diff --git a/.chrony.metadata b/.chrony.metadata new file mode 100644 index 0000000..2402c22 --- /dev/null +++ b/.chrony.metadata @@ -0,0 +1 @@ +442fb7d62a6f23bf1057864a3dbdfa55e1b6eb35 SOURCES/chrony-1.29.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/chrony-wait.service b/SOURCES/chrony-wait.service new file mode 100644 index 0000000..6513b4f --- /dev/null +++ b/SOURCES/chrony-wait.service @@ -0,0 +1,17 @@ +[Unit] +Description=Wait for chrony to synchronize system clock +After=chronyd.service +Requires=chronyd.service +Before=time-sync.target +Wants=time-sync.target + +[Service] +Type=oneshot +# Wait up to ~10 minutes for chronyd to synchronize and the remaining +# clock correction to be less than 0.1 seconds +ExecStart=/usr/bin/chronyc waitsync 60 0.1 +RemainAfterExit=yes +StandardOutput=null + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/chrony.conf b/SOURCES/chrony.conf new file mode 100644 index 0000000..9da0097 --- /dev/null +++ b/SOURCES/chrony.conf @@ -0,0 +1,46 @@ +# Use public servers from the pool.ntp.org project. +# Please consider joining the pool (http://www.pool.ntp.org/join.html). +server 0.VENDORZONE.pool.ntp.org iburst +server 1.VENDORZONE.pool.ntp.org iburst +server 2.VENDORZONE.pool.ntp.org iburst +server 3.VENDORZONE.pool.ntp.org iburst + +# Ignore stratum in source selection. +stratumweight 0 + +# Record the rate at which the system clock gains/losses time. +driftfile /var/lib/chrony/drift + +# Enable kernel RTC synchronization. +rtcsync + +# In first three updates step the system clock instead of slew +# if the adjustment is larger than 10 seconds. +makestep 10 3 + +# Allow NTP client access from local network. +#allow 192.168/16 + +# Listen for commands only on localhost. +bindcmdaddress 127.0.0.1 +bindcmdaddress ::1 + +# Serve time even if not synchronized to any NTP server. +#local stratum 10 + +keyfile /etc/chrony.keys + +# Specify the key used as password for chronyc. +commandkey 1 + +# Generate command key if missing. +generatecommandkey + +# Disable logging of client accesses. +noclientlog + +# Send a message to syslog if a clock adjustment is larger than 0.5 seconds. +logchange 0.5 + +logdir /var/log/chrony +#log measurements statistics tracking diff --git a/SOURCES/chrony.dhclient b/SOURCES/chrony.dhclient new file mode 100644 index 0000000..30c68ab --- /dev/null +++ b/SOURCES/chrony.dhclient @@ -0,0 +1,23 @@ +#!/bin/bash + +SERVERFILE=$SAVEDIR/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + if [ "$PEERNTP" != "no" ]; then + for server in $new_ntp_servers; do + echo "$server $NTPSERVERARGS" >> $SERVERFILE + done + /usr/libexec/chrony-helper is-running && + /usr/libexec/chrony-helper add-dhclient-servers && + /usr/libexec/chrony-helper remove-dhclient-servers || : + fi +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + /usr/libexec/chrony-helper is-running && + /usr/libexec/chrony-helper remove-dhclient-servers || : + fi +} diff --git a/SOURCES/chrony.helper b/SOURCES/chrony.helper new file mode 100644 index 0000000..8deac0c --- /dev/null +++ b/SOURCES/chrony.helper @@ -0,0 +1,76 @@ +#!/bin/bash + +chronyc=/usr/bin/chronyc +dhclient_servers=/var/lib/dhclient/chrony.servers.* +dhclient_added_servers=/var/lib/dhclient/chrony.added_servers +service_name=chronyd.service + +chrony_command() { + $chronyc -a -m "$1" +} + +update_dhclient_added_servers() { + new_servers=$(echo "$1" | sort -u) + old_servers=$(cat $dhclient_added_servers 2> /dev/null) + [ "$old_servers" = "$new_servers" ] && return 0 + [ -n "$new_servers" ] && echo "$new_servers" > $dhclient_added_servers || + rm -f $dhclient_added_servers +} + +add_dhclient_servers() { + shopt -s nullglob + servers_files=($dhclient_servers) + shopt -u nullglob + (( ${#servers_files[*]} )) || return 0 + + added_servers=$( + cat $dhclient_added_servers 2> /dev/null + cat ${servers_files[*]} | + while read server serverargs; do + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) + update_dhclient_added_servers "$added_servers" +} + +remove_dhclient_servers() { + [ -f $dhclient_added_servers ] || return 0 + all_servers=$( + cat $dhclient_servers 2> /dev/null | + while read server serverargs; do + echo "$server" + done | sort -u) + echo "$all_servers" | comm -23 $dhclient_added_servers - | + while read server; do + chrony_command "delete $server" &> /dev/null + done + added_servers=$(echo "$all_servers" | comm -12 $dhclient_added_servers -) + update_dhclient_added_servers "$added_servers" +} + +is_running() { + systemctl is-active -q $service_name +} + +case "$1" in + add-dhclient-servers) + add_dhclient_servers + ;; + remove-dhclient-servers) + remove_dhclient_servers + ;; + is-running) + is_running + ;; + command) + is_running && chrony_command "$2" + ;; + forced-command) + chrony_command "$2" + ;; + *) + echo $"Usage: $0 {add-dhclient-servers|remove-dhclient-servers|is-running|command|forced-command}" + exit 2 +esac +exit $? + diff --git a/SOURCES/chrony.keys b/SOURCES/chrony.keys new file mode 100644 index 0000000..6bed03a --- /dev/null +++ b/SOURCES/chrony.keys @@ -0,0 +1 @@ +#1 a_key diff --git a/SOURCES/chrony.logrotate b/SOURCES/chrony.logrotate new file mode 100644 index 0000000..4bb83b2 --- /dev/null +++ b/SOURCES/chrony.logrotate @@ -0,0 +1,8 @@ +/var/log/chrony/*.log { + missingok + nocreate + sharedscripts + postrotate + /usr/libexec/chrony-helper command cyclelogs > /dev/null 2>&1 || true + endscript +} diff --git a/SOURCES/chrony.nm-dispatcher b/SOURCES/chrony.nm-dispatcher new file mode 100644 index 0000000..fea2723 --- /dev/null +++ b/SOURCES/chrony.nm-dispatcher @@ -0,0 +1,15 @@ +#!/bin/sh + +export LC_ALL=C + +if [ "$2" = "up" ]; then + /sbin/ip route list dev "$1" | grep -q '^default' && + /usr/libexec/chrony-helper command online > /dev/null 2>&1 +fi + +if [ "$2" = "down" ]; then + /sbin/ip route list | grep -q '^default' || + /usr/libexec/chrony-helper command offline > /dev/null 2>&1 +fi + +exit 0 diff --git a/SOURCES/chronyd.service b/SOURCES/chronyd.service new file mode 100644 index 0000000..589856e --- /dev/null +++ b/SOURCES/chronyd.service @@ -0,0 +1,13 @@ +[Unit] +Description=NTP client/server +After=ntpdate.service sntp.service ntpd.service +Conflicts=ntpd.service + +[Service] +Type=forking +EnvironmentFile=-/etc/sysconfig/chronyd +ExecStart=/usr/sbin/chronyd -u chrony $OPTIONS +ExecStartPost=/usr/libexec/chrony-helper add-dhclient-servers + +[Install] +WantedBy=multi-user.target diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec new file mode 100644 index 0000000..43bee46 --- /dev/null +++ b/SPECS/chrony.spec @@ -0,0 +1,284 @@ +Name: chrony +Version: 1.29 +Release: 2%{?dist} +Summary: An NTP client/server + +Group: System Environment/Daemons +License: GPLv2 +URL: http://chrony.tuxfamily.org +Source0: http://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +Source1: chrony.conf +Source2: chrony.keys +Source3: chronyd.service +Source4: chrony.helper +Source5: chrony.logrotate +Source7: chrony.nm-dispatcher +Source8: chrony.dhclient +Source9: chrony-wait.service +%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} + +BuildRequires: libcap-devel libedit-devel nss-devel pps-tools-devel +BuildRequires: bison texinfo systemd-units + +Requires(pre): shadow-utils +Requires(post): systemd info +Requires(preun): systemd info +Requires(postun): systemd + +%description +A client/server for the Network Time Protocol, this program keeps your +computer's clock accurate. It was specially designed to support +systems with intermittent internet connections, but it also works well +in permanently connected environments. It can use also hardware reference +clocks, system real-time clock or manual input as time references. + +%if 0%{!?vendorzone:1} +%{?fedora: %global vendorzone fedora.} +%{?rhel: %global vendorzone rhel.} +%endif + +%prep +%setup -q -n %{name}-%{version}%{?prerelease} +%{?gitpatch:%patch0 -p1} + +%{?gitpatch: echo %{version}-%{gitpatch} > version.txt} + +sed -e 's|VENDORZONE\.