() {
     qcow2)
       local DISK_OPTS="$DISK_ALLOC"
       [ -n "$DISK_FLAGS" ] && DISK_OPTS="$DISK_OPTS,$DISK_FLAGS"
-      if ! qemu-img create -f "$DISK_FMT" -o "$DISK_OPTS" -- "$DISK_FILE" "$DISK_SPACE" ; then
+      if ! qemu-img create -f "$DISK_FMT" -o "$DISK_OPTS" -- "$DISK_FILE" "$DATA_SIZE" ; then
         rm -f "$DISK_FILE"
         error "$FAIL" && exit 70
       fi
@@ -152,9 +154,9 @@ resizeDisk() {
     # Check free diskspace
     DIR=$(dirname "$DISK_FILE")
     SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
-    local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
 
     if (( REQ > SPACE )); then
+      local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
       error "Not enough free space to resize $DISK_DESC to $DISK_SPACE in $DIR, it has only $SPACE_GB GB available.."
       error "Please specify a smaller ${DISK_DESC^^}_SIZE or disable preallocation by setting ALLOCATE=N." && exit 74
     fi
@@ -162,22 +164,22 @@ resizeDisk() {
 
   local GB=$(( (CUR_SIZE + 1073741823)/1073741824 ))
   info "Resizing $DISK_DESC from ${GB}G to $DISK_SPACE..."
-  local FAIL="Could not resize $DISK_FMT file of $DISK_DESC ($DISK_FILE) from ${GB}G to $DISK_SPACE .."
+  local FAIL="Could not resize the $DISK_TYPE $DISK_FMT $DISK_DESC image from ${GB}G to $DISK_SPACE ($DISK_FILE)"
 
   case "${DISK_FMT,,}" in
     raw)
       if [[ "$ALLOCATE" == [Nn]* ]]; then
 
         # Resize file by changing its length
-        if ! truncate -s "$DISK_SPACE" "$DISK_FILE"; then
+        if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
           error "$FAIL" && exit 75
         fi
 
       else
 
         # Resize file by allocating more space
-        if ! fallocate -l "$DISK_SPACE" "$DISK_FILE"; then
-          if ! truncate -s "$DISK_SPACE" "$DISK_FILE"; then
+        if ! fallocate -l "$DATA_SIZE" "$DISK_FILE"; then
+          if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
             error "$FAIL" && exit 75
           fi
         fi
@@ -185,7 +187,7 @@ resizeDisk() {
       fi
       ;;
     qcow2)
-      if ! qemu-img resize -f "$DISK_FMT" "--$DISK_ALLOC" "$DISK_FILE" "$DISK_SPACE" ; then
+      if ! qemu-img resize -f "$DISK_FMT" "--$DISK_ALLOC" "$DISK_FILE" "$DATA_SIZE" ; then
         error "$FAIL" && exit 72
       fi
       ;;
@@ -215,9 +217,9 @@ convertDisk() {
     DIR=$(dirname "$TMP_FILE")
     CUR_SIZE=$(getSize "$SOURCE_FILE")
     SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
-    local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
 
     if (( CUR_SIZE > SPACE )); then
+      local SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
       error "Not enough free space to convert $DISK_DESC to $DST_FMT in $DIR, it has only $SPACE_GB GB available..."
       error "Please free up some disk space or disable preallocation by setting ALLOCATE=N." && exit 76
     fi
@@ -225,21 +227,28 @@ convertDisk() {
 
   info "Converting $DISK_DESC to $DST_FMT, please wait until completed..."
 
-  case "$DST_FMT" in
-    qcow2)
+  if [[ "$DST_FMT" != "raw" ]]; then
       if [[ "$ALLOCATE" == [Nn]* ]]; then
         CONV_FLAGS="$CONV_FLAGS -c"
       fi
       [ -n "$DISK_FLAGS" ] && DISK_OPTS="$DISK_OPTS,$DISK_FLAGS"
-      ;;
-  esac
+  fi
 
   rm -f "$TMP_FILE"
 
