Hello community, here is the log from the commit of package chrony.14686 for openSUSE:Leap:15.2:Update checked in at 2020-10-28 16:23:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/chrony.14686 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.chrony.14686.new.3463 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chrony.14686" Wed Oct 28 16:23:45 2020 rev:1 rq:843556 version:3.2 Changes: -------- New Changes file: --- /dev/null 2020-10-22 01:51:33.322291705 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.chrony.14686.new.3463/chrony.changes 2020-10-28 16:23:46.960636730 +0100 @@ -0,0 +1,437 @@ +------------------------------------------------------------------- +Tue Sep 29 08:52:56 UTC 2020 - Reinhard Max <m...@suse.com> + +- Integrate three upstream patches to fix an infinite loop in + chronyc (bsc#1171806). + * chrony-select-timeout.patch + * chrony-gettimeofday.patch + * chrony-urandom.patch + +------------------------------------------------------------------- +Wed May 27 12:30:04 UTC 2020 - Reinhard Max <m...@suse.com> + +- Use iburst in the default pool statements to speed up initial + synchronisation (bsc#1172113). + +------------------------------------------------------------------- +Fri Mar 27 15:19:29 UTC 2020 - Reinhard Max <m...@suse.com> + +- Read runtime servers from /var/run/netconfig/chrony.servers to + fix bsc#1099272 and bsc#1161119. +- Move chrony-helper to /usr/lib/chrony/helper, because there + should be no executables in /usr/share. +- Add chrony-pool-suse and chrony-pool-openSUSE subpackages that + preconfigure chrony to use NTP servers from the respective + pools for SUSE and openSUSE (bsc#1156884, SLE-11424). +- Add chrony-pool-empty to still allow installing chrony without + preconfigured servers. + +------------------------------------------------------------------- +Wed Jan 8 17:31:23 UTC 2020 - Reinhard Max <m...@suse.com> + +- bsc#1159840: Add chrony-ntp-era-split.patch from upstream to fix + "make check" builds made after 2019-12-20. Existing installations + do not need to be updated as the bug only affects the test, but + not chrony itself. + +------------------------------------------------------------------- +Wed Mar 20 15:14:12 UTC 2019 - Reinhard Max <m...@suse.com> + +- Fix ordering and dependencies of chronyd.service, so that it is + started after name resolution is up (bsc#1129914). +- Add chrony-service-ordering.patch + +------------------------------------------------------------------- +Fri Dec 14 09:58:08 UTC 2018 - Martin Pluskal <mplus...@suse.com> + +- Make sure to generate correct sysconfig file (boo#1117147) + +------------------------------------------------------------------- +Wed Apr 18 02:55:54 UTC 2018 - mp...@suse.com + +- Added /etc/chrony.d/ directory to the package (bsc#1083597) + Modifed default chrony.conf to add "include /etc/chrony.d/*" + +------------------------------------------------------------------- +Mon Mar 26 17:30:07 CEST 2018 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Wed Mar 14 15:11:56 CET 2018 - ku...@suse.de + +- Fix name of fillup template (was never installed before) +- Fix Requires for fillup, it's used in post, not pre. + +------------------------------------------------------------------- +Fri Feb 9 10:21:09 UTC 2018 - mplus...@suse.com + +- Enable pps support + +------------------------------------------------------------------- +Thu Nov 23 13:47:05 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Thu Oct 26 10:39:11 UTC 2017 - mplus...@suse.com + +- Cleanup spec file: + * Drop pre systemd support + * Run spec-cleaner + +------------------------------------------------------------------- +Tue Oct 24 18:23:56 UTC 2017 - mp...@suse.com + +- Modified the spec file to comment out the pool statement + in chrony.conf if _not_ building for openSUSE. (bsc#1063704). + +------------------------------------------------------------------- +Thu Sep 28 16:17:08 UTC 2017 - mrueck...@suse.de + +- refresh patches to apply cleanly again + - chrony-config.patch + - chrony-fix-open.patch + +------------------------------------------------------------------- +Wed Sep 20 23:57:53 UTC 2017 - mp...