rpms
/
chrony
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 4.5-1

Browse Source
i8 changed/i8/chrony-4.5-1.el8.inferit.1
Sergey Cherevko 7 months ago
parent 93615b19a6
commit e2ea79ac21
Signed by: scherevko
GPG Key ID: D87CBBC16D2E4A72
9 changed files with 273 additions and 199 deletions
Show Stats Download Patch File Download Diff File

4
.chrony.metadata
Unescape View File

@ -1,2 +1,2 @@
0f5de043b395311a58bcf4be9800f7118afd5f59 SOURCES/chrony-4.2.tar.gz
2e1fac8161ea8d92d76532c0b272fb31799bc310 SOURCES/clknetsim-824c48.tar.gz
4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz
e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz

4
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/chrony-4.2.tar.gz
SOURCES/clknetsim-824c48.tar.gz
SOURCES/chrony-4.5.tar.gz
SOURCES/clknetsim-5d1dc0.tar.gz

195
SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch
Unescape View File

@ -1,25 +1,36 @@
From 08cf035923b4eff6698d37948bb25b1414432b7a Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere.ru>
Date: Wed, 30 Aug 2023 17:02:52 +0300
From 62ab2acc6b2748dae0c2cea0f3881328131e8ad9 Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Mon, 10 Jun 2024 13:48:31 +0300
Subject: [PATCH] Synchronize time via Russian NTP servers
---
FAQ | 10 +++++-----
FAQ | 12 ++++++------
INSTALL | 4 ++--
doc/chrony.conf.adoc | 9 ++++-----
doc/chrony.conf.man.in | 12 +++++-------
doc/faq.adoc | 10 +++++-----
doc/chrony.conf.adoc | 8 ++++----
doc/chrony.conf.man.in | 12 ++++++------
doc/chronyc.adoc | 2 +-
doc/chronyc.man.in | 4 ++--
doc/faq.adoc | 12 ++++++------
doc/installation.adoc | 4 ++--
examples/chrony.conf.example1 | 4 ++--
examples/chrony.conf.example2 | 6 +++---
examples/chrony.conf.example1 | 11 +++++++++--
examples/chrony.conf.example2 | 12 +++++++++---
examples/chrony.conf.example3 | 4 ++--
9 files changed, 30 insertions(+), 33 deletions(-)
11 files changed, 49 insertions(+), 36 deletions(-)
diff --git a/FAQ b/FAQ
index d68f885..5672baa 100644
index c96acfa..18687b7 100644
--- a/FAQ
+++ b/FAQ
@@ -105,10 +105,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the
@@ -101,7 +101,7 @@ poll multiple servers at the same time and detect servers having incorrect time
(falsetickers in the NTP terminology). It should be used only with trusted
reliable servers, ideally in local network.
-Using timesyncd with pool.ntp.org is problematic. The pool is very robust as a
+Using timesyncd with https://www.vniiftri.ru/ is problematic. The pool is very robust as a
whole, but the individual servers run by volunteers cannot be relied on.
Occasionally, servers drift away or make a step to distant past or future due
to misconfiguration, problematic implementation, and other bugs (e.g. in
@@ -141,10 +141,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the
system time is periodically copied to the RTC. It is supported on Linux and
macOS.
@ -28,39 +39,39 @@ index d68f885..5672baa 100644
minimal chrony.conf file could be:
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
+pool https://www.vniiftri.ru/ iburst
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -380,7 +380,7 @@ the -Q option it will print the measured offset without setting the clock. If
@@ -433,7 +433,7 @@ the -Q option it will print the measured offset without setting the clock. If
you do not want to use a configuration file, NTP servers can be specified on
the command line. For example:
-# chronyd -q 'pool pool.ntp.org iburst'
+# chronyd -q 'pool ntp1.vniiftri.ru iburst'
+# chronyd -q 'pool https://www.vniiftri.ru/ iburst'
The command above would normally take about 5 seconds if the servers were well