   # shellcheck disable=SC2086
   if ! qemu-img convert -f "$SOURCE_FMT" $CONV_FLAGS -o "$DISK_OPTS" -O "$DST_FMT" -- "$SOURCE_FILE" "$TMP_FILE"; then
     rm -f "$TMP_FILE"
-    error "Failed to convert $DISK_DESC to $DST_FMT format in $DIR, is there enough space available?" && exit 79
+    error "Failed to convert $DISK_TYPE $DISK_DESC image to $DST_FMT format in $DIR, is there enough space available?" && exit 79
+  fi
+
+  if [[ "$DST_FMT" == "raw" ]]; then
+      if [[ "$ALLOCATE" != [Nn]* ]]; then
+        CUR_SIZE=$(stat -c%s "$TMP_FILE")
+        if ! fallocate -l "$CUR_SIZE" "$TMP_FILE"; then
+            info "Failed to allocate $CUR_SIZE bytes for $TMP_FILE"
+        fi
+      fi
   fi
 
   rm -f "$SOURCE_FILE"
@@ -250,6 +259,45 @@ convertDisk() {
   return 0
 }
 
+checkFS () {
+  local DISK_FILE=$1
+  local DIR FS FA
+
+  DIR=$(dirname "$DISK_FILE")
+  [ ! -d "$DIR" ] && return 0
+
+  FS=$(stat -f -c %T "$DIR")
+
+  if [[ "$FS" == "overlay"* ]]; then
+    info "Warning: the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
+  fi
+
+  if [[ "$FS" == "xfs" || "$FS" == "zfs" || "$FS" == "btrfs" || "$FS" == "bcachefs" ]]; then
+    local FLAG="nocow"
+    if [[ "$DISK_FLAGS" != *"$FLAG="* ]]; then
+      if [ -z "$DISK_FLAGS" ]; then
+        DISK_FLAGS="$FLAG=on"
+      else
+        DISK_FLAGS="$DISK_FLAGS,$FLAG=on"
+      fi
+    fi
+
+    if [ -f "$DISK_FILE" ] ; then
+      FA=$(lsattr "$DISK_FILE")
+      [[ "$FA" == *"C"* ]] && FA=$(lsattr -d "$DIR")
+    else
+      FA=$(lsattr -d "$DIR")
+    fi
+
+    if [[ "$FA" != *"C"* ]]; then
+      info "Warning: the filesystem of $DIR is ${FS^^}, and COW (copy on write) is not disabled for that folder!"
+      info "This will negatively affect performance, please empty the folder and disable COW (chattr +C <path>)."
+    fi
+  fi
+
+  return 0
+}
+
 addDisk () {
   local DISK_ID=$1
   local DISK_BASE=$2
@@ -260,36 +308,25 @@ addDisk () {
   local DISK_ADDRESS=$7
   local DISK_FMT=$8
   local DISK_FILE="$DISK_BASE.$DISK_EXT"
-  local DIR FS FA DATA_SIZE PREV_FMT PREV_EXT CUR_SIZE
+  local DIR DATA_SIZE PREV_FMT PREV_EXT CUR_SIZE
 
   DIR=$(dirname "$DISK_FILE")
   [ ! -d "$DIR" ] && return 0
 
-  FS=$(stat -f -c %T "$DIR")
-  if [[ "$FS" == "overlay"* ]]; then
-    info "Warning: the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
-  fi
-  if [[ "$FS" == "btrfs"* ]]; then
-    if [ -f "$DISK_FILE" ] ; then
-      FA=$(lsattr "$DISK_FILE")
-      [[ "$FA" == *"C"* ]] && FA=$(lsattr -d "$DIR")
-    else
-      FA=$(lsattr -d "$DIR")
-    fi
-    if [[ "$FA" != *"C"* ]]; then
-      info "Warning: the filesystem of $DIR is BTRFS, and COW (copy on write) is not disabled for that folder!"
-      info "This will negatively affect write performance, please empty the folder and disable COW (chattr +C <path>)."
-    fi
-  fi
-
   [ -z "$DISK_SPACE" ] && DISK_SPACE="16G"
-  DISK_SPACE=$(echo "$DISK_SPACE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
+  DISK_SPACE=$(echo "${DISK_SPACE^^}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
   DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
 
   if (( DATA_SIZE < 6442450944 )); then
-    error "Please increase ${DISK_DESC^^}_SIZE to at least 6 GB." && exit 73
+    if (( DATA_SIZE < 1 )); then
+      error "Invalid value for ${DISK_DESC^^}_SIZE: $DISK_SPACE" && exit 73
+    else
+      error "Please increase ${DISK_DESC^^}_SIZE to at least 6 GB." && exit 73
+    fi
   fi
 
+  checkFS "$DISK_FILE" || exit $?
+
   if ! [ -f "$DISK_FILE" ] ; then
 
     if [[ "${DISK_FMT,,}" != "raw" ]]; then
@@ -329,8 +366,10 @@ addDisk () {
 DISK_EXT="$(fmt2ext "$DISK_FMT")" || exit $?
 
