Compare commits
No commits in common. "c10s" and "c8" have entirely different histories.
2
.chrony.metadata
Normal file
2
.chrony.metadata
Normal file
@ -0,0 +1,2 @@
|
||||
4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz
|
||||
e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz
|
@ -1 +0,0 @@
|
||||
1
|
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,3 +1,2 @@
|
||||
/chrony-4.6.1.tar.gz
|
||||
/chrony-4.6.1-tar-gz-asc.txt
|
||||
/clknetsim-40bb97.tar.gz
|
||||
SOURCES/chrony-4.5.tar.gz
|
||||
SOURCES/clknetsim-5d1dc0.tar.gz
|
56
SOURCES/chrony-cmac.patch
Normal file
56
SOURCES/chrony-cmac.patch
Normal file
@ -0,0 +1,56 @@
|
||||
commit 8eb5dd54efd13aa0209aea38dbad2a7904377f75
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Tue Sep 17 13:00:43 2024 +0200
|
||||
|
||||
configure: enable AES-CMAC using gnutls
|
||||
|
||||
Allow gnutls to be used for AES-CMAC when nettle doesn't support it
|
||||
without switching also hashing.
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index eefe5de8..0fb3aa38 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -937,14 +937,26 @@ if [ $feat_sechash = "1" ] && [ "x$HASH_LINK" = "x" ] && [ $try_gnutls = "1" ];
|
||||
HASH_LINK="$test_link"
|
||||
MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
|
||||
add_def FEAT_SECHASH
|
||||
+ fi
|
||||
+fi
|
||||
|
||||
- if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
|
||||
- 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
|
||||
- then
|
||||
- add_def HAVE_CMAC
|
||||
- EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
|
||||
- EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
|
||||
- fi
|
||||
+if [ $feat_sechash = "1" ] && [ $try_gnutls = "1" ] &&
|
||||
+ ! grep '#define HAVE_CMAC' config.h > /dev/null; then
|
||||
+ if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
|
||||
+ test_cflags=""
|
||||
+ test_link=""
|
||||
+ else
|
||||
+ test_cflags="`pkg_config --cflags gnutls`"
|
||||
+ test_link="`pkg_config --libs gnutls`"
|
||||
+ fi
|
||||
+ if test_code 'CMAC in gnutls' 'gnutls/crypto.h' "$test_cflags" "$test_link" \
|
||||
+ 'return gnutls_hmac_init((void *)1, GNUTLS_MAC_AES_CMAC_128, (void *)2, 0);'
|
||||
+ then
|
||||
+ add_def HAVE_CMAC
|
||||
+ EXTRA_OBJECTS="$EXTRA_OBJECTS cmac_gnutls.o"
|
||||
+ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS cmac_gnutls.o"
|
||||
+ LIBS="$LIBS $test_link"
|
||||
+ MYCPPFLAGS="$MYCPPFLAGS $test_cflags"
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -978,7 +990,7 @@ EXTRA_CLI_OBJECTS="$EXTRA_CLI_OBJECTS $HASH_OBJ"
|
||||
LIBS="$LIBS $HASH_LINK"
|
||||
|
||||
if [ $feat_ntp = "1" ] && [ $feat_nts = "1" ] && [ $try_gnutls = "1" ]; then
|
||||
- if [ "$HASH_OBJ" = "hash_gnutls.o" ]; then
|
||||
+ if echo "$HASH_OBJ $EXTRA_OBJECTS" | grep "_gnutls\.o" > /dev/null; then
|
||||
test_cflags=""
|
||||
test_link=""
|
||||
else
|
38
SOURCES/chrony-defconfig.patch
Normal file
38
SOURCES/chrony-defconfig.patch
Normal file
@ -0,0 +1,38 @@
|
||||
diff -up chrony-4.1/examples/chrony.conf.example2.defconfig chrony-4.1/examples/chrony.conf.example2
|
||||
--- chrony-4.1/examples/chrony.conf.example2.defconfig 2021-05-12 13:06:15.000000000 +0200
|
||||
+++ chrony-4.1/examples/chrony.conf.example2 2019-05-10 12:22:57.000000000 +0200
|
||||
@@ -1,5 +1,5 @@
|
||||
# Use public servers from the pool.ntp.org project.
|
||||
-# Please consider joining the pool (https://www.pool.ntp.org/join.html).
|
||||
+# Please consider joining the pool (http://www.pool.ntp.org/join.html).
|
||||
pool pool.ntp.org iburst
|
||||
|
||||
# Record the rate at which the system clock gains/losses time.
|
||||
@@ -25,18 +25,9 @@ rtcsync
|
||||
# Serve time even if not synchronized to a time source.
|
||||
#local stratum 10
|
||||
|
||||
-# Require authentication (nts or key option) for all NTP sources.
|
||||
-#authselectmode require
|
||||
-
|
||||
# Specify file containing keys for NTP authentication.
|
||||
#keyfile /etc/chrony.keys
|
||||
|
||||
-# Save NTS keys and cookies.
|
||||
-ntsdumpdir /var/lib/chrony
|
||||
-
|
||||
-# Insert/delete leap seconds by slewing instead of stepping.
|
||||
-#leapsecmode slew
|
||||
-
|
||||
# Get TAI-UTC offset and leap seconds from the system tz database.
|
||||
#leapsectz right/UTC
|
||||
|
||||
diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example
|
||||
--- chrony-4.5/examples/chrony.keys.example.keys 2023-12-05 14:22:10.000000000 +0100
|
||||
+++ chrony-4.5/examples/chrony.keys.example 2023-12-06 09:59:26.089508934 +0100
|
||||
@@ -11,5 +11,3 @@
|
||||
#1 MD5 AVeryLongAndRandomPassword
|
||||
#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
|
||||
#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
|
||||
-#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891
|
||||
-#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E
|
8
SOURCES/chrony-dnssrv@.service
Normal file
8
SOURCES/chrony-dnssrv@.service
Normal file
@ -0,0 +1,8 @@
|
||||
[Unit]
|
||||
Description=DNS SRV lookup of %I for chrony
|
||||
After=chronyd.service network-online.target
|
||||
Wants=network-online.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/libexec/chrony-helper update-dnssrv-servers %I
|
9
SOURCES/chrony-dnssrv@.timer
Normal file
9
SOURCES/chrony-dnssrv@.timer
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description=Periodic DNS SRV lookup of %I for chrony
|
||||
|
||||
[Timer]
|
||||
OnActiveSec=0
|
||||
OnUnitInactiveSec=1h
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
164
SOURCES/chrony-nm-dispatcher-dhcp.patch
Normal file
164
SOURCES/chrony-nm-dispatcher-dhcp.patch
Normal file
@ -0,0 +1,164 @@
|
||||
First, revert upstream changes since 4.2
|
||||
|
||||
diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
|
||||
index 547ce83f..6ea4c370 100644
|
||||
--- a/examples/chrony.nm-dispatcher.dhcp
|
||||
+++ b/examples/chrony.nm-dispatcher.dhcp
|
||||
@@ -1,7 +1,8 @@
|
||||
#!/bin/sh
|
||||
# This is a NetworkManager dispatcher script for chronyd to update
|
||||
-# its NTP sources with servers from DHCP options passed by NetworkManager
|
||||
-# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables.
|
||||
+# its NTP sources passed from DHCP options. Note that this script is
|
||||
+# specific to NetworkManager-dispatcher due to use of the
|
||||
+# DHCP4_NTP_SERVERS environment variable.
|
||||
|
||||
export LC_ALL=C
|
||||
|
||||
@@ -9,23 +10,17 @@ interface=$1
|
||||
action=$2
|
||||
|
||||
chronyc=/usr/bin/chronyc
|
||||
-server_options=iburst
|
||||
+default_server_options=iburst
|
||||
server_dir=/var/run/chrony-dhcp
|
||||
|
||||
dhcp_server_file=$server_dir/$interface.sources
|
||||
-dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"
|
||||
+# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
|
||||
+nm_dhcp_servers=$DHCP4_NTP_SERVERS
|
||||
|
||||
add_servers_from_dhcp() {
|
||||
rm -f "$dhcp_server_file"
|
||||
- for server in $dhcp_ntp_servers; do
|
||||
- # Check for invalid characters (from the DHCPv6 NTP FQDN suboption)
|
||||
- len1=$(printf '%s' "$server" | wc -c)
|
||||
- len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c)
|
||||
- if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then
|
||||
- continue
|
||||
- fi
|
||||
-
|
||||
- printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file"
|
||||
+ for server in $nm_dhcp_servers; do
|
||||
+ echo "server $server $default_server_options" >> "$dhcp_server_file"
|
||||
done
|
||||
$chronyc reload sources > /dev/null 2>&1 || :
|
||||
}
|
||||
@@ -39,11 +34,10 @@ clear_servers_from_dhcp() {
|
||||
|
||||
mkdir -p $server_dir
|
||||
|
||||
-case "$action" in
|
||||
- up|dhcp4-change|dhcp6-change)
|
||||
- add_servers_from_dhcp;;
|
||||
- down)
|
||||
- clear_servers_from_dhcp;;
|
||||
-esac
|
||||
+if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then
|
||||
+ add_servers_from_dhcp
|
||||
+elif [ "$action" = "down" ]; then
|
||||
+ clear_servers_from_dhcp
|
||||
+fi
|
||||
|
||||
exit 0
|
||||
|
||||
From: Robert Fairley <rfairley@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 10:14:19 -0400
|
||||
Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig
|
||||
|
||||
Use the PEERNTP and NTPSERVERARGS environment variables from
|
||||
/etc/sysconfig/network{-scripts}.
|
||||
|
||||
Co-Authored-By: Christian Glombek <cglombek@redhat.com>
|
||||
|
||||
diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
|
||||
index 6ea4c37..a6ad35a 100644
|
||||
--- a/examples/chrony.nm-dispatcher.dhcp
|
||||
+++ b/examples/chrony.nm-dispatcher.dhcp
|
||||
@@ -6,16 +6,24 @@
|
||||
|
||||
chronyc=/usr/bin/chronyc
|
||||
default_server_options=iburst
|
||||
-server_dir=/var/run/chrony-dhcp
|
||||
+server_dir=/run/chrony-dhcp
|
||||
|
||||
dhcp_server_file=$server_dir/$interface.sources
|
||||
# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
|
||||
nm_dhcp_servers=$DHCP4_NTP_SERVERS
|
||||
|
||||
+[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
|
||||
+[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \
|
||||
+ . /etc/sysconfig/network-scripts/ifcfg-"${interface}"
|
||||
+
|
||||
add_servers_from_dhcp() {
|
||||
rm -f "$dhcp_server_file"
|
||||
+
|
||||
+ # Don't add NTP servers if PEERNTP=no specified; return early.
|
||||
+ [ "$PEERNTP" = "no" ] && return
|
||||
+
|
||||
for server in $nm_dhcp_servers; do
|
||||
- echo "server $server $default_server_options" >> "$dhcp_server_file"
|
||||
+ echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file"
|
||||
done
|
||||
$chronyc reload sources > /dev/null 2>&1 || :
|
||||
}
|
||||
--
|
||||
2.29.2
|
||||
|
||||
Use chrony-helper instead of chronyc to avoid changes in default chrony.conf
|
||||
|
||||
diff -up chrony-4.1/examples/chrony.nm-dispatcher.dhcp.nm-dispatcher-dhcp chrony-4.1/examples/chrony.nm-dispatcher.dhcp
|
||||
--- chrony-4.1/examples/chrony.nm-dispatcher.dhcp.nm-dispatcher-dhcp 2021-06-09 11:10:30.997416152 +0200
|
||||
+++ chrony-4.1/examples/chrony.nm-dispatcher.dhcp 2021-06-09 11:16:23.598381336 +0200
|
||||
@@ -9,11 +9,12 @@ export LC_ALL=C
|
||||
interface=$1
|
||||
action=$2
|
||||
|
||||
-chronyc=/usr/bin/chronyc
|
||||
+helper=/usr/libexec/chrony-helper
|
||||
default_server_options=iburst
|
||||
-server_dir=/run/chrony-dhcp
|
||||
+server_dir=/run/chrony-helper
|
||||
|
||||
-dhcp_server_file=$server_dir/$interface.sources
|
||||
+dhcp_server_tmpfile=$server_dir/tmp-nm-dhcp.$interface
|
||||
+dhcp_server_file=$server_dir/nm-dhcp.$interface
|
||||
# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
|
||||
nm_dhcp_servers=$DHCP4_NTP_SERVERS
|
||||
|
||||
@@ -24,24 +24,30 @@ nm_dhcp_servers=$DHCP4_NTP_SERVERS
|
||||
add_servers_from_dhcp() {
|
||||
rm -f "$dhcp_server_file"
|
||||
|
||||
+ # Remove servers saved by the dhclient script before it detected NM.
