From 44bbfc3a761332e46724af409b7a6e584b4b02be Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From d31a2453bc19ca62717299e95376b56652f9473e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From 3b9f47061ae1310b4f04e4a81e466b5c68ee3986 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From f66bc754d201d965730c278d79d8d094270c0aea Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From 86e63ba6128e7ad7a072b6f7c9a8b671ef4200c1 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 9b5de603750d9a2e3a85092e29d3816f8a7aaefe Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 5545379812427992b38ef46ac72a332565a0212a Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From 1585cb3c2848d639b692e8424287aa8bebfcbc28 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From eb3a6ea51832d13b5eb1032148d9f83ae6ebb9b9 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 445e6a12c360c52ac1c0c46c89ab59d9d77c1195 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..4a743ba 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From 3d47992707e37c88c759dd58574acf33c790db34 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From e2f966603013af49cee134c77eccb8380e92d324 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From cc2140108ca0b1dbaa05f6caf45ec0c155311fff Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 145173f0fe7edcc0fb53b6d52e3e943f8ea0a6fb Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 359ad299e3c526a6583c95c1af938b1fac579c6b Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From 4f3e06e7f821f70a0416bb4fed92cf3c9c81de85 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From f5b1677f5aea806344a8c3a135afa9c24f35ea7b Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 025212d4fee67c77a8f7cf3a9b5f423850b553a2 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 16 Jan 2020 17:04:35 +0100 Subject: sys_linux: allow renameat2 in seccomp filter This is needed for architectures that support neither rename() nor renameat() (e.g. riscv64) Gbp-Pq: Name allow-renameat2-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..ffbc9dd 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat), - SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), - SCMP_SYS(unlink), SCMP_SYS(unlinkat), + SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), + SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), -- cgit v1.2.3 From d13ed613924ef496f52ca917eae8fe20684c4b83 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ffbc9dd..ee7ddc1 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From 7486eca1e3ea39ef0af3e950d504e8141e767c20 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From 7fd207b94282444ac710408365abded4eac6adaf Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From a0caa17e57a06e1a20daa9fd109986823d33fa2c Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 817d29420d94d956b10a2d31cfc91f0ee18adf2e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 5b6948c0bf14fcda499250da1f63403ffcd3c87e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From ef445330c712564c68b10fdc730e54b6fedf3840 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From d07c50f170898d714415fcf355ba3bed23b633ad Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 66260f6e750b919e8a1eb1c1811f678e1f4e4d28 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 16 Jan 2020 17:04:35 +0100 Subject: sys_linux: allow renameat2 in seccomp filter This is needed for architectures that support neither rename() nor renameat() (e.g. riscv64) Gbp-Pq: Name allow-renameat2-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..ffbc9dd 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat), - SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), - SCMP_SYS(unlink), SCMP_SYS(unlinkat), + SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), + SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), -- cgit v1.2.3 From 3f905d4b5543ff43dccde02368299361e25312b5 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ffbc9dd..ee7ddc1 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From f41a777a53542219611500d53ef4e9c63394922a Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From d7ff44d7feac74eef58fd2b89bb2531c0dd35087 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From 93e6ebb126d0e1b81914e350210e1b09c3e3f295 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 13da0b62b52f8bceafed70f7d52562c01614a989 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 2c9a18beb8d1fc261d99045500adf137b8ebcd3e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From 2a5c3283114af06e2a4d4a1885bd98cf993b82c1 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From 5eb954cc4b8182426741292050e355677bcc621b Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 0c9ea3e3dce1d6818b6e1bff6b57c1a93ed5b642 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 16 Jan 2020 17:04:35 +0100 Subject: sys_linux: allow renameat2 in seccomp filter This is needed for architectures that support neither rename() nor renameat() (e.g. riscv64) Gbp-Pq: Name allow-renameat2-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..ffbc9dd 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat), - SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), - SCMP_SYS(unlink), SCMP_SYS(unlinkat), + SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), + SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), -- cgit v1.2.3 From 5cdafedb62634223be0cacb3ca556cb16a40c6a1 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ffbc9dd..ee7ddc1 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From e5870485ae58b42093f43e10021fa1d7f9cf7494 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From 676e0fc1642fee103d62b0c326fa61173b7fb744 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From 0bcfc59bb84a63cfc454027d98fbd4fdb9658af6 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 803f856c5af0300a4bd5e100442ec7542435088e Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 2c2cbef8935f5b30e44d986d5b3fa74b46af3a06 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From 5e1af24a62252a08770a89fb172c43a5ff7d6089 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From 234358e0d64290bb5a3f8eaffb0a484b0f28c316 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From ad2b1605261d779dbf40b7043bac040e9a743e0d Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Tue, 19 May 2020 16:42:18 +0200 Subject: allow some *time64 syscalls in seccomp filter Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005 Forwarded: https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg02172.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7a7295992f76def739f0110f1e8f1346ff3a032e Last-Update: 2020-05-18 Allowing these system calls is required for 32-bit architectures with new system calls using 64-bit time_t. Last-Update: 2020-05-18 Gbp-Pq: Name allow-some-*time64-syscalls-in-seccomp-filter.patch --- sys_linux.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ee7ddc1..931dd95 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,7 +478,14 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), +#ifdef __NR_clock_adjtime64 + SCMP_SYS(clock_adjtime64), +#endif + SCMP_SYS(clock_gettime), +#ifdef __NR_clock_gettime64 + SCMP_SYS(clock_gettime64), +#endif SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), @@ -497,14 +504,29 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), - SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), + SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), +#ifdef __NR_recvmmsg_time64 + SCMP_SYS(recvmmsg_time64), +#endif + SCMP_SYS(recvmsg), SCMP_SYS(send), SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto), /* TODO: check socketcall arguments */ SCMP_SYS(socketcall), /* General I/O */ SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe), - SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read), - SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), + SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), +#ifdef __NR_ppoll_time64 + SCMP_SYS(ppoll_time64), +#endif + SCMP_SYS(pselect6), +#ifdef __NR_pselect6_time64 + SCMP_SYS(pselect6_time64), +#endif + SCMP_SYS(read), SCMP_SYS(futex), +#ifdef __NR_futex_time64 + SCMP_SYS(futex_time64), +#endif + SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), /* Miscellaneous */ SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), }; -- cgit v1.2.3 From bd16a78b97c6cd9538ac951a88f447308eac7dc2 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 16 Jan 2020 17:04:35 +0100 Subject: sys_linux: allow renameat2 in seccomp filter This is needed for architectures that support neither rename() nor renameat() (e.g. riscv64) Gbp-Pq: Name allow-renameat2-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..ffbc9dd 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat), - SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), - SCMP_SYS(unlink), SCMP_SYS(unlinkat), + SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), + SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), -- cgit v1.2.3 From 0a492d6d9b298269a641603fc430487c955add27 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ffbc9dd..ee7ddc1 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From 7af939955fa2d3e4e86ddda359afc8fed3f51b72 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From 773362c5f07ffd5f8eab018cce076ce24e61b261 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From 1e2687c9892b75536dec3f0556beb65503e3635d Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 979e056fce3dc21d2933e6396cdeb5503c628b0d Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From 3e128f9b669b598099536bc375ce443122bc0926 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From ecc9bbd66d94257564f56039d09589834618a5c8 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From fd5d3387fad02a9439066a4bfffd7ce29f4a6dd8 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 98e96b55cc097d93a487319eef5d346021a2f9a1 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 20 Aug 2020 14:07:22 +0200 Subject: allow some *time64 syscalls in seccomp filter Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005 Forwarded: https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg02172.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7a7295992f76def739f0110f1e8f1346ff3a032e Last-Update: 2020-05-18 Allowing these system calls is required for 32-bit architectures with new system calls using 64-bit time_t. Last-Update: 2020-05-18 Gbp-Pq: Name allow-some-*time64-syscalls-in-seccomp-filter.patch --- sys_linux.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ee7ddc1..931dd95 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,7 +478,14 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), +#ifdef __NR_clock_adjtime64 + SCMP_SYS(clock_adjtime64), +#endif + SCMP_SYS(clock_gettime), +#ifdef __NR_clock_gettime64 + SCMP_SYS(clock_gettime64), +#endif SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), @@ -497,14 +504,29 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), - SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), + SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), +#ifdef __NR_recvmmsg_time64 + SCMP_SYS(recvmmsg_time64), +#endif + SCMP_SYS(recvmsg), SCMP_SYS(send), SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto), /* TODO: check socketcall arguments */ SCMP_SYS(socketcall), /* General I/O */ SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe), - SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read), - SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), + SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), +#ifdef __NR_ppoll_time64 + SCMP_SYS(ppoll_time64), +#endif + SCMP_SYS(pselect6), +#ifdef __NR_pselect6_time64 + SCMP_SYS(pselect6_time64), +#endif + SCMP_SYS(read), SCMP_SYS(futex), +#ifdef __NR_futex_time64 + SCMP_SYS(futex_time64), +#endif + SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), /* Miscellaneous */ SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), }; -- cgit v1.2.3 From 73679851780ce6cbae2b039d2eeee3fa5de0b099 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 16 Jan 2020 17:04:35 +0100 Subject: sys_linux: allow renameat2 in seccomp filter This is needed for architectures that support neither rename() nor renameat() (e.g. riscv64) Gbp-Pq: Name allow-renameat2-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 898dc7a..ffbc9dd 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -493,8 +493,8 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(chown32), SCMP_SYS(faccessat), SCMP_SYS(fchmodat), SCMP_SYS(fchownat), SCMP_SYS(fstat), SCMP_SYS(fstat64), SCMP_SYS(getdents), SCMP_SYS(getdents64), SCMP_SYS(lseek), SCMP_SYS(newfstatat), SCMP_SYS(rename), SCMP_SYS(renameat), - SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), SCMP_SYS(statfs64), - SCMP_SYS(unlink), SCMP_SYS(unlinkat), + SCMP_SYS(renameat2), SCMP_SYS(stat), SCMP_SYS(stat64), SCMP_SYS(statfs), + SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), -- cgit v1.2.3 From 18729e12ace62b79d6598edb4b740d371349a8fe Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 2 Dec 2019 12:47:13 +0100 Subject: sys_linux: allow clock_adjtime in seccomp filter The adjtimex() function in glibc was switched to the clock_adjtime system call. Gbp-Pq: Name allow-clock_adjtime-in-seccomp-filter.patch --- sys_linux.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ffbc9dd..ee7ddc1 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday), - SCMP_SYS(settimeofday), SCMP_SYS(time), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), -- cgit v1.2.3 From 5773c81bc01f4038a2087be9e7c907f6a6aa3b6a Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 18 Jun 2019 15:41:50 +0200 Subject: test: update processing of packet log Two new fields have been added to the packet log, which broke some of the simulation tests. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=62d6aed6a64b887c9e3b7f03d9e0db1deaa2696a Gbp-Pq: Name update_processing_of_packet_log.patch --- test/simulation/test.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/test.common b/test/simulation/test.common index 951a794..8ed6ad9 100644 --- a/test/simulation/test.common +++ b/test/simulation/test.common @@ -391,9 +391,9 @@ check_packet_port() { for i in $(seq 1 $(get_chronyd_nodes)); do test_message 3 0 "node $i:" - grep -E -q " $port [0-9]+\$" tmp/log.packets && \ + grep -E -q "^([0-9e.+-]+ ){5}$port " tmp/log.packets && \ ! grep -E "^[0-9e.+-]+ $i " tmp/log.packets | \ - grep -E -q -v " $port [0-9]+\$" && \ + grep -E -q -v "^([0-9e.+-]+ ){5}$port " && \ test_ok || test_bad [ $? -eq 0 ] || ret=1 done -- cgit v1.2.3 From 13c8cbb750d1d041ed554fbddf9ff677901bd708 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:40:44 +0100 Subject: rtc: simplify and move switch_interrupts() Gbp-Pq: Name rtc-simplify-and-move-switch_interrupts-function.patch --- rtc_linux.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index d4d9bd0..30833e5 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -527,6 +527,20 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) return RTC_ST_OK; } +/* ================================================== */ + +static void +switch_interrupts(int on_off) +{ + if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { + LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", + on_off ? "enable" : "disable", strerror(errno)); + return; + } + + if (on_off) + skip_interrupts = 1; +} /* ================================================== */ /* file_name is the name of the file where we save the RTC params @@ -603,29 +617,6 @@ RTC_Linux_Finalise(void) /* ================================================== */ -static void -switch_interrupts(int onoff) -{ - int status; - - if (onoff) { - status = ioctl(fd, RTC_UIE_ON, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "enable", strerror(errno)); - return; - } - skip_interrupts = 1; - } else { - status = ioctl(fd, RTC_UIE_OFF, 0); - if (status < 0) { - LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", "disable", strerror(errno)); - return; - } - } -} - -/* ================================================== */ - static void measurement_timeout(void *any) { -- cgit v1.2.3 From 0e9c58cb6e717c19e39bda91021cea80e453d275 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:30:42 +0100 Subject: rtc: don't finalize driver if initialization failed Gbp-Pq: Name rtc-do-not-finalize-driver-if-initialization-failed.patch --- rtc.c | 2 +- rtc_linux.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/rtc.c b/rtc.c index 33d04bf..fa83173 100644 --- a/rtc.c +++ b/rtc.c @@ -160,7 +160,7 @@ RTC_Initialise(int initial_set) void RTC_Finalise(void) { - if (driver.fini) { + if (driver_initialised) { (driver.fini)(); } } diff --git a/rtc_linux.c b/rtc_linux.c index 30833e5..c1a705d 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -550,6 +550,17 @@ switch_interrupts(int on_off) int RTC_Linux_Initialise(void) { + /* Try to open the device */ + fd = open(CNF_GetRtcDevice(), O_RDWR); + if (fd < 0) { + LOG(LOGS_ERR, "Could not open RTC device %s : %s", + CNF_GetRtcDevice(), strerror(errno)); + return 0; + } + + /* Close on exec */ + UTI_FdSetCloexec(fd); + rtc_sec = MallocArray(time_t, MAX_SAMPLES); rtc_trim = MallocArray(double, MAX_SAMPLES); system_times = MallocArray(struct timespec, MAX_SAMPLES); @@ -560,18 +571,6 @@ RTC_Linux_Initialise(void) /* In case it didn't get done by pre-init */ coefs_file_name = CNF_GetRtcFile(); - /* Try to open device */ - - fd = open (CNF_GetRtcDevice(), O_RDWR); - if (fd < 0) { - LOG(LOGS_ERR, "Could not open RTC device %s : %s", - CNF_GetRtcDevice(), strerror(errno)); - return 0; - } - - /* Close on exec */ - UTI_FdSetCloexec(fd); - n_samples = 0; n_samples_since_regression = 0; n_runs = 0; -- cgit v1.2.3 From 8c2fda5816fadd78e981665e9437552199d5319f Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:33:17 +0100 Subject: rtc: handle RTCs that don't support interrupts Some RTCs supported by the Linux kernel don't support the RTC_UIE_ON/OFF ioctls, which causes chronyd started with the -s option to get stuck in the initial RTC mode. After opening the RTC device in the initialization, return error if the ioctls are not supported to prevent the upper layer from calling the time_init() function and expecting it to finish. Gbp-Pq: Name rtc-handle-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/rtc_linux.c b/rtc_linux.c index c1a705d..8b21394 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -529,17 +529,19 @@ write_coefs_to_file(int valid,time_t ref_time,double offset,double rate) /* ================================================== */ -static void +static int switch_interrupts(int on_off) { if (ioctl(fd, on_off ? RTC_UIE_ON : RTC_UIE_OFF, 0) < 0) { LOG(LOGS_ERR, "Could not %s RTC interrupt : %s", on_off ? "enable" : "disable", strerror(errno)); - return; + return 0; } if (on_off) skip_interrupts = 1; + + return 1; } /* ================================================== */ @@ -558,6 +560,12 @@ RTC_Linux_Initialise(void) return 0; } + /* Make sure the RTC supports interrupts */ + if (!switch_interrupts(0)) { + close(fd); + return 0; + } + /* Close on exec */ UTI_FdSetCloexec(fd); -- cgit v1.2.3 From cf224248b47dee8fe24ba334c72ecba3f0fcaa30 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Tue, 10 Dec 2019 17:42:34 +0100 Subject: rtc: disable interrupts in finalization Don't leave interrupts enabled if chronyd is stopped when making an RTC measurement. Gbp-Pq: Name rtc-disable-interrupts-in-finalization.patch --- rtc_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/rtc_linux.c b/rtc_linux.c index 8b21394..7ec27c9 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -611,6 +611,7 @@ RTC_Linux_Finalise(void) /* Remove input file handler */ if (fd >= 0) { SCH_RemoveFileHandler(fd); + switch_interrupts(0); close(fd); /* Save the RTC data */ -- cgit v1.2.3 From 0f2f380b92c9c4100359395436b389763dbdc31a Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:40 +0100 Subject: rtc: extend check for RTCs that don't support interrupts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Several RTCs would only expose the broken behavior on enabling interrupts. The reason for that is that the kernel only returns the error if the state changes. Therefore the check has to probe switch_interrupts(1) as well. On platforms that work it will be switched on and off, while on those it never works it will just stay off. Clocks known to expose that behavior include, but are not limited to: PPC64# dmesg | grep -i rtc    [    0.241872] rtc-generic rtc-generic: registered as rtc0 [    0.270221] rtc-generic rtc-generic: setting system clock to ... ARM64# dmesg | grep -i rtc [    0.876198] rtc-efi rtc-efi: registered as rtc0 [    1.046869] rtc-efi rtc-efi: setting system clock to ... Signed-off-by: Christian Ehrhardt Gbp-Pq: Name rtc-extend-check-for-RTCs-that-do-not-support-interrupts.patch --- rtc_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rtc_linux.c b/rtc_linux.c index 7ec27c9..3220fad 100644 --- a/rtc_linux.c +++ b/rtc_linux.c @@ -561,7 +561,7 @@ RTC_Linux_Initialise(void) } /* Make sure the RTC supports interrupts */ - if (!switch_interrupts(0)) { + if (!switch_interrupts(1) || !switch_interrupts(0)) { close(fd); return 0; } -- cgit v1.2.3 From 6b1fdb146f5ddc94663996e95310260934f5a6e8 Mon Sep 17 00:00:00 2001 From: Christian Ehrhardt Date: Thu, 12 Dec 2019 12:06:39 +0100 Subject: test: accept test result if RTC can't enable RTC_UIE_ON The test might run on different platforms. If the platform happens to have a RTC that does exist but unable to have RTC_UIE_ON set the test will fail, while the chrony code is actually good. Examples of bad clocks are: - ppc64el: rtc-generic - arm64: rtc-efi To avoid that extend the log message check on 101-rtc to accept that condition as a valid test result as well. Signed-off-by: Christian Ehrhardt Gbp-Pq: Name test-accept-test-result-if-RTC-can-not-enable-RTC_UIE_ON.patch --- test/system/101-rtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/system/101-rtc b/test/system/101-rtc index fa9a70d..68bce68 100755 --- a/test/system/101-rtc +++ b/test/system/101-rtc @@ -14,6 +14,6 @@ echo "1 $(date +%s) 0.0 0.0" > "$TEST_DIR/rtcfile" start_chronyd || test_fail stop_chronyd || test_fail -check_chronyd_message_count "\(clock off from RTC\|RTC time before last\)" 1 1 || test_fail +check_chronyd_message_count "\(clock off from RTC\|RTC time before last\|Could not \(enable\|disable\) RTC interrupt\)" 1 1 || test_fail test_pass -- cgit v1.2.3 From 0aad9f271c9eb1b66f12af8072c920f8c438f134 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 16 Sep 2020 12:32:23 +0200 Subject: allow some *time64 syscalls in seccomp filter Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1878005 Forwarded: https://www.mail-archive.com/chrony-dev@chrony.tuxfamily.org/msg02172.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7a7295992f76def739f0110f1e8f1346ff3a032e Last-Update: 2020-05-18 Allowing these system calls is required for 32-bit architectures with new system calls using 64-bit time_t. Last-Update: 2020-05-18 Gbp-Pq: Name allow-some-*time64-syscalls-in-seccomp-filter.patch --- sys_linux.