Synology Capture a Synology Package during installation

This is an update of a previous post on this topic.

I noticed that since a recent update of DSM, my previous script was not working fine anymore, when trying to capture a spk during installation. So here is an improved version.

Click to Read More


#Copy also the expanded package ?

if [ -z "$VOLUME" ]; then
echo "usage: capture <source VOLUME> <target dir>"
exit 0

if [ -z "$TARGET" ]; then
echo "usage: capture <source VOLUME> <target dir>"
exit 0

if [[ ! $VOLUME =~ $pattern ]]; then
echo "The name of the source volume must be like 'volume<i>' where <i> is numeric"
exit 0

if [ ! -d "/$VOLUME/@tmp" ]; then
echo "Temporary dir not found: /$VOLUME/@tmp"
exit 0

if [ -d "/$VOLUME/@tmp/SynoCapture" ]; then
rm -R "/$VOLUME/@tmp/SynoCapture"

if [ -d "/$VOLUME/@tmp/@synopkg" ]; then
rm -R "/$VOLUME/@tmp/@synopkg"

echo "Press any key to stop the capture"

if [ -t 0 ]; then stty -echo -icanon -icrnl time 0 min 0; fi

echo "Going to copy the packages into $TARGET/SynoCapture"

if [ ! -d "$TARGET/SynoCapture" ]; then
mkdir "$TARGET/SynoCapture"

while [ "x$keypress" = "x" ]; do
if [ -d "/$VOLUME/@tmp/@synopkg/@download/" ]; then
cp -nlR "/$VOLUME/@tmp/@synopkg/@download/." "/$VOLUME/@tmp/SynoCapture/"

if [ "$COPYEXPAND" = true ]; then
if [ -d "/$VOLUME/@tmp/pkginstall/" ]; then
cp -nlR "/$VOLUME/@tmp/pkginstall/." "/$VOLUME/@tmp/SynoCapture/pkginstall/"
let count+=1
echo -ne $count'\r'
keypress="`cat -v`"

if [ -t 0 ]; then stty sane; fi

find "/$VOLUME/@tmp/SynoCapture/" -type f -name '@SYNOPKG_DOWNLOAD_*' -exec sh -c 'x="{}"; mv "$x" "${x}.spk"' \;
if [ "$COPYEXPAND" = true ]; then
if [ -d "$TARGET/SynoCapture/pkginstall" ]; then
rm -R "$TARGET/SynoCapture/pkginstall"
cp -fR "/$VOLUME/@tmp/SynoCapture" "$TARGET/"
rm -R "/$VOLUME/@tmp/SynoCapture"

echo "$count captures done"
exit 0

Now the script will copy only the SPK file into the specified target folder. It's also possible to copy the expanded version by setting the variable COPYEXPAND=true

Also, now, I don't find anymore a folder name "pkglist.tmp" containing files synoserver.enu and otherserver.enu. Those files used to contain the URL's of all SPK available respectively on the official Synology website and on the various SPK servers that you configured in your Package Center > Settings > Package Sources.

To make the capture even easier, I have create a Package named "MODS Package Capture, available on my SPK Server and published on GitHub.

Synology Can't install/uninstall/repair Synology Virtual Machine Manager - Upgrade DSM not possible

I was unable to upgrade my DSM from 6.1.7 to 6.2.1 because it was pretending to be member of a Virtual Machine Manager cluster. Which was not correct as Virtual Machine Manager was not installed 'anymore'.

Click to Read More

I used to test the beta version of Virtual Machine Manager a long time ago. But since a while, Virtual Machine Manager is not installed anymore on my Synology and it was clearly visible neither in the DSM menu nor in the Package Center.

Unfortunately, for some unknown reasons, my DSM thought that it was still part of Virtual Machine Manager cluster. As a consequence I was getting the following warning when upgrading my DSM: "This device is part of a Virtual Machine Manager cluster. Other hosts in the Virtual Machine Manager cluster will also need to be updated".

Trying to upgrade was always failing (without breaking my DSM, fortunately).

