From 48ea541a3a8a4c2e43b9064728190df9b4ea5c77 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:23:01 +0000 Subject: import chrony-3.2-2.el7 --- diff --git a/.chrony.metadata b/.chrony.metadata new file mode 100644 index 0000000..5d00761 --- /dev/null +++ b/.chrony.metadata @@ -0,0 +1,2 @@ +64db6c31e013222cc0a2b66322192b4cedf6e048 SOURCES/chrony-3.2.tar.gz +a56b3edc67f6af8c42775c2004fa8e5c09cc9be8 SOURCES/clknetsim-71dbbc.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..967e3c2 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/chrony-3.2.tar.gz +SOURCES/clknetsim-71dbbc.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/chrony-defconfig.patch b/SOURCES/chrony-defconfig.patch new file mode 100644 index 0000000..c5bbfcc --- /dev/null +++ b/SOURCES/chrony-defconfig.patch @@ -0,0 +1,13 @@ +diff -up chrony-3.2/examples/chrony.conf.example2.defconfig chrony-3.2/examples/chrony.conf.example2 +--- chrony-3.2/examples/chrony.conf.example2.defconfig 2017-09-15 08:32:09.000000000 +0200 ++++ chrony-3.2/examples/chrony.conf.example2 2017-09-18 12:48:08.688020942 +0200 +@@ -28,9 +28,6 @@ rtcsync + # Specify file containing keys for NTP authentication. + #keyfile /etc/chrony.keys + +-# Get TAI-UTC offset and leap seconds from the system tz database. +-#leapsectz right/UTC +- + # Specify directory for log files. + logdir /var/log/chrony + diff --git a/SOURCES/chrony-dnssrv@.service b/SOURCES/chrony-dnssrv@.service new file mode 100644 index 0000000..139ed28 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.service @@ -0,0 +1,8 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chronyd.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/chrony-helper update-dnssrv-servers %I diff --git a/SOURCES/chrony-dnssrv@.timer b/SOURCES/chrony-dnssrv@.timer new file mode 100644 index 0000000..8495e01 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/SOURCES/chrony-select-timeout.patch b/SOURCES/chrony-select-timeout.patch new file mode 100644 index 0000000..6f585a4 --- /dev/null +++ b/SOURCES/chrony-select-timeout.patch @@ -0,0 +1,44 @@ +commit d0b24860363a3704e28569ce9a6987717834edea +Author: Miroslav Lichvar +Date: Tue Dec 5 11:08:24 2017 +0100 + + client: don't call select() with invalid timeout + + If the system clock was stepped forward after chronyc sent a request and + before it read the clock in order to calculate the receive timeout, + select() could be called with a negative timeout, which resulted in an + infinite loop waiting for select() to succeed. + + Fix the submit_request() function to not call select() with a negative + timeout. Also, return immediately on any error of select(). + +diff --git a/client.c b/client.c +index 5c3a99e..4e23158 100644 +--- a/client.c ++++ b/client.c +@@ -1394,9 +1394,16 @@ submit_request(CMD_Request *request, CMD_Reply *reply) + + timeout = initial_timeout / 1000.0 * (1U << (n_attempts - 1)) - + UTI_DiffTimespecsToDouble(&ts_now, &ts_start); +- UTI_DoubleToTimeval(timeout, &tv); + DEBUG_LOG("Timeout %f seconds", timeout); + ++ /* Avoid calling select() with an invalid timeout */ ++ if (timeout <= 0.0) { ++ new_attempt = 1; ++ continue; ++ } ++ ++ UTI_DoubleToTimeval(timeout, &tv); ++ + FD_ZERO(&rdfd); + FD_ZERO(&wrfd); + FD_ZERO(&exfd); +@@ -1410,6 +1417,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply) + + if (select_status < 0) { + DEBUG_LOG("select failed : %s", strerror(errno)); ++ return 0; + } else if (select_status == 0) { + /* Timeout must have elapsed, try a resend? */ + new_attempt = 1; diff --git