rpms
/
chrony
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8
rpms:i8c
rpms:c8
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9
rpms:i8-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c
rpms:c9
...
pull from: rpms:i9-beta
Branches Tags
rpms:i10
rpms:i10-beta
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8
rpms:i8c
rpms:c8
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i9
rpms:i8-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c
rpms:c9

No commits in common. 'c9' and 'i9-beta' have entirely different histories.
c9 ... i9-beta

13 changed files with 2257 additions and 42 deletions
Show Stats

5
.chrony.metadata
Unescape View File

@ -1,3 +1,2 @@
bc7884eb4fde69478a00faee3d42092d426d57c1 SOURCES/chrony-4.3.tar.gz
9c453ae65e5c1a6983cd1121410faf1ffd2d9092 SOURCES/clknetsim-f00531.tar.gz
1395afa521d2e3302a31083edcf568bbc036aafc SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
4661e5df181a9761b73caeaef2f2ab755bbe086a SOURCES/chrony-4.5.tar.gz
e021461c23fe4e5c46fd53c449587d8f6cc217ae SOURCES/clknetsim-5d1dc0.tar.gz

5
.gitignore vendored
Unescape View File

@ -1,3 +1,2 @@
SOURCES/chrony-4.3.tar.gz
SOURCES/clknetsim-f00531.tar.gz
SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
SOURCES/chrony-4.5.tar.gz
SOURCES/clknetsim-5d1dc0.tar.gz

