build: Remove apt-get upgrade (#543)

* feat: Add FUSE warning

.github/workflows/check.yml

@@ -11,4 +11,4 @@ jobs:
       - name: Run ShellCheck
         uses: ludeeus/action-shellcheck@master
 env:
-        SHELLCHECK_OPTS: -x --source-path=src -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 -e SC2317 -e SC2028 -e SC2153 -e SC2004 
+        SHELLCHECK_OPTS: -x --source-path=src -e SC2001 -e SC2002 -e SC2223 -e SC2034 -e SC2064 -e SC2317 -e SC2153 -e SC2028

Dockerfile

@@ -2,7 +2,7 @@ FROM qemux/qemu-host as builder
 
 #  FROM golang as builder
 #  WORKDIR /
-#  RUN git clone https://github.com/qemu-tools/qemu-host.git
+#  RUN git clone https://github.com/qemus/qemu-host.git
 #  WORKDIR /qemu-host/src
 #  RUN go mod download
 #  RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o /qemu-host.bin .
@@ -13,8 +13,8 @@ ARG TARGETPLATFORM
 ARG DEBCONF_NOWARNINGS="yes"
 ARG DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && apt-get -y upgrade \
-    && if [ "$TARGETPLATFORM" != "linux/amd64" ]; then extra="qemu-user"; fi \
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ]; then extra="qemu-user"; fi \
+    && apt-get update \
     && apt-get --no-install-recommends -y install \
         jq \
         tini \
@@ -29,6 +29,7 @@ RUN apt-get update && apt-get -y upgrade \
         iptables \
         iproute2 \
         dnsmasq \
+        fakeroot \
         net-tools \
         qemu-utils \
         ca-certificates \
@@ -43,12 +44,7 @@ COPY --from=builder /qemu-host.bin /run/host.bin
 RUN chmod +x /run/*.sh && chmod +x /run/*.bin
 
 VOLUME /storage
-
-EXPOSE 22
-EXPOSE 80
-EXPOSE 139
-EXPOSE 445
-EXPOSE 5000
+EXPOSE 22 139 445 5000
 
 ENV RAM_SIZE "1G"
 ENV DISK_SIZE "16G"

agent/agent.sh

@@ -1,140 +0,0 @@
-#!/usr/bin/env bash
-set -u
-
-VERSION="9"
-HEADER="VirtualDSM Agent"
-
-# Functions
-
-error () { echo -e "\E[1;31m❯ ERROR: $1\E[0m" ; }
-info () { echo -e "\E[1;34m❯\E[1;36m $1\E[0m" ; }
-
-finish() {
-
-  echo "❯ $HEADER: Shutting down.."
-  exit
-
-}
-
-function checkNMI {
-
-  local nmi
-  nmi=$(cat /proc/interrupts | grep NMI | sed 's/[^1-9]*//g')
-
-  if [ "$nmi" != "" ]; then
-
-    info "Received shutdown request through NMI.."
-
-    /usr/syno/sbin/synoshutdown -s > /dev/null
-    finish
-
-  fi
-}
-
-function downloadUpdate {
-
-  TMP="/tmp/agent.sh"
-  rm -f "${TMP}"
-
-  # Auto update the agent
-
-  URL="https://raw.githubusercontent.com/vdsm/virtual-dsm/master/agent/agent.sh"
-  
-  remote_size=$(curl -sIk -m 4 "${URL}" | grep -i "content-length:" | tr -d " \t" | cut -d ':' -f 2)
-  remote_size=${remote_size//$'\r'}
-
-  [[ "$remote_size" == "" || "$remote_size" == "0" ]] && return
-
-  remote_size=$(($remote_size+0))
-  ((remote_size<100)) && return
-
-  SCRIPT=$(readlink -f "${BASH_SOURCE[0]}")
-  local_size=$(stat -c%s "$SCRIPT")
-  local_size=$(($local_size+0))
-
-  [[ remote_size -eq local_size ]] && return
-
-  if ! curl -sfk -m 10 -o "${TMP}" "${URL}"; then
-    error "$HEADER: curl error ($?)" && return
-  fi
-
-  if [ ! -f "${TMP}" ]; then
-    error "$HEADER: update error, file not found.." && return
-  fi
-
-  line=$(head -1 "${TMP}")
-
-  if [[ "$line" != "#!/usr/bin/env bash" ]]; then
-    error "$HEADER: update error, invalid header: $line" && return
-  fi
-
-  if cmp --silent -- "${TMP}" "${SCRIPT}"; then
-    error "$HEADER: update file is already equal? (${local_size} / ${remote_size})" && return
-  fi
-
-  mv -f "${TMP}" "${SCRIPT}"
-  chmod 755 "${SCRIPT}"
-
-  info "$HEADER: succesfully installed update..."
-
-}
-
-function installPackages {
-
-  for filename in /usr/local/packages/*.spk; do
-    if [ -f "$filename" ]; then
-
-      BASE=$(basename "$filename" .spk)
-      BASE="${BASE%%-*}"
-
-      [[ $BASE == "ActiveInsight" ]] && continue
-
-      info "Installing package ${BASE}.."
-
-      /usr/syno/bin/synopkg install "$filename" > /dev/null
-      /usr/syno/bin/synopkg start "$BASE" > /dev/null &
-
-      rm "$filename"
-
-    fi
-  done
-
-}
-
-trap finish SIGINT SIGTERM
-
-ts=$(date +%s%N)
-
-echo ""
-echo "❯ Started $HEADER v$VERSION..."
-
-checkNMI
-
-# Install packages 
-
-first_run=false
-
-for filename in /usr/local/packages/*.spk; do
-  if [ -f "$filename" ]; then
-    first_run=true
-  fi
-done
-
-if [ "$first_run" = true ]; then
-
-  installPackages
-
-else
-
-  downloadUpdate
-
-fi
-
-# Wait for NMI interrupt as a shutdown signal
-
-while true; do
-
-  checkNMI
-  sleep 2 & wait $!
-
-done

agent/service.sh

@@ -1,87 +0,0 @@
-#!/bin/bash
-
-PIDFILE="/var/run/agent.pid"
-SCRIPT="/usr/local/bin/agent.sh"
-
-error () { echo -e "\E[1;31m❯ ERROR: $1\E[0m" ; }
-info () { echo -e "\E[1;34m❯\E[1;36m $1\E[0m" ; }
-
-status() {
-
-  if [ -f "$PIDFILE" ] && kill -0 "$(cat "$PIDFILE")"; then
-    echo 'Service running'
-    return 1
-  fi
-
-  return 0
-}
-
-start() {
-
-  if [ -f "$PIDFILE" ] && kill -0 "$(cat "$PIDFILE")"; then
-    echo 'Service already running'
-    return 1
-  fi
-
-  echo 'Starting agent service...'
-  chmod 666 /dev/ttyS0
-
-  if [ ! -f "$SCRIPT" ]; then
-
-    URL="https://raw.githubusercontent.com/vdsm/virtual-dsm/master/agent/agent.sh"
-
-    if ! curl -sfk -m 10 -o "${SCRIPT}" "${URL}"; then
-      error 'Failed to download agent script.' > /dev/ttyS0
-      rm -f "${SCRIPT}"
-      return 1
-    else
-      info 'Agent script was missing?' > /dev/ttyS0
-    fi
-
-    chmod 755 "${SCRIPT}"
-
-  fi
-
-  echo "-" > /var/lock/subsys/agent.sh
-  "$SCRIPT" &> /dev/ttyS0 & echo $! > "$PIDFILE"
-
-  return 0
-}
-
-stop() {
-
-  if [ ! -f "$PIDFILE" ] || ! kill -0 "$(cat "$PIDFILE")"; then
-    echo 'Service not running'
-    return 1
-  fi
-
-  echo 'Stopping agent service...'
-
-  chmod 666 /dev/ttyS0
-  info 'Stopping agent service...' > /dev/ttyS0
-
-  kill -15 "$(cat "$PIDFILE")" && rm -f "$PIDFILE"
-  rm -f /var/lock/subsys/agent.sh
-
-  echo 'Service stopped'
-  return 0
-}
-
-case "$1" in
-  start)
-    start
-    ;;
-  stop)
-    stop
-    ;;
-  status)
-    status
-    ;;
-  restart)
-    stop
-    start
-    ;;
-  *)
-    echo "Usage: $0 {start|stop|restart}"
-    exit 1
-esac

docker-compose.yml

@@ -9,12 +9,10 @@ services:
             CPU_CORES: "1"
         devices:
             - /dev/kvm
-            - /dev/net/tun
-            - /dev/vhost-net
         device_cgroup_rules:
             - 'c *:* rwm'
         cap_add:
-            - NET_ADMIN        
+            - NET_ADMIN
         ports:
             - 5000:5000
         volumes:

readme.md

@@ -122,7 +122,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
     sudo kvm-ok
     ```
 
-    If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check your BIOS settings.
+    If you receive an error from `kvm-ok` indicating that KVM acceleration can't be used, check the virtualization settings in the BIOS.
 