@suse.com + +- Upgraded to version 3.2: + Enhancements + * Improve stability with NTP sources and reference clocks + * Improve stability with hardware timestamping + * Improve support for NTP interleaved modes + * Control frequency of system clock on macOS 10.13 and later + * Set TAI-UTC offset of system clock with leapsectz directive + * Minimise data in client requests to improve privacy + * Allow transmit-only hardware timestamping + * Add support for new timestamping options introduced in Linux 4.13 + * Add root delay, root dispersion and maximum error to tracking log + * Add mindelay and asymmetry options to server/peer/pool directive + * Add extpps option to PHC refclock to timestamp external PPS signal + * Add pps option to refclock directive to treat any refclock as PPS + * Add width option to refclock directive to filter wrong pulse edges + * Add rxfilter option to hwtimestamp directive + * Add -x option to disable control of system clock + * Add -l option to log to specified file instead of syslog + * Allow multiple command-line options to be specified together + * Allow starting without root privileges with -Q option + * Update seccomp filter for new glibc versions + * Dump history on exit by default with dumpdir directive + * Use hardening compiler options by default + Bug fixes + * Don't drop PHC samples with low-resolution system clock + * Ignore outliers in PHC tracking, RTC tracking, manual input + * Increase polling interval when peer is not responding + * Exit with error message when include directive fails + * Don't allow slash after hostname in allow/deny directive/command + * Try to connect to all addresses in chronyc before giving up +- Upgraded clknetsim to version 71dbbc5. +- Reworked chrony-fix-open.patch to fit the new version + +------------------------------------------------------------------- +Tue Jan 31 16:38:05 UTC 2017 - mp...@suse.com + +- Upgraded to version 3.1: + - Enhancements + - Add support for precise cross timestamping of PHC on Linux + - Add minpoll, precision, nocrossts options to hwtimestamp directive + - Add rawmeasurements option to log directive and modify measurements + option to log only valid measurements from synchronised sources + - Allow sub-second polling interval with NTP sources + - Bug fixes + - Fix time smoothing in interleaved mode +- Upgraded clknetsim to version ce89a1b. +- Reworked the following patches to fit the new versions + - chrony-config.patch + - chrony-service-helper.patch + - chrony-fix-open.patch + +------------------------------------------------------------------- +Mon Jan 16 22:36:09 UTC 2017 - mp...@suse.com + +- Upgraded to version 3.0: + - Enhancements + - Add support for software and hardware timestamping on Linux + - Add support for client/server and symmetric interleaved modes + - Add support for MS-SNTP authentication in Samba + - Add support for truncated MACs in NTPv4 packets + - Estimate and correct for asymmetric network jitter + - Increase default minsamples and polltarget to improve stability with very low jitter + - Add maxjitter directive to limit source selection by jitter + - Add offset option to server/pool/peer directive + - Add maxlockage option to refclock directive + - Add -t option to chronyd to exit after specified time + - Add partial protection against replay attacks on symmetric mode + - Don't reset polling interval when switching sources to online state + - Allow rate limiting with very short intervals + - Improve maximum server throughput on Linux and NetBSD + - Remove dump files after start + - Add tab-completion to chronyc with libedit/readline + - Add ntpdata command to print details about NTP measurements + - Allow all source options to be set in add server/peer command + - Indicate truncated addresses/hostnames in chronyc output + - Print reference IDs as hexadecimal numbers to avoid confusion with IPv4 addresses + - Bug fixes + - Fix crash with disabled asynchronous name resolving +- Upgraded clknetsim to version 6bb6519. + +------------------------------------------------------------------- +Tue Nov 29 16:54:52 UTC 2016 - mp...