345
SOURCES/0001-Synchronize-time-via-Russian-NTP-servers.patch
Unescape View File

@ -0,0 +1,345 @@
From fe74e4d7dec4ba1f8ffb5b0c2713e36a1ffb1a1c Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Mon, 10 Jun 2024 12:03:59 +0300
Subject: [PATCH] Synchronize time via Russian NTP servers
---
FAQ | 12 ++++++------
INSTALL | 4 ++--
doc/chrony.conf.adoc | 8 ++++----
doc/chrony.conf.man.in | 12 ++++++------
doc/chronyc.adoc | 2 +-
doc/chronyc.man.in | 4 ++--
doc/faq.adoc | 12 ++++++------
doc/installation.adoc | 4 ++--
examples/chrony.conf.example1 | 11 +++++++++--
examples/chrony.conf.example2 | 12 +++++++++---
examples/chrony.conf.example3 | 4 ++--
11 files changed, 49 insertions(+), 36 deletions(-)
diff --git a/FAQ b/FAQ
index c96acfa..18687b7 100644
--- a/FAQ
+++ b/FAQ
@@ -101,7 +101,7 @@ poll multiple servers at the same time and detect servers having incorrect time
(falsetickers in the NTP terminology). It should be used only with trusted
reliable servers, ideally in local network.
-Using timesyncd with pool.ntp.org is problematic. The pool is very robust as a
+Using timesyncd with https://www.vniiftri.ru/ is problematic. The pool is very robust as a
whole, but the individual servers run by volunteers cannot be relied on.
Occasionally, servers drift away or make a step to distant past or future due
to misconfiguration, problematic implementation, and other bugs (e.g. in
@@ -141,10 +141,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the
system time is periodically copied to the RTC. It is supported on Linux and
macOS.
-If you wanted to use public NTP servers from the pool.ntp.org project, the
+If you wanted to use public NTP servers from the https://www.vniiftri.ru/ project, the
minimal chrony.conf file could be:
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -433,7 +433,7 @@ the -Q option it will print the measured offset without setting the clock. If
you do not want to use a configuration file, NTP servers can be specified on
the command line. For example:
-# chronyd -q 'pool pool.ntp.org iburst'
+# chronyd -q 'pool https://www.vniiftri.ru/ iburst'
The command above would normally take about 5 seconds if the servers were well
synchronised and responding to all requests. If not synchronised or responding,
@@ -444,7 +444,7 @@ option to one (supported since chrony version 4.0), and a timeout can be
specified with the -t option. The following command would take only up to about
one second.
-# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1'
+# chronyd -q -t 1 'server https://www.vniiftri.ru/ iburst maxsamples 1'
It is not recommended to run chronyd with the -q option periodically (e.g. from
a cron job) as a replacement for the daemon mode, because it performs
@@ -507,7 +507,7 @@ same server instance.
An example configuration of the client instance could be
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
diff --git a/INSTALL b/INSTALL
index 9ca6e22..6f48020 100644
--- a/INSTALL
+++ b/INSTALL
@@ -116,10 +116,10 @@ make install-docs
Now that the software is successfully installed, the next step is to set up a
configuration file. The default location of the file is /etc/chrony.conf.
Several examples of configuration with comments are included in the examples
-directory. Suppose you want to use public NTP servers from the pool.ntp.org
+directory. Suppose you want to use public NTP servers from the https://www.vniiftri.ru/
project as your time reference. A minimal useful configuration file could be
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
makestep 1.0 3
rtcsync
diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc
index cb3f95c..832a97f 100644
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@@ -365,7 +365,7 @@ sources responding to requests. The default value is 4 and the maximum value is
An example of the *pool* directive is
+
----
-pool pool.ntp.org iburst maxsources 3
+pool ntp1.vniiftri.ru iburst maxsources 3
----
[[peer]]*peer* _hostname_ [_option_]...::
@@ -2820,7 +2820,7 @@ the following methods:
stratum 1 and stratum 2 servers. You should find one or more servers that are
near to you. Check that their access policy allows you to use their
facilities.
-* Use public servers from the https://www.pool.ntp.org/[pool.ntp.org] project.
+* Use public servers from the https://www.vniiftri.ru/[ntp1.vniiftri.ru] project.
Assuming that your NTP servers are called _ntp1.example.net_, _ntp2.example.net_
and _ntp3.example.net_, your _chrony.conf_ file could contain as a minimum:
@@ -2853,7 +2853,7 @@ directive instead of multiple *server* directives. The configuration file could
in this case look like:
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -3112,7 +3112,7 @@ information to be saved.
=== Public NTP server
*chronyd* can be configured to operate as a public NTP server, e.g. to join the
-https://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration
+https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
good servers (e.g. from the pool, or on the NTP homepage). If the server has a
diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in
index 66d2358..8b88b70 100644
--- a/doc/chrony.conf.man.in
+++ b/doc/chrony.conf.man.in
@@ -479,7 +479,7 @@ An example of the \fBpool\fP directive is
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst maxsources 3
+pool ntp1.vniiftri].ru iburst maxsources 3
.fam
.fi
.if n .RE
@@ -4651,7 +4651,7 @@ facilities.
. IP \(bu 2.3
.\}
Use public servers from the \c
-.URL "https://www.pool.ntp.org/" "pool.ntp.org" ""
+.URL "https://www.ntp1.vniiftri].ru/" "ntp1.vniiftri].ru" ""
project.
.RE
.sp
@@ -4696,7 +4696,7 @@ in this case look like:
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst
+pool ntp1.vniiftri].ru iburst
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -4993,8 +4993,8 @@ information to be saved.
.SS "Public NTP server"
.sp
\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the
-.URL "https://www.pool.ntp.org/en/join.html" "pool.ntp.org" ""
-project. The configuration
+.URL "https://www.ntp.vniiftri].ru/en/join.html" "ntp1.vniiftri].ru" ""
+\fBchronyd\fP can be configured to operate as a public NTP server. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
good servers (e.g. from the pool, or on the NTP homepage). If the server has a
@@ -5040,4 +5040,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 96a0551..d88c7dc 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -979,7 +979,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
+
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. https://www.vniiftri.ru/), this
command might replace the addresses even if they are still in the pool.
[[reload]]*reload* *sources*::
diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in
index 4541fc6..7888eff 100644
--- a/doc/chronyc.man.in
+++ b/doc/chronyc.man.in
@@ -1793,7 +1793,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
.sp
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. ntp1.vniiftri.ru), this
command might replace the addresses even if they are still in the pool.
.RE
.sp
@@ -2753,4 +2753,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/faq.adoc b/doc/faq.adoc
index 8fd350f..69b8b3e 100644
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -56,7 +56,7 @@ limitations is that it cannot poll multiple servers at the same time and detect
servers having incorrect time (falsetickers in the NTP terminology). It should
be used only with trusted reliable servers, ideally in local network.
-Using `timesyncd` with `pool.ntp.org` is problematic. The pool is very
+Using `timesyncd` with `ntp.vniiftri.ru` is problematic. The pool is very
robust as a whole, but the individual servers run by volunteers cannot be
relied on. Occasionally, servers drift away or make a step to distant past or
future due to misconfiguration, problematic implementation, and other bugs
@@ -98,11 +98,11 @@ system time is periodically copied to the RTC. It is supported on Linux and
macOS.
If you wanted to use public NTP servers from the
-https://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
+https://www.vniiftri.ru/[ntp1.vniiftri.ru] project, the minimal _chrony.conf_ file
could be:
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -411,7 +411,7 @@ clock. If you do not want to use a configuration file, NTP servers can be
specified on the command line. For example:
----
-# chronyd -q 'pool pool.ntp.org iburst'
+# chronyd -q 'pool ntp1.vniiftri.ru iburst'
----
The command above would normally take about 5 seconds if the servers were
@@ -424,7 +424,7 @@ timeout can be specified with the `-t` option. The following command would take
only up to about one second.
----
-# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1'
+# chronyd -q -t 1 'server ntp1.vniiftri.ru iburst maxsamples 1'
----
It is not recommended to run `chronyd` with the `-q` option periodically (e.g.
@@ -491,7 +491,7 @@ the same server instance.
An example configuration of the client instance could be
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
diff --git a/doc/installation.adoc b/doc/installation.adoc
index b683911..0fa1eca 100644
--- a/doc/installation.adoc
+++ b/doc/installation.adoc
@@ -146,11 +146,11 @@ make install-docs
Now that the software is successfully installed, the next step is to set up a
configuration file. The default location of the file is _/etc/chrony.conf_.
Several examples of configuration with comments are included in the examples
-directory. Suppose you want to use public NTP servers from the pool.ntp.org
+directory. Suppose you want to use public NTP servers from the ntp1.vniiftri.ru
project as your time reference. A minimal useful configuration file could be
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
makestep 1.0 3
rtcsync
----
diff --git a/examples/chrony.conf.example1 b/examples/chrony.conf.example1
index 5e93ea7..dd960ad 100644
--- a/examples/chrony.conf.example1
+++ b/examples/chrony.conf.example1
@@ -1,5 +1,12 @@
-# Use public NTP servers from the pool.ntp.org project.
-pool pool.ntp.org iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2
index bf2bbdd..61b4576 100644
--- a/examples/chrony.conf.example2
+++ b/examples/chrony.conf.example2
@@ -1,6 +1,12 @@
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (https://www.pool.ntp.org/join.html).
-pool pool.ntp.org iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3
index 6d84c01..e893292 100644
--- a/examples/chrony.conf.example3
+++ b/examples/chrony.conf.example3
@@ -25,13 +25,13 @@
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers. There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
-# you can use servers from the pool.ntp.org project.
+# you can use servers from the https://www.vniiftri.ru/ project.
! server ntp1.example.net iburst
! server ntp2.example.net iburst
! server ntp3.example.net iburst
-! pool pool.ntp.org iburst
+! pool ntp1.vniiftri.ru iburst
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
--
2.39.3

