diff --git a/.chrony.metadata b/.chrony.metadata index 0e4fc3a..59f2c95 100644 --- a/.chrony.metadata +++ b/.chrony.metadata @@ -1,2 +1,2 @@ -0f5de043b395311a58bcf4be9800f7118afd5f59 SOURCES/chrony-4.2.tar.gz -2e1fac8161ea8d92d76532c0b272fb31799bc310 SOURCES/clknetsim-824c48.tar.gz +4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz +e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz diff --git a/.gitignore b/.gitignore index 851aa77..a1b6ce7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/chrony-4.2.tar.gz -SOURCES/clknetsim-824c48.tar.gz +SOURCES/chrony-4.5.tar.gz +SOURCES/clknetsim-5d1dc0.tar.gz diff --git a/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch b/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch index 6aca686..77da097 100644 --- a/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch +++ b/SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch @@ -1,25 +1,36 @@ -From 08cf035923b4eff6698d37948bb25b1414432b7a Mon Sep 17 00:00:00 2001 -From: Sergey Cherevko -Date: Wed, 30 Aug 2023 17:02:52 +0300 +From 62ab2acc6b2748dae0c2cea0f3881328131e8ad9 Mon Sep 17 00:00:00 2001 +From: Sergey Cherevko +Date: Mon, 10 Jun 2024 13:48:31 +0300 Subject: [PATCH] Synchronize time via Russian NTP servers --- - FAQ | 10 +++++----- + FAQ | 12 ++++++------ INSTALL | 4 ++-- - doc/chrony.conf.adoc | 9 ++++----- - doc/chrony.conf.man.in | 12 +++++------- - doc/faq.adoc | 10 +++++----- + doc/chrony.conf.adoc | 8 ++++---- + doc/chrony.conf.man.in | 12 ++++++------ + doc/chronyc.adoc | 2 +- + doc/chronyc.man.in | 4 ++-- + doc/faq.adoc | 12 ++++++------ doc/installation.adoc | 4 ++-- - examples/chrony.conf.example1 | 4 ++-- - examples/chrony.conf.example2 | 6 +++--- + examples/chrony.conf.example1 | 11 +++++++++-- + examples/chrony.conf.example2 | 12 +++++++++--- examples/chrony.conf.example3 | 4 ++-- - 9 files changed, 30 insertions(+), 33 deletions(-) + 11 files changed, 49 insertions(+), 36 deletions(-) diff --git a/FAQ b/FAQ -index d68f885..5672baa 100644 +index c96acfa..18687b7 100644 --- a/FAQ +++ b/FAQ -@@ -105,10 +105,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the +@@ -101,7 +101,7 @@ poll multiple servers at the same time and detect servers having incorrect time + (falsetickers in the NTP terminology). It should be used only with trusted + reliable servers, ideally in local network. + +-Using timesyncd with pool.ntp.org is problematic. The pool is very robust as a ++Using timesyncd with https://www.vniiftri.ru/ is problematic. The pool is very robust as a + whole, but the individual servers run by volunteers cannot be relied on. + Occasionally, servers drift away or make a step to distant past or future due + to misconfiguration, problematic implementation, and other bugs (e.g. in +@@ -141,10 +141,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the system time is periodically copied to the RTC. It is supported on Linux and macOS. @@ -28,39 +39,39 @@ index d68f885..5672baa 100644 minimal chrony.conf file could be: -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst driftfile /var/lib/chrony/drift makestep 1 3 rtcsync -@@ -380,7 +380,7 @@ the -Q option it will print the measured offset without setting the clock. If +@@ -433,7 +433,7 @@ the -Q option it will print the measured offset without setting the clock. If you do not want to use a configuration file, NTP servers can be specified on the command line. For example: -# chronyd -q 'pool pool.ntp.org iburst' -+# chronyd -q 'pool ntp1.vniiftri.ru iburst' ++# chronyd -q 'pool https://www.vniiftri.ru/ iburst' The command above would normally take about 5 seconds if the servers were well synchronised and responding to all requests. If not synchronised or responding, -@@ -391,7 +391,7 @@ option to one (supported since chrony version 4.0), and a timeout can be +@@ -444,7 +444,7 @@ option to one (supported since chrony version 4.0), and a timeout can be specified with the -t option. The following command would take only up to about one second. -# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1' -+# chronyd -q -t 1 'server ntp1.vniiftri.ru iburst maxsamples 1' ++# chronyd -q -t 1 'server https://www.vniiftri.ru/ iburst maxsamples 1' It is not recommended to run chronyd with the -q option periodically (e.g. from a cron job) as a replacement for the daemon mode, because it performs -@@ -454,7 +454,7 @@ same server instance. +@@ -507,7 +507,7 @@ same server instance. An example configuration of the client instance could be -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst allow 127.0.0.1 port 11123 driftfile /var/lib/chrony/drift diff --git a/INSTALL b/INSTALL -index 656537a..1dcbce2 100644 +index 9ca6e22..6f48020 100644 --- a/INSTALL +++ b/INSTALL @@ -116,10 +116,10 @@ make install-docs @@ -72,15 +83,15 @@ index 656537a..1dcbce2 100644 project as your time reference. A minimal useful configuration file could be -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool https://www.vniiftri.ru/ iburst makestep 1.0 3 rtcsync diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc -index 21d2ce6..d41cfbd 100644 +index cb3f95c..832a97f 100644 --- a/doc/chrony.conf.adoc +++ b/doc/chrony.conf.adoc -@@ -334,7 +334,7 @@ source with a newly resolved address of the name. +@@ -365,7 +365,7 @@ sources responding to requests. The default value is 4 and the maximum value is An example of the *pool* directive is + ---- @@ -89,16 +100,16 @@ index 21d2ce6..d41cfbd 100644 ---- [[peer]]*peer* _hostname_ [_option_]...:: -@@ -2621,7 +2621,7 @@ the following methods: +@@ -2820,7 +2820,7 @@ the following methods: stratum 1 and stratum 2 servers. You should find one or more servers that are near to you. Check that their access policy allows you to use their facilities. -* Use public servers from the https://www.pool.ntp.org/[pool.ntp.org] project. +* Use public servers from the https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. - Assuming that your NTP servers are called _foo.example.net_, _bar.example.net_ - and _baz.example.net_, your _chrony.conf_ file could contain as a minimum: -@@ -2654,7 +2654,7 @@ directive instead of multiple *server* directives. The configuration file could + Assuming that your NTP servers are called _ntp1.example.net_, _ntp2.example.net_ + and _ntp3.example.net_, your _chrony.conf_ file could contain as a minimum: +@@ -2853,7 +2853,7 @@ directive instead of multiple *server* directives. The configuration file could in this case look like: ---- @@ -107,70 +118,111 @@ index 21d2ce6..d41cfbd 100644 driftfile @CHRONYVARDIR@/drift makestep 1.0 3 rtcsync -@@ -2912,8 +2912,7 @@ information to be saved. - +@@ -3112,7 +3112,7 @@ information to be saved. === Public NTP server --*chronyd* can be configured to operate as a public NTP server, e.g. to join the + *chronyd* can be configured to operate as a public NTP server, e.g. to join the -https://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration -+*chronyd* can be configured to operate as a public NTP server. The configuration ++https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. The configuration is similar to the NTP client with permanent connection, except it needs to allow client access from all addresses. It is recommended to find at least four good servers (e.g. from the pool, or on the NTP homepage). If the server has a diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in -index 8713321..795f4b3 100644 +index 66d2358..8b88b70 100644 --- a/doc/chrony.conf.man.in +++ b/doc/chrony.conf.man.in -@@ -445,7 +445,7 @@ An example of the \fBpool\fP directive is +@@ -479,7 +479,7 @@ An example of the \fBpool\fP directive is .if n .RS 4 .nf .fam C -pool pool.ntp.org iburst maxsources 3 -+pool ntp1.vniiftri.ru iburst maxsources 3 ++pool ntp1.vniiftri].ru iburst maxsources 3 .fam .fi .if n .RE -@@ -4124,7 +4124,7 @@ facilities. +@@ -4651,7 +4651,7 @@ facilities. . IP \(bu 2.3 .