Debian Chroot on Synology NAS

I have been struggling to use the ipkg packages on a Synology DS215j, specifically with gcc.  Luckily Debian Chroot is available as a community package and can be used as an alternative as it gives access to apt-get and all related packages.  For details on
the community package, see https://synocommunity.com  The package comes with a minimal installation guide at https://github.com/SynoCommunity/spksrc/wiki/Debian-Chroot
I started looking for some more instructions and found this very useful blog post:
http://www.hang321.net/en/2014/08/16/debian-chroot-on-dsm/ However the blog post seems to be translated from Chinese and I had to read it a couple of times to understand it all.  That’s why I have included my own translation below.

Please note: for all commands, make sure you select the whole line: the width of this blog is much narrower than the length of the command and so not all text is shown.

Update: the instructions below were written for DSM 5.  It is my understanding that the root access in DSM 6 has changed, and the commands might be slightly different for DSM 6.  If indeed you get permissions error because of using an administrative user instead of root user, you can elevate your permissions by using ‘sudo’ when needed.

Setting up chroot
First make sure you have SSH access to your DS using the included SSH service, instructions on this are easily available.  Next you need to add the community package source in DSM.  In the Package Sources tab, click Add, type SynoCommunity as Name and http://packages.synocommunity.com/ as Location and then press OK to validate.  Now the Debian Chroot package is available and you can install it.  The community Python package is a requirement and the package manager will ask for permission to install it. After the package is installed, the package will automatically install the necessary files on your filesystem. The status of this installation can be tracked within the package application on the DSM web interface.  After the installation is completed you should log in the DS via SSH as root.

Follow the default instructions as included with the Debian Chroot package:

Use the following command:

/var/packages/debian-chroot/scripts/start-stop-status chroot

The start-stop-status script has four options: start, stop, status and chroot. Start will start the services related to your chroot environment, stop will stop them, chroot will change your non-chrooted shell to a chroot environment and status will let you know if the chroot related services are started or not.

On the first use, it is recommended to perform some configuration operations:

Update: type in the chroot environment

apt-get update
apt-get upgrade

Locales: type

apt-get install locales
dpkg-reconfigure locales

I expect a UTF-8 choice for your language is the typically the one to choose.
Timezone:

execute dpkg-reconfigure tzdata

Setting up the SSH service for chroot
I prefer to SSH into the chroot directly, instead of SSH into the normal environment and then run the start-stop-status chroot command. For this to work you need to install a SSH server within the chroot environment:

Install the SSH server:

apt-get install ssh

Edit the configuration file: /etc/ssh/sshd_config in order to change the port number so it’s not also running on the standard 22 port like the DS included SSH server. For example, change the value 22 in the config file to 2222. I use nano in the below commands, you can change nano to your preferred/available editor

nano /etc/ssh/sshd_config

After that, open the Debian Chroot package in the DSM web interface. On the left hand click on services. Next click on Add and put the name SSHD, the launch script /etc/init.d/ssh and the status command ps -p $(cat /var/run/sshd.pid) After this you can start the service and the status should change to running.

Setup users in the chroot
The chroot will not have the existing users configured automatically. The below steps can be repeated for every user you want to give access to the chroot. In the non-chroot environment run the following command two commands, where username is the username of the user you would like to migrate:

id -u username
id -g username

These commands will give you the user id and group id of the user respectively. Then change to the chroot environment to run the following command where XXXX is the user id, YYYY is the group id and username is the username of the same user:

adduser username --uid XXXX --gid YYYY --home /home/username

I also recommend you add this user to the sudoers group so you can use sudo instead of setting up root user:

apt-get install sudo
adduser username sudo

By mounting the home folder in the chroot, you can share the home folders between your two environments (make sure you actually have a home folder: In DSM goto Control Panel > User > Advance, “Enable user home services”). The start-stop-status includes details on which paths to mount in the chroot. Make sure you are in the non-chroot environment (still as root user) and edit the script:

nano /var/packages/debian-chroot/scripts/start-stop-status

Go to the section that starts with # Make sure we don't mount twice and add the following directly below the code related to /dev/pts

grep -q "${CHROOTTARGET}/home " `realpath /var/services/homes` || mount -o bind `realpath /var/services/homes` ${CHROOTTARGET}/home

