From d84c6e7372bbba3029f17acdf319608786852894 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 19 2015 15:37:50 +0000 Subject: import chrony-2.1.1-1.el7 --- diff --git a/.chrony.metadata b/.chrony.metadata index f22b34c..c107a12 100644 --- a/.chrony.metadata +++ b/.chrony.metadata @@ -1 +1,2 @@ -bf07c0afa6ab761d9863714497555fa5be578f3d SOURCES/chrony-1.29.1.tar.gz +bc43c7c3671fcb5d998428b485847f8a1d6cfff9 SOURCES/chrony-2.1.1.tar.gz +fbd4b56e546927e4a60beef9667fb844686bb1e1 SOURCES/clknetsim-c0e2b4.tar.gz diff --git a/.gitignore b/.gitignore index d0241c1..63266e0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -SOURCES/chrony-1.29.1.tar.gz +SOURCES/chrony-2.1.1.tar.gz +SOURCES/clknetsim-c0e2b4.tar.gz diff --git a/SOURCES/chrony-dnssrv@.service b/SOURCES/chrony-dnssrv@.service new file mode 100644 index 0000000..139ed28 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.service @@ -0,0 +1,8 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chronyd.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/chrony-helper update-dnssrv-servers %I diff --git a/SOURCES/chrony-dnssrv@.timer b/SOURCES/chrony-dnssrv@.timer new file mode 100644 index 0000000..8495e01 --- /dev/null +++ b/SOURCES/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/SOURCES/chrony-driftwrite.patch b/SOURCES/chrony-driftwrite.patch deleted file mode 100644 index b55ce01..0000000 --- a/SOURCES/chrony-driftwrite.patch +++ /dev/null @@ -1,59 +0,0 @@ -commit 925d7119ec0db3620a2350eca3cbaea1a8eb4306 -Author: Miroslav Lichvar -Date: Tue Jan 21 18:18:04 2014 +0100 - - Fix writing of drift and RTC files - - Without sequence points the driftfile and RTC file could be closed - before new values were written. - -diff --git a/reference.c b/reference.c -index 12e6beb..3a3af1e 100644 ---- a/reference.c -+++ b/reference.c -@@ -290,6 +290,7 @@ update_drift_file(double freq_ppm, double skew) - struct stat buf; - char *temp_drift_file; - FILE *out; -+ int r1, r2; - - /* Create a temporary file with a '.tmp' extension. */ - -@@ -311,8 +312,9 @@ update_drift_file(double freq_ppm, double skew) - } - - /* Write the frequency and skew parameters in ppm */ -- if ((fprintf(out, "%20.6f %20.6f\n", freq_ppm, 1.0e6 * skew) < 0) | -- fclose(out)) { -+ r1 = fprintf(out, "%20.6f %20.6f\n", freq_ppm, 1.0e6 * skew); -+ r2 = fclose(out); -+ if (r1 < 0 || r2) { - Free(temp_drift_file); - LOG(LOGS_WARN, LOGF_Reference, "Could not write to temporary driftfile %s.tmp", - drift_file); -diff --git a/rtc_linux.c b/rtc_linux.c -index 8eda906..91b0cac 100644 ---- a/rtc_linux.c -+++ b/rtc_linux.c -@@ -467,6 +467,7 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) - struct stat buf; - char *temp_coefs_file_name; - FILE *out; -+ int r1, r2; - - /* Create a temporary file with a '.tmp' extension. */ - -@@ -488,9 +489,10 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) - } - - /* Gain rate is written out in ppm */ -- if ((fprintf(out, "%1d %ld %.6f %.3f\n", -- valid,ref_time, offset, 1.0e6 * rate) < 0) | -- fclose(out)) { -+ r1 = fprintf(out, "%1d %ld %.6f %.3f\n", -+ valid, ref_time, offset, 1.0e6 * rate); -+ r2 = fclose(out); -+ if (r1 < 0 || r2) { - Free(temp_coefs_file_name); - LOG(LOGS_WARN, LOGF_RtcLinux, "Could not write to temporary RTC file %s.tmp", - coefs_file_name); diff --git a/SOURCES/chrony-preferselect.patch b/SOURCES/chrony-preferselect.patch deleted file mode 100644 index e128152..0000000 --- a/SOURCES/chrony-preferselect.