SLFO-pool/chrony
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main chrony revision ee60ed258679ff333f9efb581d7161db

Browse Source
This commit is contained in:
Adrian Schröter 2024-05-03 11:35:34 +02:00
commit 55059d9e43
23 changed files with 1711 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

BIN
chrony-4.4.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
chrony-4.4.tar.gz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmTTlb0ACgkQU34rdvdo
DaxNlhAAhqmQKW5LEQmJjld2bor7nJHjuJ9/Xs4YVvUM3+U1R+BxRZiyX3aNAABz
J/iDGbQc1Bbd7cfGPSLrInSRJL0j1r2CQi76gxjcjyJOFU+QiZxZYIM5BN2QouI9
taNi5cyRQSNgu+JO7Xzq3dZ7q0UFp2/5/OcryZU2RMcy9mg8zsYBvaoxs+vE098O
kGHR3fLlK/Dvbyv+8uWejmC3pDqzTdbIJDziH9Q1h1SyjFb4x7ISbVrsnuYKTZfl
oSKEucEHmlAXgCvLU2abWSL6M8vQeOpuwtJnWswzTxKyon0sM28pzyJ2D49MfkNT
MSJV/NsD3Htu/XrUBfX4FXwsCkfV1AVUZIbgira7eVE/sY2Hjz3RJzZf4Kfpy+1d
uY/Ch+AHxJpO4OiwmWBEz04MSJYqmwMILi5ey3NSopT/b8Xm1iAu29AYHsHYshrj
kn8vbgqfZihP7ainGw8Y4ljCGfdMNXOyPcmoDR8BGSks7nRls9siO6fUQxuNF1Uy
YV4mvvt+mQck+ympbSSRboz+dvnT8No6L17RPsP5va4ro2C5kqlPB45VfxCRauqe
/lW/TxksyBo2cE0cL5V4ZKg0TXVSrsx15bY5rWRaozbj3EYCZfoQ1jOmQ1rP+ysh
EcKbs/RsR+6O7viKvybb1pYrsgaeyrPYfIVbWCcDqUGKgzo2XUY=
=Zu1L
-----END PGP SIGNATURE-----

67
chrony-config.patch Normal file
View File

@ -0,0 +1,67 @@
Index: chrony-4.0/examples/chrony.conf.example3
===================================================================
--- chrony-4.0.orig/examples/chrony.conf.example3
+++ chrony-4.0/examples/chrony.conf.example3
@@ -27,12 +27,38 @@
# you can access at http://support.ntp.org/bin/view/Servers/WebHome or
# you can use servers from the pool.ntp.org project.
-! server foo.example.net iburst
-! server bar.example.net iburst
-! server baz.example.net iburst
-
! pool pool.ntp.org iburst
+# for Europe:
+! server 0.europe.pool.ntp.org
+! server 1.europe.pool.ntp.org
+! server 2.europe.pool.ntp.org
+! server 3.europe.pool.ntp.org
+
+# for Asia:
+! server 0.asia.pool.ntp.org
+! server 1.asia.pool.ntp.org
+! server 2.asia.pool.ntp.org
+! server 3.asia.pool.ntp.org
+
+# for North America:
+! server 0.north-america.pool.ntp.org
+! server 1.north-america.pool.ntp.org
+! server 2.north-america.pool.ntp.org
+! server 3.north-america.pool.ntp.org
+
+# for South America:
+! server 0.south-america.pool.ntp.org
+! server 1.south-america.pool.ntp.org
+! server 2.south-america.pool.ntp.org
+! server 3.south-america.pool.ntp.org
+
+# for Oceania:
+! server 0.oceania.pool.ntp.org
+! server 1.oceania.pool.ntp.org
+! server 2.oceania.pool.ntp.org
+! server 3.oceania.pool.ntp.org
+
#######################################################################
### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK
#
@@ -79,7 +105,7 @@
# immediately so that it doesn't gain or lose any more time. You
# generally want this, so it is uncommented.
-driftfile /var/lib/chrony/drift
+driftfile /var/lib/chrony/chrony.drift
# If you want to enable NTP authentication with symmetric keys, you will need
# to uncomment the following line and edit the file to set up the keys.
@@ -165,8 +191,8 @@ ntsdumpdir /var/lib/chrony
# produce some graphs of your system's timekeeping performance, or you
# need help in debugging a problem.
-! logdir /var/log/chrony
-! log measurements statistics tracking
+logdir /var/log/chrony
+log measurements statistics tracking
# If you have real time clock support enabled (see below), you might want
# this line instead:

8
chrony-dnssrv@.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=DNS SRV lookup of %I for chrony
After=chronyd.service network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=@CHRONY_HELPER@ update-dnssrv-servers %I

9
chrony-dnssrv@.timer Normal file
View File

@ -0,0 +1,9 @@
[Unit]
Description=Periodic DNS SRV lookup of %I for chrony
[Timer]
OnActiveSec=0
OnUnitInactiveSec=1h
[Install]
WantedBy=timers.target

11
chrony-htonl.patch Normal file
View File

@ -0,0 +1,11 @@
--- test/unit/util.c.orig
+++ test/unit/util.c
@@ -561,7 +561,7 @@ test_unit(void)
#else
TEST_CHECK(tspec.tv_sec_high == htonl(TV_NOHIGHSEC));
#endif
- TEST_CHECK(tspec.tv_sec_low == htonl(ts.tv_sec));
+ TEST_CHECK(tspec.tv_sec_low == htonl((uint32_t) ts.tv_sec));
TEST_CHECK(tspec.tv_nsec == htonl(ts.tv_nsec));
UTI_TimespecNetworkToHost(&tspec, &ts2);
TEST_CHECK(!UTI_CompareTimespecs(&ts, &ts2));

10
chrony-logrotate.patch Normal file
View File

@ -0,0 +1,10 @@
Index: chrony-2.3/examples/chrony.logrotate
===================================================================
--- chrony-2.3.orig/examples/chrony.logrotate
+++ chrony-2.3/examples/chrony.logrotate
@@ -1,4 +1,5 @@
/var/log/chrony/*.log {
+ su chrony chrony
missingok
nocreate
sharedscripts

