The package is not compatible with DSM 7.1 on armada38x

[fabiov64]

Description After upgrading to DSM 7.1, running wg-quick causes a segmentation fault Steps to reproduce

$ ssh user@nas
$ sudo wg-quick up wg0

the result is: /usr/local/bin/wg-quick: line 30: 16471 Segmentation fault      "$@"

Then the system becomes unstable and it cannot be shut down properly. Interrupting the power supply is the only way to restart.

**Synology NAS model**
DS216j

**wg0.conf**

[Interface]
ListenPort = XXXXX
Address = 10.100.100.1/24
PrivateKey = 
PostUp =  iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = 
AllowedIPs = 10.100.100.2/32

[mandre00]

There is no toolkit for DSM 7.1 available yet.

https://archive.synology.com/download/ToolChain/toolkit

[fabiov64]

Yes, I know. But I wanted to warn people not to update DMS if they need wireguard.

[regunakyle]

I think Synology explicitly mentioned that I cannot downgrade DSM 7.1 (maybe implying that downgrading has consequences). Am I stuck with OpenVPN for now?

[fabiov64]

I think Synology explicitly mentioned that I cannot downgrade DSM 7.1 (maybe implying that downgrading has consequences). Am I stuck with OpenVPN for now?

Yes, you're. Until the toolkit will be released and the compilation of the package will be possible.

[digitalface]

Yes, I know. But I wanted to warn people not to update DMS if they need wireguard.

Thank you for the warning - I had downloaded the 7.1 update for my DS220+ and was about to apply it after checking here for any issues. I use WG daily so can't do without it. I'll stay on 7.0 for now.

[allexoll]

FIY the toolkit is now available for 7.1 (in dev version)

[fabiov64]

Yes, but all the scripts refer to the version available on SourceForge. And there the 7.1 is not yet available

[digitalface]

you have to change version in a couple of places but most importantly build.sh to grab the 7.1 version of pkgscripts. I'm compiling a 7.1 version (hopefully) of Wireguard for DS220+ as we speak.

[fabiov64]

you have to change version in a couple of places but most importantly build.sh to grab the 7.1 version of pkgscripts. I'm compiling a 7.1 version (hopefully) of Wireguard for DS220+ as we speak.

I tried, but probably I did not change the right files. May you share more details ?

[digitalface]

After cloning the .git to synology-wireguard, alter the line in build.sh under "Fetch Synology toolchain" to be clone_args="-b DSM7.1" . Under release.sh add "7.1" to the VERSIONS string. Then do "sudo docker build -t synobuild . " and follow instructions for your ARCH

My 7.1 spk has finished compiling, now I just have to upgrade my NAS to 7.1 and test.

[fabiov64]

I already tried that, but the compilation cannot finish:

Cloning into 'pkgscripts-ng'... [2022-06-01 16:23:02,692] INFO: Download... https://dataupdate7.synology.com/toolchain/v1/get_download_list?identify=toolkit&version=7.1&platform=base [2022-06-01 16:23:18,686] INFO: Download... https://dataupdate7.synology.com/toolchain/v1/get_download_list?identify=toolkit&version=7.1&platform=armada38x [2022-06-01 16:23:28,462] INFO: tar -xhf /toolkit_tarballs/base_env-7.1.txz -C /build_env/ds.armada38x-7.1 tar (child): xz: Cannot exec: No such file or directory tar (child): Error is not recoverable: exiting now tar: Child returned status 2 tar: Error is not recoverable: exiting now Traceback (most recent call last): File "//pkgscripts-ng/EnvDeploy", line 77, in main(sys.argv[1:]) File "//pkgscripts-ng/EnvDeploy", line 71, in main toolkit.deploy() File "/pkgscripts-ng/include/python/pkgdeploy.py", line 201, in deploy self.deploy_base_env(platform) File "/pkgscripts-ng/include/python/pkgdeploy.py", line 242, in deploy_base_env self.extract( File "/pkgscripts-ng/include/python/pkgdeploy.py", line 239, in extract subprocess.check_call(cmd) File "/usr/lib/python3.10/subprocess.py", line 369, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['tar', '-xhf', '/toolkit_tarballs/base_env-7.1.txz', '-C', '/build_env/ds.armada38x-7.1']' returned non-zero exit status 2.