@suse.com + +- Upgraded to version 2.4.1: + - Bug fixes + - Fix processing of kernel timestamps on non-Linux systems + - Fix crash with smoothtime directive + - Fix validation of refclock sample times + - Fix parsing of refclock directive + +------------------------------------------------------------------- +Wed Jun 8 10:02:51 UTC 2016 - mrueck...@suse.de + +- update to 2.4: + - Enhancements + - Add orphan option to local directive for orphan mode + compatible with ntpd + - Add distance option to local directive to set activation ++++ 240 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.chrony.14686.new.3463/chrony.changes New: ---- chrony-3.2.tar.gz chrony-config.patch chrony-dnssrv@.service chrony-dnssrv@.timer chrony-fix-open.patch chrony-gettimeofday.patch chrony-logrotate.patch chrony-ntp-era-split.patch chrony-select-timeout.patch chrony-service-helper.patch chrony-service-ordering.patch chrony-urandom.patch chrony.changes chrony.dhclient chrony.helper chrony.spec chrony.sysconfig clknetsim-71dbbc5.tar.gz pool.conf.opensuse pool.conf.suse ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chrony.spec ++++++ # # spec file for package chrony # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %global clknetsim_ver 71dbbc5 #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: chrony Version: 3.2 Release: 0 Summary: System Clock Synchronization Client and Server License: GPL-2.0-only Group: Productivity/Networking/Other Url: http://chrony.tuxfamily.org/ Source: http://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz Source2: chrony.sysconfig Source3: chrony.dhclient Source4: chrony.helper Source5: chrony-dnssrv@.service Source6: chrony-dnssrv@.timer Source7: pool.conf.suse Source8: pool.conf.opensuse # Simulator for test suite Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch0: chrony-config.patch # Add NTP servers from DHCP when starting service Patch1: chrony-service-helper.patch Patch2: chrony-logrotate.patch Patch5: chrony-fix-open.patch Patch6: chrony-service-ordering.patch Patch7: chrony-ntp-era-split.patch Patch8: chrony-select-timeout.patch Patch9: chrony-gettimeofday.patch Patch10: chrony-urandom.patch BuildRequires: NetworkManager-devel BuildRequires: bison BuildRequires: gcc-c++ BuildRequires: libcap-devel BuildRequires: libedit-devel BuildRequires: mozilla-nss-devel BuildRequires: pkgconfig BuildRequires: pps-tools-devel # The timezone package is needed for the "make check" tests. It can be # removed if the call to make check is ever deleted. BuildRequires: timezone BuildRequires: pkgconfig(systemd) Requires: logrotate Requires(post): %fillup_prereq Requires(pre): %{_sbindir}/groupadd Requires(pre): %{_sbindir}/useradd Requires: %name-pool Recommends: %name-pool-nonempty Provides: ntp-daemon %ifarch s390 s390x ppc64le BuildRequires: libseccomp-devel >= 2.2.0 %else BuildRequires: libseccomp-devel %endif %description Chrony is an implementation of the Network Time Protocol (NTP). It can synchronize the system clock with NTP servers, reference clocks (e.g. a GPS receiver), and manual input using wristwatch and keyboard. It can also operate as an NTPv4 (RFC 5905) server and peer to provide a time service to other computers in the network. Chrony consists of two programs: chronyd and chronyc. Chronyd is a daemon which runs in the background on the system. It obtains measurements of the system clockâs offset relative to time servers on other systems via the network and adjusts the system time accordingly. For isolated systems, the user can periodically enter the correct time by hand (using chronyc). In either case, chronyd determines the rate at which the computer gains or loses time, and compensates for this. Chronyd can act as either a client or a server. Chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings. It can do so while running on the same computer as the chronyd instance it is controlling or a different computer. %package pool-suse Summary: Chrony preconfiguration for SUSE Group: Productivity/Networking/Other