Mono: Fix TLS on DSM7

[publicarray]

Description

This should fix the trust store containing expired certificates in mono applications by using a different path. Dependent packages may need to be updated.

Fixes #5051

Checklist

• Build rule all-supported completed successfully
• New installation of package completed successfully
• Package upgrade completed successfully (Manually install the package again)
• Package functionality was tested
• Any needed documentation is updated/created

Type of change

• Bug fix
• New Package
• Package update
• Includes small framework changes
• This change requires a documentation update (e.g. Wiki)

[hgy59]

successfully installs and updates certificate store on DS-218+ with DSM 7.0.1 Update 1

2022/01/16 12:31:04     install mono 5.20.1.34-18 Begin preinst
2022/01/16 12:31:04     Begin reload_inst_variables
2022/01/16 12:31:04     End reload_inst_variables
2022/01/16 12:31:04     Begin initialize_variables
2022/01/16 12:31:04     End initialize_variables
2022/01/16 12:31:04     ===> Step preinst. USER= GROUP= SHARE_PATH=
2022/01/16 12:31:04     install mono 5.20.1.34-18 End preinst ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mkdir -p /volume1/@appstore/mono
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mkdir -p /volume1/@appstore/mono ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/rm -rf /volume1/@appstore/mono
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/rm -rf /volume1/@appstore/mono ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/package /volume1/@appstore/mono
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/package /volume1/@appstore/mono ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mkdir -p /var/packages/mono
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mkdir -p /var/packages/mono ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/touch /var/packages/mono/installing
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/touch /var/packages/mono/installing ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/INFO /var/packages/mono/INFO
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/INFO /var/packages/mono/INFO ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/scripts
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/scripts ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/scripts /var/packages/mono/scripts
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/scripts /var/packages/mono/scripts ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/WIZARD_UIFILES
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/WIZARD_UIFILES ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/WIZARD_UIFILES /var/packages/mono/WIZARD_UIFILES
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/WIZARD_UIFILES /var/packages/mono/WIZARD_UIFILES ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/conf
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/conf ret=[0]
2022/01/16 12:31:05     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/conf /var/packages/mono/conf
2022/01/16 12:31:05     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.3keote/conf /var/packages/mono/conf ret=[0]
2022/01/16 12:31:08     install mono 5.20.1.34-18 Begin postinst
2022/01/16 12:31:08     Begin reload_inst_variables
2022/01/16 12:31:08     End reload_inst_variables
2022/01/16 12:31:08     Begin initialize_variables
2022/01/16 12:31:08     End initialize_variables
2022/01/16 12:31:08     ===> Step postinst. USER= GROUP= SHARE_PATH=
2022/01/16 12:31:08     Begin save_wizard_variables
2022/01/16 12:31:08     End save_wizard_variables
2022/01/16 12:31:08     Begin syno_sync_var_folder
2022/01/16 12:31:08     End syno_sync_var_folder
2022/01/16 12:31:08     Begin service_postinst
2022/01/16 12:31:08     Mono Certificate Store Sync - version 5.20.1.34
2022/01/16 12:31:08     Populate Mono certificate store from a concatenated list of certificates.
2022/01/16 12:31:08     Copyright 2002, 2003 Motus Technologies. Copyright 2004-2008 Novell. BSD licensed.
2022/01/16 12:31:08     Importing into legacy user store:
2022/01/16 12:31:08     I already trust 0, your new list has 138
2022/01/16 12:31:08     Certificate added: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES
...                     ...
2022/01/16 12:31:09     Certificate added: C=US, O="thawte, Inc.", OU=Certification Services Division, OU="(c) 2008 thawte, Inc. - For authorized use only", CN=thawte Primary Root CA - G3
2022/01/16 12:31:09     138 new root certificates were added to your trust store.
2022/01/16 12:31:09     Import process completed.
2022/01/16 12:31:09     End service_postinst
2022/01/16 12:31:09     install mono 5.20.1.34-18 End postinst ret=[0]
2022/01/16 12:31:09     install mono 5.20.1.34-18 Begin start-stop-status start
2022/01/16 12:31:09     install mono 5.20.1.34-18 End start-stop-status start ret=[0]