10
chrony-service-helper.patch Normal file
View File

@ -0,0 +1,10 @@
--- examples/chronyd.service.orig
+++ examples/chronyd.service
@@ -10,6 +10,7 @@ Type=forking
PIDFile=/run/chrony/chronyd.pid
EnvironmentFile=-/etc/sysconfig/chronyd
ExecStart=/usr/sbin/chronyd $OPTIONS
+ExecStartPost=@CHRONY_HELPER@ update-daemon
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE

15
chrony-service-ordering.patch Normal file
View File

@ -0,0 +1,15 @@
--- examples/chronyd.service.orig
+++ examples/chronyd.service
@@ -1,7 +1,11 @@
[Unit]
Description=NTP client/server
Documentation=man:chronyd(8) man:chrony.conf(5)
-After=ntpdate.service sntp.service ntpd.service
+After=nss-lookup.target
+Wants=network.target
+After=network.target
+Wants=time-sync.target
+Before=time-sync.target
Conflicts=ntpd.service systemd-timesyncd.service
ConditionCapability=CAP_SYS_TIME

1
chrony-tmpfiles Normal file
View File

@ -0,0 +1 @@
d /run/chrony 0750 chrony chrony

863
chrony.changes Normal file
View File

@ -0,0 +1,863 @@
-------------------------------------------------------------------
Fri Sep 1 14:05:34 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
-------------------------------------------------------------------
Wed Aug 9 17:30:28 UTC 2023 - Reinhard Max <max@suse.com>
- Update to 4.4:
* Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS
cookies to avoid some length-specific blocking of NTP on
Internet.
* Add support for multiple refclocks using extpps option on one
PHC.
* Add maxpoll option to hwtimestamp directive to improve PHC
tracking with low packet rates
* Add hwtstimeout directive to configure timeout for late
timestamps.
* Handle late hardware transmit timestamps of NTP requests on
all sockets.
* Handle mismatched 32/64-bit time_t in SOCK refclock samples
* Improve source replacement
* Log important changes made by command requests (chronyc)
* Refresh address of NTP sources periodically
* Set DSCP for IPv6 packets
* Shorten NTS-KE retry interval when network is down
* Update seccomp filter for musl
* Warn if loading keys from file with unexpected permissions
* Warn if source selection fails or falseticker is detected
* Add selectopts command to modify source-specific selection
options.
* Add timestamp sources to serverstats report and make its fields
64-bit.
* Add -e option to chronyc to indicate end of response
- Update clknetsim to snapshot ef2a7a9.
-------------------------------------------------------------------
Wed Nov 16 11:37:25 UTC 2022 - Clemens Famulla-Conrad <cfamullaconrad@suse.com>
- Install chrony DHCP dispatcher script for Networkmanager
* chrony.nm-dispatcher.dhcp.patch /var/run to /run
-------------------------------------------------------------------
Thu Sep 1 14:40:46 UTC 2022 - Reinhard Max <max@suse.com>
- Update to 4.3:
* Add local option to refclock directive to stabilise system
clock with more stable free-running clock (e.g. TCXO, OCXO).
* Add maxdelayquant option to server/pool/peer directive to
replace maxdelaydevratio filter with long-term quantile-based
filtering.
* Add selection option to log directive.
* Allow external PPS in PHC refclock without configurable pin.
* Don't accept first interleaved response to minimise error in
delay.
* Don't use arc4random on Linux to avoid server performance loss.
* Improve filter option to better handle missing NTP samples.
* Improve stability with hardware timestamping and PHC refclock.
* Update seccomp filter
- Update clknetsim to snapshot f00531b.
- Use a more specific conditional for the /usr/etc stuff.
-------------------------------------------------------------------
Wed Jun 15 14:41:05 UTC 2022 - Stefan Schubert <schubi@suse.com>
- Moved logrotate files from user specific directory /etc/logrotate.d
to vendor specific directory /usr/etc/logrotate.d.
-------------------------------------------------------------------
Thu May 12 14:33:50 UTC 2022 - Stefan Schubert <schubi@suse.de>
- Moved 20-chrony file from user specif directory
/etc/NetworkManager/dispatcher.d to vendor specific directory
/usr/lib/NetworkManager/dispatcher.d. So, users changes can
still be done in /etc and will not be overwritten by an update.
-------------------------------------------------------------------
Mon Jan 10 17:26:02 UTC 2022 - Reinhard Max <max@suse.com>
- boo#1194206: Use /run instead of /var/run throughout.
- bsc#1194229: Fix pool package dependencies, so that SLE actually
prefers chrony-pool-suse over chrony-pool-empty.
-------------------------------------------------------------------
Thu Dec 16 16:47:08 UTC 2021 - Reinhard Max <max@suse.com>
- Update to 4.2
* Add support for NTPv4 extension field improving synchronisation
stability and resolution of root delay and dispersion
(experimental)
* Add support for NTP over PTP (experimental)
* Add support for AES-CMAC and hash functions in GnuTLS
* Improve server interleaved mode to be more reliable and support
multiple clients behind NAT
* Update seccomp filter
* Fix RTC support with 64-bit time_t on 32-bit Linux
* Fix seccomp filter to work correctly with bind*device directives
- Obsoleted patches:
* chrony-refid-internal-md5.patch
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
- Update clknetsim to snapshot 470b5e9.
-------------------------------------------------------------------
Tue Dec 7 10:08:53 UTC 2021 - Reinhard Max <max@suse.com>
- Add chrony-htonl.patch to work around undocumented behaviour of
htonl() in older glibc versions (SLE-12) on 64 bit big endian
architectures (s390x).
-------------------------------------------------------------------
Fri Nov 19 16:39:44 UTC 2021 - Reinhard Max <max@suse.com>
- SLE bugs that have been fixed in openSUSE up to this point
without explicit references: bsc#1183783, bsc#1184400,
bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
* chrony-fix-open.patch
* chrony-gettimeofday.patch
* chrony-ntp-era-split.patch
* chrony-pidfile.patch
* chrony-select-timeout.patch
* chrony-urandom.patch
* chrony.sysconfig
* clknetsim-glibc-2.31.patch
-------------------------------------------------------------------
Fri Oct 8 14:52:41 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1190926: PrivateDevices is too strict, we might need to
access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
the HTML documentation which we don't package anyway.
-------------------------------------------------------------------
Mon Aug 30 13:50:07 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s). Added patch(es):
* harden_chrony-wait.service.patch
* harden_chronyd.service.patch
-------------------------------------------------------------------
Thu Jul 1 12:38:13 UTC 2021 - Reinhard Max <max@suse.com>
- boo#1187906: Consolidate all references to the helper script.
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
but needed for calculating refids from IPv6 addresses as part of
the NTP protocol (rfc5905). As this is a non-cryptographic use of
MD5 we can use our own implementation without violating FIPS
rules: chrony-refid-internal-md5.patch .
-------------------------------------------------------------------
Sun Jun 13 13:29:36 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Add now working CONFIG parameter to sysusers generator
