- initial release

.cvsignore

@@ -0,0 +1 @@
+chrony-1.23.tar.gz

chrony-1.23-gethost.patch

@@ -0,0 +1,25 @@
+From f1a74e41b3b89771243294097ebd3472deb019f4 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Thu, 6 Nov 2008 17:35:22 +0100
+Subject: [PATCH] Fix resolving IP addresses into names on 64-bit big endian machines
+
+---
+ nameserv.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/nameserv.c b/nameserv.c
+index f509dfb..dd610df 100644
+--- a/nameserv.c
++++ b/nameserv.c
+@@ -65,7 +65,7 @@ DNS_IPAddress2Name(unsigned long ip_addr)
+   struct hostent *host;
+   static char buffer[16];
+   unsigned int a, b, c, d;
+-  unsigned long addr;
++  uint32_t addr;
+ 
+   addr = htonl(ip_addr);
+   if (addr == 0UL) {
+-- 
+1.5.6.5
+

chrony-1.23-gitbe42b4.patch

@@ -0,0 +1,544 @@
+From 2f2446c7dc074b2d1728a5e3f7a600c10cea2425 Mon Sep 17 00:00:00 2001
+From: Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
+Date: Sat, 29 Mar 2008 20:49:59 +0000
+Subject: [PATCH] Fix for chronyc "sources" command on 64 bit machines
+
+(Taken from
+  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348412
+)
+
+Attached is a patchlet to make the "sources" command of chrony output properly
+signed numbers. The chronyd code (see e.g. ntp.h) properly uses int32_t and
+friends to get the right number of bits per datatype while client.c just uses
+short, int, long. But long will be 64 bit or 32 bit depending on the cpu.
+---
+ client.c |   20 +++++++++++++-------
+ 1 files changed, 13 insertions(+), 7 deletions(-)
+
+diff --git a/client.c b/client.c
+index b7e5bcb..85d6e84 100644
+--- a/client.c
++++ b/client.c
+@@ -45,6 +45,12 @@
+ #include <readline/history.h>
+ #endif
+ 
++#ifdef HAS_STDINT_H
++#include <stdint.h>
++#elif defined(HAS_INTTYPES_H)
++#include <inttypes.h>
++#endif
++
+ /* ================================================== */
+ 
+ static int sock_fd;
+@@ -1383,16 +1389,16 @@ process_cmd_sources(char *line)
+   int n_sources, i;
+   int verbose = 0;
+ 
+-  long orig_latest_meas, latest_meas, est_offset;
+-  unsigned long ip_addr;
+-  unsigned long latest_meas_err, est_offset_err;
+-  unsigned long latest_meas_ago;
+-  unsigned short poll, stratum;
+-  unsigned short state, mode;
++  int32_t orig_latest_meas, latest_meas, est_offset;
++  uint32_t ip_addr;
++  uint32_t latest_meas_err, est_offset_err;
++  uint32_t latest_meas_ago;
++  uint16_t poll, stratum;
++  uint16_t state, mode;
+   double resid_freq, resid_skew;
+   const char *dns_lookup;
+   char hostname_buf[32];
+-  unsigned short status;
++  uint16_t status;
+ 
+   /* Check whether to output verbose headers */
+   verbose = check_for_verbose_flag(line);
+-- 
+1.5.6.5
+
+From 71aa36aa6e5477be5ed9bc97954da19c5885c933 Mon Sep 17 00:00:00 2001
+From: Thomas Zajic <zlatko@zlatko.fdns.net>
+Date: Tue, 29 Jul 2008 23:35:42 +0100
+Subject: [PATCH] Fix IP addressing in chronyc
+
+Thomas wrote:
+I found a bug in the chrony client (chronyc) that affects its ability to talk
+to remote hosts over the control port (323/udp).
+
+For example, running "chronyc -h 192.168.1.3 sources -v" would just sit there
+and hang, and eventually timeout. I found out with tcpdump that chronyc
+actually tries to connect to 255.168.1.3 instead of 192.168.1.3.
+---
+ client.c |    8 ++++----
+ 1 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/client.c b/client.c