a/SOURCES/chrony-service-helper.patch b/SOURCES/chrony-service-helper.patch new file mode 100644 index 0000000..fe11392 --- /dev/null +++ b/SOURCES/chrony-service-helper.patch @@ -0,0 +1,11 @@ +diff -up chrony-3.1/examples/chronyd.service.service-helper chrony-3.1/examples/chronyd.service +--- chrony-3.1/examples/chronyd.service.service-helper 2017-01-31 12:12:01.863772826 +0100 ++++ chrony-3.1/examples/chronyd.service 2017-01-31 12:12:30.371860064 +0100 +@@ -10,6 +10,7 @@ Type=forking + PIDFile=/var/run/chronyd.pid + EnvironmentFile=-/etc/sysconfig/chronyd + ExecStart=/usr/sbin/chronyd $OPTIONS ++ExecStartPost=/usr/libexec/chrony-helper update-daemon + PrivateTmp=yes + ProtectHome=yes + ProtectSystem=full diff --git a/SOURCES/chrony-timestamping.patch b/SOURCES/chrony-timestamping.patch new file mode 100644 index 0000000..6b60ef9 --- /dev/null +++ b/SOURCES/chrony-timestamping.patch @@ -0,0 +1,197 @@ +diff -up chrony-3.2/configure.timestamping chrony-3.2/configure +--- chrony-3.2/configure.timestamping 2017-09-19 13:58:21.093194558 +0200 ++++ chrony-3.2/configure 2017-09-19 13:57:56.109116276 +0200 +@@ -683,15 +683,15 @@ if [ $feat_timestamping = "1" ] && [ $tr + test_code 'SW/HW timestamping' 'sys/types.h sys/socket.h linux/net_tstamp.h + linux/errqueue.h linux/ptp_clock.h' '' '' ' + int val = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE | +- SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_OPT_CMSG; +- return sizeof (struct scm_timestamping) + SCM_TSTAMP_SND + PTP_SYS_OFFSET + ++ SOF_TIMESTAMPING_RAW_HARDWARE | 1; ++ return 3 * sizeof (struct timespec) + 0 + PTP_SYS_OFFSET + + setsockopt(0, SOL_SOCKET, SO_SELECT_ERR_QUEUE + SO_TIMESTAMPING, + &val, sizeof (val));' + then + add_def HAVE_LINUX_TIMESTAMPING + EXTRA_OBJECTS="$EXTRA_OBJECTS hwclock.o ntp_io_linux.o" + +- if test_code 'other timestamping options' \ ++ if true || test_code 'other timestamping options' \ + 'sys/types.h sys/socket.h linux/net_tstamp.h' '' '' ' + struct scm_ts_pktinfo pktinfo; + pktinfo.if_index = pktinfo.pkt_length = 0; +diff -up chrony-3.2/doc/chrony.conf.man.in.timestamping chrony-3.2/doc/chrony.conf.man.in +--- chrony-3.2/doc/chrony.conf.man.in.timestamping 2017-09-15 10:17:41.000000000 +0200 ++++ chrony-3.2/doc/chrony.conf.man.in 2017-09-19 13:52:59.544187046 +0200 +@@ -3201,13 +3201,12 @@ timestamping. If the server or peer supp + be enabled by the \fBxleave\fP option in the \fBserver\fP or the + \fBpeer\fP directive. + .sp +-This directive is supported on Linux 3.19 and newer. The NIC must support HW ++This directive is supported on Linux. The NIC must support HW + timestamping, which can be verified with the \fBethtool \-T\fP command. The list of + capabilities should include \fISOF_TIMESTAMPING_RAW_HARDWARE\fP, + \fISOF_TIMESTAMPING_TX_HARDWARE\fP, and \fISOF_TIMESTAMPING_RX_HARDWARE\fP. Receive + filter \fIHWTSTAMP_FILTER_ALL\fP, or \fIHWTSTAMP_FILTER_NTP_ALL\fP, is necessary for +-timestamping of received packets. Timestamping of packets received from bridged +-and bonded interfaces is supported on Linux 4.13 and newer. When \fBchronyd\fP is ++timestamping of received packets. When \fBchronyd\fP is + running, no other process (e.g. a PTP daemon) should be working with the NIC + clock. + .sp +diff -up chrony-3.2/ntp_io_linux.c.timestamping chrony-3.2/ntp_io_linux.c +--- chrony-3.2/ntp_io_linux.c.timestamping 2017-09-15 08:32:09.000000000 +0200 ++++ chrony-3.2/ntp_io_linux.c 2017-09-19 13:52:59.544187046 +0200 +@@ -35,6 +35,16 @@ + #include + #include + ++/* Missing in