Provides: %name-pool = %version Provides: %name-pool-nonempty Conflicts: otherproviders(%name-pool) Requires: %name = %version BuildArch: noarch RemovePathPostfixes: .suse %description pool-suse This package configures chrony to use the SUSE NTP server pool by default. %package pool-openSUSE Summary: Chrony preconfiguration for openSUSE Group: Productivity/Networking/Other Provides: %name-pool = %version Provides: %name-pool-nonempty Conflicts: otherproviders(%name-pool) Requires: %name = %version BuildArch: noarch RemovePathPostfixes: .opensuse %description pool-openSUSE This package configures chrony to use the openSUSE NTP server pool by default. %package pool-empty Summary: Empty pool preconfiguration for chrony Group: Productivity/Networking/Other Provides: %name-pool = %version Conflicts: otherproviders(%name-pool) Requires: %name = %version BuildArch: noarch RemovePathPostfixes: .empty %description pool-empty This package provides an empty /etc/chrony.d/pool.conf file for situations when having servers preconfigured in chrony is undesirable, e.g. because the servers will be set via DHCP. %prep %setup -q -a 10 %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch5 -p1 %patch6 %patch7 %patch8 -p1 %patch9 -p1 %patch10 -p1 # Remove pool statements from the default /etc/chrony.conf. They will # be provided by branding packages in /etc/chrony.d/pool.conf . sed -e 's|^\pool|! pool|' \ < examples/chrony.conf.example2 > chrony.conf cat << EOF >> chrony.conf # Also include any directives found in configuration files in /etc/chrony.d include /etc/chrony.d/*.conf EOF touch -r examples/chrony.conf.example2 chrony.conf # regenerate the file from getdate.y rm -f getdate.c mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim %build # not autoconf: export CFLAGS="%{optflags} -Wall -fpic -DPIC $(pkg-config --cflags libseccomp)" export LDFLAGS="-pie -Wl,-z,relro,-z,now" %configure \ --docdir="%{_docdir}/%{name}" \ %if %{with syscallfilter} --enable-scfilter \ %endif --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ --with-sendmail=%{_sbindir}/sendmail make %{?_smp_mflags} all docs %install %make_install install -Dpm 0644 chrony.conf \ %{buildroot}%{_sysconfdir}/chrony.conf mkdir %{buildroot}%{_sysconfdir}/chrony.d install -Dpm 0640 examples/chrony.keys.example \ %{buildroot}%{_sysconfdir}/chrony.keys install -Dpm 0755 examples/chrony.nm-dispatcher \ %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony install -Dpm 0755 %{SOURCE3} \ %{buildroot}%{_sysconfdir}/dhcp/dhclient.d/chrony.sh install -Dpm 0644 examples/chrony.logrotate \ %{buildroot}%{_sysconfdir}/logrotate.d/chrony install -Dpm 0644 examples/chronyd.service \ %{buildroot}%{_unitdir}/chronyd.service install -Dpm 0644 examples/chrony-wait.service \ %{buildroot}%{_unitdir}/chrony-wait.service install -Dpm 0644 %{SOURCE5} \ %{buildroot}%{_unitdir}/chrony-dnssrv@.service install -Dpm 0644 %{SOURCE6} \ %{buildroot}%{_unitdir}/chrony-dnssrv@.timer install -d %{buildroot}%{sbindir} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchronyd ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rcchrony-wait install -d %{buildroot}%{_prefix}/lib/systemd/ntp-units.d echo 'chronyd.service' > \ %{buildroot}%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list install -Dpm 0644 %{SOURCE2} \ %{buildroot}%{_fillupdir}/sysconfig.chronyd install -Dpm 755 %{SOURCE4} \ %{buildroot}%{_libexecdir}/%name/helper install -d %{buildroot}%{_localstatedir}/log/chrony touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc} # Install the NTP pool files install -Dpm 644 %{SOURCE7} %{SOURCE8} %{buildroot}/etc/chrony.d touch %{buildroot}/etc/chrony.d/pool.conf.empty %check # Set random seed to get deterministic results export CLKNETSIM_RANDOM_SEED=24501 make %{?_smp_mflags} -C test/simulation/clknetsim make %{?