Secondly, make sure this mount is unmounted on stopping the chroot. In the same file go to the section that starts with # Unmount and add:

umount ${CHROOTTARGET}/home

Then run the following command:

/var/packages/debian-chroot/scripts/start-stop-status start

After this you should be able to SSH into the chroot directly from any other machine with SSH client :

ssh -p 2222 username@diskstation

(diskstation is either the hostname or ip address of your DS)
The original non-chroot environment is still available through ssh username@diskstation .
Optional: since the chroot environment is using bash and the original non-chroot environment ash, you can quite easily setup two different profiles (.profile and .bash_profile) to make it easy to recognise which environment you are working in. For example, in .profile I use the following prompt:

PS1="`whoami`@`hostname | sed 's/\..*//'`:\w"

While in .bash_profile I use:

PS1="chroot@`hostname | sed 's/\..*//'`:\w"

Optional: mount volumes in chroot
In addition to the home folder you can also mount your volume(s) so that all stored data is accessible. This step is just repeating the same as what we did for the home folder, with replacing the references with the details on the volume information:

grep -q "${CHROOTTARGET}/volume1 " /volume1 || mount -o bind /volume1 ${CHROOTTARGET}/volume1

and

umount ${CHROOTTARGET}/volume1

You can repeat this for volume2, volume3, etc if needed.

Advertisements

42 thoughts on “Debian Chroot on Synology NAS

  1. Thanks for the instructions. The only issue I am having is attempting to mount volume1.
    I simply get No such file or directory.
    du -h does show it exists etc.
    Any help would be greatly Appreciated
    !

  2. 1) Running dpkg-reconfigure tzdata does not require execute
    2) Mounting should have grep looking through /proc/mounts, not the fancy reference to the directory itself, so
    grep -q “${CHROOTTARGET}/home ” `realpath /var/services/homes` || mount -o bind `realpath /var/services/homes` ${CHROOTTARGET}/home
    should be
    grep -q “${CHROOTTARGET}/home ” /proc/mounts || mount -o bind `realpath /var/services/homes` ${CHROOTTARGET}/home
    3) In like manner,
    grep -q “${CHROOTTARGET}/volume1 ” /volume1 || mount -o bind /volume1 ${CHROOTTARGET}/volume1
    should be
    grep -q “${CHROOTTARGET}/volume1 ” /proc/mounts || mount -o bind /volume1 ${CHROOTTARGET}/volume1
    4) Noob comment: “start-stop-status chroot” gives me a bare environment that does NOT have the volumes mounted. That understanding took a while.
    5) Under DSM 6.0, I haven’t found how to open port 2222 nor how to “Add Service” so I can ssh into the debian-chroot environment directly as documented in the original post.
    !) Thanks for your post and translation

    1. I have exactly the same problem in DSM 6.0. I can’t get sshd starting, and thus I can’t ssh directly into chroot. Any solution available?
      Besides that, great post!!!

    2. There seem to be a number of issues with the community packages and DSM 6.0 at the moment, which I am sure will be sorted out. I also face this problem with Debian Chroot UI and DSM 6.0.

      Thanks for the suggested changes.

  3. Thanks very much for this translation/rewrite. I’ve got this all set up nicely on DSM 6.0 using DebianChroot 8.1-6

    On DSM 6 you can only ssh into synology using a user in the administrators group, not as root or a normal user. When I migrated my user account to the chroot environment I duplicated all of the groups, not just the primary one (and sudo). To see all the groups your user belongs to run
    > id username
    Then, if your chroot user needs adding to any run
    > adduser username groupname
    If any group doesn’t exist then you need to do
    > addgroup groupname

    I don’t know for sure if this is the issue others are having, but mine is working nicely.

