DSM 7 - SyncThing unsupported due to the root access

[shaarkys]

Hi,

seems it's not possible to install SyncThing anymore on DSM 7 (beta), it's very unpleasant surprise [I haven't noticed this change in the Release log].
Can you please do anything about it ? Hope you can...

[calmh]

The intention is to support DSM 7 eventually.

As a side note, the text above is incorrect. Syncthing does not run as root. There are however pre- and post-installation scripts that run as root to set up the config volume and HTTP forwarding for the GUI. It's not clear to me how that works in DSM 7 without root, but I haven't investigated it yet.

[shaarkys]

Seems I will have to reinstall my Synology from scratch, just finished Moments DB indexing/people DB ...now it's merged I guess it will not be compatible, week of work is lost (my problem though). Why Synology don't provide option but by default prevents it, I don't get it.

Not sure if this helps ?

https://help.synology.com/developer-guide/privilege/preface.html

Lower Privilege

To reduce security risks, we now provide a framework to run packages with a lower privileged "package user" instead of root. Below is a summary of how to join the framework and what package center does for you:

    Package developers provide privilege specification to specify what privilege is needed during program execution.
    During package installation, package center creates corresponding user and group. See Package User & Group for more detail.
    According to the privilege specification, package center chown files under /var/packages/${package}/target. (The setuid and setgid bit will be cleared)
    Package executables are run with privilege (package user, system or root) according to its file owner and group. See Mechanism for more detail.

With this framework, package developer is capable of:

    Configure which executable should be run with what privilege with a simple privilege specification file.
    Resource Acquistion can be used to help maintain some chores that requires root privilege.

Whether to lower the package's privilege and create corresponding user / group is optional. The package has to provide privilege specification to join this framework, otherwise the package will still be run with root privilege, and no user / group will be created. 

[shaarkys]

OT but just in case someone considers : https://emby.media/community/index.php?/topic/89848-tutorialdowngrade-from-dsm-70-to-dsm-623/
(but most probably with full config restore required)

[shaarkys]

@calmh if I can help anyhow with testing, let me know.

[Kaelber]

From Synology I have the Developer Guide from September 2020, maybe is possible to have a update. But it give the roadmap mainly.

DSM7_developer-guide.pdf

[Kaelber]

I found a update for the DSM Beta which have some pages more.

DSM7_Developer_Guide_7_0_Beta.pdf

[calmh]

You guys are more than welcome to experiment with creating a compatible package, that would be helpful.

[Kaelber]

I´m no developer, so is not so easy to help. I follow a lot of issues in the german Synology forum, since there are some APP developers available, having discussions about that. It seems for me, that the

/var/packages/syncthing.net/conf/privilege

{
"defaults": {
"run-as": "package"
},
"ctrl-script": [
{
"action": "postinst",
"run-as": "root"
},
{
"action": "preuninst",
"run-as": "root"
}
]
}

is a important part of all, because root no longer is possible. It seems it needs a temporary user for the installation is used instead of that. Also it seems, that some pathes are modified, but all that is not finally clear to me.

[Kaelber]

On Synology homepage is possible to sign into a user account is also used in DSM for quickconnect etc. and also regarding support issues etc. This also can used for the Synology owned forum:

https://community.synology.com/enu/

in which also can found discussions around. Also the found Toolset is maybe helpful

https://www.synology.com/en-global/support/developer#tool

[shaarkys]

You mean probably https://www.synology.com/en-global/support/developer#tool - your URL points to GitHUB - thanks for sharing btw.

[shaarkys]

Based on details you shared, this is important.

I know nothing about packages and build on Docker for Synology, however seems it's related only to https://github.com/kastelo/syncthing-synology/blob/main/syncthing/conf/privilege ?

[shaarkys]

SynoCommunity/spksrc#4215

[shaarkys]

@calmh can you please advise - I guess we need Synology Package Toolkit Framework for DSM 7 - therefore branch DSM7.0, correct ? - https://github.com/SynologyOpenSource/pkgscripts-ng/tree/DSM7.0
But when looking on platforms and listing them - I get following only, no x64 - bromolow cedarview armadaxp armada370 armada375 evansport comcerto2k avoton alpine braswell apollolake grantley alpine4k monaco broadwell kvmx64 armada38x denverton rtd1296 broadwellnk purley armada37xx geminilake v1000 - is it normal that x64 is missing ?

I was planning to experiment yet I can't even setup build environment...

Also from where shall be the key ~/synology-signing-key.asc taken ?