+index 85d6e84..66f297f 100644
+--- a/client.c
++++ b/client.c
+@@ -163,10 +163,10 @@ get_address(const char *hostname)
+     exit(1);
+   } else {
+     address0 = host->h_addr_list[0];
+-    result = ((((unsigned long) address0[0]) << 24) |
+-              (((unsigned long) address0[1]) << 16) |
+-              (((unsigned long) address0[2]) <<  8) |
+-              (((unsigned long) address0[3])));
++    result = ((((unsigned long) address0[0] & 0xff) << 24) |
++              (((unsigned long) address0[1] & 0xff) << 16) |
++              (((unsigned long) address0[2] & 0xff) <<  8) |
++              (((unsigned long) address0[3] & 0xff)));
+   }
+ 
+   return result;
+-- 
+1.5.6.5
+
+From bc0aaa9217d1ca85dbb0f7a5452a0705e7a28264 Mon Sep 17 00:00:00 2001
+From: John Hasler <john@dhh.gt.org>
+Date: Tue, 29 Apr 2008 12:40:15 -0500
+Subject: [PATCH] Fix fault where chronyd enters an endless loop on x86_64
+
+John writes:
+Here is a patch that should prevent the endless loop.  I've changed
+UTI_NormaliseTimeval() to use divide/remainder instead of a loop.  It also
+replaces some similar loops with calls to UTI_NormaliseTimeval() and fixes
+an unrelated bug in UTI_DiffTimevals().
+---
+ util.c |   38 +++++++++++---------------------------
+ 1 files changed, 11 insertions(+), 27 deletions(-)
+
+diff --git a/util.c b/util.c
+index 431be1e..d506ffd 100644
+--- a/util.c
++++ b/util.c
+@@ -87,15 +87,17 @@ UTI_CompareTimevals(struct timeval *a, struct timeval *b)
+ INLINE_STATIC void
+ UTI_NormaliseTimeval(struct timeval *x)
+ {
+-  while (x->tv_usec >= 1000000) {
+-    ++x->tv_sec;
+-    x->tv_usec -= 1000000;
++  /* Reduce tv_usec to within +-1000000 of zero. JGH */
++  if ((x->tv_usec >= 1000000) || (x->tv_usec <= -1000000)) {
++    x->tv_sec += x->tv_usec/1000000;
++    x->tv_usec = x->tv_usec%1000000;
+   }
+ 
+-  while (x->tv_usec < 0) {
++  /* Make tv_usec positive. JGH */
++   if (x->tv_usec < 0) {
+     --x->tv_sec;
+     x->tv_usec += 1000000;
+-  }
++ }
+ 
+ }
+ 
+@@ -110,17 +112,9 @@ UTI_DiffTimevals(struct timeval *result,
+   result->tv_usec = a->tv_usec - b->tv_usec;
+ 
+   /* Correct microseconds field to bring it into the range
+-     [0,1000000) */
++     (0,1000000) */
+ 
+-  while (result->tv_usec < 0) {
+-    result->tv_usec += 1000000;
+-    --result->tv_sec;
+-  }
+-
+-  while (result->tv_usec > 999999) {
+-    result->tv_usec -= 1000000;
+-    ++result->tv_sec;
+-  }
++  UTI_NormaliseTimeval(result); /* JGH */
+ 
+   return;
+ }
+@@ -191,7 +185,7 @@ UTI_AverageDiffTimevals (struct timeval *earlier,
+   }
+ 
+   tvhalf.tv_sec = tvdiff.tv_sec / 2;
+-  tvhalf.tv_usec = tvdiff.tv_usec / 2 + (tvdiff.tv_sec % 2);
++  tvhalf.tv_usec = tvdiff.tv_usec / 2 + (tvdiff.tv_sec % 2) * 500000; /* JGH */
+   
+   average->tv_sec  = earlier->tv_sec  + tvhalf.tv_sec;
+   average->tv_usec = earlier->tv_usec + tvhalf.tv_usec;
+@@ -199,17 +193,7 @@ UTI_AverageDiffTimevals (struct timeval *earlier,
+   /* Bring into range */
+   UTI_NormaliseTimeval(average);
+ 
+-  while (average->tv_usec >= 1000000) {
+-    ++average->tv_sec;
+-    average->tv_usec -= 1000000;
+-  }
+-
+-  while (average->tv_usec < 0) {
+-    --average->tv_sec;
+-    average->tv_usec += 1000000;
+-  }
+-
+-}
++ }
+ 
+ /* ================================================== */
+ 
+-- 
+1.5.6.5
+
+From 8336f14680f59340ad1f6d01910cb9f307de9443 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Wed, 5 Nov 2008 23:48:58 +0000