I initially thought it could possibly be due to the network Bond I did create. So I tried to remove it via Control Panel > Network. But it failed with the message : "Creating or deleting this bond is prohibited because the operating interfaces includes the cluster interface of Virtualization. Please shutdown these quests and try again: {0}. Creating or deleting the bond is prohibited because of abnormal status of Virtualization cluster, please go to Virtual Machine Manager see the details."

Based on this message, and since it was not installed anymore, I tried to reinstall the Virtual Machine Manager. Unfortunately, the installation was failing and the package was stuck in a "repair" status.

Being unable to 'repair' it by clicking on the "Repair" button, I tried to uninstall it. This was also failing, with the following message: "You cannot remove this package because this Synology NAS is a part of a Virtual Machine Manager Cluster. Please remove the host from the cluster to proceed."

Argh !!!

Bref... I tried to 'erase' the package using my own Package Manager (See my SSPK server). It's doing something similar to the trick explained here to delete all files related to the 'Virtualization' package.

Once the package fully erased, I did reinstall it again but still without any success... And again it was stuck in a "repair" status and I was unable to uninstall it properly.


As I couldn't find any config file where I could see that my NAS was a member of a Virtual Machine Manager cluster, I tried to fix myself the installation of the package. I couldn't really fix it (I couldn't see which step of which installation or upgrade script was failing). But I have been able to force the installation to complete by deleting the file '/var/packages/Virtualization/installing'.

Next, the package Virtual Machine Manager appeared in status 'Installed' but 'stopped'. I was however able to "Start" it without any problem !! I could see in this Manager that my NAS indeed used to be configured as a member of cluster.

And, miracle (even without deleting the cluster), running now the upgrade of my DSM finally succeeded !!!

After the upgrade, I did remove my NAS from the cluster.

Et voilà.

[PS] I did use the Virtual Machine Manager a long time ago to test how Windows was running in a VM. It was a bit too slow for me so I did remove the Virtual Machine Manager. Probably that the cluster was not deleted at that time. Hence all the problems here above.

[Edit] Once the DSM upgraded, I did delete the Virtual Machine Manager cluster. But as a consequence, I did lost all connections onto the NAS (ftp, web, plex, ssh, ...). I was only able to see the NAS using the Synology Assistant. TO solve the problem I did shutdown the NAS by pressing the power button for a long period. After the reboot, everything as working fine. No, starting the Virtual Machine Manager, it starts a wizard to create a new cluster.

Synology Search for file on Linux using grep and find

Search for files containing a certain text, on my Synology, ignoring warnings like ' Permission denied'

Click to Read More

Just a note for myself... as I always forgot the syntax :/

Using grep only

grep -rnlw '/path/to/somewhere/' -e 'pattern' 2>/dev/null

grep -rnlw 'text' '/path/to/somewhere/' 2>/dev/null

  • -r or -R is recursive,
  • -n is line number, and
  • -w stands for match the whole word.
  • -l (lower-case L) can be added to just give the file name of matching files.

Using find

find '/path/to/somewhere/' -type f -exec grep "text" '{}' \; -print

Synology Find and kill all tasks running for a service/package on a Synology

I wanted to kill all tasks running on my Synology for a package before uninstalling this one. Here is the how-to:

Click to Read More

The tasks running for a service are all listed in /sys/fs/cgroup/cpuacct/[the service]/tasks

The service can be pgsql, nginx, nmbd, ftpd, sshd, ... or synotifyd, synologd, synobackupd, ... or a package like pkgctl-CloudSync, pkgctl-AudioStation, pkgctl-SurveilanceStation, ...


  • To see all tasks running for Synology's StorageAnalyzer, type something like: cat /sys/fs/cgroup/cpuacct/pkgctl-StorageAnalyzer/tasks
  • To kill all those tasks, type something like: for task in $(cat /sys/fs/cgroup/cpuacct/pkgctl-StorageAnalyzer/tasks); do kill $task; done

Synology License and installation wizard not shown when installing Synology Package

I noticed this morning that my Synology is not showing the License and the Installation Wizard anymore when installing my own Packages (Packages made with my app MODS and hosted on my own SSPK Server).