|
||||
+ rm -f "/var/lib/dhclient/chrony.servers.$interface"
|
||||
+
|
||||
# Don't add NTP servers if PEERNTP=no specified; return early.
|
||||
[ "$PEERNTP" = "no" ] && return
|
||||
|
||||
+ # Create the directory with correct SELinux context.
|
||||
+ $helper create-helper-directory > /dev/null 2>&1
|
||||
+
|
||||
for server in $nm_dhcp_servers; do
|
||||
- echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file"
|
||||
+ echo "$server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_tmpfile"
|
||||
done
|
||||
+ [ -e "$dhcp_server_tmpfile" ] && mv "$dhcp_server_tmpfile" "$dhcp_server_file"
|
||||
- $chronyc reload sources > /dev/null 2>&1 || :
|
||||
+
|
||||
+ $helper update-daemon > /dev/null 2>&1 || :
|
||||
}
|
||||
|
||||
clear_servers_from_dhcp() {
|
||||
if [ -f "$dhcp_server_file" ]; then
|
||||
rm -f "$dhcp_server_file"
|
||||
- $chronyc reload sources > /dev/null 2>&1 || :
|
||||
+ $helper update-daemon > /dev/null 2>&1 || :
|
||||
fi
|
||||
}
|
||||
|
||||
-mkdir -p $server_dir
|
||||
-
|
||||
if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then
|
||||
add_servers_from_dhcp
|
||||
elif [ "$action" = "down" ]; then
|
86
SOURCES/chrony-reload.patch
Normal file
86
SOURCES/chrony-reload.patch
Normal file
@ -0,0 +1,86 @@
|
||||
commit f49be7f06343ee27fff2950937d7f6742f53976f
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Tue Mar 12 14:30:27 2024 +0100
|
||||
|
||||
conf: don't load sourcedir during initstepslew and RTC init
|
||||
|
||||
If the reload sources command was received in the chronyd start-up
|
||||
sequence with initstepslew and/or RTC init (-s option), the sources
|
||||
loaded from sourcedirs caused a crash due to failed assertion after
|
||||
adding sources specified in the config.
|
||||
|
||||
Ignore the reload sources command until chronyd enters the normal
|
||||
operation mode.
|
||||
|
||||
Fixes: 519796de3756 ("conf: add sourcedirs directive")
|
||||
|
||||
diff --git a/conf.c b/conf.c
|
||||
index 6eae11c9..8849bdce 100644
|
||||
--- a/conf.c
|
||||
+++ b/conf.c
|
||||
@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources;
|
||||
static ARR_Instance ntp_source_dirs;
|
||||
/* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
|
||||
static ARR_Instance ntp_source_ids;
|
||||
+/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
|
||||
+static int conf_ntp_sources_added = 0;
|
||||
|
||||
/* Array of RefclockParameters */
|
||||
static ARR_Instance refclock_sources;
|
||||
@@ -1689,8 +1691,12 @@ reload_source_dirs(void)
|
||||
NSR_Status s;
|
||||
int d, pass;
|
||||
|
||||
+ /* Ignore reload command before adding configured sources */
|
||||
+ if (!conf_ntp_sources_added)
|
||||
+ return;
|
||||
+
|
||||
prev_size = ARR_GetSize(ntp_source_ids);
|
||||
- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size)
|
||||
+ if (ARR_GetSize(ntp_sources) != prev_size)
|
||||
assert(0);
|
||||
|
||||
/* Save the current sources and their configuration IDs */
|
||||
@@ -1859,7 +1865,10 @@ CNF_AddSources(void)
|
||||
Free(source->params.name);
|
||||
}
|
||||
|
||||
+ /* The arrays will be used for sourcedir (re)loading */
|
||||
ARR_SetSize(ntp_sources, 0);
|
||||
+ ARR_SetSize(ntp_source_ids, 0);
|
||||
+ conf_ntp_sources_added = 1;
|
||||
|
||||
reload_source_dirs();
|
||||
}
|
||||
diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload
|
||||
new file mode 100755
|
||||
index 00000000..cf7924b8
|
||||
--- /dev/null
|
||||
+++ b/test/simulation/203-initreload
|
||||
@@ -0,0 +1,26 @@
|
||||
+#!/usr/bin/env bash
|
||||
+
|
||||
+. ./test.common
|
||||
+
|
||||
+check_config_h 'FEAT_CMDMON 1' || test_skip
|
||||
+
|
||||
+# Test fix "conf: don't load sourcedir during initstepslew and RTC init"
|
||||
+
|
||||
+test_start "reload during initstepslew"
|
||||
+
|
||||
+client_conf="initstepslew 5 192.168.123.1
|
||||
+sourcedir tmp"
|
||||
+client_server_conf="#"
|
||||
+chronyc_conf="reload sources"
|
||||
+chronyc_start=4
|
||||
+
|
||||
+echo 'server 192.168.123.1' > tmp/sources.sources
|
||||
+
|
||||
+run_test || test_fail
|
||||
+check_chronyd_exit || test_fail
|
||||
+check_source_selection || test_fail
|
||||
+check_sync || test_fail
|
||||
+
|
||||
+check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail
|
||||
+
|
||||
+test_pass
|
39
SOURCES/chrony-serverstats.patch
Normal file
39
SOURCES/chrony-serverstats.patch
Normal file
@ -0,0 +1,39 @@
|
||||
commit e11b518a1ffa704986fb1f1835c425844ba248ef
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Mon Jan 8 11:35:56 2024 +0100
|
||||
|
||||
ntp: fix authenticated requests in serverstats
|
||||
|
||||
Fix the CLG_UpdateNtpStats() call to count requests passing the
|
||||
authentication check instead of requests triggering a KoD response
|
||||
(i.e. NTS NAK).
|
||||
|
||||
diff --git a/ntp_core.c b/ntp_core.c
|
||||
index 023e60b2..35801744 100644
|
||||
--- a/ntp_core.c
|
||||
+++ b/ntp_core.c
|
||||
@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
|
||||
CLG_DisableNtpTimestamps(&ntp_rx);
|
||||
}
|
||||
|
||||
- CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE &&
|
||||
+ CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE &&
|
||||
info.auth.mode != NTP_AUTH_MSSNTP,
|
||||
rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON);
|
||||
|
||||
diff --git a/test/system/010-nts b/test/system/010-nts
|
||||
index 8d92bbc8..b215efa3 100755
|
||||
--- a/test/system/010-nts
|
||||
+++ b/test/system/010-nts
|
||||
@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atm
|
||||
=========================================================================
|
||||
127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail
|
||||
|
||||
+run_chronyc "serverstats" || test_fail
|
||||
+check_chronyc_output "NTS-KE connections accepted: 1
|
||||
+NTS-KE connections dropped : 0
|
||||
+Authenticated NTP packets : [1-9][0-9]*" || test_fail
|
||||
+
|
||||
stop_chronyd || test_fail
|
||||
check_chronyd_messages || test_fail
|
||||
check_chronyd_files || test_fail
|
12
SOURCES/chrony-service-helper.patch
Normal file
12
SOURCES/chrony-service-helper.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff -up chrony-4.1/examples/chronyd.service.service-helper chrony-4.1/examples/chronyd.service
|
||||
--- chrony-4.1/examples/chronyd.service.service-helper 2021-05-12 13:06:15.000000000 +0200
|
||||
+++ chrony-4.1/examples/chronyd.service 2021-06-15 09:01:56.948968576 +0200
|
||||
@@ -10,6 +10,8 @@ Type=forking
|
||||
PIDFile=/run/chrony/chronyd.pid
|
||||
EnvironmentFile=-/etc/sysconfig/chronyd
|
||||
ExecStart=/usr/sbin/chronyd $OPTIONS
|
||||
+ExecStartPost=/usr/libexec/chrony-helper update-daemon
|
||||
+ExecStopPost=/usr/libexec/chrony-helper remove-daemon-state
|
||||
PrivateTmp=yes
|
||||
ProtectHome=yes
|
||||
ProtectSystem=full
|
81
SOURCES/chrony-services.patch
Normal file
81
SOURCES/chrony-services.patch
Normal file
@ -0,0 +1,81 @@
|
||||
diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
|
||||
index 72b028f2..b3aa7aa2 100644
|
||||
--- a/examples/chrony-wait.service
|
||||
+++ b/examples/chrony-wait.service
|
||||
@@ -16,31 +16,5 @@ TimeoutStartSec=180
|
||||
RemainAfterExit=yes
|
||||
StandardOutput=null
|
||||
|
||||
-CapabilityBoundingSet=
|
||||
-DevicePolicy=closed
|
||||
-DynamicUser=yes
|
||||
-IPAddressAllow=localhost
|
||||
-IPAddressDeny=any
|
||||
-LockPersonality=yes
|
||||
-MemoryDenyWriteExecute=yes
|
||||
-PrivateDevices=yes
|
||||
-PrivateUsers=yes
|
||||
-ProtectClock=yes
|
||||
-ProtectControlGroups=yes
|
||||
-ProtectHome=yes
|
||||
-ProtectHostname=yes
|
||||
-ProtectKernelLogs=yes
|
||||
-ProtectKernelModules=yes
|
||||
-ProtectKernelTunables=yes
|
||||
-ProtectProc=invisible
|
||||
-ProtectSystem=strict
|
||||
-RestrictAddressFamilies=AF_INET AF_INET6
|
||||
-RestrictNamespaces=yes
|
||||
-RestrictRealtime=yes
|
||||
-SystemCallArchitectures=native
|
||||
-SystemCallFilter=@system-service
|
||||
-SystemCallFilter=~@privileged @resources
|
||||
-UMask=0777
|
||||
-
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
diff --git a/examples/chronyd.service b/examples/chronyd.service
|
||||
index 4fb930ef..289548cb 100644
|
||||
--- a/examples/chronyd.service
|
||||
+++ b/examples/chronyd.service
|
||||
@@ -10,39 +10,9 @@ Type=forking
|
||||
PIDFile=/run/chrony/chronyd.pid
|
||||
EnvironmentFile=-/etc/sysconfig/chronyd
|
||||
ExecStart=/usr/sbin/chronyd $OPTIONS
|
||||
-
|
||||
-CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
-CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE
|
||||
-CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_MKNOD CAP_SYS_ADMIN
|
||||
-CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
-CapabilityBoundingSet=~CAP_SYS_PTRACE CAP_SYS_RAWIO CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM
|
||||
-DeviceAllow=char-pps rw
|
||||
-DeviceAllow=char-ptp rw
|
||||
-DeviceAllow=char-rtc rw
|
||||
-DevicePolicy=closed
|
||||
-LockPersonality=yes
|
||||
-MemoryDenyWriteExecute=yes
|
||||
-NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
-ProtectControlGroups=yes
|
||||
ProtectHome=yes
|
||||
-ProtectHostname=yes
|
||||
-ProtectKernelLogs=yes
|
||||
-ProtectKernelModules=yes
|
||||
-ProtectKernelTunables=yes
|
||||
-ProtectProc=invisible
|
||||
-ProtectSystem=strict
|
||||
-ReadWritePaths=/run /var/lib/chrony -/var/log
|
||||
-RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
-RestrictNamespaces=yes
|
||||
-RestrictSUIDSGID=yes
|
||||
-SystemCallArchitectures=native
|
||||
-SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @swap
|
||||
-
|
||||
-# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
|
||||
-NoNewPrivileges=no
|
||||
-ReadWritePaths=-/var/spool
|
||||
-RestrictAddressFamilies=AF_NETLINK
|
||||
+ProtectSystem=full
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,7 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
CHRONY_SOURCEDIR=/run/chrony-dhcp
|
||||
SERVERFILE=$CHRONY_SOURCEDIR/$interface.sources
|
||||
SERVERFILE=$SAVEDIR/chrony.servers.$interface
|
||||
|
||||
chrony_config() {
|
||||
# Disable modifications if called from a NM dispatcher script
|
||||
@ -9,11 +8,10 @@ chrony_config() {
|
||||
|
||||
rm -f "$SERVERFILE"
|
||||
if [ "$PEERNTP" != "no" ]; then
|
||||
mkdir -p $CHRONY_SOURCEDIR
|
||||
for server in $new_ntp_servers; do
|
||||
echo "server $server ${NTPSERVERARGS:-iburst}" >> "$SERVERFILE"
|
||||
echo "$server ${NTPSERVERARGS:-iburst}" >> "$SERVERFILE"
|
||||
done
|
||||
/usr/bin/chronyc reload sources > /dev/null 2>&1 || :
|
||||
/usr/libexec/chrony-helper update-daemon || :
|
||||
fi
|
||||
}
|
||||
|
||||
@ -22,6 +20,6 @@ chrony_restore() {
|
||||
|
||||
if [ -f "$SERVERFILE" ]; then
|
||||
rm -f "$SERVERFILE"
|
||||
/usr/bin/chronyc reload sources > /dev/null 2>&1 || :
|
||||
/usr/libexec/chrony-helper update-daemon || :
