On 06/10/2013 11:29 PM, Joe MacDonald wrote:
Hey Xufeng,
[[oe] [OE-devel] [PATCH] ntp: Resolve some abnormal behaviors] On 13.05.31 (Fri
14:18) Xufeng Zhang wrote:
The main changes include:
1). Add ntp:ntp(user:group) to system.
2). Running ntpd dameon as ntp:ntp.
3). Move relevant files from /usr/bin to /usr/sbin.
4). Add crypto support.
This one seems to have trailed off. Sorry if you guys were waiting on
my input as well.
Sorry for late response, I have missed this email.
First, I agree with Paul on both #3 and #4.
Now I also agree that I should drop #4.
I would rather see a patch
that updates NTP to use sbindir instead of bindir in the options
I'm not quite understand what's the meaning of "in the options".
I'll explain how "--with-binsubdir" works for ntp:
"--with-binsubdir" controls whether we use bin_PROGRAMS or sbin_PROGRAMS
for built binaries in Makefile, in others words, it controls where we
install the
binaries. If "--with-binsubdir" is not set or if "--with-binsubdir=bin",
then we use
bindir, otherwise, if "--with-binsubdir=sbin", we use sbindir, so if we
want to
install the binaries into sbindir, we must specify "--with-binsubdir=sbin".
(or at
least a follow-up indicating that it's infeasible for some reason, I
also don't know what NTP's build system looks like, so maybe that's not
an option). I also agree that my preferred scenario is for the system
to be as secure as possible by default, but crypto support is available
and not everyone wants or needs it. We (relatively) recently when
through an extended discussion about ntp versus ntp-ssl and the current
situation seems to be the best compromise for everyone.
As a more general comment, you have four bullet-points below. That's
normally an indication (to me, at least) that four patches are
appropriate. Looking a bit closer, it looks like two related changes
and two unrelated ones, so I'd want to see three patches for this unless
there's a good reason why all of them are tied together.
#1 and #2 aren't likely to be contentious, so feel free to send out a
single patch doing both of those any time and we can revisit #3 and #4
at your convenience.
Thank you very much for the detail suggestions and explanations!
I'll send V2 patch until we come to a agreement on #3.
Xufeng
Thanks,
-J.
[YOCTO #4567]
[ CQID: WIND00417282 ]
Signed-off-by: Xufeng Zhang<[email protected]>
---
meta-networking/recipes-support/ntp/files/ntpd | 8 ++++----
meta-networking/recipes-support/ntp/files/ntpdate | 6 +++---
meta-networking/recipes-support/ntp/ntp.inc | 20 ++++++++++++--------
3 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/meta-networking/recipes-support/ntp/files/ntpd
b/meta-networking/recipes-support/ntp/files/ntpd
index ae50f13..285f5c0 100755
--- a/meta-networking/recipes-support/ntp/files/ntpd
+++ b/meta-networking/recipes-support/ntp/files/ntpd
@@ -1,7 +1,7 @@
#! /bin/sh
#
# ntpd init.d script for ntpdc from ntp.isc.org
-test -x /usr/bin/ntpd -a -r /etc/ntp.conf || exit 0
+test -x /usr/sbin/ntpd -a -r /etc/ntp.conf || exit 0
# rcS contains TICKADJ
test -r /etc/default/rcS&& . /etc/default/rcS
@@ -9,9 +9,9 @@ test -r /etc/default/rcS&& . /etc/default/rcS
settick(){
# If TICKADJ is set we *must* adjust it before we start, because the
# driftfile relies on the correct setting
- test -n "$TICKADJ" -a -x /usr/bin/tickadj&& {
+ test -n "$TICKADJ" -a -x /usr/sbin/tickadj&& {
echo -n "Setting tick to $TICKADJ: "
- /usr/bin/tickadj "$TICKADJ"
+ /usr/sbin/tickadj "$TICKADJ"
echo "done"
}
}
@@ -21,7 +21,7 @@ startdaemon(){
# this. If ntpd seems to disappear after a while assume TICKADJ
# above is set to a totally incorrect value.
echo -n "Starting ntpd: "
- start-stop-daemon --start -x /usr/bin/ntpd -- -p /var/run/ntp.pid "$@"
+ start-stop-daemon --start -x /usr/sbin/ntpd -- -u ntp:ntp -p /var/run/ntp.pid
"$@"
echo "done"
}
stopdaemon(){
diff --git a/meta-networking/recipes-support/ntp/files/ntpdate
b/meta-networking/recipes-support/ntp/files/ntpdate
index ab0551c..17b64d1 100755
--- a/meta-networking/recipes-support/ntp/files/ntpdate
+++ b/meta-networking/recipes-support/ntp/files/ntpdate
@@ -1,8 +1,8 @@
#!/bin/sh
-PATH=/sbin:/bin:/usr/bin
+PATH=/sbin:/bin:/usr/bin:/usr/sbin
-test -x /usr/bin/ntpdate || exit 0
+test -x /usr/sbin/ntpdate || exit 0
if test -f /etc/default/ntpdate ; then
. /etc/default/ntpdate
@@ -40,7 +40,7 @@ if [ -x /usr/bin/lockfile-create ]; then
LOCKTOUCHPID="$!"
fi
-if /usr/bin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
+if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
if [ "$UPDATE_HWCLOCK" = "yes" ]; then
hwclock --systohc || :
fi
diff --git a/meta-networking/recipes-support/ntp/ntp.inc
b/meta-networking/recipes-support/ntp/ntp.inc
index 79e7401..b52a7d6 100644
--- a/meta-networking/recipes-support/ntp/ntp.inc
+++ b/meta-networking/recipes-support/ntp/ntp.inc
@@ -24,14 +24,19 @@ SRC_URI =
"http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
file://sntp \
"
-inherit autotools update-rc.d systemd
+inherit autotools update-rc.d systemd useradd
# The ac_cv_header_readline_history is to stop ntpdc depending on either
# readline or curses
-EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd
ac_cv_header_readline_history_h=no"
+EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd
ac_cv_header_readline_history_h=no --with-binsubdir=sbin"
CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
-PACKAGECONFIG ??= ""
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home /etc/ntp \
+ --no-create-home --shell /bin/false \
+ --user-group ntp"
+
+PACKAGECONFIG ??= "openssl"
PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
--with-openssl-incdir=${STAGING_INCDIR} \
--with-crypto, \
@@ -91,10 +96,10 @@ RCONFLICTS_ntpdate += "ntpdate-systemd"
RSUGGESTS_${PN} = "iana-etc"
-FILES_${PN} = "${bindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd
${sbindir} ${libdir}"
-FILES_${PN}-tickadj = "${bindir}/tickadj"
-FILES_${PN}-utils = "${bindir}"
-FILES_ntpdate = "${bindir}/ntpdate \
+FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd
${libdir}"
+FILES_${PN}-tickadj = "${sbindir}/tickadj"
+FILES_${PN}-utils = "${sbindir}"
+FILES_ntpdate = "${sbindir}/ntpdate \
${sysconfdir}/network/if-up.d/ntpdate-sync \
${bindir}/ntpdate-sync \
${sysconfdir}/default/ntpdate \
@@ -122,4 +127,3 @@ else
fi
fi
}
-
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
