diff --git a/.chrony.metadata b/.chrony.metadata index b0c5d0d..59f2c95 100644 --- a/.chrony.metadata +++ b/.chrony.metadata @@ -1,3 +1,2 @@ -bc7884eb4fde69478a00faee3d42092d426d57c1 SOURCES/chrony-4.3.tar.gz -9c453ae65e5c1a6983cd1121410faf1ffd2d9092 SOURCES/clknetsim-f00531.tar.gz -1395afa521d2e3302a31083edcf568bbc036aafc SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz +e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz diff --git a/.gitignore b/.gitignore index 422eb36..a1b6ce7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ -SOURCES/chrony-4.3.tar.gz -SOURCES/clknetsim-f00531.tar.gz -SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +SOURCES/chrony-4.5.tar.gz +SOURCES/clknetsim-5d1dc0.tar.gz diff --git a/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch b/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch index 95751e7..00ff7e0 100644 --- a/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch +++ b/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch @@ -1,25 +1,36 @@ -From 0e89d48f500c29f4370f77c438fa2ebeb80261bf Mon Sep 17 00:00:00 2001 -From: Sergey Cherevko -Date: Wed, 30 Aug 2023 17:02:52 +0300 +From fe74e4d7dec4ba1f8ffb5b0c2713e36a1ffb1a1c Mon Sep 17 00:00:00 2001 +From: Sergey Cherevko +Date: Mon, 10 Jun 2024 12:03:59 +0300 Subject: [PATCH] Synchronize time via Russian NTP servers --- - FAQ | 10 +++++----- + FAQ | 12 ++++++------ INSTALL | 4 ++-- - doc/chrony.conf.adoc | 9 ++++----- - doc/chrony.conf.man.in | 12 +++++------- - doc/faq.adoc | 10 +++++----- + doc/chrony.conf.adoc | 8 ++++---- + doc/chrony.conf.man.in | 12 ++++++------ + doc/chronyc.adoc | 2 +- + doc/chronyc.man.in | 4 ++-- + doc/faq.adoc | 12 ++++++------ doc/installation.adoc | 4 ++-- examples/chrony.conf.example1 | 11 +++++++++-- examples/chrony.conf.example2 | 12 +++++++++--- examples/chrony.conf.example3 | 4 ++-- - 9 files changed, 43 insertions(+), 33 deletions(-) + 11 files changed, 49 insertions(+), 36 deletions(-) diff --git a/FAQ b/FAQ -index 2bbb24e..92b71d2 100644 +index c96acfa..18687b7 100644 --- a/FAQ +++ b/FAQ -@@ -110,10 +110,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the +@@ -101,7 +101,7 @@ poll multiple servers at the same time and detect servers having incorrect time + (falsetickers in the NTP terminology). It should be used only with trusted + reliable servers, ideally in local network. + +-Using timesyncd with pool.ntp.org is problematic. The pool is very robust as a ++Using timesyncd with https://www.vniiftri.ru/ is problematic. The pool is very robust as a + whole, but the individual servers run by volunteers cannot be relied on. + Occasionally, servers drift away or make a step to distant past or future due + to misconfiguration, problematic implementation, and other bugs (e.g. in +@@ -141,10 +141,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the system time is periodically copied to the RTC. It is supported on Linux and macOS. @@ -28,39 +39,39 @@ index 2bbb24e..92b71d2 100644 minimal chrony.conf file could be: -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst driftfile /var/lib/chrony/drift makestep 1 3 rtcsync -@@ -392,7 +392,7 @@ the -Q option it will print the measured offset without setting the clock. If +@@ -433,7 +433,7 @@ the -Q option it will print the measured offset without setting the clock. If you do not want to use a configuration file, NTP servers can be specified on the command line. For example: -# chronyd -q 'pool pool.ntp.org iburst' -+# chronyd -q 'pool ntp1.vniiftri.ru iburst' ++# chronyd -q 'pool https://www.vniiftri.ru/ iburst' The command above would normally take about 5 seconds if the servers were well synchronised and responding to all requests. If not synchronised or responding, -@@ -403,7 +403,7 @@ option to one (supported since chrony version 4.0), and a timeout can be +@@ -444,7 +444,7 @@ option to one (supported since chrony