[digitalface]

I've managed to successfully build and install Wireguard for DSM 7.1 on my DS220+ now and also was able to build an apollolake package for my friends DS218+

Incidentally I tried building your armada38x arch and it failed with an error, not the same error as yours but it didn't complete.

[fabiov64]

BTW: I'm non more able to compile neither the 7.0 version. I always get the same error as above. I tried on both a MacOs and Ubuntu x64 machines. Probably something changed in the EnvDeploy script or in the docker defaults and the tarballs files cannot be accessed

[mandre00]

The same problem occurs with v1000, the toolkit tarballs are pre-downloaded in toolkit_tarballs

synology-wireguard# ll $(pwd)/../toolkit_tarballs |grep 7.1
-rwxrwxrwx 1 root root 1280514456 Jun  2 15:40 base_env-7.1.txz*
-rwxrwxrwx 1 root root  512820572 Jun  2 15:40 ds.v1000-7.1.dev.txz*
-rwxrwxrwx 1 root root  494598460 Jun  2 15:36 ds.v1000-7.1.env.txz*

docker run -it --rm --privileged --env PACKAGE_ARCH=v1000 --env DSM_VER=7.1 -v $(pwd)/artifacts:/result_spk -v $(pwd)/../toolkit_tarballs:/toolkit_tarballs synobuild
WireGuard version:        1.0.20211208
WireGuard tools version:  1.0.20210914
libmnl version:           1.0.5

Cloning into 'pkgscripts-ng'...
remote: Enumerating objects: 405, done.
remote: Counting objects: 100% (82/82), done.
remote: Compressing objects: 100% (72/72), done.
remote: Total 405 (delta 58), reused 27 (delta 10), pack-reused 323
Receiving objects: 100% (405/405), 180.42 KiB | 6.68 MiB/s, done.
Resolving deltas: 100% (261/261), done.
[2022-06-02 14:15:27,750] ERROR: PlatformNotAvailableError
[2022-06-02 14:15:27,750] ERROR: [v1000] is not available platform.
[2022-06-02 14:15:27,750] ERROR: pkgscripts-ng/EnvDeploy -p v1000 -v 7.1 -t /toolkit_tarballs failed!

Compiling 7.0 for v1000 still works.

synology-wireguard# ll $(pwd)/../toolkit_tarballs |grep 7.0
total 4087720
-rwxrwxrwx 1 root root 1100497292 Jul  6  2021 base_env-7.0.txz*
-rwxrwxrwx 1 root root  357438164 Apr  8 19:22 ds.v1000-7.0.dev.txz*
-rwxrwxrwx 1 root root  439941476 Apr  8 19:25 ds.v1000-7.0.env.txz*

docker run --rm --privileged --env PACKAGE_ARCH=v1000 --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk -v $(pwd)/../toolkit_tarballs:/toolkit_tarballs synobuild

----------------- Time cost statistics -----------------
Time cost: 00:00:17 [Build-->WireGuard]

1 projects, 0 failed, 0 blocked.
Install log
===========
[INFO] projectList=WireGuard
[INFO] Start to install WireGuard.
[ENV] Using 64bit environment.
[INFO] Execute install script: //source/WireGuard/SynoBuildConf/install
tar -xf wireguard-tools-1.0.20210914.tar.xz
tar -xf wireguard-linux-compat-1.0.20211208.tar.xz
patch wireguard-linux-compat-1.0.20211208/src/netlink.c /source/WireGuard/patch/netlink.patch
patching file wireguard-linux-compat-1.0.20211208/src/netlink.c
patch wireguard-linux-compat-1.0.20211208/src/peerlookup.c /source/WireGuard/patch/peerlookup.patch
patching file wireguard-linux-compat-1.0.20211208/src/peerlookup.c
mkdir -p /tmp/_package_tgz/wireguard/
install wireguard-tools-1.0.20210914/src/wg /tmp/_package_tgz/wireguard/
install wireguard-tools-1.0.20210914/wg-quick /tmp/_package_tgz/wireguard/
install wireguard-linux-compat-1.0.20211208/src/wireguard.ko /tmp/_package_tgz/wireguard/
install /source/WireGuard/wireguard/wg-autostart /tmp/_package_tgz/wireguard/
ls /tmp/_package_tgz | tar cJf /tmp/_test_spk/package.tgz -C /tmp/_package_tgz -T /dev/stdin
'scripts/start' -> '/tmp/_test_spk/scripts/start'
'scripts/start-stop-status' -> '/tmp/_test_spk/scripts/start-stop-status'
'conf/privilege' -> '/tmp/_test_spk/conf/privilege'
'conf/resource' -> '/tmp/_test_spk/conf/resource'
'conf/systemd' -> '/tmp/_test_spk/conf/systemd'
'conf/systemd/pkg-wg-quick@.service' -> '/tmp/_test_spk/conf/systemd/pkg-wg-quick@.service'
'PACKAGE_ICON.PNG' -> '/tmp/_test_spk/PACKAGE_ICON.PNG'
'PACKAGE_ICON_256.PNG' -> '/tmp/_test_spk/PACKAGE_ICON_256.PNG'
creating package: WireGuard-v1000-1.0.20211208.spk
source:           /tmp/_test_spk
destination:      /image/packages/WireGuard-v1000-1.0.20211208.spk
[WARNING] /tmp/_install is empty!
[INFO] Install WireGuard finished!
1 projects, 0 failed, 0 blocked.

