From 55059d9e432e20c2cf0126e0449406a8450f96f81b8648718f44d672de65d618 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 11:35:34 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main chrony revision ee60ed258679ff333f9efb581d7161db --- .gitattributes | 23 + chrony-4.4.tar.gz | 3 + chrony-4.4.tar.gz.sig | 16 + chrony-config.patch | 67 +++ chrony-dnssrv@.service | 8 + chrony-dnssrv@.timer | 9 + chrony-htonl.patch | 11 + chrony-logrotate.patch | 10 + chrony-service-helper.patch | 10 + chrony-service-ordering.patch | 15 + chrony-tmpfiles | 1 + chrony.changes | 863 ++++++++++++++++++++++++++++++++ chrony.dhclient | 20 + chrony.helper | 186 +++++++ chrony.keyring | 54 ++ chrony.nm-dispatcher.dhcp.patch | 11 + chrony.spec | 384 ++++++++++++++ chronyd.sysconfig | 9 + clknetsim-ef2a7a9.tar.gz | 3 + pool.conf.opensuse | 1 + pool.conf.suse | 1 + series | 4 + system-user-chrony.conf | 2 + 23 files changed, 1711 insertions(+) create mode 100644 .gitattributes create mode 100644 chrony-4.4.tar.gz create mode 100644 chrony-4.4.tar.gz.sig create mode 100644 chrony-config.patch create mode 100644 chrony-dnssrv@.service create mode 100644 chrony-dnssrv@.timer create mode 100644 chrony-htonl.patch create mode 100644 chrony-logrotate.patch create mode 100644 chrony-service-helper.patch create mode 100644 chrony-service-ordering.patch create mode 100644 chrony-tmpfiles create mode 100644 chrony.changes create mode 100644 chrony.dhclient create mode 100644 chrony.helper create mode 100644 chrony.keyring create mode 100644 chrony.nm-dispatcher.dhcp.patch create mode 100644 chrony.spec create mode 100644 chronyd.sysconfig create mode 100644 clknetsim-ef2a7a9.tar.gz create mode 100644 pool.conf.opensuse create mode 100644 pool.conf.suse create mode 100644 series create mode 100644 system-user-chrony.conf diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/chrony-4.4.tar.gz b/chrony-4.4.tar.gz new file mode 100644 index 0000000..d019e6b --- /dev/null +++ b/chrony-4.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:eafb07e6daf92b142200f478856dfed6efc9ea2d146eeded5edcb09b93127088 +size 612094 diff --git a/chrony-4.4.tar.gz.sig b/chrony-4.4.tar.gz.sig new file mode 100644 index 0000000..c8f34f2 --- /dev/null +++ b/chrony-4.4.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEjzdcfo0O4SWj071RU34rdvdoDawFAmTTlb0ACgkQU34rdvdo +DaxNlhAAhqmQKW5LEQmJjld2bor7nJHjuJ9/Xs4YVvUM3+U1R+BxRZiyX3aNAABz +J/iDGbQc1Bbd7cfGPSLrInSRJL0j1r2CQi76gxjcjyJOFU+QiZxZYIM5BN2QouI9 +taNi5cyRQSNgu+JO7Xzq3dZ7q0UFp2/5/OcryZU2RMcy9mg8zsYBvaoxs+vE098O +kGHR3fLlK/Dvbyv+8uWejmC3pDqzTdbIJDziH9Q1h1SyjFb4x7ISbVrsnuYKTZfl +oSKEucEHmlAXgCvLU2abWSL6M8vQeOpuwtJnWswzTxKyon0sM28pzyJ2D49MfkNT +MSJV/NsD3Htu/XrUBfX4FXwsCkfV1AVUZIbgira7eVE/sY2Hjz3RJzZf4Kfpy+1d +uY/Ch+AHxJpO4OiwmWBEz04MSJYqmwMILi5ey3NSopT/b8Xm1iAu29AYHsHYshrj +kn8vbgqfZihP7ainGw8Y4ljCGfdMNXOyPcmoDR8BGSks7nRls9siO6fUQxuNF1Uy +YV4mvvt+mQck+ympbSSRboz+dvnT8No6L17RPsP5va4ro2C5kqlPB45VfxCRauqe +/lW/TxksyBo2cE0cL5V4ZKg0TXVSrsx15bY5rWRaozbj3EYCZfoQ1jOmQ1rP+ysh +EcKbs/RsR+6O7viKvybb1pYrsgaeyrPYfIVbWCcDqUGKgzo2XUY= +=Zu1L +-----END PGP SIGNATURE----- diff --git a/chrony-config.patch b/chrony-config.patch new file mode 100644 index 0000000..d5e07d0 --- /dev/null +++ b/chrony-config.patch @@ -0,0 +1,67 @@ +Index: chrony-4.0/examples/chrony.conf.example3 +=================================================================== +--- chrony-4.0.orig/examples/chrony.conf.example3 ++++ chrony-4.0/examples/chrony.conf.example3 +@@ -27,12 +27,38 @@ + # you can access at http://support.ntp.org/bin/view/Servers/WebHome or + # you can use servers from the pool.ntp.org project. + +-! server foo.example.net iburst +-! server bar.example.net iburst +-! server baz.example.net iburst +- + ! pool pool.ntp.org iburst + ++# for Europe: ++! server 0.europe.pool.ntp.org ++! server 1.europe.pool.ntp.org ++! server 2.europe.pool.ntp.org ++! server 3.europe.pool.ntp.org ++ ++# for Asia: ++! server 0.asia.pool.ntp.org ++! server 1.asia.pool.ntp.org ++! server 2.asia.pool.ntp.org ++! server 3.asia.pool.ntp.org ++ ++# for North America: ++! server 0.north-america.pool.ntp.org ++! server 1.north-america.pool.ntp.org ++! server 2.north-america.pool.ntp.org ++! server 3.north-america.pool.ntp.org ++ ++# for South America: ++! server 0.south-america.pool.ntp.org ++! server 1.south-america.pool.ntp.org ++! server 2.south-america.pool.ntp.org ++! server 3.south-america.pool.ntp.org ++ ++# for Oceania: ++! server 0.oceania.pool.ntp.org ++! server 1.oceania.pool.ntp.org ++! server 2.oceania.pool.ntp.org ++! server 3.oceania.pool.ntp.org ++ + ####################################################################### + ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK + # +@@ -79,7 +105,7 @@ + # immediately so that it doesn't gain or lose any more time. You + # generally want this, so it is uncommented. + +-driftfile /var/lib/chrony/drift ++driftfile /var/lib/chrony/chrony.drift + + # If you want to enable NTP authentication with symmetric keys, you will need + # to uncomment the following line and edit the file to set up the keys. +@@ -165,8 +191,8 @@ ntsdumpdir /var/lib/chrony + # produce some graphs of your system's timekeeping performance, or you + # need help in debugging a problem. + +-! logdir /var/log/chrony +-! log measurements statistics tracking ++logdir /var/log/chrony ++log measurements statistics tracking + + # If you have real time clock support enabled (see below), you might want + # this line instead: diff --git a/chrony-dnssrv@.service b/chrony-dnssrv@.service new file mode 100644 index 0000000..cb9028d --- /dev/null +++ b/chrony-dnssrv@.service @@ -0,0 +1,8 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chronyd.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=@CHRONY_HELPER@ update-dnssrv-servers %I diff --git a/chrony-dnssrv@.timer b/chrony-dnssrv@.timer new file mode 100644 index 0000000..6da8635 --- /dev/null +++ b/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/chrony-htonl.patch b/chrony-htonl.patch new file mode 100644 index 0000000..deacacb --- /dev/null +++ b/chrony-htonl.patch @@ -0,0 +1,11 @@ +--- test/unit/util.c.orig ++++ test/unit/util.c +@@ -561,7 +561,7 @@ test_unit(void) + #else + TEST_CHECK(tspec.tv_sec_high == htonl(TV_NOHIGHSEC)); + #endif +- TEST_CHECK(tspec.tv_sec_low == htonl(ts.tv_sec)); ++ TEST_CHECK(tspec.tv_sec_low == htonl((uint32_t) ts.tv_sec)); + TEST_CHECK(tspec.tv_nsec == htonl(ts.tv_nsec)); + UTI_TimespecNetworkToHost(&tspec, &ts2); + TEST_CHECK(!UTI_CompareTimespecs(&ts, &ts2)); diff --git a/chrony-logrotate.patch b/chrony-logrotate.patch new file mode 100644 index 0000000..87a36ff --- /dev/null +++ b/chrony-logrotate.patch @@ -0,0 +1,10 @@ +Index: chrony-2.3/examples/chrony.logrotate +=================================================================== +--- chrony-2.3.orig/examples/chrony.logrotate ++++ chrony-2.3/examples/chrony.logrotate +@@ -1,4 +1,5 @@ + /var/log/chrony/*.log { ++ su chrony chrony + missingok + nocreate + sharedscripts diff --git a/chrony-service-helper.patch b/chrony-service-helper.patch new file mode 100644 index 0000000..f5ad63b --- /dev/null +++ b/chrony-service-helper.patch @@ -0,0 +1,10 @@ +--- examples/chronyd.service.orig ++++ examples/chronyd.service +@@ -10,6 +10,7 @@ Type=forking + PIDFile=/run/chrony/chronyd.pid + EnvironmentFile=-/etc/sysconfig/chronyd + ExecStart=/usr/sbin/chronyd $OPTIONS ++ExecStartPost=@CHRONY_HELPER@ update-daemon + + CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE + CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE diff --git a/chrony-service-ordering.patch b/chrony-service-ordering.patch new file mode 100644 index 0000000..5df1e6d --- /dev/null +++ b/chrony-service-ordering.patch @@ -0,0 +1,15 @@ +--- examples/chronyd.service.orig ++++ examples/chronyd.service +@@ -1,7 +1,11 @@ + [Unit] + Description=NTP client/server + Documentation=man:chronyd(8) man:chrony.conf(5) +-After=ntpdate.service sntp.service ntpd.service ++After=nss-lookup.target ++Wants=network.target ++After=network.target ++Wants=time-sync.target ++Before=time-sync.target + Conflicts=ntpd.service systemd-timesyncd.service + ConditionCapability=CAP_SYS_TIME + diff --git a/chrony-tmpfiles b/chrony-tmpfiles new file mode 100644 index 0000000..41aa569 --- /dev/null +++ b/chrony-tmpfiles @@ -0,0 +1 @@ +d /run/chrony 0750 chrony chrony diff --git a/chrony.changes b/chrony.changes new file mode 100644 index 0000000..715fd2b --- /dev/null +++ b/chrony.changes @@ -0,0 +1,863 @@ +------------------------------------------------------------------- +Fri Sep 1 14:05:34 UTC 2023 - Fabian Vogt + +- Use make quickcheck instead of make check to avoid >1h build + times and failures due to timeouts. This was the default before + 3.2 but it changed to make tests more reliable. Here a seed is + already set to get deterministic execution. + +------------------------------------------------------------------- +Wed Aug 9 17:30:28 UTC 2023 - Reinhard Max + +- Update to 4.4: + * Add support for AES-GCM-SIV with Nettle >= 3.9 to shorten NTS + cookies to avoid some length-specific blocking of NTP on + Internet. + * Add support for multiple refclocks using extpps option on one + PHC. + * Add maxpoll option to hwtimestamp directive to improve PHC + tracking with low packet rates + * Add hwtstimeout directive to configure timeout for late + timestamps. + * Handle late hardware transmit timestamps of NTP requests on + all sockets. + * Handle mismatched 32/64-bit time_t in SOCK refclock samples + * Improve source replacement + * Log important changes made by command requests (chronyc) + * Refresh address of NTP sources periodically + * Set DSCP for IPv6 packets + * Shorten NTS-KE retry interval when network is down + * Update seccomp filter for musl + * Warn if loading keys from file with unexpected permissions + * Warn if source selection fails or falseticker is detected + * Add selectopts command to modify source-specific selection + options. + * Add timestamp sources to serverstats report and make its fields + 64-bit. + * Add -e option to chronyc to indicate end of response +- Update clknetsim to snapshot ef2a7a9. + +------------------------------------------------------------------- +Wed Nov 16 11:37:25 UTC 2022 - Clemens Famulla-Conrad + +- Install chrony DHCP dispatcher script for Networkmanager + * chrony.nm-dispatcher.dhcp.patch /var/run to /run + +------------------------------------------------------------------- +Thu Sep 1 14:40:46 UTC 2022 - Reinhard Max + +- Update to 4.3: + * Add local option to refclock directive to stabilise system + clock with more stable free-running clock (e.g. TCXO, OCXO). + * Add maxdelayquant option to server/pool/peer directive to + replace maxdelaydevratio filter with long-term quantile-based + filtering. + * Add selection option to log directive. + * Allow external PPS in PHC refclock without configurable pin. + * Don't accept first interleaved response to minimise error in + delay. + * Don't use arc4random on Linux to avoid server performance loss. + * Improve filter option to better handle missing NTP samples. + * Improve stability with hardware timestamping and PHC refclock. + * Update seccomp filter +- Update clknetsim to snapshot f00531b. +- Use a more specific conditional for the /usr/etc stuff. + +------------------------------------------------------------------- +Wed Jun 15 14:41:05 UTC 2022 - Stefan Schubert + +- Moved logrotate files from user specific directory /etc/logrotate.d + to vendor specific directory /usr/etc/logrotate.d. + +------------------------------------------------------------------- +Thu May 12 14:33:50 UTC 2022 - Stefan Schubert + +- Moved 20-chrony file from user specif directory + /etc/NetworkManager/dispatcher.d to vendor specific directory + /usr/lib/NetworkManager/dispatcher.d. So, users changes can + still be done in /etc and will not be overwritten by an update. + +------------------------------------------------------------------- +Mon Jan 10 17:26:02 UTC 2022 - Reinhard Max + +- boo#1194206: Use /run instead of /var/run throughout. +- bsc#1194229: Fix pool package dependencies, so that SLE actually + prefers chrony-pool-suse over chrony-pool-empty. + +------------------------------------------------------------------- +Thu Dec 16 16:47:08 UTC 2021 - Reinhard Max + +- Update to 4.2 + * Add support for NTPv4 extension field improving synchronisation + stability and resolution of root delay and dispersion + (experimental) + * Add support for NTP over PTP (experimental) + * Add support for AES-CMAC and hash functions in GnuTLS + * Improve server interleaved mode to be more reliable and support + multiple clients behind NAT + * Update seccomp filter + * Fix RTC support with 64-bit time_t on 32-bit Linux + * Fix seccomp filter to work correctly with bind*device directives +- Obsoleted patches: + * chrony-refid-internal-md5.patch + * harden_chrony-wait.service.patch + * harden_chronyd.service.patch +- Update clknetsim to snapshot 470b5e9. + +------------------------------------------------------------------- +Tue Dec 7 10:08:53 UTC 2021 - Reinhard Max + +- Add chrony-htonl.patch to work around undocumented behaviour of + htonl() in older glibc versions (SLE-12) on 64 bit big endian + architectures (s390x). + +------------------------------------------------------------------- +Fri Nov 19 16:39:44 UTC 2021 - Reinhard Max + +- SLE bugs that have been fixed in openSUSE up to this point + without explicit references: bsc#1183783, bsc#1184400, + bsc#1171806, bsc#1161119, bsc#1159840. +- Obsoleted SLE patches: + * chrony-fix-open.patch + * chrony-gettimeofday.patch + * chrony-ntp-era-split.patch + * chrony-pidfile.patch + * chrony-select-timeout.patch + * chrony-urandom.patch + * chrony.sysconfig + * clknetsim-glibc-2.31.patch + +------------------------------------------------------------------- +Fri Oct 8 14:52:41 UTC 2021 - Reinhard Max + +- boo#1190926: PrivateDevices is too strict, we might need to + access the rtc and ptp devices. +- Add back support to build chrony on SLE12. +- Drop dependency on asciidoctor. It is only needed for building + the HTML documentation which we don't package anyway. + +------------------------------------------------------------------- +Mon Aug 30 13:50:07 UTC 2021 - Johannes Segitz + +- Added hardening to systemd service(s). Added patch(es): + * harden_chrony-wait.service.patch + * harden_chronyd.service.patch + +------------------------------------------------------------------- +Thu Jul 1 12:38:13 UTC 2021 - Reinhard Max + +- boo#1187906: Consolidate all references to the helper script. +- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode, + but needed for calculating refids from IPv6 addresses as part of + the NTP protocol (rfc5905). As this is a non-cryptographic use of + MD5 we can use our own implementation without violating FIPS + rules: chrony-refid-internal-md5.patch . + +------------------------------------------------------------------- +Sun Jun 13 13:29:36 UTC 2021 - Callum Farmer + +- Add now working CONFIG parameter to sysusers generator + +------------------------------------------------------------------- +Wed Jun 2 09:10:41 UTC 2021 - Callum Farmer + +- Change to using systemd-sysusers +- Remove otherproviders, not needed anymore + +------------------------------------------------------------------- +Tue Jun 1 12:53:23 UTC 2021 - Reinhard Max + +- Update to 4.1 + * Add support for NTS servers specified by IP address (matching + Subject Alternative Name in server certificate) + * Add source-specific