   * ### How do I assign an individual IP address to the container?
 
@@ -169,8 +169,6 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti
     ```yaml
     environment:
       DHCP: "Y"
-    devices:
-      - /dev/vhost-net
     device_cgroup_rules:
       - 'c *:* rwm'
     ```

src/check.sh

@@ -1,10 +1,12 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-[ ! -f "/run/qemu.pid" ] && echo "QEMU not running yet.." && exit 0
-[ -f "/run/qemu.count" ] && echo "QEMU is shutting down.." && exit 1
+[ -f "/run/qemu.end" ] && echo "QEMU is shutting down.." && exit 1
+[ ! -f "/run/qemu.pid" ] && echo "QEMU is not running yet.." && exit 0
 
 file="/run/dsm.url"
+address="/run/qemu.ip"
+
 [ ! -f  "$file" ] && echo "DSM has not enabled networking yet.." && exit 1
 
 location=$(cat "$file")
@@ -17,7 +19,7 @@ if ! curl -m 20 -ILfSs "http://$location/" > /dev/null; then
     echo "Failed to reach DSM at port $port"
   else
     echo "Failed to reach DSM at http://$location"
-    ip=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+    ip="$(cat "$address")"
   fi
 
   echo "You might need to whitelist IP $ip in the DSM firewall." && exit 1

src/config.sh

@@ -1,20 +1,15 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 
-DEF_OPTS="-nographic -nodefaults -boot strict=on -display none"
+DEF_OPTS="-nodefaults -boot strict=on"
 RAM_OPTS=$(echo "-m $RAM_SIZE" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
 CPU_OPTS="-cpu $CPU_MODEL -smp $CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"
 MAC_OPTS="-machine type=q35,usb=off,dump-guest-core=off,hpet=off${KVM_OPTS}"
-EXTRA_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
-EXTRA_OPTS="$EXTRA_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
-EXTRA_OPTS="$EXTRA_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
+DEV_OPTS="-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x4"
+DEV_OPTS="$DEV_OPTS -object rng-random,id=objrng0,filename=/dev/urandom"
+DEV_OPTS="$DEV_OPTS -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0,addr=0x1c"
 
-if [[ "$GPU" == [Yy1]* ]] && [[ "$ARCH" == "amd64" ]]; then
-  DEF_OPTS="-nodefaults -boot strict=on -display egl-headless,rendernode=/dev/dri/renderD128"
-  DEF_OPTS="$DEF_OPTS -device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x1"
-fi
-
-ARGS="$DEF_OPTS $CPU_OPTS $RAM_OPTS $MAC_OPTS $MON_OPTS $SERIAL_OPTS $NET_OPTS $DISK_OPTS $EXTRA_OPTS $ARGUMENTS"
+ARGS="$DEF_OPTS $CPU_OPTS $RAM_OPTS $MAC_OPTS $DISPLAY_OPTS $MON_OPTS $SERIAL_OPTS $NET_OPTS $DISK_OPTS $DEV_OPTS $ARGUMENTS"
 ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
 
 return 0

src/cpu.sh

@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-# Docker environment variables
-
-: ${HOST_CPU:=''}
-: ${CPU_MODEL:='host'}
-: ${CPU_FEATURES:='+ssse3,+sse4.1,+sse4.2'}
-
-KVM_ERR=""
-KVM_OPTS=""
-
-if [[ "$ARCH" == "amd64" && "$KVM" != [Nn]* ]]; then
-
-  if [ -e /dev/kvm ] && sh -c 'echo -n > /dev/kvm' &> /dev/null; then
-    if ! grep -q -e vmx -e svm /proc/cpuinfo; then
-      KVM_ERR="(vmx/svm disabled)"
-    fi
-  else
-    [ -e /dev/kvm ] && KVM_ERR="(no write access)" || KVM_ERR="(device file missing)"
-  fi
-
-  if [ -n "$KVM_ERR" ]; then
-    error "KVM acceleration not detected $KVM_ERR, this will cause a major loss of performance."
-    error "See the FAQ on how to enable it, or skip this error by setting KVM=N (not recommended)."
-    [[ "$DEBUG" != [Yy1]* ]] && exit 88
-    [[ "$CPU_MODEL" == "host"* ]] && CPU_MODEL="max,$CPU_FEATURES"
-  else
-    KVM_OPTS=",accel=kvm -enable-kvm"
-  fi
-
-  if [ -n "$KVM_OPTS" ]; then
-    if ! grep -qE '^flags.* (sse4_2)' /proc/cpuinfo; then
-      error "Your host CPU does not have the SSE4.2 instruction set that Virtual DSM requires to boot."
-      error "Disable KVM by setting KVM=N to emulate a compatible CPU, at the cost of performance."
-      [[ "$DEBUG" != [Yy1]* ]] && exit 89
-    fi
-  fi
-
-else
-
-  [[ "$CPU_MODEL" == "host"* ]] && CPU_MODEL="max,$CPU_FEATURES"
-
-fi
-
-if [ -z "$HOST_CPU" ]; then
-  HOST_CPU=$(lscpu | grep 'Model name' | cut -f 2 -d ":" | awk '{$1=$1}1' | sed 's# @.*##g' | sed s/"(R)"//g | sed 's/[^[:alnum:] ]\+/ /g' | sed 's/  */ /g')
-fi
-
-if [ -n "$HOST_CPU" ]; then
-  HOST_CPU="${HOST_CPU%%,*},,"
-else
-  HOST_CPU="QEMU, Virtual CPU,"
-  if [ "$ARCH" == "amd64" ]; then
-    HOST_CPU="$HOST_CPU X86_64"
-  else
-    HOST_CPU="$HOST_CPU $ARCH"
-  fi
-fi
-
-return 0

src/disk.sh

@@ -5,10 +5,10 @@ set -Eeuo pipefail
 
 : ${DISK_IO:='native'}          # I/O Mode, can be set to 'native', 'threads' or 'io_turing'
 : ${DISK_FMT:='raw'}            # Disk file format, 'raw' by default for best performance
+: ${DISK_FLAGS:=''}             # Specifies the options for use with the qcow2 disk format
 : ${DISK_CACHE:='none'}         # Caching mode, can be set to 'writeback' for better performance
 : ${DISK_DISCARD:='on'}         # Controls whether unmap (TRIM) commands are passed to the host.
 : ${DISK_ROTATION:='1'}         # Rotation rate, set to 1 for SSD storage and increase for HDD
-: ${DISK_FLAGS:=''}             # Specifies the options for use with the qcow2 disk format
 
 BOOT="$STORAGE/$BASE.boot.img"
 SYSTEM="$STORAGE/$BASE.system.img"
@@ -17,11 +17,11 @@ SYSTEM="$STORAGE/$BASE.system.img"
 [ ! -f "$SYSTEM" ] && error "Virtual DSM system-image does not exist ($SYSTEM)" && exit 82
 
 DISK_OPTS="\
-    -object iothread,id=io1 -object iothread,id=io2 \
-    -device virtio-scsi-pci,id=hw-synoboot,iothread=io1,bus=pcie.0,addr=0xa \
+    -object iothread,id=io2 \
+    -device virtio-scsi-pci,id=hw-synoboot,iothread=io2,bus=pcie.0,addr=0xa \
     -drive file=$BOOT,if=none,id=drive-synoboot,format=raw,cache=$DISK_CACHE,aio=$DISK_IO,discard=$DISK_DISCARD,detect-zeroes=on \
     -device scsi-hd,bus=hw-synoboot.0,channel=0,scsi-id=0,lun=0,drive=drive-synoboot,id=synoboot0,rotation_rate=$DISK_ROTATION,bootindex=1 \
-    -device virtio-scsi-pci,id=hw-synosys,iothread=io1,bus=pcie.0,addr=0xb \
+    -device virtio-scsi-pci,id=hw-synosys,iothread=io2,bus=pcie.0,addr=0xb \
     -drive file=$SYSTEM,if=none,id=drive-synosys,format=raw,cache=$DISK_CACHE,aio=$DISK_IO,discard=$DISK_DISCARD,detect-zeroes=on \
     -device scsi-hd,bus=hw-synosys.0,channel=0,scsi-id=0,lun=0,drive=drive-synosys,id=synosys0,rotation_rate=$DISK_ROTATION,bootindex=2"
 