older kernel headers */ ++#define SOF_TIMESTAMPING_OPT_CMSG (1<<10) ++#define SOF_TIMESTAMPING_OPT_PKTINFO (1<<13) ++#define SOF_TIMESTAMPING_OPT_TX_SWHW (1<<14) ++#define SCM_TSTAMP_SND 0 ++#define HWTSTAMP_FILTER_NTP_ALL 15 ++#ifndef SCM_TIMESTAMPING_PKTINFO ++#define SCM_TIMESTAMPING_PKTINFO 58 ++#endif ++ + #include "array.h" + #include "conf.h" + #include "hwclock.h" +@@ -94,6 +104,10 @@ static int ts_tx_flags; + /* Flag indicating the socket options can't be changed in control messages */ + static int permanent_ts_options; + ++/* Index of a HW-timestamping interface, but only if the machine has not more ++ than one */ ++static int single_hwts_if_index; ++ + /* ================================================== */ + + static int +@@ -278,7 +292,7 @@ update_interface_speed(struct Interface + + /* ================================================== */ + +-#if defined(HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO) || defined(HAVE_LINUX_TIMESTAMPING_OPT_TX_SWHW) ++#if 1 + static int + check_timestamping_option(int option) + { +@@ -301,6 +315,61 @@ check_timestamping_option(int option) + + /* ================================================== */ + ++static int ++get_single_hwts_index() ++{ ++ struct ifaddrs *ifaddr, *ifa; ++ struct ethtool_ts_info ts_info; ++ struct ifreq req; ++ int sock_fd, if_index, hwts_if_index = INVALID_IF_INDEX; ++ ++ sock_fd = socket(AF_INET, SOCK_DGRAM, 0); ++ if (sock_fd < 0) ++ return INVALID_IF_INDEX; ++ ++ if (getifaddrs(&ifaddr)) { ++ DEBUG_LOG("getifaddrs() failed : %s", strerror(errno)); ++ close(sock_fd); ++ return INVALID_IF_INDEX; ++ } ++ ++ for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) { ++ memset(&req, 0, sizeof (req)); ++ memset(&ts_info, 0, sizeof (ts_info)); ++ ++ if (snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", ifa->ifa_name) >= ++ sizeof (req.ifr_name)) ++ break; ++ ++ if (ioctl(sock_fd, SIOCGIFINDEX, &req)) ++ break; ++ ++ if_index = req.ifr_ifindex; ++ ts_info.cmd = ETHTOOL_GET_TS_INFO; ++ req.ifr_data = (char *)&ts_info; ++ ++ if (ioctl(sock_fd, SIOCETHTOOL, &req)) ++ break; ++ ++ if (ts_info.phc_index < 0) ++ continue; ++ ++ if (hwts_if_index != INVALID_IF_INDEX && hwts_if_index != if_index) ++ break; ++ ++ hwts_if_index = if_index; ++ } ++ ++ close(sock_fd); ++ freeifaddrs(ifaddr); ++ ++ if (ifa) ++ return INVALID_IF_INDEX; ++ ++ return hwts_if_index; ++} ++ ++/* ================================================== */ + void + NIO_Linux_Initialise(void) + { +@@ -345,8 +414,20 @@ NIO_Linux_Initialise(void) + #endif + } + +- /* Enable IP_PKTINFO in messages looped back to the error queue */ +- ts_flags |= SOF_TIMESTAMPING_OPT_CMSG; ++ single_hwts_if_index = INVALID_IF_INDEX; ++ ++ /* Enable IP_PKTINFO in messages looped back to the error queue if possible. ++ If not, HW timestamping of IPv4 packets can be supported only with one ++ interface capable of HW timestamping. */ ++ if (check_timestamping_option(SOF_TIMESTAMPING_OPT_CMSG)) { ++ ts_flags |= SOF_TIMESTAMPING_OPT_CMSG; ++ } else if (ARR_GetSize(interfaces) > 0) { ++ single_hwts_if_index = get_single_hwts_index(); ++ if (single_hwts_if_index == INVALID_IF_INDEX) ++ LOG(LOGS_WARN, "Missing SOF_TIMESTAMPING_OPT_CMSG option for HW timestamping with multiple HW-timestamping interfaces"); ++ else ++ LOG(LOGS_INFO, "Enabled single-interface HW-timestamping mode"); ++ } + + /* Kernels before 4.7 ignore timestamping flags set in control messages */ + permanent_ts_options = !SYS_Linux_CheckKernelVersion(4, 7); +@@ -590,7 +671,11 @@ NIO_Linux_ProcessMessage(NTP_Remote_Addr + for (cmsg = CMSG_FIRSTHDR(hdr); cmsg; cmsg = CMSG_NXTHDR(hdr, cmsg)) { + #ifdef HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING_PKTINFO) { +- struct scm_ts_pktinfo ts_pktinfo; ++ struct { ++ __u32 if_index; ++ __u32 pkt_length; ++ __u32 reserved[2]; ++ } ts_pktinfo; + + memcpy(&ts_pktinfo, CMSG_DATA(cmsg), sizeof (ts_pktinfo)); + +@@ -602,11 +687,16 @@ NIO_Linux_ProcessMessage(NTP_Remote_Addr + #endif + + if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING) { +- struct scm_timestamping ts3; ++ struct { ++ struct timespec ts[3]; ++ } ts3; + + memcpy(&ts3, CMSG_DATA(cmsg), sizeof (ts3)); + + if (!UTI_IsZeroTimespec(&ts3.ts[2])) { ++ if (ts_if_index == INVALID_IF_INDEX) ++ ts_if_index = single_hwts_if_index; ++ + iface = get_interface(ts_if_index); + if (iface) { + process_hw_timestamp(iface, &ts3.ts[2], local_ts, !is_tx ? length : 0, diff --git a/SOURCES/chrony.dhclient b/SOURCES/chrony.dhclient new file mode 100644 index 0000000..8b12441 --- /dev/null +++ b/SOURCES/chrony.dhclient @@ -0,0 +1,20 @@ +#!/bin/bash + +SERVERFILE=$SAVEDIR/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + if [ "$PEERNTP" != "no" ]; then + for server in $new_ntp_servers; do + echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE + done + /usr/libexec/chrony-helper update-daemon || : + fi +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + /usr/libexec/chrony-helper update-daemon || : + fi +} diff --git a/SOURCES/chrony.helper b/SOURCES/chrony.helper new file mode 100644 index 0000000..c150ff6 --- /dev/null +++ b/SOURCES/chrony.helper @@ -0,0 +1,251 @@ +#!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. The script can also list +# and set static sources in the chronyd configuration file. + +chronyc=/usr/bin/chronyc +chrony_conf=/etc/chrony.conf +chrony_service=chronyd.service +helper_dir=/var/run/chrony-helper +added_servers_file=$helper_dir/added_servers + +network_sysconfig_file=/etc/sysconfig/network +dhclient_servers_files=/var/lib/dhclient/chrony.servers.* +dnssrv_servers_files=$helper_dir/dnssrv@* +dnssrv_timer_prefix=chrony-dnssrv@ + +chrony_command() { + $chronyc -a -n -m "$1" +} + +is_running() { + chrony_command "tracking" &> /dev/null +} + +is_update_needed() { + for file in $dhclient_servers_files $dnssrv_servers_files \ + $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 +} + +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$( + cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) + + all_servers=$( + echo "$all_servers_with_args" | + while read server serverargs; do + echo "$server" + done | sort -u) + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | + while read server; do + chrony_command "delete $server" &> /dev/null + done + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || + rm -f $added_servers_file +} + +get_dnssrv_servers() { + local name=$1 + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + ( + . $network_sysconfig_file &> /dev/null + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) + [ $? -ne 0 ] && return 0 + + echo "$output" | while read prio weight port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port ${NTPSERVERARGS:-iburst}" + done + ) +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" | + while read -r name; do + systemd-escape --unescape "$name" + done +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +is_source_line() { + local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+" + [[ "$1" =~ $pattern ]] +} + +list_static_sources() { + while