\} Use public servers from the \c -.URL "https://www.pool.ntp.org/" "pool.ntp.org" "" -+.URL "https://www.vniiftri.ru/" "www.vniiftri.ru" "" ++.URL "https://www.ntp1.vniiftri].ru/" "ntp1.vniiftri].ru" "" project. .RE .sp -@@ -4169,7 +4169,7 @@ in this case look like: +@@ -4696,7 +4696,7 @@ in this case look like: .if n .RS 4 .nf .fam C -pool pool.ntp.org iburst -+pool ntp1.vniiftri.ru iburst ++pool ntp1.vniiftri].ru iburst driftfile @CHRONYVARDIR@/drift makestep 1.0 3 rtcsync -@@ -4465,9 +4465,7 @@ before the final SIGKILL; the SIGTERM causes the measurement histories and RTC - information to be saved. +@@ -4993,8 +4993,8 @@ information to be saved. .SS "Public NTP server" .sp --\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the + \fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the -.URL "https://www.pool.ntp.org/en/join.html" "pool.ntp.org" "" -project. The configuration ++.URL "https://www.ntp.vniiftri].ru/en/join.html" "ntp1.vniiftri].ru" "" +\fBchronyd\fP can be configured to operate as a public NTP server. The configuration is similar to the NTP client with permanent connection, except it needs to allow client access from all addresses. It is recommended to find at least four good servers (e.g. from the pool, or on the NTP homepage). If the server has a -@@ -4513,4 +4511,4 @@ For instructions on how to report bugs, please visit - .URL "https://chrony.tuxfamily.org/" "" "." +@@ -5040,4 +5040,4 @@ For instructions on how to report bugs, please visit + .URL "https://chrony\-project.org/" "" "." + .SH "AUTHORS" + .sp +-chrony was written by Richard Curnow, Miroslav Lichvar, and others. +\ No newline at end of file ++chrony was written by Richard Curnow, Miroslav Lichvar, and others. +diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc +index 96a0551..d88c7dc 100644 +--- a/doc/chronyc.adoc ++++ b/doc/chronyc.adoc +@@ -979,7 +979,7 @@ them immediately, e.g. after suspending and resuming the machine in a different + network. + + + Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6 +-addresses are included in a single DNS response (e.g. pool.ntp.org), this ++addresses are included in a single DNS response (e.g. https://www.vniiftri.ru/), this + command might replace the addresses even if they are still in the pool. + + [[reload]]*reload* *sources*:: +diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in +index 4541fc6..7888eff 100644 +--- a/doc/chronyc.man.in ++++ b/doc/chronyc.man.in +@@ -1793,7 +1793,7 @@ them immediately, e.g. after suspending and resuming the machine in a different + network. + .sp + Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6 +-addresses are included in a single DNS response (e.g. pool.ntp.org), this ++addresses are included in a single DNS response (e.g. ntp1.vniiftri.ru), this + command might replace the addresses even if they are still in the pool. + .RE + .sp +@@ -2753,4 +2753,4 @@ For instructions on how to report bugs, please visit + .URL "https://chrony\-project.org/" "" "." .SH "AUTHORS" .sp -chrony was written by Richard Curnow, Miroslav Lichvar, and others. \ No newline at end of file +chrony was written by Richard Curnow, Miroslav Lichvar, and others. diff --git a/doc/faq.adoc b/doc/faq.adoc -index d1b4cf3..7125a7b 100644 +index 8fd350f..69b8b3e 100644 --- a/doc/faq.adoc +++ b/doc/faq.adoc -@@ -70,11 +70,11 @@ system time is periodically copied to the RTC. It is supported on Linux and +@@ -56,7 +56,7 @@ limitations is that it cannot poll multiple servers at the same time and detect + servers having incorrect time (falsetickers in the NTP terminology). It should + be used only with trusted reliable servers, ideally in local network. + +-Using `timesyncd` with `pool.ntp.org` is problematic. The pool is very ++Using `timesyncd` with `ntp.vniiftri.ru` is problematic. The pool is very + robust as a whole, but the individual servers run by volunteers cannot be + relied on. Occasionally, servers drift away or make a step to distant past or + future due to misconfiguration, problematic implementation, and other bugs +@@ -98,11 +98,11 @@ system time is periodically copied to the RTC. It is supported on Linux and macOS. If you wanted to use public NTP servers from the @@ -184,7 +236,7 @@ index d1b4cf3..7125a7b 100644 driftfile /var/lib/chrony/drift makestep 1 3 rtcsync -@@ -362,7 +362,7 @@ clock. If you do not want to use a configuration file, NTP servers can be +@@ -411,7 +411,7 @@ clock. If you do not want to use a configuration file, NTP servers can be specified on the command line. For example: ---- @@ -193,7 +245,7 @@ index d1b4cf3..7125a7b 100644 ---- The command above would normally take about 5 seconds if the servers were -@@ -375,7 +375,7 @@ timeout can be specified with the `-t` option. The following command would take +@@ -424,7 +424,7 @@ timeout can be specified with the `-t` option. The following command would take only up to about one second. ---- @@ -202,7 +254,7 @@ index d1b4cf3..7125a7b 100644 ---- It is not recommended to run `chronyd` with the `-q` option periodically (e.g. -@@ -442,7 +442,7 @@ the same server instance. +@@ -491,7 +491,7 @@ the same server instance. An example configuration of the client instance could be ---- @@ -212,7 +264,7 @@ index d1b4cf3..7125a7b 100644 port 11123 driftfile /var/lib/chrony/drift diff --git a/doc/installation.adoc b/doc/installation.adoc -index 35ce9bf..d8f15ae 100644 +index b683911..0fa1eca 100644 --- a/doc/installation.adoc +++ b/doc/installation.adoc @@ -146,11 +146,11 @@ make install-docs @@ -220,7 +272,7 @@ index 35ce9bf..d8f15ae 100644 configuration file. The default location of the file is _/etc/chrony.conf_. Several examples of configuration with comments are included in the examples -directory. Suppose you want to use public NTP servers from the pool.ntp.org -+directory. Suppose you want to use public NTP servers from the https://www.vniiftri.ru/ ++directory. Suppose you want to use public NTP servers from the ntp1.vniiftri.ru project as your time reference. A minimal useful configuration file could be ---- @@ -230,33 +282,46 @@ index 35ce9bf..d8f15ae 100644 rtcsync ---- diff --git a/examples/chrony.conf.example1 b/examples/chrony.conf.example1 -index 5e93ea7..6442078 100644 +index 5e93ea7..dd960ad 100644 --- a/examples/chrony.conf.example1 +++ b/examples/chrony.conf.example1 -@@ -1,5 +1,5 @@ +@@ -1,5 +1,12 @@ -# Use public NTP servers from the pool.ntp.org project. -pool pool.ntp.org iburst -+# Use public NTP servers from the https://www.vniiftri.ru/ project. -+pool ntp1.vniiftri.ru iburst ++# Use Russian public NTP servers (vniiftri and msk-ix) ++server ntp.msk-ix.ru iburst ++server ntp1.vniiftri.ru iburst ++server vniiftri2.khv.ru iburst ++server ntp1.niiftri.irkutsk.ru iburst ++server ntp.sstf.nsk.ru iburst ++server ntp2.vniiftri.ru iburst ++server ntp3.vniiftri.ru iburst ++server ntp4.vniiftri.ru iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2 -index bf2bbdd..6e5a993 100644 +index 21be153..fd26b03 100644 --- a/examples/chrony.conf.example2 +++ b/examples/chrony.conf.example2 -@@ -1,6 +1,6 @@ +@@ -1,6 +1,12 @@ -# Use public servers from the pool.ntp.org project. --# Please consider joining the pool (https://www.pool.ntp.org/join.html). +-# Please consider joining the pool (http://www.pool.ntp.org/join.html). -pool pool.ntp.org iburst -+# Use public servers from the https://www.vniiftri.ru/ project. -+# Synchronize time via NTP servers (https://www.vniiftri.ru/catalog/services/sinkhronizatsiya-vremeni-cherez-ntp-servera/). -+pool ntp1.vniiftri.ru iburst ++# Use Russian public NTP servers (vniiftri and msk-ix) ++server ntp.msk-ix.ru iburst ++server ntp1.vniiftri.ru iburst ++server vniiftri2.khv.ru iburst ++server ntp1.niiftri.irkutsk.ru iburst ++server ntp.sstf.nsk.ru iburst ++server ntp2.vniiftri.ru iburst ++server ntp3.vniiftri.ru iburst ++server ntp4.vniiftri.ru iburst # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3 -index 4e3e3a8..db9d395 100644 +index 6d84c01..e893292 100644 --- a/examples/chrony.conf.example3 +++ b/examples/chrony.conf.example3 @@ -25,13 +25,13 @@ @@ -266,9 +331,9 @@ index 4e3e3a8..db9d395 100644 -# you can use servers from the pool.ntp.org project. +# you can use servers from the https://www.vniiftri.ru/ project. - ! server foo.example.net iburst - ! server bar.example.net iburst - ! server baz.example.net iburst + ! server ntp1.example.net iburst + ! server ntp2.example.net iburst + ! server ntp3.example.net iburst -! pool pool.ntp.org iburst +! pool ntp1.vniiftri.ru iburst @@ -276,5 +341,5 @@ index 4e3e3a8..db9d395 100644 ####################################################################### ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK -- -2.39.2 +2.39.3 diff --git a/SOURCES/chrony-defconfig.patch b/SOURCES/chrony-defconfig.patch index b471de8..24f3123 100644 --- a/SOURCES/chrony-defconfig.patch +++ b/SOURCES/chrony-defconfig.patch @@ -27,3 +27,12 @@ diff -up chrony-4.1/examples/chrony.conf.example2.defconfig chrony-4.1/examples/ # Get TAI-UTC offset and leap seconds from the system tz database. #leapsectz right/UTC +diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example +--- chrony-4.5/examples/chrony.keys.example.keys 2023-12-05 14:22:10.000000000 +0100 ++++ chrony-4.5/examples/chrony.keys.example 2023-12-06 09:59:26.089508934 +0100 +@@ -11,5 +11,3 @@ + #1 MD5 AVeryLongAndRandomPassword + #2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F + #3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995 +-#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891 +-#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E diff --git a/SOURCES/chrony-ipsourcename.patch b/SOURCES/chrony-ipsourcename.patch deleted file mode 100644 index 426ca8a..0000000 --- a/SOURCES/chrony-ipsourcename.patch +++ /dev/null @@ -1,108 +0,0 @@ -commit 33a1fe7a9ce223d6287ab7b11bca3208e9255cdd -Author: Miroslav Lichvar -Date: Wed Mar 9 15:30:16 2022 +0100 - - ntp: split out conf_id allocation - -diff --git a/ntp_sources.c b/ntp_sources.c -index 3cbb2ae7..30770825 100644 ---- a/ntp_sources.c -+++ b/ntp_sources.c -@@ -698,21 +698,25 @@ static int get_unused_pool_id(void) - - /* ================================================== */ - --NSR_Status --NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type, -- SourceParameters *params, uint32_t *conf_id) -+static uint32_t -+get_next_conf_id(uint32_t *conf_id) - { -- NSR_Status s; -- -- s = add_source(remote_addr, NULL, type, params, INVALID_POOL, last_conf_id + 1); -- if (s != NSR_Success) -- return s; -- - last_conf_id++; -+ - if (conf_id) - *conf_id = last_conf_id; - -- return s; -+ return last_conf_id; -+} -+ -+/* ================================================== */ -+ -+NSR_Status -+NSR_AddSource(NTP_Remote_Address *remote_addr, NTP_Source_Type type, -+ SourceParameters *params, uint32_t *conf_id) -+{ -+ return add_source(remote_addr, NULL, type, params, INVALID_POOL, -+ get_next_conf_id(conf_id)); - } - - /* ================================================== */ -@@ -725,6 +729,7 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type, - struct SourcePool *sp; - NTP_Remote_Address remote_addr; - int i, new_sources, pool_id; -+ uint32_t cid; - - /* If the name is an IP address, add the source with the address directly */ - if (UTI_StringToIP(name, &remote_addr.ip_addr)) { -@@ -770,14 +775,12 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type, - - append_unresolved_source(us); - -- last_conf_id++; -- if (conf_id) -- *conf_id = last_conf_id; -+ cid = get_next_conf_id(conf_id); - - for (i = 0; i < new_sources; i++) { - if (i > 0) - remote_addr.ip_addr.addr.id = ++last_address_id; -- if (add_source(&remote_addr, name, type, params, us->pool_id, last_conf_id) != NSR_Success) -+ if (add_source(&remote_addr, name, type, params, us->pool_id, cid) != NSR_Success) - return NSR_TooManySources; - } - - -commit 1219f99935ca9597eb0e4f4c6039e536462cf1a6 -Author: Miroslav Lichvar -Date: Wed Mar 9 15:34:16 2022 +0100 - - ntp: keep original source IP address - - When an added source is specified by IP address, save the original - string instead of formatting a new string from the parsed address, which - can be different (e.g. compressed vs expanded IPv6 address). - - This fixes the chronyc sourcename command and -N option to print the IP - address exactly as it was specified in the configuration file or chronyc - add command. - -diff --git a/ntp_sources.c b/ntp_sources.c -index 30770825..d46c211d 100644 ---- a/ntp_sources.c -+++ b/ntp_sources.c -@@ -353,7 +353,6 @@ add_source(NTP_Remote_Address *remote_addr, char *name, NTP_Source_Type type, - record_lock = 1; - - record = get_record(slot); -- assert(!name || !UTI_IsStringIP(name)); - record->name = Strdup(name ? name : UTI_IPToString(&remote_addr->ip_addr)); - record->data = NCR_CreateInstance(remote_addr, type, params, record->name); - record->remote_addr = NCR_GetRemoteAddress(record->data); -@@ -734,7 +733,8 @@ NSR_AddSourceByName(char *name, int port, int pool, NTP_Source_Type type, - /* If the name is an IP address, add the source with the address directly */ - if (UTI_StringToIP(name, &remote_addr.ip_addr)) { - remote_addr.port = port; -- return NSR_AddSource(&remote_addr, type, params, conf_id); -+ return add_source(&remote_addr, name, type, params, INVALID_POOL, -+ get_next_conf_id(conf_id)); - } - - /* Make sure the name is at least printable and has no spaces */ diff --git a/SOURCES/chrony-nm-dispatcher-dhcp.patch b/SOURCES/chrony-nm-dispatcher-dhcp.patch index 7d132c1..f2381a5 100644 --- a/SOURCES/chrony-nm-dispatcher-dhcp.patch +++ b/SOURCES/chrony-nm-dispatcher-dhcp.patch @@ -1,3 +1,67 @@ +First, revert upstream changes since 4.2 + +diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp +index 547ce83f..6ea4c370 100644 +--- a/examples/chrony.nm-dispatcher.dhcp ++++ b/examples/chrony.nm-dispatcher.dhcp +@@ -1,7 +1,8 @@ + #!/bin/sh + # This is a NetworkManager dispatcher script for chronyd to update +-# its NTP sources with servers from DHCP options passed by NetworkManager +-# in the DHCP4_NTP_SERVERS and DHCP6_DHCP6_NTP_SERVERS environment variables. ++# its NTP sources passed from DHCP options. Note that this script is ++# specific to NetworkManager-dispatcher due to use of the ++# DHCP4_NTP_SERVERS environment variable. + + export LC_ALL=C + +@@ -9,23 +10,17 @@ interface=$1 + action=$2 + + chronyc=/usr/bin/chronyc +-server_options=iburst ++default_server_options=iburst + server_dir=/var/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources +-dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" ++# DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. ++nm_dhcp_servers=$DHCP4_NTP_SERVERS + + add_servers_from_dhcp() { + rm -f "$dhcp_server_file" +- for server in $dhcp_ntp_servers; do +- # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) +- len1=$(printf '%s' "$server" | wc -c) +- len2=$(printf '%s' "$server" | tr -d -c 'A-Za-z0-9:.