|
||||
fi
|
||||
}
|
285
SOURCES/chrony.helper
Normal file
285
SOURCES/chrony.helper
Normal file
@ -0,0 +1,285 @@
|
||||
#!/bin/bash
|
||||
# This script configures running chronyd to use NTP servers obtained from
|
||||
# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
|
||||
# externally (e.g. by a dhclient script). Files with servers from DNS SRV
|
||||
# records are updated here using the dig utility. The script can also list
|
||||
# and set static sources in the chronyd configuration file.
|
||||
|
||||
chronyc=/usr/bin/chronyc
|
||||
chrony_conf=/etc/chrony.conf
|
||||
chrony_service=chronyd.service
|
||||
helper_dir=/run/chrony-helper
|
||||
added_servers_file=$helper_dir/added_servers
|
||||
|
||||
network_sysconfig_file=/etc/sysconfig/network
|
||||
nm_servers_files="$helper_dir/nm-dhcp.*"
|
||||
dhclient_servers_files="/var/lib/dhclient/chrony.servers.*"
|
||||
dnssrv_servers_files="$helper_dir/dnssrv@*"
|
||||
dnssrv_timer_prefix=chrony-dnssrv@
|
||||
|
||||
. $network_sysconfig_file &> /dev/null
|
||||
|
||||
chrony_command() {
|
||||
$chronyc -n -m "$@"
|
||||
}
|
||||
|
||||
is_running() {
|
||||
chrony_command "tracking" &> /dev/null
|
||||
}
|
||||
|
||||
get_servers_files() {
|
||||
[ "$PEERNTP" != "no" ] && echo "$nm_servers_files"
|
||||
[ "$PEERNTP" != "no" ] && echo "$dhclient_servers_files"
|
||||
echo "$dnssrv_servers_files"
|
||||
}
|
||||
|
||||
is_update_needed() {
|
||||
for file in $(get_servers_files) $added_servers_file; do
|
||||
[ -e "$file" ] && return 0
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
remove_daemon_state() {
|
||||
rm -f $added_servers_file
|
||||
}
|
||||
|
||||
update_daemon() {
|
||||
local all_servers_with_args all_servers added_servers
|
||||
|
||||
if ! is_running; then
|
||||
remove_daemon_state
|
||||
return 0
|
||||
fi
|
||||
|
||||
all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null)
|
||||
|
||||
all_servers=$(
|
||||
echo "$all_servers_with_args" |
|
||||
while read -r server serverargs; do
|
||||
echo "$server"
|
||||
done | sort -u)
|
||||
added_servers=$( (
|
||||
cat $added_servers_file 2> /dev/null
|
||||
echo "$all_servers_with_args" |
|
||||
while read -r server serverargs; do
|
||||
[ -z "$server" ] && continue
|
||||
chrony_command "add server $server $serverargs" &> /dev/null &&
|
||||
echo "$server"
|
||||
done) | sort -u)
|
||||
|
||||
comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
|
||||
while read -r server; do
|
||||
chrony_command -c sources -a 2>/dev/null |
|
||||
while IFS=, read -r type _ address _; do
|
||||
[ "$type" = "^" ] || continue
|
||||
[ "$(chrony_command "sourcename $address")" = "$server" ] || continue
|
||||
chrony_command "delete $address" &> /dev/null
|
||||
break
|
||||
done
|
||||
done
|
||||
|
||||
added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
|
||||
|
||||
if [ -n "$added_servers" ]; then
|
||||
echo "$added_servers" > $added_servers_file
|
||||
else
|
||||
rm -f $added_servers_file
|
||||
fi
|
||||
}
|
||||
|
||||
get_dnssrv_servers() {
|
||||
local name=$1 output
|
||||
|
||||
if ! command -v dig &> /dev/null; then
|
||||
echo "Missing dig (DNS lookup utility)" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) || return 0
|
||||
|
||||
echo "$output" | while read -r _ _ port target; do
|
||||
server=${target%.}
|
||||
[ -z "$server" ] && continue
|
||||
echo "$server port $port ${NTPSERVERARGS:-iburst}"
|
||||
done
|
||||
}
|
||||
|
||||
check_dnssrv_name() {
|
||||
local name=$1
|
||||
|
||||
if [ -z "$name" ]; then
|
||||
echo "No DNS SRV name specified" >&2
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ "${name:0:9}" != _ntp._udp ]; then
|
||||
echo "DNS SRV name $name doesn't start with _ntp._udp" >&2
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
update_dnssrv_servers() {
|
||||
local name=$1
|
||||
local srv_file=$helper_dir/dnssrv@$name servers
|
||||
|
||||
check_dnssrv_name "$name" || return 1
|
||||
|
||||
servers=$(get_dnssrv_servers "$name")
|
||||
if [ -n "$servers" ]; then
|
||||
echo "$servers" > "$srv_file"
|
||||
else
|
||||
rm -f "$srv_file"
|
||||
fi
|
||||
}
|
||||
|
||||
set_dnssrv_timer() {
|
||||
local state=$1 name=$2
|
||||
local srv_file=$helper_dir/dnssrv@$name servers
|
||||
local timer
|
||||
|
||||
timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer || return 1
|
||||
|
||||
check_dnssrv_name "$name" || return 1
|
||||
|
||||
if [ "$state" = enable ]; then
|
||||
systemctl enable "$timer"
|
||||
systemctl start "$timer"
|
||||
elif [ "$state" = disable ]; then
|
||||
systemctl stop "$timer"
|
||||
systemctl disable "$timer"
|
||||
rm -f "$srv_file"
|
||||
fi
|
||||
}
|
||||
|
||||
list_dnssrv_timers() {
|
||||
systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \
|
||||
sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" |
|
||||
while read -r name; do
|
||||
systemd-escape --unescape "$name"
|
||||
done
|
||||
}
|
||||
|
||||
prepare_helper_dir() {
|
||||
mkdir -p $helper_dir
|
||||
exec 100> $helper_dir/lock
|
||||
if ! flock -w 20 100; then
|
||||
echo "Failed to lock $helper_dir" >&2
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
is_source_line() {
|
||||
local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+"
|
||||
[[ "$1" =~ $pattern ]]
|
||||
}
|
||||
|
||||
list_static_sources() {
|
||||
while read -r line; do
|
||||
if is_source_line "$line"; then
|
||||
echo "$line"
|
||||
fi
|
||||
done < $chrony_conf
|
||||
}
|
||||
|
||||
set_static_sources() {
|
||||
local new_config tmp_conf
|
||||
|
||||
new_config=$(
|
||||
sources=$(
|
||||
while read -r line; do
|
||||
is_source_line "$line" && echo "$line"
|
||||
done)
|
||||
|
||||
while read -r line; do
|
||||
if ! is_source_line "$line"; then
|
||||
echo "$line"
|
||||
continue
|
||||
fi
|
||||
|
||||
tmp_sources=$(
|
||||
local removed=0
|
||||
|
||||
echo "$sources" | while read -r line2; do
|
||||
if [ "$removed" -ne 0 ] || [ "$line" != "$line2" ]; then
|
||||
echo "$line2"
|
||||
else
|
||||
removed=1
|
||||
fi
|
||||
done)
|
||||
|
||||
[ "$sources" == "$tmp_sources" ] && continue
|
||||
sources=$tmp_sources
|
||||
echo "$line"
|
||||
done < $chrony_conf
|
||||
|
||||
echo "$sources"
|
||||
)
|
||||
|
||||
tmp_conf=${chrony_conf}.tmp
|
||||
|
||||
cp -a $chrony_conf $tmp_conf &&
|
||||
echo "$new_config" > $tmp_conf &&
|
||||
mv $tmp_conf $chrony_conf || return 1
|
||||
|
||||
systemctl try-restart $chrony_service
|
||||
}
|
||||
|
||||
print_help() {
|
||||
echo "Usage: $0 COMMAND"
|
||||
echo
|
||||
echo "Commands:"
|
||||
echo " create-helper-directory"
|
||||
echo " update-daemon"
|
||||
echo " remove-daemon-state"
|
||||
echo " update-dnssrv-servers NAME"
|
||||
echo " enable-dnssrv NAME"
|
||||
echo " disable-dnssrv NAME"
|
||||
echo " list-dnssrv"
|
||||
echo " list-static-sources"
|
||||
echo " set-static-sources < sources.list"
|
||||
echo " is-running"
|
||||
echo " command CHRONYC-COMMAND"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
create-helper-directory)
|
||||
prepare_helper_dir
|
||||
;;
|
||||
update-daemon|add-dhclient-servers|remove-dhclient-servers)
|
||||
is_update_needed || exit 0
|
||||
prepare_helper_dir && update_daemon
|
||||
;;
|
||||
remove-daemon-state)
|
||||
remove_daemon_state
|
||||
;;
|
||||
update-dnssrv-servers)
|
||||
prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon
|
||||
;;
|
||||
enable-dnssrv)
|
||||
set_dnssrv_timer enable "$2"
|
||||
;;
|
||||
disable-dnssrv)
|
||||
set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon
|
||||
;;
|
||||
list-dnssrv)
|
||||
list_dnssrv_timers
|
||||
;;
|
||||
list-static-sources)
|
||||
list_static_sources
|
||||
;;
|
||||
set-static-sources)
|
||||
set_static_sources
|
||||
;;
|
||||
is-running)
|
||||
is_running
|
||||
;;
|
||||
command|forced-command)
|
||||
chrony_command "$2"
|
||||
;;
|
||||
*)
|
||||
print_help
|
||||
exit 2
|
||||
esac
|
||||
|
||||
exit $?
|
680
SOURCES/ntp2chrony.py
Normal file
680
SOURCES/ntp2chrony.py
Normal file
@ -0,0 +1,680 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# Convert ntp configuration to chrony