read line; do + is_source_line "$line" && echo "$line" || : + done < $chrony_conf +} + +set_static_sources() { + local new_config tmp_conf + + new_config=$( + sources=$( + while read line; do + is_source_line "$line" && echo "$line" + done) + + while read line; do + if ! is_source_line "$line"; then + echo "$line" + continue + fi + + tmp_sources=$( + local removed=0 + + echo "$sources" | while read line2; do + [ "$removed" -ne 0 -o "$line" != "$line2" ] && \ + echo "$line2" || removed=1 + done) + + [ "$sources" == "$tmp_sources" ] && continue + sources=$tmp_sources + echo "$line" + done < $chrony_conf + + echo "$sources" + ) + + tmp_conf=${chrony_conf}.tmp + + cp -a $chrony_conf $tmp_conf && + echo "$new_config" > $tmp_conf && + mv $tmp_conf $chrony_conf || return 1 + + systemctl try-restart $chrony_service +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " list-static-sources" + echo " set-static-sources < sources.list" + echo " is-running" + echo " command CHRONYC-COMMAND" +} + +case "$1" in + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon + ;; + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers + ;; + list-static-sources) + list_static_sources + ;; + set-static-sources) + set_static_sources + ;; + is-running) + is_running + ;; + command|forced-command) + chrony_command "$2" + ;; + *) + print_help + exit 2 +esac + +exit $? diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec new file mode 100644 index 0000000..e2fb655 --- /dev/null +++ b/SPECS/chrony.spec @@ -0,0 +1,380 @@ +%global _hardened_build 1 +%global clknetsim_ver 71dbbc +%bcond_without debug + +Name: chrony +Version: 3.2 +Release: 2%{?dist} +Summary: An NTP client/server + +Group: System Environment/Daemons +License: GPLv2 +URL: https://chrony.tuxfamily.org +Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +Source1: chrony.dhclient +Source2: chrony.helper +Source3: chrony-dnssrv@.service +Source4: chrony-dnssrv@.timer +# simulator for test suite +Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz + +# add NTP servers from DHCP when starting service +Patch1: chrony-service-helper.patch +# enable support for SW/HW timestamping on older kernels +Patch2: chrony-timestamping.patch +# revert upstream changes in packaged chrony.conf example +Patch3: chrony-defconfig.patch +# fix chronyc getting stuck in infinite loop after clock step +Patch4: chrony-select-timeout.patch + +BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel +%ifarch %{ix86} x86_64 %{arm} aarch64 ppc64 ppc64le s390 s390x +BuildRequires: libseccomp-devel +%endif +BuildRequires: bison systemd-units + +Requires(pre): shadow-utils +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd + +%description +A client/server for the Network Time Protocol, this program keeps your +computer's clock accurate. It was specially designed to support +systems with intermittent internet connections, but it also works well +in permanently connected environments. It can use also hardware reference +clocks, system real-time clock or manual input as time references. + +%if 0%{!?vendorzone:1} +%global vendorzone %(source /etc/os-release && echo ${ID}.) +%endif + +%prep +%setup -q -n %{name}-%{version}%{?prerelease} -a 10 +%patch1 -p1 -b .service-helper +%patch2 -p1 -b .timestamping +%patch3 -p1 -b .defconfig +%patch4 -p1 -b .select-timeout + +# review changes in packaged configuration files and scripts +md5sum -c <<-EOF | (! grep -v 'OK$') + 47ad7eccc410b981d2f2101cf5682616 examples/chrony-wait.service + 58978d335ec3752ac2c38fa82b48f0a5 examples/chrony.conf.example2 + ba6bb05c50e03f6b5ab54a2b7914800d examples/chrony.keys.example + 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate + 27cbc940c94575de320dbd251cbb4514 examples/chrony.nm-dispatcher + a85246982a89910b1e2d3356b7d131d7 examples/chronyd.service +EOF + +# don't allow empty vendor zone +test -n "%{vendorzone}" + +# use our vendor zone and replace the pool directive with server +# directives as some configuration tools don't support it yet +sed -e 's|^\(pool \)\(pool.ntp.org.