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index ee7ddc1..931dd95 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -478,7 +478,14 @@ SYS_Linux_EnableSystemCallFilter(int level) { const int syscalls[] = { /* Clock */ - SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime), + SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), +#ifdef __NR_clock_adjtime64 + SCMP_SYS(clock_adjtime64), +#endif + SCMP_SYS(clock_gettime), +#ifdef __NR_clock_gettime64 + SCMP_SYS(clock_gettime64), +#endif SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time), /* Process */ SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), @@ -497,14 +504,29 @@ SYS_Linux_EnableSystemCallFilter(int level) SCMP_SYS(statfs64), SCMP_SYS(unlink), SCMP_SYS(unlinkat), /* Socket */ SCMP_SYS(bind), SCMP_SYS(connect), SCMP_SYS(getsockname), SCMP_SYS(getsockopt), - SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), SCMP_SYS(recvmsg), + SCMP_SYS(recv), SCMP_SYS(recvfrom), SCMP_SYS(recvmmsg), +#ifdef __NR_recvmmsg_time64 + SCMP_SYS(recvmmsg_time64), +#endif + SCMP_SYS(recvmsg), SCMP_SYS(send), SCMP_SYS(sendmmsg), SCMP_SYS(sendmsg), SCMP_SYS(sendto), /* TODO: check socketcall arguments */ SCMP_SYS(socketcall), /* General I/O */ SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe), - SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read), - SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), + SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), +#ifdef __NR_ppoll_time64 + SCMP_SYS(ppoll_time64), +#endif + SCMP_SYS(pselect6), +#ifdef __NR_pselect6_time64 + SCMP_SYS(pselect6_time64), +#endif + SCMP_SYS(read), SCMP_SYS(futex), +#ifdef __NR_futex_time64 + SCMP_SYS(futex_time64), +#endif + SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write), /* Miscellaneous */ SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname), }; -- cgit v1.2.3 From 97d0a1614696b4dfb9318cc3657708cef2677fca Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Tue, 13 Oct 2020 15:59:33 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From f12969fbd45c2ba281423068b1d58a42fe23ae67 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Mon, 18 Jan 2021 21:58:52 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 4523daf0c535009d06d4714bab8e03bdba81b8c5 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 21 Jan 2021 20:02:39 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From aa767d80fc93b1d140247a2b388a5b0a1c3ca145 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 4 Feb 2021 19:49:22 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 6360a9408ab1b9d8aa3928693191c359378a92b8 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Sun, 21 Feb 2021 21:59:22 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 4fd14c17bc57dc6ea45c648f0fc7c10ee8613416 Mon Sep 17 00:00:00 2001 From: Foster Snowhill Date: Sun, 4 Apr 2021 15:12:17 +0200 Subject: sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp This system call is required by the DSCP marking feature introduced in commit 6a5665ca5877 ("conf: add dscp directive"). Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a custom DSCP value in the configuration (for example "dscp 46") caused the process to be killed by seccomp due to IP_TOS not being allowed by the filter. Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic. IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it. Signed-off-by: Foster Snowhill Bug: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2021/04/msg00000.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=966e6fd939df724235a93e7a89dd7cf67178f99d Last-Update: 2021-04-08 Gbp-Pq: Name allow-IP_TOS-socket-option-in-seccomp-filter.patch --- sys_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys_linux.c b/sys_linux.c index 0b24445..11fc1ff 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) }; const static int socket_options[][2] = { - { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, + { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS }, #ifdef FEAT_IPV6 { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO }, #endif -- cgit v1.2.3 From a1e05c311a4224e9f6add60852fe21f66997f9c6 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 8 Apr 2021 16:21:16 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 9a36f6bc3ce3cac41f5ae4678f7cd47a741a9dfb Mon Sep 17 00:00:00 2001 From: Foster Snowhill Date: Sun, 4 Apr 2021 15:12:17 +0200 Subject: sys_linux: allow setsockopt(SOL_IP, IP_TOS) in seccomp This system call is required by the DSCP marking feature introduced in commit 6a5665ca5877 ("conf: add dscp directive"). Before this change, enabling seccomp filtering (chronyd -F 1) and specifying a custom DSCP value in the configuration (for example "dscp 46") caused the process to be killed by seccomp due to IP_TOS not being allowed by the filter. Tested before and after the change on Ubuntu 21.04, kernel 5.11.0-13-generic. IP_TOS is available since Linux 1.0, so I didn't add any ifdefs for it. Signed-off-by: Foster Snowhill Bug: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2021/04/msg00000.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=966e6fd939df724235a93e7a89dd7cf67178f99d Last-Update: 2021-04-08 Gbp-Pq: Name allow-IP_TOS-socket-option-in-seccomp-filter.patch --- sys_linux.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys_linux.c b/sys_linux.c index 0b24445..11fc1ff 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) }; const static int socket_options[][2] = { - { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, + { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS }, #ifdef FEAT_IPV6 { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO }, #endif -- cgit v1.2.3 From 25008cddf7ca59365bb0953951cf55ec5bf898db Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 13 May 2021 16:51:41 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 48e0dbcda8ba7f9eb0f6198e7e829d1daf04bb6c Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 29 Apr 2021 12:35:49 +0200 Subject: sys_linux: allow BINDTODEVICE option in seccomp filter Fixes: 4ef944b73436 ("socket: add support for binding sockets to device") Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=b9f5ce83b02e765ad5a65a264e88352528d6b2b3 Last-Update: 2021-05-13 Gbp-Pq: Name allow-BINDTODEVICE-option-in-seccomp-filter.patch --- sys_linux.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys_linux.c b/sys_linux.c index 11fc1ff..23d4317 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -618,6 +618,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) { SOL_IP, IP_PKTINFO }, { SOL_IP, IP_FREEBIND }, { SOL_IP, IP_TOS }, #ifdef FEAT_IPV6 { SOL_IPV6, IPV6_V6ONLY }, { SOL_IPV6, IPV6_RECVPKTINFO }, +#endif +#ifdef SO_BINDTODEVICE + { SOL_SOCKET, SO_BINDTODEVICE }, #endif { SOL_SOCKET, SO_BROADCAST }, { SOL_SOCKET, SO_REUSEADDR }, #ifdef SO_REUSEPORT -- cgit v1.2.3 From e2d503b8ae2e714f0e7520f6ace3a0e2982e13a7 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Thu, 29 Apr 2021 16:53:40 +0200 Subject: sys_linux: allow getuid32 in seccomp filter This was triggered on x86 in an NTS test. Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=9cdfc15e310887d86c74beb0d6b748572624201c Last-Update: 2021-05-13 Gbp-Pq: Name allow-getuid32-in-seccomp-filter.patch --- sys_linux.c | 1 + 1 file changed, 1 insertion(+) diff --git a/sys_linux.c b/sys_linux.c index 23d4317..80cd31b 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -508,6 +508,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(getpid), SCMP_SYS(getrlimit), SCMP_SYS(getuid), + SCMP_SYS(getuid32), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask), -- cgit v1.2.3 From d6956188c3599af2ebd089a98adb43b10b3d1eec Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Sun, 15 Aug 2021 15:08:56 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From da07bb5d81fcbec99f93ad66246dfa039bf5b18a Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 9 Aug 2021 11:48:21 +0200 Subject: sys_linux: allow clone3 and pread64 in seccomp filter These seem to be needed with the latest glibc. Gbp-Pq: Name allow-clone3-and-pread64-in-seccomp-filter.patch --- sys_linux.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys_linux.c b/sys_linux.c index 50c0843..2b53f72 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) /* Process */ SCMP_SYS(clone), +#ifdef __NR_clone3 + SCMP_SYS(clone3), +#endif SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), @@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) #ifdef __NR_ppoll_time64 SCMP_SYS(ppoll_time64), #endif + SCMP_SYS(pread64), SCMP_SYS(pselect6), #ifdef __NR_pselect6_time64 SCMP_SYS(pselect6_time64), -- cgit v1.2.3 From 9c3d434e27335077bb2d6469e4a88f5519c271bc Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 7 Oct 2021 15:23:28 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 6153bcbab999999cc979c9a06b10215ca9a3a8c5 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 9 Aug 2021 11:48:21 +0200 Subject: sys_linux: allow clone3 and pread64 in seccomp filter These seem to be needed with the latest glibc. Gbp-Pq: Name allow-clone3-and-pread64-in-seccomp-filter.patch --- sys_linux.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys_linux.c b/sys_linux.c index 50c0843..2b53f72 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) /* Process */ SCMP_SYS(clone), +#ifdef __NR_clone3 + SCMP_SYS(clone3), +#endif SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid), @@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) #ifdef __NR_ppoll_time64 SCMP_SYS(ppoll_time64), #endif + SCMP_SYS(pread64), SCMP_SYS(pselect6), #ifdef __NR_pselect6_time64 SCMP_SYS(pselect6_time64), -- cgit v1.2.3 From f868d45269eb9b33b6a879fc6328a4f05c99d410 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Wed, 6 Oct 2021 10:02:34 +0200 Subject: sys_linux: fix seccomp filter for BINDTODEVICE option The BINDTODEVICE socket option is the first option in the seccomp filter setting a string instead of int. Remove the length check from the setsockopt rules to allow a device name longer than 3 characters. This was reported in Debian bug #995207. Fixes: b9f5ce83b02e ("sys_linux: allow BINDTODEVICE option in seccomp filter") Origin: upstream, https://git.tuxfamily.org/chrony/chrony.git/commit/?id=29d7d3176d9d1b208039a9d2ca3f26bc3cc5a387 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995207 Gbp-Pq: Name fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch --- sys_linux.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sys_linux.c b/sys_linux.c index 2b53f72..5959d51 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -754,10 +754,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) /* Allow selected socket options */ for (i = 0; i < sizeof (socket_options) / sizeof (*socket_options); i++) { - if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 3, + if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), 2, SCMP_A1(SCMP_CMP_EQ, socket_options[i][0]), - SCMP_A2(SCMP_CMP_EQ, socket_options[i][1]), - SCMP_A4(SCMP_CMP_LE, sizeof (int))) < 0) + SCMP_A2(SCMP_CMP_EQ, socket_options[i][1]))) goto add_failed; } -- cgit v1.2.3 From 06cf84631e605eab6d5f0653e8df556181f13382 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 12 Jan 2022 18:08:34 +0100 Subject: test: ensure awk commands in 008-ntpera return an integer Some awk interpreters (e.g. mawk) print long integers in exponential notation skewing the test result. Bug: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2022/01/msg00001.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=b61cbed6895fcd3eae4c8458a69995870a22a5e0 Last-Update: 2022-01-13 Gbp-Pq: Name ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch --- test/simulation/008-ntpera | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/008-ntpera b/test/simulation/008-ntpera index 2a4f332..2eea63b 100755 --- a/test/simulation/008-ntpera +++ b/test/simulation/008-ntpera @@ -29,7 +29,7 @@ echo "$ntp_start" | grep -q '-' && test_skip for time_offset in -1e-1 1e-1; do for start_offset in 0 "2^32 - $limit"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail @@ -38,7 +38,7 @@ for time_offset in -1e-1 1e-1; do done for start_offset in -$limit "2^32"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail -- cgit v1.2.3 From e5fb35708f8452922b76228ed5f03cfeb71265de Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Thu, 13 Jan 2022 14:01:35 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 4287866224a3f33fe0e4fac2d317976c2c1d16b7 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 12 Jan 2022 18:08:34 +0100 Subject: test: ensure awk commands in 008-ntpera return an integer Some awk interpreters (e.g. mawk) print long integers in exponential notation skewing the test result. Bug: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2022/01/msg00001.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=b61cbed6895fcd3eae4c8458a69995870a22a5e0 Last-Update: 2022-01-13 Gbp-Pq: Name ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch --- test/simulation/008-ntpera | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/008-ntpera b/test/simulation/008-ntpera index 2a4f332..2eea63b 100755 --- a/test/simulation/008-ntpera +++ b/test/simulation/008-ntpera @@ -29,7 +29,7 @@ echo "$ntp_start" | grep -q '-' && test_skip for time_offset in -1e-1 1e-1; do for start_offset in 0 "2^32 - $limit"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail @@ -38,7 +38,7 @@ for time_offset in -1e-1 1e-1; do done for start_offset in -$limit "2^32"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail -- cgit v1.2.3 From 3ba66353a114a87725e3d2a1b4729aaef7565749 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Tue, 1 Feb 2022 20:42:35 +0100 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From f23c7bed07403f807d9f620509fc8d141f9c1b59 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Sat, 20 Aug 2022 18:41:53 +0200 Subject: d/patches/: Add allow-rseq-in-seccomp-filter.patch Closes: #1017790 --- debian/patches/allow-rseq-in-seccomp-filter.patch | 33 +++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 34 insertions(+) create mode 100644 debian/patches/allow-rseq-in-seccomp-filter.patch diff --git a/debian/patches/allow-rseq-in-seccomp-filter.patch b/debian/patches/allow-rseq-in-seccomp-filter.patch new file mode 100644 index 0000000..4e241ca --- /dev/null +++ b/debian/patches/allow-rseq-in-seccomp-filter.patch @@ -0,0 +1,33 @@ +From 8bb8f15a7d049ed26c69d95087065b381f76ec4d Mon Sep 17 00:00:00 2001 +From: Michael Hudson-Doyle +Date: Wed, 9 Feb 2022 09:06:13 +0100 +Subject: sys_linux: allow rseq in seccomp filter + +Libc 2.35 will use rseq syscalls [1][2] by default and thereby +break chrony in seccomp isolation. + +[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ +[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html + +Tested-by: Christian Ehrhardt +Reviewed-by: Christian Ehrhardt +Signed-off-by: Michael Hudson-Doyle +Signed-off-by: Christian Ehrhardt + +diff --git a/sys_linux.c b/sys_linux.c +index 9cab2ef..cc3c931 100644 +--- a/sys_linux.c ++++ b/sys_linux.c +@@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + SCMP_SYS(getrlimit), + SCMP_SYS(getuid), + SCMP_SYS(getuid32), ++#ifdef __NR_rseq ++ SCMP_SYS(rseq), ++#endif + SCMP_SYS(rt_sigaction), + SCMP_SYS(rt_sigreturn), + SCMP_SYS(rt_sigprocmask), +-- +cgit v0.10.2 + diff --git a/debian/patches/series b/debian/patches/series index 92c6424..ad08b09 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ +allow-rseq-in-seccomp-filter.patch ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch nm-dispatcher-dhcp_Move-server_dir-to-run.patch -- cgit v1.2.3 From 580cd8de75d9a79fd6d8ea642a821133aa3863e6 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Sat, 20 Aug 2022 18:50:11 +0200 Subject: d/changelog: Update for the 4.2-3 release --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2ea7ed3..9764994 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +chrony (4.2-3) unstable; urgency=medium + + * debian/patches/: + - Add allow-rseq-in-seccomp-filter.patch. (Closes: #1017790) + + -- Vincent Blut Sat, 20 Aug 2022 18:43:50 +0200 + chrony (4.2-2) unstable; urgency=medium * debian/usr.sbin.chronyd: -- cgit v1.2.3 From 5ce9493d7a9ec49192acbdb0be6eec0edc9cf20f Mon Sep 17 00:00:00 2001 From: Michael Hudson-Doyle Date: Wed, 9 Feb 2022 09:06:13 +0100 Subject: sys_linux: allow rseq in seccomp filter Libc 2.35 will use rseq syscalls [1][2] by default and thereby break chrony in seccomp isolation. [1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/ [2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html Tested-by: Christian Ehrhardt Reviewed-by: Christian Ehrhardt Signed-off-by: Michael Hudson-Doyle Signed-off-by: Christian Ehrhardt Gbp-Pq: Name allow-rseq-in-seccomp-filter.patch --- sys_linux.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sys_linux.c b/sys_linux.c index 9cab2ef..cc3c931 100644 --- a/sys_linux.c +++ b/sys_linux.c @@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) SCMP_SYS(getrlimit), SCMP_SYS(getuid), SCMP_SYS(getuid32), +#ifdef __NR_rseq + SCMP_SYS(rseq), +#endif SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn), SCMP_SYS(rt_sigprocmask), -- cgit v1.2.3 From 6efaea44d8d60ce7ecd68a00c686d3c1b0dea14d Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 12 Jan 2022 18:08:34 +0100 Subject: test: ensure awk commands in 008-ntpera return an integer Some awk interpreters (e.g. mawk) print long integers in exponential notation skewing the test result. Bug: https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2022/01/msg00001.html Applied-Upstream: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=b61cbed6895fcd3eae4c8458a69995870a22a5e0 Last-Update: 2022-01-13 Gbp-Pq: Name ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch --- test/simulation/008-ntpera | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/simulation/008-ntpera b/test/simulation/008-ntpera index 2a4f332..2eea63b 100755 --- a/test/simulation/008-ntpera +++ b/test/simulation/008-ntpera @@ -29,7 +29,7 @@ echo "$ntp_start" | grep -q '-' && test_skip for time_offset in -1e-1 1e-1; do for start_offset in 0 "2^32 - $limit"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail @@ -38,7 +38,7 @@ for time_offset in -1e-1 1e-1; do done for start_offset in -$limit "2^32"; do - export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}") + export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}") run_test || test_fail check_chronyd_exit || test_fail check_source_selection || test_fail -- cgit v1.2.3 From adc8a9c943a885a1197bc15bcbcfd08beabddcd8 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Sat, 20 Aug 2022 18:43:50 +0200 Subject: Move server_dir path to /run Forwarded: no Last-Update: 2020-09-16 Last-Update: 2020-09-16 Gbp-Pq: Name nm-dispatcher-dhcp_Move-server_dir-to-run.patch --- examples/chrony.nm-dispatcher.dhcp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp index 6ea4c37..1b082af 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp @@ -11,7 +11,7 @@ action=$2 chronyc=/usr/bin/chronyc default_server_options=iburst -server_dir=/var/run/chrony-dhcp +server_dir=/run/chrony-dhcp dhcp_server_file=$server_dir/$interface.sources # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. -- cgit v1.2.3 From 657b106436ff984ea72dda340982c6a4247ed835 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 31 Aug 2022 13:32:14 +0200 Subject: Import chrony_4.3-1.debian.tar.xz [dgit import tarball chrony 4.3-1 chrony_4.3-1.debian.tar.xz] --- .gitlab-ci.yml | 11 + NEWS | 70 + README.Debian | 29 + changelog | 2568 ++++++++++++++++++++ chrony-dnssrv@.service | 17 + chrony-dnssrv@.timer | 9 + chrony-helper | 264 ++ chrony.conf | 47 + chrony.default | 6 + chrony.dhcp | 27 + chrony.examples | 1 + chrony.if-post-down | 11 + chrony.if-up | 11 + chrony.keys | 10 + chrony.lintian-overrides | 7 + chrony.maintscript | 1 + chrony.ppp.ip-down | 13 + chrony.ppp.ip-up | 12 + chrony.service | 65 + clean | 1 + conf.d/README | 7 + control | 54 + copyright | 187 ++ dirs | 6 + docs | 3 + init | 69 + install | 7 + links | 5 + ntp-units.d/50-chrony.list | 1 + ...nm-dispatcher-dhcp_Move-server_dir-to-run.patch | 19 + patches/series | 1 + postinst | 73 + postrm | 56 + prerm | 28 + rules | 45 + source/format | 1 + sources.d/README | 12 + tests/control | 28 + tests/dynamically-add-source | 27 + tests/fragmented-configuration | 17 + tests/helper-functions | 53 + tests/ntp-server-and-nts-auth | 59 + tests/time-sources-from-dhcp-servers | 44 + tests/upstream-simulation-test-suite | 41 + tests/upstream-system-tests | 24 + upstream/metadata | 8 + upstream/signing-key.asc | 52 + usr.sbin.chronyd | 85 + watch | 3 + 49 files changed, 4195 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 NEWS create mode 100644 README.Debian create mode 100644 changelog create mode 100644 chrony-dnssrv@.service create mode 100644 chrony-dnssrv@.timer create mode 100755 chrony-helper create mode 100644 chrony.conf create mode 100644 chrony.default create mode 100644 chrony.dhcp create mode 100644 chrony.examples create mode 100644 chrony.if-post-down create mode 100644 chrony.if-up create mode 100644 chrony.keys create mode 100644 chrony.lintian-overrides create mode 100644 chrony.maintscript create mode 100644 chrony.ppp.ip-down create mode 100644 chrony.ppp.ip-up create mode 100644 chrony.service create mode 100644 clean create mode 100644 conf.d/README create mode 100644 control create mode 100644 copyright create mode 100644 dirs create mode 100644 docs create mode 100644 init create mode 100644 install create mode 100644 links create mode 100644 ntp-units.d/50-chrony.list create mode 100644 patches/nm-dispatcher-dhcp_Move-server_dir-to-run.patch create mode 100644 patches/series create mode 100644 postinst create mode 100644 postrm create mode 100644 prerm create mode 100755 rules create mode 100644 source/format create mode 100644 sources.d/README create mode 100644 tests/control create mode 100644 tests/dynamically-add-source create mode 100644 tests/fragmented-configuration create mode 100644 tests/helper-functions create mode 100644 tests/ntp-server-and-nts-auth create mode 100644 tests/time-sources-from-dhcp-servers create mode 100644 tests/upstream-simulation-test-suite create mode 100755 tests/upstream-system-tests create mode 100644 upstream/metadata create mode 100644 upstream/signing-key.asc create mode 100644 usr.sbin.chronyd create mode 100644 watch diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..5e3f0db --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,11 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +# Skip the reprotest job as long as it is run as root due to problems with +# chrony system tests. +reprotest: + extends: .test-reprotest + only: + variables: + - $SEE_YOU_SOON_REPROTEST diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..fe7e4b9 --- /dev/null +++ b/NEWS @@ -0,0 +1,70 @@ +chrony (4.1~pre1-1) experimental; urgency=medium + + Starting with chrony 4.0, it is possible to specify NTP sources in files + having the .sources suffix. In Debian, these files can be placed in + /etc/chrony/sources.d/ or any other directories specified by the 'sourcedir' + directive. + I would like to draw your attention that with chrony 4.1, each line of a + source file *must* be terminated by a trailing newline. Failing that, the NTP + source(s) will be ignored. + + -- Vincent Blut Sun, 25 Apr 2021 12:44:09 +0200 + +chrony (3.4-2) unstable; urgency=medium + + To reduce the range of operations available to chronyd, and thereby decrease + the kernel attack surface, a system call filter is now active by default + wherever¹ possible. + Please, take into account that this change prevents the use of the + “mailonchange” directive in chrony.conf as the chronyd process will not be + allowed to fork and execute the sendmail binary. Therefore, it is fundamental + to disable the system call filter to continue using this directive! + + To do so, edit the /etc/default/chrony file and substitute the “-F -1” + parameter with “-F 0”. Restart chrony afterward. + + ¹Are currently excluded alpha, ia64, m68k, riscv64, sh4 and sparc64 + architectures due to lack of support in “libseccomp” and/or the Linux kernel. + + -- Vincent Blut Sun, 10 Feb 2019 18:44:22 +0100 + +chrony (2.2.1-1) unstable; urgency=medium + + In chrony versions before 2.2, the 'chrony.keys' file contained a command + key used for run-time configuration via the 'chronyc' command-line tool. + Starting from this version, support for this authentication method has been + dropped in favor of a Unix domain socket accessible only *locally* by root or + the _chrony system user. Consequently, if you refuse to use the 'chrony.keys' + file template provided by the maintainers when upgrading, please don’t forget + to manually remove the obsolete command key (ID 1) in the aforementioned file. + + -- Vincent Blut Sun, 07 Feb 2016 17:02:30 +0100 + +chrony (2.1.1-1) unstable; urgency=medium + + From this version, 'chronyd' will strictly act as an NTP client by default. If + you want it to serve time to other systems, please do so by configuring the + 'allow' directive. + + -- Vincent Blut Mon, 12 Oct 2015 19:12:39 +0200 + +chrony (1.31.1-1) unstable; urgency=medium + + From now on, we use the "hwclockfile" directive in /etc/chrony/chrony.conf. + Basically, it makes the detection of the standard (Local or UTC time) set + in /etc/adjtime — and used by the hardware clock — clearer compared to the + text processing method we used to use in the post install script to complete + the same task. Note that it overrides the "rtconutc" directive. + + Also, we now create the _chrony system user to which chronyd will drop root + privileges. For users already allowing chronyd to drop root privileges in + favor of the user configured by the "user" directive in + /etc/chrony/chrony.conf, your configuration will remain unchanged and will + still work as intended. + However, some users might use a custom init script to accomplish the same + task by invoking chronyd with the '-u' option. We advise you to drop this + option from your init script before upgrading, otherwise you’ll have to + readjust the owner of the /var/l{ib,og}/chrony directories (recursively) to + the user you configured in your init script. + + -- Vincent Blut Sun, 6 Sep 2015 22:14:54 +0200 diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..2188ed9 --- /dev/null +++ b/README.Debian @@ -0,0 +1,29 @@ +Chrony for Debian +----------------- + + Notes about Debian-specific changes: + + - Default chrony’s configuration files are located in the /etc/chrony directory. + It is filled by two important files: + → chrony.conf (configuration of the chronyd daemon, see man 5 chrony.conf + for further information) + + → chrony.keys (lists keys used for NTP packets authentication, see + the “keyfile” directive in the chrony.conf(5) man page) + + - We also provide /etc/ppp/ip-up.d/chrony and /etc/ppp/ip-down.d/chrony + to put chronyd online/offline depending on the PPP link status. + + - Since version 1.31.1-1, we create the _chrony system user to which chronyd + will drop root privileges on initialisation. For users already allowing + chronyd to drop root privileges in favor of the user configured by the "user" + directive in chrony.conf, your configuration will remain unchanged and will + still work as it did. However, if you don’t want to deviate from Debian’s + default configuration, delete or comment out the "user" directive in + chrony.conf and recursively change the owner of the /var/lib/chrony and + /var/log/chrony directories. For example: + + # sed -i 's/^user/#user/' /etc/chrony/chrony.conf + # chown -R _chrony:_chrony /var/l{ib,og}/chrony + + -- Vincent Blut Fri, 01 Mar 2019 19:02:12 +0100 diff --git a/changelog b/changelog new file mode 100644 index 0000000..871f2dd --- /dev/null +++ b/changelog @@ -0,0 +1,2568 @@ +chrony (4.3-1) unstable; urgency=medium + + * Import upstream version 4.3: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/copyright: + - Update copyright years. + + [ Bastian Blank ] + * debian/chrony.service: + - Let systemd handle directories. (MR: !9) + + -- Vincent Blut Wed, 31 Aug 2022 13:32:14 +0200 + +chrony (4.3~pre1-1) experimental; urgency=medium + + * Import upstream version 4.3-pre1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/chrony.lintian-overrides: + - Update lintian override syntax. + + * debian/control: + - Bump Standards-Version to 4.6.1 (no changes needed). + + * debian/patches/*: + - Drop ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch, + applied upstream. + - Refresh nm-dispatcher-dhcp_Move-server_dir-to-run.patch. + + * debian/tests/upstream-simulation-test-suite: + - Update clknetsim version. + + -- Vincent Blut Thu, 11 Aug 2022 14:12:25 +0200 + +chrony (4.2-2) unstable; urgency=medium + + * debian/usr.sbin.chronyd: + - Allow reading the chronyd configuration file that timemaster(8) + generates. Thanks to Michael Lestinsky for the report! (Closes: #1004745) + + -- Vincent Blut Tue, 01 Feb 2022 20:42:35 +0100 + +chrony (4.2-1) unstable; urgency=medium + + * Import upstream version 4.2: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/chrony.service: + - Adopt upstream service unit hardening options. + + * debian/copyright: + - Update copyright years. + + * debian/patches/*: + - Drop patches applied upstream. + - Add ensure_awk_commands_in_008-ntpera_test_return_an_integer.patch + + * debian/test/upstream-simulation-test-suite: + - Update clknetsim version. + + -- Vincent Blut Thu, 13 Jan 2022 14:01:35 +0100 + +chrony (4.1-4) unstable; urgency=medium + + * debian/: + - Remove empty preinst maintainer script. + + * debian/chrony.lintian-overrides: + - Remove unused overrides. + + * debian/control: + - Bump Standards-Version to 4.6.0 (no changes needed). + + * debian/patches/*: + - Add fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch. + (Closes: #995207) + + * debian/usr.sbin.chronyd: + - Add 'vim:syntax=apparmor' modline. + - Add feature ABI rule. Starting with AppArmor 3.0, policy needs to contain + an abi rule to indicate which feature abi the policy was developed under. + + -- Vincent Blut Thu, 07 Oct 2021 15:23:28 +0200 + +chrony (4.1-3) unstable; urgency=medium + + * Upload to unstable. + + * debian/patches/: + - Add allow-clone3-and-pread64-in-seccomp-filter.patch. + + * debian/tests/upstream-simulation-test-suite: + - Update clknetsim version. + + -- Vincent Blut Sun, 15 Aug 2021 15:08:56 +0200 + +chrony (4.1-2) experimental; urgency=medium + + * Merge branch 'debian/unstable' into 'debian/latest'. + + * debian/rules: + - Remove needless dh_auto_test override. + + [ Christian Ehrhardt ] + * debian/tests/helper-functions: + - Improve chronyd restart logic. While rendering the tests more readable, + this also fixes ntp-server-and-nts-auth test on Ubuntu. + + [ Debian Janitor ] + * debian/{control,chrony.maintscript}: + - Remove constraints unnecessary since stretch. + + -- Vincent Blut Sat, 26 Jun 2021 17:16:45 +0200 + +chrony (4.1-1) experimental; urgency=medium + + * Import upstream version 4.1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/copyright: + - Update copyright years. + + * debian/upstream/signing-key.asc: + - Update Miroslav Lichvar's key. + + * debian/watch: + - Add upstream version mangle to transform -pre to ~pre. + + -- Vincent Blut Fri, 14 May 2021 00:25:34 +0200 + +chrony (4.1~pre1-1) experimental; urgency=medium + + * Import upstream version 4.1-pre1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/control: + - Now that the upstream system tests support 'ss', replace the net-tools + build-dependency by iproute2. + + * debian/NEWS: + - Mention that lines in *.sources files must be terminated by a trailing + newline. + + * debian/patches/: + - Drop allow-IP_TOS-socket-option-in-seccomp-filter.patch. Applied + upstream. + + * debian/postinst: + - Do not redirect 'chronyd -p' stderr to /dev/null. Not needed anymore. + + * debian/sources.d/README: + - Mention that lines in *.sources files must be terminated by a trailing + newline. + + * debian/tests/dynamically-add-source: + - Terminate the line in dummy-server.sources with the newline control + character. + + * debian/tests/fragmented-configuration: + - Do not redirect 'chronyd -p' stderr to /dev/null. Not needed anymore. + + * debian/tests/upstream-simulation-test-suite: + - Update clknetsim version. + + -- Vincent Blut Mon, 10 May 2021 18:56:53 +0200 + +chrony (4.0-8) unstable; urgency=medium + + * debian/patches/: + - Add allow-BINDTODEVICE-option-in-seccomp-filter.patch to enable support + for binding sockets to a device without having to disable the seccomp + filter. + - Add allow-getuid32-in-seccomp-filter.patch. Upstream found out that + getuid32() needed to be allowed in the seccomp filter to enable some NTS + operations on i686. This may affect other 32-bits architectures. + + -- Vincent Blut Thu, 13 May 2021 16:51:41 +0200 + +chrony (4.0-7) unstable; urgency=medium + + * debian/patches/: + - Add allow-IP_TOS-socket-option-in-seccomp-filter.patch to enable the use + of the 'dscp' directive. + + -- Vincent Blut Thu, 08 Apr 2021 16:21:16 +0200 + +chrony (4.0-6) unstable; urgency=medium + + * debian/tests/helper-functions: + - Instead of running 'systemctl restart chrony.service', use + __restart_chronyd() in the __no_system_clock_control() function. + - Run 'sleep 3' only if chronyd has successfully restarted. + + [ Christian Ehrhardt ] + * debian/tests/{dynamically-add-source,ntp-server-and-nts-auth}: + - Reduce default Ubuntu config to make space for testcase config. + + * debian/tests/helper-functions: + - Add more common functions and update some tests to use them. + - Wait after restarting chronyd. Without this, some tests break on Ubuntu by + checking state too early. + + -- Vincent Blut Sun, 21 Feb 2021 21:59:22 +0100 + +chrony (4.0-5) unstable; urgency=medium + + * Follow DEP-14 branch naming conventions: + master -> debian/latest + upstream -> upstream/latest + + * debian/chrony.service: + - Enable some hardening settings. + + * debian/control: + - Remove Joachim Wiedorn from the Uploaders field. This decision was taken + in agreement with him. Thanks a lot, Joachim, for your work on chrony and + for your benevolence when you handed me its maintenance. + - Point Vcs-Git to the debian/latest branch. + + * debian/dirs: + - Do not create the /etc/apparmor.d/force-complain directory. Not needed + anymore. + + * debian/postrm: + - Remove /run/chrony-dhcp on purge. + + * debian/preinst: + - Drop old migration code snippet. It was used to put the newly provided + AppArmor profile in complain mode when upgrading chrony to prevent + regressions this profile could have caused. (Closes: #905485) + + -- Vincent Blut Thu, 04 Feb 2021 19:49:22 +0100 + +chrony (4.0-4) unstable; urgency=medium + + * debian/chrony.examples: + - Provide example configuration files. + + * debian/postinst: + - Run adduser unconditionally. + - Use 'chronyd -p' to check the whole configuration. + + * debian/tests/: + - Prevent dynamically-add-source and ntp-server-and-nts-auth tests from + failing on chronyd's preparation step. + - Don't pass 'set -u' to dynamically-add-source and + ntp-server-and-nts-auth scripts. + + * debian/tests/control: + - Mark dynamically-add-source as skippable. + + -- Vincent Blut Thu, 21 Jan 2021 20:02:39 +0100 + +chrony (4.0-3) unstable; urgency=medium + + * debian/: + - chronyd's configuration can now be fragmented. Please see + /etc/chrony/conf.d/README for more information. + - NTP sources can be specified in /etc/chrony/sources.d. Please see + /etc/chrony/sources.d/README for more information. + + * debian/chrony.conf: + - Include configuration files found in /etc/chrony/conf.d. + - Use NTP sources found in /etc/chrony/sources.d. + - Get TAI-UTC offset and leap seconds from the system tz database by using + the "leapsectz right/UTC" directive. This directive must be commented out + when using time sources serving leap-smeared time. (Closes: #974845) + - Add missing comment. + + * debian/chrony.default: + - Switch the seccomp filter to level 1. + + * debian/chrony.lintian-overrides: + - Override breakout-link. + + * debian/control: + - Add tzdata to the dependencies. + - Bump Standards-Version to 4.5.1 (no changes required). + + * debian/copyright: + - Update copyright year for debian/*. + + * debian/postinst: + - Use dpkg-statoverride to manage mode bits and ownership of + /var/l{ib,og}/chrony. + + * debian/postrm: + - Remove overrides for /var/l{ib,og}/chrony on purge. + + * debian/rules: + - Drop '--without-readline' option. GNU readline support has been dropped + upstream due to license incompatibility. + - Replace -F -1 by -F 1 in the sed invocation. + + * debian/tests/: + - Add fragmented-configuration autopkgtest. + - Add dynamically-add-source autopkgtest. + - Add ntp-server-and-nts-auth autopkgtest. + + * debian/tests/control: + - Mark ntp-server-and-nts-auth as skippable. + + * debian/tests/fragmented-configuration: + - Use another directive for the test since "leapsectz right/UTC" is now + used by default. + + * debian/tests/helper-functions: + - Add __no_system_clock_control() function. + + * debian/tests/upstream-simulation-test-suite: + - Always use the same seed to get deterministic results. + + * debian/upstream/metadata: + - Remove obsolete field Name. Thanks to Debian Janitor . + + * debian/usr.sbin.chronyd: + - Make use of the @{run} variable. + + -- Vincent Blut Mon, 18 Jan 2021 21:58:52 +0100 + +chrony (4.0-2) unstable; urgency=medium + + * Merge branch 'experimental' into 'master'. + + * Upload to unstable. + + -- Vincent Blut Tue, 13 Oct 2020 15:59:33 +0200 + +chrony (4.0-1) experimental; urgency=medium + + * Import upstream version 4.0: + - This release adds support for the Network Time Security (NTS) + authentication mechanism (RFC 8915). + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + -- Vincent Blut Wed, 07 Oct 2020 19:14:51 +0200 + +chrony (4.0~pre4-2) experimental; urgency=medium + + * debian/postinst: + - Fix user and group ownership of "/var/lib/chrony" to allow chronyd + to write in it. This will also fix a regression in the 104-systemdirs + test. + + -- Vincent Blut Sat, 03 Oct 2020 11:20:02 +0200 + +chrony (4.0~pre4-1) experimental; urgency=medium + + * Import upstream version 4.0-pre4: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * Merge branch 'master' into experimental. (Closes: #970421) + + * debian/chrony.conf: + - Use NTP sources from /run/chrony-dhcp. + - Save NTS keys and cookies in /var/lib/chrony/. + + * debian/chrony-dnssrv@.service: + - Update "chrony-helper" path. + + * debian/chrony.dhcp: + - Save NTP servers from DHCP to /run/chrony-dhcp/$interface.sources. + + * debian/chrony.lintian-overrides: + - Override executable-in-usr-lib for NetworkManager dispatcher scripts. + - Update NetworkManager dispatcher script name. + + * debian/chrony.ppp.ip-{down,up}: + - Update PID file path. + + * debian/chrony.service: + - Update PID file path. + - Do not run 'chrony-helper update-daemon' after starting chronyd. Not + needed anymore. + + * debian/control: + - Build-depend on libgnutls28-dev to support NTS. + - Build-depend on gnutls-bin for the test suite. + - Bump debhelper-compat to 13. + + * debian/copyright: + - Update copyright years. + + * debian/dirs: + - Remove var/log/chrony as it will be created automatically if it doesn’t + exist. + + * debian/if-{post-down,up}: + - Update PID file path. + + * debian/init: + - Update PID file path. + - Drop the unnecessary '--remove pidfile' option from the stop target. + - Do not run 'chrony-helper update-daemon' after starting chronyd. Not + needed anymore. + + * debian/install: + - Move "chrony-helper" to "/usr/libexec/chrony". + + * debian/links: + - Update source and destination filenames. + + * debian/patches/: + - Drop patches applied upstream. + - Add nm-dispatcher-dhcp_Move-server_dir-to-run.patch. + + * debian/postinst: + - Drop migration code from pre-Stretch. + - Migrate NTP sources obtained from DHCP to /run/chrony-dhcp on upgrade + from chrony < 4.0~pre4-1. + - Remove staled PID file when upgrading from chrony < 4.0~pre4-1. + + * debian/rules: + - Change the default PID file location from /run to /run/chrony. + - Drop dh_missing --fail-missing. This is the default in debhelper 13. + - Enable seccomp support by default on riscv64. + - Update NetworkManager dispatcher script name from 20-chrony to + 20-chrony-onoffline. + - Add DHCP NetworkManager dispatcher script to allow chronyd to use + NTP sources obtained from NM's internal DHCP client. + + * debian/tests/: + - Add some helper functions. Some tests will be updated thereafter + to use them. + + * debian/tests/time-sources-from-dhcp-servers: + - Adapt to the new way of using time sources from DHCP. + - Improve sed invocation. + + * debian/tests/upstream-simulation-test-suite: + - Update clknetsim version. + - Cosmetic changes. + + * debian/tests/upstream-system-tests: + - No need to stop systemd-timesyncd anymore since it is no more + co-installable with chrony anymore. + + * debian/usr.sbin.chronyd: + - Update PID file path. + - Add dac_override and dac_read_search capabilities to give "root" the + ability to write the PID file in /run/chrony/. + - Prefix flag definition by "flags=". + - Sort the capabilities. + - Grant CAP_NET_RAW capability to allow an NTP socket to be bound to a + device using the SO_BINDTODEVICE socket option on kernels before 5.7. + - Add comments regarding capabilities. + - Let chronyd create /var/l{ib,og}/chrony. + - Remove a superfluous rule. + - Allow reading of NTP sources in /run/chrony-dhcp/. + + * debian/watch: + - Make use of special strings. + + -- Vincent Blut Fri, 02 Oct 2020 21:21:08 +0200 + +chrony (3.5.1-1) unstable; urgency=medium + + * Import upstream version 3.5.1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + - CVE-2020-14367: create new file when writing pidfile. + + * debian/chrony.lintian-overrides: + - Remove unused override. + + [ Ville Skyttä ] + * debian/chrony.conf: + - Comment spelling fix. (MR: !5) + + -- Vincent Blut Thu, 20 Aug 2020 14:07:22 +0200 + +chrony (3.5-9) unstable; urgency=medium + + * debian/patches/: + - Add allow-some-*time64-syscalls-in-seccomp-filter.patch. Needed for + 32-bit architectures with new system calls using 64-bit time_t. + (LP: #1878005) + + * debian/tests/control: + - Add needs-internet restriction to the upstream-simulation-test-suite + test. + + [ Christian Ehrhardt ] + * debian/tests/upstream-simulation-test-suite: + - Skip if preparation steps fail. + - Make preparation steps more verbose. + + -- Vincent Blut Tue, 19 May 2020 16:42:18 +0200 + +chrony (3.5-8) unstable; urgency=medium + + * debian/postrm: + - Stop starting systemd-timesyncd in postrm. This is no longer relevant + since systemd-timesyncd is a standalone package declaring + Conflicts/Replaces/Provides: time-daemon. (Closes: #955773) + + [ Christian Ehrhardt ] + * debian/tests/upstream-system-tests: + - Stop chrony/systemd-timesynd before running these tests. (LP: #1870144) + + -- Vincent Blut Sun, 05 Apr 2020 17:44:31 +0200 + +chrony (3.5-7) unstable; urgency=medium + + * debian/chrony.maintscript: + - Remove the /etc/NetworkManager/dispatcher.d/20-chrony conffile. + + * debian/control: + - Support seccomp facility on riscv64. It should be noted that the system + call filter will stay disabled by default on this architecture until + Linux >= 5.5 hits unstable. + - Bump libseccomp-dev build-dep to 2.4.3-1~ to provide seccomp facility on + riscv64. + - Break network-manager (<< 1.20.0-1~). Prior to this version, + NetworkManager would not look for dispatcher scripts into + /usr/lib/NetworkManager/dispatcher.d/. + + * debian/dirs: + - Create the usr/lib/NetworkManager/dispatcher.d subdirectories. + + * debian/links: + - Change the location of the NetworkManager dispatcher script. + + * debian/patches/: + - Add allow-renameat2-in-seccomp-filter.patch. Required as the riscv64 + architecture does not support the rename() and renameat() system calls. + + * debian/rules: + - Move the NetworkManager dispatcher script in + /usr/lib/NetworkManager/dispatcher.d/. + + -- Vincent Blut Tue, 17 Mar 2020 15:21:53 +0100 + +chrony (3.5-6) unstable; urgency=medium + + * debian/chrony.service: + - Don’t conflict with systemd-timesyncd.service. + A few users complain that chronyd does not start at boot. The way the + Conflict= directive works internally might cause both systemd-timesyncd + and chronyd to be inactive at boot. So by relying solely on the + disable-with-time-daemon.conf drop-in file provided by systemd, we should + get rid of this malfunction while still preventing these two time daemons + from being active at the same time. Kudos notably go to Santiago Vila for + the report and providing SSH access to a GCE instance where the issue was + reproducible and Michael Biebl for debugging. (Closes: #947936) + + * debian/control: + - Bump Standards-Version to 4.5.0 (no changes required). + - No need to explicitly conflict with ntp as it now provides time-daemon. + + * debian/copyright: + - Update copyright year for debian/*. + + * debian/patches/: + - Add allow-clock_adjtime-in-seccomp-filter.patch. + glibc 2.31 switched the adjtimex() function to the clock_adjtime + system call. + + * debian/tests/upstream-simulation-test-suite: + - Update clknetsim version. This new version supports glibc >= 2.31 headers. + (LP: #1866753) + + * debian/tests/control: + - Run the upstream-simulation-test-suite as root. + + -- Vincent Blut Tue, 10 Mar 2020 19:17:16 +0100 + +chrony (3.5-5) unstable; urgency=medium + + * debian/control: + - Bump standard-version to 4.4.1 (no change required). + + * debian/install: + - Install 50-chrony.list in /usr/lib/systemd/ntp-units.d. + + * debian/ntp-units.d/50-chrony.list: + - Allow timedated to interact with chronyd. + + * debian/patches/*: + - Cherry-pick upstream commits to better manage RTCs that don't support + interrupts. This fixes an issue exhibited when a specific upstream system + test is run on the Ubuntu CI. Thank to Christian Ehrhardt for working + with Miroslav Lichvar to address this problem. + + * debian/tests/control: + - Use @builddeps@ as a test dependency for upstream_system_tests. + + [ Christian Ehrhardt ] + * debian/tests/upstream-simulation-test-suite: + - Redirect stderr on make call to stdout. On some