@@ -77,15 +77,28 @@ getSize() {
   esac
 }
 
+isCow() {
+  local FS=$1
+
+  if [[ "${FS,,}" == "xfs" || "${FS,,}" == "zfs" || "${FS,,}" == "btrfs" || "${FS,,}" == "bcachefs" ]]; then
+    return 0
+  fi
+       
+  return 1
+}
+
 createDisk() {
   local DISK_FILE=$1
   local DISK_SPACE=$2
   local DISK_DESC=$3
   local DISK_FMT=$4
-  local DATA_SIZE DIR SPACE
+  local FS=$5
+  local DATA_SIZE DIR SPACE FA
 
   DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
 
+  rm -f "$DISK_FILE"
+
   if [[ "$ALLOCATE" != [Nn]* ]]; then
 
     # Check free diskspace
@@ -104,8 +117,16 @@ createDisk() {
 
   case "${DISK_FMT,,}" in
     raw)
-      if [[ "$ALLOCATE" == [Nn]* ]]; then
 
+      if isCow "$FS"; then
+        if ! touch "$DISK_FILE"; then
+          error "$FAIL" && exit 77
+        fi
+        { chattr +C "$DISK_FILE"; } || :
+      fi
+
+      if [[ "$ALLOCATE" == [Nn]* ]]; then
+    
         # Create an empty file
         if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
           rm -f "$DISK_FILE"
@@ -125,15 +146,25 @@ createDisk() {
       fi
       ;;
     qcow2)
-      local DISK_OPTS="$DISK_ALLOC"
-      [ -n "$DISK_FLAGS" ] && DISK_OPTS="$DISK_OPTS,$DISK_FLAGS"
-      if ! qemu-img create -f "$DISK_FMT" -o "$DISK_OPTS" -- "$DISK_FILE" "$DATA_SIZE" ; then
+
+      local DISK_PARAM="$DISK_ALLOC"
+      isCow "$FS" && DISK_PARAM="$DISK_PARAM,nocow=on"
+      [ -n "$DISK_FLAGS" ] && DISK_PARAM="$DISK_PARAM,$DISK_FLAGS"
+
+      if ! qemu-img create -f "$DISK_FMT" -o "$DISK_PARAM" -- "$DISK_FILE" "$DATA_SIZE" ; then
         rm -f "$DISK_FILE"
         error "$FAIL" && exit 70
       fi
       ;;
   esac
 
+  if isCow "$FS"; then
+    FA=$(lsattr "$DISK_FILE")
+    if [[ "$FA" != *"C"* ]]; then
+      error "Failed to disable COW for $DISK_DESC image $DISK_FILE on ${FS^^} filesystem (returned $FA)"
+    fi
+  fi
+
   return 0
 }
 
@@ -142,6 +173,7 @@ resizeDisk() {
   local DISK_SPACE=$2
   local DISK_DESC=$3
   local DISK_FMT=$4
+  local FS=$5
   local CUR_SIZE DATA_SIZE DIR SPACE
 
   CUR_SIZE=$(getSize "$DISK_FILE")
@@ -168,6 +200,7 @@ resizeDisk() {
 
   case "${DISK_FMT,,}" in
     raw)
+
       if [[ "$ALLOCATE" == [Nn]* ]]; then
 
         # Resize file by changing its length
@@ -187,9 +220,11 @@ resizeDisk() {
       fi
       ;;
     qcow2)
+
       if ! qemu-img resize -f "$DISK_FMT" "--$DISK_ALLOC" "$DISK_FILE" "$DATA_SIZE" ; then
         error "$FAIL" && exit 72
       fi
+
       ;;
   esac
 
@@ -203,16 +238,18 @@ convertDisk() {
   local DST_FMT=$4
   local DISK_BASE=$5
   local DISK_DESC=$6
-  local CONV_FLAGS="-p"
-  local DISK_OPTS="$DISK_ALLOC"
-  local TMP_FILE="$DISK_BASE.tmp"
-  local DIR CUR_SIZE SPACE
+  local FS=$7
 
   [ -f "$DST_FILE" ] && error "Conversion failed, destination file $DST_FILE already exists?" && exit 79
   [ ! -f "$SOURCE_FILE" ] && error "Conversion failed, source file $SOURCE_FILE does not exists?" && exit 79
 
+  local TMP_FILE="$DISK_BASE.tmp"
+  rm -f "$TMP_FILE"
+
   if [[ "$ALLOCATE" != [Nn]* ]]; then
 
+    local DIR CUR_SIZE SPACE
+
     # Check free diskspace
     DIR=$(dirname "$TMP_FILE")
     CUR_SIZE=$(getSize "$SOURCE_FILE")
@@ -227,26 +264,29 @@ convertDisk() {
 
   info "Converting $DISK_DESC to $DST_FMT, please wait until completed..."
 
+  local CONV_FLAGS="-p"
+  local DISK_PARAM="$DISK_ALLOC"
+  isCow "$FS" && DISK_PARAM="$DISK_PARAM,nocow=on"
+
   if [[ "$DST_FMT" != "raw" ]]; then
       if [[ "$ALLOCATE" == [Nn]* ]]; then
         CONV_FLAGS="$CONV_FLAGS -c"
       fi
-      [ -n "$DISK_FLAGS" ] && DISK_OPTS="$DISK_OPTS,$DISK_FLAGS"
+      [ -n "$DISK_FLAGS" ] && DISK_PARAM="$DISK_PARAM,$DISK_FLAGS"
   fi
 
-  rm -f "$TMP_FILE"
-
   # shellcheck disable=SC2086
-  if ! qemu-img convert -f "$SOURCE_FMT" $CONV_FLAGS -o "$DISK_OPTS" -O "$DST_FMT" -- "$SOURCE_FILE" "$TMP_FILE"; then
+  if ! qemu-img convert -f "$SOURCE_FMT" $CONV_FLAGS -o "$DISK_PARAM" -O "$DST_FMT" -- "$SOURCE_FILE" "$TMP_FILE"; then
     rm -f "$TMP_FILE"
     error "Failed to convert $DISK_TYPE $DISK_DESC image to $DST_FMT format in $DIR, is there enough space available?" && exit 79
   fi
 
   if [[ "$DST_FMT" == "raw" ]]; then
       if [[ "$ALLOCATE" != [Nn]* ]]; then
+        # Work around qemu-img bug
         CUR_SIZE=$(stat -c%s "$TMP_FILE")
         if ! fallocate -l "$CUR_SIZE" "$TMP_FILE"; then
-            info "Failed to allocate $CUR_SIZE bytes for $TMP_FILE"
+            error "Failed to allocate $CUR_SIZE bytes for $DISK_DESC image $TMP_FILE"
         fi
       fi
   fi
@@ -254,44 +294,41 @@ convertDisk() {
   rm -f "$SOURCE_FILE"
   mv "$TMP_FILE" "$DST_FILE"
 
+  if isCow "$FS"; then
+    FA=$(lsattr "$DST_FILE")
+    if [[ "$FA" != *"C"* ]]; then
+      error "Failed to disable COW for $DISK_DESC image $DST_FILE on ${FS^^} filesystem (returned $FA)"
+    fi
+  fi
+
   info "Conversion of $DISK_DESC to $DST_FMT completed succesfully!"
 
   return 0
 }
 
 checkFS () {
-  local DISK_FILE=$1
-  local DIR FS FA
+  local FS=$1
+  local DISK_FILE=$2
+  local DISK_DESC=$3
+  local DIR FA
 
   DIR=$(dirname "$DISK_FILE")
   [ ! -d "$DIR" ] && return 0
 
-  FS=$(stat -f -c %T "$DIR")
-
-  if [[ "$FS" == "overlay"* ]]; then
+  if [[ "${FS,,}" == "overlay"* ]]; then
     info "Warning: the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
   fi
 
-  if [[ "$FS" == "xfs" || "$FS" == "zfs" || "$FS" == "btrfs" || "$FS" == "bcachefs" ]]; then
-    local FLAG="nocow"
-    if [[ "$DISK_FLAGS" != *"$FLAG="* ]]; then
-      if [ -z "$DISK_FLAGS" ]; then
-        DISK_FLAGS="$FLAG=on"
-      else
-        DISK_FLAGS="$DISK_FLAGS,$FLAG=on"
-      fi
-    fi
+  if [[ "${FS,,}" == "fuse"* ]]; then
+    info "Warning: the filesystem of $DIR is FUSE, this extra layer will negatively affect performance!"
+  fi
 
