rpms
/
chrony
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8
rpms:i8c
rpms:c8
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9
rpms:i8-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c
rpms:c9
...
pull from: rpms:i10cs
Branches Tags
rpms:i10
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8
rpms:i8c
rpms:c8
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9
rpms:i8-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i10cs' have entirely different histories.
c9 ... i10cs

8 changed files with 439 additions and 108 deletions
Show Stats

5
.chrony.metadata
Unescape View File

@ -1,3 +1,2 @@
bc7884eb4fde69478a00faee3d42092d426d57c1 SOURCES/chrony-4.3.tar.gz
9c453ae65e5c1a6983cd1121410faf1ffd2d9092 SOURCES/clknetsim-f00531.tar.gz
1395afa521d2e3302a31083edcf568bbc036aafc SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
35b070fdd446080232844ac9f70f84ca1823206f SOURCES/chrony-4.6.1.tar.gz
a3289d3e8688b0818e67d3b7338e8b73501bef1e SOURCES/clknetsim-40bb97.tar.gz

5
.gitignore vendored
Unescape View File

@ -1,3 +1,2 @@
SOURCES/chrony-4.3.tar.gz
SOURCES/clknetsim-f00531.tar.gz
SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
SOURCES/chrony-4.6.1.tar.gz
SOURCES/clknetsim-40bb97.tar.gz

16
SOURCES/chrony-4.3-tar-gz-asc.txt
Unescape View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmMPLJAACgkQU34rdvdo
DaxDKRAAh5wfl990Q6sTPxXI92GegZYIGUxJDlCkJtemoI98g+DQbuCJ46AXsAn/
CIBTbPU3Brvq2KR1nDze/G/YOXkaqoFyaJD00H73qBI7MOMiSS4KbMQ26xLNrnHL
MCHrgZs+MHhyo6IEpesvr7F/+qyGHZifFlHT+HtCM+SBU1qooYUyQAdnhyK0rb16
j7/Jc5A28jROZB4lcRQyvB085whPj299FsB/0wJW5RjwA5tcpPH0sTozain3vvlo
64BAJXcQsyRsilcaPFlkY5zPgFiAuaEJnfTe/uMdfDO/V/g6wADt64+HhaxNPO+z
p3vzEGpio4Oi1HyYiXpDx9bMM1RLTpmKt9p1V5Y98Fn5Ymx6I7yAe1qwvA7T8eoC
hK8C27jPytiOgaWSYqPYb0WaHY3JZZpFzdtr0bAPSkEzL4EwrxVmbgTnkuzk2hxk
6MiIuDLUd9Zl1oroqv+rTd0XA8lXUcoyFhqtsMXHWdAC3yzteaPcJKzv7l9DT6xV
YadKrSBkzob9jRWRngY3FMKjTvcwnxLE8dfsNlsDNGyLNtTEOJ/QYgh6muOHh80L
MAayI8hSWPTR/3IXKlathjLIeilsrFthIZcrPq520FoS4A7E3A80vR3uKOqAIDwh
Y+6ASvEkCHAUneJqlLihqglYTNJlFnVhGw9/LV85JsmRsCZ0+j8=
=2xMP
-----END PGP SIGNATURE-----