    Other points:
    – Echo above comments RE ‘execute’ and the mounts
    – You need to start/stop the chroot as root/sudo or the mounts won’t work
    – When setting locale with dpkg-reconfigure make sure you select the locale with ‘space’, don’t just press enter, you’ll get lots of warnings about missing locales and get frustrated *sigh*. Run locales -a to check which ones you have installed. If you don’t see the one you want – do dpkg-configure properly.
    – Some people think having ssh on non-privileged ports is a bad idea ™ – that’s up to you but it might be worth considering.
    – Having set up the ssh service using the DMS web-app, I now am having trouble getting that console to start. It doesn’t really matter now, just a bit annoying.

    1. One more comment – I use bash for both the syno box and my chroot environment and I wanted to change my prompt depending on which one I was using – since my home directory is mounted this has to be done in the same .bashrc file.

      The solution I found was to use the root inode test (see this StackOverflow question for discussion, this is fine for my needs and probably anyone using a NAS like this)

      if [[ $(ls -di / | grep -o -E ‘[0-9]+’) != 2 ]]
      then
      #chrooted
      PS1=*Chroot prompt here *
      else
      #box
      PS1=*Normal prompt here*
      fi

    2. Hi psaunders, thanks for sharing your experience. But just to make clear, you managed to set up Debian-chroot in DSM 6.0 so that you can ssh directly into chroot?
      I think most people have trouble with this part of Mark’s description:
      “After that, open the Debian Chroot package in the DSM web interface. On the left hand click on services. Next click on Add and put the name SSHD, the launch script /etc/init.d/ssh and the status command ps -p $(cat /var/run/sshd.pid) After this you can start the service and the status should change to running.”
      Apparantly Debian-chroot has some problems with DSM 6.0 (see here: https://github.com/SynoCommunity/spksrc/issues/2207 and search for ‘chroot’). So for my part, I can’t even get the ssh server running in chroot, and therefore I get ‘ssh: connect to host ip-of-my-diskstation port XXXX: Connection refused’
      So if you managed to get past that point, any help is greatly appreciated.

      1. Hi, yes, I have it set up so that I can SSH directly into the chroot environment.

        I too have found that the DebianChroot package won’t open in the DSM web interface, but once it’s installed I don’t think you really need it – you can do everything over ssh to the non-chroot environment and then use
        > sudo /var/packages/debian-chroot/scripts/start-stop-status chroot
        to set up ssh. Install ssh using apt-get and then make sure you have the daemon script in /etc/init.d and edit the /etc/ssh/sshd_config file to set the port to whatever you want (e.g. 32, 122, 2222, whatever).

        Then exit the chroot environment and restart it, checking that it is stopped successfully.
        > exit
        > sudo /var/packages/debian-chroot/scripts/start-stop-status stop
        > sudo /var/packages/debian-chroot/scripts/start-stop-status status
        > sudo /var/packages/debian-chroot/scripts/start-stop-status start

        Then you should set up your user account. I set mine up with the same name as my synology account so I get the same home directory and it uses the same .ssh/authorized_keys file.

        Hope that helps, if that doesn’t work I’m not sure what else to suggest.

      2. It works! Thanks all for the help.
        I just had to run ‘/etc/init.d/ss start’ inside chroot to actually start the ssh server.
        Only one thing that still bothers me a little bit. After a restart of my diskstation, I have to restart the ssh server in chroot manually before I can ssh into chroot.

      3. re ElCattivo’s success: ‘/etc/init.d/ssh start’ does claim to be starting ssd, but then querying the status shows it is not running.

        This is a new install of debian-chroot (updated to 8.4-7).on a new install of DSM 6.0. I’ve opened the port on the firewall. Do I need to manually restart the firewall after changes?