-------------------------------------------------------------------
Wed Jun 2 09:10:41 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
-------------------------------------------------------------------
Tue Jun 1 12:53:23 UTC 2021 - Reinhard Max <max@suse.com>
- Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
-------------------------------------------------------------------
Fri Feb 5 09:38:02 UTC 2021 - Reinhard Max <max@suse.com>
- Enable syscallfilter unconditionally [boo#1181826].
-------------------------------------------------------------------
Mon Dec 7 09:53:22 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
can do all the other required crypto via nettle+gnutls. no need
for another crypto library.
-------------------------------------------------------------------
Sun Nov 1 22:26:48 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and "reload sources" command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get "maxsources"
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add "add pool" command
- Add "reset sources" command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Dont set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that dont support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option "version 3")
- Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
enable the new features)
- drop patches which are included in the update:
chrony-test-update-processing-of-packet-log.patch
chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
osc build --without=testsuite
testsuite still runs by default
-------------------------------------------------------------------
Wed Oct 28 07:49:37 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- By default we don't write log files but log to journald, so
only recommend logrotate.
-------------------------------------------------------------------
Mon Sep 14 10:41:58 UTC 2020 - Reinhard Max <max@suse.com>
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
-------------------------------------------------------------------
Sun Sep 13 20:22:46 UTC 2020 - Matthias Eliasson <elimat@opensuse.org>
- Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
-------------------------------------------------------------------
Sun Aug 2 21:27:45 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
-------------------------------------------------------------------
Thu Jun 4 15:23:17 UTC 2020 - Reinhard Max <max@suse.com>
- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that
preconfigure chrony to use NTP servers from the respective
pools for SUSE and openSUSE (bsc#1156884, SLE-11424).
- Add chrony-pool-empty to still allow installing chrony without
preconfigured servers.
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
-------------------------------------------------------------------
Thu Apr 30 16:03:16 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
not actually live below libexecdir.
-------------------------------------------------------------------
Thu Feb 13 12:45:44 UTC 2020 - Martin Liška <mliska@suse.cz>
- Add chrony-test-update-processing-of-packet-log.patch in order
to fix test-suite failure.
-------------------------------------------------------------------
Wed Feb 12 09:24:24 UTC 2020 - Martin Liška <mliska@suse.cz>
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
-------------------------------------------------------------------
Sat Oct 26 10:39:29 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
(is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
-------------------------------------------------------------------
Tue Oct 22 21:18:58 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
-------------------------------------------------------------------
Tue Oct 22 15:25:18 UTC 2019 - Arjen de Korte <suse+build@de-korte.org>
- Fix incorrect download link for package signature
-------------------------------------------------------------------
Mon Oct 21 07:57:44 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
-------------------------------------------------------------------
Sat Oct 19 08:27:17 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
- fix chrony-service-helper.patch
-------------------------------------------------------------------
Sat Oct 19 07:22:58 UTC 2019 - Mathias Homann <Mathias.Homann@opensuse.org>
- Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
-------------------------------------------------------------------
Thu Mar 21 13:35:20 UTC 2019 - Reinhard Max <max@suse.com>
- Fix ordering and dependencies of chronyd.service, so that it is
started after name resolution is up (bsc#1129914).
- Add chrony-service-ordering.patch
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
-------------------------------------------------------------------
Wed Mar 6 13:40:04 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update testsuite to version 58c5e8b
-------------------------------------------------------------------
Thu Dec 20 16:48:14 UTC 2018 - Reinhard Max <max@suse.com>
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
-------------------------------------------------------------------
Fri Dec 14 08:05:35 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Make sure to generate correct sysconfig file (boo#1117147)
- Update clknetsim to revision 8b48422
-------------------------------------------------------------------
Thu Nov 22 09:27:58 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
-------------------------------------------------------------------
Thu Oct 18 10:14:08 UTC 2018 - Ismail Dönmez <idonmez@suse.com>
- Update the keyring and uncomment it in the spec file
-------------------------------------------------------------------
Thu Oct 18 07:43:44 UTC 2018 - Martin Pluskal <mpluskal@suse.com>
- Comment out bad signature
-------------------------------------------------------------------
Wed Sep 19 18:21:19 UTC 2018 - Michael Ströder <michael@stroeder.com>
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
-------------------------------------------------------------------
Fri Aug 3 07:56:06 UTC 2018 - mpluskal@suse.com
- Update clknetsim to revision 42b693b
* Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
-------------------------------------------------------------------
Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
-------------------------------------------------------------------
Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com
- Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
-------------------------------------------------------------------
Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com
- Added /etc/chrony.d/ directory to the package (bsc#1083597)
Modifed default chrony.conf to add "include /etc/chrony.d/*"
-------------------------------------------------------------------
Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de
- Use %license instead of %doc [bsc#1082318]
-------------------------------------------------------------------
Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de
- Fix name of fillup template (was never installed before)