16
SOURCES/chrony-4.6.1-tar-gz-asc.txt
Unescape View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmcFKp4ACgkQU34rdvdo
DazMmxAAlSONiDmb/EpwVBigLlVdtyelr6G/9ISMQv/f3CzNlliZOWBQBYiK8UfL
+ohx4uh3R10kWMMJEpeJ7VQMkh3Jn6BKWE3QKQQDKI/Cd39ceeTO57ZZreI3dTRh
8w9xxdwYwEobHhabXQ7wCXDIvssyC6w5LXw4dLmo3N1dC7ZNxJhYgmXVScw6RK5m
bc5Ch/H9bxD1xZiWflXC2dW57nJumJDnMlRVdYot9P2zD0DrGy3cFmh6w89gip67
T2PrhQ9vQUt8zWKEt9CQi0EtDJ8q1B7HKTLSmM6iEGRjphij+2Z8i0EiQRYA+V++
ZQVGg+O6MJYuNbPGdwVBZZMVS4wF3mnNkmBk0/tlxNnNH9dqQ1RquRxQCUPDsGwF
dZUmptZWctNaM7TfICdnjEWz/7flR52+BMi5VRYvAK9MCqhTCkg5bw53r02wNSTK
M2PXMRbGuYUGsPDkXaKHf478uhiZF+3ka6tiomK0RT9ip304qhNxdzhsW942ryH2
yUaFFRGpNk+KJI7e7GfmWmRrBhpi4tqsaFQ4dvUXhlSmk4zVbHIzkgj6Ej6pgJrW
w3lUOlQ49DfNkUnZIVAFHJ6LAmeejTvMNlq9IKHfuFA18X7yhHQI49SXiOUOhKD2
/z6nMP0cjxQ6eij5UupKx/6/IHTIt9uUpTU1taxAsVXKcBemkN8=
=/5W0
-----END PGP SIGNATURE-----