synchronised and responding to all requests. If not synchronised or responding,
@@ -391,7 +391,7 @@ option to one (supported since chrony version 4.0), and a timeout can be
@@ -444,7 +444,7 @@ option to one (supported since chrony version 4.0), and a timeout can be
specified with the -t option. The following command would take only up to about
one second.
-# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1'
+# chronyd -q -t 1 'server ntp1.vniiftri.ru iburst maxsamples 1'
+# chronyd -q -t 1 'server https://www.vniiftri.ru/ iburst maxsamples 1'
It is not recommended to run chronyd with the -q option periodically (e.g. from
a cron job) as a replacement for the daemon mode, because it performs
@@ -454,7 +454,7 @@ same server instance.
@@ -507,7 +507,7 @@ same server instance.
An example configuration of the client instance could be
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
+pool https://www.vniiftri.ru/ iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
diff --git a/INSTALL b/INSTALL
index 656537a..1dcbce2 100644
index 9ca6e22..6f48020 100644
--- a/INSTALL
+++ b/INSTALL
@@ -116,10 +116,10 @@ make install-docs
@ -72,15 +83,15 @@ index 656537a..1dcbce2 100644
project as your time reference. A minimal useful configuration file could be
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
+pool https://www.vniiftri.ru/ iburst
makestep 1.0 3
rtcsync
diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc
index 21d2ce6..d41cfbd 100644
index cb3f95c..832a97f 100644
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@@ -334,7 +334,7 @@ source with a newly resolved address of the name.
@@ -365,7 +365,7 @@ sources responding to requests. The default value is 4 and the maximum value is
An example of the *pool* directive is
+
----
@ -89,16 +100,16 @@ index 21d2ce6..d41cfbd 100644
----
[[peer]]*peer* _hostname_ [_option_]...::
@@ -2621,7 +2621,7 @@ the following methods:
@@ -2820,7 +2820,7 @@ the following methods:
stratum 1 and stratum 2 servers. You should find one or more servers that are
near to you. Check that their access policy allows you to use their
facilities.
-* Use public servers from the https://www.pool.ntp.org/[pool.ntp.org] project.
+* Use public servers from the https://www.vniiftri.ru/[ntp1.vniiftri.ru] project.
Assuming that your NTP servers are called _foo.example.net_, _bar.example.net_
and _baz.example.net_, your _chrony.conf_ file could contain as a minimum:
@@ -2654,7 +2654,7 @@ directive instead of multiple *server* directives. The configuration file could
Assuming that your NTP servers are called _ntp1.example.net_, _ntp2.example.net_
and _ntp3.example.net_, your _chrony.conf_ file could contain as a minimum:
@@ -2853,7 +2853,7 @@ directive instead of multiple *server* directives. The configuration file could
in this case look like:
----
@ -107,70 +118,111 @@ index 21d2ce6..d41cfbd 100644
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -2912,8 +2912,7 @@ information to be saved.
@@ -3112,7 +3112,7 @@ information to be saved.
=== Public NTP server
-*chronyd* can be configured to operate as a public NTP server, e.g. to join the
*chronyd* can be configured to operate as a public NTP server, e.g. to join the
-https://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration
+*chronyd* can be configured to operate as a public NTP server. The configuration
+https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
good servers (e.g. from the pool, or on the NTP homepage). If the server has a
diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in
index 8713321..795f4b3 100644
