Re: svn commit: r289421 - in head/etc: . mtree ntp

2016-01-02 Thread David Malone 
On Wed, Dec 30, 2015 at 04:50:45AM -0800, Colin Percival wrote:
> So... is someone going to be keeping this file up to date?  We seem to have
> the same information in contrib/tzdata/leapseconds (which is being kept up
> to date -- thank you edwin and delphij!) but having this file in /etc/ntp/
> being out of date is making ntpd refuse to start.

Which version of ntpd is that? I installed a machine from an image
from the end of December earlier today and ntpd logged a message
but started without any problems:

ntpd: leapsecond file ('/etc/ntp/leap-seconds'): good hash signature
ntpd: leapsecond file ('/etc/ntp/leap-seconds'): loaded, 
expire=2015-12-28T00:00:00Z last=2015-07-01T00:00:00Z ofs=36
ntpd: leapsecond file ('/etc/ntp/leap-seconds'): expired less than 6 
days ago

David.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-12-30 Thread Ian Lepore 
On Wed, 2015-12-30 at 04:50 -0800, Colin Percival wrote:
> On 10/16/15 07:04, Cy Schubert wrote:
> >   Add default leap-seconds file. This should help ntp networks get
> > the
> >   leap second date correct
> >   
> > Added:
> >   head/etc/ntp/
> >   head/etc/ntp/Makefile   (contents, props changed)
> >   head/etc/ntp/leap-seconds   (contents, props changed)
> 
> So... is someone going to be keeping this file up to date?  We seem
> to have
> the same information in contrib/tzdata/leapseconds (which is being
> kept up
> to date -- thank you edwin and delphij!) but having this file in
> /etc/ntp/
> being out of date is making ntpd refuse to start.
> 

I vaguely remember warning that something like this was likely to
happen.  Turning on leapfile processing by default without an already
-in-place mechanism to keep the file up to date was a bad idea.  There
was some mumbling about a mechanism, but nobody wrote any code.

Even if the mechanism existed, I think defaulting to using the leapfile
is wrong.  It's a thing that needs care and feeding or it causes
problems, and thus it's a thing that should only be enabled by admins
who know about the care and feeding aspect (an automatic fetch
mechanism doesn't help much if there are firewalls blocking the fetch,
for example).

-- Ian
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-12-30 Thread Cy Schubert 
In message <1451491490.1369.41.ca...@freebsd.org>, Ian Lepore writes:
> On Wed, 2015-12-30 at 04:50 -0800, Colin Percival wrote:
> > On 10/16/15 07:04, Cy Schubert wrote:
> > >   Add default leap-seconds file. This should help ntp networks get
> > > the
> > >   leap second date correct
> > >   
> > > Added:
> > >   head/etc/ntp/
> > >   head/etc/ntp/Makefile   (contents, props changed)
> > >   head/etc/ntp/leap-seconds   (contents, props changed)
> > 
> > So... is someone going to be keeping this file up to date?  We seem
> > to have
> > the same information in contrib/tzdata/leapseconds (which is being
> > kept up
> > to date -- thank you edwin and delphij!) but having this file in
> > /etc/ntp/
> > being out of date is making ntpd refuse to start.
> > 
> 
> I vaguely remember warning that something like this was likely to
> happen.  Turning on leapfile processing by default without an already
> -in-place mechanism to keep the file up to date was a bad idea.  There
> was some mumbling about a mechanism, but nobody wrote any code.
> 
> Even if the mechanism existed, I think defaulting to using the leapfile
> is wrong.  It's a thing that needs care and feeding or it causes
> problems, and thus it's a thing that should only be enabled by admins
> who know about the care and feeding aspect (an automatic fetch
> mechanism doesn't help much if there are firewalls blocking the fetch,
> for example).

The original idea was to update the file twice a year. Just before 
Christmas des@ suggested an alternative approach of fetching an update 
weekly or monthly because some upstream ntp servers not using the correct 
leap seconds and hosting the file locally would be more reliable. I've cc'd 
you on my last reply to des@ this morning.


-- 
Cheers,
Cy Schubert  or 
FreeBSD UNIX:     Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.


___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-12-30 Thread Colin Percival 
On 10/16/15 07:04, Cy Schubert wrote:
>   Add default leap-seconds file. This should help ntp networks get the
>   leap second date correct
>   
> Added:
>   head/etc/ntp/
>   head/etc/ntp/Makefile   (contents, props changed)
>   head/etc/ntp/leap-seconds   (contents, props changed)

So... is someone going to be keeping this file up to date?  We seem to have
the same information in contrib/tzdata/leapseconds (which is being kept up
to date -- thank you edwin and delphij!) but having this file in /etc/ntp/
being out of date is making ntpd refuse to start.

-- 
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-22 Thread Cy Schubert 
We already have an example to work from. The family of ports (ntp, 
ntp-devel) installs ${LOCALBASE}/sbin/update-leap. It would be fine except 
for the fact that it's written in Perl, not something we'd want to visit on 
FreeBSD again. I'm sure it could be rewritten in shell script or C/C++.


-- 
Cheers,
Cy Schubert  or 
FreeBSD UNIX:     Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.



