search

runfalk / synology-wireguard

WireGuard support for some Synology NAS drives
MIT License
919 stars 131 forks source link

This script must be run as root/PostUp: command not found #86

Closed oschmidteu closed 3 years ago

oschmidteu commented 3 years ago

Synology NAS model: DS920+

Description: I just upgraded my DSM from 7.0-41222 to 7.0-41882 and wanted to setup wireguard. Some time ago i already compiled the package (WireGuard-geminilake-1.0.20210424.zip) but when trying to fire it up i get the following error:

root@DSM:/etc/wireguard# wg-quick up wg0
Warning: `/etc/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 192.168.1.1/24 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/local/bin/wg-quick: line 295: PostUp: command not found
[#] ip link delete dev wg0

I didn't found anything about that error so I started all over again:

root@DSM:/volume1/docker/synology-wireguard# docker run --rm --privileged --env PACKAGE_ARCH=geminilake --env DSM_VER=7.0 -v $(pwd)/artifacts:/result_spk synobuild
WireGuard version:        1.0.20210424
WireGuard tools version:  1.0.20210424
libmnl version:           1.0.4

Cloning into 'pkgscripts-ng'...
[2021-06-02 13:01:34,303] INFO: Download... https://sourceforge.net/projects/dsgpl/files/toolkit/DSM7.0/base_env-7.0.txz
[2021-06-02 13:02:24,497] INFO: Download... https://sourceforge.net/projects/dsgpl/files/toolkit/DSM7.0/ds.geminilake-7.0.env.txz
[2021-06-02 13:02:50,277] INFO: Download... https://sourceforge.net/projects/dsgpl/files/toolkit/DSM7.0/ds.geminilake-7.0.dev.txz
[2021-06-02 13:03:10,289] INFO: tar -xhf /toolkit_tarballs/base_env-7.0.txz -C /build_env/ds.geminilake-7.0
[2021-06-02 13:03:30,857] INFO: tar -xhf /toolkit_tarballs/ds.geminilake-7.0.env.txz -C /build_env/ds.geminilake-7.0
[2021-06-02 13:04:25,726] INFO: tar -xhf /toolkit_tarballs/ds.geminilake-7.0.dev.txz -C /build_env/ds.geminilake-7.0
[2021-06-02 13:04:55,718] INFO: All task finished.
============================================================
                   Parse argument result                    
------------------------------------------------------------
platforms     : geminilake
env_section   : default
env_version   : 7.0
dep_level     : 1
parallel_proj : 1
branch        : master
suffix        : 
collect       : True
collecter     : True
link          : True
update_link   : False
build         : True
install       : True
only_install  : False
parallel      : 4
build_opt     : -J
install_opt   : 
print_log     : True
tee           : True
sdk_ver       : 6.2
package       : WireGuard

Processing [7.0-40955]: geminilake
============================================================
              Start to run "Traverse project"               
------------------------------------------------------------
Projects: WireGuard

============================================================
                Start to run "Link Project"                 
------------------------------------------------------------
Link /pkgscripts-ng -> /build_env/ds.geminilake-7.0/pkgscripts-ng
Link //source/WireGuard -> /build_env/ds.geminilake-7.0/source/WireGuard

============================================================
                Start to run "Build Package"                
------------------------------------------------------------
[geminilake] env PackageName=WireGuard /pkgscripts-ng/SynoBuild --geminilake -c --min-sdk 6.2 -J WireGuard
/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied
ERROR: This script must be run as root
Traceback (most recent call last):
  File "/pkgscripts-ng/include/python/exec_env.py", line 76, in execute
    output = commandrunner.run(cmd, display=display, **kwargs)
  File "/pkgscripts-ng/include/python/commandrunner.py", line 39, in run
    raise RunShellFailed(p.returncode, cmd, output)
commandrunner.RunShellFailed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/pkgscripts-ng/include/python/parallel.py", line 15, in __call__
    result = self.__callable(*args, **kwargs)
  File "/pkgscripts-ng/include/python/pkgcommon.py", line 191, in run_command
    env.execute(cmd, display=len(self.env_config.platforms)
  File "/pkgscripts-ng/include/python/exec_env.py", line 79, in execute
    raise EnvError(
exec_env.EnvError: ('Execute chroot /build_env/ds.geminilake-7.0 env PackageName=WireGuard /pkgscripts-ng/SynoBuild --geminilake -c --min-sdk 6.2 -J WireGuard failed', '/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied\nERROR: This script must be run as root')
multiprocessing.pool.RemoteTraceback: 
"""
Traceback (most recent call last):
  File "/pkgscripts-ng/include/python/exec_env.py", line 76, in execute
    output = commandrunner.run(cmd, display=display, **kwargs)
  File "/pkgscripts-ng/include/python/commandrunner.py", line 39, in run
    raise RunShellFailed(p.returncode, cmd, output)
commandrunner.RunShellFailed