Click to Read More

I am not yet able to understand why the Installation Wizards and the Licence file of my own packages are not shown anymore, when installing them from my SSPK server via "Package Center" > "Community". But everything works fine when installing them "Manually" via "Package Center" > "Manual Install" (and browsing to pick the spk into the folder of my SSPK server).

The Upgrade Wizards and even the "Confirm settings" screen are also not displayed... While the Uninstallation Wizard works fine in all cases ?!

My DS1815+ is running DSM 6.1.7-15284.

I have compared all the logs created in /var/log/ during the installation and noticed a few differences. First, when installing a package from my SSPK server, there are 'messages' being logged:

2018-11-03T22:26:05+01:00 ... synoscgi_SYNO.Core.Package.Installation_1_install[21663]: resource_api.cpp:163 Acquire service-cfg for [the package I am installing] when 0x0001 (done)

This is logged each time I am installing a package from my SSPK Server but not when install the same package manually.

Next to those messages, the following INFO are also logged in synofeasibilitycheck.log:

2018-11-03T22:25:50+01:00 ... synoscgi_SYNO.Core.Package_1_feasibility_check[21529]: feasibility_check.cpp:87 FeasibilityCheck: [Info] Start feasibility check [package_install] with type [hard].
2018-11-03T22:25:50+01:00 ... synoscgi_SYNO.Core.Package_1_feasibility_check[21529]: feasibility_check.cpp:106 FeasibilityCheck: [Info] [0] of feasibility check [package_install] failed.
2018-11-03T22:25:50+01:00 ... synoscgi_SYNO.Core.Package_1_feasibility_check[21529]: feasibility_check.cpp:79 FeasibilityCheck: [Info] No [package_install] feasibility check config with type [soft].


Synology How to backup Photo from a mobile onto a Synology

I used to rely on DS Cloud to backup my complete Android mobile onto my Synology (both internal and external storage). But after Android 4.4.x, the files must be stored under /storage/<your external sd>/Andoid/data/com.synology.dsclooud/files. It means DS Cloud may not backup the DCIM folder locate on the external SD.

The solution is to get rid of DS cloud and use DS File or DS Photo - or a third party, but this a less preferred option for me...

Click to Read More

DS Photo

It has a feature to backup all photos from a mobile (Android or iOS) into one folder/album of the Photo Station. But it means that Photo Station must be installed.

See documentation here (loo for Upload and Download Photos).

It's really slow because it needs to create the thumbnails, etc... for Photo Station and seems even to stop from time to time. You have to open it to check that it runs effectively.

Pay attention to not check the option that frees space. It will deleted the photos on your mobile after the upload.

NB.: It also backup movies ("You can upload photos or videos from ..."), but does not seem to do it as long as all photos are not yet uploaded. Many old videos were not yet uploaded onto my Synology although photos with the same age were already processed. And after the backup of 1000th of photos, I finally saw a long list of videos being uploaded.

DS File

It has a feature to backup all photos and videos into any subfolder of a shared drive. As far as I am concerned, I do backup into a subfolder of my "home" on the Synology.

See documentation here (look for Backing up Photos and Videos).

Pay attention to not check the option that frees space. It will deleted the photos and movies on your mobile after the backup.

DS File can backup photos and videos from all detected locations containing media: DCIM (external storage), Office Lens, PhotosEditor, WhatsApp Images, WhatsApp Video. But you may not specify yourself a custom folder. It's nevertheless the best option to backup all media in my opinion.

Attention, I noticed that DS File consumed a lot of power during the first backup, so it was suggested to be put in deep sleep mode. But doing that stops the backup background process. Compared to DS Photo, it's quite exactly the same behavior and configuration but one can chose the target folder on the Synology. Also, it is much faster (as it does not have to create anything for the Photo Station) and backup all videos and photos simultaneously.


There is now a new application, named Synology Moment, which also comes with a Backup feature for photos and videos, similar to Photo Station. I didn't test it yet.

