diff --git a/1001-chrony-packettest.patch b/1001-chrony-packettest.patch deleted file mode 100644 index ff1e207d2434a39ed83a17b9f7def1d37df8a69f..0000000000000000000000000000000000000000 --- a/1001-chrony-packettest.patch +++ /dev/null @@ -1,25 +0,0 @@ -commit 62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a -Author: Miroslav Lichvar -Date: Tue Jun 18 15:41:50 2019 +0200 - - test: update processing of packet log - - Two new fields have been added to the packet log, which broke some - of the simulation tests. - -diff --git a/test/simulation/test.common b/test/simulation/test.common -index 951a794b..8ed6ad9e 100644 ---- a/test/simulation/test.common -+++ b/test/simulation/test.common -@@ -391,9 +391,9 @@ check_packet_port() { - for i in $(seq 1 $(get_chronyd_nodes)); do - test_message 3 0 "node $i:" - -- grep -E -q " $port [0-9]+\$" tmp/log.packets && \ -+ grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ - ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ -- grep -E -q -v " $port [0-9]+\$" && \ -+ grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ - test_ok || test_bad - [ $? -eq 0 ] || ret=1 - done diff --git a/chrony-3.5.tar.gz b/chrony-3.5.tar.gz deleted file mode 100644 index 60559d93dc3429a9e26a3c7cb7937414a8f980fd..0000000000000000000000000000000000000000 Binary files a/chrony-3.5.tar.gz and /dev/null differ diff --git a/chrony-4.1.tar.gz b/chrony-4.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..c0397a797df20d39403379fcdcbc9769768e7b6c Binary files /dev/null and b/chrony-4.1.tar.gz differ diff --git a/chrony-defconfig.patch b/chrony-defconfig.patch new file mode 100644 index 0000000000000000000000000000000000000000..b471de88cc3420cc25b5cfe2d8e2ef9b80da4987 --- /dev/null +++ b/chrony-defconfig.patch @@ -0,0 +1,29 @@ +diff -up chrony-4.1/examples/chrony.conf.example2.defconfig chrony-4.1/examples/chrony.conf.example2 +--- chrony-4.1/examples/chrony.conf.example2.defconfig 2021-05-12 13:06:15.000000000 +0200 ++++ chrony-4.1/examples/chrony.conf.example2 2019-05-10 12:22:57.000000000 +0200 +@@ -1,5 +1,5 @@ + # Use public servers from the pool.ntp.org project. +-# Please consider joining the pool (https://www.pool.ntp.org/join.html). ++# Please consider joining the pool (http://www.pool.ntp.org/join.html). + pool pool.ntp.org iburst + + # Record the rate at which the system clock gains/losses time. +@@ -25,18 +25,9 @@ rtcsync + # Serve time even if not synchronized to a time source. + #local stratum 10 + +-# Require authentication (nts or key option) for all NTP sources. +-#authselectmode require +- + # Specify file containing keys for NTP authentication. + #keyfile /etc/chrony.keys + +-# Save NTS keys and cookies. +-ntsdumpdir /var/lib/chrony +- +-# Insert/delete leap seconds by slewing instead of stepping. +-#leapsecmode slew +- + # Get TAI-UTC offset and leap seconds from the system tz database. + #leapsectz right/UTC + diff --git a/chrony-nm-dispatcher-dhcp.patch b/chrony-nm-dispatcher-dhcp.patch new file mode 100644 index 0000000000000000000000000000000000000000..7d132c15dbd595ea5bbda0bdc5033b863b8d9399 --- /dev/null +++ b/chrony-nm-dispatcher-dhcp.patch @@ -0,0 +1,100 @@ +From: Robert Fairley +Date: Wed, 17 Jun 2020 10:14:19 -0400 +Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig + +Use the PEERNTP and NTPSERVERARGS environment variables from +/etc/sysconfig/network{-scripts}. + +Co-Authored-By: Christian Glombek + +diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp +index 6ea4c37..a6ad35a 100644 +--- a/examples/chrony.nm-dispatcher.dhcp ++++ b/examples/chrony.nm-dispatcher.dhcp +@@ -6,16 +6,24 @@ + + chronyc=/usr/bin/chronyc + default_server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. + nm_dhcp_servers=$DHCP4_NTP_SERVERS + ++[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network ++[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ ++ . /etc/sysconfig/network-scripts/ifcfg-"${interface}" ++ + add_servers_from_dhcp() { + rm -f "$dhcp_server_file" ++ ++ # Don't add NTP servers if PEERNTP=no specified; return early. ++ [ "$PEERNTP" = "no" ] && return ++ + for server in $nm_dhcp_servers; do +- echo "server $server $default_server_options" >> "$dhcp_server_file" ++ echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file" + done + $chronyc reload sources > /dev/null 2>&1 || : + } +-- +2.29.2 + +Use chrony-helper instead of chronyc to avoid changes in default chrony.conf + +diff -up chrony-4.1/examples/chrony.nm-dispatcher.dhcp.nm-dispatcher-dhcp chrony-4.1/examples/chrony.nm-dispatcher.dhcp +--- chrony-4.1/examples/chrony.nm-dispatcher.dhcp.nm-dispatcher-dhcp 2021-06-09 11:10:30.997416152 +0200 ++++ chrony-4.1/examples/chrony.nm-dispatcher.dhcp 2021-06-09 11:16:23.598381336 +0200 +@@ -9,11 +9,12 @@ export LC_ALL=C + interface=$1 + action=$2 + +-chronyc=/usr/bin/chronyc ++helper=/usr/libexec/chrony-helper + default_server_options=iburst +-server_dir=/run/chrony-dhcp ++server_dir=/run/chrony-helper + +-dhcp_server_file=$server_dir/$interface.sources ++dhcp_server_tmpfile=$server_dir/tmp-nm-dhcp.$interface ++dhcp_server_file=$server_dir/nm-dhcp.$interface + # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. + nm_dhcp_servers=$DHCP4_NTP_SERVERS + +@@ -24,24 +24,30 @@ nm_dhcp_servers=$DHCP4_NTP_SERVERS + add_servers_from_dhcp() { + rm -f "$dhcp_server_file" + ++ # Remove servers saved by the dhclient script before it detected NM. ++ rm -f "/var/lib/dhclient/chrony.servers.$interface" ++ + # Don't add NTP servers if PEERNTP=no specified; return early. + [ "$PEERNTP" = "no" ] && return + ++ # Create the directory with correct SELinux context. ++ $helper create-helper-directory > /dev/null 2>&1 ++ + for server in $nm_dhcp_servers; do +- echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file" ++ echo "$server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_tmpfile" + done ++ [ -e "$dhcp_server_tmpfile" ] && mv "$dhcp_server_tmpfile" "$dhcp_server_file" +- $chronyc reload sources > /dev/null 2>&1 || : ++ ++ $helper update-daemon > /dev/null 2>&1 || : + } + + clear_servers_from_dhcp() { + if [ -f "$dhcp_server_file" ]; then + rm -f "$dhcp_server_file" +- $chronyc reload sources > /dev/null 2>&1 || : ++ $helper update-daemon > /dev/null 2>&1 || : + fi + } + +-mkdir -p $server_dir +- + if [ "$action" = "up" ] || [ "$action" = "dhcp4-change" ]; then + add_servers_from_dhcp + elif [ "$action" = "down" ]; then diff --git a/chrony-service-helper.patch b/chrony-service-helper.patch index 6376e0b89e9de5624ac34d8050a983134064fcc6..5b7f8d344df012bbbf8cadb9adaba5716850a9cc 100644 --- a/chrony-service-helper.patch +++ b/chrony-service-helper.patch @@ -1,11 +1,12 @@ -diff -up chrony-3.5/examples/chronyd.service.service-helper chrony-3.5/examples/chronyd.service ---- chrony-3.5/examples/chronyd.service.service-helper 2019-05-10 12:22:57.000000000 +0200 -+++ chrony-3.5/examples/chronyd.service 2019-05-14 13:42:38.069516800 +0200 -@@ -10,6 +10,7 @@ Type=forking +diff -up chrony-4.1/examples/chronyd.service.service-helper chrony-4.1/examples/chronyd.service +--- chrony-4.1/examples/chronyd.service.service-helper 2021-05-12 13:06:15.000000000 +0200 ++++ chrony-4.1/examples/chronyd.service 2021-06-15 09:01:56.948968576 +0200 +@@ -10,6 +10,8 @@ Type=forking PIDFile=/run/chrony/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS +ExecStartPost=/usr/libexec/chrony-helper update-daemon ++ExecStopPost=/usr/libexec/chrony-helper remove-daemon-state PrivateTmp=yes ProtectHome=yes ProtectSystem=full diff --git a/chrony.dhclient b/chrony.dhclient index be17e2a534a2bb66c7b75a1a28dd62db0760bf1f..d5398e8bead4a3c225ea3f750eab42985b3f5e73 100644 --- a/chrony.dhclient +++ b/chrony.dhclient @@ -3,6 +3,9 @@ SERVERFILE=$SAVEDIR/chrony.servers.