Blame SPECS/chrony.spec

48ea54
%global _hardened_build 1
48ea54
%global clknetsim_ver 71dbbc
48ea54
%bcond_without debug
48ea54
48ea54
Name:           chrony
48ea54
Version:        3.2
48ea54
Release:        2%{?dist}
48ea54
Summary:        An NTP client/server
48ea54
48ea54
Group:          System Environment/Daemons
48ea54
License:        GPLv2
48ea54
URL:            https://chrony.tuxfamily.org
48ea54
Source0:        https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
48ea54
Source1:        chrony.dhclient
48ea54
Source2:        chrony.helper
48ea54
Source3:        chrony-dnssrv@.service
48ea54
Source4:        chrony-dnssrv@.timer
48ea54
# simulator for test suite
48ea54
Source10:       https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
48ea54
48ea54
# add NTP servers from DHCP when starting service
48ea54
Patch1:         chrony-service-helper.patch
48ea54
# enable support for SW/HW timestamping on older kernels
48ea54
Patch2:         chrony-timestamping.patch
48ea54
# revert upstream changes in packaged chrony.conf example
48ea54
Patch3:         chrony-defconfig.patch
48ea54
# fix chronyc getting stuck in infinite loop after clock step
48ea54
Patch4:         chrony-select-timeout.patch
48ea54
48ea54
BuildRequires:  libcap-devel libedit-devel nss-devel pps-tools-devel
48ea54
%ifarch %{ix86} x86_64 %{arm} aarch64 ppc64 ppc64le s390 s390x
48ea54
BuildRequires:  libseccomp-devel
48ea54
%endif
48ea54
BuildRequires:  bison systemd-units
48ea54
48ea54
Requires(pre):  shadow-utils
48ea54
Requires(post): systemd
48ea54
Requires(preun): systemd
48ea54
Requires(postun): systemd
48ea54
48ea54
%description
48ea54
A client/server for the Network Time Protocol, this program keeps your
48ea54
computer's clock accurate. It was specially designed to support
48ea54
systems with intermittent internet connections, but it also works well
48ea54
in permanently connected environments. It can use also hardware reference
48ea54
clocks, system real-time clock or manual input as time references.
48ea54
48ea54
%if 0%{!?vendorzone:1}
48ea54
%global vendorzone %(source /etc/os-release && echo ${ID}.)
48ea54
%endif
48ea54
48ea54
%prep
48ea54
%setup -q -n %{name}-%{version}%{?prerelease} -a 10
48ea54
%patch1 -p1 -b .service-helper
48ea54
%patch2 -p1 -b .timestamping
48ea54
%patch3 -p1 -b .defconfig
48ea54
%patch4 -p1 -b .select-timeout
48ea54
48ea54
# review changes in packaged configuration files and scripts
48ea54
md5sum -c <<-EOF | (! grep -v 'OK$')
48ea54
        47ad7eccc410b981d2f2101cf5682616  examples/chrony-wait.service
48ea54
        58978d335ec3752ac2c38fa82b48f0a5  examples/chrony.conf.example2
48ea54
        ba6bb05c50e03f6b5ab54a2b7914800d  examples/chrony.keys.example
48ea54
        6a3178c4670de7de393d9365e2793740  examples/chrony.logrotate
48ea54
        27cbc940c94575de320dbd251cbb4514  examples/chrony.nm-dispatcher
48ea54
        a85246982a89910b1e2d3356b7d131d7  examples/chronyd.service
48ea54
EOF
48ea54
48ea54
# don't allow empty vendor zone
48ea54
test -n "%{vendorzone}"
48ea54
48ea54
# use our vendor zone and replace the pool directive with server
48ea54
# directives as some configuration tools don't support it yet
48ea54
sed -e 's|^\(pool \)\(pool.ntp.org.*\)|'\
48ea54
'server 0.%{vendorzone}\2\nserver 1.%{vendorzone}\2\n'\
48ea54
'server 2.%{vendorzone}\2\nserver 3.%{vendorzone}\2|' \
48ea54
        < examples/chrony.conf.example2 > chrony.conf
48ea54
48ea54
touch -r examples/chrony.conf.example2 chrony.conf
48ea54
48ea54
# regenerate the file from getdate.y
48ea54
rm -f getdate.c
48ea54
48ea54
mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
48ea54
48ea54
%build
48ea54
%configure \
48ea54
%{?with_debug: --enable-debug} \
48ea54
        --enable-ntp-signd \
48ea54
        --enable-scfilter \
48ea54
        --docdir=%{_docdir} \
48ea54
        --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \
48ea54
        --with-user=chrony \
48ea54
        --with-hwclockfile=%{_sysconfdir}/adjtime \
48ea54
        --with-sendmail=%{_sbindir}/sendmail
48ea54
make %{?_smp_mflags}
48ea54
48ea54
%install
48ea54
make install DESTDIR=$RPM_BUILD_ROOT
48ea54
48ea54
rm -rf $RPM_BUILD_ROOT%{_docdir}
48ea54
48ea54
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d}
48ea54