configuration of trusted certificates + * Allow multiple files and directories with trusted certificates + * Allow multiple pairs of server keys and certificates + * Add copy option to server/pool directive + * Increase PPS lock limit to 40% of pulse interval + * Perform source selection immediately after loading dump files + * Reload dump files for addresses negotiated by NTS-KE server + * Update seccomp filter and add less restrictive level + * Restart ongoing name resolution on online command + * Fix dump files to not include uncorrected offset + * Fix initstepslew to accept time from own NTP clients + * Reset NTP address and port when no longer negotiated by NTS-KE + server +- Update clknetsim to snapshot f89702d. +- Refresh chrony.keyring from + https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +- Ensure the correct pool packages are installed for openSUSE + and SLE (bsc#1180689). + +------------------------------------------------------------------- +Fri Feb 5 09:38:02 UTC 2021 - Reinhard Max + +- Enable syscallfilter unconditionally [boo#1181826]. + +------------------------------------------------------------------- +Mon Dec 7 09:53:22 UTC 2020 - Marcus Rueckert + +- drop buildrequires on NSS. We need gnutls for NTS anyway and we + can do all the other required crypto via nettle+gnutls. no need + for another crypto library. + +------------------------------------------------------------------- +Sun Nov 1 22:26:48 UTC 2020 - Marcus Rueckert + +- Update to 4.0 + - Enhancements + - Add support for Network Time Security (NTS) authentication + - Add support for AES-CMAC keys (AES128, AES256) with Nettle + - Add authselectmode directive to control selection of + unauthenticated sources + - Add binddevice, bindacqdevice, bindcmddevice directives + - Add confdir directive to better support fragmented + configuration + - Add sourcedir directive and "reload sources" command to + support dynamic NTP sources specified in files + - Add clockprecision directive + - Add dscp directive to set Differentiated Services Code Point + (DSCP) + - Add -L option to limit log messages by severity + - Add -p option to print whole configuration with included + files + - Add -U option to allow start under non-root user + - Allow maxsamples to be set to 1 for faster update with -q/-Q + option + - Avoid replacing NTP sources with sources that have + unreachable address + - Improve pools to repeat name resolution to get "maxsources" + sources + - Improve source selection with trusted sources + - Improve NTP loop test to prevent synchronisation to itself + - Repeat iburst when NTP source is switched from offline state + to online + - Update clock synchronisation status and leap status more + frequently + - Update seccomp filter + - Add "add pool" command + - Add "reset sources" command to drop all measurements + - Add authdata command to print details about NTP + authentication + - Add selectdata command to print details about source + selection + - Add -N option and sourcename command to print original names + of sources + - Add -a option to some commands to print also unresolved + sources + - Add -k, -p, -r options to clients command to select, limit, + reset data + - Bug fixes + - Don’t set interface for NTP responses to allow asymmetric + routing + - Handle RTCs that don’t support interrupts + - Respond to command requests with correct address on + multihomed hosts + - Removed features + - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) + - Drop support for long (non-standard) MACs in NTPv4 packets + (chrony 2.x clients using non-MD5/SHA1 keys need to use + option "version 3") + - Drop support for line editing with GNU Readline +- add BuildRequires for gnutls-devel (which also pulls nettle to + enable the new features) +- drop patches which are included in the update: + chrony-test-update-processing-of-packet-log.patch + chrony-test-fix-util-unit-test-for-NTP-era-split.patch +- refreshed chrony-config.patch +- track series file for easier quilt setup +- added option to turn off testsuite with + osc build --without=testsuite + + testsuite still runs by default + +------------------------------------------------------------------- +Wed Oct 28 07:49:37 UTC 2020 - Thorsten Kukuk + +- By default we don't write log files but log to journald, so + only recommend logrotate. + +------------------------------------------------------------------- +Mon Sep 14 10:41:58 UTC 2020 - Reinhard Max + +- Adjust and rename the sysconfig file, so that it matches the + expectations of chronyd.service (bsc#1173277). + +------------------------------------------------------------------- +Sun Sep 13 20:22:46 UTC 2020 - Matthias Eliasson + +- Update to 3.5.1: + * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) + +------------------------------------------------------------------- +Sun Aug 2 21:27:45 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) + +------------------------------------------------------------------- +Thu Jun 4 15:23:17 UTC 2020 - Reinhard Max + +- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that + preconfigure chrony to use NTP servers from the respective + pools for SUSE and openSUSE (bsc#1156884, SLE-11424). +- Add chrony-pool-empty to still allow installing chrony without + preconfigured servers. +- Use iburst in the default pool statements to speed up initial + synchronisation (bsc#1172113). + +------------------------------------------------------------------- +Thu Apr 30 16:03:16 UTC 2020 - Dominique Leuenberger + +- Use _systemdutildir instead of _libexecdir/systemd: systemd does + not actually live below libexecdir. + +------------------------------------------------------------------- +Thu Feb 13 12:45:44 UTC 2020 - Martin Liška + +- Add chrony-test-update-processing-of-packet-log.patch in order + to fix test-suite failure. + +------------------------------------------------------------------- +Wed Feb 12 09:24:24 UTC 2020 - Martin Liška + +- Update clknetsim to version 79ffe44 (fixes boo#1162964). +- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. + +------------------------------------------------------------------- +Sat Oct 26 10:39:29 UTC 2019 - Arjen de Korte + +- Change to BuildRequires: rubygem(asciidoctor) and remove conditional + (is available in SLE12-SP4 and SLE15* as well) +- Fix typo in %install + +------------------------------------------------------------------- +Tue Oct 22 21:18:58 UTC 2019 - Arjen de Korte + +- Fix asciidoc in Tumbleweed +- Revert clknetsim to version 58c5e8b + +------------------------------------------------------------------- +Tue Oct 22 15:25:18 UTC 2019 - Arjen de Korte + +- Fix incorrect download link for package signature + +------------------------------------------------------------------- +Mon Oct 21 07:57:44 UTC 2019 - Martin Pluskal + +- Temporarily disable signature usage as its expired +- Update clknetsim to version ac3c832 + +------------------------------------------------------------------- +Sat Oct 19 08:27:17 UTC 2019 - Mathias Homann + +- fix chrony-service-helper.patch + +------------------------------------------------------------------- +Sat Oct 19 07:22:58 UTC 2019 - Mathias Homann + +- Update to 3.5: + + Add support for more accurate reading of PHC on Linux 5.0 + + Add support for hardware timestamping on interfaces with read-only timestamping configuration + + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + + Update seccomp filter to work on more architectures + + Validate refclock driver options + + Fix bindaddress directive on FreeBSD + + Fix transposition of hardware RX timestamp on Linux 4.13 and later + + Fix building on non-glibc systems + +------------------------------------------------------------------- +Thu Mar 21 13:35:20 UTC 2019 - Reinhard