16
SOURCES/chrony-4.3-tar-gz-asc.txt
Unescape View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmMPLJAACgkQU34rdvdo
DaxDKRAAh5wfl990Q6sTPxXI92GegZYIGUxJDlCkJtemoI98g+DQbuCJ46AXsAn/
CIBTbPU3Brvq2KR1nDze/G/YOXkaqoFyaJD00H73qBI7MOMiSS4KbMQ26xLNrnHL
MCHrgZs+MHhyo6IEpesvr7F/+qyGHZifFlHT+HtCM+SBU1qooYUyQAdnhyK0rb16
j7/Jc5A28jROZB4lcRQyvB085whPj299FsB/0wJW5RjwA5tcpPH0sTozain3vvlo
64BAJXcQsyRsilcaPFlkY5zPgFiAuaEJnfTe/uMdfDO/V/g6wADt64+HhaxNPO+z
p3vzEGpio4Oi1HyYiXpDx9bMM1RLTpmKt9p1V5Y98Fn5Ymx6I7yAe1qwvA7T8eoC
hK8C27jPytiOgaWSYqPYb0WaHY3JZZpFzdtr0bAPSkEzL4EwrxVmbgTnkuzk2hxk
6MiIuDLUd9Zl1oroqv+rTd0XA8lXUcoyFhqtsMXHWdAC3yzteaPcJKzv7l9DT6xV
YadKrSBkzob9jRWRngY3FMKjTvcwnxLE8dfsNlsDNGyLNtTEOJ/QYgh6muOHh80L
MAayI8hSWPTR/3IXKlathjLIeilsrFthIZcrPq520FoS4A7E3A80vR3uKOqAIDwh
Y+6ASvEkCHAUneJqlLihqglYTNJlFnVhGw9/LV85JsmRsCZ0+j8=
=2xMP
-----END PGP SIGNATURE-----

16
SOURCES/chrony-4.5-tar-gz-asc.txt
Unescape View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmVvJPkACgkQU34rdvdo
DawQjw//Zkq4UTPZDpU/gifjUtE/jpIa6+tyhSFpRI5abNScOPaEa8nZz6Q33/s4
qiS9RJh1AA13xnal7bIHsixadON01x91ysW1sbNhFx942SwTpk00wDdLmySqW+u5
klrTfGlGRejp7ahasbXx/dXqk3Sz+J19YIvdz2X1o2HaUZwp1SIwq5Y8BYS8iE0a
G5ov/ail2965hwSoYWNbR7/UuOTEO3YgRk2YSpKKKGJgL27pAzwGlOVwgP9JLAD0
WsGDEpn+EY+4BOkwMyFeACOHyJ+QCcpKXF9B6CGJELyPqTp2uQy+OkaF4VtkGvpp
wRs6IhMoHFt5NjvCiBhOMvocKd6JrxDxN84gGhSG6OtSFp8GZoFhTxIp//mnZDoz
WPl/Z+n3yABdaG7IWavl6tn2wvipMsgcTJHxRYg6A4d2+mKKy0pRyfLUtGTM9EA/
NEhTIHVZZLORNK7zPaB8CkFmmsmDQVhowBjXjFcq2HDNzQawbU5gjWUBEH+4R4bq
rb4P9Eg3Kus0fvBxj4z72XkzYGNn951YFhwW26x4w09+J35/1eoshNkBaPfOdsRf
Xgb37MmEe5yfU32k27aYtERnH9w/+rOk1RISrVcK0c87uz0RnzPN5HBzc4PnEpx6
KQFkFxVaaMeJNc0Ca5/u9aE9nli1DIS8Afo/Z4zQtjVMqLsvecQ=
=4/yB
-----END PGP SIGNATURE-----

