Compare commits

..

No commits in common. 'i10' and 'c9' have entirely different histories.
i10 ... c9

@ -1,2 +1,3 @@
35b070fdd446080232844ac9f70f84ca1823206f SOURCES/chrony-4.6.1.tar.gz bc7884eb4fde69478a00faee3d42092d426d57c1 SOURCES/chrony-4.3.tar.gz
a3289d3e8688b0818e67d3b7338e8b73501bef1e SOURCES/clknetsim-40bb97.tar.gz 9c453ae65e5c1a6983cd1121410faf1ffd2d9092 SOURCES/clknetsim-f00531.tar.gz
1395afa521d2e3302a31083edcf568bbc036aafc SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc

5
.gitignore vendored

@ -1,2 +1,3 @@
SOURCES/chrony-4.6.1.tar.gz SOURCES/chrony-4.3.tar.gz
SOURCES/clknetsim-40bb97.tar.gz SOURCES/clknetsim-f00531.tar.gz
SOURCES/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc

@ -1,343 +0,0 @@
From 490c310c3218f5ea5a27d850e42fa1083cec788b Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Tue, 17 Dec 2024 20:40:35 +0300
Subject: [PATCH] Synchronize time via Russian NTP servers
---
FAQ | 12 ++++++------
INSTALL | 4 ++--
doc/chrony.conf.adoc | 8 ++++----
doc/chrony.conf.man.in | 10 +++++-----
doc/chronyc.adoc | 2 +-
doc/chronyc.man.in | 4 ++--
doc/faq.adoc | 12 ++++++------
doc/installation.adoc | 4 ++--
examples/chrony.conf.example1 | 11 +++++++++--
examples/chrony.conf.example2 | 12 +++++++++---
examples/chrony.conf.example3 | 4 ++--
11 files changed, 48 insertions(+), 35 deletions(-)
diff --git a/FAQ b/FAQ
index c96acfa..18687b7 100644
--- a/FAQ
+++ b/FAQ
@@ -101,7 +101,7 @@ poll multiple servers at the same time and detect servers having incorrect time
(falsetickers in the NTP terminology). It should be used only with trusted
reliable servers, ideally in local network.
-Using timesyncd with pool.ntp.org is problematic. The pool is very robust as a
+Using timesyncd with https://www.vniiftri.ru/ is problematic. The pool is very robust as a
whole, but the individual servers run by volunteers cannot be relied on.
Occasionally, servers drift away or make a step to distant past or future due
to misconfiguration, problematic implementation, and other bugs (e.g. in
@@ -141,10 +141,10 @@ next boot from the RTC, the rtcsync directive enables a mode in which the
system time is periodically copied to the RTC. It is supported on Linux and
macOS.
-If you wanted to use public NTP servers from the pool.ntp.org project, the
+If you wanted to use public NTP servers from the https://www.vniiftri.ru/ project, the
minimal chrony.conf file could be:
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -433,7 +433,7 @@ the -Q option it will print the measured offset without setting the clock. If
you do not want to use a configuration file, NTP servers can be specified on
the command line. For example:
-# chronyd -q 'pool pool.ntp.org iburst'
+# chronyd -q 'pool https://www.vniiftri.ru/ iburst'
The command above would normally take about 5 seconds if the servers were well
synchronised and responding to all requests. If not synchronised or responding,
@@ -444,7 +444,7 @@ option to one (supported since chrony version 4.0), and a timeout can be
specified with the -t option. The following command would take only up to about
one second.
-# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1'
+# chronyd -q -t 1 'server https://www.vniiftri.ru/ iburst maxsamples 1'
It is not recommended to run chronyd with the -q option periodically (e.g. from
a cron job) as a replacement for the daemon mode, because it performs
@@ -507,7 +507,7 @@ same server instance.
An example configuration of the client instance could be
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
diff --git a/INSTALL b/INSTALL
index 9ca6e22..6f48020 100644
--- a/INSTALL
+++ b/INSTALL
@@ -116,10 +116,10 @@ make install-docs
Now that the software is successfully installed, the next step is to set up a
configuration file. The default location of the file is /etc/chrony.conf.
Several examples of configuration with comments are included in the examples
-directory. Suppose you want to use public NTP servers from the pool.ntp.org
+directory. Suppose you want to use public NTP servers from the https://www.vniiftri.ru/
project as your time reference. A minimal useful configuration file could be
-pool pool.ntp.org iburst
+pool https://www.vniiftri.ru/ iburst
makestep 1.0 3
rtcsync
diff --git a/doc/chrony.conf.adoc b/doc/chrony.conf.adoc
index cb3f95c..1f0168e 100644
--- a/doc/chrony.conf.adoc
+++ b/doc/chrony.conf.adoc
@@ -365,7 +365,7 @@ sources responding to requests. The default value is 4 and the maximum value is
An example of the *pool* directive is
+
----
-pool pool.ntp.org iburst maxsources 3
+pool https://www.vniiftri.ru/ iburst maxsources 3
----
[[peer]]*peer* _hostname_ [_option_]...::
@@ -2820,7 +2820,7 @@ the following methods:
stratum 1 and stratum 2 servers. You should find one or more servers that are
near to you. Check that their access policy allows you to use their
facilities.