|
||||
#
|
||||
# Copyright (C) 2018-2019 Miroslav Lichvar <mlichvar@redhat.com>
|
||||
#
|
||||
# Permission is hereby granted, free of charge, to any person obtaining
|
||||
# a copy of this software and associated documentation files (the
|
||||
# "Software"), to deal in the Software without restriction, including
|
||||
# without limitation the rights to use, copy, modify, merge, publish,
|
||||
# distribute, sublicense, and/or sell copies of the Software, and to
|
||||
# permit persons to whom the Software is furnished to do so, subject to
|
||||
# the following conditions:
|
||||
#
|
||||
# The above copyright notice and this permission notice shall be included
|
||||
# in all copies or substantial portions of the Software.
|
||||
#
|
||||
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||
# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||
# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||
# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
|
||||
import argparse
|
||||
import ipaddress
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
# python2 compatibility hacks
|
||||
if sys.version_info[0] < 3:
|
||||
from io import open
|
||||
reload(sys)
|
||||
sys.setdefaultencoding("utf-8")
|
||||
|
||||
|
||||
class NtpConfiguration(object):
|
||||
def __init__(self, root_dir, ntp_conf, step_tickers):
|
||||
self.root_dir = root_dir if root_dir != "/" else ""
|
||||
self.ntp_conf_path = ntp_conf
|
||||
self.step_tickers_path = step_tickers
|
||||
|
||||
# Read and write files using an 8-bit transparent encoding
|
||||
self.file_encoding = "latin-1"
|
||||
self.enabled_services = set()
|
||||
self.step_tickers = []
|
||||
self.time_sources = []
|
||||
self.fudges = {}
|
||||
self.restrictions = {
|
||||
# Built-in defaults
|
||||
ipaddress.ip_network(u"0.0.0.0/0"): set(),
|
||||
ipaddress.ip_network(u"::/0"): set(),
|
||||
}
|
||||
self.keyfile = ""
|
||||
self.keys = []
|
||||
self.trusted_keys = []
|
||||
self.driftfile = ""
|
||||
self.statistics = []
|
||||
self.leapfile = ""
|
||||
self.tos_options = {}
|
||||
self.ignored_directives = set()
|
||||
self.ignored_lines = []
|
||||
|
||||
# self.detect_enabled_services()
|
||||
self.parse_step_tickers()
|
||||
self.parse_ntp_conf()
|
||||
|
||||
def detect_enabled_services(self):
|
||||
for service in ["ntpdate", "ntpd", "ntp-wait"]:
|
||||
service_path = os.path.join(self.root_dir,
|
||||
"etc/systemd/system/multi-user.target.wants/{}.service".format(service))
|
||||
if os.path.islink(service_path):
|
||||
self.enabled_services.add(service)
|
||||
logging.info("Enabled services found in /etc/systemd/system: %s",
|
||||
" ".join(self.enabled_services))
|
||||
|
||||
def parse_step_tickers(self):
|
||||
if not self.step_tickers_path:
|
||||
return
|
||||
|
||||
path = os.path.join(self.root_dir, self.step_tickers_path)
|
||||
if not os.path.isfile(path):
|
||||
logging.info("Missing %s", path)
|
||||
return
|
||||
|
||||
with open(path, encoding=self.file_encoding) as f:
|
||||
for line in f:
|
||||
line = line[:line.find('#')]
|
||||
|
||||
words = line.split()
|
||||
|
||||
if not words:
|
||||
continue
|
||||
|
||||
self.step_tickers.extend(words)
|
||||
|
||||
def parse_ntp_conf(self, path=None):
|
||||
if path is None:
|
||||
path = os.path.join(self.root_dir, self.ntp_conf_path)
|
||||
|
||||
with open(path, encoding=self.file_encoding) as f:
|
||||
logging.info("Reading %s", path)
|
||||
|
||||
for line in f:
|
||||
line = line[:line.find('#')]
|
||||
|
||||
words = line.split()
|
||||
|
||||
if not words:
|
||||
continue
|
||||
|
||||
if not self.parse_directive(words):
|
||||
self.ignored_lines.append(line)
|
||||
|
||||
def parse_directive(self, words):
|
||||
name = words.pop(0)
|
||||
if name.startswith("logconfig"):
|
||||
name = "logconfig"
|
||||
|
||||
if words:
|
||||
if name in ["server", "peer", "pool"]:
|
||||
return self.parse_source(name, words)
|
||||
elif name == "fudge":
|
||||
return self.parse_fudge(words)
|
||||
elif name == "restrict":
|
||||
return self.parse_restrict(words)
|
||||
elif name == "tos":
|
||||
return self.parse_tos(words)
|
||||
elif name == "includefile":
|
||||
return self.parse_includefile(words)
|
||||
elif name == "keys":
|
||||
return self.parse_keys(words)
|
||||
elif name == "trustedkey":
|
||||
return self.parse_trustedkey(words)
|
||||
elif name == "driftfile":
|
||||
self.driftfile = words[0]
|
||||
elif name == "statistics":
|
||||
self.statistics = words
|
||||
elif name == "leapfile":
|
||||
self.leapfile = words[0]
|
||||
else:
|
||||
self.ignored_directives.add(name)
|
||||
return False
|
||||
else:
|
||||
self.ignored_directives.add(name)
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
def parse_source(self, source_type, words):
|
||||
ipv4_only = False
|
||||
ipv6_only = False
|
||||
source = {
|
||||
"type": source_type,
|
||||
"options": []
|
||||
}
|
||||
|
||||
if words[0] == "-4":
|
||||
ipv4_only = True
|
||||
words.pop(0)
|
||||
elif words[0] == "-6":
|
||||
ipv6_only = True
|
||||
words.pop(0)
|
||||
|
||||
if not words:
|
||||
return False
|
||||
|
||||
source["address"] = words.pop(0)
|
||||
|
||||
# Check if -4/-6 corresponds to the address and ignore hostnames
|
||||
if ipv4_only or ipv6_only:
|
||||
try:
|
||||
version = ipaddress.ip_address(source["address"]).version
|
||||
if (ipv4_only and version != 4) or (ipv6_only and version != 6):
|
||||
return False
|
||||
except ValueError:
|
||||
return False
|
||||
|
||||
if source["address"].startswith("127.127."):
|
||||
if not source["address"].startswith("127.127.1."):
|
||||
# Ignore non-LOCAL refclocks
|
||||
return False
|
||||
|
||||
while words:
|
||||
if len(words) >= 2 and words[0] in ["minpoll", "maxpoll", "version", "key"]:
|
||||
source["options"].append((words[0], words[1]))
|
||||
words = words[2:]
|
||||
elif words[0] in ["burst", "iburst", "noselect", "prefer", "true", "xleave"]:
|
||||
source["options"].append((words[0],))
|
||||
words.pop(0)
|
||||
else:
|
||||
return False
|
||||
|
||||
self.time_sources.append(source)
|
||||
return True
|
||||
|
||||
def parse_fudge(self, words):
|
||||
address = words.pop(0)
|
||||
options = {}
|
||||
|
||||
while words:
|
||||
if len(words) >= 2 and words[0] in ["stratum"]:
|
||||
if not words[1].isdigit():
|
||||
return False
|
||||
options[words[0]] = int(words[1])
|
||||
words = words[2:]
|
||||
elif len(words) >= 2:
|
||||
words = words[2:]
|
||||
else:
|
||||
return False
|
||||
|
||||
self.fudges[address] = options
|
||||
return True
|
||||
|
||||
def parse_restrict(self, words):
|
||||
ipv4_only = False
|
||||
ipv6_only = False
|
||||
flags = set()
|
||||
mask = ""
|
||||
|
||||
if words[0] == "-4":
|
||||
ipv4_only = True
|
||||
words.pop(0)
|
||||
elif words[0] == "-6":
|
||||
ipv6_only = True
|
||||
words.pop(0)
|
||||
|
||||
if not words:
|
||||
return False
|
||||
|
||||
address = words.pop(0)
|
||||
|
||||
while words:
|
||||
if len(words) >= 2 and words[0] == "mask":
|
||||
mask = words[1]
|
||||
words = words[2:]
|
||||
else:
|
||||
if words[0] not in ["kod", "nomodify", "notrap", "nopeer", "noquery",
|
||||
"limited", "ignore", "noserve"]:
|
||||
return False
|
||||
flags.add(words[0])
|
||||
words.pop(0)
|
||||
|
||||
# Convert to IP network(s), ignoring restrictions with hostnames
|
||||
networks = []
|
||||
if address == "default" and not mask:
|
||||
if not ipv6_only:
|
||||
networks.append(ipaddress.ip_network(u"0.0.0.0/0"))
|
||||
if not ipv4_only:
|
||||
networks.append(ipaddress.ip_network(u"::/0"))
|
||||
else:
|
||||
try:
|
||||
if mask:
|
||||
# Count bits in the mask (ipaddress does not support
|
||||
# expanded IPv6 netmasks)
|
||||
mask_ip = ipaddress.ip_address(mask)
|
||||
mask_str = "{0:0{1}b}".format(int(mask_ip), mask_ip.max_prefixlen)
|
||||
networks.append(ipaddress.ip_network(
|
||||
u"{}/{}".format(address, len(mask_str.rstrip('0')))))
|
||||
else:
|
||||
networks.append(ipaddress.ip_network(address))
|
||||
except ValueError:
|
||||
return False
|
||||
|
||||
if (ipv4_only and networks[-1].version != 4) or \
|
||||
(ipv6_only and networks[-1].version != 6):
|
||||
return False
|
||||
|
||||
for network in networks:
|
||||
self.restrictions[network] = flags
|
||||
|
||||
return True
|
||||
|
||||
def parse_tos(self, words):
|
||||
options = {}
|
||||
while words:
|
||||
if len(words) >= 2 and words[0] in ["minsane", "orphan"]:
|
||||
if not words[1].isdigit():
|
||||
return False
|
||||
options[words[0]] = int(words[1])
|
||||
words = words[2:]
|
||||
elif len(words) >= 2 and words[0] in ["maxdist"]:
|
||||
# Check if it is a float value
|
||||
if not words[1].replace('.', '', 1).isdigit():
|
||||
return False
|
||||
options[words[0]] = float(words[1])
|
||||
words = words[2:]
|
||||
else:
|
||||
return False
|
||||
|
||||
self.tos_options.update(options)
|
||||
|
||||
return True
|
||||
|
||||
def parse_includefile(self, words):
|
||||
path = os.path.join(self.root_dir, words[0])
|
||||
if not os.path.isfile(path):
|
||||
return False
|
||||
|
||||
self.parse_ntp_conf(path)
|
||||
return True
|
||||
|
||||
def parse_keys(self, words):
|
||||
keyfile = words[0]
|
||||
path = os.path.join(self.root_dir, keyfile)
|
||||
if not os.path.isfile(path):
|
||||
logging.info("Missing %s", path)
|
||||
return False
|
||||
|
||||
with open(path, encoding=self.file_encoding) as f:
|
||||
logging.info("Reading %s", path)
|
||||
keys = []
|
||||
for line in f:
|
||||
words = line.split()
|
||||
if len(words) < 3 or not words[0].isdigit():
|
||||
continue
|
||||
keys.append((int(words[0]), words[1], words[2]))
|
||||
|
||||
self.keyfile = keyfile
|
||||
self.keys = keys
|
||||
|
||||
return True
|
||||
|
||||
def parse_trustedkey(self, words):
|
||||
key_ranges = []
|
||||
for word in words:
|
||||
if word.isdigit():
|
||||
key_ranges.append((int(word), int(word)))
|
||||
elif re.match("^[0-9]+-[0-9]+$", word):
|
||||
first, last = word.split("-")
|
||||
key_ranges.append((int(first), int(last)))
|
||||
else:
|
||||
return False
|
||||
|
||||
self.trusted_keys = key_ranges
|
||||
return True
|
||||
|
||||
def write_chrony_configuration(self, chrony_conf_path, chrony_keys_path,
|
||||
dry_run=False, backup=False):