Max + +- Fix ordering and dependencies of chronyd.service, so that it is + started after name resolution is up (bsc#1129914). +- Add chrony-service-ordering.patch +- Fix location of helper script in chrony-dnssrv@.service + (bsc#1128846). + +------------------------------------------------------------------- +Wed Mar 6 13:40:04 UTC 2019 - Martin Pluskal + +- Update testsuite to version 58c5e8b + +------------------------------------------------------------------- +Thu Dec 20 16:48:14 UTC 2018 - Reinhard Max + +- Read runtime servers from /var/run/netconfig/chrony.servers to + fix bsc#1099272. +- Move chrony-helper to /usr/lib/chrony/helper, because there + should be no executables in /usr/share. + +------------------------------------------------------------------- +Fri Dec 14 08:05:35 UTC 2018 - Martin Pluskal + +- Make sure to generate correct sysconfig file (boo#1117147) +- Update clknetsim to revision 8b48422 + +------------------------------------------------------------------- +Thu Nov 22 09:27:58 UTC 2018 - Martin Pluskal + +- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529) + +------------------------------------------------------------------- +Thu Oct 18 10:14:08 UTC 2018 - Ismail Dönmez + +- Update the keyring and uncomment it in the spec file + +------------------------------------------------------------------- +Thu Oct 18 07:43:44 UTC 2018 - Martin Pluskal + +- Comment out bad signature + +------------------------------------------------------------------- +Wed Sep 19 18:21:19 UTC 2018 - Michael Ströder + +- Added %{_tmpfilesdir}/%{name}.conf +- Updated clknetsim +- Update to version 3.4 + * Enhancements + + Add filter option to server/pool/peer directive + + Add minsamples and maxsamples options to hwtimestamp directive + + Add support for faster frequency adjustments in Linux 4.19 + + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd + without root privileges to remove it on exit + + Disable sub-second polling intervals for distant NTP sources + + Extend range of supported sub-second polling intervals + + Get/set IPv4 destination/source address of NTP packets on FreeBSD + + Make burst options and command useful with short polling intervals + + Modify auto_offline option to activate when sending request failed + + Respond from interface that received NTP request if possible + + Add onoffline command to switch between online and offline state + according to current system network configuration + + Improve example NetworkManager dispatcher script + * Bug fixes + + Avoid waiting in Linux getrandom system call + + Fix PPS support on FreeBSD and NetBSD + +------------------------------------------------------------------- +Fri Aug 3 07:56:06 UTC 2018 - mpluskal@suse.com + +- Update clknetsim to revision 42b693b + * Drop not needed chrony-fix-open.patch +- Build tests with optflags as well +- Do not run tests on i586 +- Enable signd + +------------------------------------------------------------------- +Thu Aug 2 07:52:58 UTC 2018 - mpluskal@suse.com + +- Mention all sources as such in spec file +- Fix formatting of changelog +- Drop reference to change is not present + +------------------------------------------------------------------- +Wed Aug 1 16:36:17 UTC 2018 - bwiedemann@suse.com + +- Update to version 3.3 + * Enhancements: + + Add burst option to server/pool directive + + Add stratum and tai options to refclock directive + + Add support for Nettle crypto library + + Add workaround for missing kernel receive timestamps on Linux + + Wait for late hardware transmit timestamps + + Improve source selection with unreachable sources + + Improve protection against replay attacks on symmetric mode + + Allow PHC refclock to use socket in /var/run/chrony + + Add shutdown command to stop chronyd + + Simplify format of response to manual list command + + Improve handling of unknown responses in chronyc + * Bug fixes: + + Respond to NTPv1 client requests with zero mode + + Fix -x option to not require CAP_SYS_TIME under non-root user + + Fix acquisitionport directive to work with privilege separation + + Fix handling of socket errors on Linux to avoid high CPU usage + + Fix chronyc to not get stuck in infinite loop after clock step + +------------------------------------------------------------------- +Wed Apr 18 02:55:54 UTC 2018 - mpost@suse.com + +- Added /etc/chrony.d/ directory to the package (bsc#1083597) + Modifed default chrony.conf to add "include /etc/chrony.d/*" + +------------------------------------------------------------------- +Mon Mar 26 17:30:07 CEST 2018 - kukuk@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Wed Mar 14 15:11:56 CET 2018 - kukuk@suse.de + +- Fix name of fillup template (was never installed before) +- Fix Requires for fillup, it's used in post, not pre. + +------------------------------------------------------------------- +Fri Feb 9 10:21:09 UTC 2018 - mpluskal@suse.com + +- Enable pps support + +------------------------------------------------------------------- +Thu Nov 23 13:47:05 UTC 2017 - rbrown@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Thu Oct 26 10:39:11 UTC 2017 - mpluskal@suse.com + +- Cleanup spec file: + * Drop pre systemd support + * Run spec-cleaner + +------------------------------------------------------------------- +Tue Oct 24 18:23:56 UTC 2017 - mpost@suse.com + +- Modified the spec file to comment out the pool statement + in chrony.conf if _not_ building for openSUSE. (bsc#1063704). + +------------------------------------------------------------------- +Thu Sep 28 16:17:08 UTC 2017 - mrueckert@suse.de + +- refresh patches to apply cleanly again + - chrony-config.patch + - chrony-fix-open.patch + +------------------------------------------------------------------- +Wed Sep 20 23:57:53 UTC 2017 - mpost@suse.com + +- Upgraded to version 3.2: + Enhancements + * Improve stability with NTP sources and reference clocks + * Improve stability with hardware timestamping + * Improve support for NTP interleaved modes + * Control frequency of system clock on macOS 10.13 and later + * Set TAI-UTC offset of system clock with leapsectz directive + * Minimise data in client requests to improve privacy + * Allow transmit-only hardware timestamping + * Add support for new timestamping options introduced in Linux 4.13 + * Add root delay, root dispersion and maximum error to tracking log + * Add mindelay and asymmetry options to server/peer/pool directive + * Add extpps option to PHC refclock to timestamp external PPS signal + * Add pps option to refclock directive to treat any refclock as PPS + * Add width option to refclock directive to filter wrong pulse edges + * Add rxfilter option to hwtimestamp directive + * Add -x option to disable control of system clock + * Add -l option to log to specified file instead of syslog + * Allow multiple command-line options to be specified together + * Allow starting without root privileges with -Q option + * Update seccomp filter for new glibc versions + * Dump history on exit by default with dumpdir directive + * Use hardening compiler options by default + Bug fixes + * Don't drop PHC samples with low-resolution system clock + * Ignore outliers in PHC tracking, RTC tracking, manual input + * Increase polling interval when peer is not responding + * Exit with error message when include directive fails + * Don't allow slash after hostname in allow/deny directive/command + * Try to connect to all addresses in chronyc before giving up +- Upgraded clknetsim to version 71dbbc5. +- Reworked chrony-fix-open.patch to fit the new version + +------------------------------------------------------------------- +Tue Jan 31 16:38:05 UTC 2017 - mpost@suse.com + +- Upgraded to version 3.1: + - Enhancements + - Add support for precise cross