-' | wc -c) +- if [ "$len1" -ne "$len2" ] || [ "$len2" -lt 1 ] || [ "$len2" -gt 255 ]; then +- continue +- fi +- +- printf 'server %s %s\n' "$server" "$server_options" >> "$dhcp_server_file" ++ for server in $nm_dhcp_servers; do ++ echo "server $server $default_server_options" >> "$dhcp_server_file" + done + $chronyc reload sources > /dev/null 2>&1 || : + } +@@ -39,11 +34,10 @@ clear_servers_from_dhcp() { + + mkdir -p $server_dir + +-case "$action" in +- up|dhcp4-change|dhcp6-change) +- add_servers_from_dhcp;; +- down) +- clear_servers_from_dhcp;; +-esac ++if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then ++ add_servers_from_dhcp ++elif [ "$action" = "down" ]; then ++ clear_servers_from_dhcp ++fi + + exit 0 + From: Robert Fairley Date: Wed, 17 Jun 2020 10:14:19 -0400 Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig diff --git a/SOURCES/chrony-serverstats.patch b/SOURCES/chrony-serverstats.patch new file mode 100644 index 0000000..a5131fe --- /dev/null +++ b/SOURCES/chrony-serverstats.patch @@ -0,0 +1,39 @@ +commit e11b518a1ffa704986fb1f1835c425844ba248ef +Author: Miroslav Lichvar +Date: Mon Jan 8 11:35:56 2024 +0100 + + ntp: fix authenticated requests in serverstats + + Fix the CLG_UpdateNtpStats() call to count requests passing the + authentication check instead of requests triggering a KoD response + (i.e. NTS NAK). + +diff --git a/ntp_core.c b/ntp_core.c +index 023e60b2..35801744 100644 +--- a/ntp_core.c ++++ b/ntp_core.c +@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a + CLG_DisableNtpTimestamps(&ntp_rx); + } + +- CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE && ++ CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE && + info.auth.mode != NTP_AUTH_MSSNTP, + rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON); + +diff --git a/test/system/010-nts b/test/system/010-nts +index 8d92bbc8..b215efa3 100755 +--- a/test/system/010-nts ++++ b/test/system/010-nts +@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atm + ========================================================================= + 127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail + ++run_chronyc "serverstats" || test_fail ++check_chronyc_output "NTS-KE connections accepted: 1 ++NTS-KE connections dropped : 0 ++Authenticated NTP packets : [1-9][0-9]*" || test_fail ++ + stop_chronyd || test_fail + check_chronyd_messages || test_fail + check_chronyd_files || test_fail diff --git a/SOURCES/chrony-services.patch b/SOURCES/chrony-services.patch index 955be90..77a3c22 100644 --- a/SOURCES/chrony-services.patch +++ b/SOURCES/chrony-services.patch @@ -2,7 +2,7 @@ diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service index 72b028f2..b3aa7aa2 100644 --- a/examples/chrony-wait.service +++ b/examples/chrony-wait.service -@@ -16,32 +16,5 @@ TimeoutStartSec=180 +@@ -16,31 +16,5 @@ TimeoutStartSec=180 RemainAfterExit=yes StandardOutput=null @@ -15,7 +15,6 @@ index 72b028f2..b3aa7aa2 100644 -MemoryDenyWriteExecute=yes -PrivateDevices=yes -PrivateUsers=yes --ProcSubset=pid -ProtectClock=yes -ProtectControlGroups=yes -ProtectHome=yes @@ -39,7 +38,7 @@ diff --git a/examples/chronyd.service b/examples/chronyd.service index 4fb930ef..289548cb 100644 --- a/examples/chronyd.service +++ b/examples/chronyd.service -@@ -10,40 +10,9 @@ Type=forking +@@ -10,39 +10,9 @@ Type=forking