*\)|'\ +'server 0.%{vendorzone}\2\nserver 1.%{vendorzone}\2\n'\ +'server 2.%{vendorzone}\2\nserver 3.%{vendorzone}\2|' \ + < examples/chrony.conf.example2 > chrony.conf + +touch -r examples/chrony.conf.example2 chrony.conf + +# regenerate the file from getdate.y +rm -f getdate.c + +mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim + +%build +%configure \ +%{?with_debug: --enable-debug} \ + --enable-ntp-signd \ + --enable-scfilter \ + --docdir=%{_docdir} \ + --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ + --with-user=chrony \ + --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-sendmail=%{_sbindir}/sendmail +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT + +rm -rf $RPM_BUILD_ROOT%{_docdir} + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d +mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} + +install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf + +install -m 640 -p examples/chrony.keys.example \ + $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys +install -m 755 -p examples/chrony.nm-dispatcher \ + $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +install -m 755 -p %{SOURCE1} \ + $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +install -m 644 -p examples/chrony.logrotate \ + $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony + +install -m 644 -p examples/chronyd.service \ + $RPM_BUILD_ROOT%{_unitdir}/chronyd.service +install -m 644 -p examples/chrony-wait.service \ + $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service +install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service +install -m 644 -p %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer + +install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper + +cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd < \ + $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list + +%check +# set random seed to get deterministic results +export CLKNETSIM_RANDOM_SEED=24502 +make %{?_smp_mflags} -C test/simulation/clknetsim +make quickcheck + +%pre +getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony +getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ + -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony +: + +%post +%systemd_post chronyd.service chrony-wait.service + +%preun +%systemd_preun chronyd.service chrony-wait.service + +%postun +%systemd_postun_with_restart chronyd.service + +%files +%doc COPYING FAQ NEWS README +%config(noreplace) %{_sysconfdir}/chrony.conf +%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys +%config(noreplace) %{_sysconfdir}/logrotate.d/chrony +%config(noreplace) %{_sysconfdir}/sysconfig/chronyd +%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +%{_bindir}/chronyc +%{_sbindir}/chronyd +%{_libexecdir}/chrony-helper +%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_unitdir}/chrony*.service +%{_unitdir}/chrony*.timer +%{_mandir}/man[158]/%{name}*.