Thank you.

[calmh]

The platform names are always funky in Synology-world. Looking at their packaging scripts I think you can just pick any representative, like bromolow or apollolake instead;

https://github.com/SynologyOpenSource/pkgscripts-ng/blob/ed01078333698aa4288fdc9a08d23ed3ec896c4e/include/pkg_util.sh#L109-L143

You can generate your own key or probably skip the signing entirely for development purposes.

[jamolina5]

I am also screwed, was using Syncthing happily and in my stupid brain thought why not upgrade to 7.0 beta and that was the end of it. Damn! So sad. Wish there is a solution.

[shaarkys]

@calmh thank you - I realized for Synology DS220+ I need probably GeminiLake....but trying to download it (it fails even within Docker container), but on my 500 MBit connection in Europe, download from US (SourceForge (San Diego, California, US) ) gets 70KB/s ... that's my progress after 2 days ;-(
Interestingly base_env-7.0.txz downloads very quickly. Seems I'm not alone - https://sourceforge.net/p/forge/site-support/21606/

Maybe I will start playing with https://github.com/SynoCommunity/spksrc/tree/dsm7 ;-(

Btw, also interesting :
Sign Package (only for DSM6.X) Signing mechanism is deprecated after DSM7.0, you don't need this if you are developing package for DSM7.0

[Kaelber]

I am also screwed, was using Syncthing happily and in my stupid brain thought why not upgrade to 7.0 beta and that was the end of it. Damn! So sad. Wish there is a solution.

So maybe you downgrade from DSM 7-Beta to DSM 6.2.3, is a little tricky but possible

https://emby.media/community/index.php?/topic/89848-tutorialdowngrade-from-dsm-70-to-dsm-623/

If the way doesnt work properly, try without point 5, reboot of DS.

I dont know your DS, if maybe have power enough, in the next time is better to use the VMM APP and VirtualDSM 7-Beta for all your tests, since up to now no third party app runs. For any tests I use also in parallel to DSM 6.2.3.

[jamolina5]

WIll Syncthing work under docker?

[Kaelber]

Syncthing also use docker images

https://docs.syncthing.net/users/releases.html

[shaarkys]

Interestingly base_env-7.0.txz downloads very quickly. Seems I'm not alone - https://sourceforge.net/p/forge/site-support/21606/

Seems they fixed download problems.

[shaarkys]

So using Docker I managed to get it running smoothly. Recommended for everyone who can"t wait and downgrade is not a way forward (eg. I lost all settings in Moments when migrating to Photos...so no way back for me)

[3PSY0N]

Hello, @calmh DSM 7 has been released, SyncThing is still supposed to be updated ?
Thank you

[calmh]

I do not intend to do the work to update this package to DSM 7. PRs are welcome, though.

[BPtLNfxZWo]

Ok thanks for the clear statement! Understandable.

[hgouveia]

So using Docker I managed to get it running smoothly. Recommended for everyone who can"t wait and downgrade is not a way forward (eg. I lost all settings in Moments when migrating to Photos...so no way back for me)

@BPtLNfxZWo @3PSY0N for now this is the best option, works quite well but it does consume a little bit more of ram

[Kaelber]

If you can handle the Docker config files in a tricky way, updates and RCs can be used flexibly. It doesn't work quite as smoothly as with the native installation and the performance isn't quite as good either.

[Complexart]

Hi,
I am a basic user, the package center in synology do have a version 1.17.0-22 for download. However, I am stuck at the setup of folders after installation. If I use the default folder path I can't see my folder in my nas, if I specs my folder as volume1/phonetonas/phone, the error appeared as below.

2021-08-25 17:46:59: Failed to create folder root directory stat /volume1/EdPhonetoNAS/Phone: permission denied

2021-08-25 17:46:59: Error on folder "EdPhonetoNAS" (ahsux-7t9x4): stat /volume1/EdPhonetoNAS/Phone: permission denied

2021-08-25 17:49:16: Loading ignores: lstat /volume1/EdPhonetoNAS/Phone/.stignore: permission denied

2021-08-25 17:49:16: Failed to create folder root directory stat /volume1/EdPhonetoNAS/Phone: permission denied

2021-08-25 17:49:16: Error on folder "EdPhonetoNAS" (ahsux-7t9x4): stat /volume1/EdPhonetoNAS/Phone: permission denied
Please advice.

[calmh]

Closing as we're no longer providing updates for this package and this repo is archived.