(Synology Moment is combined with Synology Drive, an application replacing Cloud Station Server)

SynologyWordpress Solve a 504 Gateway Time out nginx with WordPress on Synology

Recently, accessing WordPress on my Synology started to result in "504 Gateway Time out nginx" errors.

I found the solution here.

Click to Read More

  1. Open a ssh console using Putty as explained here.
  2. Enter root mode by typing: sudo -i
  3. cd /etc/nginx/
  4. chown -hR http:http conf.d/
  5. cd conf.d
  6. vi www.WordPress.conf
    1. Add: proxy_connect_timeout 600;
    2. Modify: proxy_read_timeout 600;

Synology Synology: how to get MAC address from IP address and vice versa

Here is how to retrieve the IP address of devices in the same LAN as your Synology, based on their a MAC addresses, and vice-versa.

Click to Read More

I am using a php script to executes various bash scripts. it requires the package inetutils that can be installed using ipkg. Type in a ssh console run as root: /opt/bin/ipkg install inetutils

//Clean all MAC addresses from ARP table
function FlushArpTable()
    //only work if run as root
    $flush = exec("ip -s -s neigh flush all");

//Return 1 if the given $ip is a local one
function IsLocalIp($ip)
    //Get all local IP address from ifconfig
    //$localIp = `ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v ''`;
    $localIp = exec("ifconfig | grep -o $ip");
    return ($localIp == $ip);

//Ping $ip using inetutils (only this one works when not run as root)
//return -1 if package inetutils is not installed (can be done using ipkg)
function Ping($ip)
    $ping = exec("if [ -f /opt/bin/ping ] ; then /opt/bin/ping -c1 $ip; echo 1; else echo -1; fi");
    return $ping;

//Return MAC address related to the given $ip address in ARP table or ifconfig
//Ping the $ip if MAC is not found and $force=1
//NB.: Synology local ip are not added in the ARP table, hence the use of ifconfig
function GetMacFromArp($ip, $force = 1)
    if (filter_var($ip, FILTER_VALIDATE_IP)) {
        // Look into the arp table for the MAC address linked to the given ip address
        $mac = exec("arp -a $ip | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'");
        $mac = trim($mac);
        if ($mac == "") {
            //if the ip is not in the ARP table, look for it via ifconfig
            $mac = `ifconfig | grep -E "HWaddr |inet |^$" | awk '$1=$1' ORS="\n\n" RS="\n\n" | grep $ip | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'`;
            $mac = trim($mac);
        if ($mac == "" && $force == 1) {
            echo "? ";
            $mac = GetMacFromArp($ip, $force = 0);
        } else if ($force == 1) {
            echo "! ";
    return $mac;

//Return ip address related to the given $mac address in ARP table or ifconfig
//NB.: Synology local ip are not added in the ARP table, hence the use of ifconfig
function GetIpFromArp($mac)
    if (filter_var($mac, FILTER_VALIDATE_MAC)) {
        // Look into the arp table for the ip linked to the given mac address
        $ip = exec("arp -a | grep $mac | grep -o -E '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b'");
        if ($ip == "") {
            // if no ip found in the arp table, look for it into the ifconfig
            $ip = exec("ifconfig | grep -E 'HWaddr |inet |^$' | awk '$1=$1' ORS='\n\n' RS='\n\n' | grep $mac | grep -o -E 'addr:\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' | grep -o -E '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b'");
    return $ip;

function DisplayMac($ip)
    if (filter_var($ip, FILTER_VALIDATE_IP)) {
        $mac = GetMacFromArp($ip);
        if (filter_var($mac, FILTER_VALIDATE_MAC)) {
            echo "MAC of $ip is " . $mac;
            if ($ip != GetIpFromArp($mac)) {
                echo " (? " . GetIpFromArp($mac) . " ?)";
        } else {
            echo "MAC of $ip is unknown";
        if (IsLocalIp($ip)) {
            echo " (a local IP)";
        echo "<br/>";

// Check if  ping works
if (Ping("") == -1) {
    echo "You have to install inetutils. Ex.: using ipkg";
} else {
    //clean the arp table (only work when run as root)
    //Display the mac address of an ip in the LAN
    //get ip of all local interfaces
    $localIps = split("\n", `ifconfig | awk '/inet addr/{print substr($2,6)}'`);
    foreach ($localIps as $ip) {

Synology Synology: System internal service [apparmor] failed to start

Since I have upgraded my DSM 6.1.4 to the latest update, I have this error : "System internal service [apparmor] failed to start."