PIDFile=/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS @@ -57,7 +56,6 @@ index 4fb930ef..289548cb 100644 -MemoryDenyWriteExecute=yes -NoNewPrivileges=yes PrivateTmp=yes --ProcSubset=pid -ProtectControlGroups=yes ProtectHome=yes -ProtectHostname=yes diff --git a/SPECS/chrony.spec b/SPECS/chrony.spec index 773718b..1cff070 100644 --- a/SPECS/chrony.spec +++ b/SPECS/chrony.spec @@ -1,24 +1,24 @@ %global _hardened_build 1 -%global clknetsim_ver 824c48 +%global clknetsim_ver 5d1dc0 %global ntp2chrony_ver 233b75 %bcond_without debug %bcond_without nts Name: chrony -Version: 4.2 -Release: 1%{?dist}.inferit +Version: 4.5 +Release: 1%{?dist}.inferit.1 Summary: An NTP client/server Group: System Environment/Daemons License: GPLv2 -URL: https://chrony.tuxfamily.org -Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +URL: https://chrony-project.org +Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz Source1: chrony.dhclient Source2: chrony.helper Source3: chrony-dnssrv@.service Source4: chrony-dnssrv@.timer # simulator for test suite -Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz # script for converting ntp configuration to chrony Source11: https://github.com/mlichvar/ntp2chrony/raw/%{ntp2chrony_ver}/ntp2chrony/ntp2chrony.py %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} @@ -30,10 +30,12 @@ Patch0: chrony-services.patch Patch1: chrony-nm-dispatcher-dhcp.patch # add NTP servers from DHCP when starting service Patch2: chrony-service-helper.patch -# revert upstream changes in packaged chrony.conf example +# revert upstream changes in packaged configuration examples Patch3: chrony-defconfig.patch -# fix chronyc sourcename command to print IP address in original format -Patch4: chrony-ipsourcename.patch +# fix serverstats to correctly count authenticated packets +Patch4: chrony-serverstats.patch +# MSVSphere +Patch100: 0001-Synchronize-time-via-Russian-NTP-servers.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x @@ -70,18 +72,19 @@ service to other computers in the network. %patch1 -p1 -b .nm-dispatcher-dhcp %patch2 -p1 -b .service-helper %patch3 -p1 -b .defconfig -%patch4 -p1 -b .ipsourcename +%patch4 -p1 -b .serverstats +%patch100 -p1 %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') bc563c1bcf67b2da774bd8c2aef55a06 examples/chrony-wait.service - e473a9fab7fe200cacce3dca8b66290b examples/chrony.conf.example2 + 2b1090ab0450325a8da13bf3463f3532 examples/chrony.conf.example2 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate fabb5b3f127b802c27c82837feff0fe6 examples/chrony.nm-dispatcher.dhcp - 8f5a98fcb400a482d355b929d04b5518 examples/chrony.nm-dispatcher.onoffline + 4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline 56d221eba8ce8a2e03d3e0dd87999a81 examples/chronyd.service EOF @@ -102,7 +105,7 @@ touch -r examples/chrony.conf.example2 chrony.conf # regenerate the file from getdate.y rm -f getdate.c -mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim +mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim install -m 644 -p %{SOURCE11} ntp2chrony.py @@ -219,13 +222,17 @@ fi %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Wed Aug 30 2023 Sergey Cherevko - 4.2-1.inferit +* Mon Jun 10 2024 Sergey Cherevko - 4.5-1.inferit.1 +- Update to 4.5-1 +- Use more servers instead of pool +- Rebuilt for MSVSphere 8.10 + +* Mon Apr 15 2024 Sergey Cherevko - 4.5-1.inferit - MSVSphere debranding: changed vendorzone -- Synchronize time via Russian NTP servers -- Rebuilt for MSVSphere 8.8 +- Rebuilt for MSVSphere 8.10 beta -* Tue Jul 25 2023 MSVSphere Packaging Team - 4.2-1 -- Rebuilt for MSVSphere 8.8 +* Wed Jan 10 2024 Miroslav Lichvar 4.5-1 +- update to 4.5 (RHEL-21069 RHEL-10701) * Thu Jul 14 2022 Miroslav Lichvar 4.2-1 - update to 4.2 (#2062356)