Bug#1033088: ntpsec: mssntp in ntp.conf breaks time service to all clients

Tue, 02 May 2023 20:21:14 -0700 

On 2023-04-29 9:04 p.m., Richard Laager wrote:

Quick approach is try this:
python3 waf configure ...
python3 waf build



I tried this, but the bundled 'waf' tool did not work in Python3. I 
could not get past the 'configure' step. Here's the output I got on a 
Bookworm host with all the ntpsec build dependencies installed:


t...@book.test:~$ python3 -V
Python 3.11.2

t...@book.test:~$ wget -q 
https://ftp.ntpsec.org/pub/releases/ntpsec-1.1.3.tar.gz

t...@book.test:~$ tar -xf ntpsec-1.1.3.tar.gz
t...@book.test:~$ cd ntpsec-1.1.3/
t...@book.test:~/ntpsec-1.1.3$ python3 waf configure
Waf: The wscript in '/home/tech/ntpsec-1.1.3' is unreadable
Traceback (most recent call last):

  File 
"/home/tech/ntpsec-1.1.3/.waf3-1.9.15-7481b2b5d90177d4bb747dbff06bef90/waflib/Scripting.py", 
line 106, in waf_entry_point


set_main_module(os.path.normpath(os.path.join(Context.run_dir,Context.WSCRIPT_FILE)))

  File 
"/home/tech/ntpsec-1.1.3/.waf3-1.9.15-7481b2b5d90177d4bb747dbff06bef90/waflib/Scripting.py", 
line 137, in set_main_module

    Context.g_module=Context.load_module(file_path)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File 
"/home/tech/ntpsec-1.1.3/.waf3-1.9.15-7481b2b5d90177d4bb747dbff06bef90/waflib/Context.py", 
line 352, in load_module

    code=Utils.readf(path,m='rU',encoding=encoding)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File 
"/home/tech/ntpsec-1.1.3/.waf3-1.9.15-7481b2b5d90177d4bb747dbff06bef90/waflib/Utils.py", 
line 127, in readf

    f=open(fname,m)
      ^^^^^^^^^^^^^
ValueError: invalid mode: 'rUb'


A longer, but possibly better, approach might be something like:
git clone g...@salsa.debian.org:debian/ntpsec.git
cd ntpsec
git checkout debian/1.1.3+dfsg1-1
debuild -uc -us



I tried this too, but the result was similar: the bundled 'waf' failed 
to work, which broke the build.



I don't believe I will be able to "forward-port" old ntpsec releases to 
Bookworm without a lot more time and effort. Perhaps someone more 
familiar with the build system would have better luck?



An intermediate approach might be to test with the binary package from 
buster. You can get download links here, by architecture, plus there are 
links to related packages, some of which (like python3-ntp) you might need:

https://packages.debian.org/buster/ntpsec



I could spin up a Buster VM to try this. I don't have a domain 
controller running on Buster, so I can't test whether Windows clients 
will get properly signed responses from the server. But I can still test 
whether the 'mssntp' configuration in ntp.conf causes ntpsec to stop 
serving non-auth clients. I will try to get to this in the next few days.


-S.M.























					Reply via email to