|
||||
chrony_conf = self.get_chrony_conf(chrony_keys_path)
|
||||
logging.debug("Generated %s:\n%s", chrony_conf_path, chrony_conf)
|
||||
|
||||
if not dry_run:
|
||||
self.write_file(chrony_conf_path, 0o644, chrony_conf, backup)
|
||||
|
||||
chrony_keys = self.get_chrony_keys()
|
||||
if chrony_keys:
|
||||
logging.debug("Generated %s:\n%s", chrony_keys_path, chrony_keys)
|
||||
|
||||
if not dry_run:
|
||||
self.write_file(chrony_keys_path, 0o640, chrony_keys, backup)
|
||||
|
||||
def get_processed_time_sources(self):
|
||||
# Convert {0,1,2,3}.*pool.ntp.org servers to 2.*pool.ntp.org pools
|
||||
|
||||
# Make shallow copies of all sources (only type will be modified)
|
||||
time_sources = [s.copy() for s in self.time_sources]
|
||||
|
||||
pools = {}
|
||||
for source in time_sources:
|
||||
if source["type"] != "server":
|
||||
continue
|
||||
m = re.match("^([0123])(\\.\\w+)?\\.pool\\.ntp\\.org$", source["address"])
|
||||
if m is None:
|
||||
continue
|
||||
number = m.group(1)
|
||||
zone = m.group(2)
|
||||
if zone not in pools:
|
||||
pools[zone] = []
|
||||
pools[zone].append((int(number), source))
|
||||
|
||||
remove_servers = set()
|
||||
for zone, pool in pools.items():
|
||||
# sort and skip all pools not in [0, 3] range
|
||||
pool.sort()
|
||||
if [number for number, source in pool] != [0, 1, 2, 3]:
|
||||
# only exact group of 4 servers can be converted, nothing to do here
|
||||
continue
|
||||
# verify that parameters are the same for all servers in the pool
|
||||
if not all([p[1]["options"] == pool[0][1]["options"] for p in pool]):
|
||||
break
|
||||
remove_servers.update([pool[i][1]["address"] for i in [0, 1, 3]])
|
||||
pool[2][1]["type"] = "pool"
|
||||
|
||||
processed_sources = []
|
||||
for source in time_sources:
|
||||
if source["type"] == "server" and source["address"] in remove_servers:
|
||||
continue
|
||||
processed_sources.append(source)
|
||||
return processed_sources
|
||||
|
||||
def get_chrony_conf_sources(self):
|
||||
conf = ""
|
||||
|
||||
if self.step_tickers:
|
||||
conf += "# Specify NTP servers used for initial correction.\n"
|
||||
conf += "initstepslew 0.1 {}\n".format(" ".join(self.step_tickers))
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Specify time sources.\n"
|
||||
|
||||
for source in self.get_processed_time_sources():
|
||||
address = source["address"]
|
||||
if address.startswith("127.127."):
|
||||
if address.startswith("127.127.1."):
|
||||
continue
|
||||
# No other refclocks are expected from the parser
|
||||
assert False
|
||||
else:
|
||||
conf += "{} {}".format(source["type"], address)
|
||||
for option in source["options"]:
|
||||
if option[0] in ["minpoll", "maxpoll", "version", "key",
|
||||
"iburst", "noselect", "prefer", "xleave"]:
|
||||
conf += " {}".format(" ".join(option))
|
||||
elif option[0] == "burst":
|
||||
conf += " presend 6"
|
||||
elif option[0] == "true":
|
||||
conf += " trust"
|
||||
else:
|
||||
# No other options are expected from the parser
|
||||
assert False
|
||||
conf += "\n"
|
||||
conf += "\n"
|
||||
|
||||
return conf
|
||||
|
||||
def get_chrony_conf_allows(self):
|
||||
allowed_networks = filter(lambda n: "ignore" not in self.restrictions[n] and
|
||||
"noserve" not in self.restrictions[n],
|
||||
self.restrictions.keys())
|
||||
|
||||
conf = ""
|
||||
for network in sorted(allowed_networks, key=lambda n: (n.version, n)):
|
||||
if network.num_addresses > 1:
|
||||
conf += "allow {}\n".format(network)
|
||||
else:
|
||||
conf += "allow {}\n".format(network.network_address)
|
||||
|
||||
if conf:
|
||||
conf = "# Allow NTP client access.\n" + conf
|
||||
conf += "\n"
|
||||
|
||||
return conf
|
||||
|
||||
def get_chrony_conf_cmdallows(self):
|
||||
allowed_networks = filter(lambda n: "ignore" not in self.restrictions[n] and
|
||||
"noquery" not in self.restrictions[n] and
|
||||
n != ipaddress.ip_network(u"127.0.0.1/32") and
|
||||
n != ipaddress.ip_network(u"::1/128"),
|
||||
self.restrictions.keys())
|
||||
|
||||
ip_versions = set()
|
||||
conf = ""
|
||||
for network in sorted(allowed_networks, key=lambda n: (n.version, n)):
|
||||
ip_versions.add(network.version)
|
||||
if network.num_addresses > 1:
|
||||
conf += "cmdallow {}\n".format(network)
|
||||
else:
|
||||
conf += "cmdallow {}\n".format(network.network_address)
|
||||
|
||||
if conf:
|
||||
conf = "# Allow remote monitoring.\n" + conf
|
||||
if 4 in ip_versions:
|
||||
conf += "bindcmdaddress 0.0.0.0\n"
|
||||
if 6 in ip_versions:
|
||||
conf += "bindcmdaddress ::\n"
|
||||
conf += "\n"
|
||||
|
||||
return conf
|
||||
|
||||
def get_chrony_conf(self, chrony_keys_path):
|
||||
local_stratum = 0
|
||||
maxdistance = 0.0
|
||||
minsources = 1
|
||||
orphan_stratum = 0
|
||||
logs = []
|
||||
|
||||
for source in self.time_sources:
|
||||
address = source["address"]
|
||||
if address.startswith("127.127.1."):
|
||||
if address in self.fudges and "stratum" in self.fudges[address]:
|
||||
local_stratum = self.fudges[address]["stratum"]
|
||||
else:
|
||||
local_stratum = 5
|
||||
|
||||
if "maxdist" in self.tos_options:
|
||||
maxdistance = self.tos_options["maxdist"]
|
||||
if "minsane" in self.tos_options:
|
||||
minsources = self.tos_options["minsane"]
|
||||
if "orphan" in self.tos_options:
|
||||
orphan_stratum = self.tos_options["orphan"]
|
||||
|
||||
if "clockstats" in self.statistics:
|
||||
logs.append("refclocks")
|
||||
if "loopstats" in self.statistics:
|
||||
logs.append("tracking")
|
||||
if "peerstats" in self.statistics:
|
||||
logs.append("statistics")
|
||||
if "rawstats" in self.statistics:
|
||||
logs.append("measurements")
|
||||
|
||||
conf = "# This file was converted from {}{}.\n".format(
|
||||
self.ntp_conf_path,
|
||||
" and " + self.step_tickers_path if self.step_tickers_path else "")
|
||||
conf += "\n"
|
||||
|
||||
if self.ignored_lines:
|
||||
conf += "# The following directives were ignored in the conversion:\n"
|
||||
|
||||
for line in self.ignored_lines:
|
||||
# Remove sensitive information
|
||||
line = re.sub(r"\s+pw\s+\S+", " pw XXX", line.rstrip())
|
||||
conf += "# " + line + "\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += self.get_chrony_conf_sources()
|
||||
|
||||
conf += "# Record the rate at which the system clock gains/losses time.\n"
|
||||
if not self.driftfile:
|
||||
conf += "#"
|
||||
conf += "driftfile /var/lib/chrony/drift\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Allow the system clock to be stepped in the first three updates\n"
|
||||
conf += "# if its offset is larger than 1 second.\n"
|
||||
conf += "makestep 1.0 3\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Enable kernel synchronization of the real-time clock (RTC).\n"
|
||||
conf += "rtcsync\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Enable hardware timestamping on all interfaces that support it.\n"
|
||||
conf += "#hwtimestamp *\n"
|
||||
conf += "\n"
|
||||
|
||||
if maxdistance > 0.0:
|
||||
conf += "# Specify the maximum distance of sources to be selectable.\n"
|
||||
conf += "maxdistance {}\n".format(maxdistance)
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Increase the minimum number of selectable sources required to adjust\n"
|
||||
conf += "# the system clock.\n"
|
||||
if minsources > 1:
|
||||
conf += "minsources {}\n".format(minsources)
|
||||
else:
|
||||
conf += "#minsources 2\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += self.get_chrony_conf_allows()
|
||||
|
||||
conf += self.get_chrony_conf_cmdallows()
|
||||
|
||||
conf += "# Serve time even if not synchronized to a time source.\n"
|
||||
if orphan_stratum > 0 and orphan_stratum < 16:
|
||||
conf += "local stratum {} orphan\n".format(orphan_stratum)
|
||||
elif local_stratum > 0 and local_stratum < 16:
|
||||
conf += "local stratum {}\n".format(local_stratum)
|
||||
else:
|
||||
conf += "#local stratum 10\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Specify file containing keys for NTP authentication.\n"
|
||||
conf += "keyfile {}\n".format(chrony_keys_path)
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Get TAI-UTC offset and leap seconds from the system tz database.\n"
|
||||
conf += "leapsectz right/UTC\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Specify directory for log files.\n"
|
||||
conf += "logdir /var/log/chrony\n"
|
||||
conf += "\n"
|
||||
|
||||
conf += "# Select which information is logged.\n"
|
||||
if logs:
|
||||
conf += "log {}\n".format(" ".join(logs))
|
||||
else:
|
||||
conf += "#log measurements statistics tracking\n"
|
||||
|
||||
return conf
|
||||
|
||||
def get_chrony_keys(self):
|
||||
if not self.keyfile:
|
||||
return ""
|
||||
|
||||
keys = "# This file was converted from {}.\n".format(self.keyfile)
|
||||
keys += "\n"
|
||||
|
||||
for key in self.keys:
|
||||
key_id = key[0]
|
||||
key_type = key[1]
|
||||
password = key[2]
|
||||
|
||||
if key_type in ["m", "M"]:
|
||||
key_type = "MD5"
|
||||
elif key_type == "AES128CMAC":
|
||||
key_type = "AES128"
|
||||
elif key_type not in ["MD5", "SHA1", "SHA256", "SHA384", "SHA512"]:
|
||||
continue
|
||||
|
||||
prefix = "ASCII" if len(password) <= 20 else "HEX"
|
||||
|
||||
for first, last in self.trusted_keys:
|
||||
if first <= key_id <= last:
|
||||
trusted = True
|
||||
break
|
||||
else:
|
||||
trusted = False
|
||||
|
||||
# Disable keys that were not marked as trusted
|
||||
if not trusted:
|
||||
keys += "#"
|
||||
|
||||
keys += "{} {} {}:{}\n".format(key_id, key_type, prefix, password)
|
||||
|
||||
return keys
|
||||
|
||||
def write_file(self, path, mode, content, backup):
|
||||
path = self.root_dir + path
|
||||
if backup and os.path.isfile(path):
|
||||
os.rename(path, path + ".old")
|
||||
|
||||
with open(os.open(path, os.O_CREAT | os.O_WRONLY | os.O_EXCL, mode), "w",
|
||||
encoding=self.file_encoding) as f:
|
||||
logging.info("Writing %s", path)
|
||||
f.write(u"" + content)
|
||||
|
||||
# Fix SELinux context if restorecon is installed
|
||||
try:
|
||||
subprocess.call(["restorecon", path])
|
||||
except OSError:
|
||||
pass
|
||||
|
||||
|
||||
def main():
|
||||
parser = argparse.ArgumentParser(description="Convert ntp configuration to chrony.")