In message <201510180200.t9i20kli062...@slippy.cwsent.com>, Cy Schubert 
writes:
> Agreed, this would be best. There was a suggestion a GSoC person could do 
> it (though I'm willing to roll up my sleeves if necessary).
> 
> 
> -- 
> Cheers,
> Cy Schubert  or 
> FreeBSD UNIX:     Web:  http://www.FreeBSD.org
> 
>   The need of the many outweighs the greed of the few.
> 
> 
> 
> In message <8154492e-c29e-41b1-a13b-34e33586d...@bsdimp.com>, Warner Losh 
> write
> s:
> > 
> > 
> > --Apple-Mail=_60572A67-97E7-4200-AEF6-88DC6354712B
> > Content-Transfer-Encoding: quoted-printable
> > Content-Type: text/plain;
> > charset=utf-8
> > 
> > Until the next leap second=E2=80=A6. It would be better to just
> > always try to grab the latest one=E2=80=A6 Can we put something
> > in periodic to do that so users that have releases
> > that are older than 6 months aren=E2=80=99t screwed?
> > 
> > Warner
> > 
> > > On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
> > >=20
> > > Author: cy
> > > Date: Fri Oct 16 14:04:16 2015
> > > New Revision: 289421
> > > URL: https://svnweb.freebsd.org/changeset/base/289421
> > >=20
> > > Log:
> > >  Add default leap-seconds file. This should help ntp networks get the
> > >  leap second date correct
> > >=20
> > >  Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
> > >  ftp://tycho.usno.navy.mil/pub/ntp/.
> > >=20
> > >  Suggested by:dwmalone
> > >  Reviewed by: roberto, dwmalone, delphij
> > >  Approved by: roberto
> > >  MFC after:   1 week
> > >=20
> > > Added:
> > >  head/etc/ntp/
> > >  head/etc/ntp/Makefile   (contents, props changed)
> > >  head/etc/ntp/leap-seconds   (contents, props changed)
> > > Modified:
> > >  head/etc/Makefile
> > >  head/etc/mtree/BSD.var.dist
> > >  head/etc/ntp.conf
> > >=20
> > > Modified: head/etc/Makefile
> > > =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D
> > > --- head/etc/Makefile Fri Oct 16 12:53:22 2015(r289420)
> > > +++ head/etc/Makefile Fri Oct 16 14:04:16 2015(r289421)
> > > @@ -240,6 +240,9 @@ distribution:
> > >   ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
> > >   ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
> > >   ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
> > > +.if ${MK_NTP} !=3D "no"
> > > + ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
> > > +.endif
> > >   ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
> > > .if ${MK_PKGBOOTSTRAP} !=3D "no"
> > >   ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
> > >=20
> > > Modified: head/etc/mtree/BSD.var.dist
> > > =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D
> > > --- head/etc/mtree/BSD.var.dist   Fri Oct 16 12:53:22 2015=
> > (r289420)
> > > +++ head/etc/mtree/BSD.var.dist   Fri Oct 16 14:04:16 2015=
> > (r289421)
> > > @@ -46,6 +46,8 @@
> > > ..
> > > ipf mode=3D0700
> > > ..
> > > +ntp mode=3D0700
> > > +..
> > > pkg
> > > ..
> > > ports
> > >=20
> > > Modified: head/etc/ntp.conf
> > > =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> =
> > =3D=3D=3D
> > > --- head/etc/ntp.conf Fri Oct 16 12:53:22 2015(r289420)
> > > +++ head/etc/ntp.conf Fri Oct 16 14:04:16 2015(r289421)
> > > @@ -77,3 +77,8 @@ restrict 127.127.1.0
> > > #
> > > #server 127.127.1.0
> > > #fudge 127.127.1.0 stratum 10
> > > +
> > > +# See =
> > http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
> > > +# for documentation regarding leapfile. Updates to the file can be =
> > obtained
> > > +# from ftp://time.nist.gov/pub/ or =
> > ftp://tycho.usno.navy.mil/pub/ntp/.
> > > +leapfile "/etc/ntp/leap-seconds"
> > >=20
> > > Added: head/etc/ntp/Makefile
> > > =
> >

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-20 Thread Ian Lepore 
On Sat, 2015-10-17 at 22:20 +0100, David Malone wrote:
> On Sat, Oct 17, 2015 at 12:25:50PM -0600, Ian Lepore wrote:
> > If the leapseconds file is present, the leap bits for reference
> > clocks and downstratum servers are ignored.
> > 
> > I can't determine from casual code examination (and I don't have
> > time
> > to experiment now) whether that is true even if the file is
> > expired.
> 
> The way the code seems to work is:
> 
>   1) Take a vote from your peers on if there is an upcoming
>   leap second. Refclocks can outvote other peers. (This is
>   in ntp_proto.c:clock_update() - search for leap_vote_ins).
> 
>   2) If one seems to be pending, try to insert it into an
>   in-memory table for the end of the month.
> 
>   3) If you find that you loaded a table and the leapsecond
>   you are trying to insert is within the valid range of the
>   table, return an error. (This is in
> ntp_leapsec.c:leapsec_add())
> 
> So, I think the change should be safe, if the comments match the
> code.
> 
>   David.

I am slightly less worried after absorbing this info.  Only slightly. 
 The leap second is accepted if the time it arrives from the peers is
later than the current expiration date in the leapfile.  For some
reason, nist has always set that expiration date to be 2 days before
the actual leap event.  That is insane, always has been.  The
information in that file is valid right up until the second of the leap
event.

I've always thought that some day they'd straighten that out and use a
real expiration date.  If they ever do, ntpd is going to turn into a
pumpkin at midnight, because it will then reject incoming leap
notification from peers right up until the second that it is too late
to act on them.

But, all of that is theoretical and the way things stand right now it
appears to be safe to enable this.  I'm probably just scared because
I've been burned by leap seconds so many times, especially related to
handling leapfiles and their expiration dates (and things like the
corner cases that happen when a unit has been powered down for months
and gets powered up 30 seconds before a leap event).

-- Ian

___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-18 Thread David Malone 
On Sat, Oct 17, 2015 at 05:48:19PM -0600, Warner Losh wrote:
> It should be very easy to try to fetch it once a day in June and December
> until you succeed from each of the URLs in a list, with the default
> list being the two canonical (for the US at least) sources. Shouldn’t
> be more than a dozen lines in a periodic script.

We probably also want to avoid trying to fetch an update at the
same moment from a bunch of time synchronised machines. A random
sleep might be enough, but we should be careful about setting
automatic updates that fetch things from infrastructure other than
our own.

David.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-18 Thread David Malone 
Hi Warner,

I was trying to check Ian's specific concern, that a valid source
of leap seconds might be ignored if a expired leapseconds file was
present. It seems that this is not the case, at lease based on my
reading of the code and comments. I included the references to the
code, so others could check if they wanted.

I actually suggested configuring the leapseconds file by default
to try and improve the vagueries of accepting advertised leap seconds
that you mentioned.

> NTP only recognizes June and December as valid leap insertion
> points.