-    if [ -f "$DISK_FILE" ] ; then
+  if isCow "$FS"; then
+    if [ -f "$DISK_FILE" ]; then
       FA=$(lsattr "$DISK_FILE")
-      [[ "$FA" == *"C"* ]] && FA=$(lsattr -d "$DIR")
-    else
-      FA=$(lsattr -d "$DIR")
-    fi
-
-    if [[ "$FA" != *"C"* ]]; then
-      info "Warning: the filesystem of $DIR is ${FS^^}, and COW (copy on write) is not disabled for that folder!"
-      info "This will negatively affect performance, please empty the folder and disable COW (chattr +C <path>)."
+      if [[ "$FA" != *"C"* ]]; then
+        info "Warning: COW (copy on write) is not disabled for $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
+      fi
     fi
   fi
 
@@ -308,7 +345,7 @@ addDisk () {
   local DISK_ADDRESS=$7
   local DISK_FMT=$8
   local DISK_FILE="$DISK_BASE.$DISK_EXT"
-  local DIR DATA_SIZE PREV_FMT PREV_EXT CUR_SIZE
+  local DIR DATA_SIZE FS PREV_FMT PREV_EXT CUR_SIZE
 
   DIR=$(dirname "$DISK_FILE")
   [ ! -d "$DIR" ] && return 0
@@ -325,7 +362,8 @@ addDisk () {
     fi
   fi
 
-  checkFS "$DISK_FILE" || exit $?
+  FS=$(stat -f -c %T "$DIR")
+  checkFS "$FS" "$DISK_FILE" "$DISK_DESC" || exit $?
 
   if ! [ -f "$DISK_FILE" ] ; then
 
@@ -337,7 +375,7 @@ addDisk () {
     PREV_EXT="$(fmt2ext "$PREV_FMT")"
 
     if [ -f "$DISK_BASE.$PREV_EXT" ] ; then
-      convertDisk "$DISK_BASE.$PREV_EXT" "$PREV_FMT" "$DISK_FILE" "$DISK_FMT" "$DISK_BASE" "$DISK_DESC" || exit $?
+      convertDisk "$DISK_BASE.$PREV_EXT" "$PREV_FMT" "$DISK_FILE" "$DISK_FMT" "$DISK_BASE" "$DISK_DESC" "$FS" || exit $?
     fi
   fi
 
@@ -346,12 +384,12 @@ addDisk () {
     CUR_SIZE=$(getSize "$DISK_FILE")
 
     if (( DATA_SIZE > CUR_SIZE )); then
-      resizeDisk "$DISK_FILE" "$DISK_SPACE" "$DISK_DESC" "$DISK_FMT" || exit $?
+      resizeDisk "$DISK_FILE" "$DISK_SPACE" "$DISK_DESC" "$DISK_FMT" "$FS" || exit $?
     fi
 
   else
 
-    createDisk "$DISK_FILE" "$DISK_SPACE" "$DISK_DESC" "$DISK_FMT" || exit $?
+    createDisk "$DISK_FILE" "$DISK_SPACE" "$DISK_DESC" "$DISK_FMT" "$FS" || exit $?
 
   fi
 

src/display.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: ${GPU:='N'}           # GPU passthrough
+: ${DISPLAY:='none'}  # Display type
+
+if [[ "$GPU" != [Yy1]* ]] || [[ "$ARCH" != "amd64" ]]; then
+
+  DISPLAY_OPTS="-display $DISPLAY -vga none"
+  return 0
+
+fi
+
+DISPLAY_OPTS="-display egl-headless,rendernode=/dev/dri/renderD128 -vga virtio"
+
+[ ! -d /dev/dri ] && mkdir -m 755 /dev/dri
+
+if [ ! -c /dev/dri/card0 ]; then
+  if mknod /dev/dri/card0 c 226 0; then
+    chmod 666 /dev/dri/card0
+  fi
+fi
+
+if [ ! -c /dev/dri/renderD128 ]; then
+  if mknod /dev/dri/renderD128 c 226 128; then
+    chmod 666 /dev/dri/renderD128
+  fi
+fi
+
+addPackage "xserver-xorg-video-intel" "Intel GPU drivers"
+addPackage "qemu-system-modules-opengl" "OpenGL module"
+
+return 0

src/entry.sh

@@ -9,9 +9,9 @@ cd /run
 . reset.sh      # Initialize system
 . install.sh    # Run installation
 . disk.sh       # Initialize disks
+. display.sh    # Initialize graphics
 . network.sh    # Initialize network
-. gpu.sh        # Initialize graphics
-. cpu.sh        # Initialize processor
+. proc.sh       # Initialize processor
 . serial.sh     # Initialize serialport
 . power.sh      # Configure shutdown
 . config.sh     # Configure arguments
@@ -19,16 +19,14 @@ cd /run
 trap - ERR
 
 if [[ "$CONSOLE" == [Yy]* ]]; then
-  exec qemu-system-x86_64 -pidfile "$QEMU_PID" ${ARGS:+ $ARGS}
-  exit $?
+  exec qemu-system-x86_64 ${ARGS:+ $ARGS}
 fi
 
-set -m
-(
-  [[ "$DEBUG" == [Yy1]* ]] && info "$VERS" && set -x
-  qemu-system-x86_64 ${ARGS:+ $ARGS} & echo $! > "$QEMU_PID"
-  { set +x; } 2>/dev/null
-)
-set +m
+[[ "$DEBUG" == [Yy1]* ]] && info "$VERS" && set -x
+msg=$(qemu-system-x86_64 ${ARGS:+ $ARGS})
 
-tail --pid "$(cat "$QEMU_PID")" --follow /dev/null & wait $!
+{ set +x; } 2>/dev/null && terminal "$msg"
+tail -fn +0 "$QEMU_LOG" 2>/dev/null &
+cat "$QEMU_TERM" 2>/dev/null & wait $! || true
+
+sleep 1 && finish 0

src/gpu.sh

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-set -Eeuo pipefail
-
-if [[ "$GPU" != [Yy1]* ]] || [[ "$ARCH" != "amd64" ]]; then
-  return 0
-fi
-
-[ ! -d /dev/dri ] && mkdir -m 755 /dev/dri
-
-if [ ! -c /dev/dri/card0 ]; then
-  mknod /dev/dri/card0 c 226 0
-fi
-
-if [ ! -c /dev/dri/renderD128 ]; then
-  mknod /dev/dri/renderD128 c 226 128
-fi
-
-chmod 666 /dev/dri/card0
-chmod 666 /dev/dri/renderD128
-
-addPackage "xserver-xorg-video-intel" "Intel GPU drivers"
-addPackage "qemu-system-modules-opengl" "OpenGL module"
-
-return 0

src/install.sh

@@ -2,9 +2,8 @@
 set -Eeuo pipefail
 
 : ${URL:=''}    # URL of the PAT file to be downloaded.
-: ${DEV:='Y'}   # Controls whether device nodes are created.
 
-if [ -f "$STORAGE"/dsm.ver ]; then
+if [ -f "$STORAGE/dsm.ver" ]; then
   BASE=$(cat "$STORAGE/dsm.ver")
 else
   # Fallback for old installs
@@ -38,59 +37,50 @@ fi
 BASE=$(basename "$URL" .pat)
 
 if [[ "$URL" != "file://$STORAGE/$BASE.pat" ]]; then
-  rm -f "$STORAGE"/"$BASE".pat
+  rm -f "$STORAGE/$BASE.pat"
 fi
 
-rm -f "$STORAGE"/"$BASE".agent
-rm -f "$STORAGE"/"$BASE".boot.img
-rm -f "$STORAGE"/"$BASE".system.img
+rm -f "$STORAGE/$BASE.agent"
+rm -f "$STORAGE/$BASE.boot.img"
+rm -f "$STORAGE/$BASE.system.img"
 
 [[ "$DEBUG" == [Yy1]* ]] && set -x
 
 # Check filesystem
-MIN_ROOT=471859200
-MIN_SPACE=6442450944
 FS=$(stat -f -c %T "$STORAGE")
 
-if [[ "$FS" == "overlay"* ]]; then
+if [[ "${FS,,}" == "overlay"* ]]; then
   info "Warning: the filesystem of $STORAGE is OverlayFS, this usually means it was binded to an invalid path!"
 fi
-if [[ "$FS" == "xfs" || "$FS" == "zfs" || "$FS" == "btrfs" || "$FS" == "bcachefs" ]]; then
-  FA=$(lsattr -d "$STORAGE")
-  if [[ "$FA" != *"C"* ]]; then
-    info "Warning: the filesystem of $STORAGE is ${FS^^}, and COW (copy on write) is not disabled for that folder!"
-    info "This will negatively affect performance, please empty the folder and disable COW (chattr +C <path>)."
-  fi
+
+if [[ "${FS,,}" == "fuse"* ]]; then
+  info "Warning: the filesystem of $STORAGE is FUSE, this extra layer will negatively affect performance!"
 fi
 