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony
48ea54
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d
48ea54
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d
48ea54
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
48ea54
mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}
48ea54
48ea54
install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf
48ea54
48ea54
install -m 640 -p examples/chrony.keys.example \
48ea54
        $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
48ea54
install -m 755 -p examples/chrony.nm-dispatcher \
48ea54
        $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony
48ea54
install -m 755 -p %{SOURCE1} \
48ea54
        $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
48ea54
install -m 644 -p examples/chrony.logrotate \
48ea54
        $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony
48ea54
48ea54
install -m 644 -p examples/chronyd.service \
48ea54
        $RPM_BUILD_ROOT%{_unitdir}/chronyd.service
48ea54
install -m 644 -p examples/chrony-wait.service \
48ea54
        $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service
48ea54
install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service
48ea54
install -m 644 -p %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer
48ea54
48ea54
install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper
48ea54
48ea54
cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <
48ea54
# Command-line options for chronyd
48ea54
OPTIONS=""
48ea54
EOF
48ea54
48ea54
touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}
48ea54
48ea54
echo 'chronyd.service' > \
48ea54
        $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list
48ea54
48ea54
%check
48ea54
# set random seed to get deterministic results
48ea54
export CLKNETSIM_RANDOM_SEED=24502
48ea54
make %{?_smp_mflags} -C test/simulation/clknetsim
48ea54
make quickcheck
48ea54
48ea54
%pre
48ea54
getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony
48ea54
getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \
48ea54
       -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony
48ea54
:
48ea54
48ea54
%post
48ea54
%systemd_post chronyd.service chrony-wait.service
48ea54
48ea54
%preun
48ea54
%systemd_preun chronyd.service chrony-wait.service
48ea54
48ea54
%postun
48ea54
%systemd_postun_with_restart chronyd.service
48ea54
48ea54
%files
48ea54
%doc COPYING FAQ NEWS README
48ea54
%config(noreplace) %{_sysconfdir}/chrony.conf
48ea54
%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
48ea54
%config(noreplace) %{_sysconfdir}/logrotate.d/chrony
48ea54
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
48ea54
%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony
48ea54
%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
48ea54
%{_bindir}/chronyc
48ea54
%{_sbindir}/chronyd
48ea54
%{_libexecdir}/chrony-helper
48ea54
%{_prefix}/lib/systemd/ntp-units.d/*.list
48ea54
%{_unitdir}/chrony*.service
48ea54
%{_unitdir}/chrony*.timer
48ea54
%{_mandir}/man[158]/%{name}*.[158]*
48ea54
%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony
48ea54
%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift
48ea54
%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc
48ea54
%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony
48ea54
48ea54
%changelog
48ea54
* Tue Dec 05 2017 Miroslav Lichvar <mlichvar@redhat.com> 3.2-2
48ea54
- fix chronyc getting stuck in infinite loop after clock step (#1520884)
48ea54
48ea54
* Tue Sep 19 2017 Miroslav Lichvar <mlichvar@redhat.com> 3.2-1
48ea54
- update to 3.2 (#1482565 #1462081 #1454765)
48ea54
- use ID from /etc/os-release to set pool.ntp.org vendor zone
48ea54
48ea54
* Mon Apr 24 2017 Miroslav Lichvar <mlichvar@redhat.com> 3.1-2
48ea54
- don't drop PHC samples with zero delay (#1443342)
48ea54
48ea54
* Fri Feb 03 2017 Miroslav Lichvar <mlichvar@redhat.com> 3.1-1
48ea54
- update to 3.1 (#1387223 #1274250 #1350669 #1406445)
48ea54
- don't start chronyd without capability to set system clock (#1306046)
48ea54
- fix chrony-helper to escape names of systemd units (#1418968)
48ea54
- package chronyd sysconfig file (#1396840)
48ea54
48ea54
* Fri Nov 18 2016 Miroslav Lichvar <mlichvar@redhat.com> 2.1.1-4
48ea54
- fix crash with smoothtime leaponly directive (#1392793)