226
SOURCES/chrony-refclkreach.patch
Unescape View File

@ -0,0 +1,226 @@
commit b9b338a8df23927d8104f41ecb21baa3558de0cd
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu Oct 31 14:41:19 2024 +0100
refclock: rework update of reachability
Update the reachability register of a refclock source by 1 if a valid
measurement is received by the drivers between source polls, and not
only when it is accumulated to sourcestats, similarly to how
reachability works with NTP sources.
This avoids drops in the reported reachability when a PHC refclock is
dropping samples due to significant changes in the measured delay (e.g.
due to high PCIe load), or a PPS refclock dropping samples due to failed
lock.
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 935f1da9..dea93c9f 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -364,9 +364,12 @@ a measurement is being made every 64 seconds. *chronyd* automatically varies
the polling rate in response to prevailing conditions.
*Reach*:::
This shows the source's reachability register printed as an octal number. The
-register has 8 bits and is updated on every received or missed packet from
-the source. A value of 377 indicates that a valid reply was received for all
-from the last eight transmissions.
+register has 8 bits. It is shifted to left by one bit with each poll and it is
+updated by 1 when a valid NTP response, or just a sample in case of a reference
+clock, is received from the source. A value of 377 indicates that a valid
+response or sample was received for all of the last 8 polls. Note that samples
+can be dropped if they are not considered good enough for synchronisation, but
+the reachability register will still have 1s for their polls.
*LastRx*:::
This column shows how long ago the last good sample (which is shown in the next
column) was received from the source. Measurements that failed some tests are
diff --git a/refclock.c b/refclock.c
index 22d775a5..d14560fa 100644
--- a/refclock.c
+++ b/refclock.c
@@ -63,6 +63,7 @@ struct RCL_Instance_Record {
int driver_poll;
int driver_polled;
int poll;
+ int reached;
int leap_status;
int local;
int pps_forced;
@@ -175,6 +176,7 @@ RCL_AddRefclock(RefclockParameters *params)
inst->driver_poll = params->driver_poll;
inst->poll = params->poll;
inst->driver_polled = 0;
+ inst->reached = 0;
inst->leap_status = LEAP_Normal;
inst->local = params->local;
inst->pps_forced = params->pps_forced;
@@ -665,6 +667,12 @@ RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
return 1;
}
+void
+RCL_UpdateReachability(RCL_Instance instance)
+{
+ instance->reached++;
+}
+
double
RCL_GetPrecision(RCL_Instance instance)
{
@@ -792,6 +800,9 @@ poll_timeout(void *arg)
if (!(inst->driver->poll && inst->driver_polled < (1 << (inst->poll - inst->driver_poll)))) {
inst->driver_polled = 0;
+ SRC_UpdateReachability(inst->source, inst->reached > 0);
+ inst->reached = 0;
+
if (SPF_GetFilteredSample(inst->filter, &sample)) {
double local_freq, local_offset;
struct timespec local_ref_time;
@@ -807,7 +818,6 @@ poll_timeout(void *arg)
inst->leap_status = LEAP_Unsynchronised;
}
- SRC_UpdateReachability(inst->source, 1);
SRC_UpdateStatus(inst->source, stratum, inst->leap_status);
SRC_AccumulateSample(inst->source, &sample);
SRC_SelectSource(inst->source);
@@ -816,8 +826,6 @@ poll_timeout(void *arg)
follow_local(inst, &local_ref_time, local_freq, local_offset);
log_sample(inst, &sample.time, 1, 0, 0.0, sample.offset, sample.peer_dispersion);
- } else {
- SRC_UpdateReachability(inst->source, 0);
}
}
diff --git a/refclock.h b/refclock.h
index 40c852de..5fdbf9c7 100644
--- a/refclock.h
+++ b/refclock.h
@@ -81,6 +81,7 @@ extern int RCL_AddSample(RCL_Instance instance, struct timespec *sample_time,
extern int RCL_AddPulse(RCL_Instance instance, struct timespec *pulse_time, double second);
extern int RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