-* Use public servers from the https://www.pool.ntp.org/[pool.ntp.org] project.
+* Use public servers from the https://www.vniiftri.ru/[ntp1.vniiftri.ru] project.
Assuming that your NTP servers are called _ntp1.example.net_, _ntp2.example.net_
and _ntp3.example.net_, your _chrony.conf_ file could contain as a minimum:
@@ -2853,7 +2853,7 @@ directive instead of multiple *server* directives. The configuration file could
in this case look like:
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -3112,7 +3112,7 @@ information to be saved.
=== Public NTP server
*chronyd* can be configured to operate as a public NTP server, e.g. to join the
-https://www.pool.ntp.org/en/join.html[pool.ntp.org] project. The configuration
+https://www.vniiftri.ru/[ntp1.vniiftri.ru] project. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
good servers (e.g. from the pool, or on the NTP homepage). If the server has a
diff --git a/doc/chrony.conf.man.in b/doc/chrony.conf.man.in
index 66d2358..3a6d6a7 100644
--- a/doc/chrony.conf.man.in
+++ b/doc/chrony.conf.man.in
@@ -479,7 +479,7 @@ An example of the \fBpool\fP directive is
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst maxsources 3
+pool ntp1.vniiftri.ru iburst maxsources 3
.fam
.fi
.if n .RE
@@ -4651,7 +4651,7 @@ facilities.
. IP \(bu 2.3
.\}
Use public servers from the \c
-.URL "https://www.pool.ntp.org/" "pool.ntp.org" ""
+.URL "https://www.ntp1.vniiftri.ru/" "ntp1.vniiftri.ru" ""
project.
.RE
.sp
@@ -4696,7 +4696,7 @@ in this case look like:
.if n .RS 4
.nf
.fam C
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
driftfile @CHRONYVARDIR@/drift
makestep 1.0 3
rtcsync
@@ -4993,7 +4993,7 @@ information to be saved.
.SS "Public NTP server"
.sp
\fBchronyd\fP can be configured to operate as a public NTP server, e.g. to join the
-.URL "https://www.pool.ntp.org/en/join.html" "pool.ntp.org" ""
+.URL "https://www.ntp.vniiftri.ru/en/join.html" "ntp1.vniiftri.ru" ""
project. The configuration
is similar to the NTP client with permanent connection, except it needs to
allow client access from all addresses. It is recommended to find at least four
@@ -5040,4 +5040,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 96a0551..d88c7dc 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -979,7 +979,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
+
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. https://www.vniiftri.ru/), this
command might replace the addresses even if they are still in the pool.
[[reload]]*reload* *sources*::
diff --git a/doc/chronyc.man.in b/doc/chronyc.man.in
index 4541fc6..7888eff 100644
--- a/doc/chronyc.man.in
+++ b/doc/chronyc.man.in
@@ -1793,7 +1793,7 @@ them immediately, e.g. after suspending and resuming the machine in a different
network.
.sp
Note that with pools which have more than 16 addresses, or not all IPv4 or IPv6
-addresses are included in a single DNS response (e.g. pool.ntp.org), this
+addresses are included in a single DNS response (e.g. ntp1.vniiftri.ru), this
command might replace the addresses even if they are still in the pool.
.RE
.sp
@@ -2753,4 +2753,4 @@ For instructions on how to report bugs, please visit
.URL "https://chrony\-project.org/" "" "."
.SH "AUTHORS"
.sp
-chrony was written by Richard Curnow, Miroslav Lichvar, and others.
\ No newline at end of file
+chrony was written by Richard Curnow, Miroslav Lichvar, and others.
diff --git a/doc/faq.adoc b/doc/faq.adoc
index 8fd350f..69b8b3e 100644
--- a/doc/faq.adoc
+++ b/doc/faq.adoc
@@ -56,7 +56,7 @@ limitations is that it cannot poll multiple servers at the same time and detect
servers having incorrect time (falsetickers in the NTP terminology). It should
be used only with trusted reliable servers, ideally in local network.
-Using `timesyncd` with `pool.ntp.org` is problematic. The pool is very
+Using `timesyncd` with `ntp.vniiftri.ru` is problematic. The pool is very
robust as a whole, but the individual servers run by volunteers cannot be
relied on. Occasionally, servers drift away or make a step to distant past or
future due to misconfiguration, problematic implementation, and other bugs
@@ -98,11 +98,11 @@ system time is periodically copied to the RTC. It is supported on Linux and
macOS.
If you wanted to use public NTP servers from the
-https://www.pool.ntp.org/[pool.ntp.org] project, the minimal _chrony.conf_ file
+https://www.vniiftri.ru/[ntp1.vniiftri.ru] project, the minimal _chrony.conf_ file
could be:
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
driftfile /var/lib/chrony/drift
makestep 1 3
rtcsync
@@ -411,7 +411,7 @@ clock. If you do not want to use a configuration file, NTP servers can be
specified on the command line. For example:
----
-# chronyd -q 'pool pool.ntp.org iburst'
+# chronyd -q 'pool ntp1.vniiftri.ru iburst'
----
The command above would normally take about 5 seconds if the servers were
@@ -424,7 +424,7 @@ timeout can be specified with the `-t` option. The following command would take
only up to about one second.