-if [[ "$FS" != "fat"* && "$FS" != "vfat"* && "$FS" != "exfat"* && \
-        "$FS" != "ntfs"* && "$FS" != "fuse"* && "$FS" != "msdos"* ]]; then
+if [[ "${FS,,}" != "fat"* && "${FS,,}" != "vfat"* && "${FS,,}" != "exfat"* && "${FS,,}" != "ntfs"* && "${FS,,}" != "msdos"* ]]; then
   TMP="$STORAGE/tmp"
 else
   TMP="/tmp/dsm"
+  TMP_SPACE=2147483648
   SPACE=$(df --output=avail -B 1 /tmp | tail -n 1)
-  if (( MIN_SPACE > SPACE )); then
-    DEV="N"
-    TMP="$STORAGE/tmp"
-    info "Warning: the $FS filesystem of $STORAGE does not support UNIX permissions.."
+  SPACE_MB=$(( (SPACE + 1048575)/1048576 ))
+  if (( TMP_SPACE > SPACE )); then
+    error "Not enough free space inside the container, have $SPACE_MB MB available but need at least 2 GB." && exit 93
   fi
 fi
 
 rm -rf "$TMP" && mkdir -p "$TMP"
 
 # Check free diskspace
+ROOT_SPACE=536870912
 SPACE=$(df --output=avail -B 1 / | tail -n 1)
-(( MIN_ROOT > SPACE )) && error "Not enough free space in container root, need at least 450 MB available." && exit 96
+SPACE_MB=$(( (SPACE + 1048575)/1048576 ))
+(( ROOT_SPACE > SPACE )) && error "Not enough free space inside the container, have $SPACE_MB MB available but need at least 500 MB." && exit 96
 
-SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
+MIN_SPACE=8589934592
+SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
 SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
-(( MIN_SPACE > SPACE )) && error "Not enough free space for installation in $STORAGE, have $SPACE_GB GB available but need at least 6 GB." && exit 95
-
-if [[ "$TMP" != "$STORAGE/tmp" ]]; then
-  SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
-  SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
-  (( MIN_SPACE > SPACE )) && error "Not enough free space for installation in $STORAGE, have $SPACE_GB GB available but need at least 6 GB." && exit 94
-fi
+(( MIN_SPACE > SPACE )) && error "Not enough free space for installation in $STORAGE, have $SPACE_GB GB available but need at least 8 GB." && exit 94
 
 # Check if output is to interactive TTY
 if [ -t 1 ]; then
@@ -101,6 +91,7 @@ fi
 
 # Download the required files from the Synology website
 
+ROOT="Y"
 RDC="$STORAGE/dsm.rd"
 
 if [ ! -f "$RDC" ]; then
@@ -140,14 +131,12 @@ if [ -f "$RDC" ]; then
   { xz -dc <"$RDC" >"$TMP/rd" 2>/dev/null; rc=$?; } || :
   (( rc != 1 )) && error "Failed to unxz $RDC, reason $rc" && exit 91
 
-  if [[ "$DEV" == [Nn]* ]]; then
-    # Exclude dev/ from cpio extract
-    { (cd "$TMP" && cpio -it < "$TMP/rd" | grep -Ev 'dev/' | while read -r entry; do cpio -idm "$entry" < "$TMP/rd" 2>/dev/null; done); rc=$?; } || :
+  { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
+
+  if (( rc != 0 )); then
+    ROOT="N"
+    { (cd "$TMP" && fakeroot cpio -idmu <"$TMP/rd" 2>/dev/null); rc=$?; } || :
     (( rc != 0 )) && error "Failed to extract $RDC, reason $rc" && exit 92
-  else
-    { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
-    (( rc != 0 )) && error "Failed to extract $RDC, reason $rc"
-    (( rc != 0 )) && error "If the container runs unprivileged, please set DEV=N to exclude device nodes." && exit 92
   fi
 
   mkdir -p /run/extract
@@ -222,12 +211,7 @@ else
 
 fi
 
-HDA="$TMP/hda1"
-IDB="$TMP/indexdb"
-PKG="$TMP/packages"
-HDP="$TMP/synohdpack_img"
-
-[ ! -f "$HDA.tgz" ] && error "The PAT file contains no OS image." && exit 64
+info "Install: Preparing system partition..."
 
 BOOT=$(find "$TMP" -name "*.bin.zip")
 [ ! -f "$BOOT" ] && error "The PAT file contains no boot image." && exit 67
@@ -235,26 +219,36 @@ BOOT=$(find "$TMP" -name "*.bin.zip")
 BOOT=$(echo "$BOOT" | head -c -5)
 unzip -q -o "$BOOT".zip -d "$TMP"
 
-SYSTEM="$TMP/sys.img"
-SYSTEM_SIZE=4954537983
+SYSTEM="$STORAGE/$BASE.system.img"
+rm -f "$SYSTEM"
 
 # Check free diskspace
-SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
-SPACE_GB=$(( (SPACE + 1073741823)/1073741824 ))
-(( SYSTEM_SIZE > SPACE )) && error "Not enough free space to create a 4 GB system disk, have only $SPACE_GB GB available." && exit 97
+SYSTEM_SIZE=4954537983
+SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
+SPACE_MB=$(( (SPACE + 1048575)/1048576 ))
 
-if ! fallocate -l "$SYSTEM_SIZE" "$SYSTEM"; then
-  if ! truncate -s "$SYSTEM_SIZE" "$SYSTEM"; then
-    rm -f "$SYSTEM" && error "Could not allocate a file for the system disk." && exit 98
+if (( SYSTEM_SIZE > SPACE )); then
+  error "Not enough free space in $STORAGE to create a 5 GB system disk, have only $SPACE_MB MB available." && exit 97
+fi
+
+if ! touch "$SYSTEM"; then
+  error "Could not create file $SYSTEM for the system disk." && exit 98
+fi
+
+if [[ "${FS,,}" == "xfs" || "${FS,,}" == "zfs" || "${FS,,}" == "btrfs" || "${FS,,}" == "bcachefs" ]]; then
+  { chattr +C "$SYSTEM"; } || :
+  FA=$(lsattr "$SYSTEM")
+  if [[ "$FA" != *"C"* ]]; then
+    error "Failed to disable COW for system image $SYSTEM on ${FS^^} filesystem (returned $FA)"
   fi
 fi
 
-# Check if file exists
-[ ! -f "$SYSTEM" ] && error "System disk does not exist ($SYSTEM)" && exit 99
-
-# Check the filesize
-SIZE=$(stat -c%s "$SYSTEM")
-[[ SIZE -ne SYSTEM_SIZE ]] && rm -f "$SYSTEM" && error "System disk has the wrong size: $SIZE" && exit 90
+if ! fallocate -l "$SYSTEM_SIZE" "$SYSTEM"; then
+  if ! truncate -s "$SYSTEM_SIZE" "$SYSTEM"; then
+    rm -f "$SYSTEM"
+    error "Could not allocate file $SYSTEM for the system disk." && exit 98
+  fi
+fi
 
 PART="$TMP/partition.fdisk"
 
@@ -270,46 +264,67 @@ PART="$TMP/partition.fdisk"
 
 sfdisk -q "$SYSTEM" < "$PART"
 
-info "Install: Extracting system partition..."
-
 MOUNT="$TMP/system"
 rm -rf "$MOUNT" && mkdir -p "$MOUNT"
 
+info "Install: Extracting system partition..."
+
+HDA="$TMP/hda1"
+IDB="$TMP/indexdb"
+PKG="$TMP/packages"
+HDP="$TMP/synohdpack_img"
+
+[ ! -f "$HDA.tgz" ] && error "The PAT file contains no OS image." && exit 64
+
 mv "$HDA.tgz" "$HDA.txz"
 
-if [[ "$DEV" == [Nn]* ]]; then
-  # Exclude dev/ from tar extract
-  tar xpfJ "$HDA.txz" --absolute-names --exclude="dev" -C "$MOUNT/"
-else
+if [[ "$ROOT" != [Nn]* ]]; then
+
   tar xpfJ "$HDA.txz" --absolute-names -C "$MOUNT/"
+
 fi
 
 [ -d "$PKG" ] && mv "$PKG/" "$MOUNT/.SynoUpgradePackages/"
 rm -f "$MOUNT/.SynoUpgradePackages/ActiveInsight-"*
 
 [ -f "$HDP.txz" ] && tar xpfJ "$HDP.txz" --absolute-names -C "$MOUNT/"
-[ -f "$IDB.txz" ] && tar xpfJ "$IDB.txz" --absolute-names -C "$MOUNT/usr/syno/synoman/indexdb/"
 
-info "Install: Installing system partition..."
+if [ -f "$IDB.txz" ]; then
+  INDEX_DB="$MOUNT/usr/syno/synoman/indexdb/"
+  mkdir -p "$INDEX_DB"
+  tar xpfJ "$IDB.txz" --absolute-names -C "$INDEX_DB"
+fi
 