double second, double dispersion, double raw_correction);
+extern void RCL_UpdateReachability(RCL_Instance instance);
extern double RCL_GetPrecision(RCL_Instance instance);
extern int RCL_GetDriverPoll(RCL_Instance instance);
diff --git a/refclock_phc.c b/refclock_phc.c
index e12f2258..6c0914f6 100644
--- a/refclock_phc.c
+++ b/refclock_phc.c
@@ -154,6 +154,8 @@ static void process_ext_pulse(RCL_Instance instance, struct timespec *phc_ts)
}
phc->last_extts = *phc_ts;
+ RCL_UpdateReachability(instance);
+
if (!HCL_CookTime(phc->clock, phc_ts, &local_ts, &local_err))
return;
@@ -204,6 +206,9 @@ static int phc_poll(RCL_Instance instance)
if (n_readings < 1)
return 0;
+ if (!phc->extpps)
+ RCL_UpdateReachability(instance);
+
if (!HCL_ProcessReadings(phc->clock, n_readings, readings, &phc_ts, &sys_ts, &phc_err))
return 0;
diff --git a/refclock_pps.c b/refclock_pps.c
index 880c13fc..f00b7ccb 100644
--- a/refclock_pps.c
+++ b/refclock_pps.c
@@ -143,6 +143,8 @@ static int pps_poll(RCL_Instance instance)
pps->last_seq = seq;
+ RCL_UpdateReachability(instance);
+
return RCL_AddPulse(instance, &ts, 1.0e-9 * ts.tv_nsec);
}
diff --git a/refclock_shm.c b/refclock_shm.c
index ee13e871..22e51820 100644
--- a/refclock_shm.c
+++ b/refclock_shm.c
@@ -109,6 +109,8 @@ static int shm_poll(RCL_Instance instance)
shm->valid = 0;
+ RCL_UpdateReachability(instance);
+
receive_ts.tv_sec = t.receiveTimeStampSec;
clock_ts.tv_sec = t.clockTimeStampSec;
diff --git a/refclock_sock.c b/refclock_sock.c
index 2da57ef5..49cf3559 100644
--- a/refclock_sock.c
+++ b/refclock_sock.c
@@ -129,6 +129,8 @@ static void read_sample(int sockfd, int event, void *anything)
UTI_TimevalToTimespec(&sample.tv, &sys_ts);
UTI_NormaliseTimespec(&sys_ts);
+ RCL_UpdateReachability(instance);
+
if (!UTI_IsTimeOffsetSane(&sys_ts, sample.offset))
return;
diff --git a/test/simulation/106-refclock b/test/simulation/106-refclock
index dedab9b8..3793bd86 100755
--- a/test/simulation/106-refclock
+++ b/test/simulation/106-refclock
@@ -114,6 +114,32 @@ Root delay : 0\.000000001 seconds
rm -f tmp/refclocks.log
fi
+export CLKNETSIM_PHC_JITTER_OFF=$[2 * 25 * 492]
+export CLKNETSIM_PHC_JITTER_ON=$[2 * 25 * 8]
+export CLKNETSIM_PHC_JITTER=1e-6
+refclock_offset=0.0
+refclock_jitter=1e-9
+min_sync_time=5
+max_sync_time=7
+time_max_limit=1e-7
+time_rms_limit=1e-8
+client_conf="refclock PHC /dev/ptp0:nocrossts poll 0
+logdir tmp
+log refclocks"
+chronyc_start=500
+chronyc_conf="sources"
+
+run_test || test_fail
+check_chronyd_exit || test_fail
+check_source_selection || test_fail
+check_sync || test_fail
+check_chronyc_output "^MS.*
+=*
+#\* PHC0 0 0 377 8 .*$" || test_fail
+
+unset CLKNETSIM_PHC_JITTER_OFF
+unset CLKNETSIM_PHC_JITTER_ON
+export CLKNETSIM_PHC_JITTER=1e-7
refclock_offset="(+ 0.399 (sum 1e-3))"
refclock_jitter=1e-6
servers=1
diff -up chrony/doc/chronyc.man.orig chrony/doc/chronyc.man
--- chrony/doc/chronyc.man.in.orig 2024-11-06 12:07:50.555216174 +0100
+++ chrony/doc/chronyc.man.in 2024-11-06 12:07:58.131217759 +0100
@@ -535,9 +535,12 @@ the polling rate in response to prevaili
\fBReach\fP
.RS 4
This shows the source\(cqs reachability register printed as an octal number. The
-register has 8 bits and is updated on every received or missed packet from
-the source. A value of 377 indicates that a valid reply was received for all
-from the last eight transmissions.
+register has 8 bits. It is shifted to left by one bit with each poll and it is
+updated by 1 when a valid NTP response, or just a sample in case of a reference
+clock, is received from the source. A value of 377 indicates that a valid
+response or sample was received for all of the last 8 polls. Note that samples
+can be dropped if they are not considered good enough for synchronisation, but
+the reachability register will still have 1s for their polls.
.RE
.sp
\fBLastRx\fP