----
-# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1'
+# chronyd -q -t 1 'server ntp1.vniiftri.ru iburst maxsamples 1'
----
It is not recommended to run `chronyd` with the `-q` option periodically (e.g.
@@ -491,7 +491,7 @@ the same server instance.
An example configuration of the client instance could be
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
allow 127.0.0.1
port 11123
driftfile /var/lib/chrony/drift
diff --git a/doc/installation.adoc b/doc/installation.adoc
index b683911..0fa1eca 100644
--- a/doc/installation.adoc
+++ b/doc/installation.adoc
@@ -146,11 +146,11 @@ make install-docs
Now that the software is successfully installed, the next step is to set up a
configuration file. The default location of the file is _/etc/chrony.conf_.
Several examples of configuration with comments are included in the examples
-directory. Suppose you want to use public NTP servers from the pool.ntp.org
+directory. Suppose you want to use public NTP servers from the ntp1.vniiftri.ru
project as your time reference. A minimal useful configuration file could be
----
-pool pool.ntp.org iburst
+pool ntp1.vniiftri.ru iburst
makestep 1.0 3
rtcsync
----
diff --git a/examples/chrony.conf.example1 b/examples/chrony.conf.example1
index 5e93ea7..dd960ad 100644
--- a/examples/chrony.conf.example1
+++ b/examples/chrony.conf.example1
@@ -1,5 +1,12 @@
-# Use public NTP servers from the pool.ntp.org project.
-pool pool.ntp.org iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example2 b/examples/chrony.conf.example2
index bf2bbdd..61b4576 100644
--- a/examples/chrony.conf.example2
+++ b/examples/chrony.conf.example2
@@ -1,6 +1,12 @@
-# Use public servers from the pool.ntp.org project.
-# Please consider joining the pool (https://www.pool.ntp.org/join.html).
-pool pool.ntp.org iburst
+# Use Russian public NTP servers (vniiftri and msk-ix)
+server ntp.msk-ix.ru iburst
+server ntp1.vniiftri.ru iburst
+server vniiftri2.khv.ru iburst
+server ntp1.niiftri.irkutsk.ru iburst
+server ntp.sstf.nsk.ru iburst
+server ntp2.vniiftri.ru iburst
+server ntp3.vniiftri.ru iburst
+server ntp4.vniiftri.ru iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
diff --git a/examples/chrony.conf.example3 b/examples/chrony.conf.example3
index 6d84c01..e893292 100644
--- a/examples/chrony.conf.example3
+++ b/examples/chrony.conf.example3
@@ -25,13 +25,13 @@
# Provider or company have one or more NTP servers that you can specify.
# Failing that, there are a lot of public NTP servers. There is a list
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
-# you can use servers from the pool.ntp.org project.
+# you can use servers from the https://www.vniiftri.ru/ project.
! server ntp1.example.net iburst
! server ntp2.example.net iburst
! server ntp3.example.net iburst
-! pool pool.ntp.org iburst
+! pool ntp1.vniiftri.ru iburst
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
--
2.43.5

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmMPLJAACgkQU34rdvdo
DaxDKRAAh5wfl990Q6sTPxXI92GegZYIGUxJDlCkJtemoI98g+DQbuCJ46AXsAn/
CIBTbPU3Brvq2KR1nDze/G/YOXkaqoFyaJD00H73qBI7MOMiSS4KbMQ26xLNrnHL
MCHrgZs+MHhyo6IEpesvr7F/+qyGHZifFlHT+HtCM+SBU1qooYUyQAdnhyK0rb16
j7/Jc5A28jROZB4lcRQyvB085whPj299FsB/0wJW5RjwA5tcpPH0sTozain3vvlo
64BAJXcQsyRsilcaPFlkY5zPgFiAuaEJnfTe/uMdfDO/V/g6wADt64+HhaxNPO+z
p3vzEGpio4Oi1HyYiXpDx9bMM1RLTpmKt9p1V5Y98Fn5Ymx6I7yAe1qwvA7T8eoC
hK8C27jPytiOgaWSYqPYb0WaHY3JZZpFzdtr0bAPSkEzL4EwrxVmbgTnkuzk2hxk
6MiIuDLUd9Zl1oroqv+rTd0XA8lXUcoyFhqtsMXHWdAC3yzteaPcJKzv7l9DT6xV
YadKrSBkzob9jRWRngY3FMKjTvcwnxLE8dfsNlsDNGyLNtTEOJ/QYgh6muOHh80L
MAayI8hSWPTR/3IXKlathjLIeilsrFthIZcrPq520FoS4A7E3A80vR3uKOqAIDwh
Y+6ASvEkCHAUneJqlLihqglYTNJlFnVhGw9/LV85JsmRsCZ0+j8=
=2xMP
-----END PGP SIGNATURE-----

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmcFKp4ACgkQU34rdvdo
DazMmxAAlSONiDmb/EpwVBigLlVdtyelr6G/9ISMQv/f3CzNlliZOWBQBYiK8UfL
+ohx4uh3R10kWMMJEpeJ7VQMkh3Jn6BKWE3QKQQDKI/Cd39ceeTO57ZZreI3dTRh