 LABEL="1.44.1-42218"
 OFFSET="1048576" # 2048 * 512
 NUMBLOCKS="622560" # (4980480 * 512) / 4096
 
-mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
+if [[ "$ROOT" != [Nn]* ]]; then
+
+  info "Install: Installing system partition..."
+
+  mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
+
+else
+
+  fakeroot -- bash -c "set -Eeu;\
+        tar xpfJ $HDA.txz --absolute-names --skip-old-files -C $MOUNT/;\
+        printf '%b%s%b' '\E[1;34m❯ \E[1;36m' 'Install: Installing system partition...' '\E[0m\n';\
+        mke2fs -q -t ext4 -b 4096 -d $MOUNT/ -L $LABEL -F -E offset=$OFFSET $SYSTEM $NUMBLOCKS"
+
+fi
 
 rm -rf "$MOUNT"
 
-echo "$BASE" > "$STORAGE"/dsm.ver
+echo "$BASE" > "$STORAGE/dsm.ver"
 
 if [[ "$URL" == "file://$STORAGE/$BASE.pat" ]]; then
   rm -f "$PAT"
 else
-  mv -f "$PAT" "$STORAGE"/"$BASE".pat
+  mv -f "$PAT" "$STORAGE/$BASE.pat"
 fi
 
-mv -f "$BOOT" "$STORAGE"/"$BASE".boot.img
-mv -f "$SYSTEM" "$STORAGE"/"$BASE".system.img
+mv -f "$BOOT" "$STORAGE/$BASE.boot.img"
 
 rm -rf "$TMP"
 

src/network.sh

@@ -6,8 +6,8 @@ set -Eeuo pipefail
 : ${DHCP:='N'}
 : ${MAC:='02:11:32:AA:BB:CC'}
 
+: ${VM_NET_DEV:=''}
 : ${VM_NET_TAP:='dsm'}
-: ${VM_NET_DEV:='eth0'}
 : ${VM_NET_MAC:="$MAC"}
 : ${VM_NET_HOST:='VirtualDSM'}
 
@@ -15,6 +15,8 @@ set -Eeuo pipefail
 : ${DNSMASQ:='/usr/sbin/dnsmasq'}
 : ${DNSMASQ_CONF_DIR:='/etc/dnsmasq.d'}
 
+ADD_ERR="Please add the following setting to your container:"
+
 # ######################################
 #  Functions
 # ######################################
@@ -27,7 +29,7 @@ configureDHCP() {
 
   if (( rc != 0 )); then
     error "Cannot create macvtap interface. Please make sure the network type is 'macvlan' and not 'ipvlan',"
-    error "and that the NET_ADMIN capability has been added to the container config: --cap-add NET_ADMIN" && exit 16
+    error "and that the NET_ADMIN capability has been added to the container: --cap-add NET_ADMIN" && exit 16
   fi
 
   while ! ip link set "$VM_NET_TAP" up; do
@@ -53,15 +55,13 @@ configureDHCP() {
   { exec 30>>"$TAP_PATH"; rc=$?; } 2>/dev/null || :
 
   if (( rc != 0 )); then
-    error "Cannot create TAP interface ($rc). Please add the following docker settings to your "
-    error "container: --device-cgroup-rule='c $MAJOR:* rwm' --device=/dev/vhost-net" && exit 21
+    error "Cannot create TAP interface ($rc). $ADD_ERR --device-cgroup-rule='c *:* rwm'" && exit 21
   fi
 
   { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
 
   if (( rc != 0 )); then
-    error "VHOST can not be found ($rc). Please add the following "
-    error "docker setting to your container: --device=/dev/vhost-net" && exit 22
+    error "VHOST can not be found ($rc). $ADD_ERR --device=/dev/vhost-net" && exit 22
   fi
 
   NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30"
@@ -69,7 +69,7 @@ configureDHCP() {
   return 0
 }
 
-configureDNS () {
+configureDNS() {
 
   # dnsmasq configuration:
   DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-range=$VM_NET_IP,$VM_NET_IP --dhcp-host=$VM_NET_MAC,,$VM_NET_IP,$VM_NET_HOST,infinite --dhcp-option=option:netmask,255.255.255.0"
@@ -90,7 +90,27 @@ configureDNS () {
   return 0
 }
 
-configureNAT () {
+configureNAT() {
+
+  # Create the necessary file structure for /dev/net/tun
+  if [ ! -c /dev/net/tun ]; then
+    [ ! -d /dev/net ] && mkdir -m 755 /dev/net
+    if mknod /dev/net/tun c 10 200; then
+      chmod 666 /dev/net/tun
+    fi
+  fi
+
+  if [ ! -c /dev/net/tun ]; then
+    error "TUN device missing. $ADD_ERR --cap-add NET_ADMIN" && exit 25
+  fi
+
+  # Check port forwarding flag
+  if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
+    { sysctl -w net.ipv4.ip_forward=1 ; rc=$?; } || :
+    if (( rc != 0 )); then
+      error "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1" && exit 24
+    fi
+  fi
 
   # Create a bridge with a static IP for the VM guest
 
@@ -100,8 +120,7 @@ configureNAT () {
   { ip link add dev dockerbridge type bridge ; rc=$?; } || :
 
   if (( rc != 0 )); then
-    error "Capability NET_ADMIN has not been set most likely. Please add the "
-    error "following docker setting to your container: --cap-add NET_ADMIN" && exit 23
+    error "Failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && exit 23
   fi
 
   ip address add ${VM_NET_IP%.*}.1/24 broadcast ${VM_NET_IP%.*}.255 dev dockerbridge
@@ -122,8 +141,11 @@ configureNAT () {
   ip link set dev "$VM_NET_TAP" master dockerbridge
 
   # Add internet connection to the VM
+  update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
+  update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
+
   iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp  -j DNAT --to "$VM_NET_IP"
+  iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp -j DNAT --to "$VM_NET_IP"
   iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p udp  -j DNAT --to "$VM_NET_IP"
 
   if (( KERNEL > 4 )); then
@@ -134,14 +156,6 @@ configureNAT () {
   { set +x; } 2>/dev/null
   [[ "$DEBUG" == [Yy1]* ]] && echo
 
-  # Check port forwarding flag
-  if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
-    { sysctl -w net.ipv4.ip_forward=1 ; rc=$?; } || :
-    if (( rc != 0 )); then
-      error "Please add the following docker setting to your container: --sysctl net.ipv4.ip_forward=1" && exit 24
-    fi
-  fi
-
   NET_OPTS="-netdev tap,ifname=$VM_NET_TAP,script=no,downscript=no,id=hostnet0"
 
   { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
@@ -152,18 +166,21 @@ configureNAT () {
   return 0
 }
 
-closeNetwork () {
+closeNetwork() {
+
+  exec 30<&- || true
+  exec 40<&- || true
 
   if [[ "$DHCP" == [Yy1]* ]]; then
 
-    { pkill -f server.sh || true; } 2>/dev/null
+    fKill "server.sh"
 
     ip link set "$VM_NET_TAP" down || true
     ip link delete "$VM_NET_TAP" || true
 
   else
 
-    { pkill -f dnsmasq || true; } 2>/dev/null
+    fKill "dnsmasq"
 
     ip link set "$VM_NET_TAP" down promisc off || true
     ip link delete "$VM_NET_TAP" || true
@@ -172,46 +189,62 @@ closeNetwork () {
     ip link delete dockerbridge || true
 
   fi
+
+  return 0
+}
+
+getInfo() {
+
+  if [ -z "$VM_NET_DEV" ]; then
+    # Automaticly detect the default network interface
+    VM_NET_DEV=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
+    [ -z "$VM_NET_DEV" ] && VM_NET_DEV="eth0"
+  fi
+
+  if [ ! -d "/sys/class/net/$VM_NET_DEV" ]; then
+    error "Network interface '$VM_NET_DEV' does not exist inside the container!"
+    error "$ADD_ERR -e \"VM_NET_DEV=NAME\" to specify another interface name." && exit 27
+  fi
+
+  VM_NET_MAC="${VM_NET_MAC//-/:}"
+  if [[ ${#VM_NET_MAC} == 12 ]]; then
+    m="$VM_NET_MAC"
+    VM_NET_MAC="${m:0:2}:${m:2:2}:${m:4:2}:${m:6:2}:${m:8:2}:${m:10:2}"
+  fi
+
+  if [[ ${#VM_NET_MAC} != 17 ]]; then
+    error "Invalid mac address: '$VM_NET_MAC', should be 12 or 17 digits long!" && exit 28
+  fi
+
+  GATEWAY=$(ip r | grep default | awk '{print $3}')
+  IP=$(ip address show dev "$VM_NET_DEV" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+  echo "$IP" > /run/qemu.ip
+
+  return 0
 }
 