38
SOURCES/chrony-services.patch
Unescape View File

@ -1,38 +0,0 @@
diff -up chrony-4.2/examples/chronyd.service.services chrony-4.2/examples/chronyd.service
--- chrony-4.2/examples/chronyd.service.services 2021-12-16 13:17:42.000000000 +0100
+++ chrony-4.2/examples/chronyd.service 2022-01-19 13:55:59.066677473 +0100
@@ -32,8 +32,7 @@ ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
-ProtectSystem=strict
-ReadWritePaths=/run /var/lib/chrony -/var/log
+ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictSUIDSGID=yes
@@ -42,7 +41,6 @@ SystemCallFilter=~@cpu-emulation @debug
# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
NoNewPrivileges=no
-ReadWritePaths=-/var/spool
RestrictAddressFamilies=AF_NETLINK
[Install]
Avoid a SELinux issue
diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
index 72b028f2..57646950 100644
--- a/examples/chrony-wait.service
+++ b/examples/chrony-wait.service
@@ -18,7 +18,7 @@ StandardOutput=null
CapabilityBoundingSet=
DevicePolicy=closed
-DynamicUser=yes
+#DynamicUser=yes
IPAddressAllow=localhost
IPAddressDeny=any
LockPersonality=yes

54
SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
Unescape View File

@ -0,0 +1,54 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1
Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T
c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl
QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv
tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR
F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B
FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+
LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV
jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2
7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/
v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB
tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA
PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1
6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s
nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP
nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r
nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ
cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/
kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6
LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W
vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS
y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G
4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7
qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC
YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO
uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR
OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br
O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms
ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm
HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn
X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV
HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5
ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y
mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs
5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0
1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ
T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC
YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm
4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7
qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6
YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f
eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/
KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4
QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+
hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5
BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B
B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq
hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb
bcAu2uXfRrQxpaqcOg==
=/wbD
-----END PGP PUBLIC KEY BLOCK-----