|
||||
parser.add_argument("-r", "--root", dest="roots", default=["/"], nargs="+",
|
||||
metavar="DIR", help="specify root directory (default /)")
|
||||
parser.add_argument("--ntp-conf", action="store", default="/etc/ntp.conf",
|
||||
metavar="FILE", help="specify ntp config (default /etc/ntp.conf)")
|
||||
parser.add_argument("--step-tickers", action="store", default="",
|
||||
metavar="FILE", help="specify ntpdate step-tickers config (no default)")
|
||||
parser.add_argument("--chrony-conf", action="store", default="/etc/chrony.conf",
|
||||
metavar="FILE", help="specify chrony config (default /etc/chrony.conf)")
|
||||
parser.add_argument("--chrony-keys", action="store", default="/etc/chrony.keys",
|
||||
metavar="FILE", help="specify chrony keyfile (default /etc/chrony.keys)")
|
||||
parser.add_argument("-b", "--backup", action="store_true", help="backup existing configs before writing")
|
||||
parser.add_argument("-L", "--ignored-lines", action="store_true", help="print ignored lines")
|
||||
parser.add_argument("-D", "--ignored-directives", action="store_true",
|
||||
help="print names of ignored directives")
|
||||
parser.add_argument("-n", "--dry-run", action="store_true", help="don't make any changes")
|
||||
parser.add_argument("-v", "--verbose", action="count", default=0, help="increase verbosity")
|
||||
|
||||
args = parser.parse_args()
|
||||
|
||||
logging.basicConfig(format="%(message)s",
|
||||
level=[logging.ERROR, logging.INFO, logging.DEBUG][min(args.verbose, 2)])
|
||||
|
||||
for root in args.roots:
|
||||
conf = NtpConfiguration(root, args.ntp_conf, args.step_tickers)
|
||||
|
||||
if args.ignored_lines:
|
||||
for line in conf.ignored_lines:
|
||||
print(line)
|
||||
|
||||
if args.ignored_directives:
|
||||
for directive in conf.ignored_directives:
|
||||
print(directive)
|
||||
|
||||
conf.write_chrony_configuration(args.chrony_conf, args.chrony_keys, args.dry_run, args.backup)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
@ -1,46 +1,57 @@
|
||||
%global _hardened_build 1
|
||||
%global clknetsim_ver 40bb97
|
||||
%global clknetsim_ver 5d1dc0
|
||||
%global ntp2chrony_ver 233b75
|
||||
%bcond_without debug
|
||||
%bcond_without nts
|
||||
|
||||
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
||||
%bcond_without seccomp
|
||||
%endif
|
||||
|
||||
Name: chrony
|
||||
Version: 4.6.1
|
||||
Release: 1%{?dist}
|
||||
Version: 4.5
|
||||
Release: 2%{?dist}
|
||||
Summary: An NTP client/server
|
||||
|
||||
License: GPL-2.0-only
|
||||
Group: System Environment/Daemons
|
||||
License: GPLv2
|
||||
URL: https://chrony-project.org
|
||||
Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz
|
||||
Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
|
||||
Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
|
||||
Source3: chrony.dhclient
|
||||
Source4: chrony.sysusers
|
||||
Source1: chrony.dhclient
|
||||
Source2: chrony.helper
|
||||
Source3: chrony-dnssrv@.service
|
||||
Source4: chrony-dnssrv@.timer
|
||||
# simulator for test suite
|
||||
Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz
|
||||
# script for converting ntp configuration to chrony
|
||||
Source11: https://github.com/mlichvar/ntp2chrony/raw/%{ntp2chrony_ver}/ntp2chrony/ntp2chrony.py
|
||||
%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
|
||||
|
||||
# add distribution-specific bits to DHCP dispatcher
|
||||
# revert upstream changes in packaged service files
|
||||
Patch0: chrony-services.patch
|
||||
# modify NetworkManager DHCP dispatcher to work with chrony-helper and
|
||||
# follow distribution-specific configuration
|
||||
Patch1: chrony-nm-dispatcher-dhcp.patch
|
||||
# keep PHC refclock reachable when dropping samples due to high delay
|
||||
Patch2: chrony-refclkreach.patch
|
||||
# add NTP servers from DHCP when starting service
|
||||
Patch2: chrony-service-helper.patch
|
||||
# revert upstream changes in packaged configuration examples
|
||||
Patch3: chrony-defconfig.patch
|
||||
# fix serverstats to correctly count authenticated packets
|
||||
Patch4: chrony-serverstats.patch
|
||||
# fix crash on reload command during start
|
||||
Patch5: chrony-reload.patch
|
||||
# enable AES-CMAC support using gnutls (but keep nettle for hashing)
|
||||
Patch6: chrony-cmac.patch
|
||||
|
||||
BuildRequires: gnutls-devel libcap-devel libedit-devel pps-tools-devel
|
||||
BuildRequires: gcc gcc-c++ make bison systemd gnupg2
|
||||
%{?with_nts:BuildRequires: gnutls-utils}
|
||||
%{?with_seccomp:BuildRequires: libseccomp-devel}
|
||||
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
|
||||
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
|
||||
BuildRequires: libseccomp-devel
|
||||
%endif
|
||||
BuildRequires: gcc gcc-c++ make bison systemd
|
||||
BuildRequires: kernel-headers > 4.18.0-87
|
||||
%{?with_nts:BuildRequires: gnutls-devel gnutls-utils}
|
||||
|
||||
Requires(pre): shadow-utils
|
||||
%{?systemd_requires}
|
||||
%{?sysusers_requires_compat}
|
||||
|
||||
# Needed by the leapsectz directive in default chrony.conf
|
||||
Requires: tzdata
|
||||
|
||||
# Old NetworkManager expects the dispatcher scripts in a different place
|
||||
Conflicts: NetworkManager < 1.20
|
||||
# install timedated implementation that can control chronyd service
|
||||
Recommends: timedatex
|
||||
|
||||
# suggest drivers for hardware reference clocks
|
||||
Suggests: ntp-refclock
|
||||
@ -57,23 +68,27 @@ service to other computers in the network.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
|
||||
%setup -q -n %{name}-%{version}%{?prerelease} -a 10
|
||||
%{?gitpatch:%patch -P 0 -p1}
|
||||
%patch -P 1 -p1 -b .nm-dispatcher-dhcp
|
||||
%patch -P 2 -p1
|
||||
%{?gitpatch:%patch0 -p1}
|
||||
%patch0 -p1 -b .services
|
||||
%patch1 -p1 -b .nm-dispatcher-dhcp
|
||||
%patch2 -p1 -b .service-helper
|
||||
%patch3 -p1 -b .defconfig
|
||||
%patch4 -p1 -b .serverstats
|
||||
%patch5 -p1
|
||||
%patch6 -p1 -b .cmac
|
||||
|
||||
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
|
||||
|
||||
# review changes in packaged configuration files and scripts
|
||||
md5sum -c <<-EOF | (! grep -v 'OK$')
|
||||
5530d6e60f84b76c27495485d2510bac examples/chrony-wait.service
|
||||
826354a2d467d6147e412d43bfe07484 examples/chrony.conf.example2
|
||||
bc563c1bcf67b2da774bd8c2aef55a06 examples/chrony-wait.service
|
||||
e473a9fab7fe200cacce3dca8b66290b examples/chrony.conf.example2
|
||||
96999221eeef476bd49fe97b97503126 examples/chrony.keys.example
|
||||
6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate
|
||||
c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp
|
||||
fabb5b3f127b802c27c82837feff0fe6 examples/chrony.nm-dispatcher.dhcp
|
||||
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline
|
||||
c11159b78b89684eca773db6236a9855 examples/chronyd.service
|
||||
46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service
|
||||
56d221eba8ce8a2e03d3e0dd87999a81 examples/chronyd.service
|
||||
EOF
|
||||
|
||||
# don't allow packaging without vendor zone
|
||||
@ -82,28 +97,26 @@ test -n "%{vendorzone}"
|
||||
# use example chrony.conf as the default config with some modifications:
|
||||
# - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses)
|
||||
# - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata
|
||||
# - use NTP servers from DHCP
|
||||
# - enable keyfile
|
||||
sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
|
||||
-e 's|#\(leapsectz\)|\1|' \
|
||||
-e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \
|
||||
-e 's|#\(keyfile\)|\1|' \
|
||||
< examples/chrony.conf.example2 > chrony.conf
|
||||
|
||||
touch -r examples/chrony.conf.example2 chrony.conf
|
||||
|
||||
# set selinux context in chronyd-restricted service
|
||||
sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
|
||||
examples/chronyd-restricted.service
|
||||
|
||||
# regenerate the file from getdate.y
|
||||
rm -f getdate.c
|
||||
|
||||
mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
|
||||
|
||||
install -m 644 -p %{SOURCE11} ntp2chrony.py
|
||||
|
||||
%build
|
||||
%configure \
|
||||
%{?with_debug: --enable-debug} \
|
||||
--enable-ntp-signd \
|
||||
%{?with_seccomp: --enable-scfilter} \
|
||||
--enable-scfilter \
|
||||
%{!?with_nts: --disable-nts} \
|
||||
--chronyrundir=/run/chrony \
|
||||
--docdir=%{_docdir} \
|
||||
@ -111,49 +124,48 @@ mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
|
||||
--with-user=chrony \
|
||||
--with-hwclockfile=%{_sysconfdir}/adjtime \
|
||||
--with-pidfile=/run/chrony/chronyd.pid \
|
||||
--with-sendmail=%{_sbindir}/sendmail \
|
||||
--without-nettle
|
||||
%make_build
|
||||
--with-sendmail=%{_sbindir}/sendmail
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%install
|
||||
%make_install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT%{_docdir}
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d
|
||||
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_sysusersdir}
|
||||
mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d
|
||||
mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}
|
||||
|
||||
install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf
|
||||
|
||||
install -m 755 -p %{SOURCE3} \
|
||||
install -m 640 -p examples/chrony.keys.example \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
|
||||
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony-onoffline
|
||||
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony-dhcp
|
||||
install -m 755 -p %{SOURCE1} \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
|
||||
install -m 644 -p examples/chrony.logrotate \
|
||||
$RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony
|
||||
|
||||
install -m 644 -p examples/chronyd.service \
|
||||
$RPM_BUILD_ROOT%{_unitdir}/chronyd.service
|
||||
install -m 644 -p examples/chronyd-restricted.service \
|
||||
$RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service
|
||||
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
|
||||
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
|
||||
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
|
||||
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp
|
||||
install -m 644 -p examples/chrony-wait.service \
|
||||
$RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service
|
||||
install -m 644 -p %{SOURCE4} \
|
||||
$RPM_BUILD_ROOT%{_sysusersdir}/chrony.conf
|
||||
install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service
|
||||
install -m 644 -p %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer
|
||||
|
||||
install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper
|
||||
|
||||
cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <<EOF
|
||||
# Command-line options for chronyd
|
||||
OPTIONS="%{?with_seccomp:-F 2}"
|
||||
OPTIONS=""
|
||||
EOF
|
||||
|
||||
touch $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
|
||||
touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}
|
||||
|
||||
echo 'chronyd.service' > \
|
||||
@ -161,47 +173,51 @@ echo 'chronyd.service' > \
|
||||
|
||||
%check
|
||||
# set random seed to get deterministic results
|
||||
export CLKNETSIM_RANDOM_SEED=24508
|
||||
%make_build -C test/simulation/clknetsim
|
||||
export CLKNETSIM_RANDOM_SEED=24502
|
||||
make %{?_smp_mflags} -C test/simulation/clknetsim
|
||||
make quickcheck
|
||||
|
||||
%pre
|
||||
%sysusers_create_compat %{SOURCE4}
|
||||
getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony
|
||||
getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \
|
||||
-d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony
|
||||
:
|
||||
|
||||
%post
|
||||
# migrate from chrony-helper to sourcedir directive
|
||||
if test -a %{_libexecdir}/chrony-helper; then
|
||||
grep -qi 'sourcedir /run/chrony-dhcp$' %{_sysconfdir}/chrony.conf 2> /dev/null || \
|
||||
echo -e '\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp' >> \
|
||||
%{_sysconfdir}/chrony.conf
|
||||
mkdir -p /run/chrony-dhcp
|
||||
for f in %{_localstatedir}/lib/dhclient/chrony.servers.*; do
|
||||
sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources"
|
||||
done 2> /dev/null
|
||||
# fix PIDFile in local chronyd.service on upgrades from chrony < 3.3-2
|
||||
if grep -q 'PIDFile=%{_localstatedir}/run/chronyd.pid' \
|
||||
%{_sysconfdir}/systemd/system/chronyd.service 2> /dev/null && \
|
||||
! grep -qi '^[ '$'\t'']*pidfile' %{_sysconfdir}/chrony.conf 2> /dev/null
|
||||
then
|
||||
sed -i '/PIDFile=/s|/run/|/run/chrony/|' \
|
||||
%{_sysconfdir}/systemd/system/chronyd.service
|
||||
fi
|
||||
%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service
|
||||
# workaround for late reload of unit file (#1614751)
|
||||
%{_bindir}/systemctl daemon-reload
|
||||
%systemd_post chronyd.service chrony-wait.service
|
||||
|
||||
%preun
|
||||
%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service
|
||||
%systemd_preun chronyd.service chrony-wait.service
|
||||
|
||||
%postun
|
||||
%systemd_postun_with_restart chronyd.service chronyd-restricted.service
|
||||
%systemd_postun_with_restart chronyd.service
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc FAQ NEWS README examples/chrony.keys.example
|
||||
%doc FAQ NEWS README ntp2chrony.py
|
||||
%config(noreplace) %{_sysconfdir}/chrony.conf
|
||||
%ghost %config %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
|
||||
%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/chrony
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
|
||||
%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony*
|
||||
%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
|
||||
%{_bindir}/chronyc
|
||||
%{_sbindir}/chronyd
|
||||
%{_prefix}/lib/NetworkManager
|
||||
%{_libexecdir}/chrony-helper
|