 # ######################################
 #  Configure Network
 # ######################################
 
-{ pkill -f server.sh || true; } 2>/dev/null
+fKill "server.sh"
 
-# Create the necessary file structure for /dev/net/tun
-if [ ! -c /dev/net/tun ]; then
-  [ ! -d /dev/net ] && mkdir -m 755 /dev/net
-  mknod /dev/net/tun c 10 200
-  chmod 666 /dev/net/tun
-fi
-
-[ ! -c /dev/net/tun ] && error "TUN network interface not available..." && exit 25
-
-# Create the necessary file structure for /dev/vhost-net
 if [ ! -c /dev/vhost-net ]; then
-  mknod /dev/vhost-net c 10 238
-  chmod 660 /dev/vhost-net
+  if mknod /dev/vhost-net c 10 238; then
+    chmod 660 /dev/vhost-net
+  fi
 fi
 
-update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
-update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
-
-VM_NET_MAC="${VM_NET_MAC//-/:}"
-GATEWAY=$(ip r | grep default | awk '{print $3}')
-IP=$(ip address show dev "$VM_NET_DEV" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+getInfo
 
 if [[ "$DEBUG" == [Yy1]* ]]; then
-  info "Container IP is $IP with gateway $GATEWAY" && echo
+  info "Container IP is $IP with gateway $GATEWAY on interface $VM_NET_DEV" && echo
 fi
 
 if [[ "$DHCP" == [Yy1]* ]]; then
 
   if [[ "$GATEWAY" == "172."* ]]; then
-    if [[ "$DEBUG" == [Yy1]* ]]; then
-      info "Warning: Are you sure the container is on a macvlan network?"
-    else
+    if [[ "$DEBUG" != [Yy1]* ]]; then
       error "You can only enable DHCP while the container is on a macvlan network!" && exit 26
     fi
   fi

src/power.sh

@@ -3,38 +3,125 @@ set -Eeuo pipefail
 
 # Configure QEMU for graceful shutdown
 
+API_CMD=6
+API_TIMEOUT=50
+API_HOST="127.0.0.1:2210"
+
+QEMU_TERM=""
 QEMU_PORT=7100
-QEMU_TIMEOUT=55
+QEMU_TIMEOUT=50
 QEMU_PID="/run/qemu.pid"
-QEMU_COUNT="/run/qemu.count"
+QEMU_LOG="/run/qemu.log"
+QEMU_END="/run/qemu.end"
+
+if [[ "$KVM" == [Nn]* ]]; then
+  API_TIMEOUT=$(( API_TIMEOUT*2 ))
+  QEMU_TIMEOUT=$(( QEMU_TIMEOUT*2 ))
+fi
 
 rm -f "$QEMU_PID"
-rm -f "$QEMU_COUNT"
+rm -f "$QEMU_LOG"
+rm -f "$QEMU_END"
+touch "$QEMU_LOG"
 
-_trap(){
-    func="$1" ; shift
-    for sig ; do
-        trap "$func $sig" "$sig"
+_trap() {
+  func="$1" ; shift
+  for sig ; do
+    trap "$func $sig" "$sig"
+  done
+}
+
+finish() {
+
+  local pid
+  local reason=$1
+
+  if [ -f "$QEMU_PID" ]; then
+
+    pid="$(cat "$QEMU_PID")"
+    echo && error "Forcefully terminating QEMU process, reason: $reason..."
+    { kill -15 "$pid" || true; } 2>/dev/null
+
+    while isAlive "$pid"; do
+      sleep 1
+      # Workaround for zombie pid
+      [ ! -f "$QEMU_PID" ] && break
     done
+  fi
+
+  fKill "print.sh"
+  fKill "host.bin"
+
+  closeNetwork
+
+  sleep 1
+  echo && echo "❯ Shutdown completed!"
+
+  exit "$reason"
+}
+
+terminal() {
+
+  local msg=$1
+
+  if [[ "${msg,,}" != "char"* ||  "$msg" != *"serial0)" ]]; then
+    echo "$msg"
+  fi
+
+  local dev="${msg#*/dev/p}"
+  dev="/dev/p${dev%% *}"
+
+  if [ ! -c "$dev" ]; then
+    dev=$(echo 'info chardev' | nc -q 1 -w 1 localhost "$QEMU_PORT" | tr -d '\000')
+    dev="${dev#*serial0}"
+    dev="${dev#*pty:}"
+    dev="${dev%%$'\n'*}"
+    dev="${dev%%$'\r'*}"
+  fi
+
+  if [ ! -c "$dev" ]; then
+    error "Device '$dev' not found!"
+    finish 34 && return 34
+  fi
+
+  QEMU_TERM="$dev"
+  return 0
 }
 
 _graceful_shutdown() {
 
+  local cnt=0
+  local code=$?
+  local pid url response
+
   set +e
-  local cnt response
 
-  [ ! -f "$QEMU_PID" ] && exit 130
-  [ -f "$QEMU_COUNT" ] && return
+  if [ -f "$QEMU_END" ]; then
+    echo && info "Received $1 signal while already shutting down..."
+    return
+  fi
 
-  echo 0 > "$QEMU_COUNT"
+  touch "$QEMU_END"
   echo && info "Received $1 signal, sending shutdown command..."
 
+  if [ ! -f "$QEMU_PID" ]; then
+    echo && error "QEMU PID file does not exist?"
+    finish "$code" && return "$code"
+  fi
+
+  pid="$(cat "$QEMU_PID")"
+
+  if ! isAlive "$pid"; then
+    echo && error "QEMU process does not exist?"
+    finish "$code" && return "$code"
+  fi
+
   # Don't send the powerdown signal because vDSM ignores ACPI signals
   # echo 'system_powerdown' | nc -q 1 -w 1 localhost "${QEMU_PORT}" > /dev/null
 
   # Send shutdown command to guest agent via serial port
-  url="http://127.0.0.1:2210/read?command=6&timeout=50"
-  response=$(curl -sk -m 52 -S "$url" 2>&1)
+  url="http://$API_HOST/read?command=$API_CMD&timeout=$API_TIMEOUT"
+  response=$(curl -sk -m "$(( API_TIMEOUT+2 ))" -S "$url" 2>&1)
 
   if [[ "$response" =~ "\"success\"" ]]; then
 
@@ -43,45 +130,43 @@ _graceful_shutdown() {
   else
 
     response="${response#*message\"\: \"}"
-    echo && error "Failed to send shutdown command: ${response%%\"*}"
-
-    kill -15 "$(cat "$QEMU_PID")"
-    pkill -f qemu-system-x86_64 || true
+    [ -z "$response" ] && response="second signal"
+    echo && error "Forcefully terminating because of: ${response%%\"*}"
+    { kill -15 "$pid" || true; } 2>/dev/null
 
   fi
 
-  while [ "$(cat $QEMU_COUNT)" -lt "$QEMU_TIMEOUT" ]; do
+  while [ "$cnt" -lt "$QEMU_TIMEOUT" ]; do
 
-    # Try to connect to qemu
-    if ! echo 'info version'| nc -q 1 -w 1 localhost "$QEMU_PORT" >/dev/null 2>&1 ; then
-      break
-    fi
+    ! isAlive "$pid" && break
 
-    # Increase the counter
-    cnt=$(($(cat $QEMU_COUNT)+1))
-    echo $cnt > "$QEMU_COUNT"
+    sleep 1
+    cnt=$((cnt+1))
 
     [[ "$DEBUG" == [Yy1]* ]] && info "Shutting down, waiting... ($cnt/$QEMU_TIMEOUT)"
 
+    # Workaround for zombie pid
+    [ ! -f "$QEMU_PID" ] && break
+
   done
 
-  if [ "$(cat $QEMU_COUNT)" -ge "$QEMU_TIMEOUT" ]; then
-    echo && error "Shutdown timeout reached, forcefully quitting.."
-  else
-    echo && echo "❯ Quitting..."
+  if [ "$cnt" -ge "$QEMU_TIMEOUT" ]; then
+    echo && error "Shutdown timeout reached, aborting..."
   fi
 
-  echo 'quit' | nc -q 1 -w 1 localhost "$QEMU_PORT" >/dev/null 2>&1 || true
-
-  { pkill -f print.sh || true; } 2>/dev/null
-  { pkill -f host.bin || true; } 2>/dev/null
-
-  closeNetwork
-  sleep 1
-
-  return
+  finish "$code" && return "$code"
 }
 