8w9xxdwYwEobHhabXQ7wCXDIvssyC6w5LXw4dLmo3N1dC7ZNxJhYgmXVScw6RK5m
bc5Ch/H9bxD1xZiWflXC2dW57nJumJDnMlRVdYot9P2zD0DrGy3cFmh6w89gip67
T2PrhQ9vQUt8zWKEt9CQi0EtDJ8q1B7HKTLSmM6iEGRjphij+2Z8i0EiQRYA+V++
ZQVGg+O6MJYuNbPGdwVBZZMVS4wF3mnNkmBk0/tlxNnNH9dqQ1RquRxQCUPDsGwF
dZUmptZWctNaM7TfICdnjEWz/7flR52+BMi5VRYvAK9MCqhTCkg5bw53r02wNSTK
M2PXMRbGuYUGsPDkXaKHf478uhiZF+3ka6tiomK0RT9ip304qhNxdzhsW942ryH2
yUaFFRGpNk+KJI7e7GfmWmRrBhpi4tqsaFQ4dvUXhlSmk4zVbHIzkgj6Ej6pgJrW
w3lUOlQ49DfNkUnZIVAFHJ6LAmeejTvMNlq9IKHfuFA18X7yhHQI49SXiOUOhKD2
/z6nMP0cjxQ6eij5UupKx/6/IHTIt9uUpTU1taxAsVXKcBemkN8=
=/5W0
-----END PGP SIGNATURE-----

@ -1,226 +0,0 @@
commit b9b338a8df23927d8104f41ecb21baa3558de0cd
Author: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu Oct 31 14:41:19 2024 +0100
refclock: rework update of reachability
Update the reachability register of a refclock source by 1 if a valid
measurement is received by the drivers between source polls, and not
only when it is accumulated to sourcestats, similarly to how
reachability works with NTP sources.
This avoids drops in the reported reachability when a PHC refclock is
dropping samples due to significant changes in the measured delay (e.g.
due to high PCIe load), or a PPS refclock dropping samples due to failed
lock.
diff --git a/doc/chronyc.adoc b/doc/chronyc.adoc
index 935f1da9..dea93c9f 100644
--- a/doc/chronyc.adoc
+++ b/doc/chronyc.adoc
@@ -364,9 +364,12 @@ a measurement is being made every 64 seconds. *chronyd* automatically varies
the polling rate in response to prevailing conditions.
*Reach*:::
This shows the source's reachability register printed as an octal number. The
-register has 8 bits and is updated on every received or missed packet from
-the source. A value of 377 indicates that a valid reply was received for all
-from the last eight transmissions.
+register has 8 bits. It is shifted to left by one bit with each poll and it is
+updated by 1 when a valid NTP response, or just a sample in case of a reference
+clock, is received from the source. A value of 377 indicates that a valid
+response or sample was received for all of the last 8 polls. Note that samples
+can be dropped if they are not considered good enough for synchronisation, but
+the reachability register will still have 1s for their polls.
*LastRx*:::
This column shows how long ago the last good sample (which is shown in the next
column) was received from the source. Measurements that failed some tests are
diff --git a/refclock.c b/refclock.c
index 22d775a5..d14560fa 100644
--- a/refclock.c
+++ b/refclock.c
@@ -63,6 +63,7 @@ struct RCL_Instance_Record {
int driver_poll;
int driver_polled;
int poll;
+ int reached;
int leap_status;
int local;
int pps_forced;
@@ -175,6 +176,7 @@ RCL_AddRefclock(RefclockParameters *params)
inst->driver_poll = params->driver_poll;
inst->poll = params->poll;
inst->driver_polled = 0;
+ inst->reached = 0;
inst->leap_status = LEAP_Normal;
inst->local = params->local;
inst->pps_forced = params->pps_forced;
@@ -665,6 +667,12 @@ RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
return 1;
}
+void
+RCL_UpdateReachability(RCL_Instance instance)
+{
+ instance->reached++;
+}
+
double
RCL_GetPrecision(RCL_Instance instance)
{
@@ -792,6 +800,9 @@ poll_timeout(void *arg)
if (!(inst->driver->poll && inst->driver_polled < (1 << (inst->poll - inst->driver_poll)))) {
inst->driver_polled = 0;
+ SRC_UpdateReachability(inst->source, inst->reached > 0);
+ inst->reached = 0;
+
if (SPF_GetFilteredSample(inst->filter, &sample)) {
double local_freq, local_offset;
struct timespec local_ref_time;
@@ -807,7 +818,6 @@ poll_timeout(void *arg)
inst->leap_status = LEAP_Unsynchronised;
}
- SRC_UpdateReachability(inst->source, 1);
SRC_UpdateStatus(inst->source, stratum, inst->leap_status);
SRC_AccumulateSample(inst->source, &sample);
SRC_SelectSource(inst->source);
@@ -816,8 +826,6 @@ poll_timeout(void *arg)