48ea54
48ea54
* Tue Jun 28 2016 Miroslav Lichvar <mlichvar@redhat.com> 2.1.1-3
48ea54
- fix chrony-helper to exit with correct status (#1350531)
48ea54
48ea54
* Wed May 25 2016 Miroslav Lichvar <mlichvar@redhat.com> 2.1.1-2
48ea54
- extend chrony-helper to allow management of static sources (#1331655)
48ea54
48ea54
* Tue Jun 23 2015 Miroslav Lichvar <mlichvar@redhat.com> 2.1.1-1
48ea54
- update to 2.1.1 (#1117882)
48ea54
- add -n option to gzip command to not save timestamp
48ea54
48ea54
* Mon Jun 22 2015 Miroslav Lichvar <mlichvar@redhat.com> 2.1-1
48ea54
- update to 2.1 (#1117882 #1169353 #1206504 #1209568 CVE-2015-1821
48ea54
  CVE-2015-1822 CVE-2015-1853)
48ea54
- extend chrony-helper to allow using servers from DNS SRV records (#1211600)
48ea54
- add servers from DHCP with iburst option by default (#1219492)
48ea54
- execute test suite
48ea54
48ea54
* Tue Feb 04 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.29.1-1
48ea54
- update to 1.29.1 (#1053022, CVE-2014-0021)
48ea54
- fix selecting of sources with prefer option (#1061048)
48ea54
- fix potential bug in writing of drift files (#1061106)
48ea54
- replace hardening build flags with _hardened_build (#1061036)
48ea54
48ea54
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.29-4
48ea54
- Mass rebuild 2014-01-24
48ea54
48ea54
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.29-3
48ea54
- Mass rebuild 2013-12-27
48ea54
48ea54
* Thu Oct 03 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.29-2
48ea54
- add ordering dependency to not start chronyd before ntpd stopped (#1011968)
48ea54
48ea54
* Fri Aug 09 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.29-1
48ea54
- update to 1.29 (#995373, CVE-2012-4502, CVE-2012-4503)
48ea54
48ea54
* Wed Jul 17 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-1
48ea54
- update to 1.28
48ea54
- change default makestep limit to 10 seconds
48ea54
48ea54
* Mon Jun 24 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-0.2.pre1
48ea54
- buildrequire systemd-units
48ea54
48ea54
* Fri Jun 21 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-0.1.pre1
48ea54
- update to 1.28-pre1
48ea54
- listen for commands only on localhost by default
48ea54
48ea54
* Thu May 09 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-3
48ea54
- disable chrony-wait service by default (#961047)
48ea54
- drop old systemd scriptlets
48ea54
- don't own ntp-units.d directory
48ea54
- move files from /lib
48ea54
- remove unncessary dependency on syslog target
48ea54
48ea54
* Tue Mar 12 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-2
48ea54
- suppress error messages from tr when generating key (#907914)
48ea54
- fix delta calculation with extreme frequency offsets
48ea54
48ea54
* Fri Feb 01 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-1
48ea54
- update to 1.27
48ea54
- start chrony-wait service with chronyd
48ea54
- start chronyd service after sntp
48ea54
- remove obsolete macros
48ea54
48ea54
* Tue Sep 11 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.5.pre1.git1ca844
48ea54
- update to git snapshot 1ca844
48ea54
- update systemd integration (#846303)
48ea54
- use systemd macros if available (#850151)
48ea54
- use correct vendor pool.ntp.org zone on RHEL (#845981)
48ea54
- don't log output of chrony-wait service
48ea54
48ea54
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.27-0.4.pre1
48ea54
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
48ea54
48ea54
* Fri Apr 27 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.3.pre1
48ea54
- update service file for systemd-timedated-ntp target (#816493)
48ea54
48ea54
* Fri Apr 06 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.2.pre1
48ea54
  use systemctl is-active instead of status in chrony-helper (#794771)
48ea54
48ea54
* Tue Feb 28 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.1.pre1
48ea54
- update to 1.27-pre1
48ea54
- generate SHA1 command key instead of MD5
48ea54
48ea54
* Wed Feb 15 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.26-6.20110831gitb088b7
48ea54
- remove old servers on DHCP update (#787042)
48ea54
48ea54
* Fri Feb 10 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.26-5.20110831gitb088b7
48ea54
- improve chrony-helper to keep track of servers added from DHCP (#787042)