+Subject: [PATCH] Fix errors detected by valgrind
+
+I tried running chronyd in valgrind and the result was that there are four
+places where memory is not initialized. A patch fixing the errors is in the
+attachment.
+---
+ cmdmon.c      |    4 +++-
+ ntp_core.c    |    3 +++
+ sourcestats.c |    8 ++++++--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/cmdmon.c b/cmdmon.c
+index e88d7c3..819977c 100644
+--- a/cmdmon.c
++++ b/cmdmon.c
+@@ -166,7 +166,7 @@ CAM_Initialise(void)
+   int port_number;
+   struct sockaddr_in my_addr;
+   unsigned long bind_address;
+-  int on_off;
++  int on_off = 1;
+ 
+   if (initialised) {
+     CROAK("Shouldn't be initialised");
+@@ -1631,11 +1631,13 @@ read_from_cmd_socket(void *anything)
+   tx_message.reply = htons(RPY_NULL);
+   tx_message.number = htons(1);
+   tx_message.total = htons(1);
++  tx_message.pad1 = 0;
+   tx_message.utoken = htonl(utoken);
+   /* Set this to a default (invalid) value.  This protects against the
+      token field being set to an arbitrary value if we reject the
+      message, e.g. due to the host failing the access check. */
+   tx_message.token = htonl(0xffffffffUL);
++  memset(&tx_message.auth, 0, sizeof(tx_message.auth));
+ 
+   remote_ip = ntohl(where_from.sin_addr.s_addr);
+   remote_port = ntohs(where_from.sin_port);
+diff --git a/ntp_core.c b/ntp_core.c
+index 60d433c..8dfd6cf 100644
+--- a/ntp_core.c
++++ b/ntp_core.c
+@@ -300,6 +300,9 @@ create_instance(NTP_Remote_Address *remote_addr, NTP_Mode mode, SourceParameters
+ 
+   result->tx_count = 0;
+ 
++  result->remote_orig.hi = 0;
++  result->remote_orig.lo = 0;
++
+   result->score = 0;
+ 
+   if (params->online) {
+diff --git a/sourcestats.c b/sourcestats.c
+index 163a2eb..564eb3a 100644
+--- a/sourcestats.c
++++ b/sourcestats.c
+@@ -721,8 +721,12 @@ SST_PredictOffset(SST_Stats inst, struct timeval *when)
+   if (inst->n_samples < 3) {
+     /* We don't have any useful statistics, and presumably the poll
+        interval is minimal.  We can't do any useful prediction other
+-       than use the latest sample */
+-    return inst->offsets[inst->n_samples - 1];
++       than use the latest sample or zero if we don't have any samples */
++    if (inst->n_samples > 0) {
++      return inst->offsets[inst->n_samples - 1];
++    } else {
++      return 0.0;
++    }
+   } else {
+     UTI_DiffTimevalsToDouble(&elapsed, when, &inst->offset_time);
+     return inst->estimated_offset + elapsed * inst->estimated_frequency;
+-- 
+1.5.6.5
+
+From be42b4eeea268d1eaee25423fabe3a46836f5b08 Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Wed, 5 Nov 2008 23:50:48 +0000
+Subject: [PATCH] Linux capabilities support
+
+Attached is a patch adding a linux capabilities support to chronyd. It
+adds -u option which can be used to specify the user which chronyd
+should switch to.
+---
+ chrony.texi |    3 +++
+ chronyd.8   |    4 ++++
+ configure   |    9 +++++++++
+ main.c      |   20 ++++++++++++++------
+ sys.c       |    8 ++++++++
+ sys.h       |    3 +++
+ sys_linux.c |   52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
+ sys_linux.h |    2 ++
+ 8 files changed, 95 insertions(+), 6 deletions(-)
+
+diff --git a/chrony.texi b/chrony.texi
+index 909a0cc..045f02c 100644
+--- a/chrony.texi
++++ b/chrony.texi
