mirror of
https://github.com/vdsm/virtual-dsm.git
synced 2025-02-24 05:20:02 +08:00
feat: Improve support for unprivileged hosts (including LXC) (#479)
* * Add fakeroot to extract the dsm system without elevated permissions * Remove obsolete docker variable "DEV" used to exclude extraction of device nodes * feat: Detect unprivileged container * fix: Use fakeroot for mke2fs --------- Co-authored-by: Kroese <kroese@users.noreply.github.com>
This commit is contained in:
databreach
GitHub
parent
95facffa9b
commit
dae5d75674
@ -29,6 +29,7 @@ RUN apt-get update && apt-get -y upgrade \
|
|||||||
iptables \
|
iptables \
|
||||||
iproute2 \
|
iproute2 \
|
||||||
dnsmasq \
|
dnsmasq \
|
||||||
|
fakeroot \
|
||||||
net-tools \
|
net-tools \
|
||||||
qemu-utils \
|
qemu-utils \
|
||||||
ca-certificates \
|
ca-certificates \
|
||||||
|
|||||||
@ -2,7 +2,6 @@
|
|||||||
set -Eeuo pipefail
|
set -Eeuo pipefail
|
||||||
|
|
||||||
: ${URL:=''} # URL of the PAT file to be downloaded.
|
: ${URL:=''} # URL of the PAT file to be downloaded.
|
||||||
: ${DEV:='Y'} # Controls whether device nodes are created.
|
|
||||||
|
|
||||||
if [ -f "$STORAGE"/dsm.ver ]; then
|
if [ -f "$STORAGE"/dsm.ver ]; then
|
||||||
BASE=$(cat "$STORAGE/dsm.ver")
|
BASE=$(cat "$STORAGE/dsm.ver")
|
||||||
@ -70,7 +69,6 @@ else
|
|||||||
TMP="/tmp/dsm"
|
TMP="/tmp/dsm"
|
||||||
SPACE=$(df --output=avail -B 1 /tmp | tail -n 1)
|
SPACE=$(df --output=avail -B 1 /tmp | tail -n 1)
|
||||||
if (( MIN_SPACE > SPACE )); then
|
if (( MIN_SPACE > SPACE )); then
|
||||||
DEV="N"
|
|
||||||
TMP="$STORAGE/tmp"
|
TMP="$STORAGE/tmp"
|
||||||
info "Warning: the $FS filesystem of $STORAGE does not support UNIX permissions.."
|
info "Warning: the $FS filesystem of $STORAGE does not support UNIX permissions.."
|
||||||
fi
|
fi
|
||||||
@ -101,6 +99,7 @@ fi
|
|||||||
|
|
||||||
# Download the required files from the Synology website
|
# Download the required files from the Synology website
|
||||||
|
|
||||||
|
ROOT="Y"
|
||||||
RDC="$STORAGE/dsm.rd"
|
RDC="$STORAGE/dsm.rd"
|
||||||
|
|
||||||
if [ ! -f "$RDC" ]; then
|
if [ ! -f "$RDC" ]; then
|
||||||
@ -140,14 +139,12 @@ if [ -f "$RDC" ]; then
|
|||||||
{ xz -dc <"$RDC" >"$TMP/rd" 2>/dev/null; rc=$?; } || :
|
{ xz -dc <"$RDC" >"$TMP/rd" 2>/dev/null; rc=$?; } || :
|
||||||
(( rc != 1 )) && error "Failed to unxz $RDC, reason $rc" && exit 91
|
(( rc != 1 )) && error "Failed to unxz $RDC, reason $rc" && exit 91
|
||||||
|
|
||||||
if [[ "$DEV" == [Nn]* ]]; then
|
|
||||||
# Exclude dev/ from cpio extract
|
|
||||||
{ (cd "$TMP" && cpio -it < "$TMP/rd" | grep -Ev 'dev/' | while read -r entry; do cpio -idm "$entry" < "$TMP/rd" 2>/dev/null; done); rc=$?; } || :
|
|
||||||
(( rc != 0 )) && error "Failed to extract $RDC, reason $rc" && exit 92
|
|
||||||
else
|
|
||||||
{ (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
|
{ (cd "$TMP" && cpio -idm <"$TMP/rd" 2>/dev/null); rc=$?; } || :
|
||||||
(( rc != 0 )) && error "Failed to extract $RDC, reason $rc"
|
|
||||||
(( rc != 0 )) && error "If the container runs unprivileged, please set DEV=N to exclude device nodes." && exit 92
|
if (( rc != 0 )); then
|
||||||
|
ROOT="N"
|
||||||
|
{ (cd "$TMP" && fakeroot cpio -idmu <"$TMP/rd" 2>/dev/null); rc=$?; } || :
|
||||||
|
(( rc != 0 )) && error "Failed to extract $RDC, reason $rc" && exit 92
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p /run/extract
|
mkdir -p /run/extract
|
||||||
@ -272,32 +269,47 @@ sfdisk -q "$SYSTEM" < "$PART"
|
|||||||
|
|
||||||
info "Install: Extracting system partition..."