follow_local(inst, &local_ref_time, local_freq, local_offset);
log_sample(inst, &sample.time, 1, 0, 0.0, sample.offset, sample.peer_dispersion);
- } else {
- SRC_UpdateReachability(inst->source, 0);
}
}
diff --git a/refclock.h b/refclock.h
index 40c852de..5fdbf9c7 100644
--- a/refclock.h
+++ b/refclock.h
@@ -81,6 +81,7 @@ extern int RCL_AddSample(RCL_Instance instance, struct timespec *sample_time,
extern int RCL_AddPulse(RCL_Instance instance, struct timespec *pulse_time, double second);
extern int RCL_AddCookedPulse(RCL_Instance instance, struct timespec *cooked_time,
double second, double dispersion, double raw_correction);
+extern void RCL_UpdateReachability(RCL_Instance instance);
extern double RCL_GetPrecision(RCL_Instance instance);
extern int RCL_GetDriverPoll(RCL_Instance instance);
diff --git a/refclock_phc.c b/refclock_phc.c
index e12f2258..6c0914f6 100644
--- a/refclock_phc.c
+++ b/refclock_phc.c
@@ -154,6 +154,8 @@ static void process_ext_pulse(RCL_Instance instance, struct timespec *phc_ts)
}
phc->last_extts = *phc_ts;
+ RCL_UpdateReachability(instance);
+
if (!HCL_CookTime(phc->clock, phc_ts, &local_ts, &local_err))
return;
@@ -204,6 +206,9 @@ static int phc_poll(RCL_Instance instance)
if (n_readings < 1)
return 0;
+ if (!phc->extpps)
+ RCL_UpdateReachability(instance);
+
if (!HCL_ProcessReadings(phc->clock, n_readings, readings, &phc_ts, &sys_ts, &phc_err))
return 0;
diff --git a/refclock_pps.c b/refclock_pps.c
index 880c13fc..f00b7ccb 100644
--- a/refclock_pps.c
+++ b/refclock_pps.c
@@ -143,6 +143,8 @@ static int pps_poll(RCL_Instance instance)
pps->last_seq = seq;
+ RCL_UpdateReachability(instance);
+
return RCL_AddPulse(instance, &ts, 1.0e-9 * ts.tv_nsec);
}
diff --git a/refclock_shm.c b/refclock_shm.c
index ee13e871..22e51820 100644
--- a/refclock_shm.c
+++ b/refclock_shm.c
@@ -109,6 +109,8 @@ static int shm_poll(RCL_Instance instance)
shm->valid = 0;
+ RCL_UpdateReachability(instance);
+
receive_ts.tv_sec = t.receiveTimeStampSec;
clock_ts.tv_sec = t.clockTimeStampSec;
diff --git a/refclock_sock.c b/refclock_sock.c
index 2da57ef5..49cf3559 100644
--- a/refclock_sock.c
+++ b/refclock_sock.c
@@ -129,6 +129,8 @@ static void read_sample(int sockfd, int event, void *anything)
UTI_TimevalToTimespec(&sample.tv, &sys_ts);
UTI_NormaliseTimespec(&sys_ts);
+ RCL_UpdateReachability(instance);
+
if (!UTI_IsTimeOffsetSane(&sys_ts, sample.offset))
return;
diff --git a/test/simulation/106-refclock b/test/simulation/106-refclock
index dedab9b8..3793bd86 100755
--- a/test/simulation/106-refclock
+++ b/test/simulation/106-refclock
@@ -114,6 +114,32 @@ Root delay : 0\.000000001 seconds
rm -f tmp/refclocks.log
fi
+export CLKNETSIM_PHC_JITTER_OFF=$[2 * 25 * 492]
+export CLKNETSIM_PHC_JITTER_ON=$[2 * 25 * 8]
+export CLKNETSIM_PHC_JITTER=1e-6
+refclock_offset=0.0
+refclock_jitter=1e-9
+min_sync_time=5
+max_sync_time=7
+time_max_limit=1e-7
+time_rms_limit=1e-8
+client_conf="refclock PHC /dev/ptp0:nocrossts poll 0
+logdir tmp
+log refclocks"
+chronyc_start=500
+chronyc_conf="sources"
+
+run_test || test_fail
+check_chronyd_exit || test_fail
+check_source_selection || test_fail
+check_sync || test_fail
+check_chronyc_output "^MS.*
+=*
+#\* PHC0 0 0 377 8 .*$" || test_fail
+
+unset CLKNETSIM_PHC_JITTER_OFF
+unset CLKNETSIM_PHC_JITTER_ON
+export CLKNETSIM_PHC_JITTER=1e-7
refclock_offset="(+ 0.399 (sum 1e-3))"
refclock_jitter=1e-6
servers=1
diff -up chrony/doc/chronyc.man.orig chrony/doc/chronyc.man
--- chrony/doc/chronyc.man.in.orig 2024-11-06 12:07:50.555216174 +0100
+++ chrony/doc/chronyc.man.in 2024-11-06 12:07:58.131217759 +0100
@@ -535,9 +535,12 @@ the polling rate in response to prevaili
\fBReach\fP
.RS 4
This shows the source\(cqs reachability register printed as an octal number. The
-register has 8 bits and is updated on every received or missed packet from
-the source. A value of 377 indicates that a valid reply was received for all
-from the last eight transmissions.