index 66d2358..8b88b70 100644
--- a/doc/chrony.conf.man.in
+++ b/doc/chrony.conf.man.in
@@ -445,7 +445,7 @@ An example of the \fBpool\fP directive is
@@ -479,7 +479,7 @@ An example of the \fBpool\fP directive is
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst maxsources 3
+pool ntp1.vniiftri.ru iburst maxsources 3
+pool ntp1.vniiftri].ru iburst maxsources 3
.fam
.fi
.if n .RE
@@ -4124,7 +4124,7 @@ facilities.
@@ -4651,7 +4651,7 @@ facilities.
. IP \(bu 2.3
.\}
Use public servers from the \c
-.URL "https://www.pool.ntp.org/" "pool.ntp.org" ""
+.URL "https://www.vniiftri.ru/" "www.vniiftri.ru" ""
+.URL "https://www.ntp1.vniiftri].ru/" "ntp1.vniiftri].ru" ""
project.
.RE
.sp
@@ -4169,7 +4169,7 @@ in this case look like:
@@ -4696,7 +4696,7 @@ in this case look like:
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
+pool ntp1.vniiftri].ru iburst
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -4465,9 +4465,7 @@ before the final SIGKILL; the SIGTERM causes the measurement histories and RTC
information to be saved.
@@ -4993,8 +4993,8 @@ information to be saved.
.SS "Public NTP server"
.sp
-\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the
\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the
-.URL "https://www.pool.ntp.org/en/join.html" "pool.ntp.org" ""
-project. The configuration
+.URL "https://www.ntp.vniiftri].ru/en/join.html" "ntp1.vniiftri].ru" ""
+\fBchronyd\fP can be configured to operate as a public NTP server. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
good servers (e.g. from the pool, or on the NTP homepage). If the server has a
@@ -4513,4 +4511,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony.tuxfamily.org/" "" "."
@@ -5040,4 +5040,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 96a0551..d88c7dc 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -979,7 +979,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
+
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. https://www.vniiftri.ru/), this
command might replace the addresses even if they are still in the pool.
[[reload]]*reload* *sources*::
diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in
index 4541fc6..7888eff 100644
--- a/doc/chronyc.man.in
+++ b/doc/chronyc.man.in
@@ -1793,7 +1793,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
.sp
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. ntp1.vniiftri.ru), this
command might replace the addresses even if they are still in the pool.
.RE
.sp
@@ -2753,4 +2753,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/faq.adoc b/doc/faq.adoc
index d1b4cf3..7125a7b 100644
index 8fd350f..69b8b3e 100644
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -70,11 +70,11 @@ system time is periodically copied to the RTC. It is supported on Linux and
@@ -56,7 +56,7 @@ limitations is that it cannot poll multiple servers at the same time and detect
servers having incorrect time (falsetickers in the NTP terminology). It should
be used only with trusted reliable servers, ideally in local network.
-Using `timesyncd` with `pool.ntp.org` is problematic. The pool is very
+Using `timesyncd` with `ntp.vniiftri.ru` is problematic. The pool is very
robust as a whole, but the individual servers run by volunteers cannot be
relied on. Occasionally, servers drift away or make a step to distant past or
future due to misconfiguration, problematic implementation, and other bugs
@@ -98,11 +98,11 @@ system time is periodically copied to the RTC. It is supported on Linux and
macOS.
If you wanted to use public NTP servers from the
@ -184,7 +236,7 @@ index d1b4cf3..7125a7b 100644