_smp_mflags} check %pre getent group %{name} >/dev/null || groupadd -r %{name} getent passwd %{name} >/dev/null || useradd -r -g %{name} -d "%{_localstatedir}/lib/chrony" -s /bin/false -c "Chrony Daemon" %{name} %service_add_pre chronyd.service chrony-wait.service %preun %service_del_preun chronyd.service chrony-wait.service %post %fillup_only -n chronyd %service_add_post chronyd.service chrony-wait.service %postun %service_del_postun chronyd.service chrony-wait.service %files %license COPYING %doc FAQ NEWS README %doc examples %config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/chrony.conf %config(noreplace) %attr(0640,root,%{name}) %verify(not md5 size mtime) %{_sysconfdir}/chrony.keys %config(noreplace) %{_sysconfdir}/logrotate.d/chrony %{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony %dir %{_sysconfdir}/chrony.d/ %dir %{_sysconfdir}/dhcp/ %dir %{_sysconfdir}/dhcp/dhclient.d/ %{_sysconfdir}/dhcp/dhclient.d/chrony.sh %{_bindir}/chronyc %{_sbindir}/chronyd %{_libexecdir}/%name %{_mandir}/man1/chronyc.1%{ext_man} %{_mandir}/man5/chrony.conf.5%{ext_man} %{_mandir}/man8/chronyd.8%{ext_man} %{_prefix}/lib/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service %{_unitdir}/chrony*.timer %{_sbindir}/rcchrony* %{_fillupdir}/sysconfig.chronyd %dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/drift %ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/rtc %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %files pool-empty %config (noreplace) /etc/chrony.d/pool.conf.empty %files pool-suse %config (noreplace) /etc/chrony.d/pool.conf.suse %files pool-openSUSE %config (noreplace) /etc/chrony.d/pool.conf.opensuse %changelog ++++++ chrony-config.patch ++++++ Index: chrony-3.2/examples/chrony.conf.example3 =================================================================== --- chrony-3.2.orig/examples/chrony.conf.example3 +++ chrony-3.2/examples/chrony.conf.example3 @@ -27,12 +27,38 @@ # you can access at http://support.ntp.org/bin/view/Servers/WebHome or # you can use servers from the pool.ntp.org project. -! server foo.example.net iburst -! server bar.example.net iburst -! server baz.example.net iburst - ! pool pool.ntp.org iburst +# for Europe: +! server 0.europe.pool.ntp.org +! server 1.europe.pool.ntp.org +! server 2.europe.pool.ntp.org +! server 3.europe.pool.ntp.org + +# for Asia: +! server 0.asia.pool.ntp.org +! server 1.asia.pool.ntp.org +! server 2.asia.pool.ntp.org +! server 3.asia.pool.ntp.org + +# for North America: +! server 0.north-america.pool.ntp.org +! server 1.north-america.pool.ntp.org +! server 2.north-america.pool.ntp.org +! server 3.north-america.pool.ntp.org + +# for South America: +! server 0.south-america.pool.ntp.org +! server 1.south-america.pool.ntp.org +! server 2.south-america.pool.ntp.org +! server 3.south-america.pool.ntp.org + +# for Oceania: +! server 0.oceania.pool.ntp.org +! server 1.oceania.pool.ntp.org +! server 2.oceania.pool.ntp.org +! server 3.oceania.pool.ntp.org + ####################################################################### ### AVOIDING POTENTIALLY BOGUS CHANGES TO YOUR CLOCK # @@ -65,7 +91,7 @@ # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. -driftfile /var/lib/chrony/drift +driftfile /var/lib/chrony/chrony.drift # If you want to enable NTP authentication with symmetric keys, you will need # to uncomment the following line and edit the file to set up the keys. @@ -124,8 +150,8 @@ driftfile /var/lib/chrony/drift # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. -! logdir /var/log/chrony -! log measurements statistics tracking +logdir /var/log/chrony +log measurements statistics tracking # If you have real time clock support enabled (see below), you might want # this line instead: ++++++ chrony-dnssrv@.service ++++++ [Unit] Description=DNS SRV lookup of %I for chrony After=chronyd.service network-online.target Wants=network-online.target [Service] Type=oneshot ExecStart=/usr/lib/chrony/helper update-dnssrv-servers %I ++++++ chrony-dnssrv@.timer ++++++ [Unit] Description=Periodic DNS SRV lookup of %I for chrony [Timer] OnActiveSec=0 OnUnitInactiveSec=1h [Install] WantedBy=timers.target ++++++ chrony-fix-open.patch ++++++ Index: chrony-3.2/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c =================================================================== --- chrony-3.2.orig/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c +++ chrony-3.2/clknetsim-71dbbc509eee05cb29e33468be93d5ba52b79429/client.c @@ -1008,6 +1008,8 @@ int open(const char *pathname, int flags else if (!strcmp(pathname, "/dev/ptp1")) return SYSCLK_FD; + if (!