187
SPECS/chrony.spec
Unescape View File

@ -1,5 +1,5 @@
%global _hardened_build 1
%global clknetsim_ver f00531
%global clknetsim_ver 40bb97
%bcond_without debug
%bcond_without nts
@ -8,25 +8,25 @@
%endif
Name: chrony
Version: 4.3
Version: 4.6.1
Release: 1%{?dist}
Summary: An NTP client/server
License: GPLv2
URL: https://chrony.tuxfamily.org
Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
Source1: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
Source2: https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
License: GPL-2.0-only
URL: https://chrony-project.org
Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz
Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
Source3: chrony.dhclient
Source4: chrony.sysusers
# simulator for test suite
Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz
%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
# add distribution-specific bits to DHCP dispatcher
Patch1: chrony-nm-dispatcher-dhcp.patch
# revert some hardening options in service files
Patch3: chrony-services.patch
# keep PHC refclock reachable when dropping samples due to high delay
Patch2: chrony-refclkreach.patch
BuildRequires: gnutls-devel libcap-devel libedit-devel pps-tools-devel
BuildRequires: gcc gcc-c++ make bison systemd gnupg2
@ -36,6 +36,9 @@ BuildRequires: gcc gcc-c++ make bison systemd gnupg2
%{?systemd_requires}
%{?sysusers_requires_compat}
# Needed by the leapsectz directive in default chrony.conf
Requires: tzdata
# Old NetworkManager expects the dispatcher scripts in a different place
Conflicts: NetworkManager < 1.20
@ -56,21 +59,21 @@ service to other computers in the network.
%prep
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
%setup -q -n %{name}-%{version}%{?prerelease} -a 10
%{?gitpatch:%patch0 -p1}
%patch1 -p1 -b .nm-dispatcher-dhcp
%patch3 -p1 -b .services
%{?gitpatch:%patch -P 0 -p1}
%patch -P 1 -p1 -b .nm-dispatcher-dhcp
%patch -P 2 -p1
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
# review changes in packaged configuration files and scripts
md5sum -c <<-EOF | (! grep -v 'OK$')
222e652b95027289877fa77146d3b9b1 examples/chrony-wait.service
2d01b94bc1a7b7fb70cbee831488d121 examples/chrony.conf.example2
96999221eeef476bd49fe97b97503126 examples/chrony.keys.example
5530d6e60f84b76c27495485d2510bac examples/chrony-wait.service
826354a2d467d6147e412d43bfe07484 examples/chrony.conf.example2
6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate
c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp
2b81c60c020626165ac655b2633608eb examples/chrony.nm-dispatcher.onoffline
619dd00009ea312c7201beefde10341a examples/chronyd.service
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline
c11159b78b89684eca773db6236a9855 examples/chronyd.service
46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service
EOF
# don't allow packaging without vendor zone
@ -79,20 +82,22 @@ test -n "%{vendorzone}"
# use example chrony.conf as the default config with some modifications:
# - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses)
# - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata
# - enable keyfile
# - use NTP servers from DHCP
sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
-e 's|#\(leapsectz\)|\1|' \
-e 's|#\(keyfile\)|\1|' \
-e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \
< examples/chrony.conf.example2 > chrony.conf
touch -r examples/chrony.conf.example2 chrony.conf
# set selinux context in chronyd-restricted service
sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
examples/chronyd-restricted.service
# regenerate the file from getdate.y
rm -f getdate.c
mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
%build
%configure \
@ -107,9 +112,7 @@ mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
--with-hwclockfile=%{_sysconfdir}/adjtime \
--with-pidfile=/run/chrony/chronyd.pid \
--with-sendmail=%{_sbindir}/sendmail \
--without-nettle \
--without-nss \
--without-tomcrypt
--without-nettle
%make_build
%install
@ -127,8 +130,6 @@ mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}
install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf
install -m 640 -p examples/chrony.keys.example \
$RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
install -m 755 -p %{SOURCE3} \
$RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
install -m 644 -p examples/chrony.logrotate \
@ -136,6 +137,8 @@ install -m 644 -p examples/chrony.logrotate \
install -m 644 -p examples/chronyd.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd.service
install -m 644 -p examples/chronyd-restricted.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
@ -150,6 +153,7 @@ cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <<EOF
OPTIONS="%{?with_seccomp:-F 2}"
EOF
touch $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}
echo 'chronyd.service' > \
@ -157,13 +161,12 @@ echo 'chronyd.service' > \
%check
# set random seed to get deterministic results
export CLKNETSIM_RANDOM_SEED=24505
export CLKNETSIM_RANDOM_SEED=24508
%make_build -C test/simulation/clknetsim
make quickcheck
%pre
%sysusers_create_compat %{SOURCE4}
:
%post
# migrate from chrony-helper to sourcedir directive
@ -176,20 +179,20 @@ if test -a %{_libexecdir}/chrony-helper; then
sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources"
done 2> /dev/null
fi
%systemd_post chronyd.service chrony-wait.service
%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service
%preun
%systemd_preun chronyd.service chrony-wait.service
%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service
%postun
%systemd_postun_with_restart chronyd.service
%systemd_postun_with_restart chronyd.service chronyd-restricted.service
%files
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc FAQ NEWS README
%doc FAQ NEWS README examples/chrony.keys.example
%config(noreplace) %{_sysconfdir}/chrony.conf
%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
%ghost %config %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
%config(noreplace) %{_sysconfdir}/logrotate.d/chrony
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd
%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
@ -206,23 +209,111 @@ fi
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
%changelog
* Wed Oct 12 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
- update to 4.3 (#2133754)
- add sysusers.d fragment for chrony user/group (#2095374)
* Wed Mar 23 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
- update to 4.2 (#2051441)
- fully switch from nettle to gnutls (#1953463 #1954483)
- use NTP servers from DHCPv6 NTP server option (#2047415)
- drop obsolete workaround in scriptlet
* Tue Aug 10 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-3
- update seccomp filter for new glibc (#1990589)
* Wed Nov 06 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6.1-1
- update to 4.6.1 (RHEL-61876)
- keep PHC refclock reachable when dropping samples due to high delay
(RHEL-65843)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.6-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 4.6-1
- Rebuilt for MSVSphere 10
* Tue Sep 03 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6-1
- update to 4.6 (RHEL-55735)
* Tue Jul 02 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-6
- fix gnutls build requirement
- fix crash on reload command during start (RHEL-45854)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.5-5
- Bump release for June 2024 mass rebuild
* Tue May 28 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-4
- disable nettle support in favor of gnutls (RHEL-38924)
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 05 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
- update to 4.5
* Wed Nov 22 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-0.1.pre1
- update to 4.5-pre1
* Wed Aug 09 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-1
- update to 4.4
- require tzdata (#2218368)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-0.4.pre2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 21 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.3.pre2
- update to 4.4-pre2
- set selinux context in chronyd-restricted service (#2169949)
* Tue Jun 06 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.2.pre1
- rebuild for AES-GCM-SIV in new nettle
* Wed May 10 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.1.pre1
- update to 4.4-pre1
- switch from patchX to patch -P X
* Wed Jan 25 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.3-3
- drop default chrony.keys config (#2104918)
- add chronyd-restricted service for minimal NTP client configurations
- convert license tag to SPDX
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 31 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
- update to 4.3
* Thu Aug 11 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-0.1.pre1
- update to 4.3-pre1
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 24 2022 Luca BRUNO <lucab@lucabruno.net> - 4.2-6
- Add a sysusers.d fragment for chrony user/group
* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.2-5
- Drop obsolete workaround in scriptlet
* Wed Feb 09 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-4
- update seccomp filter for latest glibc
* Tue Feb 08 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-3
- use NTP servers passed by NetworkManager from DHCPv6 NTP server option
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
- update to 4.2
* Thu Dec 02 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-0.1.pre1
- update to 4.2-pre1
* Tue Nov 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-5
- fix hardened chronyd service to allow writing log files
* Wed Sep 29 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-4
- harden chronyd and chrony-wait services
* Mon Aug 09 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-3
- update seccomp filter for new glibc
- remove unnecessary build requirement
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.1-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu May 13 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1
- update to 4.1

Write Preview
Loading…
Cancel
Save