+register has 8 bits. It is shifted to left by one bit with each poll and it is
+updated by 1 when a valid NTP response, or just a sample in case of a reference
+clock, is received from the source. A value of 377 indicates that a valid
+response or sample was received for all of the last 8 polls. Note that samples
+can be dropped if they are not considered good enough for synchronisation, but
+the reachability register will still have 1s for their polls.
.RE
.sp
\fBLastRx\fP

@ -0,0 +1,38 @@
diff -up chrony-4.2/examples/chronyd.service.services chrony-4.2/examples/chronyd.service
--- chrony-4.2/examples/chronyd.service.services 2021-12-16 13:17:42.000000000 +0100
+++ chrony-4.2/examples/chronyd.service 2022-01-19 13:55:59.066677473 +0100
@@ -32,8 +32,7 @@ ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
-ProtectSystem=strict
-ReadWritePaths=/run /var/lib/chrony -/var/log
+ProtectSystem=full
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
RestrictNamespaces=yes
RestrictSUIDSGID=yes
@@ -42,7 +41,6 @@ SystemCallFilter=~@cpu-emulation @debug
# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive)
NoNewPrivileges=no
-ReadWritePaths=-/var/spool
RestrictAddressFamilies=AF_NETLINK
[Install]
Avoid a SELinux issue
diff --git a/examples/chrony-wait.service b/examples/chrony-wait.service
index 72b028f2..57646950 100644
--- a/examples/chrony-wait.service
+++ b/examples/chrony-wait.service
@@ -18,7 +18,7 @@ StandardOutput=null
CapabilityBoundingSet=
DevicePolicy=closed
-DynamicUser=yes
+#DynamicUser=yes
IPAddressAllow=localhost
IPAddressDeny=any
LockPersonality=yes

@ -1,54 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1
Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T
c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl
QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv
tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR
F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B
FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+
LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV
jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2
7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/
v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB
tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA
PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1
6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s
nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP
nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r
nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ
cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/
kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6
LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W
vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS
y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G
4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7
qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC
YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO
uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR
OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br
O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms
ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm
HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn
X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV
HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5
ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y
mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs
5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0
1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ
T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC
YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm
4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7
qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6
YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f
eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/
KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4
QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+
hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5
BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B
B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq
hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb
bcAu2uXfRrQxpaqcOg==
=/wbD
-----END PGP PUBLIC KEY BLOCK-----

@ -1,5 +1,5 @@
%global _hardened_build 1 %global _hardened_build 1
%global clknetsim_ver 40bb97 %global clknetsim_ver f00531
%bcond_without debug %bcond_without debug
%bcond_without nts %bcond_without nts
@ -8,27 +8,25 @@
%endif %endif
Name: chrony Name: chrony
Version: 4.6.1 Version: 4.3
Release: 1%{?dist}.inferit Release: 1%{?dist}
Summary: An NTP client/server Summary: An NTP client/server
License: GPL-2.0-only License: GPLv2
URL: https://chrony-project.org URL: https://chrony.tuxfamily.org
Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz
Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt Source1: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}-tar-gz-asc.txt
Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc Source2: https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
Source3: chrony.dhclient Source3: chrony.dhclient
Source4: chrony.sysusers Source4: chrony.sysusers
# simulator for test suite # simulator for test suite
Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}
# add distribution-specific bits to DHCP dispatcher # add distribution-specific bits to DHCP dispatcher
Patch1: chrony-nm-dispatcher-dhcp.patch Patch1: chrony-nm-dispatcher-dhcp.patch
# keep PHC refclock reachable when dropping samples due to high delay # revert some hardening options in service files
Patch2: chrony-refclkreach.patch Patch3: chrony-services.patch
# MSVSphere
Patch100: 0001-Synchronize-time-via-Russian-NTP-servers.patch
BuildRequires: gnutls-devel libcap-devel libedit-devel pps-tools-devel BuildRequires: gnutls-devel libcap-devel libedit-devel pps-tools-devel
BuildRequires: gcc gcc-c++ make bison systemd gnupg2 BuildRequires: gcc gcc-c++ make bison systemd gnupg2
@ -38,9 +36,6 @@ BuildRequires: gcc gcc-c++ make bison systemd gnupg2
%{?systemd_requires} %{?systemd_requires}
%{?sysusers_requires_compat} %{?sysusers_requires_compat}
# Needed by the leapsectz directive in default chrony.conf
Requires: tzdata
# Old NetworkManager expects the dispatcher scripts in a different place # Old NetworkManager expects the dispatcher scripts in a different place
Conflicts: NetworkManager < 1.20 Conflicts: NetworkManager < 1.20
@ -55,28 +50,27 @@ can also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network. service to other computers in the network.