[INFO] Finished SynoInstall script.

[mandre00]

Ok I found the problem too, maybe I should have read the other posts first too... It's the wrong pkgscripts-ng version.

To Fix this do the following in build.sh

diff --git a/build.sh b/build.sh
index 4a1afc0..57a2d32 100755
--- a/build.sh
+++ b/build.sh
@@ -36,7 +36,7 @@ if [[ ! -d /pkgscripts-ng ]] || [ -z "$(ls -A /pkgscripts-ng)" ]; then
     clone_args=""
     # If the DSM version is 7.0, use the DSM7.0 branch of pkgscripts-ng
     if [[ "$DSM_VER" =~ ^7\.[0-9]+$ ]]; then
-        clone_args="-b DSM7.0"
+        clone_args="-b DSM$DSM_VER"
         export PRODUCT="DSM"
     fi
     git clone ${clone_args} https://github.com/SynologyOpenSource/pkgscripts-ng

after that rebuild the image

docker build -t synobuild .

Now you should be able to build the module with version 7.1

I didn't test the module yet because my DS1821+ is still running with DSM7.0 but I'll test it in the next months.

[fabiov64]

I solved the issue of above. The docker image created following the instructions does not contain the xz executable and then the tar command fails. In oder to fix, I modified the Dockerfile, adding the xz-utils to the list of packages to be installed. I'm compiling on Mac OS or on Windows. After doing that, I was able to compile the 7.0 on armada38x. In the past it worked without any modification. I suspect something changed in the ubuntu image used as base for arm and x64 architectures. Also the compilation of 7.1 on armada38x is successful. Now I'll test on the NAS

[fabiov64]

… and it seems working !

[Jerdle]

@digitalface could you link your DS220+ 7.1 build? I made the same changes you suggested but keep getting this error even running as root:

/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied ERROR: This script must be run as root

Just bought my NAS so no choice on DSM version :(

[digitalface]

@digitalface could you link your DS220+ 7.1 build? I made the same changes you suggested but keep getting this error even running as root:

/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied ERROR: This script must be run as root

Just bought my NAS so no choice on DSM version :(

Sure, I'll do it tomorrow when I'm back at my computer.

[digitalface]

@digitalface could you link your DS220+ 7.1 build? I made the same changes you suggested but keep getting this error even running as root:

/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied ERROR: This script must be run as root

Just bought my NAS so no choice on DSM version :(

@jerdle do you still need this?

[Jerdle]

@digitalface no finally got it to build on MacOS.. thanks though

[james2406]

after that rebuild the image

@mandre00 Completely forgot to do that, so thanks for adding that.

[jollyjester]

Just to add if you are building on the synology then this solved it for me https://github.com/runfalk/synology-wireguard/issues/88#issuecomment-1026355820

[kingname]

bro, Please tell me how to install wireguard on DS220+ with DSM 7.1

[fabiov64]

You need to compile it, after modifying the build.sh as described here above. After the compilation, you can manually install it using the Package Manager of DSM. For the compilation, please follow the official instructions. You can compile on whatever platform you have (Windows, Linux, MacOs) after installing Docker.

[haldi4803]

no preBuild packages around somewhere?

Edit: Here https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/