[158]* +%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc +%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony + +%changelog +* Tue Dec 05 2017 Miroslav Lichvar 3.2-2 +- fix chronyc getting stuck in infinite loop after clock step (#1520884) + +* Tue Sep 19 2017 Miroslav Lichvar 3.2-1 +- update to 3.2 (#1482565 #1462081 #1454765) +- use ID from /etc/os-release to set pool.ntp.org vendor zone + +* Mon Apr 24 2017 Miroslav Lichvar 3.1-2 +- don't drop PHC samples with zero delay (#1443342) + +* Fri Feb 03 2017 Miroslav Lichvar 3.1-1 +- update to 3.1 (#1387223 #1274250 #1350669 #1406445) +- don't start chronyd without capability to set system clock (#1306046) +- fix chrony-helper to escape names of systemd units (#1418968) +- package chronyd sysconfig file (#1396840) + +* Fri Nov 18 2016 Miroslav Lichvar 2.1.1-4 +- fix crash with smoothtime leaponly directive (#1392793) + +* Tue Jun 28 2016 Miroslav Lichvar 2.1.1-3 +- fix chrony-helper to exit with correct status (#1350531) + +* Wed May 25 2016 Miroslav Lichvar 2.1.1-2 +- extend chrony-helper to allow management of static sources (#1331655) + +* Tue Jun 23 2015 Miroslav Lichvar 2.1.1-1 +- update to 2.1.1 (#1117882) +- add -n option to gzip command to not save timestamp + +* Mon Jun 22 2015 Miroslav Lichvar 2.1-1 +- update to 2.1 (#1117882 #1169353 #1206504 #1209568 CVE-2015-1821 + CVE-2015-1822 CVE-2015-1853) +- extend chrony-helper to allow using servers from DNS SRV records (#1211600) +- add servers from DHCP with iburst option by default (#1219492) +- execute test suite + +* Tue Feb 04 2014 Miroslav Lichvar 1.29.1-1 +- update to 1.29.1 (#1053022, CVE-2014-0021) +- fix selecting of sources with prefer option (#1061048) +- fix potential bug in writing of drift files (#1061106) +- replace hardening build flags with _hardened_build (#1061036) + +* Fri Jan 24 2014 Daniel Mach - 1.29-4 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.29-3 +- Mass rebuild 2013-12-27 + +* Thu Oct 03 2013 Miroslav Lichvar 1.29-2 +- add ordering dependency to not start chronyd before ntpd stopped (#1011968) + +* Fri Aug 09 2013 Miroslav Lichvar 1.29-1 +- update to 1.29 (#995373, CVE-2012-4502, CVE-2012-4503) + +* Wed Jul 17 2013 Miroslav Lichvar 1.28-1 +- update to 1.28 +- change default makestep limit to 10 seconds + +* Mon Jun 24 2013 Miroslav Lichvar 1.28-0.2.pre1 +- buildrequire systemd-units + +* Fri Jun 21 2013 Miroslav Lichvar 1.28-0.1.pre1 +- update to 1.28-pre1 +- listen for commands only on localhost by default + +* Thu May 09 2013 Miroslav Lichvar 1.27-3 +- disable chrony-wait service by default (#961047) +- drop old systemd scriptlets +- don't own ntp-units.d directory +- move files from /lib +- remove unncessary dependency on syslog target + +* Tue Mar 12 2013 Miroslav Lichvar 1.27-2 +- suppress error messages from tr when generating key (#907914) +- fix delta calculation with extreme frequency offsets + +* Fri Feb 01 2013 Miroslav Lichvar 1.27-1 +- update to 1.27 +- start chrony-wait service with chronyd +- start chronyd service after sntp +- remove obsolete macros + +* Tue Sep 11 2012 Miroslav Lichvar 1.27-0.5.pre1.git1ca844 +- update to git snapshot 1ca844 +- update systemd integration (#846303) +- use systemd macros if available (#850151) +- use correct vendor pool.ntp.org zone on RHEL (#845981) +- don't log output of chrony-wait service + +* Wed Jul 18 2012 Fedora Release Engineering - 1.27-0.4.