version 4.0), and a timeout can be specified with the -t option. The following command would take only up to about one second. -# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1' -+# chronyd -q -t 1 'server ntp1.vniiftri.ru iburst maxsamples 1' ++# chronyd -q -t 1 'server https://www.vniiftri.ru/ iburst maxsamples 1' It is not recommended to run chronyd with the -q option periodically (e.g. from a cron job) as a replacement for the daemon mode, because it performs -@@ -466,7 +466,7 @@ same server instance. +@@ -507,7 +507,7 @@ same server instance. An example configuration of the client instance could be -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst allow 127.0.0.1 port 11123 driftfile /var/lib/chrony/drift diff --git a/INSTALL b/INSTALL -index e73dcd2..8633948 100644 +index 9ca6e22..6f48020 100644 --- a/INSTALL +++ b/INSTALL @@ -116,10 +116,10 @@ make install-docs @@ -72,15 +83,15 @@ index e73dcd2..8633948 100644 project as your time reference. A minimal useful configuration file could be -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst makestep 1.0 3 rtcsync diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc -index 2cf5326..f9db123 100644 +index cb3f95c..832a97f 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc -@@ -356,7 +356,7 @@ sources responding to requests. The default value is 4 and the maximum value is +@@ -365,7 +365,7 @@ sources responding to requests. The default value is 4 and the maximum value is An example of the *pool* directive is + ---- @@ -89,16 +100,16 @@ index 2cf5326..f9db123 100644 ---- [[peer]]*peer* _hostname_ [_option_]...:: -@@ -2731,7 +2731,7 @@ the following methods: +@@ -2820,7 +2820,7 @@ the following methods: stratum 1 and stratum 2 servers. You should find one or more servers that are near to you. Check that their access policy allows you to use their facilities. -* Use public servers from the https://www.pool.ntp.org/[pool.ntp.org] project. +* Use public servers from the https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. - Assuming that your NTP servers are called _foo.example.net_, _bar.example.net_ - and _baz.example.net_, your _chrony.conf_ file could contain as a minimum: -@@ -2764,7 +2764,7 @@ directive instead of multiple *server* directives. The configuration file could + Assuming that your NTP servers are called _ntp1.example.net_, _ntp2.example.net_ + and _ntp3.example.net_, your _chrony.conf_ file could contain as a minimum: +@@ -2853,7 +2853,7 @@ directive instead of multiple *server* directives. The configuration file could in this case look like: ---- @@ -107,70 +118,111 @@ index 2cf5326..f9db123 100644 driftfile @CHRONYVARDIR@/drift makestep 1.0 3 rtcsync -@@ -3022,8 +3022,7 @@ information to be saved. - +@@ -3112,7 +3112,7 @@ information to be saved. === Public NTP server --*chronyd* can be configured to operate as a public NTP server, e.g. to join the + *chronyd* can be configured to operate as a public NTP server, e.g. to join the -https://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration -+*chronyd* can be configured to operate as a public NTP server. The configuration ++https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. The configuration is similar to the NTP client with permanent connection, except it needs to allow client access from all addresses. It is recommended to find at least four good servers (e.g. from the pool, or on the NTP homepage). If the server has a diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in -index 1a51b24..5c34507 100644 +index 66d2358..8b88b70 100644 --- a/doc/chrony.conf.man.in +++ b/doc/chrony.conf.man.in -@@ -467,7 +467,7 @@ An example of the \fBpool\fP directive is +@@ -479,7 +479,7 @@ An example of the \fBpool\fP directive is .if n .RS 4 .nf .fam C -pool pool.ntp.org iburst maxsources 3 -+pool ntp1.vniiftri.ru iburst maxsources 3 ++pool ntp1.vniiftri].ru iburst maxsources 3 .fam .fi .if n .RE -@@ -4502,7 +4502,7 @@ facilities. +@@ -4651,7 +4651,7 @@ facilities. . IP \(bu 2.3 .