Interestingly, this code seems to be gone from ntp_loopfilter.c and
based on a quick look through the rest of the code, I can't see a
similar general check. Some of the refclocks do retain this condition,
but the general code path doesn't seem to. Possibly we should take
this up with the NTP guys as a check worth retaining?

David.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Warner Losh 

> On Oct 17, 2015, at 3:20 PM, David Malone  wrote:
> 
> On Sat, Oct 17, 2015 at 12:25:50PM -0600, Ian Lepore wrote:
>>If the leapseconds file is present, the leap bits for reference
>>clocks and downstratum servers are ignored.
>> 
>> I can't determine from casual code examination (and I don't have time
>> to experiment now) whether that is true even if the file is expired.
> 
> The way the code seems to work is:
> 
>   1) Take a vote from your peers on if there is an upcoming
>   leap second. Refclocks can outvote other peers. (This is
>   in ntp_proto.c:clock_update() - search for leap_vote_ins).

Assuming no bugs, yes. And assuming your peers are sending
the correct information. History with ntpd and ntp serves well
illustrates that these assumptions are violated often.

>   2) If one seems to be pending, try to insert it into an
>   in-memory table for the end of the month.

NTP only recognizes June and December as valid leap insertion
points. This is likely safe for the foreseeable future though, even
though the official standard allows leap seconds to be the end of
any month. Too many things assume you only have leap seconds
at these times for IERS to issue one that isn’t at the end of December
or June until earth rotation forces their hand sometime around the
end of this century (give or take a few decades).

>   3) If you find that you loaded a table and the leapsecond
>   you are trying to insert is within the valid range of the
>   table, return an error. (This is in ntp_leapsec.c:leapsec_add())
> 
> So, I think the change should be safe, if the comments match the code.

That’s a big if. Both Ian and I have witnessed the carnage of incorrect
leap seconds first hand and so are somewhat touchy on the subject. It
is a place where getting the canonical information is 1000x better than
relying on code to implement things that can’t go wrong. Because they
often do. Way way too often. When you have leap second info, always
always always try extra hard to make sure it is as up to date as you
can get it. Any “short cut” here is asking for trouble, even if you think
you can prove that no such trouble is possible.

Warner



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Cy Schubert 
In message <00150ef2-0020-42e5-a1e5-324a23975...@bsdimp.com>, Warner Losh 
writes:
> > On Oct 17, 2015, at 3:20 PM, David Malone  =
> wrote:
> >=20
> > On Sat, Oct 17, 2015 at 12:25:50PM -0600, Ian Lepore wrote:
> >>If the leapseconds file is present, the leap bits for reference
> >>clocks and downstratum servers are ignored.
> >>=20
> >> I can't determine from casual code examination (and I don't have time
> >> to experiment now) whether that is true even if the file is expired.
> >=20
> > The way the code seems to work is:
> >=20
> > 1) Take a vote from your peers on if there is an upcoming
> > leap second. Refclocks can outvote other peers. (This is
> > in ntp_proto.c:clock_update() - search for leap_vote_ins).
> 
> Assuming no bugs, yes. And assuming your peers are sending
> the correct information. History with ntpd and ntp serves well
> illustrates that these assumptions are violated often.
> 
> > 2) If one seems to be pending, try to insert it into an
> > in-memory table for the end of the month.
> 
> NTP only recognizes June and December as valid leap insertion
> points. This is likely safe for the foreseeable future though, even
> though the official standard allows leap seconds to be the end of
> any month. Too many things assume you only have leap seconds
> at these times for IERS to issue one that isn=E2=80=99t at the end of =
> December
> or June until earth rotation forces their hand sometime around the
> end of this century (give or take a few decades).
> 
> > 3) If you find that you loaded a table and the leapsecond
> > you are trying to insert is within the valid range of the
> > table, return an error. (This is in ntp_leapsec.c:leapsec_add())
> >=20
> > So, I think the change should be safe, if the comments match the code.
> 
> That=E2=80=99s a big if. Both Ian and I have witnessed the carnage of =
> incorrect
> leap seconds first hand and so are somewhat touchy on the subject. It
> is a place where getting the canonical information is 1000x better than
> relying on code to implement things that can=E2=80=99t go wrong. Because =
> they
> often do. Way way too often. When you have leap second info, always
> always always try extra hard to make sure it is as up to date as you
> can get it. Any =E2=80=9Cshort cut=E2=80=9D here is asking for trouble, =
> even if you think
> you can prove that no such trouble is possible.

Would an rc.conf option to use an alternate ntp.conf be of help? Having 
said that (and shooting down my own idea), it does seem a bit messy and 
rather inelegant though.


-- 
Cheers,
Cy Schubert  or 
FreeBSD UNIX:     Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.




___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Cy Schubert 
Agreed, this would be best. There was a suggestion a GSoC person could do 
it (though I'm willing to roll up my sleeves if necessary).


-- 
Cheers,
Cy Schubert  or 
FreeBSD UNIX:     Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.