- Fix Requires for fillup, it's used in post, not pre.
-------------------------------------------------------------------
Fri Feb 9 10:21:09 UTC 2018 - mpluskal@suse.com
- Enable pps support
-------------------------------------------------------------------
Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)
-------------------------------------------------------------------
Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com
- Cleanup spec file:
* Drop pre systemd support
* Run spec-cleaner
-------------------------------------------------------------------
Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com
- Modified the spec file to comment out the pool statement
in chrony.conf if _not_ building for openSUSE. (bsc#1063704).
-------------------------------------------------------------------
Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de
- refresh patches to apply cleanly again
- chrony-config.patch
- chrony-fix-open.patch
-------------------------------------------------------------------
Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com
- Upgraded to version 3.2:
Enhancements
* Improve stability with NTP sources and reference clocks
* Improve stability with hardware timestamping
* Improve support for NTP interleaved modes
* Control frequency of system clock on macOS 10.13 and later
* Set TAI-UTC offset of system clock with leapsectz directive
* Minimise data in client requests to improve privacy
* Allow transmit-only hardware timestamping
* Add support for new timestamping options introduced in Linux 4.13
* Add root delay, root dispersion and maximum error to tracking log
* Add mindelay and asymmetry options to server/peer/pool directive
* Add extpps option to PHC refclock to timestamp external PPS signal
* Add pps option to refclock directive to treat any refclock as PPS
* Add width option to refclock directive to filter wrong pulse edges
* Add rxfilter option to hwtimestamp directive
* Add -x option to disable control of system clock
* Add -l option to log to specified file instead of syslog
* Allow multiple command-line options to be specified together
* Allow starting without root privileges with -Q option
* Update seccomp filter for new glibc versions
* Dump history on exit by default with dumpdir directive
* Use hardening compiler options by default
Bug fixes
* Don't drop PHC samples with low-resolution system clock
* Ignore outliers in PHC tracking, RTC tracking, manual input
* Increase polling interval when peer is not responding
* Exit with error message when include directive fails
* Don't allow slash after hostname in allow/deny directive/command
* Try to connect to all addresses in chronyc before giving up
- Upgraded clknetsim to version 71dbbc5.
- Reworked chrony-fix-open.patch to fit the new version
-------------------------------------------------------------------
Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com
- Upgraded to version 3.1:
- Enhancements
- Add support for precise cross timestamping of PHC on Linux
- Add minpoll, precision, nocrossts options to hwtimestamp directive
- Add rawmeasurements option to log directive and modify measurements
option to log only valid measurements from synchronised sources
- Allow sub-second polling interval with NTP sources
- Bug fixes
- Fix time smoothing in interleaved mode
- Upgraded clknetsim to version ce89a1b.
- Reworked the following patches to fit the new versions
- chrony-config.patch
- chrony-service-helper.patch
- chrony-fix-open.patch
-------------------------------------------------------------------
Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com
- Upgraded to version 3.0:
- Enhancements
- Add support for software and hardware timestamping on Linux
- Add support for client/server and symmetric interleaved modes
- Add support for MS-SNTP authentication in Samba
- Add support for truncated MACs in NTPv4 packets
- Estimate and correct for asymmetric network jitter
- Increase default minsamples and polltarget to improve stability with very low jitter
- Add maxjitter directive to limit source selection by jitter
- Add offset option to server/pool/peer directive
- Add maxlockage option to refclock directive
- Add -t option to chronyd to exit after specified time
- Add partial protection against replay attacks on symmetric mode
- Don't reset polling interval when switching sources to online state
- Allow rate limiting with very short intervals
- Improve maximum server throughput on Linux and NetBSD
- Remove dump files after start
- Add tab-completion to chronyc with libedit/readline
- Add ntpdata command to print details about NTP measurements
- Allow all source options to be set in add server/peer command
- Indicate truncated addresses/hostnames in chronyc output
- Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses
- Bug fixes
- Fix crash with disabled asynchronous name resolving
- Upgraded clknetsim to version 6bb6519.
-------------------------------------------------------------------
Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com
- Upgraded to version 2.4.1:
- Bug fixes
- Fix processing of kernel timestamps on non-Linux systems
- Fix crash with smoothtime directive
- Fix validation of refclock sample times
- Fix parsing of refclock directive
-------------------------------------------------------------------
Wed Jun 8 10:02:51 UTC 2016 - mrueckert@suse.de
- update to 2.4:
- Enhancements
- Add orphan option to local directive for orphan mode
compatible with ntpd
- Add distance option to local directive to set activation
threshold (1 second by default)
- Add maxdrift directive to set maximum allowed drift of system
clock
- Try to replace NTP sources exceeding maximum distance
- Randomise source replacement to avoid getting stuck with bad
sources
- Randomise selection of sources from pools on start
- Ignore reference timestamp as ntpd doesn't always set it
correctly
- Modify tracking report to use same values as seen by NTP
clients
- Add -c option to chronyc to write reports in CSV format
- Provide detailed manual pages
- Bug fixes
- Fix SOCK refclock to work correctly when not specified as
last refclock
- Fix initstepslew and -q/-Q options to accept time from own
NTP clients
- Fix authentication with keys using 512-bit hash functions
- Fix crash on exit when multiple signals are received
- Fix conversion of very small floating-point numbers in
command packets
- Removed features
- Drop documentation in Texinfo format
- update clknetsim to a5949fe for fixing a testsuite failure:
- add IP_PKTINFO socket option
- accept environment variables in make
- fix building with FORTIFY_SOURCE
- fix compiler warning
- support multiple SHM refclocks
- fix recv functions with new glibc headers
- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim
update
- drop patches:
- chrony-include-termios.patch
- make-105-ntpauth-more-reliable.patch
- drop buildrequires for texinfo and pre requires on the install
info packages
- no longer use make install-docs: it only installed 0 byte html
files.
-------------------------------------------------------------------
Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com
- Provide ntp-daemon (bsc#973981)