architectures (e.g. armhf) + the clksim tests compile but throw some warnings. (MR: !2) + + -- Vincent Blut Sun, 22 Dec 2019 17:30:40 +0100 + +chrony (3.5-4) unstable; urgency=medium + + * debian/tests/control: + - Add @builddeps@ to the list of dependencies needed by the + upstream-simulation-test-suite test. + + -- Vincent Blut Fri, 30 Aug 2019 00:49:20 +0200 + +chrony (3.5-3) unstable; urgency=medium + + * debian/chrony.lintian-overrides: + - Override package-supports-alternative-init-but-no-init.d-script. This + is a false positive. chrony-dnssrv@.service isn’t a daemon but a oneshot + service, not started at boot, whose role is to lookup for _ntp._udp DNS SRV + records. + + * debian/chrony.service: + - Pull in time-sync.target and order chrony before it as recommended in + systemd.special(7). + + * debian/control: + - Bump standard-version to 4.4.0 (no changes required). + + * debian/.gitlab-ci.yml: + - Switch to standard Salsa Pipeline. + - Skip the reprotest job for as long as it is run as root due to problems + with chrony system tests. + + * debian/tests/*: + - Revamp the upstream-simulation-test-suite test. + - Adjust dpkg dependencies for upstream-simulation-test-suite. + - Adjust restrictions for upstream-simulation-test-suite. + - Introduce upstream-system-tests. Add a new set of tests for testing + basic chronyd functionality. Destructive tests are run in a virtual + machine. + - Add ethtool to the list of dependencies needed by + run_destructive_system_tests. + - exit 77 if upstream-simulation-test-suite is run on non-Linux and mark + the test as skippable. Thanks to Paul Gevers for the + suggestion. + - Make artifacts() exit 1. Again, thanks to Paul Gevers. + + -- Vincent Blut Tue, 13 Aug 2019 17:57:47 +0200 + +chrony (3.5-2) unstable; urgency=medium + + * Merge branch “experimental” into “master”. + + * debian/chrony.dhcp: + - Fix shellcheck warnings. Patch imported from Fedora. + + * debian/chrony-helper: + - Fix shellcheck warnings. Patch imported from Fedora. + + * debian/clean: + - Drop obsolete entries. + + * debian/copyright: + - Update copyright years. + - Update copyright holder for the configure script. + + * debian/patches/*: + - Add update_processing_of_packet_log.patch. This fixes a regression in + the simulation tests exhibited by the recent clknetsim changes. + (Closes: #931181) + + * debian/rules: + - Use dh_missing --fail-missing. + + * debian/tests/upstream-simulation-test-suite: + - Use a known good clknetsim commit. This should prevent regressions from + on-going “clknetsim” development. + + * debian/usr.sbin.chronyd: + - Grant access rights only to the ntp_signd socket. (Closes: #928170) + + [ Christian Ehrhardt ] + * debian/postrm: + - Re-establish systemd-timesyncd on removal. (MR: !1) + + -- Vincent Blut Sat, 06 Jul 2019 20:33:41 +0200 + +chrony (3.5-1) experimental; urgency=medium + + * Import upstream version 3.5: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/control: + - Ignore net-tools and procps build-dependencies if the profile nocheck is + active. + + * debian/rules: + - No test suite should be run if nocheck is passed to DEB_BUILD_OPTIONS. + + -- Vincent Blut Wed, 15 May 2019 18:44:12 +0200 + +chrony (3.5~pre1-1) experimental; urgency=medium + + * Import upstream version 3.5-pre1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/.gitlab-ci.yml: + - Use .build-package template job instead of .build-unstable. The latter + is deprecated. + + * debian/chrony.keys: + - Fix the comment about the location of the list of supported hash + functions and output encoding. These information are now available by + consulting the “keyfile” directive in the chrony.conf(5) man page. + + * debian/control: + - Drop dependency on lsb-base. Is is required when booting with sysvinit + and initscripts, however initscripts already Depends on lsb-base. + - Build-depend on net-tools and procps. kill, netstat and ps are needed + for the new system tests executed at build time (iff building as root). + + * debian/copyright: + - Add an entry for test/system/* files. + + * debian/patches/*: + - Drop all patches, they have been applied upstream. + + * debian/postinst: + - Drop migration code from pre-stretch. + + * debian/README.Debian: + - Fix information related to the chrony.keys file. + + -- Vincent Blut Sun, 12 May 2019 22:16:14 +0200 + +chrony (3.4-4) unstable; urgency=medium + + * debian/patches/*: + - Add allow-further-syscalls-in-seccomp-filter.patch. Supplementing the + seccomp filter whitelist with those syscalls is a prerequisite, notably for + the arm64 architecture. + + [ Leigh Brown ] + * debian/patches/*: + - Add allow-recv-send-in-seccomp-filter.patch. Necessary on armel and + ppc64el. Other architectures might also be affected. (Closes: #924494) + + -- Vincent Blut Mon, 18 Mar 2019 19:35:34 +0100 + +chrony (3.4-3) unstable; urgency=medium + + * debian/.gitlab-ci.yml: + - Check for missing hardening flags. + + * debian/patches/*: + - Add allow-_llseek-in-seccomp-filter.patch. Needed on various 32-bit + plateforms to log the {raw}measurements and statistics information when + the seccomp filter is enabled. Thanks a lot to Francesco Poli (wintermute) + for the report. (Closes: #923137) + - Add allow-waitpid-in-seccomp-filter.patch. Needed to correctly stop + chronyd on some plateforms when the seccomp filter is enabled. + + -- Vincent Blut Mon, 04 Mar 2019 23:32:12 +0100 + +chrony (3.4-2) unstable; urgency=medium + + * debian/.gitlab-ci.yml: + - Replace home-made GitLab CI with the standard Salsa pipeline. + - Allow autopkgtest job to fail. The time-sources-from-dhcp-servers test + currently fails due to a testbed issue on salsa CI. + + * debian/chrony.default: + - Enable the system call filter by default. + + * debian/control: + - Bump standard-version to 4.3.0 (no changes required). + - Use the new debhelper-compat (= 12) notation and drop d/compat. + - Add Pre-Depends: ${misc:Pre-Depends}. Debhelper compatibility level 12 + makes use of the “--skip-systemd-native” flag from “invoke-rc.d”. Adding + Pre-Depends: ${misc:Pre-Depends} to d/control ensure that we have a recent + enough version of “init-system-helpers”. + - Suggest networkd-dispatcher. + + * debian/copyright: + - Add myself as a copyright holder for 2019. + + * debian/links: + - Now that “networkd-dispatcher” is in the Debian archive, link + NetworkManager dispatcher script to networkd-dispatcher routable and off + states. Patch cherry-picked from Ubuntu; thanks to Christian Ehrhardt + for working on this. + + * debian/NEWS: + - Report that a system call filter is now enabled by default and the way + to disable it if needed. + + * debian/rules: + - Don’t enable the system call filter on some architectures due to missing + support in the “libseccomp” and/or the Linux kernel. + + * debian/upstream/: + - Strip upstream key from extra signatures. Thanks lintian! + - Remove the Miroslav-Lichvar.txt file as it serves no purpose. + + * debian/usr.sbin.chronyd: + - Don’t include “tunables/sys”. The etc/apparmor.d/tunables/sys file has + been deprecated in AppArmor 2.13.1! The @{sys} variable is now defined in + “tunables/kernelvars” which is included in “tunables/global”. + + -- Vincent Blut Wed, 13 Feb 2019 17:08:17 +0100 + +chrony (3.4-1) unstable; urgency=medium + + * Import upstream version 3.4: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * Merge branch “experimental” into “master”. + + * debian/chrony.service: + - Conflict with ntpsec.service. + + * debian/copyright: + - Update copyright years. + + * debian/patches/*: + - Remove fix-samplefilt-unit-test-to-work-with-low-precision-clock.patch, + fixed upstream. + + -- Vincent Blut Fri, 21 Sep 2018 14:12:03 +0200 + +chrony (3.4~pre1-2) experimental; urgency=medium + + * debian/patches/*: + - Cherry-pick upstream patch to fix samplefilt unit test to work with + low-precision clocks. This should prevent chrony from failing to build + from source on HPPA and Alpha. + + -- Vincent Blut Mon, 10 Sep 2018 18:39:58 +0200 + +chrony (3.4~pre1-1) experimental; urgency=medium + + * Import upstream version 3.4-pre1: + - Please see /usr/share/doc/chrony/NEWS.gz for the release notes. + + * debian/: + - Add “.gitlab-ci.yml” file to use GitLab Continuous Integration. + + * debian/chrony.if-{post-down,up}: + - Use the new “onoffline” command to tell chronyd to switch all sources to + the online or offline status according to the current network configuration. + + * debian/chrony.ppp.ip-{down,up}: + - As for ifupdown scripts, use the “onoffline” command. + + * debian/control: + - Bump standard-version to 4.2.1 (no changes required). + + * debian/patches/*: + - Remove fall-back-to-urandom.patch. Applied in this prerelease. + + * debian/post{inst,rm}: + - Use “command -v” instead of “which” to enhance portability. + + -- Vincent Blut Sun, 02 Sep 2018 19:14:08 +0200 + +chrony (3.3-3) unstable; urgency=medium + + * debian/: + - Normalize packaging with “wrap-and-sort -ab”. + + * debian/control: + - Bump standard-version to 4.2.0: + ↳ Install upstream release notes as “/usr/share/doc/chrony/NEWS.gz”. + Installing these as “/usr/share/doc/package/changelog.gz” is now + deprecated. + + * debian/patches/: + - Cherry-pick upstream patch to avoid hangs when starting + chronyd on newer kernels by falling back to urandom. + Thanks to Gustavo Scalet for the report and + the initial patch. (LP: #1787366, Closes: #906276) + + * debian/upstream/metadata: + - Add DEP12 upstream metadata file. + + -- Vincent Blut Sat, 18 Aug 2018 16:23:19 +0200 + +chrony (3.3-2) unstable; urgency=medium + + * debian/chrony.service: + - Conflict with ntp.service. + + * debian/control: + - Bump standard-version to 4.1.4 (no changes required). + - Switch to the Nettle cryptographic library for hash functions. + + [ Helmut Grohne ] + * debian/rules: + - Pass CC to make and set “--host-system” to fix FTCBFS. (Closes: #895852) + + [ Christian Ehrhardt ] + * debian/usr.sbin.chronyd: + - Support all paths suggested in the man page. + (LP: #1771028, Closes: #898614) + + -- Vincent Blut Mon, 14 May 2018 21:37:30 +0200 + +chrony (3.3-1) unstable; urgency=medium + + * Import upstream version 3.3: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * Merge branch “experimental” into “master”. + + * debian/copyright: + - Update copyright year. + + * debian/usr.sbin.chronyd: + - Allow CAP_NET_ADMIN to support HW timestamping. (LP: #1761327) + + -- Vincent Blut Thu, 05 Apr 2018 02:08:31 +0200 + +chrony (3.3~pre1-1) experimental; urgency=medium + + * Import upstream version 3.3-pre1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/copyright: + - Add “hash_nettle.c” copyright information and update copyright year of + test/unit/* + + -- Vincent Blut Thu, 15 Mar 2018 13:58:21 +0100 + +chrony (3.2-5) unstable; urgency=medium + + [ Christian Ehrhardt ] + * debian/usr.sbin.chronyd: + - Allow write access to RTC, PPS and PTP devices. + (Closes: #891201, LP: #1751241) + + -- Vincent Blut Wed, 28 Feb 2018 17:31:08 +0100 + +chrony (3.2-4) unstable; urgency=medium + + * debian/changelog: + - Remove trailing spaces. + + * debian/chrony-dnssrv@.service: + - Use NTP servers obtained from DNS SRV records. + + * debian/chrony-dnssrv@.timer: + - Periodic lookup of DNS SRV records. + + * debian/chrony-helper: + - New helper script to make use of NTP servers obtained from DHCP and + _ntp._udp DNS SRV records. + + * debian/chrony.dhcp: + - Add a dhclient-exit-hook script to add/remove NTP servers depending + on the operations invoked by the DHCP client. (Closes: #889656) + + * debian/chrony.service: + - Run “/usr/lib/chrony/chrony-helper update-daemon” after starting chronyd. + + * debian/control: + - Suggest dnsutils. The dig utility is used to update files with NTP + servers from DNS SRV records. + + * debian/init: + - Run “/usr/lib/chrony/chrony-helper update-daemon” after starting chronyd. + + * debian/install: + - Install the chrony-helper script in /usr/lib/chrony. + - Install chrony-dnssrv@.* files in /lib/systemd/system. + + * debian/postinst: + - Don’t use recursive chown as this is vulnerable to hardlink attacks on + mainline, non-Debian kernels that do not have fs.protected_hardlinks=1. + Thanks Lintian! + + * debian/postrm: + - Remove “/run/chrony” on purge. + + * debian/rules: + - Install the dhclient-exit-hook script in /etc/dhcp/dhclient-enter-hooks. + + * debian/tests/: + - Use autopkgtest to ensure that chronyd can use NTP servers obtained from + DHCP servers. + + -- Vincent Blut Tue, 20 Feb 2018 18:27:10 +0100 + +chrony (3.2-3) unstable; urgency=medium + + [ Christian Ehrhardt ] + * debian/chrony.default: + - Mention systemd service file in the comment. + + * debian/chrony.service: + - Support the DAEMON_OPTS variable from “/etc/default/chrony” in systemd + environment. (LP: #1746081, Closes: #889012) + + * debian/usr.sbin.chronyd: + - Allow the creation of /run/chrony on demand. + (LP: #1746444, Closes: #889011) + + -- Vincent Blut Wed, 07 Feb 2018 21:27:09 +0100 + +chrony (3.2-2) unstable; urgency=medium + + * Initial AppArmor profile for chronyd. Thanks to Jamie + Strandboge . (Closes: #888038) + + * debian/compat: + - Bump to debhelper compat 11. + + * debian/control: + - Bump standard-version to 4.1.3 (no changes required). + - Build depend on debhelper ≥ 11. + - Set “Rules-Requires-Root: no”. + - Move Vcs-* to salsa.debian.org. + + * debian/copyright: + - Add myself as a copyright holder for 2018. + + * debian/postinst: + - Don’t force removal of cron file since it doesn’t exist anymore. + + * debian/preinst: + - Update the chrony version on which to act. + - Add the debhelper token. + + * debian/usr.sbin.chronyd: + - Improve AppArmor profile to support more chronyd features and ease + portability with other distros. + + -- Vincent Blut Sun, 28 Jan 2018 19:33:46 +0100 + +chrony (3.2-1) unstable; urgency=medium + + * Import upstream version 3.2: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + -- Vincent Blut Fri, 15 Sep 2017 11:37:10 +0200 + +chrony (3.2~pre2-1) experimental; urgency=medium + + * Import upstream version 3.2-pre2: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/control: + - Bump standard-version to 4.1.0 (no changes required). + + * debian/copyright: + - Update copyright years. + + -- Vincent Blut Wed, 30 Aug 2017 15:48:37 +0200 + +chrony (3.2~pre1-1) experimental; urgency=medium + + * Import upstream version 3.2-pre1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/patches/*: + - Remove allow_getpid_in_seccomp_filter.patch and update the series file + accordingly. + + * debian/tests/upstream-simulation-test-suite: + - Run tests in multiple iterations. + + -- Vincent Blut Tue, 25 Jul 2017 21:13:22 +0200 + +chrony (3.1-5) unstable; urgency=medium + + * debian/chrony.if-up: + - Do not pass the “burst” command to chronyc as the script could return an + error in certain situations. As a consequence, that would prevent ifupdown + from writing the current state of the interfaces in /run/network/ifstate. + Thanks to John Eikenberry for reporting that issue. + (Closes: #868491) + + * debian/chrony.ppp.ip-up: + - Take the same action as for the “chrony.if-up” script as a precautionary + measure. + + -- Vincent Blut Mon, 17 Jul 2017 16:47:56 +0200 + +chrony (3.1-4) unstable; urgency=medium + + * Now that Stretch has been released (\o/), let’s upload chrony 3.1 to + unstable. + + * debian/: + - Remove the menu file used to launch “chronyc”. It is a CLI only tool, + thus it probably does not make a lot of sense to keep it in the Debian + menu. + + * debian/control: + - Drop dependency on pre-jessie util-linux version. + - Bump standard-version to 4.0.0 (no changes required). + + * debian/tests/upstream-simulation-test-suite: + - Fix the leading comment which mentioned “vm” despite the fact that the + test runs in a container. + + -- Vincent Blut Mon, 19 Jun 2017 02:30:10 +0200 + +chrony (3.1-3) experimental; urgency=medium + + * debian/chrony.if-{post-down,up}: + - Remove unnecessary “else” statements. + + * debian/chrony.ppp.ip-down: + - Don’t check and delete “/var/run/chrony-ppp-up”, that file doesn’t exist + anymore. + - Check for pid file existence instead of calling “pidof”. + + * debian/chrony.ppp.ip-up: + - Don’t create “/var/run/chrony-ppp-up” file after the ppp link came up. + - Check for pid file existence instead of calling “pidof”. + - Don’t call “chronyc” using its absolute path. + - Check for the presence of a default route before advising “chronyd” that + the network connectivity to the sources is ready. + + * debian/init: + - Check if “$PIDFILE” exists before taking action. + - Do not print informational messages. + - Remove the “chronyd” pid file when stopping as it doesn’t do it on + its own. + - Rework the “restart|force-reload” pattern. + - Make use of some init-functions. + - Print a message if “chronyd” is already running while attempting to start + it. + - Do not delete “/var/run/chrony-ppp-up”, that file doesn’t exist anymore. + + * d/rules: + - Move the default pid file from “/var/run” to “/run”. + + * d/tests/*: + - Use autopkgtest facility to run the upstream simulation test suite. + + -- Vincent Blut Sun, 14 May 2017 17:26:15 +0200 + +chrony (3.1-2) experimental; urgency=medium + + * Merge branch 'master' into experimental. (Closes: #861258) + + * debian/patches/*: + - Remove the “fix_time_smoothing_in_interleaved_mode.patch” patch. Not + needed anymore. + + -- Vincent Blut Wed, 26 Apr 2017 21:17:43 +0200 + +chrony (3.1-1) experimental; urgency=medium + + * Import upstream version 3.1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/chrony.conf: + - Remove the “hwclockfile” directive. Unneeded now that the configure + script allows us to set the default path to the adjtime file via the + “--with-hwclockfile” option. + + * debian/copyright: + - Update copyright years. + + * debian/rules: + - Specify default path to hwclock adjtime file. + + -- Vincent Blut Thu, 02 Feb 2017 19:24:30 +0100 + +chrony (3.0-4) unstable; urgency=medium + + * debian/patches/*: + - Backport commit 768bce799bfe to make chrony operable with the syscall + filtering feature enabled in level 1. (Closes: #861258) + + -- Vincent Blut Wed, 26 Apr 2017 17:39:44 +0200 + +chrony (3.0-3) unstable; urgency=medium + + * debian/patches/*: + - Backport an upstream patch to fix time smoothing in interleaved mode. + (Closes: #854424) + + -- Vincent Blut Tue, 07 Feb 2017 00:37:24 +0100 + +chrony (3.0-2) unstable; urgency=medium + + * debian/chrony.conf: + - Disable logging by default, it waste some disk space and users are + probably better served by “chronyc sources” and “chronyc sourcestats” + commands anyway. + + * debian/chrony.service: + - Remove the “Restart=on-failure” option. There are possible security + implications for NTP clients. + + * debian/dirs: + - Add etc/logrotate.d to avoid build failure. + + * Remove our logrotate configuration file in favour of the upstream’s one. + + -- Vincent Blut Wed, 18 Jan 2017 15:26:31 +0100 + +chrony (3.0-1) unstable; urgency=medium + + * Import upstream version 3.0: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * Merge branch “experimental”: + - Enable support for MS-SNTP authentication in Samba. + - Rename --chronysockdir to --chronyrundir. + - Enable seccomp facility on powerpcspe. + + * debian/chrony.conf: + - Make use of the “makestep” directive to step the system clock instead of + slewing it when necessary. + - Drop the “offline” option as per upstream’s advice to render chrony’s + start-up sequence safer. + + * debian/chrony.service: + - Reflect init-helper script deletion. + + * debian/copyright: + - Add myself as a copyright holder for 2017. + - Adjust copyright holders and update some copyright years. Kudos to Paul + Gevers for spotting the necessary updates. + + * debian/init: + - Reflect init-helper script deletion. + + * debian/install: + - Don’t install the init-helper script, it has been deleted. + + * debian/README.Debian: + - Remove obsolete information. + + * Remove the init-helper script as it no longer needed. + + -- Vincent Blut Tue, 17 Jan 2017 22:05:31 +0100 + +chrony (3.0~pre3-1) experimental; urgency=low + + * Import upstream version 3.0-pre3: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + -- Vincent Blut Fri, 06 Jan 2017 14:20:13 +0100 + +chrony (3.0~pre2-2) experimental; urgency=low + + * Merge branch “master”. + + * Enable seccomp facility on powerpcspe. + + -- Vincent Blut Tue, 03 Jan 2017 18:17:13 +0100 + +chrony (3.0~pre2-1) experimental; urgency=low + + * Import upstream version 3.0-pre2: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + -- Vincent Blut Thu, 15 Dec 2016 15:23:44 +0100 + +chrony (3.0~pre1-1) experimental; urgency=low + + * Import upstream version 3.0-pre1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/copyright: + - Mention new files. + + * debian/rules: + - Enable support for MS-SNTP authentication in Samba. + - Rename --chronysockdir to --chronyrundir. + + -- Vincent Blut Sat, 10 Dec 2016 16:30:19 +0100 + +chrony (2.4.1-3) unstable; urgency=medium + + * debian/apm: + - Removing that script as APM as been replaced by ACPI long time ago, thus + it’s highly probable that it isn’t useful anymore. + + * debian/chrony.maintscript: + - Remove the apm script’s conffile. + + * debian/chrony.service: + - Supply a systemd service file. + - Update unit section’s description. Add chronyc and chrony.conf man pages + information and remove reference to “/usr/share/doc/chrony.txt.gz” which + is not generated anymore. + - Update unit section’s documentation. + + * debian/dirs: + - Don’t create etc/apm/event.d as the apm script isn’t provided anymore. + + * debian/init: + - Convert to use the init-helper script. + + * debian/init-helper: + - Add a helper script that will be used to maintain feature parity between + the SysV script and the systemd service file. + + * debian/install: + - Install the init-helper script in “/usr/lib/chrony”. + + * debian/rules: + - Don’t install the now removed apm script. + + -- Vincent Blut Thu, 22 Dec 2016 02:16:54 +0100 + +chrony (2.4.1-2) unstable; urgency=medium + + * debian/chrony.conf: + - Don’t create sample histories by default. Using that feature does not + make a lot of sense when using a pool of rapidely rotating time servers. + - Remove unused directives. + - Improve (well, I hope! ;-) ) the configuration file readability. + - Reword the driftfile directive commentary. + - Shorten the lead-in comment. + + * debian/control: + - Build-depend on pps-tools only on linux. + - Remove libnss3-dev from Build-Depends until #846012 is fixed. + + * debian/init: + - Don’t pass the “-r” option when restarting chronyd as we have disabled + the creation of sample histories by default. + + * debian/rules: + - Drop dh_auto_build override. Nowadays, the documentation is built by + default. + + -- Vincent Blut Fri, 9 Dec 2016 16:58:32 +0100 + +chrony (2.4.1-1) unstable; urgency=medium + + * Import upstream version 2.4.1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/chrony.default: + - New file used to pass options to chronyd. Thanks to nutzteil + for the suggestion and the initial patch. + (Closes: #834240) + + * debian/compat: + - Bump to debhelper compat 10. + + * debian/control: + - Build depend on debhelper ≥ 10. + + * debian/copyright: + - Use HTTPS for all URI. + + * debian/init: + - Read and execute options assigned to the “DAEMON_OPTS” variable. + + * debian/rules: + - Drop dh “--parallel” option. Enabled by default in debhelper 10. + + -- Vincent Blut Mon, 21 Nov 2016 12:58:05 +0100 + +chrony (2.4-1) unstable; urgency=medium + + The “Fix decade-old bug reports” release. + + * Import upstream version 2.4: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/chrony.if-{up,post-down}: + - New scripts used to put chronyd online/offline depending on the + state of the connection. (Closes: #240528,#312092,#389961) + + * debian/chrony.keys: + - Highlight “chronyc keygen” command to generate keys. + + * debian/chrony.ppp.ip-down: + - Be sure that there is no default route before going offline. + (Closes: #252131) + + * debian/control: + - Remove install-info dependency. + - Remove texinfo build dependency since documentation in Texinfo format + has been dropped upstream. + - Build depend on asciidoctor ≥ 1.5.3-1~. The version constraint is + important since chrony’s man pages are generated from “adoc” files, a + functionality that has been added in asciidoctor 1.5.3. + + * debian/dirs: + - Add “etc/NetworkManager/dispatcher.d”. + + * debian/doc-base: + - Remove the file since we do not generate chrony.