In message <8154492e-c29e-41b1-a13b-34e33586d...@bsdimp.com>, Warner Losh 
write
s:
> 
> 
> --Apple-Mail=_60572A67-97E7-4200-AEF6-88DC6354712B
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain;
>   charset=utf-8
> 
> Until the next leap second=E2=80=A6. It would be better to just
> always try to grab the latest one=E2=80=A6 Can we put something
> in periodic to do that so users that have releases
> that are older than 6 months aren=E2=80=99t screwed?
> 
> Warner
> 
> > On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
> >=20
> > Author: cy
> > Date: Fri Oct 16 14:04:16 2015
> > New Revision: 289421
> > URL: https://svnweb.freebsd.org/changeset/base/289421
> >=20
> > Log:
> >  Add default leap-seconds file. This should help ntp networks get the
> >  leap second date correct
> >=20
> >  Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
> >  ftp://tycho.usno.navy.mil/pub/ntp/.
> >=20
> >  Suggested by:  dwmalone
> >  Reviewed by:   roberto, dwmalone, delphij
> >  Approved by:   roberto
> >  MFC after: 1 week
> >=20
> > Added:
> >  head/etc/ntp/
> >  head/etc/ntp/Makefile   (contents, props changed)
> >  head/etc/ntp/leap-seconds   (contents, props changed)
> > Modified:
> >  head/etc/Makefile
> >  head/etc/mtree/BSD.var.dist
> >  head/etc/ntp.conf
> >=20
> > Modified: head/etc/Makefile
> > =
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D
> > --- head/etc/Makefile   Fri Oct 16 12:53:22 2015(r289420)
> > +++ head/etc/Makefile   Fri Oct 16 14:04:16 2015(r289421)
> > @@ -240,6 +240,9 @@ distribution:
> > ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
> > ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
> > ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
> > +.if ${MK_NTP} !=3D "no"
> > +   ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
> > +.endif
> > ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
> > .if ${MK_PKGBOOTSTRAP} !=3D "no"
> > ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
> >=20
> > Modified: head/etc/mtree/BSD.var.dist
> > =
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D
> > --- head/etc/mtree/BSD.var.dist Fri Oct 16 12:53:22 2015=
> (r289420)
> > +++ head/etc/mtree/BSD.var.dist Fri Oct 16 14:04:16 2015=
> (r289421)
> > @@ -46,6 +46,8 @@
> > ..
> > ipf mode=3D0700
> > ..
> > +ntp mode=3D0700
> > +..
> > pkg
> > ..
> > ports
> >=20
> > Modified: head/etc/ntp.conf
> > =
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D
> > --- head/etc/ntp.conf   Fri Oct 16 12:53:22 2015(r289420)
> > +++ head/etc/ntp.conf   Fri Oct 16 14:04:16 2015(r289421)
> > @@ -77,3 +77,8 @@ restrict 127.127.1.0
> > #
> > #server 127.127.1.0
> > #fudge 127.127.1.0 stratum 10
> > +
> > +# See =
> http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
> > +# for documentation regarding leapfile. Updates to the file can be =
> obtained
> > +# from ftp://time.nist.gov/pub/ or =
> ftp://tycho.usno.navy.mil/pub/ntp/.
> > +leapfile "/etc/ntp/leap-seconds"
> >=20
> > Added: head/etc/ntp/Makefile
> > =
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D
> > --- /dev/null   00:00:00 1970   (empty, because file is newly added)
> > +++ head/etc/ntp/Makefile   Fri Oct 16 14:04:16 2015=
> (r289421)
> > @@ -0,0 +1,10 @@
> > +# $FreeBSD$
> > +
> > +NO_OBJ=3D
> > +
> > +FILES=3D   leap-seconds
> > +
> > +FILESDIR=3D/etc/ntp
> > +FILESMODE=3D   644
> > +
> > +.include 
> >=20
> > Added: head/etc/ntp/leap-seconds
> > =
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Warner Losh 

> On Oct 17, 2015, at 1:25 PM, Ian Lepore  wrote:
> 
> On Sat, 2015-10-17 at 13:19 -0600, Warner Losh wrote:
>> Until the next leap second…. It would be better to just
>> always try to grab the latest one… Can we put something
>> in periodic to do that so users that have releases
>> that are older than 6 months aren’t screwed?
>> 
>> Warner
>> 
> 
> I think writing a leapfeatcher task for periodic daily|weekly would
> make a nice junior-hacker task.  It would be nice if it only hit the
> network when expiration of the installed file is imminent (like within
> a month), and only if both ntp and the leapfile feature are enabled and
> stuff like that.  It should probably have a configurable list of URLs
> to fetch from.

It should be very easy to try to fetch it once a day in June and December
until you succeed from each of the URLs in a list, with the default
list being the two canonical (for the US at least) sources. Shouldn’t
be more than a dozen lines in a periodic script.

The BIPM also publishes this data in another form, as does USNO for the
paranoid that want to check. phk has also spearheaded an effort
to publish this data via DNS, but I don’t know if that’s live and
automated or just live and experimental…

Warner

> -- Ian
> 
>>> On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
>>> 
>>> Author: cy
>>> Date: Fri Oct 16 14:04:16 2015
>>> New Revision: 289421
>>> URL: https://svnweb.freebsd.org/changeset/base/289421
>>> 
>>> Log:
>>> Add default leap-seconds file. This should help ntp networks get
>>> the
>>> leap second date correct
>>> 
>>> Updates to the file can be obtained from ftp://time.nist.gov/pub/
>>> or
>>> ftp://tycho.usno.navy.mil/pub/ntp/.
>>> 
>>> Suggested by:   dwmalone
>>> Reviewed by:roberto, dwmalone, delphij
>>> Approved by:roberto
>>> MFC after:  1 week
>>> 
>>> Added:
>>> head/etc/ntp/
>>> head/etc/ntp/Makefile   (contents, props changed)
>>> head/etc/ntp/leap-seconds   (contents, props changed)
>>> Modified:
>>> head/etc/Makefile
>>> head/etc/mtree/BSD.var.dist
>>> head/etc/ntp.conf
>>> 
>>> Modified: head/etc/Makefile
>>> ===
>>> ===
>>> --- head/etc/Makefile   Fri Oct 16 12:53:22 2015(r2894
>>> 20)
>>> +++ head/etc/Makefile   Fri Oct 16 14:04:16 2015(r2894
>>> 21)
>>> @@ -240,6 +240,9 @@ distribution:
>>> ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
>>> ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
>>> ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
>>> +.if ${MK_NTP} != "no"
>>> +   ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
>>> +.endif
>>> ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
>>> .if ${MK_PKGBOOTSTRAP} != "no"
>>> ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
>>> 
>>> Modified: head/etc/mtree/BSD.var.dist
>>> ===
>>> ===
>>> --- head/etc/mtree/BSD.var.dist Fri Oct 16 12:53:22 2015
>>> (r289420)
>>> +++ head/etc/mtree/BSD.var.dist Fri Oct 16 14:04:16 2015
>>> (r289421)
>>> @@ -46,6 +46,8 @@
>>>..
>>>ipf mode=0700
>>>..
>>> +ntp mode=0700
>>> +..
>>>pkg
>>>..
>>>ports
>>> 
>>> Modified: head/etc/ntp.conf
>>> ===
>>> ===
>>> --- head/etc/ntp.conf   Fri Oct 16 12:53:22 2015(r2894
>>> 20)
>>> +++ head/etc/ntp.conf   Fri Oct 16 14:04:16 2015(r2894
>>> 21)
>>> @@ -77,3 +77,8 @@ restrict 127.127.1.0
>>> #
>>> #server 127.127.1.0
>>> #fudge 127.127.1.0 stratum 10
>>> +
>>> +# See
>>> http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14
>>> .
>>> +# for documentation regarding leapfile. Updates to the file can be
>>> obtained
>>> +# from ftp://time.nist.gov/pub/ or
>>> ftp://tycho.usno.navy.mil/pub/ntp/.
>>> +leapfile "/etc/ntp/leap-seconds"
>>> 
>>> Added: head/etc/ntp/Makefile
>>> ===
>>> ===
>>> --- /dev/null   00:00:00 1970   (empty, because file is
>>> newly added)
>>> +++ head/etc/ntp/Makefile   Fri Oct 16 14:04:16 2015(r
>>> 289421)
>>> @@ -0,0 +1,10 @@
>>> +# $FreeBSD$
>>> +
>>> +NO_OBJ=
>>> +
>>> +FILES= leap-seconds
>>> +
>>> +FILESDIR=  /etc/ntp
>>> +FILESMODE= 644
>>> +
>>> +.include 
>>> 
>>> Added: head/etc/ntp/leap-seconds
>>> ===
>>> ===
>>> --- /dev/null   00:00:00 1970   (empty, because file is
>>> newly added)
>>> +++ head/etc/ntp/leap-seconds   Fri Oct 16 14:04:16 2015
>>> (r289421)
>>> @@ -0,0 +1,119 @@
>>> +#
>>> +# $FreeBSD$
>>> +#
>>> +#  ATOMIC TIME.
>>> +#  The Coordinated Universal Time (UTC) is the reference
>>> time scale derived
>>> +#  from The "Temps Atomique International" (TAI) calculated
>>> by the Bureau
>>> +#  International des Poids et Mesures