-------------------------------------------------------------------
Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com
- chrony-fix-open.patch: make sure _open and _close are initialized
in open()/close() override, as libfreebl3 also calls from the
the ELF constructor. FATE#319508
- enable mozilla-nss
-------------------------------------------------------------------
Fri Apr 8 15:54:08 UTC 2016 - mpluskal@suse.com
- Use correct license
- Drop hardcoded dependency on libseccomp, it is detected during
build
-------------------------------------------------------------------
Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com
- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun as it would lead to error.
- Change conditions for libseccom, we can use any version on SLE-12
x86_64
-------------------------------------------------------------------
Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com
- Removed %if for distributions that aren't building chrony.
- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since
the patch is not particularly version-dependent.
- Added clknetsim for "make check" processing.
- Added Buildrequires for gcc-c++ and timezone for building clknetsim
and running "make check".
- Changed Buildrequires and Requires to specify the minimum level of
libseccomp needed to build on s390x and ppc64le.
- Removed "-Recommends: timedatex" since I couldn't find any instance
of it anywhere in the build service.
- Modified the description to use some of the information from the
chrony web site.
- Added chrony-include-termios.patch so that it will build on ppc64le.
- Added make-105-ntpauth-more-reliable.patch so that "make check"
will not report a non-failure as a failure.
- Added --without-nss to ./configure to avoid "interruption code
0x2003B in chronyd" errors.
- Changed the symbolic links for rcchronyd and rcchronyd-wait to
point to the actual location of the service command, not the symlink
in /sbin.
- Added reference to chrony-dnssrv@.service in %pre, %preun, %post,
and %postun.
-------------------------------------------------------------------
Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com
- Cleanup spec file with spec-cleaner
- Prepare for submission to Factory (see fate#319508)
-------------------------------------------------------------------
Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de
- update to 2.3
- Enhancements
- Add support for NTP and command response rate limiting
- Add support for dropping root privileges on Mac OS X,
FreeBSD, Solaris
- Add require and trust options for source selection
- Enable logchange by default (1 second threshold)
- Set RTC on Mac OS X with rtcsync directive
- Allow binding to NTP port after dropping root privileges on
NetBSD
- Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port
is disabled
- Resolve names in separate process when seccomp filter is
enabled
- Replace old records in client log when memory limit is
reached
- Don't reveal local time and synchronisation state in client
packets
- Don't keep client sockets open for longer than necessary
- Ignore poll in KoD RATE packets as ntpd doesn't always set it
correctly
- Warn when using keys shorter than 80 bits
- Add keygen command to generate random keys easily
- Add serverstats command to report NTP and command packet
statistics
- Bug fixes
- Fix clock correction after making step on Mac OS X
- Fix building on Solaris
- refreshed patches to apply cleanly again:
chrony-2.2_logrotate.patch
chrony-config.patch
chrony-service-helper.patch
-------------------------------------------------------------------
Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de
- update to 2.2.1
Restrict authentication of NTP server/peer to specified key
(CVE-2016-1567)
-------------------------------------------------------------------
Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de
- silence groupadd/useradd call and drop the shell from the user.
-------------------------------------------------------------------
Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de
- update to 2.2
see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir
-------------------------------------------------------------------
Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de
- clean up build section
- the configure script can actually import CC/CFLAGS from the
environment. no need to break any CFLAGS it might set in the
configure script.
- remove unneeded prefix from the make calls.
- enable building the binaries with PIE/relro now
-------------------------------------------------------------------
Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de
- Update to version 1.29.1:
* Modify chronyc protocol to prevent amplification attacks
(CVE-2014-0021) (incompatible with previous protocol version,
chronyc supports both)
- Additional changes from 1.29
* Fix crash when processing crafted commands (CVE-2012-4502)
(possible with IP addresses allowed by cmdallow and localhost)
* Don't send uninitialized data in SUBNETS_ACCESSED and
CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc)
* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands
- Additional changes from 1.28
* Combine sources to improve accuracy
* Make config and command parser strict
* Add -a option to chronyc to authenticate automatically
* Add -R option to ignore initstepslew and makestep directives
* Add generatecommandkey, minsamples, maxsamples and user
directives
* Improve compatibility with NTPv1 and NTPv2 clients
* Create sockets only in selected family with -4/-6 option
* Treat address bind errors as non-fatal
* Extend tracking log
* Accept float values as initstepslew threshold
* Allow hostnames in offline, online and burst commands
* Fix and improve peer polling
* Fix crash in config parsing with too many servers
* Fix crash with duplicated initstepslew address
* Fix delta calculation with extreme frequency offsets
* Set local stratum correctly
* Remove unnecessary adjtimex calls
* Set paths in documentation by configure
* Update chrony.spec
- Updated chrony-config.patch:
- lots of config values were fixed upstream already
- key file patching is unnecessary
-------------------------------------------------------------------
Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org
- Update to version 1.27:
+ Added support for stronger authentication keys via NSS or
libtomcrypt library.
+ Extended tracking, sources and activity reports printed by
chronyc.
+ The daemon now waits in foreground until it is fully
initialized.
+ Other bug fixes and improvements.
- Add mozilla-nss-devel & pkg-config BuildRequires, new optional
dependencys.
-------------------------------------------------------------------
Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org
-run spec-cleaner on the spec file, fix license and remove cruft
-------------------------------------------------------------------
Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de
- Update to version 1.26:
* Added compatibility with Linux 3.0 and later
* Fixed replying on multihomed IPv6 hosts
* Other minor bug fixes and improvements
- Cleanup package a bit.