_open) + _open = (int (*)(const char *pathname, int flags))dlsym(RTLD_NEXT, "open"); r = _open(pathname, flags); assert(r < 0 || (r < BASE_SOCKET_FD && r < BASE_TIMER_FD)); @@ -1026,6 +1028,8 @@ int close(int fd) { return 0; } + if (!_close) + _close = (int (*)(int fd))dlsym(RTLD_NEXT, "close"); return _close(fd); } ++++++ chrony-gettimeofday.patch ++++++ >From 6863e43269fe27ce2744eb643295f31c00ec176d Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar <mlich...@redhat.com> Date: Tue, 12 Dec 2017 11:03:04 +0100 Subject: [PATCH] client: avoid reading clock after sending request If chronyc sent a request which caused chronyd to step the clock (e.g. makestep, settime) and the second reading of the clock before calling select() to wait for a response happened after the clock was stepped, a new request could be sent immediately and chronyd would process the same command twice. If the second request failed (e.g. a settime request too close to the first request), chronyc would report an error. Change the submit_request() function to read the clock only once per select() to wait for the first response even when the clock was stepped. --- client.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/client.c b/client.c index a04dcb8..7d1e346 100644 --- a/client.c +++ b/client.c @@ -1347,15 +1347,15 @@ submit_request(CMD_Request *request, CMD_Reply *reply) new_attempt = 1; do { + if (gettimeofday(&tv, NULL)) + return 0; + if (new_attempt) { new_attempt = 0; if (n_attempts > max_retries) return 0; - if (gettimeofday(&tv, NULL)) - return 0; - UTI_TimevalToTimespec(&tv, &ts_start); UTI_GetRandomBytes(&request->sequence, sizeof (request->sequence)); @@ -1383,9 +1383,6 @@ submit_request(CMD_Request *request, CMD_Reply *reply) DEBUG_LOG("Sent %d bytes", command_length); } - if (gettimeofday(&tv, NULL)) - return 0; - UTI_TimevalToTimespec(&tv, &ts_now); /* Check if the clock wasn't stepped back */ -- 2.16.4 ++++++ chrony-logrotate.patch ++++++ Index: chrony-2.3/examples/chrony.logrotate =================================================================== --- chrony-2.3.orig/examples/chrony.logrotate +++ chrony-2.3/examples/chrony.logrotate @@ -1,4 +1,5 @@ /var/log/chrony/*.log { + su chrony chrony missingok nocreate sharedscripts ++++++ chrony-ntp-era-split.patch ++++++ commit 2d9eb5b6fa5225a7300c8eed95712969249900fb Author: Miroslav Lichvar <mlich...@redhat.com> Date: Fri Jan 3 11:25:55 2020 +0100 test: fix util unit test for NTP era split The current default NTP era split passed the Unix epoch (~50 years ago), which means the epoch converted to an NTP timestamp and back ends up in the next NTP era (year 2106). Fix the test to take into account the era split. --- test/unit/util.c.orig +++ test/unit/util.c @@ -43,11 +43,19 @@ void test_unit(void) { ntp_ts.hi = htonl(JAN_1970); ntp_ts.lo = 0xffffffff; UTI_Ntp64ToTimespec(&ntp_ts, &ts); +#if defined(HAVE_LONG_TIME_T) && NTP_ERA_SPLIT > 0 + TEST_CHECK(ts.tv_sec == 0x100000000LL * (1 + (NTP_ERA_SPLIT - 1) / 0x100000000LL)); +#else TEST_CHECK(ts.tv_sec == 0); +#endif TEST_CHECK(ts.tv_nsec == 999999999); UTI_AddDoubleToTimespec(&ts, 1e-9, &ts); +#if defined(HAVE_LONG_TIME_T) && NTP_ERA_SPLIT > 0 + TEST_CHECK(ts.tv_sec == 1 + 0x100000000LL * (1 + (NTP_ERA_SPLIT - 1) / 0x100000000LL)); +#else TEST_CHECK(ts.tv_sec == 1); +#endif TEST_CHECK(ts.tv_nsec == 0); ntp_fuzz.hi = 0; ++++++ chrony-select-timeout.patch ++++++ >From d0b24860363a3704e28569ce9a6987717834edea Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar <mlich...@redhat.com> Date: Tue, 5 Dec 2017 11:08:24 +0100 Subject: [PATCH] client: don't call select() with invalid timeout If the system clock was stepped forward after chronyc sent a request and before it read the clock in order to calculate the receive timeout, select() could be called with a negative timeout, which resulted in an infinite loop waiting for select() to succeed. Fix the submit_request() function to not call select() with a negative timeout. Also, return immediately on any error of select(). --- client.