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Cy Schubert 
In message <1445109956.71631.44.ca...@freebsd.org>, Ian Lepore writes:
> On Sat, 2015-10-17 at 13:19 -0600, Warner Losh wrote:
> > Until the next leap second…. It would be better to just
> > always try to grab the latest one… Can we put something
> > in periodic to do that so users that have releases
> > that are older than 6 months aren’t screwed?
> > 
> > Warner
> > 
> 
> I think writing a leapfeatcher task for periodic daily|weekly would
> make a nice junior-hacker task.  It would be nice if it only hit the
> network when expiration of the installed file is imminent (like within
> a month), and only if both ntp and the leapfile feature are enabled and
> stuff like that.  It should probably have a configurable list of URLs t
> o fetch from.

Enablement through and rc.conf option possibly? Not that this is an elegant 
solution though.


-- 
Cheers,
Cy Schubert  or 
FreeBSD UNIX:     Web:  http://www.FreeBSD.org

The need of the many outweighs the greed of the few.


> 
> -- Ian
> 
> > > On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
> > > 
> > > Author: cy
> > > Date: Fri Oct 16 14:04:16 2015
> > > New Revision: 289421
> > > URL: https://svnweb.freebsd.org/changeset/base/289421
> > > 
> > > Log:
> > >  Add default leap-seconds file. This should help ntp networks get
> > > the
> > >  leap second date correct
> > > 
> > >  Updates to the file can be obtained from ftp://time.nist.gov/pub/ 
> > > or
> > >  ftp://tycho.usno.navy.mil/pub/ntp/.
> > > 
> > >  Suggested by:dwmalone
> > >  Reviewed by: roberto, dwmalone, delphij
> > >  Approved by: roberto
> > >  MFC after:   1 week
> > > 
> > > Added:
> > >  head/etc/ntp/
> > >  head/etc/ntp/Makefile   (contents, props changed)
> > >  head/etc/ntp/leap-seconds   (contents, props changed)
> > > Modified:
> > >  head/etc/Makefile
> > >  head/etc/mtree/BSD.var.dist
> > >  head/etc/ntp.conf
> > > 
> > > Modified: head/etc/Makefile
> > > ===
> > > ===
> > > --- head/etc/Makefile Fri Oct 16 12:53:22 2015(r2894
> > > 20)
> > > +++ head/etc/Makefile Fri Oct 16 14:04:16 2015(r2894
> > > 21)
> > > @@ -240,6 +240,9 @@ distribution:
> > >   ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
> > >   ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
> > >   ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
> > > +.if ${MK_NTP} != "no"
> > > + ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
> > > +.endif
> > >   ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
> > > .if ${MK_PKGBOOTSTRAP} != "no"
> > >   ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
> > > 
> > > Modified: head/etc/mtree/BSD.var.dist
> > > ===
> > > ===
> > > --- head/etc/mtree/BSD.var.dist   Fri Oct 16 12:53:22 2015
> > > (r289420)
> > > +++ head/etc/mtree/BSD.var.dist   Fri Oct 16 14:04:16 2015
> > > (r289421)
> > > @@ -46,6 +46,8 @@
> > > ..
> > > ipf mode=0700
> > > ..
> > > +ntp mode=0700
> > > +..
> > > pkg
> > > ..
> > > ports
> > > 
> > > Modified: head/etc/ntp.conf
> > > ===
> > > ===
> > > --- head/etc/ntp.conf Fri Oct 16 12:53:22 2015(r2894
> > > 20)
> > > +++ head/etc/ntp.conf Fri Oct 16 14:04:16 2015(r2894
> > > 21)
> > > @@ -77,3 +77,8 @@ restrict 127.127.1.0
> > > #
> > > #server 127.127.1.0
> > > #fudge 127.127.1.0 stratum 10
> > > +
> > > +# See 
> > > http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14
> > > .
> > > +# for documentation regarding leapfile. Updates to the file can be
> > > obtained
> > > +# from ftp://time.nist.gov/pub/ or 
> > > ftp://tycho.usno.navy.mil/pub/ntp/.
> > > +leapfile "/etc/ntp/leap-seconds"
> > > 
> > > Added: head/etc/ntp/Makefile
> > > ===
> > > ===
> > > --- /dev/null 00:00:00 1970   (empty, because file is
> > > newly added)
> > > +++ head/etc/ntp/Makefile Fri Oct 16 14:04:16 2015(r
> > > 289421)
> > > @@ -0,0 +1,10 @@
> > > +# $FreeBSD$
> > > +
> > > +NO_OBJ=
> > > +
> > > +FILES=   leap-seconds
> > > +
> > > +FILESDIR=/etc/ntp
> > > +FILESMODE=   644
> > > +
> > > +.include 
> > > 
> > > Added: head/etc/ntp/leap-seconds
> > > ===
> > > ===
> > > --- /dev/null 00:00:00 1970   (empty, because file is
> > > newly added)
> > > +++ head/etc/ntp/leap-seconds Fri Oct 16 14:04:16 2015
> > > (r289421)
> > > @@ -0,0 +1,119 @@
> > > +#
> > > +# $FreeBSD$
> > > +#
> > > +#ATOMIC TIME.
> > > +#The Coordinated Universal Time (UTC) is the reference
> > > time scale derived
> > > +#from The "Temps Atomique