\} Use public servers from the \c -.URL "https://www.pool.ntp.org/" "pool.ntp.org" "" -+.URL "https://www.vniiftri.ru/" "www.vniiftri.ru" "" ++.URL "https://www.ntp1.vniiftri].ru/" "ntp1.vniiftri].ru" "" project. .RE .sp -@@ -4547,7 +4547,7 @@ in this case look like: +@@ -4696,7 +4696,7 @@ in this case look like: .if n .RS 4 .nf .fam C -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool ntp1.vniiftri].ru iburst driftfile @CHRONYVARDIR@/drift makestep 1.0 3 rtcsync -@@ -4843,9 +4843,7 @@ before the final SIGKILL; the SIGTERM causes the measurement histories and RTC - information to be saved. +@@ -4993,8 +4993,8 @@ information to be saved. .SS "Public NTP server" .sp --\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the + \fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the -.URL "https://www.pool.ntp.org/en/join.html" "pool.ntp.org" "" -project. The configuration ++.URL "https://www.ntp.vniiftri].ru/en/join.html" "ntp1.vniiftri].ru" "" +\fBchronyd\fP can be configured to operate as a public NTP server. The configuration is similar to the NTP client with permanent connection, except it needs to allow client access from all addresses. It is recommended to find at least four good servers (e.g. from the pool, or on the NTP homepage). If the server has a -@@ -4891,4 +4889,4 @@ For instructions on how to report bugs, please visit - .URL "https://chrony.tuxfamily.org/" "" "." +@@ -5040,4 +5040,4 @@ For instructions on how to report bugs, please visit + .URL "https://chrony\-project.org/" "" "." + .SH "AUTHORS" + .sp +-chrony was written by Richard Curnow, Miroslav Lichvar, and others. +\ No newline at end of file ++chrony was written by Richard Curnow, Miroslav Lichvar, and others. +diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc +index 96a0551..d88c7dc 100644 +--- a/doc/chronyc.adoc ++++ b/doc/chronyc.adoc +@@ -979,7 +979,7 @@ them immediately, e.g. after suspending and resuming the machine in a different + network. + + + Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6 +-addresses are included in a single DNS response (e.g. pool.ntp.org), this ++addresses are included in a single DNS response (e.g. https://www.vniiftri.ru/), this + command might replace the addresses even if they are still in the pool. + + [[reload]]*reload* *sources*:: +diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in +index 4541fc6..7888eff 100644 +--- a/doc/chronyc.man.in ++++ b/doc/chronyc.man.in +@@ -1793,7 +1793,7 @@ them immediately, e.g. after suspending and resuming the machine in a different + network. + .sp + Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6 +-addresses are included in a single DNS response (e.g. pool.ntp.org), this ++addresses are included in a single DNS response (e.g. ntp1.vniiftri.ru), this + command might replace the addresses even if they are still in the pool. + .RE + .sp +@@ -2753,4 +2753,4 @@ For instructions on how to report bugs, please visit + .URL "https://chrony\-project.org/" "" "." .SH "AUTHORS" .sp -chrony was written by Richard Curnow, Miroslav Lichvar, and others. \ No newline at end of file +chrony was written by Richard Curnow, Miroslav Lichvar, and others. diff --git a/doc/faq.adoc b/doc/faq.adoc -index 1b299d2..470c451 100644 +index 8fd350f..69b8b3e 100644 --- a/doc/faq.adoc +++ b/doc/faq.adoc -@@ -70,11 +70,11 @@ system time is periodically copied to the RTC. It is supported on Linux and +@@ -56,7 +56,7 @@ limitations is that it cannot poll multiple servers at the same time and detect + servers having incorrect time (falsetickers in the NTP terminology). It should + be used only with trusted reliable servers, ideally in local network. + +-Using `timesyncd` with `pool.ntp.org` is problematic. The pool is very ++Using `timesyncd` with `ntp.vniiftri.ru` is