 if [[ "$ALLOCATE" == [Nn]* ]]; then
+  DISK_TYPE="growable"
   DISK_ALLOC="preallocation=off"
 else
+  DISK_TYPE="preallocated"
   DISK_ALLOC="preallocation=falloc"
 fi
 

src/install.sh

@@ -2,7 +2,6 @@
 set -Eeuo pipefail
 
 : ${URL:=''}    # URL of the PAT file to be downloaded.
-: ${DEV:='Y'}   # Controls whether device nodes are created.
 
 if [ -f "$STORAGE"/dsm.ver ]; then
   BASE=$(cat "$STORAGE/dsm.ver")
@@ -55,11 +54,11 @@ FS=$(stat -f -c %T "$STORAGE")
 if [[ "$FS" == "overlay"* ]]; then
   info "Warning: the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
 fi
-if [[ "$FS" == "btrfs"* ]]; then
+if [[ "$FS" == "xfs" || "$FS" == "zfs" || "$FS" == "btrfs" || "$FS" == "bcachefs" ]]; then
   FA=$(lsattr -d "$STORAGE")
   if [[ "$FA" != *"C"* ]]; then
-    info "Warning: the filesystem of $STORAGE is BTRFS, and COW (copy on write) is not disabled for that folder!"
-    info "This will negatively affect write performance, please empty the folder and disable COW (chattr +C <path>)."
+    info "Warning: the filesystem of $STORAGE is ${FS^^}, and COW (copy on write) is not disabled for that folder!"
+    info "This will negatively affect performance, please empty the folder and disable COW (chattr +C <path>)."
   fi
 fi
 
@@ -100,6 +99,7 @@ fi
 
 # Download the required files from the Synology website
 
+ROOT="Y"
 RDC="$STORAGE/dsm.rd"
 
 if [ ! -f "$RDC" ]; then
@@ -139,14 +139,12 @@ if [ -f "$RDC" ]; then
   { xz -dc <"$RDC" >"$TMP/rd" 2>/dev/null; rc=$?; } || :
   (( rc != 1 )) && error "Failed to unxz $RDC, reason $rc" && exit 91
 
-  if [[ "$DEV" == [Nn]* ]]; then
-    # Exclude dev/ from cpio extract
-    { (cd "$TMP" && cpio -it < "$TMP/rd" | grep -Ev 'dev/' | while read -r entry; do cpio -idm "$entry" < "$TMP/rd" 2>/dev/null; done); rc=$?; } || :
+  { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
+
+  if (( rc != 0 )); then
+    ROOT="N"
+    { (cd "$TMP" && fakeroot cpio -idmu <"$TMP/rd" 2>/dev/null); rc=$?; } || :
     (( rc != 0 )) && error "Failed to extract $RDC, reason $rc" && exit 92
-  else
-    { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
-    (( rc != 0 )) && error "Failed to extract $RDC, reason $rc"
-    (( rc != 0 )) && error "If the container runs unprivileged, please set DEV=N to exclude device nodes." && exit 92
   fi
 
   mkdir -p /run/extract
@@ -199,15 +197,14 @@ if ((SIZE<250000000)); then
   error "The specified PAT file is probably an update pack as it's too small." && exit 62
 fi
 
+info "Install: Extracting downloaded image..."
+
 if { tar tf "$PAT"; } >/dev/null 2>&1; then
 
-  info "Install: Extracting downloaded image..."
   tar xpf "$PAT" -C "$TMP/."
 
 else
 
-  info "Install: Extracting downloaded image..."
-
   export LD_LIBRARY_PATH="/run/extract"
 
   if [ "$ARCH" == "amd64" ]; then
@@ -272,31 +269,46 @@ sfdisk -q "$SYSTEM" < "$PART"
 
 info "Install: Extracting system partition..."
 
+LABEL="1.44.1-42218"
+OFFSET="1048576" # 2048 * 512
+NUMBLOCKS="622560" # (4980480 * 512) / 4096
+
 MOUNT="$TMP/system"
 rm -rf "$MOUNT" && mkdir -p "$MOUNT"
 
 mv "$HDA.tgz" "$HDA.txz"
 
-if [[ "$DEV" == [Nn]* ]]; then
-  # Exclude dev/ from tar extract
-  tar xpfJ "$HDA.txz" --absolute-names --exclude="dev" -C "$MOUNT/"
-else
+if [[ "$ROOT" != [Nn]* ]]; then
+
   tar xpfJ "$HDA.txz" --absolute-names -C "$MOUNT/"
+
 fi
 
 [ -d "$PKG" ] && mv "$PKG/" "$MOUNT/.SynoUpgradePackages/"
 rm -f "$MOUNT/.SynoUpgradePackages/ActiveInsight-"*
 
 [ -f "$HDP.txz" ] && tar xpfJ "$HDP.txz" --absolute-names -C "$MOUNT/"
-[ -f "$IDB.txz" ] && tar xpfJ "$IDB.txz" --absolute-names -C "$MOUNT/usr/syno/synoman/indexdb/"
 