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Ian Lepore 
On Fri, 2015-10-16 at 14:04 +, Cy Schubert wrote:
> Author: cy
> Date: Fri Oct 16 14:04:16 2015
> New Revision: 289421
> URL: https://svnweb.freebsd.org/changeset/base/289421
> 
> Log:
>   Add default leap-seconds file. This should help ntp networks get
> the
>   leap second date correct
>   
>   Updates to the file can be obtained from ftp://time.nist.gov/pub/ o
> r
>   ftp://tycho.usno.navy.mil/pub/ntp/.
>   
>   Suggested by:   dwmalone
>   Reviewed by:roberto, dwmalone, delphij
>   Approved by:roberto
>   MFC after:  1 week

One thing about this change scares me.  In the ntpd documentation:

If the leapseconds file is present, the leap bits for reference
clocks and downstratum servers are ignored.

I can't determine from casual code examination (and I don't have time
to experiment now) whether that is true even if the file is expired.

The leapfile expires every six months, and users must update it using
some external mechanism, or they must have configured autokey stuff so
that updates can be accepted from peer servers.  In either case what
we've done is created a default configuration that is likely to fail
right out of the box, because at least for releases the file we deliver
will be expired before they even download and install the image.

At the very least I think we should hold off on MFC of this until we
know for sure whether an expired-but-present leapfile causes incorrect
operation.  If a pending leap notification in the leap bits of packets
from peer servers and refclocks will be honored when the file is
expired, then there is no problem with this change.

-- Ian
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Bryan Drewery 
On 10/17/15 11:25 AM, Ian Lepore wrote:
> On Fri, 2015-10-16 at 14:04 +, Cy Schubert wrote:
>> Author: cy
>> Date: Fri Oct 16 14:04:16 2015
>> New Revision: 289421
>> URL: https://svnweb.freebsd.org/changeset/base/289421
>>
>> Log:
>>   Add default leap-seconds file. This should help ntp networks get
>> the
>>   leap second date correct
>>   
>>   Updates to the file can be obtained from ftp://time.nist.gov/pub/ o
>> r
>>   ftp://tycho.usno.navy.mil/pub/ntp/.
>>   
>>   Suggested by:  dwmalone
>>   Reviewed by:   roberto, dwmalone, delphij
>>   Approved by:   roberto
>>   MFC after: 1 week
> 
> One thing about this change scares me.  In the ntpd documentation:
> 
> If the leapseconds file is present, the leap bits for reference
> clocks and downstratum servers are ignored.
> 
> I can't determine from casual code examination (and I don't have time
> to experiment now) whether that is true even if the file is expired.
> 
> The leapfile expires every six months, and users must update it using
> some external mechanism, or they must have configured autokey stuff so
> that updates can be accepted from peer servers.  In either case what
> we've done is created a default configuration that is likely to fail
> right out of the box, because at least for releases the file we deliver
> will be expired before they even download and install the image.
> 
> At the very least I think we should hold off on MFC of this until we
> know for sure whether an expired-but-present leapfile causes incorrect
> operation.  If a pending leap notification in the leap bits of packets
> from peer servers and refclocks will be honored when the file is
> expired, then there is no problem with this change.
> 

Yeah. This sounds like something that needs to be delivered more easily
in a normal update mechanism, such as packages.  ENs every 6 months are
not practical for this and a lot of users don't always apply EN while
IMO they are more likely to apply package upgrades. Short of that, some
kind of periodic script could fetch an updated file .



-- 
Regards,
Bryan Drewery
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Warner Losh 
Until the next leap second…. It would be better to just
always try to grab the latest one… Can we put something
in periodic to do that so users that have releases
that are older than 6 months aren’t screwed?

