diff --git a/.chrony.metadata b/.chrony.metadata index 5d00761..364bef3 100644 --- a/.chrony.metadata +++ b/.chrony.metadata @@ -1,2 +1,2 @@ -64db6c31e013222cc0a2b66322192b4cedf6e048 SOURCES/chrony-3.2.tar.gz -a56b3edc67f6af8c42775c2004fa8e5c09cc9be8 SOURCES/clknetsim-71dbbc.tar.gz +fa41e595e7041a9deda76a69e970a023091474f6 SOURCES/chrony-3.4.tar.gz +b674017c26433870107fb18e160c7d88d7d2eb86 SOURCES/clknetsim-8b4842.tar.gz diff --git a/.gitignore b/.gitignore index 967e3c2..9db88b6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/chrony-3.2.tar.gz -SOURCES/clknetsim-71dbbc.tar.gz +SOURCES/chrony-3.4.tar.gz +SOURCES/clknetsim-8b4842.tar.gz diff --git a/SOURCES/chrony-defconfig.patch b/SOURCES/chrony-defconfig.patch index c5bbfcc..c1b067d 100644 --- a/SOURCES/chrony-defconfig.patch +++ b/SOURCES/chrony-defconfig.patch @@ -11,3 +11,16 @@ diff -up chrony-3.2/examples/chrony.conf.example2.defconfig chrony-3.2/examples/ # Specify directory for log files. logdir /var/log/chrony +--- chrony-3.4/examples/chrony.keys.example 2018-09-19 16:38:15.000000000 +0200 ++++ chrony-3.4/examples/chrony.keys.example 2017-09-15 08:32:09.000000000 +0200 +@@ -1,7 +1,6 @@ +-# This is an example chrony keys file. It enables authentication of NTP +-# packets with symmetric keys when its location is specified by the keyfile +-# directive in chrony.conf(5). It should be readable only by root and the +-# user under which chronyd is running. ++# This is an example chrony keys file. It is used for NTP authentication with ++# symmetric keys. It should be readable only by root or the user to which ++# chronyd is configured to switch to after start. + # + # Don't use the example keys! It's recommended to generate random keys using + # the chronyc keygen command. diff --git a/SOURCES/chrony-select-timeout.patch b/SOURCES/chrony-select-timeout.patch deleted file mode 100644 index 6f585a4..0000000 --- a/SOURCES/chrony-select-timeout.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit d0b24860363a3704e28569ce9a6987717834edea -Author: Miroslav Lichvar -Date: Tue Dec 5 11:08:24 2017 +0100 - - client: don't call select() with invalid timeout - - If the system clock was stepped forward after chronyc sent a request and - before it read the clock in order to calculate the receive timeout, - select() could be called with a negative timeout, which resulted in an - infinite loop waiting for select() to succeed. - - Fix the submit_request() function to not call select() with a negative - timeout. Also, return immediately on any error of select(). - -diff --git a/client.c b/client.c -index 5c3a99e..4e23158 100644 ---- a/client.c -+++ b/client.c -@@ -1394,9 +1394,16 @@ submit_request(CMD_Request *request, CMD_Reply *reply) - - timeout = initial_timeout / 1000.0 * (1U << (n_attempts - 1)) - - UTI_DiffTimespecsToDouble(&ts_now, &ts_start); -- UTI_DoubleToTimeval(timeout, &tv); - DEBUG_LOG("Timeout %f seconds", timeout); - -+ /* Avoid calling select() with an invalid timeout */ -+ if (timeout <= 0.0) { -+ new_attempt = 1; -+ continue; -+ } -+ -+ UTI_DoubleToTimeval(timeout, &tv); -+ - FD_ZERO(&rdfd); - FD_ZERO(&wrfd); - FD_ZERO(&exfd); -@@ -1410,6 +1417,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply) - - if (select_status < 0) { - DEBUG_LOG("select failed : %s", strerror(errno)); -+ return 0; - } else if (select_status == 0) { - /* Timeout must have elapsed, try a resend? */ - new_attempt = 1; diff --git a/SOURCES/chrony-service-helper.patch