9
SOURCES/chrony-keys.patch
Unescape View File

@ -0,0 +1,9 @@
diff -up chrony-4.5/examples/chrony.keys.example.keys chrony-4.5/examples/chrony.keys.example
--- chrony-4.5/examples/chrony.keys.example.keys 2023-12-05 14:22:10.000000000 +0100
+++ chrony-4.5/examples/chrony.keys.example 2023-12-06 09:59:26.089508934 +0100
@@ -11,5 +11,3 @@
#1 MD5 AVeryLongAndRandomPassword
#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
-#4 AES128 HEX:2DA837C4B6573748CA692B8C828E4891
-#5 AES256 HEX:2666B8099BFF2D5BA20876121788ED24D2BE59111B8FFB562F0F56AE6EC7246E

42
SOURCES/chrony-leaplist-man.patch
Unescape View File

@ -0,0 +1,42 @@
--- chrony-4.5/doc/chrony.conf.man.in 2023-12-05 14:26:13.000000000 +0100
+++ chrony.conf.man.in 2024-07-30 14:17:30.000000000 +0200
@@ -908,9 +915,10 @@
.RS 4
This option indicates that the reference clock keeps time in TAI instead of UTC
and that \fBchronyd\fP should correct its offset by the current TAI\-UTC offset. The
-\fBleapsectz\fP directive must be used with this option and the
-database must be kept up to date in order for this correction to work as
-expected. This option does not make sense with PPS refclocks.
+\fBleapsectz\fP or \fBleapseclist\fP directive must be
+used with this option and the database must be kept up to date in order for
+this correction to work as expected. This option does not make sense with PPS
+refclocks.
.RE
.sp
\fBlocal\fP
@@ -1652,6 +1660,25 @@
.if n .RE
.RE
.sp
+\fBleapseclist\fP \fIfile\fP
+.RS 4
+This directive specifies the path to a file containing a list of leap seconds
+and TAI\-UTC offsets in NIST/IERS format. It is recommended to use
+the file \fIleap\-seconds.list\fP usually included with the system timezone
+database. The behaviour of this directive is otherwise equivalent to
+\fBleapsectz\fP.
+.sp
+An example of this directive is:
+.sp
+.if n .RS 4
+.nf
+.fam C
+leapseclist /usr/share/zoneinfo/leap\-seconds.list
+.fam
+.fi
+.if n .RE
+.RE
+.sp
\fBmakestep\fP \fIthreshold\fP \fIlimit\fP
.RS 4
Normally \fBchronyd\fP will cause the system to gradually correct any time offset,