Warner

> On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
> 
> Author: cy
> Date: Fri Oct 16 14:04:16 2015
> New Revision: 289421
> URL: https://svnweb.freebsd.org/changeset/base/289421
> 
> Log:
>  Add default leap-seconds file. This should help ntp networks get the
>  leap second date correct
> 
>  Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
>  ftp://tycho.usno.navy.mil/pub/ntp/.
> 
>  Suggested by:dwmalone
>  Reviewed by: roberto, dwmalone, delphij
>  Approved by: roberto
>  MFC after:   1 week
> 
> Added:
>  head/etc/ntp/
>  head/etc/ntp/Makefile   (contents, props changed)
>  head/etc/ntp/leap-seconds   (contents, props changed)
> Modified:
>  head/etc/Makefile
>  head/etc/mtree/BSD.var.dist
>  head/etc/ntp.conf
> 
> Modified: head/etc/Makefile
> ==
> --- head/etc/Makefile Fri Oct 16 12:53:22 2015(r289420)
> +++ head/etc/Makefile Fri Oct 16 14:04:16 2015(r289421)
> @@ -240,6 +240,9 @@ distribution:
>   ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
>   ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
>   ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
> +.if ${MK_NTP} != "no"
> + ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
> +.endif
>   ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
> .if ${MK_PKGBOOTSTRAP} != "no"
>   ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
> 
> Modified: head/etc/mtree/BSD.var.dist
> ==
> --- head/etc/mtree/BSD.var.dist   Fri Oct 16 12:53:22 2015
> (r289420)
> +++ head/etc/mtree/BSD.var.dist   Fri Oct 16 14:04:16 2015
> (r289421)
> @@ -46,6 +46,8 @@
> ..
> ipf mode=0700
> ..
> +ntp mode=0700
> +..
> pkg
> ..
> ports
> 
> Modified: head/etc/ntp.conf
> ==
> --- head/etc/ntp.conf Fri Oct 16 12:53:22 2015(r289420)
> +++ head/etc/ntp.conf Fri Oct 16 14:04:16 2015(r289421)
> @@ -77,3 +77,8 @@ restrict 127.127.1.0
> #
> #server 127.127.1.0
> #fudge 127.127.1.0 stratum 10
> +
> +# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
> +# for documentation regarding leapfile. Updates to the file can be obtained
> +# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
> +leapfile "/etc/ntp/leap-seconds"
> 
> Added: head/etc/ntp/Makefile
> ==
> --- /dev/null 00:00:00 1970   (empty, because file is newly added)
> +++ head/etc/ntp/Makefile Fri Oct 16 14:04:16 2015(r289421)
> @@ -0,0 +1,10 @@
> +# $FreeBSD$
> +
> +NO_OBJ=
> +
> +FILES=   leap-seconds
> +
> +FILESDIR=/etc/ntp
> +FILESMODE=   644
> +
> +.include 
> 
> Added: head/etc/ntp/leap-seconds
> ==
> --- /dev/null 00:00:00 1970   (empty, because file is newly added)
> +++ head/etc/ntp/leap-seconds Fri Oct 16 14:04:16 2015(r289421)
> @@ -0,0 +1,119 @@
> +#
> +# $FreeBSD$
> +#
> +#ATOMIC TIME.
> +#The Coordinated Universal Time (UTC) is the reference time scale derived
> +#from The "Temps Atomique International" (TAI) calculated by the Bureau
> +#International des Poids et Mesures (BIPM) using a worldwide network of 
> atomic
> +#clocks. UTC differs from TAI by an integer number of seconds; it is the 
> basis
> +#of all activities in the world.
> +#
> +#
> +#ASTRONOMICAL TIME (UT1) is the time scale based on the rate of rotation 
> of the earth.
> +#It is now mainly derived from Very Long Baseline Interferometry (VLBI). 
> The various
> +#irregular fluctuations progressively detected in the rotation rate of 
> the Earth lead
> +#in 1972 to the replacement of UT1 by UTC as the reference time scale.
> +#
> +#
> +#LEAP SECOND
> +#Atomic clocks are more stable than the rate of the earth rotatiob since 
> the later
> +#undergoes a full range of geophysical perturbations at various time 
> scales (lunisolar
> +#and core-mantle torques,atmospheric and oceanic effetcs, ...)
> +#Leap seconds are needed to keep the two time scales in agreement, i.e. 
> UT1-UTC smaller
> +#than 0.9 second. So, when necessary a "leap second" is introduced in 
> UTC.
> +#Since the adoption of this system in 1972 it has been necessary to add 
> 26 seconds to UTC,
> +#firstly due to the initial choice of the value of the second (1/86400 
> mean solar day of
> +#the year 1820) and secondly to the general slowing down of the Earth's 
> rotation. It is
> +#

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Warner Losh 

> On Oct 17, 2015, at 12:34 PM, Bryan Drewery  wrote:
> 
> On 10/17/15 11:25 AM, Ian Lepore wrote:
>> On Fri, 2015-10-16 at 14:04 +, Cy Schubert wrote:
>>> Author: cy
>>> Date: Fri Oct 16 14:04:16 2015
>>> New Revision: 289421
>>> URL: https://svnweb.freebsd.org/changeset/base/289421
>>> 
>>> Log:
>>>  Add default leap-seconds file. This should help ntp networks get
>>> the
>>>  leap second date correct
>>> 
>>>  Updates to the file can be obtained from ftp://time.nist.gov/pub/ o
>>> r
>>>  ftp://tycho.usno.navy.mil/pub/ntp/.
>>> 
>>>  Suggested by:  dwmalone
>>>  Reviewed by:   roberto, dwmalone, delphij
>>>  Approved by:   roberto
>>>  MFC after: 1 week
>> 
>> One thing about this change scares me.  In the ntpd documentation:
>> 
>>If the leapseconds file is present, the leap bits for reference
>>clocks and downstratum servers are ignored.
>> 
>> I can't determine from casual code examination (and I don't have time
>> to experiment now) whether that is true even if the file is expired.
>> 
>> The leapfile expires every six months, and users must update it using
>> some external mechanism, or they must have configured autokey stuff so
>> that updates can be accepted from peer servers.  In either case what
>> we've done is created a default configuration that is likely to fail
>> right out of the box, because at least for releases the file we deliver
>> will be expired before they even download and install the image.
>> 
>> At the very least I think we should hold off on MFC of this until we
>> know for sure whether an expired-but-present leapfile causes incorrect
>> operation.  If a pending leap notification in the leap bits of packets
>> from peer servers and refclocks will be honored when the file is
>> expired, then there is no problem with this change.
>> 
> 
> Yeah. This sounds like something that needs to be delivered more easily
> in a normal update mechanism, such as packages.  ENs every 6 months are
> not practical for this and a lot of users don't always apply EN while
> IMO they are more likely to apply package upgrades. Short of that, some
> kind of periodic script could fetch an updated file  discussion>.

The file itself is signed, but only weakly with a sha hash at the end. Don’t 
know if
the hash is one of the ones that’s been broken yet or not.