+@@ -1089,6 +1089,9 @@ to work well, it relies on @code{chronyd} having been able to determine
+ accurate statistics for the difference between the real time clock and
+ system clock last time the computer was on.
+ 
++@item -u <user>
++When this option is used, chronyd will drop root privileges to the specified
++user.  So far, it works only on Linux when compiled with capabilities support.
+ @item -v
+ This option displays @code{chronyd's} version number to the terminal and
+ exits.
+diff --git a/chronyd.8 b/chronyd.8
+index 78fbe17..dfc4004 100644
+--- a/chronyd.8
++++ b/chronyd.8
+@@ -79,6 +79,10 @@ been able to determine accurate statistics for the difference
+ between the real time clock and system clock last time the
+ computer was on.
+ .TP
++\fB\-u\fR \fIuser\fR
++When this option is used, chronyd will drop root privileges to the specified
++user.  So far, it works only on Linux when compiled with capabilities support.
++.TP
+ .B \-v
+ This option displays \fBchronyd\fR's version number to the terminal and exits
+ 
+diff --git a/configure b/configure
+index 2bb2ac0..9027b85 100755
+--- a/configure
++++ b/configure
+@@ -134,6 +134,7 @@ For better control, use the options below.
+   --readline-lib-dir=DIR Specify where readline lib directory is
+   --with-ncurses-library=DIR Specify where ncurses lib directory is
+   --disable-rtc          Don't include RTC even on Linux
++  --enable-linuxcaps     Enable Linux capabilities support
+ 
+ Fine tuning of the installation directories:
+   --infodir=DIR          info documentation [PREFIX/info]
+@@ -174,6 +175,7 @@ SYSDEFS=""
+ # Support for readline (on by default)
+ feat_readline=1
+ feat_rtc=1
++feat_linuxcaps=0
+ readline_lib=""
+ readline_inc=""
+ ncurses_lib=""
+@@ -211,6 +213,9 @@ do
+     --disable-rtc)
+       feat_rtc=0
+     ;;
++    --enable-linuxcaps)
++      feat_linuxcaps=1
++    ;;
+     --help | -h )
+       usage
+       exit 0
+@@ -248,6 +253,10 @@ case $SYSTEM in
+             EXTRA_OBJECTS+=" rtc_linux.o"
+             EXTRA_DEFS+=" -DFEAT_RTC=1"
+         fi
++        if [ $feat_linuxcaps -eq 1 ] ; then
++            EXTRA_DEFS+=" -DFEAT_LINUXCAPS=1"
++            EXTRA_LIBS="-lcap"
++        fi
+         SYSDEFS="-DLINUX"
+         echo "Configuring for " $SYSTEM
+         if [ "${MACHINE}" = "alpha" ]; then
+diff --git a/main.c b/main.c
+index 18312e0..ba6e4a9 100644
+--- a/main.c
++++ b/main.c
+@@ -83,19 +83,19 @@ MAI_CleanupAndExit(void)
+     SRC_DumpSources();
+   }
+ 
+-  RTC_Finalise();
+   MNL_Finalise();
+   ACQ_Finalise();
+-  CAM_Finalise();
+   KEY_Finalise();
+   CLG_Finalise();
+-  NIO_Finalise();
+   NSR_Finalise();
+   NCR_Finalise();
+   BRD_Finalise();
+   SRC_Finalise();
+   SST_Finalise();
+   REF_Finalise();
++  RTC_Finalise();
++  CAM_Finalise();
++  NIO_Finalise();
+   SYS_Finalise();
+   SCH_Finalise();
+   LCL_Finalise();
+@@ -206,6 +206,7 @@ int main
+ (int argc, char **argv)
+ {
+   char *conf_file = NULL;
++  char *user = NULL;
+   int debug = 0;
+   int do_init_rtc = 0;
+   int other_pid;
+@@ -220,6 +221,9 @@ int main
+       conf_file = *argv;
+     } else if (!strcmp("-r", *argv)) {
+       reload = 1;
++    } else if (!strcmp("-u", *argv)) {
++      ++argv, --argc;
++      user = *argv;
+     } else if (!strcmp("-s", *argv)) {
+       do_init_rtc = 1;
+     } else if (!strcmp("-v", *argv) || !strcmp("--version",*argv)) {