timestamping of PHC on Linux + - Add minpoll, precision, nocrossts options to hwtimestamp directive + - Add rawmeasurements option to log directive and modify measurements + option to log only valid measurements from synchronised sources + - Allow sub-second polling interval with NTP sources + - Bug fixes + - Fix time smoothing in interleaved mode +- Upgraded clknetsim to version ce89a1b. +- Reworked the following patches to fit the new versions + - chrony-config.patch + - chrony-service-helper.patch + - chrony-fix-open.patch + +------------------------------------------------------------------- +Mon Jan 16 22:36:09 UTC 2017 - mpost@suse.com + +- Upgraded to version 3.0: + - Enhancements + - Add support for software and hardware timestamping on Linux + - Add support for client/server and symmetric interleaved modes + - Add support for MS-SNTP authentication in Samba + - Add support for truncated MACs in NTPv4 packets + - Estimate and correct for asymmetric network jitter + - Increase default minsamples and polltarget to improve stability with very low jitter + - Add maxjitter directive to limit source selection by jitter + - Add offset option to server/pool/peer directive + - Add maxlockage option to refclock directive + - Add -t option to chronyd to exit after specified time + - Add partial protection against replay attacks on symmetric mode + - Don't reset polling interval when switching sources to online state + - Allow rate limiting with very short intervals + - Improve maximum server throughput on Linux and NetBSD + - Remove dump files after start + - Add tab-completion to chronyc with libedit/readline + - Add ntpdata command to print details about NTP measurements + - Allow all source options to be set in add server/peer command + - Indicate truncated addresses/hostnames in chronyc output + - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses + - Bug fixes + - Fix crash with disabled asynchronous name resolving +- Upgraded clknetsim to version 6bb6519. + +------------------------------------------------------------------- +Tue Nov 29 16:54:52 UTC 2016 - mpost@suse.com + +- Upgraded to version 2.4.1: + - Bug fixes + - Fix processing of kernel timestamps on non-Linux systems + - Fix crash with smoothtime directive + - Fix validation of refclock sample times + - Fix parsing of refclock directive + +------------------------------------------------------------------- +Wed Jun 8 10:02:51 UTC 2016 - mrueckert@suse.de + +- update to 2.4: + - Enhancements + - Add orphan option to local directive for orphan mode + compatible with ntpd + - Add distance option to local directive to set activation + threshold (1 second by default) + - Add maxdrift directive to set maximum allowed drift of system + clock + - Try to replace NTP sources exceeding maximum distance + - Randomise source replacement to avoid getting stuck with bad + sources + - Randomise selection of sources from pools on start + - Ignore reference timestamp as ntpd doesn't always set it + correctly + - Modify tracking report to use same values as seen by NTP + clients + - Add -c option to chronyc to write reports in CSV format + - Provide detailed manual pages + - Bug fixes + - Fix SOCK refclock to work correctly when not specified as + last refclock + - Fix initstepslew and -q/-Q options to accept time from own + NTP clients + - Fix authentication with keys using 512-bit hash functions + - Fix crash on exit when multiple signals are received + - Fix conversion of very small floating-point numbers in + command packets + - Removed features + - Drop documentation in Texinfo format +- update clknetsim to a5949fe for fixing a testsuite failure: + - add IP_PKTINFO socket option + - accept environment variables in make + - fix building with FORTIFY_SOURCE + - fix compiler warning + - support multiple SHM refclocks + - fix recv functions with new glibc headers +- refreshed chrony-fix-open.patch: to apply cleanly after clknetsim + update +- drop patches: + - chrony-include-termios.patch + - make-105-ntpauth-more-reliable.patch +- drop buildrequires for texinfo and pre requires on the install + info packages +- no longer use make install-docs: it only installed 0 byte html + files. + +------------------------------------------------------------------- +Wed Apr 13 14:23:38 UTC 2016 - mpluskal@suse.com + +- Provide ntp-daemon (bsc#973981) + +------------------------------------------------------------------- +Mon Apr 11 15:26:59 UTC 2016 - meissner@suse.com + +- chrony-fix-open.patch: make sure _open and _close are initialized + in open()/close() override, as libfreebl3 also calls from the + the ELF constructor. FATE#319508 +- enable mozilla-nss + +------------------------------------------------------------------- +Fri Apr 8 15:54:08 UTC 2016 - mpluskal@suse.com + +- Use correct license +- Drop hardcoded dependency on libseccomp, it is detected during + build + +------------------------------------------------------------------- +Fri Apr 8 08:38:00 UTC 2016 - mpluskal@suse.com + +- Undo reference to chrony-dnssrv@.service in %pre, %preun, %post, + and %postun as it would lead to error. +- Change conditions for libseccom, we can use any version on SLE-12 + x86_64 + +------------------------------------------------------------------- +Tue Apr 5 22:27:48 UTC 2016 - mpost@suse.com + +- Removed %if for distributions that aren't building chrony. +- Renamed chrony-2.2_logrotate.patch to chrony-logrotate.patch since + the patch is not particularly version-dependent. +- Added clknetsim for "make check" processing. +- Added Buildrequires for gcc-c++ and timezone for building clknetsim + and running "make check". +- Changed Buildrequires and Requires to specify the minimum level of + libseccomp needed to build on s390x and ppc64le. +- Removed "-Recommends: timedatex" since I couldn't find any instance + of it anywhere in the build service. +- Modified the description to use some of the information from the + chrony web site. +- Added chrony-include-termios.patch so that it will build on ppc64le. +- Added make-105-ntpauth-more-reliable.patch so that "make check" + will not report a non-failure as a failure. +- Added --without-nss to ./configure to avoid "interruption code + 0x2003B in chronyd" errors. +- Changed the symbolic links for rcchronyd and rcchronyd-wait to + point to the actual location of the service command, not the symlink + in /sbin. +- Added reference to chrony-dnssrv@.service in %pre, %preun, %post, + and %postun. + +------------------------------------------------------------------- +Mon Mar 28 09:35:07 UTC 2016 - mpluskal@suse.com + +- Cleanup spec file with spec-cleaner +- Prepare for submission to Factory (see fate#319508) + +------------------------------------------------------------------- +Thu Feb 18 16:48:46 UTC 2016 - mrueckert@suse.de + +- update to 2.3 + - Enhancements + - Add support for NTP and command response rate limiting + - Add support for dropping root privileges on Mac OS X, + FreeBSD, Solaris + - Add require and trust options for source selection + - Enable logchange by default (1 second threshold) + - Set RTC on Mac OS X with rtcsync directive + - Allow binding to NTP port after dropping root privileges on + NetBSD + - Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port + is disabled + - Resolve names in separate process when seccomp filter is + enabled + - Replace old records in client log when memory limit is + reached + - Don't reveal local time and synchronisation state in client + packets + - Don't keep client sockets open for longer than necessary + - Ignore poll in KoD RATE packets as ntpd doesn't always set it + correctly + - Warn when using keys shorter than 80 bits + - Add keygen command to generate random keys easily + - Add serverstats