1304
SOURCES/chrony-leaplist.patch
View File

File diff suppressed because it is too large Load Diff

291
SOURCES/chrony-logreload.patch
Unescape View File

@ -0,0 +1,291 @@
commit 78707d0717db7f410b3b1e1d4ae13d5cbf863a5e
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Aug 6 10:45:55 2024 +0200
test: extend 008-confload test
diff --git a/test/system/008-confload b/test/system/008-confload
index 7e806988..b978c190 100755
--- a/test/system/008-confload
+++ b/test/system/008-confload
@@ -77,7 +77,32 @@ check_chronyc_output "^[^=]*
.. 127\.123\.5\.3 *[05] 7 [^^]*
.. 127\.123\.5\.6 [^^]*$" || test_fail
+run_chronyc "reload sources" || test_fail
+run_chronyc "reload sources" || test_fail
+
+rm $TEST_DIR/conf5.d/{3,5,6}.sources
+echo "server 127.123.5.7" > $TEST_DIR/conf5.d/7.sources
+
+run_chronyc "reload sources" || test_fail
+
+run_chronyc "sources" || test_fail
+check_chronyc_output "^[^=]*
+=*
+.. 127\.123\.1\.1 [^^]*
+.. 127\.123\.1\.3 [^^]*
+.. 127\.123\.1\.4 [^^]*
+.. 127\.123\.3\.1 [^^]*
+.. 127\.123\.2\.2 [^^]*
+.. 127\.123\.2\.3 [^^]*
+.. 127\.123\.4\.4 [^^]*
+.. 127\.123\.1\.2 *[05] 6 [^^]*
+.. 127\.123\.5\.2 *[05] 5 [^^]*
+.. 127\.123\.5\.7 [^^]*$" || test_fail
+
+run_chronyc "reload sources" || test_fail
+
stop_chronyd || test_fail
-check_chronyd_message_count "Could not add source" 1 1 || test_fail
+check_chronyd_message_count "Could not add source.*\.5\.5.*in use" 3 3 || test_fail
+check_chronyd_message_count "Could not add source" 3 3 || test_fail
test_pass
commit 3cac849bbfdc02625969cb721207d5436dc03ee4
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Aug 6 11:28:26 2024 +0200
conf: merge ntp_source_ids with ntp_sources
Keep the configuration IDs of sources loaded from sourcedir in the
NTP_Source structure itself to simplify the code.
(Rebased to 4.5)
diff --git a/conf.c b/conf.c
index 146389aa..dad874b0 100644
--- a/conf.c
+++ b/conf.c
@@ -287,15 +287,14 @@ typedef struct {
NTP_Source_Type type;
int pool;
CPS_NTP_Source params;
+ uint32_t conf_id;
} NTP_Source;
/* Array of NTP_Source */
static ARR_Instance ntp_sources;
/* Array of (char *) */
static ARR_Instance ntp_source_dirs;
-/* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
-static ARR_Instance ntp_source_ids;
-/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
+/* Flag indicating ntp_sources is used for sourcedirs after config load */
static int conf_ntp_sources_added = 0;
/* Array of RefclockParameters */
@@ -396,7 +395,6 @@ CNF_Initialise(int r, int client_only)
init_sources = ARR_CreateInstance(sizeof (IPAddr));
ntp_sources = ARR_CreateInstance(sizeof (NTP_Source));
ntp_source_dirs = ARR_CreateInstance(sizeof (char *));
- ntp_source_ids = ARR_CreateInstance(sizeof (uint32_t));
refclock_sources = ARR_CreateInstance(sizeof (RefclockParameters));
broadcasts = ARR_CreateInstance(sizeof (NTP_Broadcast_Destination));
@@ -456,7 +454,6 @@ CNF_Finalise(void)
ARR_DestroyInstance(init_sources);
ARR_DestroyInstance(ntp_sources);
ARR_DestroyInstance(ntp_source_dirs);
- ARR_DestroyInstance(ntp_source_ids);
ARR_DestroyInstance(refclock_sources);
ARR_DestroyInstance(broadcasts);
@@ -825,6 +822,8 @@ parse_source(char *line, char *type, int fatal)
}
source.params.name = Strdup(source.params.name);
+ source.conf_id = 0;
+
ARR_AppendElement(ntp_sources, &source);
}
@@ -1678,7 +1677,6 @@ reload_source_dirs(void)
{
NTP_Source *prev_sources, *new_sources, *source;
unsigned int i, j, prev_size, new_size, unresolved;
- uint32_t *prev_ids, *new_ids;
char buf[MAX_LINE_LENGTH];
NSR_Status s;
int d, pass;
@@ -1687,13 +1685,9 @@ reload_source_dirs(void)
if (!conf_ntp_sources_added)
return;
- prev_size = ARR_GetSize(ntp_source_ids);
- if (ARR_GetSize(ntp_sources) != prev_size)
- assert(0);
+ prev_size = ARR_GetSize(ntp_sources);
- /* Save the current sources and their configuration IDs */
- prev_ids = MallocArray(uint32_t, prev_size);
- memcpy(prev_ids, ARR_GetElements(ntp_source_ids), prev_size * sizeof (prev_ids[0]));
+ /* Save the current sources */
prev_sources = MallocArray(NTP_Source, prev_size);
memcpy(prev_sources, ARR_GetElements(ntp_sources), prev_size * sizeof (prev_sources[0]));
@@ -1711,8 +1705,6 @@ reload_source_dirs(void)
new_size = ARR_GetSize(ntp_sources);
new_sources = ARR_GetElements(ntp_sources);
- ARR_SetSize(ntp_source_ids, new_size);
- new_ids = ARR_GetElements(ntp_source_ids);
unresolved = 0;
LOG_SetContext(LOGC_SourceFile);
@@ -1728,14 +1720,14 @@ reload_source_dirs(void)
/* Remove missing sources before adding others to avoid conflicts */