+@@ -269,19 +273,23 @@ int main
+   LCL_Initialise();
+   SCH_Initialise();
+   SYS_Initialise();
++  NIO_Initialise();
++  CAM_Initialise();
++  RTC_Initialise();
++
++  if (user)
++    SYS_DropRoot(user);
++
+   REF_Initialise();
+   SST_Initialise();
+   SRC_Initialise();
+   BRD_Initialise();
+   NCR_Initialise();
+   NSR_Initialise();
+-  NIO_Initialise();
+   CLG_Initialise();
+   KEY_Initialise();
+-  CAM_Initialise();
+   ACQ_Initialise();
+   MNL_Initialise();
+-  RTC_Initialise();
+ 
+   /* From now on, it is safe to do finalisation on exit */
+   initialised = 1;
+diff --git a/sys.c b/sys.c
+index 9052cf7..048ba4d 100644
+--- a/sys.c
++++ b/sys.c
+@@ -97,6 +97,14 @@ SYS_Finalise(void)
+ }
+ 
+ /* ================================================== */
++
++void SYS_DropRoot(char *user)
++{
++#if defined(LINUX) && defined (FEAT_LINUXCAPS)
++  SYS_Linux_DropRoot(user);
++#endif
++}
++
+ /* ================================================== */
+ /* ================================================== */
+ 
+diff --git a/sys.h b/sys.h
+index 973da42..50b8e46 100644
+--- a/sys.h
++++ b/sys.h
+@@ -39,4 +39,7 @@ extern void SYS_Initialise(void);
+ /* Called at the end of the run to do final clean-up */
+ extern void SYS_Finalise(void);
+ 
++/* Drop root privileges to the specified user */
++extern void SYS_DropRoot(char *user);
++
+ #endif /* GOT_SYS_H */
+diff --git a/sys_linux.c b/sys_linux.c
+index 137e55b..65eb563 100644
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -39,6 +39,14 @@
+ #include <assert.h>
+ #include <sys/utsname.h>
+ 
++#ifdef FEAT_LINUXCAPS
++#include <sys/types.h>
++#include <pwd.h>
++#include <sys/prctl.h>
++#include <sys/capability.h>
++#include <grp.h>
++#endif
++
+ #include "localp.h"
+ #include "sys_linux.h"
+ #include "sched.h"
+@@ -831,6 +839,50 @@ SYS_Linux_GetKernelVersion(int *major, int *minor, int *patchlevel)
+ 
+ /* ================================================== */
+ 
++#ifdef FEAT_LINUXCAPS
++void
++SYS_Linux_DropRoot(char *user)
++{
++  struct passwd *pw;
++  cap_t cap;
++
++  if (user == NULL)
++    return;
++
++  if ((pw = getpwnam(user)) == NULL) {
++    LOG_FATAL(LOGF_SysLinux, "getpwnam(%s) failed", user);
++  }
++
++  if (prctl(PR_SET_KEEPCAPS, 1)) {
++    LOG_FATAL(LOGF_SysLinux, "prcap() failed");
++  }
++  
++  if (setgroups(0, NULL)) {
++    LOG_FATAL(LOGF_SysLinux, "setgroups() failed");
++  }
++
++  if (setgid(pw->pw_gid)) {
++    LOG_FATAL(LOGF_SysLinux, "setgid(%d) failed", pw->pw_gid);
++  }
++
++  if (setuid(pw->pw_uid)) {
++    LOG_FATAL(LOGF_SysLinux, "setuid(%d) failed", pw->pw_uid);
++  }
++
++  if ((cap = cap_from_text("cap_sys_time=ep")) == NULL) {
++    LOG_FATAL(LOGF_SysLinux, "cap_from_text() failed");
++  }
++
++  if (cap_set_proc(cap)) {
++    LOG_FATAL(LOGF_SysLinux, "cap_set_proc() failed");
++  }
++
++  LOG(LOGS_INFO, LOGF_SysLinux, "Privileges dropped to user %s", user);
++}
++#endif
++
++/* ================================================== */
++
+ #endif /* LINUX */
+ 
+ /* vim:ts=8
+diff --git a/sys_linux.h b/sys_linux.h
+index a17e51e..53639a5 100644
+--- a/sys_linux.h
++++ b/sys_linux.h
+@@ -37,4 +37,6 @@ extern void SYS_Linux_Finalise(void);
+ 
+ extern void SYS_Linux_GetKernelVersion(int *major, int *minor, int *patchlevel);
+ 
++extern void SYS_Linux_DropRoot(char *user);
++
+ #endif  /* GOT_SYS_LINUX_H */
+-- 
+1.5.6.5
+

