DSM 7 support framework design #4215
Comments
|
I've played around a little in my own fork, just to see what breaks and I think I got the minimal requirements done so packages can be "installed" but probably won't work. And binary packages can now be linked to |
|
OPTIONAL: There are a few changes I'd like to complete on the framework before jumping on the dsm7 bang-wagon:
And forgot to mention meson/ninja build support as many packages cannot be further updated anymore... |
|
synology has published a beta release of the Development documentation DSM_Developer_Guide_7_0_Beta.pdf. One interesting difference I found is for 3rdparty developers:
|
|
@ymartin59 Thanks, but why not link to the file? https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/7.0/enu/DSM_Developer_Guide_7_0_Beta.pdf
|
|
@publicarray thanks for the link (comment updated). |
|
That may be true. but I think sooner or later permissions will be more restricted over time, maybe at DSM version 24 ;) |
|
Yes, agree. We should use the official kind of resource scripts whereever provided. EDIT: We should use resource scripts for creating links too. |
Yeah I've worked on that in my dsm7 branch. You can see the result in the synocli-disk GitHub release here. https://github.com/publicarray/spksrc/releases Agreed. Currently I assume SPK_ COMMANDS are binaries so for other resource types new variables need to be made. Using SPK_COMMANDS would seamlessly work on existing scripts. I think I'll create PRs once Synology releases the beta and once I'm more confident that it works correctly. |
|
To maniuplate json I would like to e.g. To add a package to the $ jq --arg packagename sc-media '."join-pkg-groupnames" += [{$packagename}]' privilege | jq --arg packagename sc-example '."join-pkg-groupnames" += [{$packagename}]'
{
"defaults": {
"run-as": "package"
},
"join-pkg-groupnames": [
{
"packagename": "sc-media"
},
{
"packagename": "sc-example"
}
]
}Edit: there are other ways to do this (see below) but the above is easy to use in a loop. $ jq --arg pkg1 sc-media --arg pkg2 sc-example '."join-pkg-groupnames"+=[{packagename: $pkg1},{packagename: $pkg2}]' privilege
{
"defaults": {
"run-as": "package"
},
"join-pkg-groupnames": [
{
"packagename": "sc-media"
},
{
"packagename": "sc-example"
}
]
}Edit2: Create the minium needed for a privilege file $ echo '{}' | jq --arg run_as package '.defaults = {"run-as": $run_as}'
# or
$ echo '{}' | jq --arg key run-as --arg value package '.defaults[$key] = $value'
{
"defaults": {
"run-as": "package"
}
}
I'm happy to work with alterntives too :) Just please don't make use |
|
@publicarray may you please rebase the dsm7 branch to current head@master? |
|
Yup. It's Done 👍 |
|
DSM7 is now in Beta https://www.synology.com/en-global/beta/DSM70Beta |
|
Is there any information when the community packages might have update to be compatible with DSM 7? |
|
@kalatos86 Since this is an open source project where people donate their time to contribute I can't give you an ETA. But you are more than welcome to build packages / contribute on the dsm7 branch |
DSM7 and LogsI propose to change logging in DSM7, if we do nothing some logs will be lost between, package upgrades and install because the # /var/package/{package}/target/var/{package.log}.log (Current, main branch)
LOGFILE="${SYNOPKG_PKGDEST}/var/${SYNOPKG_PKGNAME}.log"
# /var/package/{package}/var/{package.log}.log (permanent storage, is in dsm7 branch)
LOGFILE="${SYNOPKG_PKGVAR}/${SYNOPKG_PKGNAME}.log"
# /tmp/synopkgmgr.log-{package} # I no idea how/where to retrieve it, since the file disappears immediately after install.