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/client.c b/client.c index 5c3a99e..4e23158 100644 --- a/client.c +++ b/client.c @@ -1394,9 +1394,16 @@ submit_request(CMD_Request *request, CMD_Reply *reply) timeout = initial_timeout / 1000.0 * (1U << (n_attempts - 1)) - UTI_DiffTimespecsToDouble(&ts_now, &ts_start); - UTI_DoubleToTimeval(timeout, &tv); DEBUG_LOG("Timeout %f seconds", timeout); + /* Avoid calling select() with an invalid timeout */ + if (timeout <= 0.0) { + new_attempt = 1; + continue; + } + + UTI_DoubleToTimeval(timeout, &tv); + FD_ZERO(&rdfd); FD_ZERO(&wrfd); FD_ZERO(&exfd); @@ -1410,6 +1417,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply) if (select_status < 0) { DEBUG_LOG("select failed : %s", strerror(errno)); + return 0; } else if (select_status == 0) { /* Timeout must have elapsed, try a resend? */ new_attempt = 1; -- 2.16.4 ++++++ chrony-service-helper.patch ++++++ --- chrony-3.1/examples/chronyd.service 2017-01-31 05:22:11.000000000 -0500 +++ chrony-3.1/examples/chronyd.service 2017-01-31 12:00:01.000000000 -0500 @@ -10,6 +10,7 @@ PIDFile=/var/run/chronyd.pid EnvironmentFile=-/etc/sysconfig/chronyd ExecStart=/usr/sbin/chronyd $OPTIONS +ExecStartPost=/usr/lib/chrony/helper update-daemon PrivateTmp=yes ProtectHome=yes ProtectSystem=full ++++++ chrony-service-ordering.patch ++++++ --- examples/chronyd.service.orig +++ examples/chronyd.service @@ -1,7 +1,11 @@ [Unit] Description=NTP client/server Documentation=man:chronyd(8) man:chrony.conf(5) -After=ntpdate.service sntp.service ntpd.service +After=nss-lookup.target +Wants=network.target +After=network.target +Wants=time-sync.target +Before=time-sync.target Conflicts=ntpd.service systemd-timesyncd.service ConditionCapability=CAP_SYS_TIME ++++++ chrony-urandom.patch ++++++ >From 7c5bd948bb7e21fa0ee22f29e97748b2d0360319 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar <mlich...@redhat.com> Date: Thu, 17 May 2018 14:16:58 +0200 Subject: [PATCH] util: fall back to reading /dev/urandom when getrandom() blocks With recent changes in the Linux kernel, the getrandom() system call may block for a long time after boot on machines that don't have enough entropy. It blocks the chronyd's initialization before it can detach from the terminal and may cause a chronyd service to fail to start due to a timeout. At least for now, enable the GRND_NONBLOCK flag to make the system call non-blocking and let the code fall back to reading /dev/urandom (which never blocks) if the system call failed with EAGAIN or any other error. This makes the start of chronyd non-deterministic with respect to files that it needs to open and possibly also makes it slightly easier to guess the transmit/receive timestamp in client requests until the urandom source is fully initialized. --- util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util.c b/util.c index 4b3e455..76417d5 100644 --- a/util.c +++ b/util.c @@ -1224,7 +1224,7 @@ get_random_bytes_getrandom(char *buf, unsigned int len) if (disabled) break; - if (getrandom(rand_buf, sizeof (rand_buf), 0) != sizeof (rand_buf)) { + if (getrandom(rand_buf, sizeof (rand_buf), GRND_NONBLOCK) != sizeof (rand_buf)) { disabled = 1; break; } -- 2.16.4 ++++++ chrony.dhclient ++++++ #!/bin/bash SERVERFILE=$SAVEDIR/chrony.servers.$interface chrony_config() { rm -f $SERVERFILE if [ "$PEERNTP" != "no" ]; then for server in $new_ntp_servers; do echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE done /usr/lib/chrony/helper update-daemon || : fi } chrony_restore() { if [ -f $SERVERFILE ]; then rm -f $SERVERFILE /usr/lib/chrony/helper update-daemon || : fi } ++++++ chrony.helper ++++++ #!