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -362,7 +362,7 @@ clock. If you do not want to use a configuration file, NTP servers can be
@@ -411,7 +411,7 @@ clock. If you do not want to use a configuration file, NTP servers can be
specified on the command line. For example:
----
@ -193,7 +245,7 @@ index d1b4cf3..7125a7b 100644
----
The command above would normally take about 5 seconds if the servers were
@@ -375,7 +375,7 @@ timeout can be specified with the `-t` option. The following command would take
@@ -424,7 +424,7 @@ timeout can be specified with the `-t` option. The following command would take
only up to about one second.
----
@ -202,7 +254,7 @@ index d1b4cf3..7125a7b 100644
----
It is not recommended to run `chronyd` with the `-q` option periodically (e.g.
@@ -442,7 +442,7 @@ the same server instance.
@@ -491,7 +491,7 @@ the same server instance.
An example configuration of the client instance could be
----
@ -212,7 +264,7 @@ index d1b4cf3..7125a7b 100644
port 11123
driftfile /var/lib/chrony/drift
diff --git a/doc/installation.adoc b/doc/installation.adoc
index 35ce9bf..d8f15ae 100644
index b683911..0fa1eca 100644
--- a/doc/installation.adoc
+++ b/doc/installation.adoc
@@ -146,11 +146,11 @@ make install-docs
@ -220,7 +272,7 @@ index 35ce9bf..d8f15ae 100644
configuration file. The default location of the file is _/etc/chrony.conf_.
Several examples of configuration with comments are included in the examples
-directory. Suppose you want to use public NTP servers from the pool.ntp.org
+directory. Suppose you want to use public NTP servers from the https://www.vniiftri.ru/
+directory. Suppose you want to use public NTP servers from the ntp1.vniiftri.ru
project as your time reference. A minimal useful configuration file could be
----
@ -230,33 +282,46 @@ index 35ce9bf..d8f15ae 100644
rtcsync
----
diff --git a/examples/chrony.conf.example1 b/examples/chrony.conf.example1
index 5e93ea7..6442078 100644
index 5e93ea7..dd960ad 100644
--- a/examples/chrony.conf.example1
+++ b/examples/chrony.conf.example1
@@ -1,5 +1,5 @@
@@ -1,5 +1,12 @@
-# Use public NTP servers from the pool.ntp.org project.
-pool pool.ntp.org iburst
+# Use public NTP servers from the https://www.vniiftri.ru/ project.
+pool ntp1.vniiftri.ru iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2
index bf2bbdd..6e5a993 100644
index 21be153..fd26b03 100644
--- a/examples/chrony.conf.example2
+++ b/examples/chrony.conf.example2
@@ -1,6 +1,6 @@
@@ -1,6 +1,12 @@
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (https://www.pool.ntp.org/join.html).
-# Please consider joining the pool (http://www.pool.ntp.org/join.html).
-pool pool.ntp.org iburst
+# Use public servers from the https://www.vniiftri.ru/ project.
+# Synchronize time via NTP servers (https://www.vniiftri.ru/catalog/services/sinkhronizatsiya-vremeni-cherez-ntp-servera/).
+pool ntp1.vniiftri.ru iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3
index 4e3e3a8..db9d395 100644
index 6d84c01..e893292 100644
--- a/examples/chrony.conf.example3
+++ b/examples/chrony.conf.example3
@@ -25,13 +25,13 @@
@ -266,9 +331,9 @@ index 4e3e3a8..db9d395 100644
-# you can use servers from the pool.ntp.org project.
+# you can use servers from the https://www.vniiftri.ru/ project.
! server foo.example.net iburst
! server bar.example.net iburst
! server baz.example.net iburst
! server ntp1.example.net iburst
! server ntp2.example.net iburst
! server ntp3.example.net iburst
-! pool pool.ntp.org iburst
+! pool ntp1.vniiftri.ru iburst
@ -276,5 +341,5 @@ index 4e3e3a8..db9d395 100644
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
--
2.39.2
2.39.3