-info "Install: Installing system partition..."
+if [ -f "$IDB.txz" ]; then
+  INDEX_DB="$MOUNT/usr/syno/synoman/indexdb/"
+  mkdir -p "$INDEX_DB"
+  tar xpfJ "$IDB.txz" --absolute-names -C "$INDEX_DB"
+fi
 
-LABEL="1.44.1-42218"
-OFFSET="1048576" # 2048 * 512
-NUMBLOCKS="622560" # (4980480 * 512) / 4096
+if [[ "$ROOT" != [Nn]* ]]; then
 
-mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
+  info "Install: Installing system partition..."
+
+  mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
+
+else
+
+  fakeroot -- bash -c "set -Eeu;\
+        tar xpfJ $HDA.txz --absolute-names --skip-old-files -C $MOUNT/;\
+        printf '%b%s%b' '\E[1;34m❯ \E[1;36m' 'Install: Installing system partition...' '\E[0m\n';\
+        mke2fs -q -t ext4 -b 4096 -d $MOUNT/ -L $LABEL -F -E offset=$OFFSET $SYSTEM $NUMBLOCKS"
+
+fi
 
 rm -rf "$MOUNT"
 

src/power.sh

@@ -52,26 +52,25 @@ _graceful_shutdown() {
 
   while [ "$(cat $QEMU_COUNT)" -lt "$QEMU_TIMEOUT" ]; do
 
-    # Increase the counter
-    echo $(($(cat $QEMU_COUNT)+1)) > "$QEMU_COUNT"
-
     # Try to connect to qemu
-    if echo 'info version'| nc -q 1 -w 1 localhost "$QEMU_PORT" >/dev/null 2>&1 ; then
-
-      sleep 1
-
-      cnt="$(cat $QEMU_COUNT)/$QEMU_TIMEOUT"
-      [[ "$DEBUG" == [Yy1]* ]] && info "Shutting down, waiting... ($cnt)"
-
+    if ! echo 'info version'| nc -q 1 -w 1 localhost "$QEMU_PORT" >/dev/null 2>&1 ; then
+      break
     fi
 
+    # Increase the counter
+    cnt=$(($(cat $QEMU_COUNT)+1))
+    echo $cnt > "$QEMU_COUNT"
+
+    [[ "$DEBUG" == [Yy1]* ]] && info "Shutting down, waiting... ($cnt/$QEMU_TIMEOUT)"
+
   done
 
   if [ "$(cat $QEMU_COUNT)" -ge "$QEMU_TIMEOUT" ]; then
     echo && error "Shutdown timeout reached, forcefully quitting.."
+  else
+    echo && echo "❯ Quitting..."
   fi
 
-  echo && echo "❯ Quitting..."
   echo 'quit' | nc -q 1 -w 1 localhost "$QEMU_PORT" >/dev/null 2>&1 || true
 
   { pkill -f print.sh || true; } 2>/dev/null

src/print.sh

@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
+: ${DHCP:='N'}
+: ${VM_NET_DEV:='eth0'}
+
 info () { printf "%b%s%b" "\E[1;34m❯ \E[1;36m" "$1" "\E[0m\n" >&2; }
 error () { printf "%b%s%b" "\E[1;31m❯ " "ERROR: $1" "\E[0m\n" >&2; }
 
@@ -22,7 +25,7 @@ do
   [ -f "$shutdown" ] && exit 1
   [ -f "$file" ] && break
 
-  # Retrieve IP from guest VM
+  # Retrieve network info from guest VM
   { json=$(curl -m 20 -sk "$url"); rc=$?; } || :
 
   [ -f "$shutdown" ] && exit 1
@@ -45,7 +48,11 @@ do
   { ip=$(echo "$json" | jq -r '.data.data.ip.data[] | select((.name=="eth0") and has("ip")).ip'); rc=$?; } || :
   (( rc != 0 )) && error "$jq_err $rc ( $json )" && continue
   [[ "$ip" == "null" ]] && error "$resp_err $json" && continue
-  [ -z "$ip" ] && continue
+
+  if [ -z "$ip" ]; then
+    [[ "$DHCP" == [Yy1]* ]] && continue
+    ip="20.20.20.21"
+  fi
 
   echo "$ip:$port" > $file
 
@@ -61,7 +68,7 @@ if [[ "$location" != "20.20"* ]]; then
 
 else
 
-  ip=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+  ip=$(ip address show dev "$VM_NET_DEV" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
   port="${location##*:}"
 
   if [[ "$ip" == "172."* ]]; then