LOGFILE= ${SYNOPKG_TEMP_LOGFILE}
# /var/log/packages/{package}.log (I think that this is the best option)
echo "$1" 1>&2 # stderr
# for completeness: show the message to the user
echo "$1" # (during install only, /var/log/packages/{package}.log when service is running)
# /var/log/messages
logger -p 3 "$1" |
|
Sounds like a good idea but I haven't looked much on that part of the code, neither on the dsm7 update yet. @ymartin59 and @hgy59 might have more to say on this. |
|
Thanks @th0ma7 While I was looking through some code I found a few packages uses busybox to delete users/groups from what I assume a migration from around DSM5 to DSM6? (can someone confirm that that is the intent?) Since I expect it already hard to migrate settings from DSM6 I want to drop busybox completely in DSM7 and not support package migration from DSM5 to DSM7, (IMHO It doesn't make sense to do so anyway) |
|
@ymartin59 @hgy59 What arches should we build for DSM7.0? I think this should cover everything: |
|
@hgy59 I've added SPK_DEPENDS to avoid confusion: https://seby.io/download/synology-7.0/adminer_noarch-dsm7_4.7.6-3.spk Yea it works on my machine:tm: The new folder should have been If you continue to have problems can I suggest reinstalling web station? Was there a reason packages still use Apache 2.2? I'm actually surprised Synology still ships it. From apache's website:
FYI same for php 5.6, 7.0 and 7.2: https://www.php.net/supported-versions.php (7.4 is the only realistic version to support right now) |
|
You cannot uninstall apache 2.2 without accepting the following warning in DSM7: Hopefully apache 2.2 (and other outdated packages) will be removed in the final DSM7... |
|
Does the warning show up even when you have both apache versions installed? I don't use those functions but I can confirm that the default server works with just apache2.4 installed. |
|
Oh in DSM6 the checkbox for personal website is disabled until I install old versions of php and apache. DSM7 allows you to mix and match php/apache versions |
Yes, I have both versions (2.2 and 2.4 installed) and you can uninstall apache2.4 without warning. |
|
I think that warning only shows up if you have a 'personal website or Virtual Host' setup from DSM6. I accepted the warning once but it no longer shows up when I uninstall 2.2. |
|
What is configured for your default server? |
|
If I install 2.2 and set the default server to 2.2 I get the warning. If I set it to 2.4 and uninstall 2.4 I also get the warning. On Nginx I don't. I guess it's to prevent unexpected errors. I which the warning was clearer though. To sum up just update the setting for your default server to 2.4 or nginx (unless you explicitly require 2.2 for some reason). |
|
Yes you have to remove/update all the Web Service Portal configurations and Script Language Settings referencing outdated apache and php versions. Then you can uninstall the appropriate packages without warnings. |
simple hack to set os_min_ver to 7.0-4000 build using: make noarch-7.0 or make noarch-6.1 build must be clean between builds SynoCommunity#4215 (comment)
simple hack to set os_min_ver to 7.0-4000 build using: make noarch-7.0 or make noarch-6.1 build must be clean between builds SynoCommunity#4215 (comment)
|
Another interesting source of information regarding DSM7 package : https://github.com/SynologyOpenSource/ExamplePackages |
|
Thanks @digitalbox94 but unfortunately it's no very useful. It only demonstrates the new |
|
Ok I've played a little bit with the Icecast package and DSM7 and here are my findings :
By doing some manual tricks directly on the NAS (configuration files & directory creation) I've got Icecast server running fine on my DS716+II with an ezstream flow (ezstream is also embedded in this package). I will continue my investigation but I you have any comments/advice to share for this DSM 7 topic they are welcome. |
|
Thanks @DigitalBox98, fixed in 9dd89e3 Most packages have old assumptions on the file layout and permissions so most will need to be manually migrated. |
|
Many thanks, the start of the server now works without any manual fix on DSM 7 ! :) Regarding the "service-setup" file, I have identified an issue to fix regarding the "ice cast.xml" CFG-FILE where the correct line is :
|
simple hack to set os_min_ver to 7.0-4000 build using: make noarch-7.0 or make noarch-6.1 build must be clean between builds SynoCommunity#4215 (comment)
simple hack to set os_min_ver to 7.0-4000 build using: make noarch-7.0 or make noarch-6.1 build must be clean between builds SynoCommunity#4215 (comment)
simple hack to set os_min_ver to 7.0-4000 build using: make noarch-7.0 or make noarch-6.1 build must be clean between builds SynoCommunity#4215 (comment)
|
I would like to test the below "proof-of-concept" for DSM7 (but also for DSM6) :
I'm actually fine tuning the solution on DSM7 because sometime the admin page is not available via DSM7 (access to /var/services/web_packages/imagemagick), and sometime it works (need to investigate further). If I would like to propose a PR for this for DSM7, but what is the best below :