|%{vendorzone}|' < %{SOURCE1} > chrony.conf +touch -r %{SOURCE1} chrony.conf + +%build +CFLAGS="$RPM_OPT_FLAGS" +%ifarch %{sparc} +CFLAGS="$CFLAGS -fPIE" +%else +CFLAGS="$CFLAGS -fpie" +%endif +export CFLAGS +export LDFLAGS="-pie -Wl,-z,relro,-z,now" + +%configure \ + --docdir=%{_docdir} \ + --with-sendmail=%{_sbindir}/sendmail +make %{?_smp_mflags} getdate all docs + +%install +make install install-docs DESTDIR=$RPM_BUILD_ROOT + +rm -rf $RPM_BUILD_ROOT%{_docdir} + +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d +mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} + +install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf +install -m 640 -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys +install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chronyd.service +install -m 755 -p %{SOURCE4} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper +install -m 644 -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony +install -m 755 -p %{SOURCE7} \ + $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +install -m 755 -p %{SOURCE8} \ + $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +install -m 644 -p %{SOURCE9} $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service + +touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc} + +echo 'chronyd.service' > \ + $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list + +%pre +getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony +getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ + -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony +: + +%post +%systemd_post chronyd.service chrony-wait.service +/sbin/install-info %{_infodir}/chrony.info.gz %{_infodir}/dir &> /dev/null +: + +%preun +%systemd_preun chronyd.service chrony-wait.service +if [ "$1" -eq 0 ]; then + /sbin/install-info --delete %{_infodir}/chrony.info.gz \ + %{_infodir}/dir &> /dev/null +fi +: + +%postun +%systemd_postun_with_restart chronyd.service + +%files +%doc COPYING NEWS README chrony.txt faq.txt examples/* +%config(noreplace) %{_sysconfdir}/chrony.conf +%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys +%config(noreplace) %{_sysconfdir}/logrotate.d/chrony +%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +%{_bindir}/chronyc +%{_sbindir}/chronyd +%{_libexecdir}/chrony-helper +%{_infodir}/chrony.info* +%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_unitdir}/chrony*.service +%{_mandir}/man[158]/%{name}*.[158]* +%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift +%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc +%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony + +%changelog +* Thu Oct 03 2013 Miroslav Lichvar 1.29-2 +- add ordering dependency to not start chronyd before ntpd stopped (#1011968) + +* Fri Aug 09 2013 Miroslav Lichvar 1.29-1 +- update to 1.29 (#995373, CVE-2012-4502, CVE-2012-4503) + +* Wed Jul 17 2013 Miroslav Lichvar 1.28-1 +- update to 1.28 +- change default makestep limit to 10 seconds + +* Mon Jun 24 2013 Miroslav Lichvar 1.28-0.2.pre1 +- buildrequire systemd-units + +* Fri Jun 21 2013 Miroslav Lichvar 1.28-0.1.pre1 +- update to 1.28-pre1 +- listen for commands only on localhost by default + +* Thu May 09 2013 Miroslav Lichvar 1.27-3 +- disable chrony-wait service by default (#961047) +- drop old systemd scriptlets +- don't own ntp-units.d directory +- move files from /lib +- remove unncessary dependency on syslog target + +* Tue Mar 12 2013 Miroslav Lichvar 1.27-2 +- suppress error messages from tr when generating key (#907914) +- fix delta calculation with extreme frequency offsets + +* Fri Feb 01 2013 Miroslav Lichvar 1.27-1 +- update to 1.27 +- start chrony-wait service with chronyd +- start chronyd service after sntp +- remove obsolete macros + +* Tue Sep 11 2012 Miroslav Lichvar 1.27-0.5.pre1.git1ca844 +- update to git snapshot 1ca844 +- update systemd integration (#846303) +- use systemd macros if available (#850151) +- use correct vendor pool.ntp.org zone on RHEL (#845981) +- don't log output of chrony-wait service + +* Wed Jul 18 2012 Fedora Release Engineering - 1.27-0.4.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Apr 27 2012 Miroslav Lichvar 1.27-0.3.pre1 +- update service file for systemd-timedated-ntp target (#816493) + +* Fri Apr 06 2012 Miroslav Lichvar 1.27-0.2.pre1 + use systemctl is-active instead of status in chrony-helper (#794771) + +* Tue Feb 28 2012 Miroslav Lichvar 1.27-0.1.pre1 +- update to 1.27-pre1 +- generate SHA1 command key instead of MD5 + +* Wed Feb 15 2012 Miroslav Lichvar 1.26-6.20110831gitb088b7 +- remove old servers on DHCP update (#787042) + +* Fri Feb 10 2012 Miroslav Lichvar 1.26-5.20110831gitb088b7 +- improve chrony-helper to keep track of servers added from DHCP (#787042) +- fix dhclient script to always return with zero exit code (#767859) + +* Thu Jan 12 2012 Fedora Release Engineering - 1.26-4.20110831gitb088b7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Sep 06 2011 Miroslav Lichvar 1.26-3.20110831gitb088b7 +- update to git snapshot 20110831gitb088b7 +- on first start generate password with 16 chars +- change systemd service type to forking +- add forced-command to chrony-helper (#735821) + +* Mon Aug 15 2011 Miroslav Lichvar 1.26-2 +- fix iburst with very high jitters and long delays +- use timepps header from pps-tools-devel + +* Wed Jul 13 2011 Miroslav Lichvar 1.26-1 +- update to 1.26 +- read options from sysconfig file if it exists + +* Fri Jun 24 2011 Miroslav Lichvar 1.26-0.1.pre1 +- update to 1.26-pre1 +- fix service name in %%triggerun +- drop SysV init script +- add chrony-wait service + +* Fri May 06 2011 Bill Nottingham 1.25-2 +- fix systemd scriptlets for the upgrade case + +* Wed May 04 2011 Miroslav Lichvar 1.25-1 +- update to 1.25 + +* Wed Apr 20 2011 Miroslav Lichvar 1.25-0.3.pre2 +- update to 1.25-pre2 +- link with -Wl,-z,relro,-z,now options + +* Tue Feb 08 2011 Fedora Release Engineering - 1.25-0.2.pre1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Feb 01 2011 Miroslav Lichvar 1.25-0.1.pre1 +- update to 1.25-pre1 +- use iburst, four pool servers, rtcsync, stratumweight in default config +- add systemd support +- drop sysconfig file +- suppress install-info errors + +* Thu Apr 29 2010 Miroslav Lichvar 1.24-4.20100428git73d775 +- update to 20100428git73d775 +- replace initstepslew directive with makestep in default config +- add NetworkManager dispatcher script +- add dhclient script +- retry server/peer name resolution at least once to workaround + NetworkManager race condition on boot +- don't verify chrony.keys + +* Fri Mar 12 2010 Miroslav Lichvar 1.24-3.20100302git5fb555 +- update to snapshot 20100302git5fb555 +- compile with PPS API support + +* Thu Feb 04 2010 Miroslav Lichvar 1.24-1 +- update to 1.24 (#555367, CVE-2010-0292 CVE-2010-0293 CVE-2010-0294) +- modify default config + - step clock on start if it is off by more than 100 seconds + - disable client log +- build with -fPIE on sparc + +* Tue Dec 15 2009 Miroslav Lichvar 1.24-0.1.pre1 +- update to 1.24-pre1 + +* Fri Jul 24 2009 Fedora Release Engineering - 1.23-7.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Fri Jul 17 2009 Miroslav Lichvar 1.23-6.20081106gitbe42b4 +- switch to editline +- support arbitrary chronyc commands in init script + +* Mon Jun 08 2009 Dan Horak 1.23-5.20081106gitbe42b4 +- add patch with support for s390/s390x + +* Mon Mar 09 2009 Miroslav Lichvar 1.23-4.20081106gitbe42b4 +- fix building with broken libcap header (#483548) + +* Mon Feb 23 2009 Fedora Release Engineering - 1.23-3.20081106gitbe42b4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Wed Nov 19 2008 Miroslav Lichvar 1.23-2.20081106gitbe42b4 +- fix info uninstall +- generate random command key in init script +- support cyclelogs, online, offline commands in init script +- add logrotate script + +* Tue Nov 11 2008 Miroslav Lichvar 1.23-1.20081106gitbe42b4 +- initial release