/bin/bash # This script configures running chronyd to use NTP servers obtained from # DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed # externally (e.g. by a dhclient script). Files with servers from DNS SRV # records are updated here using the dig utility. chronyc=/usr/bin/chronyc helper_dir=/var/run/chrony-helper added_servers_file=$helper_dir/added_servers network_sysconfig_file=/etc/sysconfig/network dhclient_servers_files=/var/run/netconfig/chrony.servers dnssrv_servers_files=$helper_dir/dnssrv@* dnssrv_timer_prefix=chrony-dnssrv@ chrony_command() { $chronyc -a -n -m "$1" } is_running() { chrony_command "tracking" &> /dev/null } is_update_needed() { for file in $dhclient_servers_files $dnssrv_servers_files \ $added_servers_file; do [ -e "$file" ] && return 0 done return 1 } update_daemon() { local all_servers_with_args all_servers added_servers if ! is_running; then rm -f $added_servers_file return 0 fi all_servers_with_args=$( cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) all_servers=$( echo "$all_servers_with_args" | while read server serverargs; do echo "$server" done | sort -u) added_servers=$( ( cat $added_servers_file 2> /dev/null echo "$all_servers_with_args" | while read server serverargs; do [ -z "$server" ] && continue chrony_command "add server $server $serverargs" &> /dev/null && echo "$server" done) | sort -u) comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | while read server; do chrony_command "delete $server" &> /dev/null done added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || rm -f $added_servers_file } get_dnssrv_servers() { local name=$1 if ! command -v dig &> /dev/null; then echo "Missing dig (DNS lookup utility)" >&2 return 1 fi ( . $network_sysconfig_file &> /dev/null output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) [ $? -ne 0 ] && return 0 echo "$output" | while read prio weight port target; do server=${target%.} [ -z "$server" ] && continue echo "$server port $port ${NTPSERVERARGS:-iburst}" done ) } check_dnssrv_name() { local name=$1 if [ -z "$name" ]; then echo "No DNS SRV name specified" >&2 return 1 fi if [ "${name:0:9}" != _ntp._udp ]; then echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 return 1 fi } update_dnssrv_servers() { local name=$1 local srv_file=$helper_dir/dnssrv@$name servers check_dnssrv_name "$name" || return 1 servers=$(get_dnssrv_servers "$name") [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" } set_dnssrv_timer() { local state=$1 name=$2 local srv_file=$helper_dir/dnssrv@$name servers local timer=$dnssrv_timer_prefix$name.timer check_dnssrv_name "$name" || return 1 if [ "$state" = enable ]; then systemctl enable "$timer" systemctl start "$timer" elif [ "$state" = disable ]; then systemctl stop "$timer" systemctl disable "$timer" rm -f "$srv_file" fi } list_dnssrv_timers() { systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" } prepare_helper_dir() { mkdir -p $helper_dir exec 100> $helper_dir/lock if ! flock -w 20 100; then echo "Failed to lock $helper_dir" >&2 return 1 fi } print_help() { echo "Usage: $0 COMMAND" echo echo "Commands:" echo " update-daemon" echo " update-dnssrv-servers NAME" echo " enable-dnssrv NAME" echo " disable-dnssrv NAME" echo " list-dnssrv" echo " is-running" echo " command CHRONYC-COMMAND" } case "$1" in update-daemon|add-dhclient-servers|remove-dhclient-servers) is_update_needed || exit 0 prepare_helper_dir && update_daemon ;; update-dnssrv-servers) prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon ;; enable-dnssrv) set_dnssrv_timer enable "$2" ;; disable-dnssrv) set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon ;; list-dnssrv) list_dnssrv_timers ;; is-running) is_running ;; command|forced-command) chrony_command "$2" ;; *) print_help exit 2 esac exit $? ++++++ chrony.sysconfig ++++++ ## Path: Network/Chrony ## Description: Chrony time synchronization settings ## Type: yesno ## Default: "yes" ## ServiceRestart: chronyd # # Resolve hostnames with IPv4 # CHRONY_IPV4="yes" ## Type: yesno ## Default: "yes" ## ServiceRestart: chronyd # # Resolve hostnames with IPv6 # CHRONY_IPV6="yes" ## Type: yesno ## Default: "yes" ## ServiceRestart: chronyd # # Lock the chrony daemon process into RAM, preventing it from swapping out # CHRONY_LOCK_IN_RAM="no" ++++++ pool.conf.opensuse ++++++ pool 2.opensuse.pool.ntp.org iburst ++++++ pool.conf.suse ++++++ pool 2.suse.pool.ntp.org iburst