20
chrony.dhclient Normal file
View File

@ -0,0 +1,20 @@
#!/bin/bash
SERVERFILE=$SAVEDIR/chrony.servers.$interface
chrony_config() {
rm -f $SERVERFILE
if [ "$PEERNTP" != "no" ]; then
for server in $new_ntp_servers; do
echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE
done
@CHRONY_HELPER@ update-daemon || :
fi
}
chrony_restore() {
if [ -f $SERVERFILE ]; then
rm -f $SERVERFILE
@CHRONY_HELPER@ update-daemon || :
fi
}

186
chrony.helper Normal file
View File

@ -0,0 +1,186 @@
#!/bin/bash
# This script configures running chronyd to use NTP servers obtained from
# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
# externally (e.g. by a dhclient script). Files with servers from DNS SRV
# records are updated here using the dig utility.
chronyc=/usr/bin/chronyc
helper_dir=@CHRONY_RUNDIR@/chrony-helper
added_servers_file=$helper_dir/added_servers
network_sysconfig_file=/etc/sysconfig/network
dhclient_servers_files=/run/netconfig/chrony.servers
dnssrv_servers_files=$helper_dir/dnssrv@*
dnssrv_timer_prefix=chrony-dnssrv@
chrony_command() {
$chronyc -a -n -m "$1"
}
is_running() {
chrony_command "tracking" &> /dev/null
}
is_update_needed() {
for file in $dhclient_servers_files $dnssrv_servers_files \
$added_servers_file; do
[ -e "$file" ] && return 0
done
return 1
}
update_daemon() {
local all_servers_with_args all_servers added_servers
if ! is_running; then
rm -f $added_servers_file
return 0
fi
all_servers_with_args=$(
cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null)
all_servers=$(
echo "$all_servers_with_args" |
while read server serverargs; do
echo "$server"
done | sort -u)
added_servers=$( (
cat $added_servers_file 2> /dev/null
echo "$all_servers_with_args" |
while read server serverargs; do
[ -z "$server" ] && continue
chrony_command "add server $server $serverargs" &> /dev/null &&
echo "$server"
done) | sort -u)
comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
while read server; do
chrony_command "delete $server" &> /dev/null
done
added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
[ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file ||
rm -f $added_servers_file
}
get_dnssrv_servers() {
local name=$1
if ! command -v dig &> /dev/null; then
echo "Missing dig (DNS lookup utility)" >&2
return 1
fi
(
. $network_sysconfig_file &> /dev/null
output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null)
[ $? -ne 0 ] && return 0
echo "$output" | while read prio weight port target; do
server=${target%.}
[ -z "$server" ] && continue
echo "$server port $port ${NTPSERVERARGS:-iburst}"
done
)
}
check_dnssrv_name() {
local name=$1
if [ -z "$name" ]; then
echo "No DNS SRV name specified" >&2
return 1
fi
if [ "${name:0:9}" != _ntp._udp ]; then
echo "DNS SRV name $name doesn't start with _ntp._udp" >&2
return 1
fi
}
update_dnssrv_servers() {
local name=$1
local srv_file=$helper_dir/dnssrv@$name servers
check_dnssrv_name "$name" || return 1
servers=$(get_dnssrv_servers "$name")
[ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file"
}
set_dnssrv_timer() {
local state=$1 name=$2
local srv_file=$helper_dir/dnssrv@$name servers
local timer=$dnssrv_timer_prefix$name.timer
check_dnssrv_name "$name" || return 1
if [ "$state" = enable ]; then
systemctl enable "$timer"
systemctl start "$timer"
elif [ "$state" = disable ]; then
systemctl stop "$timer"
systemctl disable "$timer"
rm -f "$srv_file"
fi
}
list_dnssrv_timers() {
systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \
sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|"
}
prepare_helper_dir() {
mkdir -p $helper_dir
exec 100> $helper_dir/lock
if ! flock -w 20 100; then
echo "Failed to lock $helper_dir" >&2
return 1
fi
}
print_help() {
echo "Usage: $0 COMMAND"
echo
echo "Commands:"
echo " update-daemon"
echo " update-dnssrv-servers NAME"
echo " enable-dnssrv NAME"
echo " disable-dnssrv NAME"
echo " list-dnssrv"
echo " is-running"
echo " command CHRONYC-COMMAND"
}
case "$1" in
update-daemon|add-dhclient-servers|remove-dhclient-servers)
is_update_needed || exit 0
prepare_helper_dir && update_daemon
;;
update-dnssrv-servers)
prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon
;;
enable-dnssrv)
set_dnssrv_timer enable "$2"
;;
disable-dnssrv)
set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon
;;
list-dnssrv)
list_dnssrv_timers
;;
is-running)
is_running
;;
command|forced-command)
chrony_command "$2"
;;
*)
print_help
exit 2
esac
exit $?

54
chrony.keyring Normal file
View File

@ -0,0 +1,54 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1
Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T
c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl
QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv
tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR
F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B
FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+
LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV
jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2
7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/
v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB
tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA
PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK
CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1
6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s
nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP
nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r
nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ
cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/
kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6
LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W
vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS
y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G
4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7
qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC
YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO
uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR
OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br
O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms
ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm
HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn
X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV
HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5
ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y
mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs
5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0
1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ
T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC
YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm
4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7
qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6
YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f
eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/
KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4
QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+
hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5
BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B
B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq
hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb
bcAu2uXfRrQxpaqcOg==
=/wbD
-----END PGP PUBLIC KEY BLOCK-----

11
chrony.nm-dispatcher.dhcp.patch Normal file
View File

@ -0,0 +1,11 @@
--- examples/chrony.nm-dispatcher.dhcp.orig
+++ examples/chrony.nm-dispatcher.dhcp
@@ -10,7 +10,7 @@
chronyc=/usr/bin/chronyc
server_options=iburst
-server_dir=/var/run/chrony-dhcp
+server_dir=/run/chrony-dhcp
dhcp_server_file=$server_dir/$interface.sources
dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS"