problematic. The pool is very + robust as a whole, but the individual servers run by volunteers cannot be + relied on. Occasionally, servers drift away or make a step to distant past or + future due to misconfiguration, problematic implementation, and other bugs +@@ -98,11 +98,11 @@ system time is periodically copied to the RTC. It is supported on Linux and macOS. If you wanted to use public NTP servers from the @@ -184,7 +236,7 @@ index 1b299d2..470c451 100644 driftfile /var/lib/chrony/drift makestep 1 3 rtcsync -@@ -371,7 +371,7 @@ clock. If you do not want to use a configuration file, NTP servers can be +@@ -411,7 +411,7 @@ clock. If you do not want to use a configuration file, NTP servers can be specified on the command line. For example: ---- @@ -193,7 +245,7 @@ index 1b299d2..470c451 100644 ---- The command above would normally take about 5 seconds if the servers were -@@ -384,7 +384,7 @@ timeout can be specified with the `-t` option. The following command would take +@@ -424,7 +424,7 @@ timeout can be specified with the `-t` option. The following command would take only up to about one second. ---- @@ -202,7 +254,7 @@ index 1b299d2..470c451 100644 ---- It is not recommended to run `chronyd` with the `-q` option periodically (e.g. -@@ -451,7 +451,7 @@ the same server instance. +@@ -491,7 +491,7 @@ the same server instance. An example configuration of the client instance could be ---- @@ -212,7 +264,7 @@ index 1b299d2..470c451 100644 port 11123 driftfile /var/lib/chrony/drift diff --git a/doc/installation.adoc b/doc/installation.adoc -index b683911..3750f85 100644 +index b683911..0fa1eca 100644 --- a/doc/installation.adoc +++ b/doc/installation.adoc @@ -146,11 +146,11 @@ make install-docs @@ -220,7 +272,7 @@ index b683911..3750f85 100644 configuration file. The default location of the file is _/etc/chrony.conf_. Several examples of configuration with comments are included in the examples -directory. Suppose you want to use public NTP servers from the pool.ntp.org -+directory. Suppose you want to use public NTP servers from the https://www.vniiftri.ru/ ++directory. Suppose you want to use public NTP servers from the ntp1.vniiftri.ru project as your time reference. A minimal useful configuration file could be ---- @@ -269,7 +321,7 @@ index bf2bbdd..61b4576 100644 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3 -index 4e3e3a8..db9d395 100644 +index 6d84c01..e893292 100644 --- a/examples/chrony.conf.example3 +++ b/examples/chrony.conf.example3 @@ -25,13 +25,13 @@ @@ -279,9 +331,9 @@ index 4e3e3a8..db9d395 100644 -# you can use servers from the pool.ntp.org project. +# you can use servers from the https://www.vniiftri.ru/ project. - ! server foo.example.net iburst - ! server bar.example.net iburst - ! server baz.example.net iburst + ! server ntp1.example.net iburst + ! server ntp2.example.net iburst + ! server ntp3.example.net iburst -! pool pool.ntp.org iburst +! pool ntp1.vniiftri.ru iburst @@ -289,5 +341,5 @@ index 4e3e3a8..db9d395 100644 ####################################################################### ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK -- -2.41.0 +2.39.3 diff --git a/SOURCES/chrony-4.3-tar-gz-asc.txt b/SOURCES/chrony-4.3-tar-gz-asc.txt deleted file mode 100644 index 995ffc5..0000000 --- a/SOURCES/chrony-4.3-tar-gz-asc.txt +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmMPLJAACgkQU34rdvdo -DaxDKRAAh5wfl990Q6sTPxXI92GegZYIGUxJDlCkJtemoI98g+DQbuCJ46AXsAn/ -CIBTbPU3Brvq2KR1nDze/G/YOXkaqoFyaJD00H73qBI7MOMiSS4KbMQ26xLNrnHL -MCHrgZs+MHhyo6IEpesvr7F/+qyGHZifFlHT+HtCM+SBU1qooYUyQAdnhyK0rb16 -j7/Jc5A28jROZB4lcRQyvB085whPj299FsB/0wJW5RjwA5tcpPH0sTozain3vvlo -64BAJXcQsyRsilcaPFlkY5zPgFiAuaEJnfTe/uMdfDO/V/g6wADt64+HhaxNPO+z -p3vzEGpio4Oi1HyYiXpDx9bMM1RLTpmKt9p1V5Y98Fn5Ymx6I7yAe1qwvA7T8eoC -hK8C27jPytiOgaWSYqPYb0WaHY3JZZpFzdtr0bAPSkEzL4EwrxVmbgTnkuzk2hxk -6MiIuDLUd9Zl1oroqv+rTd0XA8lXUcoyFhqtsMXHWdAC3yzteaPcJKzv7l9DT6xV -YadKrSBkzob9jRWRngY3FMKjTvcwnxLE8dfsNlsDNGyLNtTEOJ/QYgh6muOHh80L -MAayI8hSWPTR/3IXKlathjLIeilsrFthIZcrPq520FoS4A7E3A80vR3uKOqAIDwh -Y+6ASvEkCHAUneJqlLihqglYTNJlFnVhGw9/LV85JsmRsCZ0+j8= -=2xMP ------END PGP SIGNATURE----- diff --git a/SOURCES/chrony-4.5-tar-gz-asc.txt b/SOURCES/chrony-4.5-tar-gz-asc.txt new file mode 100644 index 0000000..16dae25 --- /dev/null +++ b/SOURCES/chrony-4.5-tar-gz-asc.txt @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmVvJPkACgkQU34rdvdo +DawQjw//Zkq4UTPZDpU/gifjUtE/jpIa6+tyhSFpRI5abNScOPaEa8nZz6Q33/s4 +qiS9RJh1AA13xnal7bIHsixadON01x91ysW1sbNhFx942SwTpk00wDdLmySqW+u5 +klrTfGlGRejp7ahasbXx/dXqk3Sz+J19YIvdz2X1o2HaUZwp1SIwq5Y8BYS8iE0a +G5ov/ail2965hwSoYWNbR7/UuOTEO3YgRk2YSpKKKGJgL27pAzwGlOVwgP9JLAD0 +WsGDEpn+EY+4BOkwMyFeACOHyJ+QCcpKXF9B6CGJELyPqTp2uQy+OkaF4VtkGvpp +wRs6IhMoHFt5NjvCiBhOMvocKd6JrxDxN84gGhSG6OtSFp8GZoFhTxIp//mnZDoz +WPl/Z+n3yABdaG7IWavl6tn2wvipMsgcTJHxRYg6A4d2+mKKy0pRyfLUtGTM9EA/ +NEhTIHVZZLORNK7zPaB8CkFmmsmDQVhowBjXjFcq2HDNzQawbU5gjWUBEH+4R4bq +rb4P9Eg3Kus0fvBxj4z72XkzYGNn951YFhwW26x4w09+J35/1eoshNkBaPfOdsRf +Xgb37MmEe5yfU32k27aYtERnH9w/+rOk1RISrVcK0c87uz0RnzPN5HBzc4PnEpx6 +KQFkFxVaaMeJNc0Ca5/u9aE9nli1DIS8Afo/Z4zQtjVMqLsvecQ= +=4/yB +-----END PGP SIGNATURE----- diff --git a/SOURCES/chrony-keys.patch b/SOURCES/chrony-keys.patch new file mode 100644 index 0000000..da951c3 --- /dev/null +++ b/SOURCES/chrony-keys.patch @@ -0,0 +1,9 @@ +diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example +--- chrony-4.5/examples/chrony.keys.example.keys 2023-12-05 14:22:10.000000000 +0100 ++++ chrony-4.5/examples/chrony.keys.example 2023-12-06 09:59:26.089508934 +0100 +@@ -11,5 +11,3 @@ + #1 MD5 AVeryLongAndRandomPassword + #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F + #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995 +-#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891 +-#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E diff --git a/SOURCES/chrony-serverstats.patch b/SOURCES/chrony-serverstats.patch new file mode 100644 index 0000000..a5131fe --- /dev/null +++ b/SOURCES/chrony-serverstats.patch @@ -0,0 +1,39 @@ +commit e11b518a1ffa704986fb1f1835c425844ba248ef +Author: Miroslav Lichvar +Date: Mon Jan 8 11:35:56 2024 +0100 + + ntp: fix authenticated requests in serverstats + + Fix the CLG_UpdateNtpStats() call to count requests passing the + authentication check instead of requests triggering a KoD response + (i.e. NTS NAK). + +diff --git a/ntp_core.c b/ntp_core.c +index 023e60b2..35801744 100644 +--- a/ntp_core.c ++++ b/ntp_core.c +@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a + CLG_DisableNtpTimestamps(&ntp_rx); + } + +- CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE && ++ CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE && + info.auth.mode != NTP_AUTH_MSSNTP, + rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON); + +diff --git a/test/system/010-nts b/test/system/010-nts +index 8d92bbc8..b215efa3 100755 +--- a/test/system/010-nts ++++ b/test/system/010-nts +@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atm + ========================================================================= + 127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail + ++run_chronyc "serverstats" || test_fail ++check_chronyc_output "NTS-KE connections accepted: 1 ++NTS-KE connections dropped : 0 ++Authenticated NTP packets : [1-9][0-9]*" || test_fail ++ + stop_chronyd || test_fail + check_chronyd_messages || test_fail + check_chronyd_files || test_fail diff --git a/SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc b/SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc new file mode 100644 index 0000000..604babe --- /dev/null +++ b/SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc @@ -0,0 +1,54 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1 +Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T +c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl +QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv +tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR +F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B +FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+ +LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV +jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2 +7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/ +v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB +tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA +PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1 +6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s +nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP +nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r +nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ +cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/ +kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6 +LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W +vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS +y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G +4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7 +qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC +YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO +uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR +OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br +O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms +ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm +HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn +X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV +HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5 +ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y +mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs +5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0 +1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ +T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC +YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm +4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7 +qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6 +YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f +eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/ +KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4 +QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+ +hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5 +BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B +B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq +hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb +bcAu2uXfRrQxpaqcOg== +=/wbD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index acd4404..df6df2e 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -1,5 +1,5 @@ %global _hardened_build 1 -%global clknetsim_ver f00531 +%global clknetsim_ver 5d1dc0 %bcond_without debug %bcond_without nts @@ -8,25 +8,29 @@ %endif Name: chrony -Version: 4.3 -Release: 1%{?dist}.inferit.3 +Version: 4.5 +Release: 1%{?dist}.inferit.1 Summary: An NTP client/server License: GPLv2 -URL: https://chrony.tuxfamily.org -Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz -Source1: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}-tar-gz-asc.txt -Source2: https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +URL: https://chrony-project.org +Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz +Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt +Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc Source3: chrony.dhclient Source4: chrony.sysusers # simulator for test suite -Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} # add distribution-specific bits to DHCP dispatcher Patch1: chrony-nm-dispatcher-dhcp.patch +# revert changes in packaged chrony.keys example +Patch2: chrony-keys.patch # revert some hardening options in service