||||
%{_prefix}/lib/systemd/ntp-units.d/*.list
|
||||
%{_unitdir}/chrony*.service
|
||||
%{_sysusersdir}/chrony.conf
|
||||
%{_unitdir}/chrony*.timer
|
||||
%{_mandir}/man[158]/%{name}*.[158]*
|
||||
%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony
|
||||
%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift
|
||||
@ -209,223 +225,49 @@ fi
|
||||
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
|
||||
|
||||
%changelog
|
||||
* Wed Nov 06 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6.1-1
|
||||
- update to 4.6.1 (RHEL-61876)
|
||||
- keep PHC refclock reachable when dropping samples due to high delay
|
||||
(RHEL-65843)
|
||||
* Wed Sep 18 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-2.el8_10
|
||||
- fix crash on reload command during start (RHEL-59112)
|
||||
- enable AES-CMAC support using gnutls (RHEL-59032)
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.6-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
* Wed Jan 10 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
|
||||
- update to 4.5 (RHEL-21069 RHEL-10701)
|
||||
|
||||
* Tue Sep 03 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6-1
|
||||
- update to 4.6 (RHEL-55735)
|
||||
* Thu Jul 14 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
|
||||
- update to 4.2 (#2062356)
|
||||
- fix chrony-helper to delete sources by their original name (#2061660)
|
||||
- update ntp2chrony script (#2018045 #2063766)
|
||||
|
||||
* Tue Jul 02 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-6
|
||||
- fix gnutls build requirement
|
||||
- fix crash on reload command during start (RHEL-45854)
|
||||
|
||||
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.5-5
|
||||
- Bump release for June 2024 mass rebuild
|
||||
|
||||
* Tue May 28 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-4
|
||||
- disable nettle support in favor of gnutls (RHEL-38924)
|
||||
|
||||
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
||||
|
||||
* Tue Dec 05 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
|
||||
- update to 4.5
|
||||
|
||||
* Wed Nov 22 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-0.1.pre1
|
||||
- update to 4.5-pre1
|
||||
|
||||
* Wed Aug 09 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-1
|
||||
- update to 4.4
|
||||
- require tzdata (#2218368)
|
||||
|
||||
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-0.4.pre2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Wed Jun 21 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.3.pre2
|
||||
- update to 4.4-pre2
|
||||
- set selinux context in chronyd-restricted service (#2169949)
|
||||
|
||||
* Tue Jun 06 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.2.pre1
|
||||
- rebuild for AES-GCM-SIV in new nettle
|
||||
|
||||
* Wed May 10 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.1.pre1
|
||||
- update to 4.4-pre1
|
||||
- switch from patchX to patch -P X
|
||||
|
||||
* Wed Jan 25 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.3-3
|
||||
- drop default chrony.keys config (#2104918)
|
||||
- add chronyd-restricted service for minimal NTP client configurations
|
||||
- convert license tag to SPDX
|
||||
|
||||
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Wed Aug 31 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
|
||||
- update to 4.3
|
||||
|
||||
* Thu Aug 11 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-0.1.pre1
|
||||
- update to 4.3-pre1
|
||||
|
||||
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Tue May 24 2022 Luca BRUNO <lucab@lucabruno.net> - 4.2-6
|
||||
- Add a sysusers.d fragment for chrony user/group
|
||||
|
||||
* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.2-5
|
||||
- Drop obsolete workaround in scriptlet
|
||||
|
||||
* Wed Feb 09 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-4
|
||||
- update seccomp filter for latest glibc
|
||||
|
||||
* Tue Feb 08 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-3
|
||||
- use NTP servers passed by NetworkManager from DHCPv6 NTP server option
|
||||
|
||||
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Thu Dec 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
|
||||
- update to 4.2
|
||||
|
||||
* Thu Dec 02 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-0.1.pre1
|
||||
- update to 4.2-pre1
|
||||
|
||||
* Tue Nov 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-5
|
||||
- fix hardened chronyd service to allow writing log files
|
||||
|
||||
* Wed Sep 29 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-4
|
||||
- harden chronyd and chrony-wait services
|
||||
|
||||
* Mon Aug 09 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-3
|
||||
- update seccomp filter for new glibc
|
||||
- remove unnecessary build requirement
|
||||
|
||||
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Thu May 13 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1
|
||||
- update to 4.1
|
||||
- enable seccomp filter by default (incompatible with mailonchange directive)
|
||||
|
||||
* Thu Apr 22 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-0.1.pre1
|
||||
- update to 4.1-pre1
|
||||
- rework NM-dispatcher/dhclient detection
|
||||
- enable LTO on s390x
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.0-4
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Tue Feb 02 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.0-3
|
||||
- update NM DHCP dispatcher script
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
- Add BuildRequires: make
|
||||
- drop dnssrv service and timer
|
||||
|
||||
* Wed Oct 07 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-1
|
||||
- update to 4.0
|
||||
- update directory permissions to follow upstream
|
||||
|
||||
* Wed Sep 16 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-0.9.pre4
|
||||
- update to 4.0-pre4
|
||||
|
||||
* Wed Aug 26 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-0.8.pre3
|
||||
- update to 4.0-pre3
|
||||
- switch to sourcedir directive for loading servers from DHCP
|
||||
- add NetworkManager dispatcher script to save servers from DHCP when
|
||||
dhclient is not installed (Robert Fairley)
|
||||
- drop old migration code from scriptlet
|
||||
* Tue Jun 15 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1
|
||||
- update to 4.1 (#1895003 #1847853 #1929157)
|
||||
- add NetworkManager dispatcher script to add servers from DHCP even without
|
||||
dhclient (#1933139)
|
||||
- restrict permissions of /var/lib/chrony and /var/log/chrony (#1939295)
|
||||
- reset chrony-helper state after stopping chronyd (#1971697)
|
||||
- add gcc-c++ and make to build requirements
|
||||
- move default paths in /var/run to /run
|
||||
|
||||
* Mon Aug 10 2020 Jeff Law <law@redhat.com> - 4.0-0.7.pre2
|
||||
- Disable LTO on s390x
|
||||
* Tue May 21 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-1
|
||||
- update to 3.5 (#1685469 #1677218)
|
||||
- fix shellcheck warnings in helper scripts (#1711948)
|
||||
- update ntp2chrony script
|
||||
|
||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-0.6.pre2
|
||||
- Second attempt - Rebuilt for
|
||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.0-0.5.pre2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> 4.0-0.4.pre2
|
||||
- use make macros
|
||||
|
||||
* Mon May 04 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-0.3.pre2
|
||||
- rebuild for new nettle
|
||||
|
||||
* Mon Apr 20 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-0.2.pre2
|
||||
- update to 4.0-pre2
|
||||
|
||||
* Tue Mar 17 2020 Miroslav Lichvar <mlichvar@redhat.com> 4.0-0.1.pre1
|
||||
- update to 4.0-pre1
|
||||
- add net-tools to build requirements for testing
|
||||
- add missing dependency on coreutils
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Mon Jan 20 2020 Miroslav Lichvar <mlichvar@redhat.com> 3.5-7
|
||||
- fix testing with new glibc (#1792854)
|
||||
|
||||
* Wed Oct 09 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-6
|
||||
- drop timedatex recommendation
|
||||
- verify upstream signatures
|
||||
|
||||
* Thu Aug 22 2019 Lubomir Rintel <lkundrak@v3.sk> - 3.5-5
|
||||
- Move the NetworkManager dispatcher script out of /etc
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Jul 16 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-3
|
||||
- rebuild for new nettle
|
||||
|
||||
* Thu May 23 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-2
|
||||
- fix shellcheck warnings in helper scripts
|
||||
|
||||
* Tue May 14 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-1
|
||||
- update to 3.5
|
||||
|
||||
* Thu May 02 2019 Miroslav Lichvar <mlichvar@redhat.com> 3.5-0.1.pre1
|
||||
- update to 3.5-pre1
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Wed Sep 19 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.4-1
|
||||
- update to 3.4
|
||||
|
||||
* Fri Aug 31 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.4-0.1.pre1
|
||||
- update to 3.4-pre1
|
||||
|
||||
* Mon Aug 13 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-5
|
||||
* Mon Aug 13 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-3
|
||||
- fix PIDFile in local chronyd.service on upgrades from chrony < 3.3-2
|
||||
(#1614800)
|
||||
- add workaround for late reload of unit file (#1614751)
|
||||
|
||||
* Mon Jul 16 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-4
|
||||
- add gcc-c++ to build requirements
|
||||
|
||||
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon Jun 18 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-2
|
||||
- move pidfile to /var/run/chrony to allow chronyd to remove it on exit
|
||||
- avoid blocking in getrandom system call
|
||||
(#1584585)
|
||||
- avoid blocking in getrandom system call (#1592425)
|
||||
|
||||
* Wed Apr 04 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-1
|
||||
* Thu Apr 05 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-1
|
||||
- update to 3.3
|
||||
- enable keyfile by default again
|
||||
- update ntp2chrony script
|
||||
|
||||
* Mon Mar 19 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-0.2.pre1
|
||||
- include ntp2chrony script in documentation (#1530987)
|
||||
|
||||
* Thu Mar 15 2018 Miroslav Lichvar <mlichvar@redhat.com> 3.3-0.1.pre1
|
||||
- update to 3.3-pre1
|
@ -1,39 +0,0 @@
|
||||
From: Robert Fairley <rfairley@redhat.com>
|
||||
Date: Wed, 17 Jun 2020 10:14:19 -0400
|
||||
Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig
|
||||
|
||||
Use the PEERNTP and NTPSERVERARGS environment variables from
|
||||
/etc/sysconfig/network{-scripts}.
|
||||
|
||||
Co-Authored-By: Christian Glombek <cglombek@redhat.com>
|
||||
|
||||
diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
|
||||
index 6ea4c37..a6ad35a 100644
|
||||
--- a/examples/chrony.nm-dispatcher.dhcp
|
||||
+++ b/examples/chrony.nm-dispatcher.dhcp
|
||||
@@ -8,15 +8,23 @@ export LC_ALL=C
|
||||
interface=$1
|
||||
action=$2
|
||||
|
||||
+[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network
|
||||
+[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \
|
||||
+ . /etc/sysconfig/network-scripts/ifcfg-"${interface}"
|
||||
+
|
||||
chronyc=/usr/bin/chronyc
|
||||
-server_options=iburst
|
||||
-server_dir=/var/run/chrony-dhcp
|
||||
+server_options=${NTPSERVERARGS:-iburst}
|
||||
+server_dir=/run/chrony-dhcp
|
||||
|
||||
dhcp_server_file=$server_dir/$interface.sources
|
||||
dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"
|
||||
|
||||
add_servers_from_dhcp() {
|
||||
rm -f "$dhcp_server_file"
|
||||
+
|
||||
+ # Don't add NTP servers if PEERNTP=no specified; return early.
|
||||
+ [ "$PEERNTP" = "no" ] && return
|
||||
+
|
||||
for server in $dhcp_ntp_servers; do
|
||||
# Check for invalid characters (from the DHCPv6 NTP FQDN suboption)
|
||||
len1=$(printf '%s' "$server" | wc -c)
|
@ -1,226 +0,0 @@
|
||||
commit b9b338a8df23927d8104f41ecb21baa3558de0cd
|
||||
Author: Miroslav Lichvar <mlichvar@redhat.com>
|
||||
Date: Thu Oct 31 14:41:19 2024 +0100
|
||||
|
||||
refclock: rework update of reachability
|
||||
|
||||
Update the reachability register of a refclock source by 1 if a valid
|
||||
measurement is received by the drivers between source polls, and not
|
||||
only when it is accumulated to sourcestats, similarly to how
|
||||
reachability works with NTP sources.
|
||||
|
||||
This avoids drops in the reported reachability when a PHC refclock is
|
||||
dropping samples due to significant changes in the measured delay (e.g.
|
||||
due to high PCIe load), or a PPS refclock dropping samples due to failed
|
||||
lock.
|
||||
|
||||
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
|
||||
index 935f1da9..dea93c9f 100644
|
||||
--- a/doc/chronyc.adoc
|
||||
+++ b/doc/chronyc.adoc
|
||||
@@ -364,9 +364,12 @@ a measurement is being made every 64 seconds. *chronyd* automatically varies
|
||||
the polling rate in response to prevailing conditions.
|
||||
*Reach*:::
|
||||
This shows the source's reachability register printed as an octal number. The
|
||||
-register has 8 bits and is updated on every received or missed packet from
|
||||
-the source. A value of 377 indicates that a valid reply was received for all
|
||||
-from the last eight transmissions.
|
||||
+register has 8 bits. It is shifted to left by one bit with each poll and it is
|
||||
+updated by 1 when a valid NTP response, or just a sample in case of a reference
|
||||
+clock, is received from the source. A value of 377 indicates that a valid
|
||||
+response or sample was received for all of the last 8 polls. Note that samples
|
||||
+can be dropped if they are not considered good enough for synchronisation, but
|
||||
+the reachability register will still have 1s for their polls.