        I suspect new installs are still missing some infrastructure.

      4. I also updated Debian-chroot, but could not see any differences. The GUI is still broken and doesn’t start the ssh server after reboot, I still have to do this manually. And at first I was confused, since the update overwrites the start-stop-status script, so you have to redo the mount edits.
        @mnpgui: I did not use the GUI at all, I normally ssh’d into my diskstation, then chroot, and inside chroot I run ‘/etc/init.d/ssh start’ once. After that, I can ssh directly into chroot. To check if ssh server in chroot is running, I followed http://www.ewhathow.com/2013/09/how-to-check-if-ssh-is-running-on-linux/ from outside chroot.

      5. I have removed my debian chroot at the moment, so I can’t verify the following:
        When I still had debian chroot installed, it did start on boot of the DS, however I couldn’t add new services in the web interface. I expect since it does start, you can add your own services in /etc/rc.local instead of the web interface . Again, I am not able to verify this at the moment but would be simple enough to test.

  4. I’m just wondering, does uninstalling this from the Package Center cleans everything up or should I do anything else on top of it? I always like to know that I can revert an action before doing anything 🙂

  5. Hope someone is still awake in this thread. I installed debian-chroot fine, all is working, except I cannot get /volume1 or an external usb disk mounted. I edited the start-stop-status script according to @mnpguy’s edit as it didn’t mount the disk:
    grep -q “${CHROOTTARGET}/volume1 ” /proc/mounts || mount -o bind /volume1 ${CHROOTTARGET}/volume1

    It then cannot find /volume1 with this error:
    mount: mount point /volume1/@appstore/debian-chroot/var/chroottarget/volume1 does not exist

    Any ideas much appreciated!

    1. Ok, answering my own question. One first has to create the directory to mount onto, so mkdir /volume1/@appstore/debian-chroot/var/chroottarget/volume1

      1. Yes, above procedure worked for me. It looks like the mount failed, so you are looking at an empty mount folder?

  6. DSM 6 root login is diferent then DSM 5.2. Ssh login as admin. then type “sudo su -” without “”. Use same password as admin. You don’t have to use sudo and you don’t get permission errors.

  7. If you get: mount point /volume1/@appstore/debian-chroot/var/chroottarget/volume1 does not exist
    Just create a mount point: mkdir /volume1/\@appstore/debian-chroot/var/chroottarget/volume1
    Then restart chroot and see if the volume1 mounts. It worked for me.

  8. Hi.

    First of all – I am new in linux world.

    My DSM is 6.0.2.
    My debian-chroot is working.
    In DSM web console i can run debian-chroot small window with overview and services.
    I run putty and login to root.
    In folder /var/packages/debian-chroot/scripts try to execute start-stop-status chroot.
    But returned message is “-ash: start-stop-status: command not found”.
    ls -l says – start-stop-status exist in this folder.

    Can You help me ?
    Thanks.
    Darek

    1. I am stupid.
      Insted of execute directly /var/packages/debian-chroot/scripts/start-stop-status chroot I was trying to do so inside folder ……/scripts. An I think it is a difference.

      Darek

      1. I’m new to this as well and cant get start-stop-stauts to run as well. how did you end up making it work. Thanks.

  9. Thanks for your great guide. I have a few comments. First, do as mnpguy suggests in his comment, and change the mount lines accordingly. Secondly, you have to make sure that there are dirs called volume1, 2 etc.:
    234@234:/volume1/@appstore$ cd /volume1/@appstore/debian-chroot/var/chroottarget
    234@234:/volume1/@appstore/debian-chroot/var/chroottarget$ ls
    bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
    234@234:/volume1/@appstore/debian-chroot/var/chroottarget$ mkdir volume1