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit f456cd57b93695b1a9bd792ed084c62f9ffa7c9f -Author: Miroslav Lichvar -Date: Tue Jan 21 17:18:48 2014 +0100 - - Fix selecting of sources with prefer option - - List of selectable sources that is used in combining was trimmed to - sources with prefer option, but scoring algorithm considered all - selectable sources. When a source without prefer was selected and - no source was combined, it caused assertion failure. - -diff --git a/sources.c b/sources.c -index 6c6a5bb..de07bd3 100644 ---- a/sources.c -+++ b/sources.c -@@ -503,7 +503,7 @@ combine_sources(int n_sel_sources, struct timeval *ref_time, double *offset, - void - SRC_SelectSource(uint32_t match_refid) - { -- int i, j, index, old_selected_index; -+ int i, j, index, old_selected_index, sel_prefer; - struct timeval now, ref_time; - double src_offset, src_offset_sd, src_frequency, src_skew; - double src_root_delay, src_root_dispersion; -@@ -811,6 +811,9 @@ SRC_SelectSource(uint32_t match_refid) - } - if (j > 0) { - n_sel_sources = j; -+ sel_prefer = 1; -+ } else { -+ sel_prefer = 0; - } - - /* Now find minimum stratum. If none are left now, -@@ -843,7 +846,8 @@ SRC_SelectSource(uint32_t match_refid) - for (i = 0; i < n_sources; i++) { - - /* Reset score for non-selectable sources */ -- if (sources[i]->status != SRC_SELECTABLE) { -+ if (sources[i]->status != SRC_SELECTABLE || -+ (sel_prefer && sources[i]->sel_option != SRC_SelectPrefer)) { - sources[i]->sel_score = 1.0; - sources[i]->outlier = OUTLIER_PENALTY; - continue; diff --git a/SOURCES/chrony.dhclient b/SOURCES/chrony.dhclient index 30c68ab..8b12441 100644 --- a/SOURCES/chrony.dhclient +++ b/SOURCES/chrony.dhclient @@ -6,18 +6,15 @@ chrony_config() { rm -f $SERVERFILE if [ "$PEERNTP" != "no" ]; then for server in $new_ntp_servers; do - echo "$server $NTPSERVERARGS" >> $SERVERFILE + echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE done - /usr/libexec/chrony-helper is-running && - /usr/libexec/chrony-helper add-dhclient-servers && - /usr/libexec/chrony-helper remove-dhclient-servers || : + /usr/libexec/chrony-helper update-daemon || : fi } chrony_restore() { if [ -f $SERVERFILE ]; then rm -f $SERVERFILE - /usr/libexec/chrony-helper is-running && - /usr/libexec/chrony-helper remove-dhclient-servers || : + /usr/libexec/chrony-helper update-daemon || : fi } diff --git a/SOURCES/chrony.helper b/SOURCES/chrony.helper index 8deac0c..78fd944 100644 --- a/SOURCES/chrony.helper +++ b/SOURCES/chrony.helper @@ -1,76 +1,186 @@ #!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. chronyc=/usr/bin/chronyc -dhclient_servers=/var/lib/dhclient/chrony.servers.* -dhclient_added_servers=/var/lib/dhclient/chrony.added_servers -service_name=chronyd.service +helper_dir=/var/run/chrony-helper +added_servers_file=$helper_dir/added_servers + +network_sysconfig_file=/etc/sysconfig/network +dhclient_servers_files=/var/lib/dhclient/chrony.servers.* +dnssrv_servers_files=$helper_dir/dnssrv@* +dnssrv_timer_prefix=chrony-dnssrv@ chrony_command() { - $chronyc -a -m "$1" + $chronyc -a -n -m "$1" } -update_dhclient_added_servers() { - new_servers=$(echo "$1" | sort -u) - old_servers=$(cat $dhclient_added_servers 2> /dev/null) - [ "$old_servers" = "$new_servers" ] && return 0 - [ -n "$new_servers" ] && echo "$new_servers" > $dhclient_added_servers || - rm -f $dhclient_added_servers +is_running() { + chrony_command "tracking" &> /dev/null } -add_dhclient_servers() { - shopt -s nullglob - servers_files=($dhclient_servers) - shopt -u nullglob - (( ${#servers_files[*]} )) || return 0 - - added_servers=$( - cat $dhclient_added_servers 2> /dev/null - cat ${servers_files[*]} | - while read server serverargs; do - chrony_command "add server $server $serverargs" &> /dev/null && - echo "$server" - done) - update_dhclient_added_servers "$added_servers" +is_update_needed() { + for file in $dhclient_servers_files $dnssrv_servers_files \ + $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 } -remove_dhclient_servers() { - [ -f $dhclient_added_servers ] || return 0 +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$( + cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) + all_servers=$( - cat $dhclient_servers 2> /dev/null | + echo "$all_servers_with_args" | while read server serverargs; do echo "$server" done | sort -u) - echo "$all_servers" | comm -23 $dhclient_added_servers - | + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | while read server; do chrony_command "delete $server" &> /dev/null done - added_servers=$(echo "$all_servers" | comm -12 $dhclient_added_servers -) - update_dhclient_added_servers "$added_servers" + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || + rm -f $added_servers_file } -is_running() { - systemctl is-active -q $service_name +get_dnssrv_servers() { + local name=$1 + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + ( + . $network_sysconfig_file &> /dev/null + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) + [ $? -ne 0 ] && return 0 + + echo "$output" | while read prio weight port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port ${NTPSERVERARGS:-iburst}" + done + ) +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer=$dnssrv_timer_prefix$name.timer + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " is-running" + echo " command CHRONYC-COMMAND" } case "$1" in - add-dhclient-servers) - add_dhclient_servers + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon ;; - remove-dhclient-servers) - remove_dhclient_servers + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers ;; is-running) is_running ;; - command) - is_running && chrony_command "$2" - ;; - forced-command) + command|forced-command) chrony_command "$2" ;; *) - echo $"Usage: $0 {add-dhclient-servers|remove-dhclient-servers|is-running|command|forced-command}" + print_help exit 2 esac -exit $? +exit $? diff --git a/SOURCES/chrony.nm-dispatcher b/SOURCES/chrony.nm-dispatcher deleted file mode 100644 index fea2723..0000000 --- a/SOURCES/chrony.nm-dispatcher +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh - -export LC_ALL=C - -if [ "$2" = "up" ]; then - /sbin/ip route list dev "$1" | grep -q '^default' && - /usr/libexec/chrony-helper command online > /dev/null 2>&1 -fi - -if [ "$2" = "down" ]; then - /sbin/ip route list | grep -q '^default' || - /usr/libexec/chrony-helper command offline > /dev/null 2>&1 -fi - -exit 0 diff --git a/SOURCES/chronyd.service b/SOURCES/chronyd.service index 589856e..46da306 100644 --- a/SOURCES/chronyd.service +++ b/SOURCES/chronyd.service @@ -5,9 +5,10 @@ Conflicts=ntpd.service [Service] Type=forking +PIDFile=/var/run/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd -ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS -ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers +ExecStart=/usr/sbin/chronyd $OPTIONS +ExecStartPost=/usr/libexec/chrony-helper update-daemon [Install] WantedBy=multi-user.target diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index 11579b6..31c026a 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -1,7 +1,9 @@ %global _hardened_build 1 +%global clknetsim_ver c0e2b4 +%bcond_without debug Name: chrony -Version: 1.29.1 +Version: 2.1.1 Release: 1%{?dist} Summary: An NTP client/server @@ -14,12 +16,13 @@ Source2: chrony.keys Source3: chronyd.service Source4: chrony.helper Source5: chrony.logrotate -Source7: chrony.nm-dispatcher Source8: chrony.dhclient Source9: chrony-wait.service +# simulator for test suite +Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source11: chrony-dnssrv@.service +Source12: chrony-dnssrv@.timer %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} -Patch1: chrony-preferselect.patch -Patch2: chrony-driftwrite.patch BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel BuildRequires: bison texinfo systemd-units @@ -38,25 +41,30 @@ clocks, system real-time clock or manual input as time references. %if 0%{!?vendorzone:1} %{?fedora: %global vendorzone fedora.