[hgy59]

LGTM
don't forget to update SPK_REV

[publicarray]

Thanks but how on application launch (e.g. sonarr) can we tell the mono where to find the new tls store? http://docs.go-mono.com/?link=man%3Amono(1)

[publicarray]

Alternatively every mono app needs to do this and store a copy because it's now using the home/user directory

[bakerboy448]

Thanks but how on application launch (e.g. sonarr) can we tell the mono where to find the new tls store? http://docs.go-mono.com/?link=man%3Amono(1)

you shouldn't need to should you?

the fix that has been working is sudo /var/packages/mono/target/bin/cert-sync /etc/ssl/certs/ca-certificates.crt which this appears to do?

it'd be nice to get this merged and pushed so it stops the deluge of support requests and thousands of users with broken NASes due to the bug.

[publicarray]

No unfortunately sudo is no longer available for packages in DSM7

On top of that the default path Access to the path "/usr/share/.mono" is denied.

And needs root access so in this PR the path for DSM7 is changed to /var/packages/mono/var/.mono

The 2nd part that is missing is to tell sonarr aka mono on launch about it hence why it is WIP.

[hgy59]

this is not required as already added with GNU_CONFIGURE = 1

Suggested change

CONFIGURE_ARGS += --prefix=$(INSTALL_PREFIX)

[Stanzilla]

Any chance to get this shipped soon?

[publicarray]

Any chance to get this shipped soon?

No idea, did you test if it works? I would need to test this on an untouched DSM or reinstall one because I think I modified my /usr/share/.mono some time ago on my virtual DSM. No point shipping something that isn't proven to fix the issue.

[Stanzilla]

Any chance to get this shipped soon?

No idea, did you test if it works? I would need to test this on an untouched DSM or reinstall one because I think I modified my /usr/share/.mono some time ago on my virtual DSM. No point shipping something that isn't proven to fix the issue.

Ah sorry, I missed the fact that the CI uploads artifacts, I tested it and Sonarr still has the connection errors do I need an updated Sonarr package to test this as well?

[manubell]

Just did a test and did not seem to work for me.

My system setup:
NAS Model: DS218+
NAS Architecture: INTEL Celeron J3355
DSM version: DSM 7.0.1-42218

Steps exectuted:
Reproduce error

1. Installed Sonarr + Mono from package center -> Errors occur
2. Uninstalled Sonarr + uninstalled Mono

observe PR package
3. Installed mono_x64-7.0_5.20.1.34-18.spk from PR
4. Installed Sonarr -> Errors still occur

Sonarr logs example of 1 of the errors

System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.): 'https://services.sonarr.tv/v1/time' ---> System.Net.WebException: Error: TrustFailure (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED
  at /github/workspace/spk/mono/work-x64-7.0/mono-5.20.1.34/external/boringssl/ssl/handshake_client.c:1132
  at Mono.Btls.MonoBtlsContext.ProcessHandshake () [0x00038] in <effa5e2bda7548298f9faf7a677f5981>:0 
  at Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake (Mono.Net.Security.AsyncOperationStatus status, System.Boolean renegotiate) [0x000a1] in <effa5e2bda7548298f9faf7a677f5981>:0 
  at (wrapper remoting-invoke-with-check) Mono.Net.Security.MobileAuthenticatedStream.ProcessHandshake(Mono.Net.Security.AsyncOperationStatus,bool)
  at Mono.Net.Security.AsyncHandshakeRequest.Run (Mono.Net.Security.AsyncOperationStatus status) [0x00006] in <effa5e2bda7548298f9faf7a677f5981>:0 
  at Mono.Net.Security.AsyncProtocolRequest.ProcessOperation (System.Threading.CancellationToken cancellationToken) [0x000ff] in <effa5e2bda7548298f9faf7a677f5981>:0 
  at Mono.Net.Security.AsyncProtocolRequest.StartOperation (System.Threading.CancellationToken cancellationToken) [0x0008b] in <effa5e2bda7548298f9faf7a677f5981>:0 
   --- End of inner exception stack trace --