{html,txt} anymore. + + * debian/docs: + - Remove references to chrony.{html,txt}. + + * debian/patches/*: + - Drop fix-ftbfs-on-powerpc-ppc64-ppc64el.diff; applied upstream. + - Update the “series” file accordingly. + + * debian/postinst: + - Use ucfr to associate chrony with its configuration files. Suggested by + Paul Gevers + + * debian/postrm: + - Remove all vestiges of the association between chrony and its + configuration files. Also suggested by Paul Gevers + + * debian/rules: + - Provide upstream NetworkManager dispatcher script. + + * debian/watch: + - Use HTTPS to fetch new upstream releases. + - Switch to version 4 format. + + -- Vincent Blut Fri, 17 Jun 2016 17:20:08 +0200 + +chrony (2.3-2) unstable; urgency=low + + * Cherry pick upstream patch to fix FTBFS on PowerPC, ppc64 and ppc64el + architectures. + + -- Vincent Blut Fri, 20 May 2016 14:21:14 +0200 + +chrony (2.3-1) unstable; urgency=low + + * Import upstream version 2.3: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + (Closes: #818235) + + * debian/chrony.conf: + - Drop the “logchange” directive. Upstream has enabled “logchange” by + default with a threshold of 1 second. We now use that instead of our custom + threshold of 0,5 second which tended to spam syslog. + - Remove obsolete comment. + + * debian/chrony.lintian-overrides: + - Update “chrony.keys” path + + * debian/control: + - Bump standard-version to 3.9.8 (no changes required). + - Use HTTPS transport protocol for the homepage URL. + + * debian/copyright: + - Add some entries about new or untracked files. + + * debian/postinst: + - Move /usr/share/chrony/chrony.keys template to /etc/chrony using ucf. + - Avoid displaying needless prompt when upgrading to chrony ≥ 2.2.1-1. + (Closes: #820087) + + * debian/postrm: + - Remove chrony.keys on purge. + - Remove all vestiges of chrony.keys from the state hashfile. + + * debian/rules: + - Re-enable test suite. + - Remove dh_installinit override. The init script is LSB-compliant so + passing the “default” option or the two-digit sequence number is unneeded. + - Explicitly set the NTP era. With this change, the NTP time will be + mapped from 1970-01-01T00:00:00Z to 2106-02-07T06:28:16Z. Thanks to this + fixed value, chrony build should be reproducible. + - Move the key file template (chrony.keys) in /usr/share/chrony. + - Force /usr/share/chrony/chrony.keys to use 0640 modes. + + -- Vincent Blut Wed, 18 May 2016 23:13:05 +0200 + +chrony (2.2.1-1) unstable; urgency=medium + + * Import upstream versions 2.2 and 2.2.1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + - The 2.2.1 release version fixes CVE-2016-1567. (Closes: #812923) + + * debian/chrony.conf: + - Drop the commandkey directive. It is obsolete since the introduction of a + Unix domain command socket in chrony 2.2. + - Fix keyfile directive commentary. + + * debian/chrony.keys: + - New file template. + + * debian/chrony.lintian-overrides: + - New file used to force lintian to stop complaining about the “chrony.keys” + file modes (0640). + + * debian/chrony.ppp.ip-down: + - Drop obsolete authentication method to the chronyd daemon. This is now + handled by the usage of a Unix domain command socket. + + * debian/chrony.ppp.ip-up: + - Drop obsolete authentication method to the chronyd daemon. This is now + handled by the usage of a Unix domain command socket. + - Reinstate the “burst” chronyc command. + + * debian/control: + - Build depend on libseccomp-dev ≥ 2.2.3-3~. We need it to provide syscall + filtering. + - Fix a typo relative to the name of an architecture. + - Build depend on pkg-config. + - Restrict libcap-dev build dependency on Linux only. + - Depend on iproute2 instead of net-tools. + - Drop timelimit dependency. + - Update Vcs-Git to use HTTPS. + - Bump standard-version to 3.9.7 (no changes required). + + * debian/copyright: + - Update copyright year for debian/*. + + * debian/init: + - Make use of “ip r” instead of “netstat -rn”. (Closes: #818234) + - Delete unused “FLAGS” variable. + - Do not execute ip and chronyc through timelimit. + - Don’t call chronyc using its absolute path. + - Check if the value of the DAEMON variable is executable. + - Drop the two seconds delay as it should be unnecessary. + - Drop obsolete authentication method from the putonline() function. + - Fix indentation issue in the putonline() function. + + * debian/logrotate: + - Do not pass the “-a” option to chronyc, it’s no longer necessary. + + * debian/NEWS: + - Add a comment about the command key suppression from the “chrony.keys” + file. + + * debian/patches/: + - Drop 01_do-not-install-copying-file.patch, not needed anymore. + ↳ Remove reference to that patch from the series file. + + * debian/postinst: + - Do not create an ID/key pair for command authentication. Configuration + and monitoring via chronyc is now done using Unix domain socket accessible + by root or by the system user to which chronyd will drop root privileges, + i.e. _chrony. + + * debian/postrm: + - Remove /var/lib/chrony content only on purge. (Closes: #568492) + + * debian/README.Debian: + - Drop obsolete statement. + + * debian/rules: + - Build with --enable-scfilter. + - Install the “chrony.keys” file in /etc/chrony/ with 0640 modes. + - Override dh_fixperms to prevent it from modifying modes of the + “chrony.keys” file. By default, dh_fixperms tries to set the default modes + (0644). + - Move the “chronyd.sock” file from /var/run/chrony to /run/chrony. + + -- Vincent Blut Sat, 19 Mar 2016 14:42:23 +0100 + +chrony (2.1.1-1) unstable; urgency=medium + + * Import upstream version 2.0 and 2.1.1: + - Please see /usr/share/doc/chrony/changelog.gz for the release notes. + + * debian/: + - Rename ppp scripts from ip-{up,down} to chrony.ppp.ip-{up,down}. + Necessary to let dh_installppp do its magic. + + * debian/chrony.conf: + - Use the new 'pool' directive to specify the pool of NTP servers. + - Use the iburst option to speed up the initial synchronization. + - Drop the minpoll option. There is no point to deviate from upstream here. + Consequently, the default minimum polling interval is now 64 seconds + instead of 256 seconds. + - Enable kernel synchronization of the RTC via the 'rtcsync' directive. + - Drop the commented out 'rtcfile' directive in the configuration file. + - Stricly act as an NTP client by default. Serving time to other systems + should be the decision of the administrator(s). (Closes: #778770) + - Clarify some comments. + - Improve comment about the 'commandkey' directive. + + * debian/control: + - Drop 'Recommends: udev (>= 0.124-1)' since it predates Debian squeeze. + + * debian/copyright: + - Update copyright years. + - Various cleanups. + - Update relative to sys_macosx.{c,h} files. + - The test/simulation/test.common file is under the GPL-2+ license. + Thanks to Paul Gevers for catching it. + + * debian/NEWS: + - Comment the deactivation of the NTP server capability by default. + + * debian/patches/: + - Refresh 01_do-not-install-copying-file.patch. + + * debian/README.Debian: + - Fix misleading information. + + * debian/rules: + - No need to install ppp scripts from the 'rules' script. Let dh_installppp + handle that. + + -- Vincent Blut Wed, 18 Nov 2015 00:11:23 +0100 + +chrony (1.31.1-2) unstable; urgency=medium + + * Rename the NEWS.Debian file to NEWS. dh_installchangelogs doesn’t seems + to be able to deal with the former name. + + -- Vincent Blut Thu, 17 Sep 2015 21:50:30 +0200 + +chrony (1.31.1-1) unstable; urgency=medium + + * Import upstream version 1.31 and 1.31.1: + - Please see /usr/share/doc/chrony/changelog.gz for release notes. + + * debian/chrony.conf: + - Use the 'hwclockfile' directive. Avoid using text processing methods in + the post install script to find out if the RTC keeps local time or UTC. + (Closes: #778710) + + * debian/clean: + - Add getdate.c + + * debian/control: + - Move chrony from admin to net section. + - Change priority from extra to optional. + - Build depends on libcap-dev. (Closes: #768803) + - Bump standards-version to 3.9.6 (no changes required). + - Set myself as maintainer and Joachim as uploader. + - Update Vcs-Browser URL to use cgit and https. + - Build depends on pps-tools. Provides PPSAPI (RFC-2783) support. + - Improve the synopsis. + - Depend on util-linux (>= 2.20.1-5). Ensure that the 'UTC=' setting + from the '/etc/default/rcS' file have been migrated to UTC/LOCAL in + '/etc/adjtime'. + - Depends on adduser. Needed to create "_chrony" system user/group. + + * debian/copyright: + - Add myself to copyright holders. + - Remove spaces from short name license (fix Lintian warning) + - Filled short license field (RSA-MD) (fix Lintian warning) + - Move comment to the "Comment:" field + + * debian/logrotate: + - Simplify postrotate script. Thanks to Frédéric Brière + for reporting and diagnosing the issue. + (Closes: #763542) + + * debian/patches: + - Drop patches for issues fixed upstream. + - Rename and update patch. Update the series file accordingly. + + * debian/postinst: + - Pass the '--three-way' option to ucf. + - Remove useless text processing methods as we now use the 'hwclockfile' + directive. (Closes: #778711) + - Create "_chrony" system user/group. + - Update the "new_file" path in the ucf invocation. + - Remove the MAILPASSWORD shell variable as we don’t use it. + + * debian/postrm: + - Drop removal instruction of /etc/cron.weekly/chrony. + - Remove "_chrony" system user/group on purge. + - Don’t pass the --group option to deluser. + + * debian/NEWS.Debian: + - New file incorporating worthwhile changes in this release. + + * debian/README.Debian: + - Fix typo, thanks to Paul Gevers for catching it. + - Missing word added. + + * debian/rules: + - Build with all hardening flags. + - Ease the reading of configure options. + - Specify "_chrony" as default chronyd user. This is the system user to + which chronyd will drop root privileges. You'll find further information + in /usr/share/doc/chrony/README.Debian. + (Closes: #688971) + + -- Vincent Blut Sun, 6 Sep 2015 22:39:22 +0200 + +chrony (1.30-2) unstable; urgency=medium + + * With the following security bugfixes (Closes: #782160): + - Fix CVE-2015-1853: Protect authenticated symmetric NTP + associations against DoS attacks. + - Fix CVE-2015-1821: Fix access configuration with subnet + size indivisible by 4. + - Fix CVE-2015-1822: Fix initialization of reply slots for + authenticated commands. + * debian/control: + - Update e-mail address of myself. + - Add Vincent Blut as co-maintainer. + + -- Joachim Wiedorn Fri, 10 Apr 2015 11:41:31 +0200 + +chrony (1.30-1) unstable; urgency=medium + + * New upstream release with following bugfixes: + - Fix crash when selecting with multiple preferred sources. + - Fix frequency calculation with large frequency offsets. + - Fix code writing drift and RTC files to compile correctly. + - Fix -4/-6 options in chronyc to not reset hostname set by -h. + - Fix refclock sample validation with sub-second polling interval. + - Set stratum correctly with non-PPS SOCK refclock and local stratum. + - Modify dispersion accounting in refclocks to prevent PPS getting + stuck with large dispersion and not accepting new samples. + - Move faq.txt (PHP style) to a plain text file FAQ. Closes: #415729 + + * Add gpg signature of upstream developer for use with uscan. + * Update debian/watch, add check of upstream gpg signature. + * Update all patches. + + * Bugfix: Use /etc/adjtime in postinst script to recognize + UTC hardware clock. Closes: #680498 + * Use logrotate instead of cron script. Closes: #323966 + * debian/rules: disable test simulation. + + * debian/control: remove obsolete build dependency to dpkg-dev. + * debian/install, debian/dirs, debian/clean: Update. + * debian/copyright: Update and add entries. + + -- Joachim Wiedorn Sun, 10 Aug 2014 19:10:35 +0200 + +chrony (1.29.1-1) unstable; urgency=high + + * New upstream release with bugfix: + - Closes: #737644: Fixing vulnerability: + CVE-2014-0021 - traffic amplification in cmdmon protocol + (incompatible with previous protocol version, but chronyc + supports both). + + -- Joachim Wiedorn Thu, 06 Feb 2014 15:51:47 +0100 + +chrony (1.29-1) unstable; urgency=medium + + * New upstream release with some bugfixes: + - Closes: #719132: new upstream version, fixes security bugs. + - Closes: #719203: Fixing vulnerabilities: + CVE-2012-4502 - Buffer overflow, + CVE-2012-4503 - Uninitialized data. + + * debian/control: + - Set myself as new maintainer. Closes: #705768 + - Bump to Standards-Version 3.9.5. + - Move to debhelper >= 9 and compat level 9. + - Update package descriptions. + - Add Vcs fields to new git repository. + - Add dependency to lsb-base (for init script). + - Add build dependency to libtomcrypt-dev. + * Move to source format 3.0 (quilt). + * Add the following patch files: (Closes: #637514) + - 01_fix-small-typo-in-manpages + - 03_recreate-always-getdate-c + - 04_do-not-look-for-ncurses (Closes: #646732) + - 05_disable-installation-of-license + * debian/rules: + - Move to dh-based rules file. + - Enable parallel builds. + + * Add debian/watch file. + * Full update of debian/copyright file. + * Add debian/doc-base file. + * Full update of debian/README.Debian file. + * Update debian/postinst, debian/postrm, debian/prerm. + * Remove obsolete debian/preinst. Reduce mailing within postinst. + * Do not use old md5sum file anymore for ucf in postinst script. + * Add status action in init script (debian/init). Closes: #652207 + * Add debian/install file for installing example of chrony.conf. + * Reduce debian/dirs file for use with debhelper 9. + + -- Joachim Wiedorn Fri, 20 Dec 2013 23:35:25 +0100 + +chrony (1.26-4) unstable; urgency=low + + * QA upload. + * Depend on net-tools, for netstat (closes: #707260). + + -- Colin Watson Mon, 08 Jul 2013 18:00:45 +0100 + +chrony (1.26-3) unstable; urgency=low + + * Orphaned. + + -- John G. Hasler Fri, 19 Apr 2013 13:08:31 -0500 + +chrony (1.26-2) unstable; urgency=low + + * Fixed Makefile.in so that getdate.c gets made (and removed + in "clean"). This will go upstream. Moved faq stuff in rules + from binary-indep to binary-arch. + * Restored accidently deleted nmu changelog entry. + + * Applied patch from Moritz Muehlenhoff + Closes: #655123 Please enabled hardened build flags + + * Fixed upstream. + Closes: #518385 Chrony segfaults on startup (narrowed down to + chronyc and "burst") + + * Added DEB_BUILD_OPTIONS=noopt to rules. + Added build-arch and build-indep to rules. + Prefix is now 'usr'. + Changed to dh_installman. + Fixed "clean:" target. + Closes: #479389 Improvements for debian/rules + + * Fixed upstream. + Closes: #195620 Strange "System time : xxx seconds slow of NTP time" + output + + * Upstream changes should have fixed this. + Closes:#294030 chronyd makes the whole system briefly (< 1 second) + freeze + + * Fixed by upstream changes and new LSB headers. + Closes: #407466 Chrony won't access hardware clock but prevents + hwclock from doing so either + + -- John G. Hasler Sun, 01 Jul 2012 22:05:56 -0500 + +chrony (1.26-1) unstable; urgency=low + + * New upstream release + Closes: #348554: chrony and hwclock packages not coordinated. + Closes: #572964: RTC support is missing. + Closes: #642209: add RTC support for linux 3.0. + Closes: #644241: new upstream version 1.26 available. + + * Applied patches from Joachim Wiedorn : + Fixed several typos in man pages and README. + Added version.h. + Moved default chrony.conf to debian/ . + Renamed cron and init files. + Removed debian/NEWS.Debian, debian/info. + Added debian/clean. + Updated debian/copyright. COPYING stays. Upstream requires it. + Fixed debian/menu, debian/control, updated debian/compat. + Added "--without-readline" to debian/rules: rewrite later. + Minor fixes to initscript: rewrite later. + + Closes: #646732 Move from readline support to editline support. + Closes: #598253 Fix typo in LSB init headers ($hwclock to $time). + Closes: #600403 Fix init check with PPP connection. + + -- John G. Hasler Sun, 17 Jun 2012 21:55:47 -0500 + +chrony (1.24-3.1) unstable; urgency=low + + * Non-maintainer upload. + * Add patch (directly over the source...), to work with kernels > 3.0.0, + by Paul Martin at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628919#15. + (Closes: #628919) + * Fix readline build-depends from "libreadline5-dev | libreadline-dev" to + libreadline-gplv2-dev because chrony is GPLv2 only. (Closes: #634447) + * Update copyright file to say that chrony is GPLv2 only. (Closes: #637526) + + -- Ana Beatriz Guerrero Lopez Fri, 12 Aug 2011 12:32:26 +0200 + +chrony (1.24-3) unstable; urgency=high + + * Applied (modifed) patch from Gregor Herrmann. + + Closes: #593145: fails to configure on installation + Closes: #552162: chrony incorrectly thinks that it has failed to + (re)start + Closes: #592930: invoke-rc.d: initscript chrony, action "start" failed. + + -- John G. Hasler Tue, 14 Sep 2010 10:06:47 -0500 + +chrony (1.24-2) unstable; urgency=low + + * Fixed regression that caused default CHRONY_IOC_ lines to + vanish from io_linux.h thereby breaking hppa and ia64. + + Closes: #588930: FTBFS [ia64,hppa]: "I don't know the values of the + _IOC_* constants on your architecture" + + * $remote_fs was added in 1.24-1. Depending on networking is neither + necessary nor desireable. + + Closes: #590888: Dependencies on init.d script insuficcient + + * Still need to rewrite scripts. + + -- John G. Hasler Fri, 30 Jul 2010 20:32:55 -0500 + +chrony (1.24-1) unstable; urgency=low + + * New upstream release. The scripts will be rewritten and many more bugs + taken care of in -2. Right now I want to get 1.24 out there. + + * Applied patch from Petter Reinholdtsen to init.d + + Closes: #541806: misses syslog dependency in LSB headers + + * Chrony cannot be linked to libreadline6 because it is GPLv2 only. + + Closes: #553739 replacing libreadline5-dev build dependency with + libreadline-dev + + * "configure" rewritten upstream, eliminating "+=". + + Closes: #573036: RTC support disabled (due to Bashism in configure line 293) + + * Removed "install-info" from scripts. + + Closes: #568703: dpkg warnings + + * client.c has been rewritten upstream. + + Closes: #573032 + + * Fixed typos. + + Closes: #434629: 'man chrony', 'cronyc', 'cronyd' typos: "parateters" x 2, + "priviliges" + + * Added debian/source/format containing "1.0". + + -- John G. Hasler Tue, 22 Jun 2010 16:01:29 -0500 + +chrony (1.23-7) unstable; urgency=high + + * Applied patches from upstream to fix remote DOS: + + CVE-2010-0292 Don't reply to invalid cmdmon packets + + CVE-2010-0293 Limit client log memory size + + CVE-2010-0294 Limit rate of syslog messages + + -- John G. Hasler Tue, 02 Feb 2010 19:37:50 -0600 + +chrony (1.23-6) unstable; urgency=low + + * Commented out rtcfile directive in chrony.conf because it can cause + lockups with certain combinations of motherboard and kernel (this is + a known kernel bug). + + Closes: #508298: chronyd unreachable and does not work (clock drifts) + + * Chrony no longer uses the ppp/ip-up.d and ppp/ip-up.d files and the new + init.d file won't hang if chronyc hangs. + + Closes: #448481: /etc/ppp/ip-up.d/chrony doesn't work when bindaddress is set. + + * Cannot reproduce on current version on amd64. + + Closes: #412961: error in tracking report (on amd64?) + + -- John Hasler Wed, 10 Dec 2008 14:16:37 -0600 + +chrony (1.23-5) unstable; urgency=low + + * Replaced background kill with 'timelimit' in initscript. + + Closes: #505094: chrony: kills random netstat processes + + * Added 'Recommends: udev (>= 0.124-1)' + + Closes: #497113: /dev/rtc renamed to /dev/rtc0 with linux-image-2.6-*/2.6.26+15 + + * Had previously applied patch from Nathanael Nerode to fix configure + bug but forgot to close the bug. + + Closes: #392273: Recursive dependency disease: chrony shouldn't depend on ncurses + + -- John Hasler Sun, 09 Nov 2008 20:19:22 -0600 + +chrony (1.23-4) unstable; urgency=low + + * Fixed dependency of init script on Pppconfig ip-up.d script by moving + those lines into the init script. + + * Added checks to try to make sure that Chronyd is really, really running. + Changed Netstat call to use -n, added code to kill it if it hangs. + Added code to kill Chronyc if it can't contact Chronyd. + Discussed the HPET/rtc problem in NEWS.Debian. + + Closes: #504000: init script hangs for a while might break upgrade + + * Added missing initialization to create_instance() in ntp_core.c. + This was why UTI_NormaliseTimeval() was being called with huge + values at times. + + * See comment on #195620 in 1.21z-6 below. If you know of more LP64 + bugs reopen #348412 with a patch. + + Closes: #348412: chronyc not LP64 compliant + + * Added comment about sources being discarded to chrony.conf as suggested + by Andreas Hübner in #268289. + + * This is normal behavior. + + Closes: #287060: trimrtc takes 40 seconds to take effect + + -- John Hasler Thu, 06 Nov 2008 10:38:58 -0600 + +chrony (1.23-3) unstable; urgency=high + + * Rewrote UTI_NormaliseTimeval()in util.c to use divide/remainder + instead of loops at the suggestion of Gabor Gombas. This prevents the + problem of the loop running until the sun goes out when the function + is called with a very large value for tv_usec on 64-bit architectures. + Also fixed some other spots where the same loop was being used. + + Closes: #474294 Goes into endless loop + Closes: #447011 chronyd stalls with 100% CPU usage + + I still don't know why the function is being called with such a + large value, however. + + * Changed default servers in chrony,conf to Debian servers. + + Closes: #434483: chrony: Should use NTP servers in Debian pool + + -- John Hasler Sat, 26 Apr 2008 11:47:44 -0500 + +chrony (1.23-2) experimental; urgency=low + + * Added default IOC's to io_linux.h. + Closes: #477043: chrony_1.23-1(ia64/experimental): FTBFS: IOC + constants unknown on ia64 + Closes: #476963: chrony_1.23-1(hppa/experimental): FTBFS: "I don't + know the values of the _IOC_* constants for your architecture" + + -- John Hasler Sun, 20 Apr 2008 13:29:29 -0500 + +chrony (1.23-1) experimental; urgency=low + + * New upstream release + This is 1.23 with Debian patches applied (including some for LP64). + I'm uploading this to Experimental to get it tested on x86_64 to see + if #474294 is fixed. + + -- John Hasler Sat, 19 Apr 2008 14:49:15 -0500 + +chrony (1.21z-6) unstable; urgency=low + + * Applied patches from Eric Lammerts and Goswin von + Brederlow to cast the value + returned by ntohl to int32_t and so cause correct sign-extension near + line 1655 in client.c. Also fixed similar bugs in the same area. I'm + not sure this entirely fixes the chronyc number display problem, + though. I've not closed #348412 here because chrony is still not + fully LP64 compliant. + Closes: #195620: Strange "System time : xxx seconds slow of + NTP time" output + + * Replaced addrfilt.c with addrfilt.c from upstream git repository. + This fixes the recursive structure definition problems. + + * Replaced 'route' with 'netstat -r' in the initscript. + + * Applied patch for configure script from Nathanael Nerode + to delete the superfluous "lncurses" at line + 327. + Closes: #392273: Recursive dependency disease: chrony shouldn't depend + on ncurses + + * Added test to reject servers claiming stratum less than 1 in + ntp_core.c "Test 7". Bill Unruh has run across + a server that sometimes claims to be stratum 0, which causes + considerable confusion. + + -- John Hasler Fri, 16 Feb 2007 17:47:40 -0600 + +chrony (1.21z-5) unstable; urgency=high + + * Applied postinst patch from Lionel Elie Mamane to test for the + existence of old .keys and .conf files before renaming them. + Closes: #397759: fails to configure: mv: cannot stat `/etc/chrony/chrony.keys.1.21-2': + No such file or directory + + * Added burst command to /etc/ppp/ip-up.d/chrony to give chronyd a kick in the butt. + Shouldn't need that, though. + Initscript now calls /etc/ppp/ip-up.d/chrony if a default route exists. + Closes: #397739: Not connecting to sources after reboot - dialup + + -- John Hasler Sun, 26 Nov 2006 08:07:20 -0600 + +chrony (1.21z-4) unstable; urgency=low + + * Added test for /usr/bin/mail to postinst. + Closes: #386651: chrony: Requires /usr/bin/mail but doesn't depend on it + Closes: #390280: chrony: missing dependency on mail + + * Added LSB headers to initscript + + * Corrected erroneous use of 'dpkg --compare-version' in preinst and postinst. + Closes: #386733: fails to configure (bad upgrade check) + + * Added rm to postinst to remove keyfile possibly left by a failed install. + Closes: #390278: usage of tempfile /etc/chrony/chrony.keys is doubtful + + -- John Hasler Sat, 7 Oct 2006 13:39:49 -0500 + +chrony (1.21z-3) unstable; urgency=low + + * Changed upstream version number from 1.21 to 1.21z to satisfy Debian + archive software. + + * Replaced impure chrony_1.21.orig.tar.gz. + Closes: #340030: chrony: Tarball is impure + + * Now Provides, Conflicts, Replaces time-daemon + Closes: #330839: time-daemon pseudopackage + + * Corrected typos. + Closes: #321121: chrony: typo in 'Conflicts:' field: s/ntpsimple/ntp-simple/ and s/ntprefclock/ntp-refclock/ + + * Rewrote postinst and postrm to use ucf. Wrote preinst to protect chrony.conf from dpkg. + Closes: #351332: chrony: conffile change prompt prevents smooth upgrade from sarge to etch + + * Deleted last few lines of chrony.conf as they no longer apply. + + * Deleted .arch-ids from contrib and examples. + + * Fixed typo in chronyc.1 + Closes: #349871: chrony: typo in chrnoyc.1 results in missing word + + * Corrected references in man pages. + Closes: #345034: chrony: man pages refer to wrong sections + + * Added "allow 172.16/12" to chrony.conf. + Closes: #252952: chrony: default allow should also have 172.16/12 + + * Channged server lines in chrony.conf to follow ntp.org current recommendation. + Closes: #243534: chrony: new pool.ntp.org setup doesn't work well + + * Fixed FSF address in debian/copyright. + + -- John Hasler Fri, 1 Sep 2006 10:52:52 -0500 + +chrony (1.21-2) unstable; urgency=high + + * Patched io_linux.h to add missing architectures. + Closes: #339764: chrony - FTBFS: #error "I don't know the values of the + _IOC_* constants for your architecture" + + * Fixed brown-bag error in rules. + Closes: #339853: /usr/sbin/chronyd is missing + + -- John Hasler Sat, 19 Nov 2005 10:12:49 -0600 + +chrony (1.21-1) unstable; urgency=low + + * New upstream release + Closes: #328292: New version of chrony avalaible + Closes: #301592: Fails to read RTC and floods logfiles + + * Enabled RTC as upstream has installed a work-around for the HPET bug. + + * Switched to libreadline5. + Closes: #326379: please rebuild with libreadline5-dev as build dependency + + * Patched addrfilt.c to fix gcc 4.0 build problem. + Closes: #298709: chrony: FTBFS (amd64/gcc-4.0): array type has incomplete element type + + * There are lots more minor things to fix but I'm uploading now to close + the serious bugs. I'll upload another version with some improvements + in a few weeks. + + -- John Hasler Tue, 15 Nov 2005 18:39:49 -0600 + +chrony (1.20-8) unstable; urgency=high + + * Added test for /usr/bin/mail in postinst. + Closes: #307061: Install failure: Cannot configure on system without mailx + I consider this bug serious because it can cause installation to fail + and so I want to get the fix into Sarge. + + * Fixed typo in chrony.conf, replaced '/etc/init.d/chrony restart' + with 'invoke-rc.d chrony restart'. + Closes: #305090: Typo in chrony.conf, should mention invoke-rc.d + + * Added README.Debian explaining that rtc is off by default. + + -- John Hasler Sat, 30 Apr 2005 18:47:30 -0500 + +chrony (1.20-7) unstable; urgency=low + + * Added info-4 to debian/rules. + Closes: #287142: chrony: Can't find chrony.info-4 + + * Corrected "See Also" section in chrony man page. Now mentions + chronyc(1), chronyd(8), and chrony.conf(5). + Closes: #287444: chrony.1.gz: SEE ALSO on man page has wrong section. + + * Edited chrony.conf to disable rtc by default and explain why: + on some systems that use genrtc or the HPET real-time clock it + fails and causes chronyd to fill up the log. The failure is + probably due to a kernel bug, bug the logging should be + throttled. + + * Added more explanatory comments at the servers directive in + chrony.conf. + + * The postinst script now sends a message to root saying where the + password is, whether Chrony is assuming UTC or local time, + that rtc updating is disabled, why, and how to change it. + + * Added missing '#' to + "Can't tell how your clock is set: assuming local time." + in postinst. + + -- John Hasler Tue, 12 Apr 2005 17:59:13 -0500 + +chrony (1.20-6) unstable; urgency=low + + * Fixed error in chrony.conf where the non-existent 'online' directive + was mentioned. + Closes: #257235 misleading instructions in chrony.conf + + * Patched Makefile.in to generate faq.html. + Closes: #265936 /usr/share/doc/chrony/faq.txt.gz: how to read? + + -- John Hasler Sat, 4 Dec 2004 17:47:31 -0600 + +chrony (1.20-5) unstable; urgency=low + + * Put pool.ntp.org servers in chrony.conf as defaults. + + * Fixed erroneous references to chronyd(1) in some man pages. + Closes: #241746 SEE ALSO chronyd(1) should be (8) + + * I got a new motherboard and can no longer reproduce this. + If you can please reopen the bug. + Closes: #223518 Rtc stuff is broken + + * Edited chrony.conf(5). + Closes: #241745 many more features have been added + + * Edited chrony.conf to add logchange and mailonchange and to + enable rtc by default. + Closes: #226644 /etc/chrony/chrony.conf: rtc; not all options are noted in conf file + + * Fixed upstream: see NEWS. + Closes: #124089 mistake in the chrony manual + Closes: #177366: trailing blank on log lines + Closes: #195618 failure to use /dev/misc/rtc floods logfiles + Closes: #53066 "acquisitionport" directive and doc fixes [patch] + Closes: #100880 RFE: don't use /proc when uname(2) will do + Closes: #163470: different bindaddresses for ntp port and control port + Closes: #200174: Chrony breaks under Kernel 2.5 (two bugs) + + -- John Hasler Sat, 10 Apr 2004 22:00:00 -0500 + +chrony (1.20-4) unstable; urgency=low + + * Added '#include ' to rtc_linux.c to fix Alpha build problem. + Also removed spinlock stuff from configure. + + -- John Hasler Fri, 26 Dec 2003 21:00:00 -0600 + +chrony (1.20-3) unstable; urgency=low + + * Removed all inclusions of kernel headers. + Hopefully Chrony will now build on m68k. + + -- John Hasler Tue, 23 Dec 2003 19:00:00 -0600 + +chrony (1.20-2) unstable; urgency=low + + * Removed spinlock.h and mc146818.h from rtc_linux.c. linux/rtc.h and + RTC_UIE=0x10 provide everything needed now. + Closes: #223134 FTBFS: Errors in kernel headers + + * However, rtc is now broken (and appears to have been broken for some time) + on 440BX chipsets with 2.4 kernels. + + -- John Hasler Fri, 12 Dec 2003 13:00:00 -0600 + +chrony (1.20-1) unstable; urgency=low + + * New upstream release. + + * Frank Otto's patch to sys_linux.c, function guess_hz_and_shift_hz now + incorporated upstream. + Closes: #198557 Fatal error: chronyd can't determine hz for kernel with HZ=200 + + * Security and 64 bit patches are now incorporated upstream + along with most non-i386 architecture patches. + + * Put correct links in /usr/share/doc/chrony/timeservers. + Closes: #189686 /usr/share/doc/timeservers links are broken + + * Put correct links in chrony.conf. + Closes: #210886 bad link in chrony.conf + + * Put missing newlines in apm and chrony.keys. + Closes: #211604 Build-warning: some files misses final newline + + * Removed conflict with ntpdate. + + -- John Hasler Tue, 7 Oct 2003 22:00:00 -0500 + +chrony (1.19-10) unstable; urgency=low + + * Put linux/linkage.h ahead of linux/spinlock.h as I meant to in + the first place. + + -- John Hasler Sun, 13 Jul 2003 7:00:00 -0500 + +chrony (1.19-9) unstable; urgency=low + + * Added "#include " to rtc_linux.c to fix mips + build failure. + Closes: #200165 chrony doesn't build on mips and mipsel + + -- John Hasler Sat, 12 Jul 2003 10:00:00 -0500 + +chrony (1.19-8) unstable; urgency=low + + * Added bison to build-depends because of addition of getdate.y + + -- John Hasler Tue, 3 Jun 2003 10:00:00 -0500 + +chrony (1.19-7) unstable; urgency=high + + * Closes: #186498 chronyc hangs if no chronyd is running + Added test for running daemon to ip-{up|down} scripts. + Disabled trimrtc for ALPHA + Closes: #195615 GPL violation - generated file without source + * Added a copy of getdate.y to source. + + -- John Hasler Sun, 1 Jun 2003 7:00:00 -0500 + +chrony (1.19-6) unstable; urgency=low + + * Closes: #179842 "CROAK" redefined + Added '#undef CROAK' before CROAK redefiniton in pktlength.h, + added '-DALPHA' to 'alpha' condition in configure, added + 'ifdef ALPHA' around CROAK redefinition. + * Replaced many signed and unsigned longs as well as some ints, + shorts, and chars with stdint.h types in candm.h, md5.h, ntp.h, + clientlog.h, and ntp_io.c. This should fix all 64-bit problems. + + -- John Hasler Fri, 14 Mar 2003 19:00:00 -0600 + +chrony (1.19-5) unstable; urgency=high + + * Closes: #184065 Assertion `sizeof(NTP_int32) == 4' failed on alpha + Fixed several spots where the author assumed that a long is 32 bits. + There are many more misuses of long as well as several of short and + char but I think I got the only ones likely to cause trouble. + + -- John Hasler Fri, 14 Mar 2003 11:00:00 -0600 + +chrony (1.19-4) unstable; urgency=low + + * Closes: #179538 FTBFS: missing build-depends on makeinfo + Added texinfo to build-depends. + * CLoses: #179508: chrony(c|d) show wrong version numbers + Removed spurious version.h. + + -- John Hasler Sun, 2 Feb 2003 19:00:00 -0600 + +chrony (1.19-3) unstable; urgency=low + + * Updated author's address in copyright file. + * Closes: #163446 patch, that scripts can handle all commandkeys + Applied debugged patch. + * Closes: #107863 doesn't know about APM + Put apm script in debian/ and added rules to copy it to + etc/apm/event.d as instructed by the apmd maintainer. + + -- John Hasler Fri, 31 Jan 2003 18:00:00 -0600 + +chrony (1.19-2) unstable; urgency=low + + * Closes: #100879 unnecessary dependency on libm + Applied patch from Zack Weinberg + * Closes: #124091 the force-reload command of /etc/init.d/chrony should + use the -r option. + Added -r option. + + -- John Hasler Wed, 29 Jan 2003 10:00:00 -0600 + +chrony (1.19-1) unstable; urgency=low + + * New upstream release. + * Closes: #178338 New upstream version fixes crashes caused by adjtimex + failure + * Closes: #178101 /etc/ppp/ip-{up,down}.d/chrony installed with + incorrect permissions + This bug was previously reported and fixed in 18-1 + * Closes: #176130 got an error when I use ppp_on_boot + Changed 'update-rc.d chrony defaults 83' to + 'update-rc.d chrony defaults 14' in init.d so that chrony + will come up before ppp. + * Added code to postinst to read /etc/default/rcS and + set rtconutc appropriately in chrony.conf. + * Rewrote password generator in postinst. + * Closes: #100879 unnecessary dependency on libm + I don't know why this wasn't closed months ago. + * Closes: #103447 typo in "/etc/init.d/chrony" + * Closes: #124087 problems with /etc/init.d/chrony + Fixed script. + * Closes: #161350 /etc/ppp/ip-down.d/chrony cat unnecessary + Fixed scripts. + * Closes: #113840 ntp has been split - add conflicts? + Added ntp-simple and ntp-refclock to conflicts. + + -- John Hasler Sun, 26 Jan 2003 15:00:00 -0600 + +chrony (1.18-2) unstable; urgency=low + + * Corrects error in changelog which resulted + in uploads being erroneously classified as NMUs. + * Closes: #138142, #104774, #142670, #105344, #101039 + * Closes: #162427, #56756, #98951, #99799, #139633 + * Closes: #163469, #163408, #167416 + + -- John Hasler Sun, 3 Nov 2002 20:00:00 -0600 + +chrony (1.18-1) unstable; urgency=low + + * New upstream release. + * Closes: #138142 new upstream release + * Added Mark Brown's Alpha and PowerPC patch. + * Closes: #104774 hppa build failure + Applied patch. + * Closes: #142670 compilation errors on sparc + Applied patch. + * Closes: #105344 ip-{up, down}.d/chrony not executable + Fixed debian/rules. + * Closes: #101039 does not run on Alpha + Fixed by above mentioned Mark Brown patch. + * Closes: #162427 description should mention NTP + Fixed description. + * Closes: #56756 README.debian should caution about hwclock + Fixed README.debian. + * Closes: #98951 no chrony.keys file installed + Not reproducible, probable user error. + * Closes: #99799 logs world readable + Added umask 022 to log script. + * Closes: #139633 documentation error + Added rtconutc to chrony.conf. + * Closes: #163469 no default case in init.d script + Corrected typo. + * Closes: #163408 PIDFILE wrongly defined in ip-{up,down} + No chrony script uses any such variable. + * Closes: #167416 needs Build-Depends: libreadline4-dev + + -- Sun, 3 Nov 2002 10:00:00 -0600 + +chrony (1.14-7) unstable; urgency=medium + + * Changed rtc_linux.c to not include linux/mc146818rtc.h + when building for sparc, because Moshe Zadka says this + will allow chrony to build there. + * Closes: #142670 + + -- Wed, 17 Apr 2002 17:00:00 -0500 + +chrony (1.14-6) unstable; urgency=low + + * Changed architecture back to 'any'. + * Applied portability patch from LaMont Jones. + * Closes: #104774 + + -- Mon, 1 Apr 2002 21:00:00 -0600 + +chrony (1.14-5) unstable; urgency=low + + * Changed architecture from 'any' to 'i386 sparc'. + Neither I nor the author can test on anything but i386. If + you want chrony on anything else send me a tested patch. + * Closes: #101039 + * Closes: #104774 + + -- Fri, 28 Dec 2001 20:10:00 -0600 + +chrony (1.14-4) unstable; urgency=low + + * Fixed bug in man pages. + * Closes: #95134 + + -- Tue, 24 Apr 2001 20:10:00 -0500 + +chrony (1.14-3) unstable; urgency=low + + * Replaced in rtc_linux.c with + typedef int spinlock_t as suggested by Paul Slootman. + * Put #define CROAK(message) assert(0) in pktlength.h + to fix Alpha build problem. + * Closes: #86991 + + -- Sat, 24 Feb 2001 22:45:00 -0600 + +chrony (1.14-2) unstable; urgency=low + + * Closes: #84597 + + -- Sat, 3 Feb 2001 21:25:00 -0600 + +chrony (1.14-1) unstable; urgency=low + + * New upstream release. + * Fixed more sprintfs. + * Closes: #50793, #52570, #48216, #65209, #62924, #70377, #61485, #76661 + + -- Mon, 20 Nov 2000 20:25:00 -0600 + +chrony (1.10-3) unstable; urgency=low + + * Patched cron,weekly script with (corrected) patch + from Rene H. Larsen . + * Updated author address in copyright file. + * Compiled with egcs. + * Closes: #41885, #41551 + + -- Sun, 25 July 1999 12:14:00 -0500 + +chrony (1.10-2) unstable; urgency=low + + * Patched rtc_linux.c with patch for SPARC from + bmc@visi.net. + + -- Mon, 17 May 1999 22:30:00 -0500 + +chrony (1.10-1) unstable; urgency=low + + * New upstream release. + * Upstream version number is 1.1. Debian version + number is 1.10 because previous upstream number + was 1.02. + + -- Wed, 12 May 1999 20:30:00 -0500 + +chrony (1.02-7) unstable; urgency=low + + * Changed configure to permit building on non-Intel. + + -- Wed, 5 May 1999 18:00:00 -0500 + +chrony (1.02-6) unstable; urgency=low + + * Fixed postrm bug. + + -- Thur, 29 Apr 1999 18:00:00 -0500 + +chrony (1.02-5) unstable; urgency=low + + * Fixed bugs 34954 and 36921. + * Moved to priority extra. + * Added README.debian text about rtc. + + -- Thur, 15 Apr 1999 21:30:00 -0500 + +chrony (1.02-4) unstable; urgency=low + + * Replaced sprintf's with snprintf's. + + -- Sun, 28 Feb 1999 16:53:00 -0600 + +chrony (1.02-3) unstable; urgency=low + + * Fixed bugs in cron.weekly, ip-up.d, and ip-down.d. + * Bug 29981 is also fixed. + + -- Sun, 6 Dec 1998 9:53:00 -0600 + +chrony (1.02-2) unstable; urgency=low + + * Added cron.weekly. + * Changed ip-up.d, ip-down.d, and cron.weekly to read the + password from chrony.keys. + * Added code to postinst to generate a random password and + put it in chrony.keys. + + -- Thur, 3 Dec 1998 19:00:08 -0600 + +chrony (1.02-1) unstable; urgency=low + + * Initial Release. + + -- Fri, 6 Nov 1998 23:00:08 -0600 diff --git a/chrony-dnssrv@.service b/chrony-dnssrv@.service new file mode 100644 index 0000000..86d374f --- /dev/null +++ b/chrony-dnssrv@.service @@ -0,0 +1,17 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chrony.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/libexec/chrony/chrony-helper update-dnssrv-servers %I +ProtectSystem=strict +PrivateDevices=yes +ProtectHome=yes +ReadWritePaths=/run +PrivateTmp=yes +PrivateDevices=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectControlGroups=yes diff --git a/chrony-dnssrv@.timer b/chrony-dnssrv@.timer new file mode 100644 index 0000000..8495e01 --- /dev/null +++ b/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/chrony-helper b/chrony-helper new file mode 100755 index 0000000..5099161 --- /dev/null +++ b/chrony-helper @@ -0,0 +1,264 @@ +#!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. The script can also list +# and set static sources in the chronyd configuration file. +# +# Modified for Debian by Vincent Blut . + +chronyc=/usr/bin/chronyc +chrony_conf=/etc/chrony/chrony.conf +chrony_service=chrony.service +helper_dir=/run/chrony-helper +added_servers_file=$helper_dir/added_servers + +dhclient_servers_files="/var/lib/dhcp/chrony.servers.*" +dnssrv_servers_files="$helper_dir/dnssrv@*" +dnssrv_timer_prefix=chrony-dnssrv@ + +chrony_command() { + $chronyc -n -m "$1" +} + +is_running() { + chrony_command "tracking" &> /dev/null +} + +get_servers_files() { + echo "$dhclient_servers_files" + echo "$dnssrv_servers_files" +} + +is_update_needed() { + for file in $(get_servers_files) $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 +} + +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null) + + all_servers=$( + echo "$all_servers_with_args" | + while read -r server serverargs; do + echo "$server" + done | sort -u) + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read -r server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | + while read -r server; do + chrony_command "delete $server" &> /dev/null + done + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + if [ -n "$added_servers" ]; then + echo "$added_servers" > $added_servers_file + else + rm -f $added_servers_file + fi +} + +get_dnssrv_servers() { + local name=$1 output + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) || return 0 + + echo "$output" | while read -r _ _ port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port iburst" + done +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + if [ -n "$servers" ]; then + echo "$servers" > "$srv_file" + else + rm -f "$srv_file" + fi +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer + + timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer || return 1 + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" | + while read -r name; do + systemd-escape --unescape "$name" + done +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +is_source_line() { + local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+" + [[ "$1" =~ $pattern ]] +} + +list_static_sources() { + while read -r line; do + if is_source_line "$line"; then + echo "$line" + fi + done < $chrony_conf +} + +set_static_sources() { + local new_config tmp_conf + + new_config=$( + sources=$( + while read -r line; do + is_source_line "$line" && echo "$line" + done) + + while read -r line; do + if ! is_source_line "$line"; then + echo "$line" + continue + fi + + tmp_sources=$( + local removed=0 + + echo "$sources" | while read -r line2; do + if [ "$removed" -ne 0 ] || [ "$line" != "$line2" ]; then + echo "$line2" + else + removed=1 + fi + done) + + [ "$sources" == "$tmp_sources" ] && continue + sources=$tmp_sources + echo "$line" + done < $chrony_conf + + echo "$sources" + ) + + tmp_conf=${chrony_conf}.tmp + + cp -a $chrony_conf $tmp_conf && + echo "$new_config" > $tmp_conf && + mv $tmp_conf $chrony_conf || return 1 + + systemctl try-restart $chrony_service +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " list-static-sources" + echo " set-static-sources < sources.list" + echo " is-running" + echo " command CHRONYC-COMMAND" +} + +case "$1" in + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon + ;; + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers + ;; + list-static-sources) + list_static_sources + ;; + set-static-sources) + set_static_sources + ;; + is-running) + is_running + ;; + command|forced-command) + chrony_command "$2" + ;; + *) + print_help + exit 2 +esac + +exit $? diff --git a/chrony.conf b/chrony.conf new file mode 100644 index 0000000..b3a9510 --- /dev/null +++ b/chrony.conf @@ -0,0 +1,47 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +# Use Debian vendor zone. +pool 2.debian.pool.ntp.org iburst + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC diff --git a/chrony.default b/chrony.default new file mode 100644 index 0000000..028f63d --- /dev/null +++ b/chrony.default @@ -0,0 +1,6 @@ +# This is a configuration file for /etc/init.d/chrony and +# /lib/systemd/system/chrony.service; it allows you to pass various options to +# the chrony daemon without editing the init script or service file. + +# Options to pass to chrony. +DAEMON_OPTS="-F 1" diff --git a/chrony.dhcp b/chrony.dhcp new file mode 100644 index 0000000..f3dacd7 --- /dev/null +++ b/chrony.dhcp @@ -0,0 +1,27 @@ +CHRONY_SOURCEDIR=/run/chrony-dhcp +SERVERFILE=$CHRONY_SOURCEDIR/$interface.sources + +chrony_config() { + rm -f "$SERVERFILE" + mkdir -p "$CHRONY_SOURCEDIR" + for server in $new_ntp_servers; do + echo "server $server iburst" >> "$SERVERFILE" + done + /usr/bin/chronyc reload sources > /dev/null 2>&1 || : +} + +chrony_restore() { + if [ -f "$SERVERFILE" ]; then + rm -f "$SERVERFILE" + /usr/bin/chronyc reload sources > /dev/null 2>&1 || : + fi +} + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + chrony_config + ;; + EXPIRE|FAIL|RELEASE|STOP) + chrony_restore + ;; +esac diff --git a/chrony.examples b/chrony.examples new file mode 100644 index 0000000..1a0e8e2 --- /dev/null +++ b/chrony.examples @@ -0,0 +1 @@ +examples/chrony.conf* diff --git a/chrony.if-post-down b/chrony.if-post-down new file mode 100644 index 0000000..4cc0796 --- /dev/null +++ b/chrony.if-post-down @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +[ -x /usr/sbin/chronyd ] || exit 0 + +if [ -e /run/chrony/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/chrony.if-up b/chrony.if-up new file mode 100644 index 0000000..4cc0796 --- /dev/null +++ b/chrony.if-up @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +[ -x /usr/sbin/chronyd ] || exit 0 + +if [ -e /run/chrony/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/chrony.keys b/chrony.keys new file mode 100644 index 0000000..a2d655d --- /dev/null +++ b/chrony.keys @@ -0,0 +1,10 @@ +# This file is solely used for NTP authentication with symmetric keys +# as defined by RFC 1305 and RFC 5905. +# +# It can contain ID/key pairs which can be generated using the “keygen” option +# from “chronyc”; for example: +# chronyc keygen 1 SHA256 256 >> /etc/chrony/chrony.keys +# would generate a 256-bit SHA-256 key using ID 1. +# +# A list of supported hash functions and output encoding is available by +# consulting the "keyfile" directive in the chrony.conf(5) man page. diff --git a/chrony.lintian-overrides b/chrony.lintian-overrides new file mode 100644 index 0000000..83260a6 --- /dev/null +++ b/chrony.lintian-overrides @@ -0,0 +1,7 @@ +# The “chrony.keys” file must not be world readable as it could contain +# symmetric keys used for NTP authentication. +chrony: non-standard-file-perm 0640 != 0644 [usr/share/chrony/chrony.keys] + +# NetworkManager does not execute dispatcher scripts in /usr/libexec. +chrony: executable-in-usr-lib [usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp] +chrony: executable-in-usr-lib [usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline] diff --git a/chrony.maintscript b/chrony.maintscript new file mode 100644 index 0000000..740a898 --- /dev/null +++ b/chrony.maintscript @@ -0,0 +1 @@ +rm_conffile /etc/NetworkManager/dispatcher.d/20-chrony 3.5-7~ chrony diff --git a/chrony.ppp.ip-down b/chrony.ppp.ip-down new file mode 100644 index 0000000..c077551 --- /dev/null +++ b/chrony.ppp.ip-down @@ -0,0 +1,13 @@ +#!/bin/sh +# This script tells chronyd that the connection is down +# so that it won't try to contact the server. +# John Hasler 1998-2003 +# Any possessor of a copy of this program may treat it as if it +# were in the public domain. I waive all rights. +# Modified by Vincent Blut + +if [ -e /run/chrony/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/chrony.ppp.ip-up b/chrony.ppp.ip-up new file mode 100644 index 0000000..9c8d089 --- /dev/null +++ b/chrony.ppp.ip-up @@ -0,0 +1,12 @@ +#!/bin/sh +# This script tells chronyd that the connection is up so that it can +# contact the server. John Hasler 1998-2003 +# Any possessor of a copy of this program may treat it as if it +# were in the public domain. I waive all rights. +# Modified by Vincent Blut + +if [ -e /run/chrony/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/chrony.service b/chrony.service new file mode 100644 index 0000000..50d08fa --- /dev/null +++ b/chrony.service @@ -0,0 +1,65 @@ +[Unit] +Description=chrony, an NTP client/server +Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5) +Conflicts=openntpd.service ntp.service ntpsec.service +Wants=time-sync.target +Before=time-sync.target +After=network.target +ConditionCapability=CAP_SYS_TIME + +[Service] +Type=forking +PIDFile=/run/chrony/chronyd.pid +EnvironmentFile=-/etc/default/chrony +User=_chrony +# Daemon is started as root, but still sandboxed +ExecStart=!/usr/sbin/chronyd $DAEMON_OPTS + +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CAP_MKNOD CAP_SYS_ADMIN +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_CHROOT CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_SYS_PTRACE CAP_SYS_RAWIO CAP_SYS_TTY_CONFIG CAP_WAKE_ALARM +DeviceAllow=char-pps rw +DeviceAllow=char-ptp rw +DeviceAllow=char-rtc rw +DevicePolicy=closed +LockPersonality=yes +MemoryDenyWriteExecute=yes +NoNewPrivileges=yes +PrivateTmp=yes +ProcSubset=pid +ProtectControlGroups=yes +ProtectHome=yes +ProtectHostname=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +ProtectSystem=strict +# Used for gps refclocks +ReadWritePaths=/run +RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX +RestrictNamespaces=yes +RestrictSUIDSGID=yes +SystemCallArchitectures=native +SystemCallFilter=~@cpu-emulation @debug @module @mount @obsolete @raw-io @reboot @swap + +ConfigurationDirectory=chrony +RuntimeDirectory=chrony +RuntimeDirectoryMode=0700 +# See dumpdir in chrony.conf(5) +RuntimeDirectoryPreserve=restart +StateDirectory=chrony +StateDirectoryMode=0750 +LogsDirectory=chrony +LogsDirectoryMode=0750 + +# Adjust restrictions for /usr/sbin/sendmail (mailonchange directive) +NoNewPrivileges=no +ReadWritePaths=-/var/spool +RestrictAddressFamilies=AF_NETLINK + +[Install] +Alias=chronyd.service +WantedBy=multi-user.target diff --git a/clean b/clean new file mode 100644 index 0000000..70f5857 --- /dev/null +++ b/clean @@ -0,0 +1 @@ +getdate.c diff --git a/conf.d/README b/conf.d/README new file mode 100644 index 0000000..de1fa8e --- /dev/null +++ b/conf.d/README @@ -0,0 +1,7 @@ +Files found under the /etc/chrony/conf.d directory with the .conf suffix are +parsed in the lexicographical order of the file names when chronyd starts up. +This enables a fragmented configuration of chronyd. + +Although those files can contain any directives listed in chrony.conf(5), +it would be wiser to add NTP sources in the /etc/chrony/sources.d +directory. Please read /etc/chrony/sources.d/README for more information. diff --git a/control b/control new file mode 100644 index 0000000..c9ddd59 --- /dev/null +++ b/control @@ -0,0 +1,54 @@ +Source: chrony +Section: net +Priority: optional +Maintainer: Vincent Blut +Standards-Version: 4.6.1 +Build-Depends: asciidoctor, + bison, + debhelper-compat (= 13), + dh-apparmor, + gnutls-bin , + iproute2 [linux-any] , + libcap-dev [linux-any], + libedit-dev, + libgnutls28-dev, + libseccomp-dev (>= 2.4.3-1~) [amd64 arm64 armel armhf hppa i386 mips mipsel mips64el powerpc powerpcspe ppc64 ppc64el riscv64 s390x x32], + nettle-dev, + pkg-config, + pps-tools [linux-any], + procps +Homepage: https://chrony.tuxfamily.org +Vcs-Git: https://salsa.debian.org/debian/chrony.git -b debian/latest +Vcs-Browser: https://salsa.debian.org/debian/chrony +Rules-Requires-Root: no + +Package: chrony +Architecture: linux-any +Pre-Depends: ${misc:Pre-Depends} +Depends: adduser, + iproute2 [linux-any], + tzdata, + ucf, + ${misc:Depends}, + ${shlibs:Depends} +Suggests: dnsutils, + networkd-dispatcher +Breaks: network-manager (<< 1.20.0-1~) +Conflicts: time-daemon +Provides: time-daemon +Replaces: time-daemon +Description: Versatile implementation of the Network Time Protocol + It consists of a pair of programs: + . + chronyd: This is a daemon which runs in background on the system. + It obtains measurements (e.g. via the network) of the system's offset + relative to other systems and adjusts the system time accordingly. For + isolated systems, the user can periodically enter the correct time by + hand (using 'chronyc'). In either case 'chronyd' determines the rate + at which the computer gains or loses time, and compensates for this. + Chronyd implements the NTP protocol and can act as either a client or + a server. + . + chronyc: This is a command-line driven control and monitoring program. + An administrator can use this to fine-tune various parameters within + the daemon, add or delete servers etc whilst the daemon is running. diff --git a/copyright b/copyright new file mode 100644 index 0000000..3e0fbd1 --- /dev/null +++ b/copyright @@ -0,0 +1,187 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: chrony +Upstream-Contact: Miroslav Lichvar +Source: https://download.tuxfamily.org/chrony/ + +Files: * +Copyright: 2009-2021, Miroslav Lichvar + 1997-2007, Richard P. Curnow +License: GPL-2 + +Files: main.c + sys_linux.c +Copyright: 2012-2020, Miroslav Lichvar + 2009, John G. Hasler + 1997-2003, Richard P. Curnow +License: GPL-2 + +Files: ntp_io.c +Copyright: 2009, 2013-2016, 2018-2021, Miroslav Lichvar + 2009, Timo Teras + 1997-2003, Richard P. Curnow +License: GPL-2 + +Files: sys_macosx.? +Copyright: 2015, 2017, 2020, Bryan Christianson + 2001, J. Hannken-Illjes + 1997-2001, Richard P. Curnow +License: GPL-2 + +Files: sys_netbsd.? +Copyright: 2001, J. Hannken-Illjes + 1997-2001, Richard P. Curnow +License: GPL-2 + +Files: debian/* +Copyright: 2015-2022, Vincent Blut + 2012-2014, Joachim Wiedorn + 2000-2012, John Hasler +License: GPL-2 + +Files: test/simulation/test.common +Copyright: 2013-2014, Miroslav Lichvar +License: GPL-2+ + +Files: privops.c +Copyright: 2015, Bryan Christianson + 2017, Miroslav Lichvar +License: GPL-2 + +Files: privops.h +Copyright: 2015, Bryan Christianson +License: GPL-2 + +Files: contrib/bryan_christianson_1/chronylogrotate.sh +Copyright: 2015, Bryan Christianson +License: GPL-2 + +Files: test/unit/* +Copyright: 2016-2022, Miroslav Lichvar +License: GPL-2 + +Files: hwclock.? +Copyright: 2016-2018, 2022, Miroslav Lichvar +License: GPL-2 + +Files: ntp_io_linux.? +Copyright: 2016-2019, 2021-2022 Miroslav Lichvar +License: GPL-2 + +Files: ntp_signd.? +Copyright: 2016, Miroslav Lichvar +License: GPL-2 + +Files: client.c +Copyright: 1997-2003, Richard P. Curnow + 2016, Lonnie Abelbeck + 2009-2022, Miroslav Lichvar +License: GPL-2 + +Files: configure +Copyright: 1997-2003, Richard P. Curnow + 2016, Bryan Christianson + 2009, 2012-2021, Miroslav Lichvar + 2019, Stefan R. Filipek +License: GPL-2 + +Files: doc/chrony.conf.adoc +Copyright: 1997-2003, Richard P. Curnow + 2016, Stephen Wadeley + 2009-2022, Miroslav Lichvar + 2017, Bryan Christianson +License: GPL-2 + +Files: doc/chronyc.adoc +Copyright: 1997-2003, Richard P. Curnow + 2016, Stephen Wadeley + 2009-2017, 2019-2022, Miroslav Lichvar +License: GPL-2 + +Files: refclock.c +Copyright: 2009-2011, 2013-2014, 2016-2019, 2022 Miroslav Lichvar +License: GPL-2 + +Files: refclock_phc.c +Copyright: 2013, 2017, Miroslav Lichvar +License: GPL-2 + +Files: regress.c +Copyright: 1997-2003, Richard P. Curnow + 2011, 2016-2017, Miroslav Lichvar +License: GPL-2 + +Files: sched.c +Copyright: 1997-2003, Richard P. Curnow + 2011, 2013-2016, Miroslav Lichvar +License: GPL-2 + +Files: sourcestats.c +Copyright: 1997-2003, Richard P. Curnow + 2011-2014, 2016-2018, 2021, Miroslav Lichvar +License: GPL-2 + +Files: stubs.c +Copyright: 2014-2016, Miroslav Lichvar +License: GPL-2 + +Files: hash_nettle.c +Copyright: 2018, Miroslav Lichvar +License: GPL-2 + +Files: test/system/* +Copyright: 2019, Miroslav Lichvar +License: GPL-2 + +Files: md5.* +Copyright: 1990, RSA Data Security, Inc. All rights reserved. +License: RSA-MD + License to copy and use this software is granted provided that + it is identified as the "RSA Data Security, Inc. MD5 Message- + Digest Algorithm" in all material mentioning or referencing this + software or this function. + . + License is also granted to make and use derivative works + provided that such works are identified as "derived from the RSA + Data Security, Inc. MD5 Message-Digest Algorithm" in all + material mentioning or referencing the derived work. + . + RSA Data Security, Inc. makes no representations concerning + either the merchantability of this software or the suitability + of this software for any particular purpose. It is provided "as + is" without express or implied warranty of any kind. + . + These notices must be retained in any copies of any part of this + documentation and/or software. + +License: GPL-2 + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License version 2 as + published by the Free Software Foundation. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. + +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General Public License + version 2 can be found in `/usr/share/common-licenses/GPL-2'. diff --git a/dirs b/dirs new file mode 100644 index 0000000..152a039 --- /dev/null +++ b/dirs @@ -0,0 +1,6 @@ +etc/chrony +etc/logrotate.d +etc/ppp/ip-down.d +etc/ppp/ip-up.d +usr/lib/NetworkManager/dispatcher.d +var/lib/chrony diff --git a/docs b/docs new file mode 100644 index 0000000..e12f653 --- /dev/null +++ b/docs @@ -0,0 +1,3 @@ +FAQ +NEWS +README diff --git a/init b/init new file mode 100644 index 0000000..ce121d7 --- /dev/null +++ b/init @@ -0,0 +1,69 @@ +#! /bin/sh +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for Debian by Christoph Lameter +# Modified for chrony by John Hasler 1998-2012 +# Modified for Debian by Vincent Blut + +### BEGIN INIT INFO +# Provides: chrony +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $syslog $network $named $time +# Should-Stop: $syslog $network $named $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Controls chronyd NTP time daemon +# Description: Chronyd is the NTP time daemon in the Chrony package +### END INIT INFO + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/chronyd +NAME="chronyd" +DESC="time daemon" +PIDFILE=/run/chrony/chronyd.pid + +[ -x "$DAEMON" ] || exit 0 + +. /lib/lsb/init-functions + +# Override this variable by editing /etc/default/chrony. +DAEMON_OPTS="" +if [ -f /etc/default/chrony ]; then + . /etc/default/chrony +fi + +case "$1" in + start) + if $0 status > /dev/null ; then + log_success_msg "$NAME is already running" + else + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS + log_end_msg $? + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON + log_end_msg $? + ;; + + restart|force-reload) + $0 stop + $0 start + ;; + + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + *) + log_action_msg "Usage: /etc/init.d/chrony {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/install b/install new file mode 100644 index 0000000..e7dc12a --- /dev/null +++ b/install @@ -0,0 +1,7 @@ +debian/chrony-dnssrv@.* lib/systemd/system +debian/chrony-helper usr/libexec/chrony +debian/chrony.conf usr/share/chrony +debian/conf.d etc/chrony +debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d +debian/sources.d etc/chrony +debian/usr.sbin.chronyd etc/apparmor.d diff --git a/links b/links new file mode 100644 index 0000000..31cfb4a --- /dev/null +++ b/links @@ -0,0 +1,5 @@ +# Update sources in response to systemd-networkd events (LP: #1718227). +# This is reusing the NetworkManager dispatch script which has no hard +# dependency to NetworkManager (not using any of its arguments) +usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline usr/lib/networkd-dispatcher/routable.d/chrony-onoffline +usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline usr/lib/networkd-dispatcher/off.d/chrony-onoffline diff --git a/ntp-units.d/50-chrony.list b/ntp-units.d/50-chrony.list new file mode 100644 index 0000000..6b9cca0 --- /dev/null +++ b/ntp-units.d/50-chrony.list @@ -0,0 +1 @@ +chrony.service diff --git a/patches/nm-dispatcher-dhcp_Move-server_dir-to-run.patch b/patches/nm-dispatcher-dhcp_Move-server_dir-to-run.patch new file mode 100644 index 0000000..2df6629 --- /dev/null +++ b/patches/nm-dispatcher-dhcp_Move-server_dir-to-run.patch @@ -0,0 +1,19 @@ +Description: Move server_dir path to /run +Author: Vincent Blut +Forwarded: no +Last-Update: 2020-09-16 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: chrony/examples/chrony.nm-dispatcher.dhcp +=================================================================== +--- chrony.orig/examples/chrony.nm-dispatcher.dhcp ++++ chrony/examples/chrony.nm-dispatcher.dhcp +@@ -10,7 +10,7 @@ action=$2 + + chronyc=/usr/bin/chronyc + server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..f5b7c27 --- /dev/null +++ b/patches/series @@ -0,0 +1 @@ +nm-dispatcher-dhcp_Move-server_dir-to-run.patch diff --git a/postinst b/postinst new file mode 100644 index 0000000..0d7fc06 --- /dev/null +++ b/postinst @@ -0,0 +1,73 @@ +#!/bin/sh +# postinst script for chrony +# +# see: dh_installdeb(1) + +set -e + + +# targets: configure|abort-upgrade|abort-remove|abort-deconfigure + +case "$1" in + configure) + + adduser --force-badname \ + --system \ + --group \ + --quiet \ + --gecos "Chrony daemon" \ + --home /var/lib/chrony \ + --no-create-home _chrony + + if command -v ucf >/dev/null + then + ucf --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf + ucf --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys + if [ -x "$(command -v ucfr)" ]; then + ucfr chrony /etc/chrony/chrony.conf + ucfr chrony /etc/chrony/chrony.keys + fi + fi + + # Change the user and group ownership of "/var/l{ib,og}/chrony" iif + # the chronyd's configuration does not contain the "user" directive. + # Also, update these directories' mode bits to 0750 to follow upstream. + if ! chronyd -p | grep -q "^user"; then + for d in /var/lib/chrony /var/log/chrony; do + if ! dpkg-statoverride --list "$d" >/dev/null; then + dpkg-statoverride --update --add _chrony _chrony 0750 "$d" + fi + done + fi + + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 4.0~pre4-1; then + # Migrate NTP sources obtained from DHCP to /run/chrony-dhcp + mkdir -p /run/chrony-dhcp + for file in $(find /var/lib/dhcp/ -type f -name "chrony.servers.*"); do + sed 's/.*/server &/' < "$file" > /run/chrony-dhcp/"${file##*servers.}.sources" + done + + # Remove the staled PID file resulting from migrating its path from + # /run to /run/chrony/. Overriding dh_installinit and + # dh_systemd_start to use the --no-restart-after-upgrade option + # was a possibility but chronyd would have been down even longer + # during the upgrade. + rm -f /run/chronyd.pid + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/postrm b/postrm new file mode 100644 index 0000000..b864a94 --- /dev/null +++ b/postrm @@ -0,0 +1,56 @@ +#!/bin/sh +# postrm script for chrony +# +# see: dh_installdeb(1) + +set -e + +# targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear + +case "$1" in + purge) + rm -f /var/lib/chrony/* + rm -f /etc/chrony/chrony.conf + rm -f /etc/chrony/chrony.keys + if command -v ucf >/dev/null + then + ucf --purge /etc/chrony/chrony.conf + ucf --purge /etc/chrony/chrony.keys + if [ -x "$(command -v ucfr)" ]; then + ucfr --purge chrony /etc/chrony/chrony.conf + ucfr --purge chrony /etc/chrony/chrony.keys + fi + fi + rm -rf /etc/chrony + rm -rf /run/chrony || true + rm -rf /run/chrony-dhcp || true + rm -rf /var/lib/chrony + rm -rf /var/log/chrony + # Remove "_chrony" system user/group + if [ -x "$(command -v deluser)" ] + then + deluser --quiet --system _chrony > /dev/null 2>&1 || true + fi + + for d in /var/lib/chrony /var/log/chrony; do + if dpkg-statoverride --list "$d" >/dev/null; then + dpkg-statoverride --remove "$d" + fi + done + ;; + + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/prerm b/prerm new file mode 100644 index 0000000..ec12057 --- /dev/null +++ b/prerm @@ -0,0 +1,28 @@ +#!/bin/sh +# prerm script for chrony +# +# see: dh_installdeb(1) + +set -e + +# targets: remove|upgrade|deconfigure|failed-upgrade + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/rules b/rules new file mode 100755 index 0000000..2da974d --- /dev/null +++ b/rules @@ -0,0 +1,45 @@ +#!/usr/bin/make -f + +-include /usr/share/dpkg/buildtools.mk +export CC + +include /usr/share/dpkg/architecture.mk + +export DEB_BUILD_MAINT_OPTIONS=hardening=+all + +BASE=debian/chrony + +%: + dh $@ + +override_dh_auto_configure: + dh_auto_configure -- --mandir=/usr/share/man \ + --sysconfdir=/etc/chrony \ + --with-user=_chrony \ + --enable-scfilter \ + --chronyrundir=/run/chrony \ + --with-ntp-era=$(shell date -d '1970-01-01 00:00:00+00:00' +'%s') \ + --enable-ntp-signd \ + --with-hwclockfile=/etc/adjtime \ + --with-pidfile=/run/chrony/chronyd.pid \ + --host-system=Linux + +override_dh_install: + dh_install + install -m 0640 -t $(BASE)/usr/share/chrony/ debian/chrony.keys + install -m 0755 -T examples/chrony.nm-dispatcher.dhcp ${BASE}/usr/lib/NetworkManager/dispatcher.d/20-chrony-dhcp + install -m 0755 -T examples/chrony.nm-dispatcher.onoffline $(BASE)/usr/lib/NetworkManager/dispatcher.d/20-chrony-onoffline + install -m 0644 -T examples/chrony.logrotate $(BASE)/etc/logrotate.d/chrony + dh_apparmor --profile-name=usr.sbin.chronyd -pchrony + install -D -p -m 0644 debian/chrony.dhcp $(BASE)/etc/dhcp/dhclient-exit-hooks.d/chrony + +override_dh_fixperms: + dh_fixperms -X usr/share/chrony/chrony.keys + +override_dh_installinit: + dh_installinit +# Disable the system call filter on architectures mentioned below +# due to missing support in libseccomp and/or in the Linux kernel. +ifneq (,$(filter $(DEB_HOST_ARCH), alpha ia64 m68k sh4 sparc64)) + sed -i '/DAEMON_OPTS=/s/"-F 1"/""/' $(BASE)/etc/default/chrony +endif diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/sources.d/README b/sources.d/README new file mode 100644 index 0000000..184eaec --- /dev/null +++ b/sources.d/README @@ -0,0 +1,12 @@ +Only NTP sources can be specified in the /etc/chrony/sources.d directory. +Files in this directory must end with the ".sources" suffix. They can only +contain the "peer", "pool" and "server" directives and must have all +lines terminated by a trailing newline. + +There is no need to restart chronyd for these time sources to be usable, +running 'chronyc reload sources' is sufficient. + +Example: + +# echo 'server 192.0.2.1 iburst' > /etc/chrony/sources.d/local-ntp-server.sources +# chronyc reload sources diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..5586711 --- /dev/null +++ b/tests/control @@ -0,0 +1,28 @@ +Tests: upstream-simulation-test-suite +Depends: @builddeps@, build-essential, ca-certificates, wget +Restrictions: isolation-container, build-needed, skippable, needs-root, needs-internet + +Tests: time-sources-from-dhcp-servers +Depends: @, isc-dhcp-server, isc-dhcp-client, iproute2, kmod +Restrictions: isolation-machine, needs-root + +Features: test-name=run_system_tests +Test-Command: debian/tests/upstream-system-tests +Depends: @builddeps@ +Restrictions: build-needed, isolation-container, needs-root + +Features: test-name=run_destructive_system_tests +Test-Command: debian/tests/upstream-system-tests -d 1[0-9][0-9]-* +Depends: @, @builddeps@, ethtool +Restrictions: build-needed, isolation-machine, needs-root + +Tests: fragmented-configuration +Restrictions: isolation-container, needs-root + +Tests: dynamically-add-source +Depends: @, dpkg-dev +Restrictions: isolation-container, needs-root, skippable + +Tests: ntp-server-and-nts-auth +Depends: @, dpkg-dev, gnutls-bin +Restrictions: isolation-container, needs-root, skippable diff --git a/tests/dynamically-add-source b/tests/dynamically-add-source new file mode 100644 index 0000000..1e4c160 --- /dev/null +++ b/tests/dynamically-add-source @@ -0,0 +1,27 @@ +#!