search

SynoCommunity / spksrc

Cross compilation framework to create native packages for the Synology's NAS
https://synocommunity.com
Other
3.04k stars 1.24k forks source link

DSM7: SSLH Package fails to install #4676

Closed ohnoohweh closed 3 years ago

ohnoohweh commented 3 years ago

Setup

Package Name: SSLH Package Version: 1.21c-5

NAS Model: DS918+ NAS Architecture: apollolake DSM version: 7..0

Expected behavior

Tell us what should happen After manual build the generated SPK file shall install on the DSM

Actual behavior

In DSM7 overview https://github.com/SynoCommunity/spksrc/issues/4524 it appears install as not tested as not populated, however the installation failes with the message "Invalid file format. Please contact the package developer."

Screenshot from 2021-06-12 18-34-25

Steps to reproduce

I am using Fedora FC34 as Host. I installed docker and installed spksrc environment Install spksrc environment. : docker pull synocommunity/spksrc Run spksrc environment: docker run -it -v ~/spksrc:/spksrc synocommunity/spksrc /bin/bash Compile sslh in /spksrc/spksrc/spk/sslh with make arch-apollolake-7.0 Compilation went clean Use file generated in /spksrc/spksrc/packages/sslh_apollolake-7.0_1.21c-5.spk for installation on DSM

sslh_apollolake-7.0_1.21c-5.zip

hgy59 commented 3 years ago

DSM 7 does not accept letters in the version. you must remove the character "c". See note 9) in #4524.

only SPK_VERS must be fixed. The PKC_VERS must stay as it is used for the download file name.

ohnoohweh commented 3 years ago

Thanks for the fast reply. Sorry for missing the note out (feel a bit stupid)

I changed the Makefile as suggested to
Makefile.zip by fixing SPK_VERS to 1.21

The package succeeds in installation sslh_apollolake-7.0_1.21-5.zip

DSM is still unhappy. "Failed to start package service"

Screenshot from 2021-06-12 19-09-41

What kind of logs would be helpful to find out more ?

~$ systemctl | grep sslh ● pkgctl-sslh.service loaded failed failed sslh's service unit sslh.slice loaded active active sslh's slice ~$ systemctl -l status pkgctl-sslh.service ● pkgctl-sslh.service - sslh's service unit Loaded: loaded (/usr/local/lib/systemd/system/pkgctl-sslh.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2021-06-12 19:08:42 CEST; 9min ago Process: 22623 ExecStart=/bin/bash -c /usr/syno/sbin/synopkgctl start $SELF && /bin/touch /var/packages/$SELF/enabled (code=exited, status=1/FAILURE) Main PID: 22623 (code=exited, status=1/FAILURE)

hgy59 commented 3 years ago

Without looking into log files, but in service-setup-sh, I propose to change CFG_FILE="${SYNOPKG_PKGDEST}/var/sslh.cfg" to CFG_FILE="${SYNOPKG_PKGVAR}/sslh.cfg" for DSM7

hgy59 commented 3 years ago

Installation log is /var/log/packages/sslh.log syslog is /var/log/messages package log is /var/packages/sslh/var/sslh.log or /var/packages/sslh/target/var/sslh.log

ohnoohweh commented 3 years ago

I used SSLH with DSM6 with great pleasure. Thanks for maintaining this package !!

I am referencing to http://smartathome.blogspot.com/2017/01/installing-sslh-onto-synology-dsm6-for.html

After installation there shall be a folder /usr/local/sslh/var

however after the installation on DSM7 this folder is not present at all.

hgy59 commented 3 years ago

you must not use /usr/local/sslh/var anymore (on DSM7). Use /var/packags/sslh/var instead.

See note 1) in #4524

hgy59 commented 3 years ago

I used SSLH with DSM6 with great pleasure. Thanks for maintaining this package !!