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/multiprocessing/pool.py", line 125, in worker
    result = (True, func(*args, **kwds))
  File "/pkgscripts-ng/include/python/parallel.py", line 15, in __call__
    result = self.__callable(*args, **kwargs)
  File "/pkgscripts-ng/include/python/pkgcommon.py", line 191, in run_command
    env.execute(cmd, display=len(self.env_config.platforms)
  File "/pkgscripts-ng/include/python/exec_env.py", line 79, in execute
    raise EnvError(
exec_env.EnvError: ('Execute chroot /build_env/ds.geminilake-7.0 env PackageName=WireGuard /pkgscripts-ng/SynoBuild --geminilake -c --min-sdk 6.2 -J WireGuard failed', '/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied\nERROR: This script must be run as root')
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "pkgscripts-ng/PkgCreate.py", line 184, in <module>
    main(sys.argv[1:])
  File "pkgscripts-ng/PkgCreate.py", line 177, in main
    packer.pack_package()
  File "/pkgscripts-ng/include/python/pkguniform.py", line 437, in pack_package
    worker.execute()
  File "/pkgscripts-ng/include/python/pkgcommon.py", line 86, in execute
    self._process_output(self._run(*argv))
  File "/pkgscripts-ng/include/python/pkgcommon.py", line 212, in _run
    return doPlatformParallel(self.run_command, self.env_config.platforms)
  File "/pkgscripts-ng/include/python/parallel.py", line 60, in doPlatformParallel
    output[item] = results[item].get()
  File "/usr/lib/python3.8/multiprocessing/pool.py", line 771, in get
    raise self._value
exec_env.EnvError: ('Execute chroot /build_env/ds.geminilake-7.0 env PackageName=WireGuard /pkgscripts-ng/SynoBuild --geminilake -c --min-sdk 6.2 -J WireGuard failed', '/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied\nERROR: This script must be run as root')
Build log
=========
/pkgscripts-ng/include/check: line 93: /dev/null: Permission denied
ERROR: This script must be run as root
Install log
===========
cat: /build_env/ds.geminilake-7.0/logs.install: No such file or directory

Do i miss something? I did it before but can't figure out whats wrong or is it related to the new DSM version?

runfalk commented 3 years ago

The purpose of the docker image is to allow cross compilation, i.e. you run it on your desktop. (That shouldn't be the issue here though I think. Did you create a new build image based on the 7.0 support branch? I don't think you can build images without using an image with explicit support for it.

Second that post up thing looks a bit weird. What does you config look like?

oschmidteu commented 3 years ago

This was my config:

[Interface]
Address = 192.168.1.1/24
ListenPort = 51821
PrivateKey = **
PostUp = PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

[Peer]
PublicKey = **
PresharedKey = **
AllowedIPs = 192.168.1.2/32

[Peer]
PublicKey = **
PresharedKey = **
AllowedIPs = 192.168.1.3/32

[Peer]
PublicKey = **
PresharedKey = **
AllowedIPs = 192.168.1.4/32

I took the 7.0 branch as adviced here: https://github.com/runfalk/synology-wireguard/pull/71#issuecomment-791911263

I just ran everything due to some problems with windows and docker. Before i upgraded the DSM everything worked fine with compilation so im just wondering whats wrong.

runfalk commented 3 years ago

Your postup and down is wrong. It should be:

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

I can't say why your build isn't working though.

oschmidteu commented 3 years ago

@runfalk sorry for the stupid misstake, just found it out a few minutes ago. I compiled everything via an old mac and got the package working.

Just need a working config now, got some problems with the handshake but will check some of the issues to find a solution.

Thanks for your help.