if (pass == 0 && d < 0 && prev_sources[i].params.name[0] != '\0') {
- NSR_RemoveSourcesById(prev_ids[i]);
+ NSR_RemoveSourcesById(prev_sources[i].conf_id);
}
/* Add new sources */
if (pass == 1 && d > 0) {
source = &new_sources[j];
s = NSR_AddSourceByName(source->params.name, source->params.port, source->pool,
- source->type, &source->params.params, &new_ids[j]);
+ source->type, &source->params.params, &source->conf_id);
if (s == NSR_UnresolvedName) {
unresolved++;
@@ -1750,7 +1742,7 @@ reload_source_dirs(void)
/* Keep unchanged sources */
if (pass == 1 && d == 0)
- new_ids[j] = prev_ids[i];
+ new_sources[j].conf_id = prev_sources[i].conf_id;
}
}
@@ -1759,7 +1751,6 @@ reload_source_dirs(void)
for (i = 0; i < prev_size; i++)
Free(prev_sources[i].params.name);
Free(prev_sources);
- Free(prev_ids);
if (unresolved > 0)
NSR_ResolveSources();
@@ -1858,7 +1849,6 @@ CNF_AddSources(void)
/* The arrays will be used for sourcedir (re)loading */
ARR_SetSize(ntp_sources, 0);
- ARR_SetSize(ntp_source_ids, 0);
conf_ntp_sources_added = 1;
reload_source_dirs();
commit 8126dbd2de30957de32ce3e55ce367b7145a4c33
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Aug 6 12:56:39 2024 +0200
conf: save source status in sourcedir reload
Save the NSR status when adding a source from a sourcedir and don't
hide sources that failed the addition by clearing their name.
(Rebased to 4.5)
diff --git a/conf.c b/conf.c
index dad874b0..6020e880 100644
--- a/conf.c
+++ b/conf.c
@@ -287,6 +287,7 @@ typedef struct {
NTP_Source_Type type;
int pool;
CPS_NTP_Source params;
+ NSR_Status status;
uint32_t conf_id;
} NTP_Source;
@@ -822,6 +823,7 @@ parse_source(char *line, char *type, int fatal)
}
source.params.name = Strdup(source.params.name);
+ source.status = NSR_NoSuchSource;
source.conf_id = 0;
ARR_AppendElement(ntp_sources, &source);
@@ -1719,30 +1721,30 @@ reload_source_dirs(void)
d = i < prev_size ? -1 : 1;
/* Remove missing sources before adding others to avoid conflicts */
- if (pass == 0 && d < 0 && prev_sources[i].params.name[0] != '\0') {
+ if (pass == 0 && d < 0 && prev_sources[i].status == NSR_Success) {
NSR_RemoveSourcesById(prev_sources[i].conf_id);
}
- /* Add new sources */
- if (pass == 1 && d > 0) {
+ /* Add new sources and sources that could not be added before */
+ if (pass == 1 && (d > 0 || (d == 0 && prev_sources[i].status != NSR_Success))) {
source = &new_sources[j];
s = NSR_AddSourceByName(source->params.name, source->params.port, source->pool,
source->type, &source->params.params, &source->conf_id);
+ source->status = s;
if (s == NSR_UnresolvedName) {
unresolved++;
} else if (s != NSR_Success) {
LOG(LOGS_ERR, "Could not add source %s : %s",
source->params.name, NSR_StatusToString(s));
-
- /* Mark the source as not present */
- source->params.name[0] = '\0';
}
}
/* Keep unchanged sources */
- if (pass == 1 && d == 0)
+ if (pass == 1 && d == 0) {
+ new_sources[j].status = prev_sources[i].status;
new_sources[j].conf_id = prev_sources[i].conf_id;
+ }
}
}
commit 7cd5d065fc17a0ec871df2ffdc74caf6d16d9f6a
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Aug 6 13:05:26 2024 +0200
conf: don't repeat error message when adding sourcedir source
When a source from a configured sourcedir cannot be added (e.g. it is a
duplicate of another source), log the error message only on the first
attempt adding the source, until the source is removed and added to a
sourcedir again.
This avoids spamming of the system log with error messages if the
reload sources command is called frequently (e.g. from a DHCP renewal
networking script).
diff --git a/conf.c b/conf.c
index 6020e880..522e235a 100644
--- a/conf.c
+++ b/conf.c
@@ -1734,7 +1734,7 @@ reload_source_dirs(void)
if (s == NSR_UnresolvedName) {
unresolved++;
- } else if (s != NSR_Success) {
+ } else if (s != NSR_Success && (d > 0 || s != prev_sources[i].status)) {
LOG(LOGS_ERR, "Could not add source %s : %s",
source->params.name, NSR_StatusToString(s));
}
diff --git a/test/system/008-confload b/test/system/008-confload
index b978c190..b107d709 100755
--- a/test/system/008-confload
+++ b/test/system/008-confload
@@ -102,7 +102,7 @@ check_chronyc_output "^[^=]*
run_chronyc "reload sources" || test_fail
stop_chronyd || test_fail
-check_chronyd_message_count "Could not add source.*\.5\.5.*in use" 3 3 || test_fail
-check_chronyd_message_count "Could not add source" 3 3 || test_fail
+check_chronyd_message_count "Could not add source.*\.5\.5.*in use" 1 1 || test_fail
+check_chronyd_message_count "Could not add source" 1 1 || test_fail
test_pass