    Before I make that directory I got this error message:
    :~$ sudo /var/packages/debian-chroot/scripts/start-stop-status start
    Starting Debian Chroot …
    grep: /volume1/homes: Is a directory
    realpath: missing operand
    Try ‘realpath –help’ for more information.
    /var/packages/debian-chroot/scripts/start-stop-status: line 23: /var/services/homes: Is a directory
    mount: can’t find /volume1/@appstore/debian-chroot/var/chroottarget/home in /etc/fstab
    grep: /volume1: Is a directory
    mount: mount point /volume1/@appstore/debian-chroot/var/chroottarget/volume1 does not exist

    I think the author forgot to mention this step. The home directory mount works fine as it got set up with the ‘adduser’ step.

  10. Hi, thanks for the guide. I need help, I need to start cron automatically.
    I added in DSM web interface to start the cron service like this:
    NAME: CRON
    Script: /etc/init.d/cron
    Command: ps -p $ (cat /var/run/cron.pid)

    Restarting the NAS is blocked by Starting Services.

    1. The GUI of the chroot app is broken. We would have to work around it at the moment. Services init information is stored in a SQLite database. Consult a SQLite FAQ on how to query, insert, update and delete rows of data in a table of such a database.

      1. You would need to satisfy dependencies first. If your service needs others running – like syslog, for instance – start these beforehand. Compare to a native Debian installation, if possible.
      2. As admin on Synology: sudo sqlite3 /volume1/@appstore/debian-chroot/var/debian-chroot.db
      3. sqlite> INSERT INTO services VALUES (‘0’, ‘SSHD’, ‘/etc/init.d/ssh start’,’ps -p $(cat /var/run/sshd.pid)’);
      4. Verify with: sqlite> SELECT * FROM services;
      5. sqlite> .exit

      Proceed likewise with additional services to start. Don’t forget to raise the row ID (0 in the example above) for each entry. Double check the status command; if it does not return a valid process number, the chroot app WILL hang. To verify services, stop and start the chroot app via the Synology Package Center.

      HTH

  11. why is it when running the first command in the tutorial you get an error saying set:locale: LC_All: cannot change locale (en_US.utf8) and how do you fix this? Frustrating when you get stuck on the first step. Looks like the tutorial could be quite useful though.

    1. It is because locales are yet unconfigured inside the chroot. No showstopper, the system then falls back to it’s low-level default (C). Just proceed with the next four steps of the tutorial, “Update” and “Locales”. The two commands beneath the latter will fix the error. HTH

  12. When i try to mount volume1 it doesnt work,

    I type in mount and see this /volume1 on /volume1 type bind (bind)

    Any idea whats happening?

  13. I was able to get all this working, but one odd thing that seems to be occurring is – if I chroot (as root) from inside DSM the mount for /volume1 is there, any newly added users folders/files are there (.bashrc), but if i SSH from port 2222 as one of those users, their environment seems different; specifically the home/users folder doesn’t have the same files it in (.bashrc is missing), and the /volume1 mapping is different. Thoughts?

  14. I can’t find the Chroot package on my Syno DS 415. I’ve added the new package source for Syno Community but can’t see that package anyway.

  15. I had an issue with one of my services and uninstalled debian chroot and it cleared out all of my folders… I created the folders initially with file station and now I’m left with only the root folders in DSM. DSM is also marked as having almost all storage being available… Is there any way to recover the files? I’m trying UFS right now, but it’s recognizing my new debian chroot partition as a Btrfs and not detecting any older partitions (ext2/3/4 is also listed from DSM [2.37GB] and raw partition [1.99GB]) while my new brtfs is at 7447.25GB with my mirrored 2 8TB drives.

  16. better [ ! -d ${CHROOTTARGET}/home ] && mkdir -p ${CHROOTTARGET}/home
    before
    grep -q “${CHROOTTARGET}/home ” /proc/mounts || mount -o bind `realpath /var/services/homes` ${CHROOTTARGET}/home

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s