b/SOURCES/chrony-service-helper.patch index fe11392..9035356 100644 --- a/SOURCES/chrony-service-helper.patch +++ b/SOURCES/chrony-service-helper.patch @@ -2,7 +2,7 @@ diff -up chrony-3.1/examples/chronyd.service.service-helper chrony-3.1/examples/ --- chrony-3.1/examples/chronyd.service.service-helper 2017-01-31 12:12:01.863772826 +0100 +++ chrony-3.1/examples/chronyd.service 2017-01-31 12:12:30.371860064 +0100 @@ -10,6 +10,7 @@ Type=forking - PIDFile=/var/run/chronyd.pid + PIDFile=/var/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS +ExecStartPost=/usr/libexec/chrony-helper update-daemon diff --git a/SOURCES/chrony-timestamping.patch b/SOURCES/chrony-timestamping.patch index 6b60ef9..971d7a4 100644 --- a/SOURCES/chrony-timestamping.patch +++ b/SOURCES/chrony-timestamping.patch @@ -1,25 +1,3 @@ -diff -up chrony-3.2/configure.timestamping chrony-3.2/configure ---- chrony-3.2/configure.timestamping 2017-09-19 13:58:21.093194558 +0200 -+++ chrony-3.2/configure 2017-09-19 13:57:56.109116276 +0200 -@@ -683,15 +683,15 @@ if [ $feat_timestamping = "1" ] && [ $tr - test_code 'SW/HW timestamping' 'sys/types.h sys/socket.h linux/net_tstamp.h - linux/errqueue.h linux/ptp_clock.h' '' '' ' - int val = SOF_TIMESTAMPING_SOFTWARE | SOF_TIMESTAMPING_RX_SOFTWARE | -- SOF_TIMESTAMPING_RAW_HARDWARE | SOF_TIMESTAMPING_OPT_CMSG; -- return sizeof (struct scm_timestamping) + SCM_TSTAMP_SND + PTP_SYS_OFFSET + -+ SOF_TIMESTAMPING_RAW_HARDWARE | 1; -+ return 3 * sizeof (struct timespec) + 0 + PTP_SYS_OFFSET + - setsockopt(0, SOL_SOCKET, SO_SELECT_ERR_QUEUE + SO_TIMESTAMPING, - &val, sizeof (val));' - then - add_def HAVE_LINUX_TIMESTAMPING - EXTRA_OBJECTS="$EXTRA_OBJECTS hwclock.o ntp_io_linux.o" - -- if test_code 'other timestamping options' \ -+ if true || test_code 'other timestamping options' \ - 'sys/types.h sys/socket.h linux/net_tstamp.h' '' '' ' - struct scm_ts_pktinfo pktinfo; - pktinfo.if_index = pktinfo.pkt_length = 0; diff -up chrony-3.2/doc/chrony.conf.man.in.timestamping chrony-3.2/doc/chrony.conf.man.in --- chrony-3.2/doc/chrony.conf.man.in.timestamping 2017-09-15 10:17:41.000000000 +0200 +++ chrony-3.2/doc/chrony.conf.man.in 2017-09-19 13:52:59.544187046 +0200 @@ -39,159 +17,3 @@ diff -up chrony-3.2/doc/chrony.conf.man.in.timestamping chrony-3.2/doc/chrony.co running, no other process (e.g. a PTP daemon) should be working with the NIC clock. .sp -diff -up chrony-3.2/ntp_io_linux.c.timestamping chrony-3.2/ntp_io_linux.c ---- chrony-3.2/ntp_io_linux.c.timestamping 2017-09-15 08:32:09.000000000 +0200 -+++ chrony-3.2/ntp_io_linux.c 2017-09-19 13:52:59.544187046 +0200 -@@ -35,6 +35,16 @@ - #include - #include - -+/* Missing in older kernel headers */ -+#define SOF_TIMESTAMPING_OPT_CMSG (1<<10) -+#define SOF_TIMESTAMPING_OPT_PKTINFO (1<<13) -+#define SOF_TIMESTAMPING_OPT_TX_SWHW (1<<14) -+#define SCM_TSTAMP_SND 0 -+#define HWTSTAMP_FILTER_NTP_ALL 15 -+#ifndef SCM_TIMESTAMPING_PKTINFO -+#define SCM_TIMESTAMPING_PKTINFO 58 -+#endif -+ - #include "array.h" - #include "conf.h" - #include "hwclock.h" -@@ -94,6 +104,10 @@ static int ts_tx_flags; - /* Flag indicating the socket options can't be changed in control messages */ - static int permanent_ts_options; - -+/* Index of a HW-timestamping interface, but only if the machine has not more -+ than one */ -+static int single_hwts_if_index; -+ - /* ================================================== */ - - static int -@@ -278,7 +292,7 @@ update_interface_speed(struct