files Patch3: chrony-services.patch +# fix serverstats to correctly count authenticated packets +Patch4: chrony-serverstats.patch # MSVSphere Patch100: 0001-Synchronize-time-via-Russian-NTP-servers.patch @@ -61,20 +65,23 @@ service to other computers in the network. %setup -q -n %{name}-%{version}%{?prerelease} -a 10 %{?gitpatch:%patch0 -p1} %patch1 -p1 -b .nm-dispatcher-dhcp +%patch2 -p1 -b .keys %patch3 -p1 -b .services +%patch4 -p1 -b .serverstats %patch100 -p1 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') - 222e652b95027289877fa77146d3b9b1 examples/chrony-wait.service + d1e59feabc7847d30cfd09fd3c569f21 examples/chrony-wait.service dc373a30c229f7477e913bee76d03eb7 examples/chrony.conf.example2 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp - 2b81c60c020626165ac655b2633608eb examples/chrony.nm-dispatcher.onoffline - 619dd00009ea312c7201beefde10341a examples/chronyd.service + 4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline + 60447a26dce93b3a61f488a364ac46cd examples/chronyd.service + 46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service EOF # don't allow packaging without vendor zone @@ -93,10 +100,14 @@ sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ touch -r examples/chrony.conf.example2 chrony.conf +# set selinux context in chronyd-restricted service +sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \ + examples/chronyd-restricted.service + # regenerate the file from getdate.y rm -f getdate.c -mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim +mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim %build %configure \ @@ -111,9 +122,7 @@ mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim --with-hwclockfile=%{_sysconfdir}/adjtime \ --with-pidfile=/run/chrony/chronyd.pid \ --with-sendmail=%{_sbindir}/sendmail \ - --without-nettle \ - --without-nss \ - --without-tomcrypt + --without-nettle %make_build %install @@ -140,6 +149,8 @@ install -m 644 -p examples/chrony.logrotate \ install -m 644 -p examples/chronyd.service \ $RPM_BUILD_ROOT%{_unitdir}/chronyd.service +install -m 644 -p examples/chronyd-restricted.service \ + $RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service install -m 755 -p examples/chrony.nm-dispatcher.onoffline \ $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline install -m 755 -p examples/chrony.nm-dispatcher.dhcp \ @@ -180,13 +191,13 @@ if test -a %{_libexecdir}/chrony-helper; then sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources" done 2> /dev/null fi -%systemd_post chronyd.service chrony-wait.service +%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service %preun -%systemd_preun chronyd.service chrony-wait.service +%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service %postun -%systemd_postun_with_restart chronyd.service +%systemd_postun_with_restart chronyd.service chronyd-restricted.service %files %{!?_licensedir:%global license %%doc} @@ -210,7 +221,19 @@ fi %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Wed Nov 16 2023 Arkady L. Shane - 4.3-1.inferit.3 +* Mon Jun 10 2024 Sergey Cherevko - 4.5-1.inferit.1 +- Update to 4.5-1 +- Rebuilt for MSVSphere 9.4 + +* Tue Apr 02 2024 Sergey Cherevko - 4.5-1.inferit +- Rebuilt for MSVSphere 9.4-beta + +* Tue Jan 09 2024 Miroslav Lichvar 4.5-1 +- update to 4.5 (RHEL-6522 RHEL-6520 RHEL-9969 RHEL-9971 RHEL-9973 RHEL-9975 + RHEL-12411) +- add chronyd-restricted service (RHEL-9972) + +* Thu Nov 16 2023 Arkady L. Shane - 4.3-1.inferit.3 - Use more servers instead of pool * Wed Aug 30 2023 Sergey Cherevko - 4.3-1.inferit.2 @@ -223,7 +246,10 @@ fi * Mon May 15 2023 Sergey Cherevko - 4.3-1.inferit - MSVSphere debranding: changed vendorzone -- Rebuilt for MSVSphere 9.2. +- Rebuilt for MSVSphere 9.2 beta + +* Fri Apr 14 2023 MSVSphere Packaging Team - 4.3-1 +- Rebuilt for MSVSphere 9.2 beta * Wed Oct 12 2022 Miroslav Lichvar 4.3-1 - update to 4.3 (#2133754)