86
SOURCES/chrony-reload.patch
Unescape View File

@ -0,0 +1,86 @@
commit f49be7f06343ee27fff2950937d7f6742f53976f
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Tue Mar 12 14:30:27 2024 +0100
conf: don't load sourcedir during initstepslew and RTC init
If the reload sources command was received in the chronyd start-up
sequence with initstepslew and/or RTC init (-s option), the sources
loaded from sourcedirs caused a crash due to failed assertion after
adding sources specified in the config.
Ignore the reload sources command until chronyd enters the normal
operation mode.
Fixes: 519796de3756 ("conf: add sourcedirs directive")
diff --git a/conf.c b/conf.c
index 6eae11c9..8849bdce 100644
--- a/conf.c
+++ b/conf.c
@@ -298,6 +298,8 @@ static ARR_Instance ntp_sources;
static ARR_Instance ntp_source_dirs;
/* Array of uint32_t corresponding to ntp_sources (for sourcedirs reload) */
static ARR_Instance ntp_source_ids;
+/* Flag indicating ntp_sources and ntp_source_ids are used for sourcedirs */
+static int conf_ntp_sources_added = 0;
/* Array of RefclockParameters */
static ARR_Instance refclock_sources;
@@ -1689,8 +1691,12 @@ reload_source_dirs(void)
NSR_Status s;
int d, pass;
+ /* Ignore reload command before adding configured sources */
+ if (!conf_ntp_sources_added)
+ return;
+
prev_size = ARR_GetSize(ntp_source_ids);
- if (prev_size > 0 && ARR_GetSize(ntp_sources) != prev_size)
+ if (ARR_GetSize(ntp_sources) != prev_size)
assert(0);
/* Save the current sources and their configuration IDs */
@@ -1859,7 +1865,10 @@ CNF_AddSources(void)
Free(source->params.name);
}
+ /* The arrays will be used for sourcedir (re)loading */
ARR_SetSize(ntp_sources, 0);
+ ARR_SetSize(ntp_source_ids, 0);
+ conf_ntp_sources_added = 1;
reload_source_dirs();
}
diff --git a/test/simulation/203-initreload b/test/simulation/203-initreload
new file mode 100755
index 00000000..cf7924b8
--- /dev/null
+++ b/test/simulation/203-initreload
@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+. ./test.common
+
+check_config_h 'FEAT_CMDMON 1' || test_skip
+
+# Test fix "conf: don't load sourcedir during initstepslew and RTC init"
+
+test_start "reload during initstepslew"
+
+client_conf="initstepslew 5 192.168.123.1
+sourcedir tmp"
+client_server_conf="#"
+chronyc_conf="reload sources"
+chronyc_start=4
+
+echo 'server 192.168.123.1' > tmp/sources.sources
+
+run_test || test_fail
+check_chronyd_exit || test_fail
+check_source_selection || test_fail
+check_sync || test_fail
+
+check_log_messages "Added source 192\.168\.123\.1" 1 1 || test_fail
+
+test_pass

39
SOURCES/chrony-serverstats.patch
Unescape View File

@ -0,0 +1,39 @@
commit e11b518a1ffa704986fb1f1835c425844ba248ef
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon Jan 8 11:35:56 2024 +0100
ntp: fix authenticated requests in serverstats
Fix the CLG_UpdateNtpStats() call to count requests passing the
authentication check instead of requests triggering a KoD response
(i.e. NTS NAK).
diff --git a/ntp_core.c b/ntp_core.c
index 023e60b2..35801744 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -2736,7 +2736,7 @@ NCR_ProcessRxUnknown(NTP_Remote_Address *remote_addr, NTP_Local_Address *local_a
CLG_DisableNtpTimestamps(&ntp_rx);
}
- CLG_UpdateNtpStats(kod != 0 && info.auth.mode != NTP_AUTH_NONE &&
+ CLG_UpdateNtpStats(kod == 0 && info.auth.mode != NTP_AUTH_NONE &&
info.auth.mode != NTP_AUTH_MSSNTP,
rx_ts->source, interleaved ? tx_ts->source : NTP_TS_DAEMON);
diff --git a/test/system/010-nts b/test/system/010-nts
index 8d92bbc8..b215efa3 100755
--- a/test/system/010-nts
+++ b/test/system/010-nts
@@ -45,6 +45,11 @@ check_chronyc_output "^Name/IP address Mode KeyID Type KLen Last Atm
=========================================================================
127\.0\.0\.1 NTS 1 (30|15) (128|256) [0-9] 0 0 [78] ( 64|100)$" || test_fail
+run_chronyc "serverstats" || test_fail
+check_chronyc_output "NTS-KE connections accepted: 1
+NTS-KE connections dropped : 0
+Authenticated NTP packets : [1-9][0-9]*" || test_fail
+
stop_chronyd || test_fail
check_chronyd_messages || test_fail
check_chronyd_files || test_fail

54
SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
Unescape View File

@ -0,0 +1,54 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1
Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T
c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl
QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv
tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR
F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B
FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+
LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV
jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2
7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/
v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB
tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA
PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1
6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s
nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP
nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r
nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ
cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/
kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6
LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W
vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS
y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G
4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7
qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC
YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO
uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR
OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br
O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms
ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm
HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn
X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV
HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5
ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y
mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs
5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0
1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ
T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC
YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm
4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7
qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6
YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f
eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/
KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4
QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+
hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5
BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B
B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq
hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb
bcAu2uXfRrQxpaqcOg==
=/wbD
-----END PGP PUBLIC KEY BLOCK-----