chrony-1.23-ppc.patch

@@ -0,0 +1,12 @@
+diff -up chrony-1.23/io_linux.h.ppc chrony-1.23/io_linux.h
+--- chrony-1.23/io_linux.h.ppc	2007-12-02 15:53:09.000000000 +0100
++++ chrony-1.23/io_linux.h	2008-11-05 19:23:53.000000000 +0100
+@@ -16,7 +16,7 @@
+ #define CHRONY_IOC_WRITE	1U
+ #define CHRONY_IOC_READ	2U
+ 
+-#elif defined(__alpha__) || defined(__sparc__) || defined(__ppc__) || defined(__ppc64__) || defined(__sparc64__)
++#elif defined(__alpha__) || defined(__sparc__) || defined(__ppc__) || defined(__ppc64__) || defined(__sparc64__) || defined(__PPC__)
+ #define CHRONY_IOC_NRBITS	8
+ #define CHRONY_IOC_TYPEBITS	8
+ #define CHRONY_IOC_SIZEBITS	13

chrony-1.23-res.patch

@@ -0,0 +1,115 @@
+commit 0148ecaea08691537f51c0aea9c3387cd1d34745
+Author: Miroslav Lichvar <mlichvar@redhat.com>
+Date:   Mon Nov 10 14:42:41 2008 +0100
+
+    Retry name resolving after temporary failure few times before giving up
+    
+    This is a temporary fix to allow starting when resolv.conf is not ready yet
+    (e.g. when using NetworkManager). It may delay start up to 1022 seconds.
+
+diff --git a/cmdparse.c b/cmdparse.c
+index 7acc44c..e09db45 100644
+--- a/cmdparse.c
++++ b/cmdparse.c
+@@ -61,7 +61,7 @@ CPS_ParseNTPSourceAdd(const char *line, CPS_NTP_Source *src)
+   
+   ok = 0;
+   if (sscanf(line, "%" SMAXLEN "s%n", hostname, &n) == 1) {
+-    src->ip_addr = DNS_Name2IPAddress(hostname);
++    src->ip_addr = DNS_Name2IPAddressRetry(hostname);
+     if (src->ip_addr != DNS_Failed_Address) {
+       ok = 1;
+     }
+diff --git a/conf.c b/conf.c
+index e34927e..8e6c1d9 100644
+--- a/conf.c
++++ b/conf.c
+@@ -584,7 +584,7 @@ parse_initstepslew(const char *line)
+   }
+   while (*p) {
+     if (sscanf(p, "%" SHOSTNAME_LEN "s%n", hostname, &n) == 1) {
+-      ip_addr = DNS_Name2IPAddress(hostname);
++      ip_addr = DNS_Name2IPAddressRetry(hostname);
+       if (ip_addr != DNS_Failed_Address) {
+         init_srcs_ip[n_init_srcs] = ip_addr;
+         ++n_init_srcs;
+@@ -746,7 +746,7 @@ parse_allow_deny(const char *line, AllowDeny *list, int allow)
+       }
+ 
+     } else {
+-      ip_addr = DNS_Name2IPAddress(p);
++      ip_addr = DNS_Name2IPAddressRetry(p);
+       if (ip_addr != DNS_Failed_Address) {
+         new_node = MallocNew(AllowDeny);
+         new_node->allow = allow;
+diff --git a/nameserv.c b/nameserv.c
+index dd610df..9a25254 100644
+--- a/nameserv.c
++++ b/nameserv.c
+@@ -32,18 +32,28 @@
+ #include "sysincl.h"
+ 
+ #include "nameserv.h"
++#include <resolv.h>
+ 
+ /* ================================================== */
+ 
+-unsigned long
+-DNS_Name2IPAddress(const char *name)
++static unsigned int retries = 0;
++
++static unsigned long
++Name2IPAddress(const char *name, int retry)
+ {
+   struct hostent *host;
+   unsigned char *address0;
+   unsigned long result;
+ 
++try_again:
+   host = gethostbyname(name);
+   if (host == NULL) {
++    if (retry && h_errno == TRY_AGAIN && retries < 10) {
++      sleep(2 << retries);
++      retries++;
++      res_init();
++      goto try_again;
++    }
+     result = DNS_Failed_Address;
+   } else {
+     address0 = host->h_addr_list[0];
+@@ -54,7 +64,22 @@ DNS_Name2IPAddress(const char *name)
+   }
+ 
+   return result;
++}
++
++/* ================================================== */
++
++unsigned long
++DNS_Name2IPAddress(const char *name)
++{
++  return Name2IPAddress(name, 0);
++}
+ 
++/* ================================================== */
++
++unsigned long
++DNS_Name2IPAddressRetry(const char *name)
++{
++  return Name2IPAddress(name, 1);
+ }
+ 
+ /* ================================================== */
+diff --git a/nameserv.h b/nameserv.h
+index e62f334..69ceef8 100644
+--- a/nameserv.h
++++ b/nameserv.h
+@@ -36,6 +36,8 @@ static const unsigned long DNS_Failed_Address = 0x0UL;
+ 
+ extern unsigned long DNS_Name2IPAddress(const char *name);
+ 
++extern unsigned long DNS_Name2IPAddressRetry(const char *name);
++
+ const char *DNS_IPAddress2Name(unsigned long ip_addr);
+ 
+ #endif /* GOT_NAMESERV_H */