I did contact Synology ans the only solution is to reintall the DSM

Click to Read More

To confirm the problem, open a SSH console and enter the root mode as explained here.

In that console, type: synoservice --is-all-up

You should see that the apparmor service didn't start properly after the reboot:

root@YourNas:~# synoservice --is-all-up
service [ "apparmor" ] failed on bootup.


Here is the answer from Synology

Good evening,


thanks for contacting the Synology technical support and sorry for the late reply, we're having an high volume of ticket.

We're aware of this issue, did you recently update your DSM?

Anyway, I'm sorry but you will have to reinstall DSM to fix this issue, please take a full backup of your Data using "Hyper backup" or "Cloud Sync".

After that navigate to Control Panel -> Update and Restore -> Configuration Backup -> Backup Configuration-> Reset -> Erase all Data

Reinstall DSM and restore Configuration and Data.
Take in mind that the response time might be delayed a bit because of the high amount of Ticket that we received.

Thanks for your understanding and for your patience.
If you have any other question or doubt, don't hesitate to contact me back.

Best regards,

Technical support FR

Synology Unattended GPG key generation to sign Synology Packages

I am going to add a feature in my own version of SSPKS to sign Synology packages. But to do this, I need a way to create GPG key from a non-interactive script.

Click to Read More

I found the required documentation here and a sample here. I did adapt that sample to:

  • not require a passphrase as mentioned in the Synology documentation. This would break the build process.
  • to generate some entropy without the rng-tools (not available out-of-the-box for Synology)

Obviously, you need gpg. I am using gpg2 made available by installing the package gpgme via ipkg as explained here.

Create keys in your personal key rings

First, put the parameters to be used by gpg into a file named 'gpgKey' (don't forget that it must be linux compliant => not CRLF (/r/n) but only LF (/n)*). Here under, I am using RSA 2048. Use your own name, comment and email address.

Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Type Here your name
Name-Comment: Type Here some comment
Name-Email: Type Here your email
Expire-Date: 0

Next, save the following script in a file named '' (don't forget about CRLF ;) )

#!/usr/bin/env bash
if [ ! -f ~/.gnupg/gpg.conf ]; then
mkdir -p -m 0700 ~/.gnupg
touch ~/.gnupg/gpg.conf
chmod 600 ~/.gnupg/gpg.conf
tail -n +4 /opt/share/gnupg/gpg-conf.skel > ~/.gnupg/gpg.conf

touch ~/.gnupg/{pub,sec}ring.gpg

#generate some entropy
(dd if=/dev/zero of=/dev/null) & pid=$!

#generate the key (and a folder to be used later ;)
mkdir -p -m 0700 gpg
gpg2 --verbose --batch --gen-key ./gpgkey

#kill the entropy generator
kill $pid

Then, move those two files into a public shared folder of your Synology. Ex.: '\\<Your Nas>\temp'

And open a ssh console as explained here (no need to enter the root mode) to go into the shared folder: cd /var/services/temp

Finally, here is the output you should see when running your script: sh

gpg: skipping control `%no-protection' ()
gpg: writing self signature
gpg: RSA/SHA1 signature from: "1418FFE0 [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "1418FFE0 [?]"
gpg: RSA/SHA1 signature from: "71C22B00 [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "1418FFE0 [?]"
gpg: RSA/SHA1 signature from: "71C22B00 [?]"
gpg: writing public key to `/var/services/homes/<current user>/.gnupg/pubring.gpg'
gpg: writing secret key to `/var/services/homes/<current user>/.gnupg/secring.gpg'
gpg: /var/services/homes/<current user>/.gnupg/trustdb.gpg: trustdb created
gpg: using PGP trust model
gpg: key 1418FFE0 marked as ultimately trusted