87
SPECS/chrony.spec
Unescape View File

@ -1,5 +1,5 @@
%global _hardened_build 1
%global clknetsim_ver f00531
%global clknetsim_ver 5d1dc0
%bcond_without debug
%bcond_without nts
@ -8,25 +8,40 @@
%endif
Name: chrony
Version: 4.3
Release: 1%{?dist}
Version: 4.5
Release: 3%{?dist}.inferit
Summary: An NTP client/server
License: GPLv2
URL: https://chrony.tuxfamily.org
Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
Source1: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
Source2: https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
URL: https://chrony-project.org
Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz
Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
Source3: chrony.dhclient
Source4: chrony.sysusers
# simulator for test suite
Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz
%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
# add distribution-specific bits to DHCP dispatcher
Patch1: chrony-nm-dispatcher-dhcp.patch
# revert changes in packaged chrony.keys example
Patch2: chrony-keys.patch
# revert some hardening options in service files
Patch3: chrony-services.patch
# fix serverstats to correctly count authenticated packets
Patch4: chrony-serverstats.patch
# fix crash on reload command during start
Patch5: chrony-reload.patch
# don't repeat error log messages when reloading sourcedir
Patch6: chrony-logreload.patch
# add support for leap-seconds.list file
Patch7: chrony-leaplist.patch
# update asciidoctor-generated man page
Patch8: chrony-leaplist-man.patch
# MSVSphere
Patch100: 0001-Synchronize-time-via-Russian-NTP-servers.patch
BuildRequires: gnutls-devel libcap-devel libedit-devel pps-tools-devel
BuildRequires: gcc gcc-c++ make bison systemd gnupg2
@ -50,7 +65,7 @@ can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.
%if 0%{!?vendorzone:1}
%global vendorzone %(source /etc/os-release && echo ${ID}.)
%global vendorzone ru.
%endif
%prep
@ -58,19 +73,28 @@ service to other computers in the network.
%setup -q -n %{name}-%{version}%{?prerelease} -a 10
%{?gitpatch:%patch0 -p1}
%patch1 -p1 -b .nm-dispatcher-dhcp
%patch2 -p1 -b .keys
%patch3 -p1 -b .services
%patch4 -p1 -b .serverstats
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch100 -p1
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
# review changes in packaged configuration files and scripts
md5sum -c <<-EOF | (! grep -v 'OK$')
222e652b95027289877fa77146d3b9b1 examples/chrony-wait.service
2d01b94bc1a7b7fb70cbee831488d121 examples/chrony.conf.example2
d1e59feabc7847d30cfd09fd3c569f21 examples/chrony-wait.service
dc373a30c229f7477e913bee76d03eb7 examples/chrony.conf.example2
96999221eeef476bd49fe97b97503126 examples/chrony.keys.example
6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate
c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp
2b81c60c020626165ac655b2633608eb examples/chrony.nm-dispatcher.onoffline
619dd00009ea312c7201beefde10341a examples/chronyd.service
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline
60447a26dce93b3a61f488a364ac46cd examples/chronyd.service
46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service
EOF
# don't allow packaging without vendor zone
@ -89,10 +113,14 @@ sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
touch -r examples/chrony.conf.example2 chrony.conf
# set selinux context in chronyd-restricted service
sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
examples/chronyd-restricted.service
# regenerate the file from getdate.y
rm -f getdate.c
mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
%build
%configure \
@ -107,9 +135,7 @@ mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
--with-hwclockfile=%{_sysconfdir}/adjtime \
--with-pidfile=/run/chrony/chronyd.pid \
--with-sendmail=%{_sbindir}/sendmail \
--without-nettle \
--without-nss \
--without-tomcrypt
--without-nettle
%make_build
%install
@ -136,6 +162,8 @@ install -m 644 -p examples/chrony.logrotate \
install -m 644 -p examples/chronyd.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd.service
install -m 644 -p examples/chronyd-restricted.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
@ -176,13 +204,13 @@ if test -a %{_libexecdir}/chrony-helper; then
sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources"
done 2> /dev/null
fi
%systemd_post chronyd.service chrony-wait.service
%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service
%preun
%systemd_preun chronyd.service chrony-wait.service
%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service
%postun
%systemd_postun_with_restart chronyd.service
%systemd_postun_with_restart chronyd.service chronyd-restricted.service
%files
%{!?_licensedir:%global license %%doc}
@ -206,6 +234,25 @@ fi
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
%changelog
* Thu Aug 08 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-3
- don't repeat error log messages when reloading sourcedir (RHEL-51786)
- add support for leap-seconds.list file (RHEL-53484)
* Thu Jun 13 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-2
- fix crash on reload command during start (RHEL-28945)
* Tue Jan 09 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
- update to 4.5 (RHEL-6522 RHEL-6520 RHEL-9969 RHEL-9971 RHEL-9973 RHEL-9975
RHEL-12411)
- add chronyd-restricted service (RHEL-9972)
* Mon May 15 2023 Sergey Cherevko <s.cherevko@msvsphere.ru> - 4.3-1.inferit
- MSVSphere debranding: changed vendorzone
- Rebuilt for MSVSphere 9.2 beta
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 4.3-1
- Rebuilt for MSVSphere 9.2 beta
* Wed Oct 12 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
- update to 4.3 (#2133754)
- add sysusers.d fragment for chrony user/group (#2095374)

Write Preview
Loading…
Cancel
Save