chrony.conf

@@ -0,0 +1,25 @@
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
+server 0.fedora.pool.ntp.org
+server 1.fedora.pool.ntp.org
+server 2.fedora.pool.ntp.org
+ 
+driftfile /var/lib/chrony/drift
+
+# Allow client access from local network.
+#allow 192.168/16
+
+# Serve time even if not synchronized to any NTP server.
+#local stratum 10
+
+keyfile /etc/chrony.keys
+
+# Specify the key used as password for chronyc.
+commandkey 1
+
+# Send a message to syslog when chronyd has to correct
+# an error larger than 0.5 seconds.
+logchange 0.5
+
+logdir /var/log/chrony
+#log measurements statistics tracking

chrony.keys

@@ -0,0 +1 @@
+#1 a_key

chrony.logrotate

@@ -0,0 +1,8 @@
+/var/log/chrony/*.log {
+    missingok
+    nocreate
+    sharedscripts
+    postrotate
+        /sbin/service chronyd cyclelogs 2> /dev/null > /dev/null || true
+    endscript
+}

chrony.spec

@@ -0,0 +1,131 @@
+Name:           chrony
+Version:        1.23
+Release:        2.20081106gitbe42b4%{?dist}
+Summary:        An NTP client/server
+
+Group:          System Environment/Daemons
+License:        GPLv2
+URL:            http://chrony.sunsite.dk
+Source0:        http://chrony.sunsite.dk/download/chrony-%{version}.tar.gz
+Source1:        chrony.conf
+Source2:        chrony.keys
+Source3:        chronyd.sysconfig
+Source4:        chronyd.init
+Source5:        chrony.logrotate
+# taken from GNU tar-1.13 
+Source6:        getdate.y
+Patch1:         chrony-1.23-gitbe42b4.patch
+Patch2:         chrony-1.23-ppc.patch
+Patch3:         chrony-1.23-gethost.patch
+Patch4:         chrony-1.23-res.patch
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  libcap-devel readline-devel bison texinfo
+
+Requires(pre):  shadow-utils
+Requires(post): /sbin/chkconfig /sbin/install-info
+Requires(preun): /sbin/chkconfig /sbin/service /sbin/install-info
+Requires(postun): /sbin/service
+
+%description
+A client/server for the Network Time Protocol, this program keeps your
+computer's clock accurate. It was specially designed to support
+systems with dial-up Internet connections, and also supports computers
+in permanently connected environments. 
+
+%prep
+%setup -q
+cp -p %{SOURCE6} .
+%patch1 -p1
+%patch2 -p1 -b .ppc
+%patch3 -p1 -b .gethost
+%patch4 -p1 -b .res
+
+# don't link with ncurses
+sed -i 's|-lncurses||' configure
+
+%build
+bison -o getdate.c getdate.y
+
+export CFLAGS="$RPM_OPT_FLAGS -pie -fpie"
+# configure doesn't support --bindir --sbindir options, install manually
+./configure --enable-linuxcaps
+make %{?_smp_mflags} all docs
+
+%install
+rm -rf $RPM_BUILD_ROOT
+
+mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_sbindir}}
+mkdir -p $RPM_BUILD_ROOT{%{_infodir},%{_mandir}/man{1,5,8}}
+mkdir -p $RPM_BUILD_ROOT{%{_sysconfdir}/{sysconfig,logrotate.d},%{_initrddir}}
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony
+
+install -m 755 chronyc $RPM_BUILD_ROOT%{_bindir}
+install -m 755 chronyd $RPM_BUILD_ROOT%{_sbindir}
+install -m 644 -p -t $RPM_BUILD_ROOT%{_infodir} chrony.info*
+install -m 644 -p -t $RPM_BUILD_ROOT%{_mandir}/man1 chrony*.1
+install -m 644 -p -t $RPM_BUILD_ROOT%{_mandir}/man5 chrony*.5
+install -m 644 -p -t $RPM_BUILD_ROOT%{_mandir}/man8 chrony*.8
+
+install -m 644 -p %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf
+install -m 640 -p %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
+install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd
+install -m 755 -p %{SOURCE4} $RPM_BUILD_ROOT%{_initrddir}/chronyd
+install -m 644 -p %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony
+
+touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony
+getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \
+       -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony
+:
+
+%post
+/sbin/chkconfig --add chronyd
+/sbin/install-info  %{_infodir}/chrony.info.gz %{_infodir}/dir
+:
+
+%preun
+if [ "$1" -eq 0 ]; then
+        /sbin/service chronyd stop &> /dev/null
+        /sbin/chkconfig --del chronyd
+        /sbin/install-info --delete %{_infodir}/chrony.info.gz %{_infodir}/dir
+fi
+:
+
+%postun
+if [ "$1" -ge 1 ]; then
+        /sbin/service chronyd condrestart &> /dev/null
+fi
+:
+
+%files
+%defattr(-,root,root,-)
+%doc COPYING NEWS README chrony.txt faq.txt examples/*
+%config(noreplace) %{_sysconfdir}/chrony.conf
+%config(noreplace) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
+%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
+%config(noreplace) %{_sysconfdir}/logrotate.d/chrony
+%{_initrddir}/chronyd
+%{_bindir}/chronyc
+%{_sbindir}/chronyd
+%{_infodir}/chrony.info*
+%{_mandir}/man[158]/%{name}*.[158]*
+%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony
+%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift
+%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc
+%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony
+
+%changelog
+* Wed Nov 19 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-2.20081106gitbe42b4
+- fix info uninstall
+- generate random command key in init script
+- support cyclelogs, online, offline commands in init script
+- add logrotate script
+
+* Tue Nov 11 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-1.20081106gitbe42b4
+- initial release