Another point : actually I have created & tested it on DSM7 with a branch created from DSM7 branch Let me know if you are interested to test this (at least the Syno AUTH webapi can be useful for other packages). |
* prepare for dsm7
* Add 7.0 toolchain for testing
* Add x64-7.0 to CI
* start on dsm7 install/service script
* fix DSM_APP_NAME in dsm7
* remove tools that require root permissions:
(synouser, synogroup, synoshare)
* remove tool that fail to modify permissions (synoacltool)
* remove tool that fail to apply configuration (servicetool)
servicetool, synouser, synogroup and synoshare have alternative
ways to do the same thing using resource configuration
* fix username, keep DSM6 name convention sc-packagename
* Issue user facing warning on unsupported functions
* change package icon size
- change icon size from 72x72 to 64x64 for DSM 7
* cleanup
* Store log files, pid and other files in permanent storage
fixes missing log entries on reinstall
* Migrate some JSON processing to jq
TODO add moreutils package, use sponge to prevent overriding file with 0 content
- 1<> $@
+ | sponge $@
* fix adding GROUPs DSM7
* join-pkg-groupnames Creates group but is different from the groups the user can create, they are invisible in the UI an are only useful to access another packages permissions (ffmpeg comes to mind)
For DSM7 I recommend setting permissions for individual packages (System Internal User)
or use the shared folder resource worker to add permissions. We can ask the user from the wizard the folder name
"join-groupname": "http" is for system groups, mainly for the web service ("root" don't work but "system" does)
* DSM6->DSM7 move target/var to var/
* Added dsm7 preview toolchain for syno-armada38x-7.0
* Add DSM7.0 toolchains
* Add v1000 to generic x64-7.0
* Add evansport DSM 7.0 Toolkit
* fix builds for dsm versions < 7
* DSM7 Log install script to /var/log/packages/{package}.log
Remove some more statements that modify files in places where we don't have permissions or is just unnecessary in DSM7
* add back firewall install/removal
* Acquire Shared folder resource/permissions
set using SERVICE_WIZARD_SHARE
only disadvantage is that this does not support sub-folders currently
* Only migrate /var directory to permanent storage when destination is empty
* set SYNOPKG_PKGVAR for DSM versions less than 7.0
* Add uninstaller that can optionally remove all package files
Includes files in the new permanent storage (/var) and home folder
* uninstaller: also remove /etc
* fix noarch in dsm7
simple hack to set os_min_ver to 7.0-4000
build using: make noarch-7.0 or make noarch-6.1
build must be clean between builds
#4215 (comment)
* fix missing files on clean install
Copy config files on first install from "target/var" to "/var"
* Error on dropped support for busybox start-stop-daemon aka SERVICE_EXE
* fix don't override old configurations
* Add ability for packages to join a SYSTEM_GROUP and cleanup
Available options are: http and system
* fix DSM6 regression and code review
* fix regression: backwards compatibility with DSM6
* for DSM6 don't set "groupname". fixes permission issues with sc-{groups}
Add SPK_GROUP variable to override "groupname", default is sc-{packagename}
* fix noarch for dsm7
- use noarch-dsm7 to distinguish from noach-all
- use different work dirs for all and dsm7
- incorporate #4392
- followup of 05c2383 to avoid to clean between builds
* update github action to build noarch-7.0 packages
* fix github build action for noarch-7.0
* another fix for noarch build action
* fix DSM7 running with su command:
#4395 (comment)
* Toolchains: Update DSM7 hashes and fix typos
* Add supported DSM 7 archs to CI/GH Actions
* fix os_min_vers for DSM 7 noarch
- update min. build from 4000 to 40000
* regenerated digests of dsm7 toolchains
* Add sha256 digest to evansport toolkit
* fix TC_BUILD for DSM7.0
* Apply new version comparison function
Fixes wrong comparisons e.g. where 3.10 was erroneously less than 3.2
Thanks @th0ma7
* framework, resource: simplify jq command
* framework: code review
* Add linking support for /usr/local/lib and /usr/local/etc
depreciate SPK_LINKS and add new make variable: SPK_USR_LOCAL_LINKS
* fix SPK_USR_LOCAL_LINKS
* Fix comments being output to command line
* Framework: DSM7 Make sure folder exists before migrating files
* Framework: Fix unable to override uninstall wizard
* Update mk/spksrc.service.start-stop-status
Co-authored-by: hgy59 <hpgy59@gmail.com>
* Fraework: avoid creating wizard folder when it's not needed
Co-authored-by: hgy59 <hpgy59@gmail.com>
Co-authored-by: hgy59 <hpgy59@gmail.com>
Co-authored-by: root <zyrill@github.com>
This part was removed from the PDF ?
|
I propose to collaboratively edit this issue description (with comments for discussions about points) so that to prepare how framework has to evolve.
Objectives:
os_min_ver="7.0-40000"Design proposals:
sc-mediaTo investigate
sc-mediastill works from the install script.Minimal requirements for DSM7
os_min_ver=must be present and the value at least"7.0-40000"conf/privilegefile must exist (and have"defaults": { "run-as": "package" }[other values not validated yet])The text was updated successfully, but these errors were encountered: