diff --git a/chrony-nm-dispatcher-dhcp.patch b/chrony-nm-dispatcher-dhcp.patch index 23087d6..d424737 100644 --- a/chrony-nm-dispatcher-dhcp.patch +++ b/chrony-nm-dispatcher-dhcp.patch @@ -1,3 +1,146 @@ +commit 5bd13c8d593a74ad168057efe94dd2b3aeeffe14 +Author: Miroslav Lichvar +Date: Mon Feb 7 13:27:25 2022 +0100 + + examples: support DHCPv6 NTP servers in NM dispatcher script + + Latest NetworkManager code provides NTP servers from the DHCPv6 NTP + option (RFC 5908) in the DHCP6_DHCP6_NTP_SERVERS variable to dispatcher + scripts. + + Check for invalid characters (which can come from the FQDN suboption) + and include the servers in the interface-specific sources file. + +diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp +index 6ea4c370..4454f037 100644 +--- a/examples/chrony.nm-dispatcher.dhcp ++++ b/examples/chrony.nm-dispatcher.dhcp +@@ -1,8 +1,7 @@ + #!/bin/sh + # This is a NetworkManager dispatcher script for chronyd to update +-# its NTP sources passed from DHCP options. Note that this script is +-# specific to NetworkManager-dispatcher due to use of the +-# DHCP4_NTP_SERVERS environment variable. ++# its NTP sources with servers from DHCP options passed by NetworkManager ++# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables. + + export LC_ALL=C + +@@ -10,17 +9,19 @@ interface=$1 + action=$2 + + chronyc=/usr/bin/chronyc +-default_server_options=iburst ++server_options=iburst + server_dir=/var/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources +-# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. +-nm_dhcp_servers=$DHCP4_NTP_SERVERS ++dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" + + add_servers_from_dhcp() { + rm -f "$dhcp_server_file" +- for server in $nm_dhcp_servers; do +- echo "server $server $default_server_options" >> "$dhcp_server_file" ++ for server in $dhcp_ntp_servers; do ++ # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) ++ printf '%s\n' "$server" | grep -E -q '^[-A-Za-z0-9:.]{1,255}$' || continue ++ ++ printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file" + done + $chronyc reload sources > /dev/null 2>&1 || : + } +@@ -34,10 +35,11 @@ clear_servers_from_dhcp() { + + mkdir -p $server_dir + +-if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then +- add_servers_from_dhcp +-elif [ "$action" = "down" ]; then +- clear_servers_from_dhcp +-fi ++case "$action" in ++ up|dhcp4-change|dhcp6-change) ++ add_servers_from_dhcp;; ++ down) ++ clear_servers_from_dhcp;; ++esac + + exit 0 + +commit e55f174bd3a7ae82fb24afd43443d0b55d5536cf +Author: Miroslav Lichvar +Date: Mon Feb 7 13:27:48 2022 +0100 + + examples: handle more actions in NM dispatcher script + + Run the chronyc onoffline command also when the connectivity-change + and dhcp6-change actions are reported by the NetworkManager dispatcher. + + The latter should not be necessary, but there currently doesn't seem to + be any action for IPv6 becoming routable after duplicate address + detection, so at least in networks using DHCPv6, IPv6 NTP servers should + not be stuck in the offline state from a previously reported action. + +diff --git a/examples/chrony.nm-dispatcher.onoffline b/examples/chrony.nm-dispatcher.onoffline +index 34cfa0db..01e6fdb1 100644 +--- a/examples/chrony.nm-dispatcher.onoffline ++++ b/examples/chrony.nm-dispatcher.onoffline +@@ -7,8 +7,18 @@ export LC_ALL=C + + chronyc=/usr/bin/chronyc + +-# For NetworkManager consider only up/down events +-[ $# -ge 2 ] && [ "$2" != "up" ] && [ "$2" != "down" ] && exit 0 ++# For NetworkManager consider only selected events ++if [ $# -ge 2 ]; then ++ case "$2" in ++ up|down|connectivity-change) ++ ;; ++ dhcp6-change) ++ # No other action is reported for routable IPv6 ++ ;; ++ *) ++ exit 0;; ++ esac ++fi + + # Note: for networkd-dispatcher routable.d ~= on and off.d ~= off + +commit fca8966adaaf8376536af86ba2afe02501463588 +Author: Miroslav Lichvar +Date: Wed Mar 23 15:17:03 2022 +0100 + + examples: replace grep command in NM dispatcher script + + Some grep implementations detect binary data and return success without + matching whole line. This might be an issue for the DHCPv6 NTP FQDN + check. The GNU grep in the C locale seems to check only for the NUL + character, which cannot be passed in an environment variable, but other + implementations might behave differently and there doesn't seem to be a + portable way to force matching the whole line. + + Instead of the grep command, check for invalid characters by comparing + the length of the input passed through "tr -d -c". + +diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp +index 4454f037..547ce83f 100644 +--- a/examples/chrony.nm-dispatcher.dhcp ++++ b/examples/chrony.nm-dispatcher.dhcp +@@ -19,7 +19,11 @@ add_servers_from_dhcp() { + rm -f "$dhcp_server_file" + for server in $dhcp_ntp_servers; do + # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) +- printf '%s\n' "$server" | grep -E -q '^[-A-Za-z0-9:.]{1,255}$' || continue ++ len1=$(printf '%s' "$server" | wc -c) ++ len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c) ++ if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then ++ continue ++ fi + + printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file" + done From: Robert Fairley Date: Wed, 17 Jun 2020 10:14:19 -0400 Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig @@ -11,33 +154,29 @@ diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher. index 6ea4c37..a6ad35a 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp -@@ -6,16 +6,24 @@ - - chronyc=/usr/bin/chronyc - default_server_options=iburst --server_dir=/var/run/chrony-dhcp -+server_dir=/run/chrony-dhcp - - dhcp_server_file=$server_dir/$interface.sources - # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. - nm_dhcp_servers=$DHCP4_NTP_SERVERS +@@ -8,15 +8,23 @@ export LC_ALL=C + interface=$1 + action=$2 +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network +[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ + . /etc/sysconfig/network-scripts/ifcfg-"${interface}" + + chronyc=/usr/bin/chronyc +-server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_options=${NTPSERVERARGS:-iburst} ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" + add_servers_from_dhcp() { rm -f "$dhcp_server_file" + + # Don't add NTP servers if PEERNTP=no specified; return early. + [ "$PEERNTP" = "no" ] && return + - for server in $nm_dhcp_servers; do -- echo "server $server $default_server_options" >> "$dhcp_server_file" -+ echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file" - done - $chronyc reload sources > /dev/null 2>&1 || : - } --- -2.29.2 - + for server in $dhcp_ntp_servers; do + # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) + len1=$(printf '%s' "$server" | wc -c) diff --git a/chrony.spec b/chrony.spec index 129f878..b426498 100644 --- a/chrony.spec +++ b/chrony.spec @@ -22,7 +22,7 @@ Source3: chrony.dhclient Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} -# add distribution-specific bits to DHCP dispatcher +# add IPv6 support and distribution-specific bits to DHCP dispatcher Patch1: chrony-nm-dispatcher-dhcp.patch # update seccomp filter for new glibc Patch2: chrony-seccomp.patch @@ -70,8 +70,8 @@ md5sum -c <<-EOF | (! grep -v 'OK$') 2d01b94bc1a7b7fb70cbee831488d121 examples/chrony.conf.example2 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - a7054c9352c07384bd7ea0477e6e8a8c examples/chrony.nm-dispatcher.dhcp - 8f5a98fcb400a482d355b929d04b5518 examples/chrony.nm-dispatcher.onoffline + c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp + 2b81c60c020626165ac655b2633608eb examples/chrony.nm-dispatcher.onoffline 619dd00009ea312c7201beefde10341a examples/chronyd.service EOF