%if 0%{!?vendorzone:1} %if 0%{!?vendorzone:1}
%global vendorzone ru. %global vendorzone %(source /etc/os-release && echo ${ID}.)
%endif %endif
%prep %prep
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0} %{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
%setup -q -n %{name}-%{version}%{?prerelease} -a 10 %setup -q -n %{name}-%{version}%{?prerelease} -a 10
%{?gitpatch:%patch -P 0 -p1} %{?gitpatch:%patch0 -p1}
%patch -P 1 -p1 -b .nm-dispatcher-dhcp %patch1 -p1 -b .nm-dispatcher-dhcp
%patch -P 2 -p1 %patch3 -p1 -b .services
%patch -P 100 -p1
%{?gitpatch: echo %{version}-%{gitpatch} > version.txt} %{?gitpatch: echo %{version}-%{gitpatch} > version.txt}
# review changes in packaged configuration files and scripts # review changes in packaged configuration files and scripts
md5sum -c <<-EOF | (! grep -v 'OK$') md5sum -c <<-EOF | (! grep -v 'OK$')
5530d6e60f84b76c27495485d2510bac examples/chrony-wait.service 222e652b95027289877fa77146d3b9b1 examples/chrony-wait.service
8ad4c7e927d15cdf57f517e36b225113 examples/chrony.conf.example2 2d01b94bc1a7b7fb70cbee831488d121 examples/chrony.conf.example2
96999221eeef476bd49fe97b97503126 examples/chrony.keys.example
6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate
c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp
4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline 2b81c60c020626165ac655b2633608eb examples/chrony.nm-dispatcher.onoffline
c11159b78b89684eca773db6236a9855 examples/chronyd.service 619dd00009ea312c7201beefde10341a examples/chronyd.service
46fa3e2d42c8eb9c42e71095686c90ed examples/chronyd-restricted.service
EOF EOF
# don't allow packaging without vendor zone # don't allow packaging without vendor zone
@ -85,22 +79,20 @@ test -n "%{vendorzone}"
# use example chrony.conf as the default config with some modifications: # use example chrony.conf as the default config with some modifications:
# - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) # - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses)
# - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata # - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata
# - enable keyfile
# - use NTP servers from DHCP # - use NTP servers from DHCP
sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
-e 's|#\(leapsectz\)|\1|' \ -e 's|#\(leapsectz\)|\1|' \
-e 's|#\(keyfile\)|\1|' \
-e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \ -e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \
< examples/chrony.conf.example2 > chrony.conf < examples/chrony.conf.example2 > chrony.conf
touch -r examples/chrony.conf.example2 chrony.conf touch -r examples/chrony.conf.example2 chrony.conf
# set selinux context in chronyd-restricted service
sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \
examples/chronyd-restricted.service
# regenerate the file from getdate.y # regenerate the file from getdate.y
rm -f getdate.c rm -f getdate.c
mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
%build %build
%configure \ %configure \
@ -115,7 +107,9 @@ mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim
--with-hwclockfile=%{_sysconfdir}/adjtime \ --with-hwclockfile=%{_sysconfdir}/adjtime \
--with-pidfile=/run/chrony/chronyd.pid \ --with-pidfile=/run/chrony/chronyd.pid \
--with-sendmail=%{_sbindir}/sendmail \ --with-sendmail=%{_sbindir}/sendmail \
--without-nettle --without-nettle \
--without-nss \
--without-tomcrypt
%make_build %make_build
%install %install
@ -133,6 +127,8 @@ mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}
install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf
install -m 640 -p examples/chrony.keys.example \
$RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
install -m 755 -p %{SOURCE3} \ install -m 755 -p %{SOURCE3} \
$RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
install -m 644 -p examples/chrony.logrotate \ install -m 644 -p examples/chrony.logrotate \
@ -140,8 +136,6 @@ install -m 644 -p examples/chrony.logrotate \
install -m 644 -p examples/chronyd.service \ install -m 644 -p examples/chronyd.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd.service $RPM_BUILD_ROOT%{_unitdir}/chronyd.service
install -m 644 -p examples/chronyd-restricted.service \
$RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service
install -m 755 -p examples/chrony.nm-dispatcher.onoffline \ install -m 755 -p examples/chrony.nm-dispatcher.onoffline \
$RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
install -m 755 -p examples/chrony.nm-dispatcher.dhcp \ install -m 755 -p examples/chrony.nm-dispatcher.dhcp \
@ -156,7 +150,6 @@ cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd <<EOF
OPTIONS="%{?with_seccomp:-F 2}" OPTIONS="%{?with_seccomp:-F 2}"
EOF EOF
touch $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys
touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc} touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}
echo 'chronyd.service' > \ echo 'chronyd.service' > \
@ -164,12 +157,13 @@ echo 'chronyd.service' > \
%check %check
# set random seed to get deterministic results # set random seed to get deterministic results
export CLKNETSIM_RANDOM_SEED=24508 export CLKNETSIM_RANDOM_SEED=24505
%make_build -C test/simulation/clknetsim %make_build -C test/simulation/clknetsim
make quickcheck make quickcheck
%pre %pre
%sysusers_create_compat %{SOURCE4} %sysusers_create_compat %{SOURCE4}
:
%post %post
# migrate from chrony-helper to sourcedir directive # migrate from chrony-helper to sourcedir directive
@ -182,20 +176,20 @@ if test -a %{_libexecdir}/chrony-helper; then
sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources" sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources"
done 2> /dev/null done 2> /dev/null
fi fi
%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service %systemd_post chronyd.service chrony-wait.service
%preun %preun
%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service %systemd_preun chronyd.service chrony-wait.service
%postun %postun
%systemd_postun_with_restart chronyd.service chronyd-restricted.service %systemd_postun_with_restart chronyd.service
%files %files
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
%license COPYING %license COPYING
%doc FAQ NEWS README examples/chrony.keys.example %doc FAQ NEWS README
%config(noreplace) %{_sysconfdir}/chrony.conf %config(noreplace) %{_sysconfdir}/chrony.conf
%ghost %config %attr(640,root,chrony) %{_sysconfdir}/chrony.keys %config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys
%config(noreplace) %{_sysconfdir}/logrotate.d/chrony %config(noreplace) %{_sysconfdir}/logrotate.d/chrony
%config(noreplace) %{_sysconfdir}/sysconfig/chronyd %config(noreplace) %{_sysconfdir}/sysconfig/chronyd
%{_sysconfdir}/dhcp/dhclient.d/chrony.sh %{_sysconfdir}/dhcp/dhclient.d/chrony.sh
@ -212,114 +206,23 @@ fi
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
%changelog %changelog
* Tue Dec 17 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 4.6.1-1.inferit * Wed Oct 12 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
- Synchronize time via Russian NTP servers - update to 4.3 (#2133754)
- add sysusers.d fragment for chrony user/group (#2095374)
* Wed Nov 06 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6.1-1
- update to 4.6.1 (RHEL-61876) * Wed Mar 23 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
- keep PHC refclock reachable when dropping samples due to high delay - update to 4.2 (#2051441)
(RHEL-65843) - fully switch from nettle to gnutls (#1953463 #1954483)
- use NTP servers from DHCPv6 NTP server option (#2047415)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 4.6-2 - drop obsolete workaround in scriptlet
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018 * Tue Aug 10 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-3
- update seccomp filter for new glibc (#1990589)
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 4.6-1
- Rebuilt for MSVSphere 10
* Tue Sep 03 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.6-1
- update to 4.6 (RHEL-55735)
* Tue Jul 02 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-6
- fix gnutls build requirement
- fix crash on reload command during start (RHEL-45854)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 4.5-5
- Bump release for June 2024 mass rebuild
* Tue May 28 2024 Miroslav Lichvar <mlichvar@redhat.com> 4.5-4
- disable nettle support in favor of gnutls (RHEL-38924)
* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Dec 05 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-1
- update to 4.5
* Wed Nov 22 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.5-0.1.pre1
- update to 4.5-pre1
* Wed Aug 09 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-1
- update to 4.4
- require tzdata (#2218368)
* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.4-0.4.pre2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 21 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.3.pre2
- update to 4.4-pre2
- set selinux context in chronyd-restricted service (#2169949)
* Tue Jun 06 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.2.pre1
- rebuild for AES-GCM-SIV in new nettle
* Wed May 10 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.4-0.1.pre1
- update to 4.4-pre1
- switch from patchX to patch -P X
* Wed Jan 25 2023 Miroslav Lichvar <mlichvar@redhat.com> 4.3-3
- drop default chrony.keys config (#2104918)
- add chronyd-restricted service for minimal NTP client configurations
- convert license tag to SPDX
* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Aug 31 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-1
- update to 4.3
* Thu Aug 11 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.3-0.1.pre1
- update to 4.3-pre1
* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 24 2022 Luca BRUNO <lucab@lucabruno.net> - 4.2-6
- Add a sysusers.d fragment for chrony user/group
* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 4.2-5
- Drop obsolete workaround in scriptlet
* Wed Feb 09 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-4
- update seccomp filter for latest glibc
* Tue Feb 08 2022 Miroslav Lichvar <mlichvar@redhat.com> 4.2-3
- use NTP servers passed by NetworkManager from DHCPv6 NTP server option
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-1
- update to 4.2
* Thu Dec 02 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.2-0.1.pre1
- update to 4.2-pre1
* Tue Nov 16 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-5
- fix hardened chronyd service to allow writing log files
* Wed Sep 29 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-4
- harden chronyd and chrony-wait services
* Mon Aug 09 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-3
- update seccomp filter for new glibc
- remove unnecessary build requirement - remove unnecessary build requirement
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.1-2 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu May 13 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1 * Thu May 13 2021 Miroslav Lichvar <mlichvar@redhat.com> 4.1-1
- update to 4.1 - update to 4.1

Loading…
Cancel
Save