48ea54
- fix dhclient script to always return with zero exit code (#767859)
48ea54
48ea54
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.26-4.20110831gitb088b7
48ea54
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
48ea54
48ea54
* Tue Sep 06 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-3.20110831gitb088b7
48ea54
- update to git snapshot 20110831gitb088b7
48ea54
- on first start generate password with 16 chars
48ea54
- change systemd service type to forking
48ea54
- add forced-command to chrony-helper (#735821)
48ea54
48ea54
* Mon Aug 15 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-2
48ea54
- fix iburst with very high jitters and long delays
48ea54
- use timepps header from pps-tools-devel
48ea54
48ea54
* Wed Jul 13 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-1
48ea54
- update to 1.26
48ea54
- read options from sysconfig file if it exists
48ea54
48ea54
* Fri Jun 24 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-0.1.pre1
48ea54
- update to 1.26-pre1
48ea54
- fix service name in %%triggerun
48ea54
- drop SysV init script
48ea54
- add chrony-wait service
48ea54
48ea54
* Fri May 06 2011 Bill Nottingham <notting@redhat.com> 1.25-2
48ea54
- fix systemd scriptlets for the upgrade case
48ea54
48ea54
* Wed May 04 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-1
48ea54
- update to 1.25
48ea54
48ea54
* Wed Apr 20 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-0.3.pre2
48ea54
- update to 1.25-pre2
48ea54
- link with -Wl,-z,relro,-z,now options
48ea54
48ea54
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.25-0.2.pre1
48ea54
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
48ea54
48ea54
* Tue Feb 01 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-0.1.pre1
48ea54
- update to 1.25-pre1
48ea54
- use iburst, four pool servers, rtcsync, stratumweight in default config
48ea54
- add systemd support
48ea54
- drop sysconfig file 
48ea54
- suppress install-info errors
48ea54
48ea54
* Thu Apr 29 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-4.20100428git73d775
48ea54
- update to 20100428git73d775
48ea54
- replace initstepslew directive with makestep in default config
48ea54
- add NetworkManager dispatcher script
48ea54
- add dhclient script
48ea54
- retry server/peer name resolution at least once to workaround
48ea54
  NetworkManager race condition on boot
48ea54
- don't verify chrony.keys
48ea54
48ea54
* Fri Mar 12 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-3.20100302git5fb555
48ea54
- update to snapshot 20100302git5fb555
48ea54
- compile with PPS API support
48ea54
48ea54
* Thu Feb 04 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-1
48ea54
- update to 1.24 (#555367, CVE-2010-0292 CVE-2010-0293 CVE-2010-0294)
48ea54
- modify default config
48ea54
  - step clock on start if it is off by more than 100 seconds
48ea54
  - disable client log
48ea54
- build with -fPIE on sparc
48ea54
48ea54
* Tue Dec 15 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.24-0.1.pre1
48ea54
- update to 1.24-pre1
48ea54
48ea54
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.23-7.20081106gitbe42b4
48ea54
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
48ea54
48ea54
* Fri Jul 17 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.23-6.20081106gitbe42b4
48ea54
- switch to editline
48ea54
- support arbitrary chronyc commands in init script
48ea54
48ea54
* Mon Jun 08 2009 Dan Horak <dan[at]danny.cz> 1.23-5.20081106gitbe42b4
48ea54
- add patch with support for s390/s390x
48ea54
48ea54
* Mon Mar 09 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.23-4.20081106gitbe42b4
48ea54
- fix building with broken libcap header (#483548)
48ea54
48ea54
* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.23-3.20081106gitbe42b4
48ea54
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
48ea54
48ea54
* Wed Nov 19 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-2.20081106gitbe42b4
48ea54
- fix info uninstall
48ea54
- generate random command key in init script
48ea54
- support cyclelogs, online, offline commands in init script
48ea54
- add logrotate script
48ea54
48ea54
* Tue Nov 11 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-1.20081106gitbe42b4
48ea54
- initial release