384
chrony.spec Normal file
View File

@ -0,0 +1,384 @@
#
# spec file for package chrony
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} < 1500
# As of 2021 we still need to be able to build this on SLE12
%bcond_with pools
%bcond_with sysusers
%bcond_with pps
%else
%bcond_without pools
%bcond_without sysusers
%bcond_without pps
%endif
%if 0%{?suse_version} > 1500
%bcond_without usr_etc
%endif
%bcond_without testsuite
%define _systemdutildir %(pkg-config --variable systemdutildir systemd)
%global clknetsim_ver ef2a7a9
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
%define chrony_helper %{_libexecdir}/chrony/helper
%define chrony_rundir %{_rundir}/%{name}
Name: chrony
Version: 4.4
Release: 0
Summary: System Clock Synchronization Client and Server
License: GPL-2.0-only
Group: Productivity/Networking/Other
URL: https://chrony.tuxfamily.org/
Source: https://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz
Source2: chronyd.sysconfig
Source3: chrony.dhclient
Source4: chrony.helper
Source5: chrony-dnssrv@.service
Source6: chrony-dnssrv@.timer
Source7: https://download.tuxfamily.org/chrony/chrony-%{version}-tar-gz-asc.txt#/chrony-%{version}.tar.gz.sig
Source8: chrony.keyring
# Simulator for test suite
Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz
Source11: chrony-tmpfiles
Source12: pool.conf.suse
Source13: pool.conf.opensuse
Source14: system-user-chrony.conf
Source99: series
# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch0: chrony-config.patch
# Add NTP servers from DHCP when starting service
Patch1: chrony-service-helper.patch
Patch2: chrony-logrotate.patch
Patch3: chrony-service-ordering.patch
Patch7: chrony-htonl.patch
Patch8: chrony.nm-dispatcher.dhcp.patch
BuildRequires: NetworkManager-devel
BuildRequires: bison
BuildRequires: findutils
BuildRequires: gcc-c++
BuildRequires: gnutls-devel
BuildRequires: libcap-devel
BuildRequires: libedit-devel
BuildRequires: pkgconfig
%if %{with pps}
BuildRequires: pps-tools-devel
%endif
# The timezone package is needed for the "make check" tests. It can be
# removed if the call to make check is ever deleted.
BuildRequires: sysuser-tools
BuildRequires: timezone
BuildRequires: pkgconfig(systemd)
Recommends: logrotate
Requires(post): %fillup_prereq
%if %{with sysusers}
%sysusers_requires
%else
Requires(pre): %{_sbindir}/useradd
%endif
%if %{with pools}
Requires: %name-pool
Recommends: %name-pool-nonempty
%endif
Provides: ntp-daemon
%ifarch s390 s390x ppc64le
BuildRequires: libseccomp-devel >= 2.2.0
%else
BuildRequires: libseccomp-devel
%endif
%description
Chrony is an implementation of the Network Time Protocol (NTP). It can
synchronize the system clock with NTP servers, reference clocks (e.g. a
GPS receiver), and manual input using wristwatch and keyboard. It can
also operate as an NTPv4 (RFC 5905) server and peer to provide a time
service to other computers in the network.
Chrony consists of two programs: chronyd and chronyc.
Chronyd is a daemon which runs in the background on the system. It
obtains measurements of the system clocks offset relative to time
servers on other systems via the network and adjusts the system time
accordingly. For isolated systems, the user can periodically enter the
correct time by hand (using chronyc). In either case, chronyd
determines the rate at which the computer gains or loses time, and
compensates for this. Chronyd can act as either a client or a server.
Chronyc provides a user interface to chronyd for monitoring its
performance and configuring various settings. It can do so while
running on the same computer as the chronyd instance it is controlling
or a different computer.
%if %{with pools}
%package pool-suse
Summary: Chrony preconfiguration for SUSE
Group: Productivity/Networking/Other
Provides: %name-pool = %version
Provides: %name-pool-nonempty
Conflicts: %name-pool
Requires: %name = %version
BuildArch: noarch
Supplements: (chrony and branding-SLE)
Removepathpostfixes:.suse
%description pool-suse
This package configures chrony to use the SUSE NTP server pool by
default.
%package pool-openSUSE
Summary: Chrony preconfiguration for openSUSE
Group: Productivity/Networking/Other
Provides: %name-pool = %version
Provides: %name-pool-nonempty
Conflicts: %name-pool
Requires: %name = %version
BuildArch: noarch
Supplements: (chrony and branding-openSUSE)
Removepathpostfixes:.opensuse
%description pool-openSUSE
This package configures chrony to use the openSUSE NTP server pool by
default.
%package pool-empty
Summary: Empty pool preconfiguration for chrony
Group: Productivity/Networking/Other
Provides: %name-pool = %version
Conflicts: %name-pool
Requires: %name = %version
BuildArch: noarch
Removepathpostfixes:.empty
%description pool-empty
This package provides an empty /etc/chrony.d/pool.conf file for
situations when having servers preconfigured in chrony is undesirable,
e.g. because the servers will be set via DHCP.
%endif
%prep
%setup -q -a 10
%patch0 -p1
%patch1
%patch2 -p1
%patch3
%patch7
%patch8
# Remove pool statements from the default /etc/chrony.conf. They will
# be provided by branding packages in /etc/chrony.d/pool.conf .
sed -e 's|^\pool|! pool|' \
< examples/chrony.conf.example2 > chrony.conf
cat << EOF >> chrony.conf
# Also include any directives found in configuration files in /etc/chrony.d
include %{_sysconfdir}/chrony.d/*.conf
# Add sourcedir needed by NetworkManager DHCP dispatcher
sourcedir /run/chrony-dhcp
EOF
touch -r examples/chrony.conf.example2 chrony.conf
# regenerate the file from getdate.y
rm -f getdate.c
mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim
%build
# not autoconf:
export CFLAGS="%{optflags} -Wall -fpic -DPIC $(pkg-config --cflags libseccomp)"
export LDFLAGS="-pie -Wl,-z,relro,-z,now"
%configure \
--docdir="%{_docdir}/%{name}" \
--chronyrundir=%{chrony_rundir} \
--with-pidfile=%{chrony_rundir}/chronyd.pid \
--enable-scfilter \
--with-user=chrony \
--with-hwclockfile=%{_sysconfdir}/adjtime \