9
SOURCES/chrony-defconfig.patch
Unescape View File

@ -27,3 +27,12 @@ diff -up chrony-4.1/examples/chrony.conf.example2.defconfig chrony-4.1/examples/
# Get TAI-UTC offset and leap seconds from the system tz database.
#leapsectz right/UTC
diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example
--- chrony-4.5/examples/chrony.keys.example.keys 2023-12-05 14:22:10.000000000 +0100
+++ chrony-4.5/examples/chrony.keys.example 2023-12-06 09:59:26.089508934 +0100
@@ -11,5 +11,3 @@
#1 MD5 AVeryLongAndRandomPassword
#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
-#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891
-#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E

108
SOURCES/chrony-ipsourcename.patch
Unescape View File

@ -1,108 +0,0 @@
commit 33a1fe7a9ce223d6287ab7b11bca3208e9255cdd
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed Mar 9 15:30:16 2022 +0100
ntp: split out conf_id allocation
diff --git a/ntp_sources.c b/ntp_sources.c
index 3cbb2ae7..30770825 100644
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -698,21 +698,25 @@ static int get_unused_pool_id(void)
/* ================================================== */
-NSR_Status
-NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
- SourceParameters *params, uint32_t *conf_id)
+static uint32_t
+get_next_conf_id(uint32_t *conf_id)
{
- NSR_Status s;
-
- s = add_source(remote_addr, NULL, type, params, INVALID_POOL, last_conf_id + 1);
- if (s != NSR_Success)
- return s;
-
last_conf_id++;
+
if (conf_id)
*conf_id = last_conf_id;
- return s;
+ return last_conf_id;
+}
+
+/* ================================================== */
+
+NSR_Status
+NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type,
+ SourceParameters *params, uint32_t *conf_id)
+{
+ return add_source(remote_addr, NULL, type, params, INVALID_POOL,
+ get_next_conf_id(conf_id));
}
/* ================================================== */
@@ -725,6 +729,7 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
struct SourcePool *sp;
NTP_Remote_Address remote_addr;
int i, new_sources, pool_id;
+ uint32_t cid;
/* If the name is an IP address, add the source with the address directly */
if (UTI_StringToIP(name, &remote_addr.ip_addr)) {
@@ -770,14 +775,12 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
append_unresolved_source(us);
- last_conf_id++;
- if (conf_id)
- *conf_id = last_conf_id;
+ cid = get_next_conf_id(conf_id);
for (i = 0; i < new_sources; i++) {
if (i > 0)
remote_addr.ip_addr.addr.id = ++last_address_id;
- if (add_source(&remote_addr, name, type, params, us->pool_id, last_conf_id) != NSR_Success)
+ if (add_source(&remote_addr, name, type, params, us->pool_id, cid) != NSR_Success)
return NSR_TooManySources;
}
commit 1219f99935ca9597eb0e4f4c6039e536462cf1a6
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed Mar 9 15:34:16 2022 +0100
ntp: keep original source IP address
When an added source is specified by IP address, save the original
string instead of formatting a new string from the parsed address, which
can be different (e.g. compressed vs expanded IPv6 address).
This fixes the chronyc sourcename command and -N option to print the IP
address exactly as it was specified in the configuration file or chronyc
add command.
diff --git a/ntp_sources.c b/ntp_sources.c
index 30770825..d46c211d 100644
--- a/ntp_sources.c
+++ b/ntp_sources.c
@@ -353,7 +353,6 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type,
record_lock = 1;
record = get_record(slot);
- assert(!name || !UTI_IsStringIP(name));
record->name = Strdup(name ? name : UTI_IPToString(&remote_addr->ip_addr));
record->data = NCR_CreateInstance(remote_addr, type, params, record->name);
record->remote_addr = NCR_GetRemoteAddress(record->data);
@@ -734,7 +733,8 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type,
/* If the name is an IP address, add the source with the address directly */
if (UTI_StringToIP(name, &remote_addr.ip_addr)) {
remote_addr.port = port;
- return NSR_AddSource(&remote_addr, type, params, conf_id);
+ return add_source(&remote_addr, name, type, params, INVALID_POOL,
+ get_next_conf_id(conf_id));
}
/* Make sure the name is at least printable and has no spaces */