$interface chrony_config() { + # Disable modifications if called from a NM dispatcher script + [ -n "$NM_DISPATCHER_ACTION" ] && return 0 + rm -f "$SERVERFILE" if [ "$PEERNTP" != "no" ]; then for server in $new_ntp_servers; do @@ -13,6 +16,8 @@ chrony_config() { } chrony_restore() { + [ -n "$NM_DISPATCHER_ACTION" ] && return 0 + if [ -f "$SERVERFILE" ]; then rm -f "$SERVERFILE" /usr/libexec/chrony-helper update-daemon || : diff --git a/chrony.helper b/chrony.helper index 95414afdf3297d108509fb03a527e8b37bf8189e..16deb61dad631c315e3a8f11c65009c5d16a8882 100644 --- a/chrony.helper +++ b/chrony.helper @@ -8,10 +8,11 @@ chronyc=/usr/bin/chronyc chrony_conf=/etc/chrony.conf chrony_service=chronyd.service -helper_dir=/var/run/chrony-helper +helper_dir=/run/chrony-helper added_servers_file=$helper_dir/added_servers network_sysconfig_file=/etc/sysconfig/network +nm_servers_files="$helper_dir/nm-dhcp.*" dhclient_servers_files="/var/lib/dhclient/chrony.servers.*" dnssrv_servers_files="$helper_dir/dnssrv@*" dnssrv_timer_prefix=chrony-dnssrv@ @@ -27,6 +28,7 @@ is_running() { } get_servers_files() { + [ "$PEERNTP" != "no" ] && echo "$nm_servers_files" [ "$PEERNTP" != "no" ] && echo "$dhclient_servers_files" echo "$dnssrv_servers_files" } @@ -38,11 +40,15 @@ is_update_needed() { return 1 } +remove_daemon_state() { + rm -f $added_servers_file +} + update_daemon() { local all_servers_with_args all_servers added_servers if ! is_running; then - rm -f $added_servers_file + remove_daemon_state return 0 fi @@ -217,7 +223,9 @@ print_help() { echo "Usage: $0 COMMAND" echo echo "Commands:" + echo " create-helper-directory" echo " update-daemon" + echo " remove-daemon-state" echo " update-dnssrv-servers NAME" echo " enable-dnssrv NAME" echo " disable-dnssrv NAME" @@ -229,10 +237,16 @@ print_help() { } case "$1" in + create-helper-directory) + prepare_helper_dir + ;; update-daemon|add-dhclient-servers|remove-dhclient-servers) is_update_needed || exit 0 prepare_helper_dir && update_daemon ;; + remove-daemon-state) + remove_daemon_state + ;; update-dnssrv-servers) prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon ;; diff --git a/chrony.spec b/chrony.spec index 380a0b815a7357e67fbc591d5b1dc43d84bd393d..2e4945a8afd8c9f54773fbe18f901512219f2b24 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,13 +1,14 @@ %define anolis_release .0.1 %global vendorzone ntp.aliyun.com %global _hardened_build 1 -%global clknetsim_ver 79ffe4 +%global clknetsim_ver f89702 %global ntp2chrony_ver 2a0512 %bcond_without debug +%bcond_without nts Name: chrony -Version: 3.5 -Release: 2%{anolis_release}%{?dist} +Version: 4.1 +Release: 1%{anolis_release}%{?dist} Summary: An NTP client/server Group: System Environment/Daemons @@ -24,19 +25,21 @@ Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/c Source11: https://github.com/mlichvar/ntp2chrony/raw/%{ntp2chrony_ver}/ntp2chrony/ntp2chrony.py %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} +# modify NetworkManager DHCP dispatcher to work with chrony-helper and +# follow distribution-specific configuration +Patch1: chrony-nm-dispatcher-dhcp.patch # add NTP servers from DHCP when starting service Patch2: chrony-service-helper.patch - -# Begin: Anolis customized patches -Patch1001: 1001-chrony-packettest.patch -# End: Anolis customized patches +# revert upstream changes in packaged chrony.conf example +Patch3: chrony-defconfig.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel %ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x BuildRequires: libseccomp-devel %endif -BuildRequires: gcc bison systemd +BuildRequires: gcc gcc-c++ make bison systemd BuildRequires: kernel-headers > 4.18.0-87 +%{?with_nts:BuildRequires: gnutls-devel gnutls-utils} Requires(pre): shadow-utils %{?systemd_requires} @@ -44,10 +47,6 @@ Requires(pre): shadow-utils # install timedated implementation that can control chronyd service Recommends: timedatex -# recommend dhclient to get NTP servers from DHCP with NetworkManager -# using the dhclient NM-dispatcher script -Recommends: dhcp-client - # suggest drivers for hardware reference clocks Suggests: ntp-refclock @@ -65,21 +64,21 @@ service to other computers in the network. %prep %setup -q -n %{name}-%{version}%{?prerelease} -a 10 %{?gitpatch:%patch0 -p1} +%patch1 -p1 -b .nm-dispatcher-dhcp %patch2 -p1 -b .service-helper - -# backport from upstream -%patch1001 -p1 -b .packettest +%patch3 -p1 -b .defconfig %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') - 47ad7eccc410b981d2f2101cf5682616 examples/chrony-wait.service + bc563c1bcf67b2da774bd8c2aef55a06 examples/chrony-wait.service e473a9fab7fe200cacce3dca8b66290b examples/chrony.conf.example2 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - 8748a663f0b1943ea491858f414a6b26 examples/chrony.nm-dispatcher - b23bcc3bd78e195ca2849459e459f3ed examples/chronyd.service + fabb5b3f127b802c27c82837feff0fe6 examples/chrony.nm-dispatcher.dhcp + 8f5a98fcb400a482d355b929d04b5518 examples/chrony.nm-dispatcher.onoffline + 56d221eba8ce8a2e03d3e0dd87999a81 examples/chronyd.service EOF # don't allow packaging without vendor zone @@ -108,10 +107,13 @@ install -m 644 -p %{SOURCE11} ntp2chrony.py %{?with_debug: --enable-debug} \ --enable-ntp-signd \ --enable-scfilter \ +%{!?with_nts: --disable-nts} \ + --chronyrundir=/run/chrony \ --docdir=%{_docdir} \ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-pidfile=/run/chrony/chronyd.pid \ --with-sendmail=%{_sbindir}/sendmail make %{?_smp_mflags} @@ -131,8 +133,10 @@ install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf install -m 640 -p examples/chrony.keys.example \ $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys -install -m 755 -p examples/chrony.nm-dispatcher \ - $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +install -m 755 -p examples/chrony.nm-dispatcher.onoffline \ + $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony-onoffline +install -m 755 -p examples/chrony.nm-dispatcher.dhcp \ + $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony-dhcp install -m 755 -p %{SOURCE1} \ $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh install -m 644 -p examples/chrony.logrotate \ @@ -196,7 +200,7 @@ fi %config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys %config(noreplace) %{_sysconfdir}/logrotate.d/chrony %config(noreplace) %{_sysconfdir}/sysconfig/chronyd -%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony* %{_sysconfdir}/dhcp/dhclient.d/chrony.sh %{_bindir}/chronyc %{_sbindir}/chronyd @@ -205,22 +209,23 @@ fi %{_unitdir}/chrony*.service %{_unitdir}/chrony*.timer %{_mandir}/man[158]/%{name}*.[158]* -%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc -%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony +%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Thu Dec 09 2021 Weitao Zhou 3.5-2.0.2 -- Better compatibility for both glibc2.28 and glibc2.32 - * Fix simulation test - * Update clknetsim - -* Thu Aug 5 2021 Weitao Zhou 3.5-2.0.1 +* Tue Jan 11 2022 Weitao Zhou 4.1-1.0.1 - Fix unavailable time server for Anolis OS -* Mon Mar 01 2021 Miroslav Lichvar 3.5-2 -- recommend dhcp-client to get DHCP NTP servers with NetworkManager (#1930468) +* Tue Jun 15 2021 Miroslav Lichvar 4.1-1 +- update to 4.1 (#1895003 #1847853 #1929157) +- add NetworkManager dispatcher script to add servers from DHCP even without + dhclient (#1933139) +- restrict permissions of /var/lib/chrony and /var/log/chrony (#1939295) +- reset chrony-helper state after stopping chronyd (#1971697) +- add gcc-c++ and make to build requirements +- move default paths in /var/run to /run * Tue May 21 2019 Miroslav Lichvar 3.5-1 - update to 3.5 (#1685469 #1677218) diff --git a/clknetsim-79ffe4.tar.gz b/clknetsim-79ffe4.tar.gz deleted file mode 100644 index fbc621d260cd081f7f46f8c149b6e1bc7e138c21..0000000000000000000000000000000000000000 Binary files a/clknetsim-79ffe4.tar.gz and /dev/null differ diff --git a/clknetsim-f89702.tar.gz b/clknetsim-f89702.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..513ebd1b0c22978165e39d03a5acdcc7478f2701 Binary files /dev/null and b/clknetsim-f89702.tar.gz differ