The keys are now stored into your home's gpg folder: ls ~/.gnupg/

You can check that the key id displayed above are stored using:

  • gpg2 --list-keys

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/var/services/homes/<current user>/.gnupg/pubring.gpg
pub 2048R/1418FFE0 2017-12-26
uid Your Name (Your Comment) Your Email Address
sub 2048R/71C22B00 2017-12-26

  • gpg2 --list-secret-keys

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
/var/services/homes/<current user>/.gnupg/secring.gpg
sec 2048R/1418FFE0 2017-12-26
uid Your Name (Your Comment) Your Email Address
ssb 2048R/71C22B00 2017-12-26

*: the trick to replace all CRLF by LF is to edit the file with notepad++, use the menu Encoding > Convert to UTF-8, and next do CTRL-H to search and replace /r/n with /n using the search mode = Extended. You can finally check that there is no more CRLF by using the menu View > Show Symbol > Show End of Line.

NB.: the script could be a bit slow if there is not enough entropy (up to 45sec on my NAS)... (to download a big file within the download station can help ;)

You can now export your public key using either your name, your email or the key id (from illustration here above, the key id is 1418FFE0): gpg2 --armor --export 1418FFE0 > gpgkey.asc

This file 'gpgkey.asc' must be copied in the root folder of your SSPKS server, so it will automatically be added as a trusted publisher for anyone who is adding your SSPKS url in his list of "Package Sources".

Now, assume that you have the package to be signed (a spk file) and the 'CodeSign.php' script from Synology's toolkit (it can be downloaded from github) in the same shared folder 'temp' used previously... Then, you can sign this package using: php CodeSign.php --sign=YourPackage.spk --keydir=~/.gnupg --keyfpr=1418FFE0

Create keys in specific key rings

Instead of using your personal key rings, you could prefer to store your keys in a dedicated folder... To do so, you can use the following parameters in your gpgKey file:

Key-Type: RSA
Key-Length: 2048
Subkey-Type: RSA
Subkey-Length: 2048
Name-Real: Type Here your name
Name-Comment: Type Here some comment
Name-Email: Type Here your email
Expire-Date: 0
# Write public key into a file pub.gpg
%pubring gpg/pubring.gpg
# Write secret key into a file sec.gpg
%secring gpg/secring.gpg

Once the script executed, you will find two files pubring.gpg and secring.gpg in the folder gpg (created by the script that run in /var/services/temp/).

gpg: Generating a basic OpenPGP key
gpg: skipping control `%no-protection' ()
gpg: writing public key to `gpg/pubring.gpg'
gpg: writing secret key to `gpg/secring.gpg'
gpg: writing self signature
gpg: RSA/SHA1 signature from: "F93A0789 [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "F93A0789 [?]"
gpg: RSA/SHA1 signature from: "8AAC41CF [?]"
gpg: writing key binding signature
gpg: RSA/SHA1 signature from: "F93A0789 [?]"
gpg: RSA/SHA1 signature from: "8AAC41CF [?]"

You can now sign your package using: php CodeSign.php --sign=YourPackage.spk --keydir=/var/services/temp/gpg --keyfpr=F93A0789

You can also check your keys using:

  • gpg2 --no-default-keyring --secret-keyring ./gpg/secring.gpg --keyring ./gpg/pubring.gpg --list-secret-keys
  • gpg2 --no-default-keyring --secret-keyring ./gpg/secring.gpg --keyring ./gpg/pubring.gpg --list-keys

And you can export your public key to be used in your SSPKS using:

  • gpg2 --no-default-keyring --keyring ./gpg/pubring.gpg --armor --export F93A0789 > gpgkey.asc

Create keys with a passphrase

In order to provide a passphrase, replace '%no-protection' in the parameters file with:

Passphrase: Type Here your passphrase