64
SOURCES/chrony-nm-dispatcher-dhcp.patch
Unescape View File

@ -1,3 +1,67 @@
First, revert upstream changes since 4.2
diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp
index 547ce83f..6ea4c370 100644
--- a/examples/chrony.nm-dispatcher.dhcp
+++ b/examples/chrony.nm-dispatcher.dhcp
@@ -1,7 +1,8 @@
#!/bin/sh
# This is a NetworkManager dispatcher script for chronyd to update
-# its NTP sources with servers from DHCP options passed by NetworkManager
-# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables.
+# its NTP sources passed from DHCP options. Note that this script is
+# specific to NetworkManager-dispatcher due to use of the
+# DHCP4_NTP_SERVERS environment variable.
export LC_ALL=C
@@ -9,23 +10,17 @@ interface=$1
action=$2
chronyc=/usr/bin/chronyc
-server_options=iburst
+default_server_options=iburst
server_dir=/var/run/chrony-dhcp
dhcp_server_file=$server_dir/$interface.sources
-dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"
+# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager.
+nm_dhcp_servers=$DHCP4_NTP_SERVERS
add_servers_from_dhcp() {
rm -f "$dhcp_server_file"
- for server in $dhcp_ntp_servers; do
- # Check for invalid characters (from the DHCPv6 NTP FQDN suboption)
- len1=$(printf '%s' "$server" | wc -c)
- len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c)
- if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then
- continue
- fi
-
- printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file"
+ for server in $nm_dhcp_servers; do
+ echo "server $server $default_server_options" >> "$dhcp_server_file"
done
$chronyc reload sources > /dev/null 2>&1 || :
}
@@ -39,11 +34,10 @@ clear_servers_from_dhcp() {
mkdir -p $server_dir
-case "$action" in
- up|dhcp4-change|dhcp6-change)
- add_servers_from_dhcp;;
- down)
- clear_servers_from_dhcp;;
-esac
+if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then
+ add_servers_from_dhcp
+elif [ "$action" = "down" ]; then
+ clear_servers_from_dhcp
+fi
exit 0
From: Robert Fairley <rfairley@redhat.com>
Date: Wed, 17 Jun 2020 10:14:19 -0400
Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig

39
SOURCES/chrony-serverstats.patch
Unescape View File

@ -0,0 +1,39 @@
commit e11b518a1ffa704986fb1f1835c425844ba248ef
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon Jan 8 11:35:56 2024 +0100
ntp: fix authenticated requests in serverstats
Fix the CLG_UpdateNtpStats() call to count requests passing the
authentication check instead of requests triggering a KoD response
(i.e. NTS NAK).
diff --git a/ntp_core.c b/ntp_core.c
index 023e60b2..35801744 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
CLG_DisableNtpTimestamps(&ntp_rx);
}
- CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE &&
+ CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE &&
info.auth.mode != NTP_AUTH_MSSNTP,
rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON);
diff --git a/test/system/010-nts b/test/system/010-nts
index 8d92bbc8..b215efa3 100755
--- a/test/system/010-nts
+++ b/test/system/010-nts
@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atm
=========================================================================
127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail
+run_chronyc "serverstats" || test_fail
+check_chronyc_output "NTS-KE connections accepted: 1
+NTS-KE connections dropped : 0
+Authenticated NTP packets : [1-9][0-9]*" || test_fail
+
stop_chronyd || test_fail
check_chronyd_messages || test_fail
check_chronyd_files || test_fail

6
SOURCES/chrony-services.patch
Unescape View File

@ -2,7 +2,7 @@ diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
index 72b028f2..b3aa7aa2 100644
--- a/examples/chrony-wait.service
+++ b/examples/chrony-wait.service
@@ -16,32 +16,5 @@ TimeoutStartSec=180
@@ -16,31 +16,5 @@ TimeoutStartSec=180
RemainAfterExit=yes
StandardOutput=null
@ -15,7 +15,6 @@ index 72b028f2..b3aa7aa2 100644
-MemoryDenyWriteExecute=yes
-PrivateDevices=yes
-PrivateUsers=yes
-ProcSubset=pid
-ProtectClock=yes
-ProtectControlGroups=yes
-ProtectHome=yes
@ -39,7 +38,7 @@ diff --git a/examples/chronyd.service b/examples/chronyd.service
index 4fb930ef..289548cb 100644
--- a/examples/chronyd.service
+++ b/examples/chronyd.service
@@ -10,40 +10,9 @@ Type=forking
@@ -10,39 +10,9 @@ Type=forking
PIDFile=/run/chrony/chronyd.pid
EnvironmentFile=-/etc/sysconfig/chronyd
ExecStart=/usr/sbin/chronyd $OPTIONS
@ -57,7 +56,6 @@ index 4fb930ef..289548cb 100644
-MemoryDenyWriteExecute=yes
-NoNewPrivileges=yes
PrivateTmp=yes
-ProcSubset=pid
-ProtectControlGroups=yes
ProtectHome=yes
-ProtectHostname=yes