|
info "Install: Extracting system partition..."
|
||||||
|
|
||||||
|
LABEL="1.44.1-42218"
|
||||||
|
OFFSET="1048576" # 2048 * 512
|
||||||
|
NUMBLOCKS="622560" # (4980480 * 512) / 4096
|
||||||
|
|
||||||
MOUNT="$TMP/system"
|
MOUNT="$TMP/system"
|
||||||
rm -rf "$MOUNT" && mkdir -p "$MOUNT"
|
rm -rf "$MOUNT" && mkdir -p "$MOUNT"
|
||||||
|
|
||||||
mv "$HDA.tgz" "$HDA.txz"
|
mv "$HDA.tgz" "$HDA.txz"
|
||||||
|
|
||||||
if [[ "$DEV" == [Nn]* ]]; then
|
if [[ "$ROOT" != [Nn]* ]]; then
|
||||||
# Exclude dev/ from tar extract
|
|
||||||
tar xpfJ "$HDA.txz" --absolute-names --exclude="dev" -C "$MOUNT/"
|
|
||||||
else
|
|
||||||
tar xpfJ "$HDA.txz" --absolute-names -C "$MOUNT/"
|
tar xpfJ "$HDA.txz" --absolute-names -C "$MOUNT/"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
[ -d "$PKG" ] && mv "$PKG/" "$MOUNT/.SynoUpgradePackages/"
|
[ -d "$PKG" ] && mv "$PKG/" "$MOUNT/.SynoUpgradePackages/"
|
||||||
rm -f "$MOUNT/.SynoUpgradePackages/ActiveInsight-"*
|
rm -f "$MOUNT/.SynoUpgradePackages/ActiveInsight-"*
|
||||||
|
|
||||||
[ -f "$HDP.txz" ] && tar xpfJ "$HDP.txz" --absolute-names -C "$MOUNT/"
|
[ -f "$HDP.txz" ] && tar xpfJ "$HDP.txz" --absolute-names -C "$MOUNT/"
|
||||||
[ -f "$IDB.txz" ] && tar xpfJ "$IDB.txz" --absolute-names -C "$MOUNT/usr/syno/synoman/indexdb/"
|
|
||||||
|
if [ -f "$IDB.txz" ]; then
|
||||||
|
INDEX_DB="$MOUNT/usr/syno/synoman/indexdb/"
|
||||||
|
mkdir -p "$INDEX_DB"
|
||||||
|
tar xpfJ "$IDB.txz" --absolute-names -C "$INDEX_DB"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "$ROOT" != [Nn]* ]]; then
|
||||||
|
|
||||||
info "Install: Installing system partition..."
|
info "Install: Installing system partition..."
|
||||||
|
|
||||||
LABEL="1.44.1-42218"
|
|
||||||
OFFSET="1048576" # 2048 * 512
|
|
||||||
NUMBLOCKS="622560" # (4980480 * 512) / 4096
|
|
||||||
|
|
||||||
mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
|
mke2fs -q -t ext4 -b 4096 -d "$MOUNT/" -L "$LABEL" -F -E "offset=$OFFSET" "$SYSTEM" "$NUMBLOCKS"
|
||||||
|
|
||||||
|
else
|
||||||
|
|
||||||
|
fakeroot -- bash -c "set -Eeu;\
|
||||||
|
tar xpfJ $HDA.txz --absolute-names --skip-old-files -C $MOUNT/;\
|
||||||
|
printf '%b%s%b' '\E[1;34m❯ \E[1;36m' 'Install: Installing system partition...' '\E[0m\n';\
|
||||||
|
mke2fs -q -t ext4 -b 4096 -d $MOUNT/ -L $LABEL -F -E offset=$OFFSET $SYSTEM $NUMBLOCKS"
|
||||||
|
|
||||||
|
fi
|
||||||
|
|
||||||
rm -rf "$MOUNT"
|
rm -rf "$MOUNT"
|
||||||
|
|
||||||
echo "$BASE" > "$STORAGE"/dsm.ver
|
echo "$BASE" > "$STORAGE"/dsm.ver
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user