--with-sendmail=%{_sbindir}/sendmail \
--enable-ntp-signd
make %{?_smp_mflags} all
%if %{with sysusers}
%sysusers_generate_pre %{SOURCE14} chrony system-user-chrony.conf
%else
cat > chrony.pre <<EOF
%{_sbindir}/groupadd -r chrony >/dev/null 2>&1 || :
%{_sbindir}/useradd -g chrony -s /bin/false -r -c "Chrony Daemon" \
-d "%{_localstatedir}/lib/chrony" chrony >/dev/null 2>&1 || :
EOF
%endif
%install
%make_install
install -Dpm 0644 chrony.conf \
%{buildroot}%{_sysconfdir}/chrony.conf
mkdir %{buildroot}%{_sysconfdir}/chrony.d
install -Dpm 0640 examples/chrony.keys.example \
%{buildroot}%{_sysconfdir}/chrony.keys
install -Dpm 0755 examples/chrony.nm-dispatcher.onoffline \
%{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
install -Dpm 0755 examples/chrony.nm-dispatcher.dhcp \
%{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp
install -Dpm 0755 %{SOURCE3} \
%{buildroot}%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
%if %{with usr_etc}
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
install -Dpm 0644 examples/chrony.logrotate \
%{buildroot}%{_distconfdir}/logrotate.d/chrony
%else
install -Dpm 0644 examples/chrony.logrotate \
%{buildroot}%{_sysconfdir}/logrotate.d/chrony
%endif
install -Dpm 0644 examples/chronyd.service \
%{buildroot}%{_unitdir}/chronyd.service
install -Dpm 0644 examples/chrony-wait.service \
%{buildroot}%{_unitdir}/chrony-wait.service
install -Dpm 0644 %{SOURCE5} \
%{buildroot}%{_unitdir}/chrony-dnssrv@.service
install -Dpm 0644 %{SOURCE6} \
%{buildroot}%{_unitdir}/chrony-dnssrv@.timer
install -Dpm 0644 %{SOURCE11} \
%{buildroot}%{_tmpfilesdir}/%{name}.conf
install -d %{buildroot}%{_sbindir}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchronyd
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchrony-wait
install -d %{buildroot}%{_systemdutildir}/ntp-units.d
echo 'chronyd.service' > \
%{buildroot}%{_systemdutildir}/ntp-units.d/50-chronyd.list
install -Dpm 0644 %{SOURCE2} \
%{buildroot}%{_fillupdir}/sysconfig.chronyd
install -Dpm 755 %{SOURCE4} %{buildroot}%{chrony_helper}
install -d %{buildroot}%{_localstatedir}/log/chrony
touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc}
%if %{with pools}
# Install the NTP pool files
install -Dpm 644 %{SOURCE12} %{SOURCE13} %{buildroot}/etc/chrony.d
echo '# Add ntp pools here' > %{buildroot}/etc/chrony.d/pool.conf.empty
%endif
mkdir -p %{buildroot}%{_sysusersdir}
install -m 0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/
find %{buildroot} -type f | xargs sed -i '
s-@CHRONY_HELPER@-%{chrony_helper}-g
s-@CHRONY_RUNDIR@-%{chrony_rundir}-g
'
%if %{with testsuite}
%ifnarch %ix86
%check
# Set random seed to get deterministic results
export CLKNETSIM_RANDOM_SEED=24501
export CFLAGS="%{optflags}"
make %{?_smp_mflags} -C test/simulation/clknetsim
make %{?_smp_mflags} quickcheck
%endif
%endif
%pre -f chrony.pre
%service_add_pre chronyd.service chrony-wait.service
%if %{with usr_etc}
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in logrotate.d/chrony ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
%if %{with usr_etc}
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in logrotate.d/chrony ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%preun
%service_del_preun chronyd.service chrony-wait.service
%post
%fillup_only -n chronyd
%tmpfiles_create %{name}.conf
%service_add_post chronyd.service chrony-wait.service
%postun
%service_del_postun chronyd.service chrony-wait.service
%files
%defattr(-,root,root)
%if 0%{?suse_version} >= 1500
%license COPYING
%else
%doc COPYING
%endif
%doc FAQ NEWS README
%doc examples
%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/chrony.conf
%config(noreplace) %attr(0640,root,%{name}) %verify(not md5 size mtime) %{_sysconfdir}/chrony.keys
%if 0%{?suse_version} > 1500
%{_distconfdir}/logrotate.d/chrony
%else
%config(noreplace) %{_sysconfdir}/logrotate.d/chrony
%endif
%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline
%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp
%dir %{_sysconfdir}/chrony.d/
%dir %{_sysconfdir}/dhcp/
%dir %{_sysconfdir}/dhcp/dhclient.d/
%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
%{_sysusersdir}/system-user-chrony.conf
%{_bindir}/chronyc
%{_sbindir}/chronyd
%{_libexecdir}/%name
%{_mandir}/man1/chronyc.1%{?ext_man}
%{_mandir}/man5/chrony.conf.5%{?ext_man}
%{_mandir}/man8/chronyd.8%{?ext_man}
%{_systemdutildir}/ntp-units.d/*.list
%{_unitdir}/chrony*.service
%{_unitdir}/chrony*.timer
%{_sbindir}/rcchrony*
%{_tmpfilesdir}/%{name}.conf
%{_fillupdir}/sysconfig.chronyd
%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony
%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/drift
%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/rtc
%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
%ghost %attr(0750, %{name}, %{name}) %{_rundir}/%{name}
%if %{with pools}
%files pool-empty
%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.empty
%files pool-suse
%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.suse
%files pool-openSUSE
%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.opensuse
%endif
%changelog

9
chronyd.sysconfig Normal file
View File

@ -0,0 +1,9 @@
## Path: Network/Chrony
## Description: Chrony time synchronization settings
## Type: string
## Default: ""
## ServiceRestart: chronyd
#
# Command line options for chronyd
#
OPTIONS=""

BIN
clknetsim-ef2a7a9.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

1
pool.conf.opensuse Normal file
View File

@ -0,0 +1 @@
pool 2.opensuse.pool.ntp.org iburst

1
pool.conf.suse Normal file
View File

@ -0,0 +1 @@
pool 2.suse.pool.ntp.org iburst

4
series Normal file
View File

@ -0,0 +1,4 @@
chrony-config.patch -p1
chrony-service-helper.patch -p1
chrony-logrotate.patch -p1
chrony-service-ordering.patch -p0

2
system-user-chrony.conf Normal file
View File

@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory Shell
u chrony - "Chrony Daemon" /var/lib/chrony -