|
||||
*LastRx*:::
|
||||
This column shows how long ago the last good sample (which is shown in the next
|
||||
column) was received from the source. Measurements that failed some tests are
|
||||
diff --git a/refclock.c b/refclock.c
|
||||
index 22d775a5..d14560fa 100644
|
||||
--- a/refclock.c
|
||||
+++ b/refclock.c
|
||||
@@ -63,6 +63,7 @@ struct RCL_Instance_Record {
|
||||
int driver_poll;
|
||||
int driver_polled;
|
||||
int poll;
|
||||
+ int reached;
|
||||
int leap_status;
|
||||
int local;
|
||||
int pps_forced;
|
||||
@@ -175,6 +176,7 @@ RCL_AddRefclock(RefclockParameters *params)
|
||||
inst->driver_poll = params->driver_poll;
|
||||
inst->poll = params->poll;
|
||||
inst->driver_polled = 0;
|
||||
+ inst->reached = 0;
|
||||
inst->leap_status = LEAP_Normal;
|
||||
inst->local = params->local;
|
||||
inst->pps_forced = params->pps_forced;
|
||||
@@ -665,6 +667,12 @@ RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
|
||||
return 1;
|
||||
}
|
||||
|
||||
+void
|
||||
+RCL_UpdateReachability(RCL_Instance instance)
|
||||
+{
|
||||
+ instance->reached++;
|
||||
+}
|
||||
+
|
||||
double
|
||||
RCL_GetPrecision(RCL_Instance instance)
|
||||
{
|
||||
@@ -792,6 +800,9 @@ poll_timeout(void *arg)
|
||||
if (!(inst->driver->poll && inst->driver_polled < (1 << (inst->poll - inst->driver_poll)))) {
|
||||
inst->driver_polled = 0;
|
||||
|
||||
+ SRC_UpdateReachability(inst->source, inst->reached > 0);
|
||||
+ inst->reached = 0;
|
||||
+
|
||||
if (SPF_GetFilteredSample(inst->filter, &sample)) {
|
||||
double local_freq, local_offset;
|
||||
struct timespec local_ref_time;
|
||||
@@ -807,7 +818,6 @@ poll_timeout(void *arg)
|
||||
inst->leap_status = LEAP_Unsynchronised;
|
||||
}
|
||||
|
||||
- SRC_UpdateReachability(inst->source, 1);
|
||||
SRC_UpdateStatus(inst->source, stratum, inst->leap_status);
|
||||
SRC_AccumulateSample(inst->source, &sample);
|
||||
SRC_SelectSource(inst->source);
|
||||
@@ -816,8 +826,6 @@ poll_timeout(void *arg)
|
||||
follow_local(inst, &local_ref_time, local_freq, local_offset);
|
||||
|
||||
log_sample(inst, &sample.time, 1, 0, 0.0, sample.offset, sample.peer_dispersion);
|
||||
- } else {
|
||||
- SRC_UpdateReachability(inst->source, 0);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/refclock.h b/refclock.h
|
||||
index 40c852de..5fdbf9c7 100644
|
||||
--- a/refclock.h
|
||||
+++ b/refclock.h
|
||||
@@ -81,6 +81,7 @@ extern int RCL_AddSample(RCL_Instance instance, struct timespec *sample_time,
|
||||
extern int RCL_AddPulse(RCL_Instance instance, struct timespec *pulse_time, double second);
|
||||
extern int RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
|
||||
double second, double dispersion, double raw_correction);
|
||||
+extern void RCL_UpdateReachability(RCL_Instance instance);
|
||||
extern double RCL_GetPrecision(RCL_Instance instance);
|
||||
extern int RCL_GetDriverPoll(RCL_Instance instance);
|
||||
|
||||
diff --git a/refclock_phc.c b/refclock_phc.c
|
||||
index e12f2258..6c0914f6 100644
|
||||
--- a/refclock_phc.c
|
||||
+++ b/refclock_phc.c
|
||||
@@ -154,6 +154,8 @@ static void process_ext_pulse(RCL_Instance instance, struct timespec *phc_ts)
|
||||
}
|
||||
phc->last_extts = *phc_ts;
|
||||
|
||||
+ RCL_UpdateReachability(instance);
|
||||
+
|
||||
if (!HCL_CookTime(phc->clock, phc_ts, &local_ts, &local_err))
|
||||
return;
|
||||
|
||||
@@ -204,6 +206,9 @@ static int phc_poll(RCL_Instance instance)
|
||||
if (n_readings < 1)
|
||||
return 0;
|
||||
|
||||
+ if (!phc->extpps)
|
||||
+ RCL_UpdateReachability(instance);
|
||||
+
|
||||
if (!HCL_ProcessReadings(phc->clock, n_readings, readings, &phc_ts, &sys_ts, &phc_err))
|
||||
return 0;
|
||||
|
||||
diff --git a/refclock_pps.c b/refclock_pps.c
|
||||
index 880c13fc..f00b7ccb 100644
|
||||
--- a/refclock_pps.c
|
||||
+++ b/refclock_pps.c
|
||||
@@ -143,6 +143,8 @@ static int pps_poll(RCL_Instance instance)
|
||||
|
||||
pps->last_seq = seq;
|
||||
|
||||
+ RCL_UpdateReachability(instance);
|
||||
+
|
||||
return RCL_AddPulse(instance, &ts, 1.0e-9 * ts.tv_nsec);
|
||||
}
|
||||
|
||||
diff --git a/refclock_shm.c b/refclock_shm.c
|
||||
index ee13e871..22e51820 100644
|
||||
--- a/refclock_shm.c
|
||||
+++ b/refclock_shm.c
|
||||
@@ -109,6 +109,8 @@ static int shm_poll(RCL_Instance instance)
|
||||
|
||||
shm->valid = 0;
|
||||
|
||||
+ RCL_UpdateReachability(instance);
|
||||
+
|
||||
receive_ts.tv_sec = t.receiveTimeStampSec;
|
||||
clock_ts.tv_sec = t.clockTimeStampSec;
|
||||
|
||||
diff --git a/refclock_sock.c b/refclock_sock.c
|
||||
index 2da57ef5..49cf3559 100644
|
||||
--- a/refclock_sock.c
|
||||
+++ b/refclock_sock.c
|
||||
@@ -129,6 +129,8 @@ static void read_sample(int sockfd, int event, void *anything)
|
||||
UTI_TimevalToTimespec(&sample.tv, &sys_ts);
|
||||
UTI_NormaliseTimespec(&sys_ts);
|
||||
|
||||
+ RCL_UpdateReachability(instance);
|
||||
+
|
||||
if (!UTI_IsTimeOffsetSane(&sys_ts, sample.offset))
|
||||
return;
|
||||
|
||||
diff --git a/test/simulation/106-refclock b/test/simulation/106-refclock
|
||||
index dedab9b8..3793bd86 100755
|
||||
--- a/test/simulation/106-refclock
|
||||
+++ b/test/simulation/106-refclock
|
||||
@@ -114,6 +114,32 @@ Root delay : 0\.000000001 seconds
|
||||
rm -f tmp/refclocks.log
|
||||
fi
|
||||
|
||||
+export CLKNETSIM_PHC_JITTER_OFF=$[2 * 25 * 492]
|
||||
+export CLKNETSIM_PHC_JITTER_ON=$[2 * 25 * 8]
|
||||
+export CLKNETSIM_PHC_JITTER=1e-6
|
||||
+refclock_offset=0.0
|
||||
+refclock_jitter=1e-9
|
||||
+min_sync_time=5
|
||||
+max_sync_time=7
|
||||
+time_max_limit=1e-7
|
||||
+time_rms_limit=1e-8
|
||||
+client_conf="refclock PHC /dev/ptp0:nocrossts poll 0
|
||||
+logdir tmp
|
||||
+log refclocks"
|
||||
+chronyc_start=500
|
||||
+chronyc_conf="sources"
|
||||
+
|
||||
+run_test || test_fail
|
||||
+check_chronyd_exit || test_fail
|
||||
+check_source_selection || test_fail
|
||||
+check_sync || test_fail
|
||||
+check_chronyc_output "^MS.*
|
||||
+=*
|
||||
+#\* PHC0 0 0 377 8 .*$" || test_fail
|
||||
+
|
||||
+unset CLKNETSIM_PHC_JITTER_OFF
|
||||
+unset CLKNETSIM_PHC_JITTER_ON
|
||||
+export CLKNETSIM_PHC_JITTER=1e-7
|
||||
refclock_offset="(+ 0.399 (sum 1e-3))"
|
||||
refclock_jitter=1e-6
|
||||
servers=1
|
||||
diff -up chrony/doc/chronyc.man.orig chrony/doc/chronyc.man
|
||||
--- chrony/doc/chronyc.man.in.orig 2024-11-06 12:07:50.555216174 +0100
|
||||
+++ chrony/doc/chronyc.man.in 2024-11-06 12:07:58.131217759 +0100
|
||||
@@ -535,9 +535,12 @@ the polling rate in response to prevaili
|
||||
\fBReach\fP
|
||||
.RS 4
|
||||
This shows the source\(cqs reachability register printed as an octal number. The
|
||||
-register has 8 bits and is updated on every received or missed packet from
|
||||
-the source. A value of 377 indicates that a valid reply was received for all
|
||||
-from the last eight transmissions.
|
||||
+register has 8 bits. It is shifted to left by one bit with each poll and it is
|
||||
+updated by 1 when a valid NTP response, or just a sample in case of a reference
|
||||
+clock, is received from the source. A value of 377 indicates that a valid
|
||||
+response or sample was received for all of the last 8 polls. Note that samples
|
||||
+can be dropped if they are not considered good enough for synchronisation, but
|
||||
+the reachability register will still have 1s for their polls.
|
||||
.RE
|
||||
.sp
|
||||
\fBLastRx\fP
|
@ -1,2 +0,0 @@
|
||||
#Type Name ID GECOS Home directory Shell
|
||||
u chrony - "chrony system user" /var/lib/chrony /sbin/nologin
|
25
gating.yaml
25
gating.yaml
@ -1,25 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_testing
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#Rawhide
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- fedora-*
|
||||
decision_context: bodhi_update_push_stable
|
||||
subject_type: koji_build
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional}
|
||||
|
||||
#gating rhel
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-*
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional}
|
||||
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
|
@ -1,54 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1
|
||||
Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T
|
||||
c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl
|
||||
QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv
|
||||
tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR
|
||||
F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B
|
||||
FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+
|
||||
LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV
|
||||
jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2
|
||||
7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/
|
||||
v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB
|
||||
tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA
|
||||
PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK
|
||||
CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1
|
||||
6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s
|
||||
nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP
|
||||
nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r
|
||||
nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ
|
||||
cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/
|
||||
kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6
|
||||
LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W
|
||||
vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS
|
||||
y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G
|
||||
4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7
|
||||
qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC
|
||||
YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO
|
||||
uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR
|
||||
OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br
|
||||
O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms
|
||||
ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm
|
||||
HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn
|
||||
X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV
|
||||
HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5
|
||||
ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y
|
||||
mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs
|
||||
5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0
|
||||
1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ
|
||||
T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC
|
||||
YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm
|
||||
4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7
|
||||
qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6
|
||||
YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f
|
||||
eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/
|
||||
KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4
|
||||
QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+
|
||||
hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5
|
||||
BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B
|
||||
B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq
|
||||
hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb
|
||||
bcAu2uXfRrQxpaqcOg==
|
||||
=/wbD
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
36
plans.fmf
36
plans.fmf
@ -1,36 +0,0 @@
|
||||
/tier1-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/tier1/internal
|
||||
|
||||
/tier1-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/tier1/public
|
||||
|
||||
/tier2-tier3-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/tier2-tier3/internal
|
||||
|
||||
/tier2-tier3-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/tier2-tier3/public
|
||||
|
||||
/others-internal:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/others/internal
|
||||
|
||||
/others-public:
|
||||
plan:
|
||||
import:
|
||||
url: https://src.fedoraproject.org/tests/chrony.git
|
||||
name: /plans/others/public
|
||||
|
3
sources
3
sources
@ -1,3 +0,0 @@
|
||||
SHA512 (chrony-4.6.1.tar.gz) = 646ae08f2587366236796f2399d8ab3eb570979e0d82f5d13f5cec49939054c876cc93dc20c8d38e105fd3500e1720d05a223a15076783cd882d0de43afd9c7e
|
||||
SHA512 (chrony-4.6.1-tar-gz-asc.txt) = 992b706636bf3a7eb6d502562a4990c9d8e20e5f3011d2cdb2ceb32220e9a1c2bfa6eca767212cee49b811823872602dc33f9e7201a7f9a93cc9c90e81b1db49
|
||||
SHA512 (clknetsim-40bb97.tar.gz) = d0085340a7219dedbe1298f0c709824bcf6f698207cd1be87de38d108b829cd771ac0ea720ee83de3810c4530664a22e122f513516f1174bb9139eddbd359590
|
Loading…
Reference in New Issue
Block a user