43
SPECS/chrony.spec
Unescape View File

@ -1,24 +1,24 @@
%global _hardened_build 1
%global clknetsim_ver 824c48
%global clknetsim_ver 5d1dc0
%global ntp2chrony_ver 233b75
%bcond_without debug
%bcond_without nts
Name: chrony
Version: 4.2
Release: 1%{?dist}.inferit
Version: 4.5
Release: 1%{?dist}.inferit.1
Summary: An NTP client/server
Group: System Environment/Daemons
License: GPLv2
URL: https://chrony.tuxfamily.org
Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
URL: https://chrony-project.org
Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz
Source1: chrony.dhclient
Source2: chrony.helper
Source3: chrony-dnssrv@.service
Source4: chrony-dnssrv@.timer
# simulator for test suite
Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz
# script for converting ntp configuration to chrony
Source11: https://github.com/mlichvar/ntp2chrony/raw/%{ntp2chrony_ver}/ntp2chrony/ntp2chrony.py
%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
@ -30,10 +30,12 @@ Patch0: chrony-services.patch
Patch1: chrony-nm-dispatcher-dhcp.patch
# add NTP servers from DHCP when starting service
Patch2: chrony-service-helper.patch
# revert upstream changes in packaged chrony.conf example
# revert upstream changes in packaged configuration examples
Patch3: chrony-defconfig.patch
# fix chronyc sourcename command to print IP address in original format
Patch4: chrony-ipsourcename.patch
# fix serverstats to correctly count authenticated packets
Patch4: chrony-serverstats.patch
# MSVSphere
Patch100: 0001-Synchronize-time-via-Russian-NTP-servers.patch
BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel
%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x
@ -70,18 +72,19 @@ service to other computers in the network.
%patch1 -p1 -b .nm-dispatcher-dhcp
%patch2 -p1 -b .service-helper
%patch3 -p1 -b .defconfig
%patch4 -p1 -b .ipsourcename
%patch4 -p1 -b .serverstats
%patch100 -p1
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
# review changes in packaged configuration files and scripts
md5sum -c <<-EOF | (! grep -v 'OK$')
bc563c1bcf67b2da774bd8c2aef55a06 examples/chrony-wait.service
e473a9fab7fe200cacce3dca8b66290b examples/chrony.conf.example2
2b1090ab0450325a8da13bf3463f3532 examples/chrony.conf.example2
96999221eeef476bd49fe97b97503126 examples/chrony.keys.example
6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate
fabb5b3f127b802c27c82837feff0fe6 examples/chrony.nm-dispatcher.dhcp
8f5a98fcb400a482d355b929d04b5518 examples/chrony.nm-dispatcher.onoffline
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline
56d221eba8ce8a2e03d3e0dd87999a81 examples/chronyd.service
EOF
@ -102,7 +105,7 @@ touch -r examples/chrony.conf.example2 chrony.conf
# regenerate the file from getdate.y
rm -f getdate.c
mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
install -m 644 -p %{SOURCE11} ntp2chrony.py
@ -219,13 +222,17 @@ fi
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
%changelog
* Wed Aug 30 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 4.2-1.inferit
* Mon Jun 10 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 4.5-1.inferit.1
- Update to 4.5-1
- Use more servers instead of pool
- Rebuilt for MSVSphere 8.10
* Mon Apr 15 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 4.5-1.inferit
- MSVSphere debranding: changed vendorzone
- Synchronize time via Russian NTP servers
- Rebuilt for MSVSphere 8.8
- Rebuilt for MSVSphere 8.10 beta
* Tue Jul 25 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 4.2-1
- Rebuilt for MSVSphere 8.8
* Wed Jan 10 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
- update to 4.5 (RHEL-21069 RHEL-10701)
* Thu Jul 14 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
- update to 4.2 (#2062356)

Write Preview
Loading…
Cancel
Save