Interface - - /* ================================================== */ - --#if defined(HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO) || defined(HAVE_LINUX_TIMESTAMPING_OPT_TX_SWHW) -+#if 1 - static int - check_timestamping_option(int option) - { -@@ -301,6 +315,61 @@ check_timestamping_option(int option) - - /* ================================================== */ - -+static int -+get_single_hwts_index() -+{ -+ struct ifaddrs *ifaddr, *ifa; -+ struct ethtool_ts_info ts_info; -+ struct ifreq req; -+ int sock_fd, if_index, hwts_if_index = INVALID_IF_INDEX; -+ -+ sock_fd = socket(AF_INET, SOCK_DGRAM, 0); -+ if (sock_fd < 0) -+ return INVALID_IF_INDEX; -+ -+ if (getifaddrs(&ifaddr)) { -+ DEBUG_LOG("getifaddrs() failed : %s", strerror(errno)); -+ close(sock_fd); -+ return INVALID_IF_INDEX; -+ } -+ -+ for (ifa = ifaddr; ifa; ifa = ifa->ifa_next) { -+ memset(&req, 0, sizeof (req)); -+ memset(&ts_info, 0, sizeof (ts_info)); -+ -+ if (snprintf(req.ifr_name, sizeof (req.ifr_name), "%s", ifa->ifa_name) >= -+ sizeof (req.ifr_name)) -+ break; -+ -+ if (ioctl(sock_fd, SIOCGIFINDEX, &req)) -+ break; -+ -+ if_index = req.ifr_ifindex; -+ ts_info.cmd = ETHTOOL_GET_TS_INFO; -+ req.ifr_data = (char *)&ts_info; -+ -+ if (ioctl(sock_fd, SIOCETHTOOL, &req)) -+ break; -+ -+ if (ts_info.phc_index < 0) -+ continue; -+ -+ if (hwts_if_index != INVALID_IF_INDEX && hwts_if_index != if_index) -+ break; -+ -+ hwts_if_index = if_index; -+ } -+ -+ close(sock_fd); -+ freeifaddrs(ifaddr); -+ -+ if (ifa) -+ return INVALID_IF_INDEX; -+ -+ return hwts_if_index; -+} -+ -+/* ================================================== */ - void - NIO_Linux_Initialise(void) - { -@@ -345,8 +414,20 @@ NIO_Linux_Initialise(void) - #endif - } - -- /* Enable IP_PKTINFO in messages looped back to the error queue */ -- ts_flags |= SOF_TIMESTAMPING_OPT_CMSG; -+ single_hwts_if_index = INVALID_IF_INDEX; -+ -+ /* Enable IP_PKTINFO in messages looped back to the error queue if possible. -+ If not, HW timestamping of IPv4 packets can be supported only with one -+ interface capable of HW timestamping. */ -+ if (check_timestamping_option(SOF_TIMESTAMPING_OPT_CMSG)) { -+ ts_flags |= SOF_TIMESTAMPING_OPT_CMSG; -+ } else if (ARR_GetSize(interfaces) > 0) { -+ single_hwts_if_index = get_single_hwts_index(); -+ if (single_hwts_if_index == INVALID_IF_INDEX) -+ LOG(LOGS_WARN, "Missing SOF_TIMESTAMPING_OPT_CMSG option for HW timestamping with multiple HW-timestamping interfaces"); -+ else -+ LOG(LOGS_INFO, "Enabled single-interface HW-timestamping mode"); -+ } - - /* Kernels before 4.7 ignore timestamping flags set in control messages */ - permanent_ts_options = !SYS_Linux_CheckKernelVersion(4, 7); -@@ -590,7 +671,11 @@ NIO_Linux_ProcessMessage(NTP_Remote_Addr - for (cmsg = CMSG_FIRSTHDR(hdr); cmsg; cmsg = CMSG_NXTHDR(hdr, cmsg)) { - #ifdef HAVE_LINUX_TIMESTAMPING_OPT_PKTINFO - if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING_PKTINFO) { -- struct scm_ts_pktinfo ts_pktinfo; -+ struct { -+ __u32 if_index; -+ __u32 pkt_length; -+ __u32 reserved[2]; -+ } ts_pktinfo; - - memcpy(&ts_pktinfo, CMSG_DATA(cmsg), sizeof (ts_pktinfo)); - -@@ -602,11 +687,16 @@ NIO_Linux_ProcessMessage(NTP_Remote_Addr - #endif - - if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_TIMESTAMPING) { -- struct scm_timestamping ts3; -+ struct { -+ struct timespec ts[3]; -+ } ts3; - - memcpy(&ts3, CMSG_DATA(cmsg), sizeof (ts3)); - - if (!UTI_IsZeroTimespec(&ts3.ts[2])) { -+ if (ts_if_index == INVALID_IF_INDEX) -+ ts_if_index = single_hwts_if_index; -+ - iface = get_interface(ts_if_index); - if (iface) { - process_hw_timestamp(iface, &ts3.ts[2], local_ts, !is_tx ? length : 0, diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index e2fb655..d2b5658 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -1,10 +1,10 @@ %global _hardened_build 1 -%global clknetsim_ver 71dbbc +%global clknetsim_ver 8b4842 %bcond_without debug Name: chrony -Version: 3.2 -Release: 2%{?dist} +Version: 3.4 +Release: 1%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -20,18 +20,18 @@ Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c # add NTP servers from DHCP when starting service Patch1: chrony-service-helper.patch -# enable support for SW/HW timestamping on older kernels +# remove upstream kernel versions in documentation of HW timestamping Patch2: chrony-timestamping.patch -# revert upstream changes in packaged chrony.conf example +# revert upstream changes in packaged configuration examples Patch3: chrony-defconfig.patch -# fix chronyc getting stuck in infinite loop after clock step -Patch4: chrony-select-timeout.patch BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 ppc64 ppc64le s390 s390x BuildRequires: libseccomp-devel %endif BuildRequires: bison systemd-units +# require kernel headers with supported HW-timestamping features +BuildRequires: kernel-headers > 3.10.0-742 Requires(pre): shadow-utils Requires(post): systemd @@ -54,7 +54,6 @@ clocks, system real-time clock or manual input as time references. %patch1 -p1 -b .service-helper %patch2 -p1 -b .timestamping %patch3 -p1 -b .defconfig -%patch4 -p1 -b .select-timeout # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') @@ -62,8 +61,8 @@ md5sum -c <<-EOF | (! grep -v 'OK$') 58978d335ec3752ac2c38fa82b48f0a5 examples/chrony.conf.example2 ba6bb05c50e03f6b5ab54a2b7914800d examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - 27cbc940c94575de320dbd251cbb4514 examples/chrony.nm-dispatcher - a85246982a89910b1e2d3356b7d131d7 examples/chronyd.service + 8748a663f0b1943ea491858f414a6b26 examples/chrony.nm-dispatcher + 921b354e94f5e3db124cb50d11cd560f examples/chronyd.service EOF # don't allow empty vendor zone @@ -89,6 +88,7 @@ mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim --enable-ntp-signd \ --enable-scfilter \ --docdir=%{_docdir} \ + --without-nettle \ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ @@ -150,6 +150,16 @@ getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ : %post +# fix PIDFile in local chronyd.service on upgrades from chrony < 3.3-2 +if grep -q 'PIDFile=%{_localstatedir}/run/chronyd.pid' \ + %{_sysconfdir}/systemd/system/chronyd.service 2> /dev/null && \ + ! grep -qi '^[ '$'\t'']*pidfile' %{_sysconfdir}/chrony.conf 2> /dev/null +then + sed -i '/PIDFile=/s|/run/|/run/chrony/|' \ + %{_sysconfdir}/systemd/system/chronyd.service +fi +# workaround for late reload of unit file (#1614751) +%{_bindir}/systemctl daemon-reload %systemd_post chronyd.service chrony-wait.service %preun @@ -179,6 +189,10 @@ getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ %dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Thu Jan 10 2019 Miroslav Lichvar 3.4-1 +- update to 3.4 (#1636117, #1565544, #1565548, #1596239, #1600882) +- drop support for HW timestamping on kernels < 3.10.0-613 + * Tue Dec 05 2017 Miroslav Lichvar 3.2-2 - fix chronyc getting stuck in infinite loop after clock step (#1520884)