} -%{?rhel: %global vendorzone centos.} +%{?rhel: %global vendorzone rhel.} %endif %prep -%setup -q -n %{name}-%{version}%{?prerelease} +%setup -q -n %{name}-%{version}%{?prerelease} -a 10 %{?gitpatch:%patch0 -p1} -%patch1 -p1 -b .preferselect -%patch2 -p1 -b .driftwrite %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} sed -e 's|VENDORZONE\.|%{vendorzone}|' < %{SOURCE1} > chrony.conf touch -r %{SOURCE1} chrony.conf +# regenerate the file from getdate.y +rm -f getdate.c + +mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim + %build %configure \ +%{?with_debug: --enable-debug} \ --docdir=%{_docdir} \ + --with-user=chrony \ --with-sendmail=%{_sbindir}/sendmail -make %{?_smp_mflags} getdate all docs +make %{?_smp_mflags} all docs %install make install install-docs DESTDIR=$RPM_BUILD_ROOT @@ -75,17 +83,27 @@ install -m 640 -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chronyd.service install -m 755 -p %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper install -m 644 -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony -install -m 755 -p %{SOURCE7} \ +install -m 755 -p examples/chrony.nm-dispatcher \ $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony install -m 755 -p %{SOURCE8} \ $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh install -m 644 -p %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service +install -m 644 -p %{SOURCE11} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service +install -m 644 -p %{SOURCE12} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc} echo 'chronyd.service' > \ $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list +gzip -9 -f -n chrony.txt + +%check +# set random seed to get deterministic results +export CLKNETSIM_RANDOM_SEED=24501 +make %{?_smp_mflags} -C test/simulation/clknetsim +make check + %pre getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ @@ -109,7 +127,7 @@ fi %systemd_postun_with_restart chronyd.service %files -%doc COPYING NEWS README chrony.txt faq.txt examples/* +%doc COPYING FAQ NEWS README chrony.txt.gz %config(noreplace) %{_sysconfdir}/chrony.conf %config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys %config(noreplace) %{_sysconfdir}/logrotate.d/chrony @@ -121,6 +139,7 @@ fi %{_infodir}/chrony.info* %{_prefix}/lib/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service +%{_unitdir}/chrony*.timer %{_mandir}/man[158]/%{name}*.[158]* %dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift @@ -128,8 +147,16 @@ fi %dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Wed Jun 18 2014 Jim Perrin - 1.29.1-1.el7.centos -- rebrand vendorzone +* Tue Jun 23 2015 Miroslav Lichvar 2.1.1-1 +- update to 2.1.1 (#1117882) +- add -n option to gzip command to not save timestamp + +* Mon Jun 22 2015 Miroslav Lichvar 2.1-1 +- update to 2.1 (#1117882 #1169353 #1206504 #1209568 CVE-2015-1821 + CVE-2015-1822 CVE-2015-1853) +- extend chrony-helper to allow using servers from DNS SRV records (#1211600) +- add servers from DHCP with iburst option by default (#1219492) +- execute test suite * Tue Feb 04 2014 Miroslav Lichvar 1.29.1-1 - update to 1.29.1 (#1053022, CVE-2014-0021)