-_trap _graceful_shutdown SIGTERM SIGHUP SIGINT SIGABRT SIGQUIT
+MON_OPTS="\
+        -pidfile $QEMU_PID \
+        -monitor telnet:localhost:$QEMU_PORT,server,nowait,nodelay"
 
-MON_OPTS="-monitor telnet:localhost:$QEMU_PORT,server,nowait,nodelay"
+if [[ "$CONSOLE" != [Yy]* ]]; then
+
+  MON_OPTS="$MON_OPTS -daemonize -D $QEMU_LOG"
+
+  _trap _graceful_shutdown SIGTERM SIGHUP SIGINT SIGABRT SIGQUIT
+
+fi
+
+return 0

src/print.sh

@@ -7,10 +7,12 @@ info () { printf "%b%s%b" "\E[1;34m❯ \E[1;36m" "$1" "\E[0m\n" >&2; }
 error () { printf "%b%s%b" "\E[1;31m❯ " "ERROR: $1" "\E[0m\n" >&2; }
 
 file="/run/dsm.url"
-shutdown="/run/qemu.count"
+address="/run/qemu.ip"
+shutdown="/run/qemu.end"
 url="http://127.0.0.1:2210/read?command=10"
 
 resp_err="Guest returned an invalid response:"
+curl_err="Failed to connect to guest: curl error"
 jq_err="Failed to parse response from guest: jq error"
 
 while [ ! -f  "$file" ]
@@ -28,7 +30,7 @@ do
   { json=$(curl -m 20 -sk "$url"); rc=$?; } || :
 
   [ -f "$shutdown" ] && exit 1
-  (( rc != 0 )) && error "Failed to connect to guest: curl error $rc" && continue
+  (( rc != 0 )) && error "$curl_err $rc" && continue
 
   { result=$(echo "$json" | jq -r '.status'); rc=$?; } || :
   (( rc != 0 )) && error "$jq_err $rc ( $json )" && continue
@@ -67,7 +69,7 @@ if [[ "$location" != "20.20"* ]]; then
 
 else
 
-  ip=$(ip address show dev eth0 | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+  ip="$(cat "$address")"
   port="${location##*:}"
 
   if [[ "$ip" == "172."* ]]; then

src/proc.sh

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: ${KVM:='Y'}
+: ${HOST_CPU:=''}
+: ${CPU_MODEL:='host'}
+: ${CPU_FEATURES:='+ssse3,+sse4.1,+sse4.2'}
+
+[ "$ARCH" != "amd64" ] && KVM="N"
+
+if [[ "$KVM" != [Nn]* ]]; then
+
+  KVM_ERR=""
+
+  if [ ! -e /dev/kvm ]; then
+    KVM_ERR="(device file missing)"
+  else
+    if ! sh -c 'echo -n > /dev/kvm' &> /dev/null; then
+      KVM_ERR="(no write access)"
+    else
+      if ! grep -q -e vmx -e svm /proc/cpuinfo; then
+        KVM_ERR="(vmx/svm disabled)"
+      fi
+    fi
+  fi
+
+  if [ -n "$KVM_ERR" ]; then
+    KVM="N"
+    error "KVM acceleration not detected $KVM_ERR, this will cause a major loss of performance."
+    error "See the FAQ on how to enable it, or continue without KVM by setting KVM=N (not recommended)."
+    [[ "$DEBUG" != [Yy1]* ]] && exit 88
+  fi
+
+fi
+
+if [[ "$KVM" != [Nn]* ]]; then
+
+  KVM_OPTS=",accel=kvm -enable-kvm"
+
+  if ! grep -qE '^flags.* (sse4_2)' /proc/cpuinfo; then
+    error "Your host CPU does not have the SSE4.2 instruction set that Virtual DSM requires to boot."
+    error "Disable KVM by setting KVM=N to emulate a compatible CPU, at the cost of performance."
+    [[ "$DEBUG" != [Yy1]* ]] && exit 89
+  fi
+
+else
+
+  KVM_OPTS=""
+
+  if [[ "$CPU_MODEL" == "host"* ]]; then
+    if [[ "$ARCH" == "amd64" ]]; then
+      CPU_MODEL="max,$CPU_FEATURES"
+    else
+      CPU_MODEL="qemu64,$CPU_FEATURES"
+    fi
+  fi
+
+fi
+
+if [ -z "$HOST_CPU" ]; then
+  HOST_CPU=$(lscpu | grep 'Model name' | cut -f 2 -d ":" | awk '{$1=$1}1' | sed 's# @.*##g' | sed s/"(R)"//g | sed 's/[^[:alnum:] ]\+/ /g' | sed 's/  */ /g')
+fi
+
+if [ -n "$HOST_CPU" ]; then
+  HOST_CPU="${HOST_CPU%%,*},,"
+else
+  HOST_CPU="QEMU, Virtual CPU,"
+  if [ "$ARCH" == "amd64" ]; then
+    HOST_CPU="$HOST_CPU X86_64"
+  else
+    HOST_CPU="$HOST_CPU $ARCH"
+  fi
+fi
+
+return 0

src/reset.sh

@@ -11,8 +11,7 @@ trap 'error "Status $? while: $BASH_COMMAND (line $LINENO/$BASH_LINENO)"' ERR
 
 # Docker environment variables
 
-: ${GPU:='N'}           # Disable GPU passthrough
-: ${KVM:='Y'}           # Enable KVM acceleration
+: ${TZ:=''}             # System local timezone
 : ${DEBUG:='N'}         # Disable debugging mode
 : ${COUNTRY:=''}        # Country code for mirror
 : ${CONSOLE:='N'}       # Disable console mode
@@ -37,8 +36,10 @@ STORAGE="/storage"
 # Cleanup files
 
 rm -f /run/dsm.url
+rm -f /run/qemu.ip
+rm -f /run/qemu.log
 rm -f /run/qemu.pid
-rm -f /run/qemu.count
+rm -f /run/qemu.end
 
 # Cleanup dirs
 
@@ -48,8 +49,41 @@ rm -rf "$STORAGE/tmp"
 
 # Helper functions
 
-getCountry () {
+isAlive() {
+  local pid=$1
 
+  if kill -0 "$pid" 2>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+pKill() {
+  local pid=$1
+
+  { kill -15 "$pid" || true; } 2>/dev/null
+
+  while isAlive "$pid"; do
+    sleep 0.1
+  done
+
+  return 0
+}
+
+fKill() {
+  local name=$1
+
+  { pkill -f "$name" || true; } 2>/dev/null
+
+  while pgrep -f -l "$name" >/dev/null; do
+    sleep 0.1
+  done
+
+  return 0
+}
+
+getCountry() {
   local url=$1
   local query=$2
   local rc json result
@@ -68,18 +102,25 @@ getCountry () {
   return 0
 }
 
-setCountry () {
+setCountry() {
+
+  [[ "${TZ,,}" == "asia/harbin" ]] && COUNTRY="CN"
+  [[ "${TZ,,}" == "asia/beijing" ]] && COUNTRY="CN"
+  [[ "${TZ,,}" == "asia/urumqi" ]] && COUNTRY="CN"
+  [[ "${TZ,,}" == "asia/kashgar" ]] && COUNTRY="CN"
+  [[ "${TZ,,}" == "asia/shanghai" ]] && COUNTRY="CN"
+  [[ "${TZ,,}" == "asia/chongqing" ]] && COUNTRY="CN"
 
   [ -z "$COUNTRY" ] && getCountry "https://api.ipapi.is" ".location.country_code"
   [ -z "$COUNTRY" ] && getCountry "https://ifconfig.co/json" ".country_iso"
+  [ -z "$COUNTRY" ] && getCountry "https://api.ip2location.io" ".country_code"
   [ -z "$COUNTRY" ] && getCountry "https://ipinfo.io/json" ".country"
   [ -z "$COUNTRY" ] && getCountry "https://api.myip.com" ".cc"
 
   return 0
 }
 
-addPackage () {
-
+addPackage() {
   local pkg=$1
   local desc=$2
 

src/serial.sh

@@ -46,11 +46,14 @@ done
 
 # Configure serial ports
 
-SERIAL_OPTS="\
-        -serial mon:stdio \
+if [[ "$CONSOLE" != [Yy]* ]]; then
+  SERIAL_OPTS="-serial pty"
+else
+  SERIAL_OPTS="-serial mon:stdio"
+fi
+
+SERIAL_OPTS="$SERIAL_OPTS \
         -device virtio-serial-pci,id=virtio-serial0,bus=pcie.0,addr=0x3 \
-        -chardev pty,id=charserial0 \
-        -device isa-serial,chardev=charserial0,id=serial0 \
         -chardev socket,id=charchannel0,host=127.0.0.1,port=12345,reconnect=10 \
         -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=vchannel"