[chrony-dev] Documentation patch
Hi When trying to install chrony from source, I found out that the README refered to INSTALL which does not exist. Also asciidoctor is needed during install. here is a patch to fix the docs. Regards Rune diff --git a/README b/README index 005cba1..af988f0 100644 --- a/README +++ b/README @@ -36,7 +36,7 @@ certain system calls and the kernel on your target system. How do I set it up? === -The file INSTALL gives instructions. On supported systems the +The file doc/installation.adoc gives instructions. On supported systems the compilation process should be automatic. You will need an ANSI C compiler -- gcc is recommended. diff --git a/doc/installation.adoc b/doc/installation.adoc index 151674a..6269ddb 100644 --- a/doc/installation.adoc +++ b/doc/installation.adoc @@ -97,7 +97,8 @@ superuser, and requires the following command to be entered. make install -This will install the binaries and man pages. +This will install the binaries and man pages. The program asciidoctor is +needed to generate the man pages. Without it, the install fails. To install the HTML version of the manual, enter the command -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] Idea: Leapsecond info via DNS
På Mon, 19 Sep 2016 09:15:27 +0200 Miroslav Lichvar <mlich...@redhat.com> skrev: > On Sun, Sep 18, 2016 at 10:53:54AM +0200, Rune Magnussen wrote: > > På Fri, 16 Sep 2016 17:48:29 +0200 > > Miroslav Lichvar <mlich...@redhat.com> skrev: [vut] > > > > I'd rather see chrony to get support for reading leap seconds > > > from the "leap-seconds.list" file, which is distributed by > > > multiple servers, and recommend running "sleep $[RANDOM] && wget > > > -O ... https://; from cron every month or so. > > You would then have to make sure the checksums are downloaded from > > another mirror than the file and the best mirrors would depend on > > where you are. This seems almost as complicated as adding support > > for leap seconds via DNS. > > I'm not sure I follow. Why would I need to download data from multiple > servers? Are you suggesting to not trust one server, but have a voting > mechanism with at least three different servers like NTP normally > does? I just meant that if you want to validate the downloaded file then you should get the checksum from a different mirror. If the file is compromised on one server then the checksum file migt be too. In that case there would be no detectable error. With tho servers there would be warnings if either the leap second file or the checksum file was changed. Anyway, I did not make enough research. Now I have found a place to download the file, but there is not any obvious checksum file. Perhaps you really have to download the entire file more than once to make sure. Looks like most of my points are moot. Regards Rune -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
Re: [chrony-dev] Idea: Leapsecond info via DNS
På Fri, 16 Sep 2016 17:48:29 +0200 Miroslav Lichvar <mlich...@redhat.com> skrev: > On Wed, Sep 14, 2016 at 11:32:55PM +0200, Rune Magnussen wrote: > > Hi > > > > Poul-Henning Kamp has implemented a system to get leapsecond > > information via DNS. I wonder if it is feasible to use in chronyd. > > The benefit would be that there is no need to download and update > > leapsecond files. On the other hand it adds a dependency on another > > service. PHK has made a reference implementation in the form of a > > test program here: > > > > http://www.freebsd.dk/time/20151122.html > > It's an interesting idea. I like that it announces leap seconds one > [cut] > > However, I'm not sure if this is the best approach for getting leap > second information. DNS is normally unsecure, so a MITM attacker could > inject a false leap second even if all NTP sources were > authenticated. Is DNS worse than NTP-packets when it comes to MITM? > > I'd rather see chrony to get support for reading leap seconds from the > "leap-seconds.list" file, which is distributed by multiple servers, > and recommend running "sleep $[RANDOM] && wget -O ... https://; > from cron every month or so. You would then have to make sure the checksums are downloaded from another mirror than the file and the best mirrors would depend on where you are. This seems almost as complicated as adding support for leap seconds via DNS. Regards Rune -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.
[chrony-dev] Idea: Leapsecond info via DNS
Hi Poul-Henning Kamp has implemented a system to get leapsecond information via DNS. I wonder if it is feasible to use in chronyd. The benefit would be that there is no need to download and update leapsecond files. On the other hand it adds a dependency on another service. PHK has made a reference implementation in the form of a test program here: http://www.freebsd.dk/time/20151122.html The DNS service is still up to date. I found the CRC stuff somewhat confusing, but the field has a value so when the entire packet is fed through the algorithm then the result modulo 0x80 is zero for valid responses. I have not looked close enough at the chronyd code to see where or how it could be implemented, but I think chronyd should only make the DNS lookup at startup and then perhaps once a week. At least the DNS server should not be overloaded. With a long interval measured from startup time I guess it is OK. What do you think? Kind regards Rune -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the subject. Trouble? Email listmas...@chrony.tuxfamily.org.