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Miroslav Lichvar 1.27-0.3.pre1 +- update service file for systemd-timedated-ntp target (#816493) + +* Fri Apr 06 2012 Miroslav Lichvar 1.27-0.2.pre1 + use systemctl is-active instead of status in chrony-helper (#794771) + +* Tue Feb 28 2012 Miroslav Lichvar 1.27-0.1.pre1 +- update to 1.27-pre1 +- generate SHA1 command key instead of MD5 + +* Wed Feb 15 2012 Miroslav Lichvar 1.26-6.20110831gitb088b7 +- remove old servers on DHCP update (#787042) + +* Fri Feb 10 2012 Miroslav Lichvar 1.26-5.20110831gitb088b7 +- improve chrony-helper to keep track of servers added from DHCP (#787042) +- fix dhclient script to always return with zero exit code (#767859) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.26-4.20110831gitb088b7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Sep 06 2011 Miroslav Lichvar 1.26-3.20110831gitb088b7 +- update to git snapshot 20110831gitb088b7 +- on first start generate password with 16 chars +- change systemd service type to forking +- add forced-command to chrony-helper (#735821) + +* Mon Aug 15 2011 Miroslav Lichvar 1.26-2 +- fix iburst with very high jitters and long delays +- use timepps header from pps-tools-devel + +* Wed Jul 13 2011 Miroslav Lichvar 1.26-1 +- update to 1.26 +- read options from sysconfig file if it exists + +* Fri Jun 24 2011 Miroslav Lichvar 1.26-0.1.pre1 +- update to 1.26-pre1 +- fix service name in %%triggerun +- drop SysV init script +- add chrony-wait service + +* Fri May 06 2011 Bill Nottingham 1.25-2 +- fix systemd scriptlets for the upgrade case + +* Wed May 04 2011 Miroslav Lichvar 1.25-1 +- update to 1.25 + +* Wed Apr 20 2011 Miroslav Lichvar 1.25-0.3.pre2 +- update to 1.25-pre2 +- link with -Wl,-z,relro,-z,now options + +* Tue Feb 08 2011 Fedora Release Engineering - 1.25-0.2.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Miroslav Lichvar 1.25-0.1.pre1 +- update to 1.25-pre1 +- use iburst, four pool servers, rtcsync, stratumweight in default config +- add systemd support +- drop sysconfig file +- suppress install-info errors + +* Thu Apr 29 2010 Miroslav Lichvar 1.24-4.20100428git73d775 +- update to 20100428git73d775 +- replace initstepslew directive with makestep in default config +- add NetworkManager dispatcher script +- add dhclient script +- retry server/peer name resolution at least once to workaround + NetworkManager race condition on boot +- don't verify chrony.keys + +* Fri Mar 12 2010 Miroslav Lichvar 1.24-3.20100302git5fb555 +- update to snapshot 20100302git5fb555 +- compile with PPS API support + +* Thu Feb 04 2010 Miroslav Lichvar 1.24-1 +- update to 1.24 (#555367, CVE-2010-0292 CVE-2010-0293 CVE-2010-0294) +- modify default config + - step clock on start if it is off by more than 100 seconds + - disable client log +- build with -fPIE on sparc + +* Tue Dec 15 2009 Miroslav Lichvar 1.24-0.1.pre1 +- update to 1.24-pre1 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.23-7.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 17 2009 Miroslav Lichvar 1.23-6.20081106gitbe42b4 +- switch to editline +- support arbitrary chronyc commands in init script + +* Mon Jun 08 2009 Dan Horak 1.23-5.20081106gitbe42b4 +- add patch with support for s390/s390x + +* Mon Mar 09 2009 Miroslav Lichvar 1.23-4.20081106gitbe42b4 +- fix building with broken libcap header (#483548) + +* Mon Feb 23 2009 Fedora Release Engineering - 1.23-3.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Nov 19 2008 Miroslav Lichvar 1.23-2.20081106gitbe42b4 +- fix info uninstall +- generate random command key in init script +- support cyclelogs, online, offline commands in init script +- add logrotate script + +* Tue Nov 11 2008 Miroslav Lichvar 1.23-1.20081106gitbe42b4 +- initial release