Good to know you are experianced with this package. I tired it some years ago and broke my DSM access (http/5000 and https/5001).

ohnoohweh commented 3 years ago

I collected the log files - they are attached Logs.zip

Have not yet tried your recommendation https://github.com/SynoCommunity/spksrc/issues/4676#issuecomment-860083952

hgy59 commented 3 years ago

The pid file is at the wrong location /usr/local/sslh/var/sslh.pid: No such file or directory

it must be /var/packages/sslh/var/sslh.pid for DSM7 and /var/packages/sslh/target/var/sslh.pid for DSM6 and DSM5.

It would be better not to define the pid file in sslh.cfg but define it in the service-setup.sh file as command line parameter (if supported by sslh), so you can use the variable $(SPKPKG_PKGVAR) that is new for DSM7 and the spksrc framework defines this variable for DSM<7 as the former var folder.

If sslh does not support a command line parameter for the pid file, then a different sslh.cfg file must be installed for DSM7 than for DSM<7.

hgy59 commented 3 years ago

and probably you must change the user in sslh.cfg from user: "nobody"; to user: "sc-sslh;

ohnoohweh commented 3 years ago

Wow, works for me!

I changed the /var/packages/sslh/var/sslh.cfg to sslh.zip

I am trying to install sslh on port 443 instead of 30000 var/packages/sslh/var$ cat /var/packages/sslh/var/sslh.log Sat Jun 12 20:14:19 CEST 2021 Starting sslh command /volume2/@appstore/sslh/bin/sslh -F/volume2/@appdata/sslh/sslh.cfg ssh addr: localhost:ssh. libwrap service: ssh log_level: 1 family 2 2 [keepalive] [fork] tls addr: localhost:snpp. libwrap service: (null) log_level: 0 family 2 2 [] [] openvpn addr: localhost:openvpn. libwrap service: (null) log_level: 1 family 2 2 [] [] listening on: 0.0.0.0:https [] :::https [] timeout: 5 on-timeout: ssh listening to 2 addresses 0.0.0.0:https:bind: Permission denied

Any idea how to overcome this ?

ohnoohweh commented 3 years ago

I guess this is not required. I am following the advices of

http://smartathome.blogspot.com/2017/01/installing-sslh-onto-synology-dsm6-for.html

and configured the router to perform the port mapping from external 443 to internal 30000.

It is easier to manage, so all the ngix settings can stay untouched in place. Much safer and better for upgrading.

THANKS A LOT for YOUR HELP !! Simply awesome experience!

wimsan commented 3 years ago

I upgraded SSLH on DSM 6 but it doesn't seem to work. At least not when listening on port 443 on the ip address of the NAS interface. After downgrading to 1.21c-5 it's working again. Any ideas?

hgy59 commented 3 years ago

The updated package defines "sc-sslh" as user in the configuration file, in the previous version (1.21c-5) the user was "nobody". Please try to configure "nobody" and/or "sc-sslh" as user in sslh.cfg.

user: "nobody";

or

user: "sc-sslh";

wimsan commented 3 years ago

I did that. sslh was starting afterwards but still not when configured to listen on port 443. I than got "0.0.0.0:https:bind: Permission denied"

hgy59 commented 3 years ago

please try to add run as root for start and stop in /var/packages/sslh/conf/privilege file 

{
    "defaults":{
        "run-as": "package"
    },
    "username": "sc-sslh",
    "groupname": "sc-sslh",
    "ctrl-script": [{
        "action": "preinst",
        "run-as": "root"
    }, {
        "action": "postinst",
        "run-as": "root"
    }, {
        "action": "preuninst",
        "run-as": "root"
    }, {
        "action": "postuninst",
        "run-as": "root"
    }, {
        "action": "preupgrade",
        "run-as": "root"
    }, {
        "action": "postupgrade",
        "run-as": "root"
    }, {
        "action": "start",
        "run-as": "root"
    }, {
        "action": "stop",
        "run-as": "root"
    }]
}
wimsan commented 3 years ago

tried that too but still no luck

AlexFullmoon commented 3 years ago

please try to add run as root for start and stop in /var/packages/sslh/conf/privilege file

Worked for me along with user: "sc-sslh"; in sslh.cfg.

r4yzs commented 2 years ago

Hello, same problem for me.

Do you have resolve it ?

hgy59 commented 2 years ago

@r4yzs please open a new issue as this one is fixed with #4742.