/var/log/packages/mono.log (this log is only the PR package installation)

2022/04/22 00:59:34     install mono 5.20.1.34-18 Begin preinst
2022/04/22 00:59:34     Begin reload_inst_variables
2022/04/22 00:59:34     End reload_inst_variables
2022/04/22 00:59:34     Begin initialize_variables
2022/04/22 00:59:34     End initialize_variables
2022/04/22 00:59:34     ===> Step preinst. USER= GROUP= SHARE_PATH=
2022/04/22 00:59:34     install mono 5.20.1.34-18 End preinst ret=[0]
2022/04/22 00:59:34     install mono 5.20.1.34-18 Begin /bin/mkdir -p /volume1/@appstore/mono
2022/04/22 00:59:34     install mono 5.20.1.34-18 End /bin/mkdir -p /volume1/@appstore/mono ret=[0]
2022/04/22 00:59:34     install mono 5.20.1.34-18 Begin /bin/rm -rf /volume1/@appstore/mono
2022/04/22 00:59:34     install mono 5.20.1.34-18 End /bin/rm -rf /volume1/@appstore/mono ret=[0]
2022/04/22 00:59:34     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/package /volume1/@appstore/mono
2022/04/22 00:59:34     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/package /volume1/@appstore/mono ret=[0]
2022/04/22 00:59:34     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/mkdir -p /var/packages/mono
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/mkdir -p /var/packages/mono ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/touch /var/packages/mono/installing
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/touch /var/packages/mono/installing ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/INFO /var/packages/mono/INFO
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/INFO /var/packages/mono/INFO ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/scripts
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/scripts ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/scripts /var/packages/mono/scripts
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/scripts /var/packages/mono/scripts ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/WIZARD_UIFILES
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/WIZARD_UIFILES ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/WIZARD_UIFILES /var/packages/mono/WIZARD_UIFILES
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/WIZARD_UIFILES /var/packages/mono/WIZARD_UIFILES ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/rm -rf /var/packages/mono/conf
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/rm -rf /var/packages/mono/conf ret=[0]
2022/04/22 00:59:35     install mono 5.20.1.34-18 Begin /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/conf /var/packages/mono/conf
2022/04/22 00:59:35     install mono 5.20.1.34-18 End /bin/mv -f /volume1/@tmp/pkginstall/extract.jYGNGx/conf /var/packages/mono/conf ret=[0]
2022/04/22 00:59:36     install mono 5.20.1.34-18 Begin postinst
2022/04/22 00:59:36     Begin reload_inst_variables
2022/04/22 00:59:36     End reload_inst_variables
2022/04/22 00:59:36     Begin initialize_variables
2022/04/22 00:59:36     End initialize_variables
2022/04/22 00:59:36     ===> Step postinst. USER= GROUP= SHARE_PATH=
2022/04/22 00:59:36     Begin save_wizard_variables
2022/04/22 00:59:36     End save_wizard_variables
2022/04/22 00:59:36     Begin syno_sync_var_folder
2022/04/22 00:59:36     End syno_sync_var_folder
2022/04/22 00:59:36     Begin service_postinst
2022/04/22 00:59:36     /var/packages/mono/scripts/service-setup: line 21: /cert-sync: No such file or directory
2022/04/22 00:59:36     End service_postinst
2022/04/22 00:59:36     install mono 5.20.1.34-18 End postinst ret=[0]
2022/04/22 00:59:36     install mono 5.20.1.34-18 Begin start-stop-status start
2022/04/22 00:59:36     install mono 5.20.1.34-18 End start-stop-status start ret=[0]```

[publicarray]

Thanks for the detailed log and information. Sorry that it doesn't work 😢

[mbnn]

Can this be merged pls? :)

[mreid-tt]

hey @publicarray, as #5604 is now merged and published I believe this PR can be closed.

[mreid-tt]

Closing this PR as it has been superseded by #5604.