command to report NTP and command packet + statistics + - Bug fixes + - Fix clock correction after making step on Mac OS X + - Fix building on Solaris +- refreshed patches to apply cleanly again: + chrony-2.2_logrotate.patch + chrony-config.patch + chrony-service-helper.patch + +------------------------------------------------------------------- +Fri Jan 29 14:30:43 UTC 2016 - mrueckert@suse.de + +- update to 2.2.1 + Restrict authentication of NTP server/peer to specified key + (CVE-2016-1567) + +------------------------------------------------------------------- +Thu Nov 26 10:45:06 UTC 2015 - mrueckert@suse.de + +- silence groupadd/useradd call and drop the shell from the user. + +------------------------------------------------------------------- +Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de + +- update to 2.2 + see /usr/share/doc/packages/chrony/NEWS +- sync with fedora spec and add systemd support +- refreshed chrony-config.patch to apply cleanly again +- added chrony-2.2_logrotate.patch: add missing su option as we no + longer have the daemon run as root. +- added chrony-service-helper.patch: imported from fedora with a + changed path for moving from libexecdir to datadir +- only use syscall filters on 12.3 and newer +- move helper from libexecdir to datadir + +------------------------------------------------------------------- +Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de + +- clean up build section + - the configure script can actually import CC/CFLAGS from the + environment. no need to break any CFLAGS it might set in the + configure script. + - remove unneeded prefix from the make calls. + - enable building the binaries with PIE/relro now + +------------------------------------------------------------------- +Mon Feb 24 16:53:46 UTC 2014 - mrueckert@suse.de + +- Update to version 1.29.1: + * Modify chronyc protocol to prevent amplification attacks + (CVE-2014-0021) (incompatible with previous protocol version, + chronyc supports both) +- Additional changes from 1.29 + * Fix crash when processing crafted commands (CVE-2012-4502) + (possible with IP addresses allowed by cmdallow and localhost) + * Don't send uninitialized data in SUBNETS_ACCESSED and + CLIENT_ACCESSES replies (CVE-2012-4503) (not used by chronyc) + * Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands +- Additional changes from 1.28 + * Combine sources to improve accuracy + * Make config and command parser strict + * Add -a option to chronyc to authenticate automatically + * Add -R option to ignore initstepslew and makestep directives + * Add generatecommandkey, minsamples, maxsamples and user + directives + * Improve compatibility with NTPv1 and NTPv2 clients + * Create sockets only in selected family with -4/-6 option + * Treat address bind errors as non-fatal + * Extend tracking log + * Accept float values as initstepslew threshold + * Allow hostnames in offline, online and burst commands + * Fix and improve peer polling + * Fix crash in config parsing with too many servers + * Fix crash with duplicated initstepslew address + * Fix delta calculation with extreme frequency offsets + * Set local stratum correctly + * Remove unnecessary adjtimex calls + * Set paths in documentation by configure + * Update chrony.spec +- Updated chrony-config.patch: + - lots of config values were fixed upstream already + - key file patching is unnecessary + +------------------------------------------------------------------- +Sat Jul 13 22:14:49 UTC 2013 - zaitor@opensuse.org + +- Update to version 1.27: + + Added support for stronger authentication keys via NSS or + libtomcrypt library. + + Extended tracking, sources and activity reports printed by + chronyc. + + The daemon now waits in foreground until it is fully + initialized. + + Other bug fixes and improvements. +- Add mozilla-nss-devel & pkg-config BuildRequires, new optional + dependencys. + +------------------------------------------------------------------- +Fri Jan 11 04:29:12 UTC 2013 - mrdocs@opensuse.org + +-run spec-cleaner on the spec file, fix license and remove cruft + +------------------------------------------------------------------- +Tue Nov 29 13:55:16 UTC 2011 - aj@suse.de + +- Update to version 1.26: + * Added compatibility with Linux 3.0 and later + * Fixed replying on multihomed IPv6 hosts + * Other minor bug fixes and improvements +- Cleanup package a bit. + + diff --git a/chrony.dhclient b/chrony.dhclient new file mode 100644 index 0000000..51ae8a4 --- /dev/null +++ b/chrony.dhclient @@ -0,0 +1,20 @@ +#!/bin/bash + +SERVERFILE=$SAVEDIR/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + if [ "$PEERNTP" != "no" ]; then + for server in $new_ntp_servers; do + echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE + done + @CHRONY_HELPER@ update-daemon || : + fi +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + @CHRONY_HELPER@ update-daemon || : + fi +} diff --git a/chrony.helper b/chrony.helper new file mode 100644 index 0000000..fad838e --- /dev/null +++ b/chrony.helper @@ -0,0 +1,186 @@ +#!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. + +chronyc=/usr/bin/chronyc +helper_dir=@CHRONY_RUNDIR@/chrony-helper +added_servers_file=$helper_dir/added_servers + +network_sysconfig_file=/etc/sysconfig/network +dhclient_servers_files=/run/netconfig/chrony.servers +dnssrv_servers_files=$helper_dir/dnssrv@* +dnssrv_timer_prefix=chrony-dnssrv@ + +chrony_command() { + $chronyc -a -n -m "$1" +} + +is_running() { + chrony_command "tracking" &> /dev/null +} + +is_update_needed() { + for file in $dhclient_servers_files $dnssrv_servers_files \ + $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 +} + +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$( + cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) + + all_servers=$( + echo "$all_servers_with_args" | + while read server serverargs; do + echo "$server" + done | sort -u) + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | + while read server; do + chrony_command "delete $server" &> /dev/null + done + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || + rm -f $added_servers_file +} + +get_dnssrv_servers() { + local name=$1 + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + ( + . $network_sysconfig_file &> /dev/null + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) + [ $? -ne 0 ] && return 0 + + echo "$output" | while read prio weight port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port ${NTPSERVERARGS:-iburst}" + done + ) +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer=$dnssrv_timer_prefix$name.timer + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " is-running" + echo " command CHRONYC-COMMAND" +} + +case "$1" in + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon + ;; + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers + ;; + is-running) + is_running + ;; + command|forced-command) + chrony_command "$2" + ;; + *) + print_help + exit 2 +esac + +exit $? diff --git a/chrony.keyring b/chrony.keyring new file mode 100644 index 0000000..ffafed0 --- /dev/null +++ b/chrony.keyring @@ -0,0 +1,54 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1 +Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T +c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl +QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv +tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR +F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B +FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+ +LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV +jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2 +7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/ +v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB +tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA +PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1 +6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s +nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP +nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r +nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ +cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/ +kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6 +LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W +vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS +y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G +4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7 +qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC +YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO +uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR +OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br +O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms +ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm +HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn +X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV +HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5 +ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y +mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs +5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0 +1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ +T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC +YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm +4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7 +qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6 +YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f +eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/ +KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4 +QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+ +hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5 +BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B +B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq +hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb +bcAu2uXfRrQxpaqcOg== +=/wbD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/chrony.nm-dispatcher.dhcp.patch b/chrony.nm-dispatcher.dhcp.patch new file mode 100644 index 0000000..e5cdc43 --- /dev/null +++ b/chrony.nm-dispatcher.dhcp.patch @@ -0,0 +1,11 @@ +--- examples/chrony.nm-dispatcher.dhcp.orig ++++ examples/chrony.nm-dispatcher.dhcp +@@ -10,7 +10,7 @@ + + chronyc=/usr/bin/chronyc + server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" diff --git a/chrony.spec b/chrony.spec new file mode 100644 index 0000000..4cb597c --- /dev/null +++ b/chrony.spec @@ -0,0 +1,384 @@ +# +# spec file for package chrony +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%if 0%{?suse_version} < 1500 +# As of 2021 we still need to be able to build this on SLE12 +%bcond_with pools +%bcond_with sysusers +%bcond_with pps +%else +%bcond_without pools +%bcond_without sysusers +%bcond_without pps +%endif +%if 0%{?suse_version} > 1500 +%bcond_without usr_etc +%endif + +%bcond_without testsuite + +%define _systemdutildir %(pkg-config --variable systemdutildir systemd) +%global clknetsim_ver ef2a7a9 +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir %{_localstatedir}/adm/fillup-templates +%endif +%define chrony_helper %{_libexecdir}/chrony/helper +%define chrony_rundir %{_rundir}/%{name} +Name: chrony +Version: 4.4 +Release: 0 +Summary: System Clock Synchronization Client and Server +License: GPL-2.0-only +Group: Productivity/Networking/Other +URL: https://chrony.tuxfamily.org/ +Source: https://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz +Source2: chronyd.sysconfig +Source3: chrony.dhclient +Source4: chrony.helper +Source5: chrony-dnssrv@.service +Source6: chrony-dnssrv@.timer +Source7: https://download.tuxfamily.org/chrony/chrony-%{version}-tar-gz-asc.txt#/chrony-%{version}.tar.gz.sig +Source8: chrony.keyring +# Simulator for test suite +Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source11: chrony-tmpfiles +Source12: pool.conf.suse +Source13: pool.conf.opensuse +Source14: system-user-chrony.conf +Source99: series +# PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines +Patch0: chrony-config.patch +# Add NTP servers from DHCP when starting service +Patch1: chrony-service-helper.patch +Patch2: chrony-logrotate.patch +Patch3: chrony-service-ordering.patch +Patch7: chrony-htonl.patch +Patch8: chrony.nm-dispatcher.dhcp.patch +BuildRequires: NetworkManager-devel +BuildRequires: bison +BuildRequires: findutils +BuildRequires: gcc-c++ +BuildRequires: gnutls-devel +BuildRequires: libcap-devel +BuildRequires: libedit-devel +BuildRequires: pkgconfig +%if %{with pps} +BuildRequires: pps-tools-devel +%endif +# The timezone package is needed for the "make check" tests. It can be +# removed if the call to make check is ever deleted. +BuildRequires: sysuser-tools +BuildRequires: timezone +BuildRequires: pkgconfig(systemd) +Recommends: logrotate +Requires(post): %fillup_prereq +%if %{with sysusers} +%sysusers_requires +%else +Requires(pre): %{_sbindir}/useradd +%endif +%if %{with pools} +Requires: %name-pool +Recommends: %name-pool-nonempty +%endif +Provides: ntp-daemon +%ifarch s390 s390x ppc64le +BuildRequires: libseccomp-devel >= 2.2.0 +%else +BuildRequires: libseccomp-devel +%endif + +%description +Chrony is an implementation of the Network Time Protocol (NTP). It can +synchronize the system clock with NTP servers, reference clocks (e.g. a +GPS receiver), and manual input using wristwatch and keyboard. It can +also operate as an NTPv4 (RFC 5905) server and peer to provide a time +service to other computers in the network. + +Chrony consists of two programs: chronyd and chronyc. + +Chronyd is a daemon which runs in the background on the system. It +obtains measurements of the system clock’s offset relative to time +servers on other systems via the network and adjusts the system time +accordingly. For isolated systems, the user can periodically enter the +correct time by hand (using chronyc). In either case, chronyd +determines the rate at which the computer gains or loses time, and +compensates for this. Chronyd can act as either a client or a server. + +Chronyc provides a user interface to chronyd for monitoring its +performance and configuring various settings. It can do so while +running on the same computer as the chronyd instance it is controlling +or a different computer. + +%if %{with pools} +%package pool-suse +Summary: Chrony preconfiguration for SUSE +Group: Productivity/Networking/Other +Provides: %name-pool = %version +Provides: %name-pool-nonempty +Conflicts: %name-pool +Requires: %name = %version +BuildArch: noarch +Supplements: (chrony and branding-SLE) +Removepathpostfixes:.suse + +%description pool-suse +This package configures chrony to use the SUSE NTP server pool by +default. + +%package pool-openSUSE +Summary: Chrony preconfiguration for openSUSE +Group: Productivity/Networking/Other +Provides: %name-pool = %version +Provides: %name-pool-nonempty +Conflicts: %name-pool +Requires: %name = %version +BuildArch: noarch +Supplements: (chrony and branding-openSUSE) +Removepathpostfixes:.opensuse + +%description pool-openSUSE +This package configures chrony to use the openSUSE NTP server pool by +default. + +%package pool-empty +Summary: Empty pool preconfiguration for chrony +Group: Productivity/Networking/Other +Provides: %name-pool = %version +Conflicts: %name-pool +Requires: %name = %version +BuildArch: noarch +Removepathpostfixes:.empty + +%description pool-empty +This package provides an empty /etc/chrony.d/pool.conf file for +situations when having servers preconfigured in chrony is undesirable, +e.g. because the servers will be set via DHCP. + +%endif + +%prep +%setup -q -a 10 +%patch0 -p1 +%patch1 +%patch2 -p1 +%patch3 +%patch7 +%patch8 + +# Remove pool statements from the default /etc/chrony.conf. They will +# be provided by branding packages in /etc/chrony.d/pool.conf . + +sed -e 's|^\pool|! pool|' \ + < examples/chrony.conf.example2 > chrony.conf + +cat << EOF >> chrony.conf + +# Also include any directives found in configuration files in /etc/chrony.d +include %{_sysconfdir}/chrony.d/*.conf + +# Add sourcedir needed by NetworkManager DHCP dispatcher +sourcedir /run/chrony-dhcp + +EOF + +touch -r examples/chrony.conf.example2 chrony.conf + +# regenerate the file from getdate.y +rm -f getdate.c + +mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim + +%build +# not autoconf: +export CFLAGS="%{optflags} -Wall -fpic -DPIC $(pkg-config --cflags libseccomp)" +export LDFLAGS="-pie -Wl,-z,relro,-z,now" +%configure \ + --docdir="%{_docdir}/%{name}" \ + --chronyrundir=%{chrony_rundir} \ + --with-pidfile=%{chrony_rundir}/chronyd.pid \ + --enable-scfilter \ + --with-user=chrony \ + --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-sendmail=%{_sbindir}/sendmail \ + --enable-ntp-signd +make %{?