From dae5d756744baaa6e3edfa2d7fff85d6d6920f48 Mon Sep 17 00:00:00 2001 From: databreach <30411237+databreach@users.noreply.github.com> Date: Sat, 23 Dec 2023 18:04:43 +0100 Subject: [PATCH] feat: Improve support for unprivileged hosts (including LXC) (#479) * * Add fakeroot to extract the dsm system without elevated permissions * Remove obsolete docker variable "DEV" used to exclude extraction of device nodes * feat: Detect unprivileged container * fix: Use fakeroot for mke2fs --------- Co-authored-by: Kroese --- Dockerfile | 1 + src/install.sh | 50 +++++++++++++++++++++++++++++++------------------- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9d37f1d..3247d8e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,7 @@ RUN apt-get update && apt-get -y upgrade \ iptables \ iproute2 \ dnsmasq \ + fakeroot \ net-tools \ qemu-utils \ ca-certificates \ diff --git a/src/install.sh b/src/install.sh index 42a0165..3dae06d 100644 --- a/src/install.sh +++ b/src/install.sh @@ -2,7 +2,6 @@ set -Eeuo pipefail : ${URL:=''} # URL of the PAT file to be downloaded. -: ${DEV:='Y'} # Controls whether device nodes are created. if [ -f "$STORAGE"/dsm.ver ]; then BASE=$(cat "$STORAGE/dsm.ver") @@ -70,7 +69,6 @@ else TMP="/tmp/dsm" SPACE=$(df --output=avail -B 1 /tmp | tail -n 1) if (( MIN_SPACE > SPACE )); then - DEV="N" TMP="$STORAGE/tmp" info "Warning: the $FS filesystem of $STORAGE does not support UNIX permissions.." fi @@ -101,6 +99,7 @@ fi # Download the required files from the Synology website +ROOT="Y" RDC="$STORAGE/dsm.rd" if [ ! -f "$RDC" ]; then @@ -140,14 +139,12 @@ if [ -f "$RDC" ]; then { xz -dc <"$RDC" >"$TMP/rd" 2>/dev/null; rc=$?; } || : (( rc != 1 )) && error "Failed to unxz $RDC, reason $rc" && exit 91 - if [[ "$DEV" == [Nn]* ]]; then - # Exclude dev/ from cpio extract - { (cd "$TMP" && cpio -it < "$TMP/rd" | grep -Ev 'dev/' | while read -r entry; do cpio -idm "$entry" < "$TMP/rd" 2>/dev/null; done); rc=$?; } || : + { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || : + + if (( rc != 0 )); then + ROOT="N" + { (cd "$TMP" && fakeroot cpio -idmu <"$TMP/rd" 2>/dev/null); rc=$?; } || : (( rc != 0 )) && error "Failed to extract $RDC, reason $rc" && exit 92 - else - { (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || : - (( rc != 0 )) && error "Failed to extract $RDC, reason $rc" - (( rc != 0 )) && error "If the container runs unprivileged, please set DEV=N to exclude device nodes." && exit 92 fi mkdir -p /run/extract @@ -272,31 +269,46 @@ sfdisk -q "$SYSTEM" < "$PART" info "Install: Extracting system partition..." +LABEL="1.44.1-42218" +OFFSET="1048576" # 2048 * 512 +NUMBLOCKS="622560" # (4980480 * 512) / 4096 + MOUNT="$TMP/system" rm -rf "$MOUNT" && mkdir -p "$MOUNT" mv "$HDA.tgz" "$HDA.txz" -if [[ "$DEV" == [Nn]* ]]; then - # Exclude dev/ from tar extract - tar xpfJ "$HDA.txz" --absolute-names --exclude="dev" -C "$MOUNT/" -else +if [[ "$ROOT" != [Nn]* ]]; then + tar xpfJ "$HDA.txz" --absolute-names -C "$MOUNT/" + fi [ -d "$PKG" ] && mv "$PKG/" "$MOUNT/.SynoUpgradePackages/" rm -f "$MOUNT/.SynoUpgradePackages/ActiveInsight-"* [ -f "$HDP.txz" ] && tar xpfJ "$HDP.txz" --absolute-names -C "$MOUNT/" -[ -f "$IDB.txz" ] && tar xpfJ "$IDB.txz" --absolute-names -C "$MOUNT/usr/syno/synoman/indexdb/" -info "Install: Installing system partition..." +if [ -f "$IDB.txz" ]; then + INDEX_DB="$MOUNT/usr/syno/synoman/indexdb/" + mkdir -p "$INDEX_DB" + tar xpfJ "$IDB.txz" --absolute-names -C "$INDEX_DB" +fi -LABEL="1.44.1-42218" -OFFSET="1048576" # 2048 * 512 -NUMBLOCKS="622560" # (4980480 * 512) / 4096 +if [[ "$ROOT" != [Nn]* ]]; then -mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS" + info "Install: Installing system partition..." + + mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS" + +else + + fakeroot -- bash -c "set -Eeu;\ + tar xpfJ $HDA.txz --absolute-names --skip-old-files -C $MOUNT/;\ + printf '%b%s%b' '\E[1;34m❯ \E[1;36m' 'Install: Installing system partition...' '\E[0m\n';\ + mke2fs -q -t ext4 -b 4096 -d $MOUNT/ -L $LABEL -F -E offset=$OFFSET $SYSTEM $NUMBLOCKS" + +fi rm -rf "$MOUNT"