Hello community,
here is the log from the commit of package ntp for openSUSE:Factory checked in
at 2018-04-30 22:52:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ntp (Old)
and /work/SRC/openSUSE:Factory/.ntp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ntp"
Mon Apr 30 22:52:21 2018 rev:115 rq:601632 version:4.2.8p11
Changes:
--------
--- /work/SRC/openSUSE:Factory/ntp/ntp.changes 2018-04-01 17:25:25.009929455
+0200
+++ /work/SRC/openSUSE:Factory/.ntp.new/ntp.changes 2018-04-30
22:52:22.670824669 +0200
@@ -1,0 +2,7 @@
+Tue Apr 24 10:19:39 UTC 2018 - m...@suse.com
+
+- Refactor the key handling in %post so that it does not overwrite
+ user settings (bsc#1036505) and is more robust against ignored
+ SIGPIPE (bsc#1090564).
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ntp.spec ++++++
--- /var/tmp/diff_new_pack.sK2oza/_old 2018-04-30 22:52:23.574791686 +0200
+++ /var/tmp/diff_new_pack.sK2oza/_new 2018-04-30 22:52:23.578791540 +0200
@@ -83,6 +83,8 @@
Requires(pre): %{_bindir}/diff
Requires(pre): %{_bindir}/grep
Requires(pre): pwdutils
+Requires(post): /usr/bin/base64
+Requires(post): /usr/bin/gawk
Suggests: logrotate
Provides: ntp-daemon
Provides: xntp = %{version}
@@ -273,38 +275,87 @@
fi
%post
-# Create ntp.keys file
-if [ ! -f /etc/ntp.keys ]; then
+
+getntpconf() {
+ # Get the value of a single-value ntp.conf directive, first match wins.
+ awk 'NF >= 2 && $1 == option { print $2; exit } ' "option=$1" $NTPCONF
+}
+
+keyexists() {
+ # Check whether a key with the given ID exists in the ntp keys file.
+ awk '$1 == keyno {found = 1} END {exit !found}' "keyno=$1" $KEYSFILE
+}
+
+add_trustedkey() {
+ # Merge the given key ID into the trustedkey directive.
+ # Add the directive if it does not yet exist.
+ FILE=$(mktemp -p /etc)
+ gawk '
+ NF >= 2 && $1 == "trustedkey" {
+ n = split($0, a)
+ for (i = 1; i <= n; i++) {
+ if (a[i] == newkey) newkey = "";
+ if (a[i] ~ /^#/ && newkey) {
+ $(++j) = newkey; newkey = ""
+ }
+ $(++j) = a[i];
+ }
+ if (newkey) { $(++j) = newkey; newkey = "" }
+ }
+ { print }
+ ENDFILE {
+ if (newkey) { print "trustedkey", newkey }
+ }
+ ' "newkey=$1" $NTPCONF > $FILE
+ if ! cmp --quiet $FILE $NTPCONF; then
+ cat $FILE > $NTPCONF
+ fi
+ rm $FILE
+}
+
+NTPCONF=/etc/ntp.conf
+KEYSFILE=$(getntpconf keys)
+if test -z "$KEYSFILE"; then
+ KEYSFILE=/etc/ntp.keys
+ echo "keys $KEYSFILE" >> $NTPCONF
+fi
+
+if [ ! -f $KEYSFILE ]; then
FILE=$(mktemp -p /etc)
chmod 0640 $FILE
chown root:ntp $FILE
- mv $FILE /etc/ntp.keys
+ mv $FILE $KEYSFILE
fi
-# Make sure we have a key with ID 1, because it is needed
-# by the startup scripts.
-if awk '$1 == "1" {exit 1}' /etc/ntp.keys; then
- KEY=$(tr -dc '[:alnum:]' < /dev/urandom | head -c 20)
- echo "1 SHA1 $KEY" >> /etc/ntp.keys
-fi
-# Are we in update mode?
-if [ -f /etc/sysconfig/ntp ]; then
- grep -q '^keys /etc/ntp.keys' /etc/ntp.conf || {
- echo "#
-# Authentication stuff
-#
-keys /etc/ntp.keys # path for keys file
-trustedkey 1 # define trusted keys
-requestkey 1 # key (7) for accessing server variables
-" >> /etc/ntp.conf
-}
+
+CONTROLKEY=$(getntpconf controlkey)
+REQUESTKEY=$(getntpconf requestkey)
+
+if test -z "$CONTROLKEY"; then
+ if -n "$REQUESTKEY"; then
+ CONTROLKEY=$REQUESTKEY
+ else
+ for (( CONTROLKEY = 1; CONTROLKEY < 65535; CONTROLKEY++ )); do
+ keyexists $CONTROLKEY || break
+ done
+ fi
+ echo "controlkey $CONTROLKEY" >> $NTPCONF
fi
-if [ -f /etc/sysconfig/ntp ]; then
- grep -q '^controlkey ' /etc/ntp.conf || {
- echo "#
-controlkey 1 # key (6) for accessing server variables
- " >> /etc/ntp.conf
-}
+
+if test -z "$REQUESTKEY"; then
+ REQUESTKEY=$CONTROLKEY;
+ echo "requestkey $REQUESTKEY" >> $NTPCONF
fi
+
+for KEYNO in $REQUESTKEY $CONTROLKEY; do
+ if ! keyexists $KEYNO; then
+ KEY=$(head -c 15 /dev/urandom | base64)
+ echo "$KEYNO SHA1 $KEY" >> $KEYSFILE
+ fi
+done
+
+add_trustedkey $REQUESTKEY
+add_trustedkey $CONTROLKEY
+
# update from previous permissions
if [ -f %{_sysconfdir}/ntp.conf ]; then
chown root:ntp %{_sysconfdir}/ntp.conf