_smp_mflags} all +%if %{with sysusers} +%sysusers_generate_pre %{SOURCE14} chrony system-user-chrony.conf +%else +cat > chrony.pre </dev/null 2>&1 || : +%{_sbindir}/useradd -g chrony -s /bin/false -r -c "Chrony Daemon" \ + -d "%{_localstatedir}/lib/chrony" chrony >/dev/null 2>&1 || : +EOF +%endif + +%install +%make_install +install -Dpm 0644 chrony.conf \ + %{buildroot}%{_sysconfdir}/chrony.conf +mkdir %{buildroot}%{_sysconfdir}/chrony.d +install -Dpm 0640 examples/chrony.keys.example \ + %{buildroot}%{_sysconfdir}/chrony.keys +install -Dpm 0755 examples/chrony.nm-dispatcher.onoffline \ + %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline +install -Dpm 0755 examples/chrony.nm-dispatcher.dhcp \ + %{buildroot}%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp +install -Dpm 0755 %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +%if %{with usr_etc} +mkdir -p %{buildroot}%{_distconfdir}/logrotate.d +install -Dpm 0644 examples/chrony.logrotate \ + %{buildroot}%{_distconfdir}/logrotate.d/chrony +%else +install -Dpm 0644 examples/chrony.logrotate \ + %{buildroot}%{_sysconfdir}/logrotate.d/chrony +%endif +install -Dpm 0644 examples/chronyd.service \ + %{buildroot}%{_unitdir}/chronyd.service +install -Dpm 0644 examples/chrony-wait.service \ + %{buildroot}%{_unitdir}/chrony-wait.service +install -Dpm 0644 %{SOURCE5} \ + %{buildroot}%{_unitdir}/chrony-dnssrv@.service +install -Dpm 0644 %{SOURCE6} \ + %{buildroot}%{_unitdir}/chrony-dnssrv@.timer +install -Dpm 0644 %{SOURCE11} \ + %{buildroot}%{_tmpfilesdir}/%{name}.conf + +install -d %{buildroot}%{_sbindir} +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchronyd +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchrony-wait + +install -d %{buildroot}%{_systemdutildir}/ntp-units.d +echo 'chronyd.service' > \ + %{buildroot}%{_systemdutildir}/ntp-units.d/50-chronyd.list + +install -Dpm 0644 %{SOURCE2} \ + %{buildroot}%{_fillupdir}/sysconfig.chronyd +install -Dpm 755 %{SOURCE4} %{buildroot}%{chrony_helper} + +install -d %{buildroot}%{_localstatedir}/log/chrony +touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc} + +%if %{with pools} +# Install the NTP pool files +install -Dpm 644 %{SOURCE12} %{SOURCE13} %{buildroot}/etc/chrony.d +echo '# Add ntp pools here' > %{buildroot}/etc/chrony.d/pool.conf.empty +%endif + +mkdir -p %{buildroot}%{_sysusersdir} +install -m 0644 %{SOURCE14} %{buildroot}%{_sysusersdir}/ + +find %{buildroot} -type f | xargs sed -i ' + s-@CHRONY_HELPER@-%{chrony_helper}-g + s-@CHRONY_RUNDIR@-%{chrony_rundir}-g +' + +%if %{with testsuite} +%ifnarch %ix86 +%check +# Set random seed to get deterministic results +export CLKNETSIM_RANDOM_SEED=24501 +export CFLAGS="%{optflags}" +make %{?_smp_mflags} -C test/simulation/clknetsim +make %{?_smp_mflags} quickcheck +%endif +%endif + +%pre -f chrony.pre +%service_add_pre chronyd.service chrony-wait.service +%if %{with usr_etc} +# Prepare for migration to /usr/etc; save any old .rpmsave +for i in logrotate.d/chrony ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: +done +%endif + +%if %{with usr_etc} +%posttrans +# Migration to /usr/etc, restore just created .rpmsave +for i in logrotate.d/chrony ; do + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: +done +%endif + +%preun +%service_del_preun chronyd.service chrony-wait.service + +%post +%fillup_only -n chronyd +%tmpfiles_create %{name}.conf +%service_add_post chronyd.service chrony-wait.service + +%postun +%service_del_postun chronyd.service chrony-wait.service + +%files +%defattr(-,root,root) +%if 0%{?suse_version} >= 1500 +%license COPYING +%else +%doc COPYING +%endif +%doc FAQ NEWS README +%doc examples +%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/chrony.conf +%config(noreplace) %attr(0640,root,%{name}) %verify(not md5 size mtime) %{_sysconfdir}/chrony.keys +%if 0%{?suse_version} > 1500 +%{_distconfdir}/logrotate.d/chrony +%else +%config(noreplace) %{_sysconfdir}/logrotate.d/chrony +%endif +%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline +%attr(0755,root,root) %{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp +%dir %{_sysconfdir}/chrony.d/ +%dir %{_sysconfdir}/dhcp/ +%dir %{_sysconfdir}/dhcp/dhclient.d/ +%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +%{_sysusersdir}/system-user-chrony.conf +%{_bindir}/chronyc +%{_sbindir}/chronyd +%{_libexecdir}/%name +%{_mandir}/man1/chronyc.1%{?ext_man} +%{_mandir}/man5/chrony.conf.5%{?ext_man} +%{_mandir}/man8/chronyd.8%{?ext_man} +%{_systemdutildir}/ntp-units.d/*.list +%{_unitdir}/chrony*.service +%{_unitdir}/chrony*.timer +%{_sbindir}/rcchrony* +%{_tmpfilesdir}/%{name}.conf +%{_fillupdir}/sysconfig.chronyd +%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/drift +%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/rtc +%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony +%ghost %attr(0750, %{name}, %{name}) %{_rundir}/%{name} + +%if %{with pools} +%files pool-empty +%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.empty + +%files pool-suse +%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.suse + +%files pool-openSUSE +%attr(-,root,root)%config (noreplace) /etc/chrony.d/pool.conf.opensuse +%endif + +%changelog diff --git a/chronyd.sysconfig b/chronyd.sysconfig new file mode 100644 index 0000000..c6b3e48 --- /dev/null +++ b/chronyd.sysconfig @@ -0,0 +1,9 @@ +## Path: Network/Chrony +## Description: Chrony time synchronization settings +## Type: string +## Default: "" +## ServiceRestart: chronyd +# +# Command line options for chronyd +# +OPTIONS="" diff --git a/clknetsim-ef2a7a9.tar.gz b/clknetsim-ef2a7a9.tar.gz new file mode 100644 index 0000000..708cabd --- /dev/null +++ b/clknetsim-ef2a7a9.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:620acca3c50e7456453a7d15ccf0a1eedcb3eb8d110fe2cd1a90ccfaec110f70 +size 50765 diff --git a/pool.conf.opensuse b/pool.conf.opensuse new file mode 100644 index 0000000..5394ca6 --- /dev/null +++ b/pool.conf.opensuse @@ -0,0 +1 @@ +pool 2.opensuse.pool.ntp.org iburst diff --git a/pool.conf.suse b/pool.conf.suse new file mode 100644 index 0000000..d3b9d51 --- /dev/null +++ b/pool.conf.suse @@ -0,0 +1 @@ +pool 2.suse.pool.ntp.org iburst diff --git a/series b/series new file mode 100644 index 0000000..c4cbcd5 --- /dev/null +++ b/series @@ -0,0 +1,4 @@ +chrony-config.patch -p1 +chrony-service-helper.patch -p1 +chrony-logrotate.patch -p1 +chrony-service-ordering.patch -p0 diff --git a/system-user-chrony.conf b/system-user-chrony.conf new file mode 100644 index 0000000..0ddfc02 --- /dev/null +++ b/system-user-chrony.conf @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u chrony - "Chrony Daemon" /var/lib/chrony -