chronyd.init

@@ -0,0 +1,158 @@
+#!/bin/bash
+#
+# chronyd <summary>
+#
+# chkconfig:   - 58 74
+# description: Client/server for the Network Time Protocol, \
+#              this program keeps your computer's clock accurate.
+
+### BEGIN INIT INFO
+# Provides: chronyd
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop: 
+# Should-Start: $syslog $named
+# Should-Stop: $syslog
+# Short-Description: NTP client/server
+# Description: Client/server for the Network Time Protocol,
+#              this program keeps your computer's clock accurate.
+### END INIT INFO
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+exec=/usr/sbin/chronyd
+prog=chronyd
+config=/etc/chrony.conf
+keyfile=/etc/chrony.keys
+chronyc=/usr/bin/chronyc
+
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+
+lockfile=/var/lock/subsys/$prog
+
+get_key() {
+    awk '/^[ \t]*'$1'\>/ { print $2; exit }' < $keyfile
+}
+
+get_commandkeyid() {
+    awk '/^[ \t]*commandkey\>/ { keyid=$2 } END { print keyid }' < $config
+}
+
+chrony_command() {
+    commandkeyid=$(get_commandkeyid)
+    [ -z "$commandkeyid" ] && return 1
+    commandkey=$(get_key $commandkeyid)
+    [ -z "$commandkey" ] && return 2
+
+    ! (
+        $chronyc <<EOF &
+password $commandkey
+$1
+EOF
+        chronycpid=$!
+
+        # chronyc will hang if the daemon doesn't respond, kill it after 3 s 
+        (sleep 3; kill $chronycpid) < /dev/null &> /dev/null &
+        killerpid=$!
+
+        wait $chronycpid &> /dev/null
+        kill $killerpid &> /dev/null || echo "chronyd not responding"
+    ) | grep -v '200 OK'
+}
+
+generate_commandkey() {
+    commandkeyid=$(get_commandkeyid)
+    [ -z "$commandkeyid" ] && return 1
+    commandkey=$(get_key $commandkeyid)
+    [ -z "$commandkey" ] || return 0
+
+    echo -n $"Generating chrony command key: "
+    commandkey=$(tr -c -d '[\041-\176]' < /dev/urandom | head -c 8)
+    [ -n "$commandkey" ] && echo "$commandkeyid $commandkey" >> $keyfile &&
+        success || failure
+    echo
+}
+
+start() {
+    [ "$NETWORKING" = "no" ] && exit 1
+    [ -x $exec ] || exit 5
+    [ -f $config ] || exit 6
+    generate_commandkey
+    echo -n $"Starting $prog: "
+    daemon $exec $OPTIONS
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc $prog
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    stop
+    start
+}
+
+reload() {
+    restart
+}
+
+force_reload() {
+    restart
+}
+
+rh_status() {
+    status $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+        restart
+        ;;
+    online|offline|cyclelogs)
+        rh_status_q || exit 7
+        chrony_command $1
+        ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|cyclelogs|online|offline}"
+        exit 2
+esac
+exit $?
+

chronyd.sysconfig

@@ -0,0 +1 @@
+OPTIONS="-u chrony"

import.log

@@ -0,0 +1 @@
+chrony-1_23-2_20081106gitbe42b4_fc10:HEAD:chrony-1.23-2.20081106gitbe42b4.fc10.src.rpm:1227530259

sources

@@ -0,0 +1 @@
+ffce77695e55d8efda19ab0b78309c23  chrony-1.23.tar.gz