Warner


signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread Ian Lepore 
On Sat, 2015-10-17 at 13:19 -0600, Warner Losh wrote:
> Until the next leap second…. It would be better to just
> always try to grab the latest one… Can we put something
> in periodic to do that so users that have releases
> that are older than 6 months aren’t screwed?
> 
> Warner
> 

I think writing a leapfeatcher task for periodic daily|weekly would
make a nice junior-hacker task.  It would be nice if it only hit the
network when expiration of the installed file is imminent (like within
a month), and only if both ntp and the leapfile feature are enabled and
stuff like that.  It should probably have a configurable list of URLs t
o fetch from.

-- Ian

> > On Oct 16, 2015, at 8:04 AM, Cy Schubert  wrote:
> > 
> > Author: cy
> > Date: Fri Oct 16 14:04:16 2015
> > New Revision: 289421
> > URL: https://svnweb.freebsd.org/changeset/base/289421
> > 
> > Log:
> >  Add default leap-seconds file. This should help ntp networks get
> > the
> >  leap second date correct
> > 
> >  Updates to the file can be obtained from ftp://time.nist.gov/pub/ 
> > or
> >  ftp://tycho.usno.navy.mil/pub/ntp/.
> > 
> >  Suggested by:  dwmalone
> >  Reviewed by:   roberto, dwmalone, delphij
> >  Approved by:   roberto
> >  MFC after: 1 week
> > 
> > Added:
> >  head/etc/ntp/
> >  head/etc/ntp/Makefile   (contents, props changed)
> >  head/etc/ntp/leap-seconds   (contents, props changed)
> > Modified:
> >  head/etc/Makefile
> >  head/etc/mtree/BSD.var.dist
> >  head/etc/ntp.conf
> > 
> > Modified: head/etc/Makefile
> > ===
> > ===
> > --- head/etc/Makefile   Fri Oct 16 12:53:22 2015(r2894
> > 20)
> > +++ head/etc/Makefile   Fri Oct 16 14:04:16 2015(r2894
> > 21)
> > @@ -240,6 +240,9 @@ distribution:
> > ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
> > ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
> > ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
> > +.if ${MK_NTP} != "no"
> > +   ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
> > +.endif
> > ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
> > .if ${MK_PKGBOOTSTRAP} != "no"
> > ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
> > 
> > Modified: head/etc/mtree/BSD.var.dist
> > ===
> > ===
> > --- head/etc/mtree/BSD.var.dist Fri Oct 16 12:53:22 2015
> > (r289420)
> > +++ head/etc/mtree/BSD.var.dist Fri Oct 16 14:04:16 2015
> > (r289421)
> > @@ -46,6 +46,8 @@
> > ..
> > ipf mode=0700
> > ..
> > +ntp mode=0700
> > +..
> > pkg
> > ..
> > ports
> > 
> > Modified: head/etc/ntp.conf
> > ===
> > ===
> > --- head/etc/ntp.conf   Fri Oct 16 12:53:22 2015(r2894
> > 20)
> > +++ head/etc/ntp.conf   Fri Oct 16 14:04:16 2015(r2894
> > 21)
> > @@ -77,3 +77,8 @@ restrict 127.127.1.0
> > #
> > #server 127.127.1.0
> > #fudge 127.127.1.0 stratum 10
> > +
> > +# See 
> > http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14
> > .
> > +# for documentation regarding leapfile. Updates to the file can be
> > obtained
> > +# from ftp://time.nist.gov/pub/ or 
> > ftp://tycho.usno.navy.mil/pub/ntp/.
> > +leapfile "/etc/ntp/leap-seconds"
> > 
> > Added: head/etc/ntp/Makefile
> > ===
> > ===
> > --- /dev/null   00:00:00 1970   (empty, because file is
> > newly added)
> > +++ head/etc/ntp/Makefile   Fri Oct 16 14:04:16 2015(r
> > 289421)
> > @@ -0,0 +1,10 @@
> > +# $FreeBSD$
> > +
> > +NO_OBJ=
> > +
> > +FILES= leap-seconds
> > +
> > +FILESDIR=  /etc/ntp
> > +FILESMODE= 644
> > +
> > +.include 
> > 
> > Added: head/etc/ntp/leap-seconds
> > ===
> > ===
> > --- /dev/null   00:00:00 1970   (empty, because file is
> > newly added)
> > +++ head/etc/ntp/leap-seconds   Fri Oct 16 14:04:16 2015
> > (r289421)
> > @@ -0,0 +1,119 @@
> > +#
> > +# $FreeBSD$
> > +#
> > +#  ATOMIC TIME.
> > +#  The Coordinated Universal Time (UTC) is the reference
> > time scale derived
> > +#  from The "Temps Atomique International" (TAI) calculated
> > by the Bureau
> > +#  International des Poids et Mesures (BIPM) using a
> > worldwide network of atomic
> > +#  clocks. UTC differs from TAI by an integer number of
> > seconds; it is the basis
> > +#  of all activities in the world.
> > +#
> > +#
> > +#  ASTRONOMICAL TIME (UT1) is the time scale based on the
> > rate of rotation of the earth.
> > +#  It is now mainly derived from Very Long Baseline
> > Interferometry (VLBI). The various
> > +#  irregular fluctuations progressively detected in the
> > rotation rate of the Earth lead
> > +#  in 1972 to the replacement of UT1 by UTC as the reference
> > time scale.
> >

Re: svn commit: r289421 - in head/etc: . mtree ntp

2015-10-17 Thread David Malone 
On Sat, Oct 17, 2015 at 12:25:50PM -0600, Ian Lepore wrote:
> If the leapseconds file is present, the leap bits for reference
> clocks and downstratum servers are ignored.
> 
> I can't determine from casual code examination (and I don't have time
> to experiment now) whether that is true even if the file is expired.

The way the code seems to work is:

1) Take a vote from your peers on if there is an upcoming
leap second. Refclocks can outvote other peers. (This is
in ntp_proto.c:clock_update() - search for leap_vote_ins).

2) If one seems to be pending, try to insert it into an
in-memory table for the end of the month.

3) If you find that you loaded a table and the leapsecond
you are trying to insert is within the valid range of the
table, return an error. (This is in ntp_leapsec.c:leapsec_add())

So, I think the change should be safe, if the comments match the code.

David.
___
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"