/bin/sh +# Make sure that NTP sources from /etc/chrony/sources.d are usable. + +set -e + +. debian/tests/helper-functions + +server_addr="192.0.2.1" + +printf "Preparing chronyd configuration: " +__no_system_clock_control +__restart_chronyd && __test_ok || __test_skip + +printf "Adding a dummy server to the list of NTP sources: " +printf "server $server_addr\n" > /etc/chrony/sources.d/dummy-server.sources && __test_ok || __test_fail + +printf "Reloading NTP sources: " +__reload_sources + +printf "Checking for dummy server availability: " +__check_sources "$server_addr" + +printf "Checking for dummy server availability after restarting chronyd: " +__restart_chronyd +__check_sources "$server_addr" + +exit 0 diff --git a/tests/fragmented-configuration b/tests/fragmented-configuration new file mode 100644 index 0000000..2135df3 --- /dev/null +++ b/tests/fragmented-configuration @@ -0,0 +1,17 @@ +#!/bin/sh +# Make sure that fragmented configuration works as expected. + +set -e + +. debian/tests/helper-functions + +printf 'Setting "authselectmode prefer" as authentication policy: ' +echo "authselectmode prefer" > /etc/chrony/conf.d/authentication-policy.conf && __test_ok || __test_fail + +printf "Restart chronyd: " +systemctl --quiet restart chrony.service && __test_ok || __test_fail + +printf "Checking that chronyd uses the defined authentication policy: " +chronyd -p | grep -q "authselectmode prefer" && __test_ok || __test_fail + +exit 0 diff --git a/tests/helper-functions b/tests/helper-functions new file mode 100644 index 0000000..7df6ee9 --- /dev/null +++ b/tests/helper-functions @@ -0,0 +1,53 @@ +__no_system_clock_control() { + if ! dpkg-vendor --derives-from Ubuntu; then + sed -i '/^DAEMON_OPTS=/s/"\(.*\)"/"\1 -x"/' /etc/default/chrony + mkdir -p /etc/systemd/system/chrony.service.d + cat < /etc/systemd/system/chrony.service.d/override.conf +[Unit] +ConditionCapability= +EOF + systemctl daemon-reload + fi +} + +__test_fail() { + printf 'FAIL\n' >&2 + return 1 +} + +__test_ok() { + printf 'OK\n' + return 0 +} + +__test_skip() { + [ -n "$1" ] && printf 'SKIP: (%s)\n' "$1" || printf 'SKIP\n' + exit 77 +} + +__reload_sources() { + chronyc reload sources > /dev/null 2>&1 && __test_ok || __test_fail +} + +__restart_chronyd() { + systemctl --quiet restart chrony.service + rc=$? + sleep 3 + return $rc +} + +__check_sources() { + chronyc sources | grep -q "$1" && __test_ok || __test_fail +} + +__check_auth() { + chronyc -c authdata | grep -q "$1" && __test_ok || __test_fail +} + +# Ubuntu's default config is fully populated causing issues with the test +# If any of those tests run on Ubuntu, clear some and restart the daemon +# to pick this up before entering the tests. +if grep -q "^pool.*ubuntu.pool.ntp.org" /etc/chrony/chrony.conf; then + sudo sed -i -e '/^pool.*ubuntu.pool.ntp.org/d' /etc/chrony/chrony.conf + __restart_chronyd +fi diff --git a/tests/ntp-server-and-nts-auth b/tests/ntp-server-and-nts-auth new file mode 100644 index 0000000..b7d8877 --- /dev/null +++ b/tests/ntp-server-and-nts-auth @@ -0,0 +1,59 @@ +#!/bin/sh +# Check that chronyd is able to authenticate NTP packets when NTS is enabled +# on the server. + +set -e + +. debian/tests/helper-functions + +cert_dir="/var/lib/chrony" +cert_template="$cert_dir/cert.cfg" +cert_file="$cert_dir/server.crt" +priv_key="$cert_dir/server.key" +server_addr="127.0.1.1" +server_name="chrony-nts-test" + +create_cert_template() { + printf "Creating certificate template: " + cat < "$cert_template" +cn = "$server_name" +serial = 001 +activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC" +expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC" +signing_key +encryption_key +EOF +} + +generate_cert() { + printf "Generating self-signed certificate: " + certtool --generate-privkey --key-type=ed25519 --outfile "$priv_key" > /dev/null 2>&1 + certtool --generate-self-signed --load-privkey "$priv_key" --template "$cert_template" \ + --outfile "$cert_file" > /dev/null 2>&1 +} + +server_config() { + printf "Preparing chronyd configuration: " + cat < /etc/chrony/conf.d/local-server-config.conf +server $server_name nts minpoll -6 maxpoll -6 +ntsserverkey $priv_key +ntsservercert $cert_file +ntstrustedcerts $cert_file +EOF + + __no_system_clock_control + __restart_chronyd +} + +echo "$server_addr $server_name" >> /etc/hosts + +create_cert_template && __test_ok || __test_skip "unable to create certificate template" + +generate_cert && __test_ok || __test_skip "unable to generate self-signed certificate" + +server_config && __test_ok || __test_skip + +printf "Checking if server authenticates NTP packets: " +__check_auth "$server_addr,NTS" + +exit 0 diff --git a/tests/time-sources-from-dhcp-servers b/tests/time-sources-from-dhcp-servers new file mode 100644 index 0000000..f5e7899 --- /dev/null +++ b/tests/time-sources-from-dhcp-servers @@ -0,0 +1,44 @@ +#!/bin/sh +# Ensure that NTP servers obtained from DHCP are made available to chronyd and +# that they are removed when releasing the DHCP lease. + +set -e + +prepare_iface() { + modprobe dummy + ip link add name dummy0 type dummy + ip address add 192.168.1.1/24 dev dummy0 + ip link set dev dummy0 up +} + +dhcpd_config() { +cat < /etc/dhcp/dhcpd.conf +default-lease-time 600; +max-lease-time 7200; +authorative; + +subnet 192.168.1.0 netmask 255.255.255.0 { + option subnet-mask 255.255.255.0; + option broadcast-address 192.168.1.255; + option ntp-servers 192.168.1.50; + range 192.168.1.42 192.168.1.100; +} +EOF + +sed -i '/INTERFACESv4=/s/".*"/"dummy0"/' /etc/default/isc-dhcp-server +} + +chk_time_src() { + chronyc -n sources | grep -q -F '192.168.1.50' +} + +printf "Preparing the dummy network interface and dhcpd configuration…\n" +if prepare_iface && dhcpd_config; then + systemctl restart isc-dhcp-server && dhclient dummy0 && printf "Done!\n\n" +fi + +printf "Check if the NTP server is made available to chronyd…\n" +chk_time_src && printf "SUCCESS!\n\n" + +printf "Release the current lease and check if the NTP server has been correctly removed…\n" +dhclient -r dummy0 > /dev/null 2>&1 && ! chk_time_src && printf "SUCCESS!\n\n" diff --git a/tests/upstream-simulation-test-suite b/tests/upstream-simulation-test-suite new file mode 100644 index 0000000..1d25f85 --- /dev/null +++ b/tests/upstream-simulation-test-suite @@ -0,0 +1,41 @@ +#!/bin/sh +# Upstream makes use of “clknetsim” to test how well “chronyd” controls the +# system clocks in various conditions. Due to “clknetsim” not being available +# in Debian, let’s use autopkgtest facility to build it in a container and +# test “chronyd” from there. + +set -e + +testdir="$PWD/test/simulation" +clknetsim_ver=f00531b +clknetsim_src=https://github.com/mlichvar/clknetsim/archive/"$clknetsim_ver"/clknetsim-"$clknetsim_ver".tar.gz +clknetsim_archive=$(basename "$clknetsim_src") + +export CLKNETSIM_PATH="$AUTOPKGTEST_TMP" + +# Always use the same seed to get deterministic results +export CLKNETSIM_RANDOM_SEED=24505 + +DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) + +# The simulation tests are only supported on Linux. +dpkg-architecture -ilinux-any || exit 77 + +prepare_clknetsim() { + # This symbolic link is necessary to prevent clknetsim from FTBFS. + ln -s /usr/include/"$DEB_HOST_MULTIARCH"/sys/time.h /usr/include/sys/ + + wget -P "$CLKNETSIM_PATH" "$clknetsim_src" 2>&1 || exit 77 + tar -xvzf "$CLKNETSIM_PATH"/"$clknetsim_archive" \ + -C "$CLKNETSIM_PATH" --strip-components=1 2>&1 || exit 77 + + if [ ! -x "$CLKNETSIM_PATH/clknetsim" ] && [ ! -e "$CLKNETSIM_PATH/clknetsim.so" ]; then + make -C "$CLKNETSIM_PATH" 2>&1 + fi +} + +run_test() { + cd "$testdir" && ./run -i 20 -m 2 +} + +prepare_clknetsim && run_test diff --git a/tests/upstream-system-tests b/tests/upstream-system-tests new file mode 100755 index 0000000..bd28a0c --- /dev/null +++ b/tests/upstream-system-tests @@ -0,0 +1,24 @@ +#!/bin/sh +# Run the upstream system tests in a container. Destructive tests will be run in +# a VM as they may adjust/step the system clock, block the RTC, etc. +# In case of failure, test’s logs will be put into the directory specified by +# the $AUTOPKGTEST_ARTIFACTS environment variable. + +set -e + +testdir=$PWD/test/system +logdir="$testdir/tmp/*" + +# some tests need chrony installed, but make sure to avoid the test daemon is +# fighting with the systems chrony service over the clock +systemctl stop chrony.service 2>/dev/null || true + +run_test() { + cd "$testdir" && ./run "$@" +} + +artifacts() { + cp $logdir "$AUTOPKGTEST_ARTIFACTS" && exit 1 +} + +run_test "$@" || artifacts diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..937fa97 --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,8 @@ +Documentation: https://chrony.tuxfamily.org/documentation.html +Changelog: https://chrony.tuxfamily.org/news.html +FAQ: https://chrony.tuxfamily.org/faq.html +Contact: chrony-users@chrony.tuxfamily.org +Security-Contact: Miroslav Lichvar +Bug-Submit: chrony-users@chrony.tuxfamily.org +Repository: https://git.tuxfamily.org/chrony/chrony.git +Repository-Browse: https://git.tuxfamily.org/chrony/chrony.git/ diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..e12834f --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1 +Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T +c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl +QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv +tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR +F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B +FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+ +LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV +jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2 +7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/ +v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB +tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA +PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1 +6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s +nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP +nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r +nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ +cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/ +kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6 +LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W +vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS +y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G +4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7 +qbZUY/6bgrDoXp4otAP2uQINBGCc9dwBEADKy14JeburwGpEhfZ/sQj9ljojB886 +0TsR51s7F+j016SbdeC0mTmecI3ckd4CyVhi3ZHx6MR6UGKezy4DUtvUrgHOB0Pg +azuReIPRJsAydLnlGMVNRXMkkV310foC2m6UAnNrPW1ukWjMC7kDcWcJH1wpZD0J +rCJkxQNCp7VqR3PrhK9Sdoui0Euw/wSupu9pfcfM/ZPYKgGm18PsR7IrPn3zzBuS +Zhzqnh2LbKvtiVtVbwZwOEIdwyh/TkGg/YWWxIlAt5zJpS5Dxf69vbVkz2u5bgRw +Z1+eeiU11Zvrw1A8GdrKy32iskAsWzS8L0Nj5+Ujssgp7iFkdsWbP/ijwzIbSlAQ +FR3G6Fbuojwk1ONglTD2ib2A9olBJ3GTXlBiTkrhtuNC0izRhBRbA+2IF29Vx40A ++XItyouz/4R4twBudyLEE4mhOVYAXQ43t82An+VmmenNw0EAfZWm9kTM/uRXa+2e +mJhUVG5sUp7DHtJsMHKlXt6H1dHyrxOxKdE/GwYOd3QqslPISGw+cFHvfSZoTBZ8 +7OXpcJL/x29xIPdnYLtc1m+ZDM7rxhB7QiLpCMtQfqc0Dn0/ojgvpW5kR4T7JSfU +tNbxDSRPpxBLBsT8vaUR65lkiiOGYfsrI2/71v7zsAHdUbL8U34AXjjmsJpc/p9K +SU9NfGZ1IJnN+QARAQABiQI8BBgBCAAmFiEEjzdcfo0O4SWj071RU34rdvdoDawF +AmCc9dwCGwwFCRLMAwAACgkQU34rdvdoDaz7kQ/+N5DND+9YMXyUI+jwaT7YyFVX +5uEyD1iplfheP/XgsADwv6OOGMPp8Rq++0ZNg7Gkp9FedY9noEQlyrmQWcf7+iVz ++6qQ5N1HnJpeyH8U3fjfoJCN74lLK7eMpFIMlB/8Mv3nTBt4faoQUD9EcYg4HtfD ++mFKUEp6t7j+9snEzywSZaqf2Pfhl1Gqb3Mg6gRZ77Peong5km40n+ra4rNXLi7+ +n3pXeBzVGPy5iOTJWG8sG4FhqUjsilJU7chd9y6j51ne1Lkze0DbGMoxp5SW5JBo +vysLjWyKORrOGr2lEk3O0gS3QmJ3hCLe5re4YNErSh0AurP2pP8PMpdchcuYEbrD +uEAhU9mTEOo2VALmkBsdK4VkK/WpDTSRA7B0wUEfKcaRady3A13FF0knskkUhWS7 +foRMbw0MV7oXW2R2Bi9ROoOYLSUCp6GzbtozDs4gXA4r4QLKjcNj6KunyVS2r4wS +OQSNcQKpspiBMSRUpR3S7matPXFc2NxDo98dt2E8zyjTiP6ruI01E+AcovDstzzd +QQdJ+UqjkVidCnwMlRHsLIUgKie862ebCV1pynlUKgToORMJDgfK8/zN5qoK5wUY +qoS4oohubShEwNWCEBlyGz/Ldb6qEK6b2GiX5JN5EJZLcXxZA0bfHSiMaRZPLj4j +W23ALtrl30a0MaWqnDo= +=kLnA +-----END PGP PUBLIC KEY BLOCK----- diff --git a/usr.sbin.chronyd b/usr.sbin.chronyd new file mode 100644 index 0000000..330e8af --- /dev/null +++ b/usr.sbin.chronyd @@ -0,0 +1,85 @@ +# vim:syntax=apparmor +# Last Modified: Sun Sep 05 16:48:05 2021 + +abi , + +#include + +/usr/sbin/chronyd flags=(attach_disconnected) { + #include + #include + + # For /run/chrony to be created + capability chown, + + # Give “root” the ability to read and write the PID file + capability dac_override, + capability dac_read_search, + + # Needed to support HW timestamping + capability net_admin, + + # Needed to allow NTP server sockets to be bound to a privileged port + capability net_bind_service, + + # Needed to allow an NTP socket to be bound to a device using the + # SO_BINDTODEVICE socket option on kernels before 5.7 + capability net_raw, + + # Needed to drop privileges + capability setgid, + capability setuid, + + # Needed to set the SCHED_FIFO real-time scheduler at the specified priority + # using the '-P' option + capability sys_nice, + + # Needed to lock chronyd into RAM + capability sys_resource, + + # Needed to set the system/real-time clock + capability sys_time, + + /usr/sbin/chronyd mr, + + /etc/chrony/{,**} r, + /var/lib/chrony/{,*} rw, + /var/log/chrony/{,*} rw, + @{run}/chrony/{,*} rw, + @{run}/chrony-dhcp/{,*} r, + + # Using the “tempcomp” directive gives chronyd the ability to improve + # the stability and accuracy of the clock by compensating the temperature + # changes measured by a sensor close to the oscillator. + @{sys}/class/hwmon/hwmon[0-9]*/temp[0-9]*_input r, + @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input r, + + # Support all paths suggested in the man page (LP: #1771028). Assume these + # are common use cases; others should be set as local include (see below). + # Configs using a 'chrony.' prefix like the tempcomp config file example + /etc/chrony.* r, + # Example gpsd socket is outside @{run}/chrony/ + @{run}/chrony.tty{,*}.sock rw, + # To sign replies to MS-SNTP clients by the smbd daemon + /var/lib/samba/ntp_signd/socket rw, + + # rtc + /etc/adjtime r, + /dev/rtc{,[0-9]*} rw, + + # gps devices + /dev/pps[0-9]* rw, + /dev/ptp[0-9]* rw, + + # Allow reading the chronyd configuration file that timemaster(8) generates + @{run}/timemaster/chrony.conf r, + + # For use with clocks that report via shared memory (e.g. gpsd), + # you may need to give ntpd access to all of shared memory, though + # this can be considered dangerous. See https://launchpad.net/bugs/722815 + # for details. To enable, add this to local/usr.sbin.chronyd: + # capability ipc_owner, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/watch b/watch new file mode 100644 index 0000000..7fc35e4 --- /dev/null +++ b/watch @@ -0,0 +1,3 @@ +version=4 +opts="pgpsigurlmangle=s/\.tar\.gz$/-tar-gz-asc.txt/,uversionmangle=s/-pre/~pre/" \ +https://download.tuxfamily.org/@PACKAGE@/@PACKAGE@@ANY_VERSION@@ARCHIVE_EXT@ -- cgit v1.2.3 From 4e19ba1a17a711b4b38180b0f3b4920a34523b52 Mon Sep 17 00:00:00 2001 From: Vincent Blut Date: Wed, 31 Aug 2022 13:32:14 +0200 Subject: Import chrony_4.3.orig.tar.gz [dgit import orig chrony_4.3.orig.tar.gz] --- COPYING | 339 ++ FAQ | 1045 +++++ INSTALL | 165 + Makefile.in | 139 + NEWS | 977 ++++ README | 160 + addressing.h | 67 + addrfilt.c | 405 ++ addrfilt.h | 80 + array.c | 130 + array.h | 56 + candm.h | 824 ++++ client.c | 3451 ++++++++++++++ clientlog.c | 1088 +++++ clientlog.h | 63 + cmac.h | 48 + cmac_gnutls.c | 189 + cmac_nettle.c | 117 + cmdmon.c | 1814 ++++++++ cmdmon.h | 40 + cmdparse.c | 398 ++ cmdparse.h | 57 + conf.c | 2607 +++++++++++ conf.h | 170 + configure | 1134 +++++ contrib/andrew_bishop_1 | 114 + contrib/andrew_bishop_2 | 95 + contrib/bryan_christianson_1/README.txt | 103 + contrib/bryan_christianson_1/chronylogrotate.sh | 58 + .../org.tuxfamily.chronyc.plist | 22 + .../org.tuxfamily.chronyd.plist | 19 + contrib/erik_bryer_1 | 65 + contrib/ken_gillett_1 | 100 + contrib/stephan_boettcher_1 | 162 + contrib/wolfgang_weisselberg1 | 118 + doc/Makefile.in | 76 + doc/chrony.conf.adoc | 3071 ++++++++++++ doc/chrony.conf.man.in | 4894 ++++++++++++++++++++ doc/chronyc.adoc | 1508 ++++++ doc/chronyc.man.in | 2672 +++++++++++ doc/chronyd.adoc | 222 + doc/chronyd.man.in | 264 ++ doc/faq.adoc | 1049 +++++ doc/installation.adoc | 200 + examples/chrony-wait.service | 47 + examples/chrony.conf.example1 | 12 + examples/chrony.conf.example2 | 47 + examples/chrony.conf.example3 | 334 ++ examples/chrony.keys.example | 13 + examples/chrony.logrotate | 8 + examples/chrony.nm-dispatcher.dhcp | 49 + examples/chrony.nm-dispatcher.onoffline | 27 + examples/chronyd.service | 49 + getdate.c | 2606 +++++++++++ getdate.h | 28 + getdate.y | 1044 +++++ hash.h | 57 + hash_gnutls.c | 145 + hash_intmd5.c | 71 + hash_nettle.c | 124 + hash_nss.c | 114 + hash_tomcrypt.c | 126 + hwclock.c | 334 ++ hwclock.h | 54 + keys.c | 436 ++ keys.h | 47 + local.c | 781 ++++ local.h | 229 + localp.h | 74 + logging.c | 352 ++ logging.h | 129 + main.c | 694 +++ main.h | 35 + manual.c | 332 ++ manual.h | 46 + md5.c | 322 ++ md5.h | 56 + memory.c | 93 + memory.h | 45 + nameserv.c | 166 + nameserv.h | 52 + nameserv_async.c | 130 + nameserv_async.h | 40 + ntp.h | 182 + ntp_auth.c | 386 ++ ntp_auth.h | 84 + ntp_core.c | 2999 ++++++++++++ ntp_core.h | 144 + ntp_ext.c | 192 + ntp_ext.h | 43 + ntp_io.c | 610 +++ ntp_io.h | 70 + ntp_io_linux.c | 847 ++++ ntp_io_linux.h | 47 + ntp_signd.c | 341 ++ ntp_signd.h | 42 + ntp_sources.c | 1433 ++++++ ntp_sources.h | 152 + nts_ke.h | 81 + nts_ke_client.c | 442 ++ nts_ke_client.h | 56 + nts_ke_server.c | 967 ++++ nts_ke_server.h | 49 + nts_ke_session.c | 927 ++++ nts_ke_session.h | 93 + nts_ntp.h | 36 + nts_ntp_auth.c | 183 + nts_ntp_auth.h | 43 + nts_ntp_client.c | 709 +++ nts_ntp_client.h | 51 + nts_ntp_server.c | 283 ++ nts_ntp_server.h | 40 + pktlength.c | 220 + pktlength.h | 40 + privops.c | 696 +++ privops.h | 77 + ptp.h | 64 + quantiles.c | 209 + quantiles.h | 41 + refclock.c | 862 ++++ refclock.h | 86 + refclock_phc.c | 184 + refclock_pps.c | 159 + refclock_shm.c | 134 + refclock_sock.c | 136 + reference.c | 1437 ++++++ reference.h | 200 + regress.c | 704 +++ regress.h | 137 + reports.h | 206 + rtc.c | 242 + rtc.h | 45 + rtc_linux.c | 1072 +++++ rtc_linux.h | 45 + samplefilt.c | 497 ++ samplefilt.h | 51 + sched.c | 852 ++++ sched.h | 92 + siv.h | 70 + siv_gnutls.c | 271 ++ siv_nettle.c | 156 + siv_nettle_int.c | 452 ++ smooth.c | 368 ++ smooth.h | 48 + socket.c | 1636 +++++++ socket.h | 147 + sources.c | 1756 +++++++ sources.h | 140 + sourcestats.c | 1040 +++++ sourcestats.h | 141 + srcparams.h | 93 + stubs.c | 567 +++ sys.c | 150 + sys.h | 53 + sys_generic.c | 449 ++ sys_generic.h | 46 + sys_linux.c | 1007 ++++ sys_linux.h | 52 + sys_macosx.c | 516 +++ sys_macosx.h | 40 + sys_netbsd.c | 158 + sys_netbsd.h | 39 + sys_null.c | 140 + sys_null.h | 34 + sys_posix.c | 109 + sys_posix.h | 36 + sys_solaris.c | 95 + sys_solaris.h | 38 + sys_timex.c | 276 ++ sys_timex.h | 48 + sysincl.h | 69 + tempcomp.c | 176 + tempcomp.h | 29 + test/compilation/001-features | 36 + test/compilation/002-scanbuild | 16 + test/compilation/003-sanitizers | 103 + test/kernel/Makefile | 7 + test/kernel/adjtime.c | 185 + test/kernel/ntpadjtime.c | 75 + test/simulation/001-defaults | 13 + test/simulation/002-largenetwork | 22 + test/simulation/003-largefreqoffset | 19 + test/simulation/004-largetimeoffset | 18 + test/simulation/005-externalstep | 46 + test/simulation/006-largejitter | 21 + test/simulation/007-largewander | 20 + test/simulation/008-ntpera | 50 + test/simulation/009-sourceselection | 40 + test/simulation/010-multrecv | 17 + test/simulation/011-asymjitter | 18 + test/simulation/012-daemonts | 15 + test/simulation/013-nameserv | 15 + test/simulation/101-poll | 56 + test/simulation/102-iburst | 23 + test/simulation/103-initstepslew | 63 + test/simulation/104-driftfile | 23 + test/simulation/105-ntpauth | 96 + test/simulation/106-refclock | 143 + test/simulation/107-allowdeny | 48 + test/simulation/108-peer | 54 + test/simulation/109-makestep | 41 + test/simulation/110-chronyc | 496 ++ test/simulation/111-knownclient | 17 + test/simulation/112-port | 57 + test/simulation/113-leapsecond | 61 + test/simulation/114-presend | 25 + test/simulation/115-cmdmontime | 24 + test/simulation/116-minsources | 24 + test/simulation/117-fallbackdrift | 24 + test/simulation/118-maxdelay | 42 + test/simulation/119-smoothtime | 82 + test/simulation/120-selectoptions | 89 + test/simulation/121-orphan | 26 + test/simulation/122-xleave | 91 + test/simulation/123-mindelay | 27 + test/simulation/124-tai | 45 + test/simulation/125-packetloss | 29 + test/simulation/126-burst | 45 + test/simulation/127-filter | 43 + test/simulation/128-nocontrol | 27 + test/simulation/129-reload | 109 + test/simulation/130-quit | 31 + test/simulation/131-maxchange | 20 + test/simulation/132-logchange | 21 + test/simulation/133-hwtimestamp | 60 + test/simulation/134-log | 35 + test/simulation/135-ratelimit | 18 + test/simulation/136-broadcast | 16 + test/simulation/137-pool | 49 + test/simulation/138-syncloop | 34 + test/simulation/139-nts | 312 ++ test/simulation/140-noclientlog | 21 + test/simulation/141-copy | 19 + test/simulation/142-ptpport | 41 + test/simulation/143-manual | 70 + test/simulation/144-exp1 | 55 + test/simulation/201-freqaccumulation | 35 + test/simulation/202-prefer | 21 + test/simulation/README | 11 + test/simulation/run | 90 + test/simulation/test.common | 528 +++ test/system/001-minimal | 13 + test/system/002-extended | 13 + test/system/003-memlock | 15 + test/system/004-priority | 15 + test/system/006-privdrop | 17 + test/system/007-cmdmon | 181 + test/system/008-confload | 74 + test/system/009-binddevice | 24 + test/system/010-nts | 66 + test/system/099-scfilter | 24 + test/system/100-clockupdate | 30 + test/system/101-rtc | 19 + test/system/102-hwtimestamp | 28 + test/system/103-refclock | 19 + test/system/104-systemdirs | 19 + test/system/199-scfilter | 24 + test/system/run | 64 + test/system/test.common | 373 ++ test/unit/Makefile.in | 48 + test/unit/addrfilt.c | 83 + test/unit/clientlog.c | 292 ++ test/unit/cmac.c | 109 + test/unit/hash.c | 131 + test/unit/hwclock.c | 117 + test/unit/keys.c | 173 + test/unit/ntp_auth.c | 289 ++ test/unit/ntp_core.c | 623 +++ test/unit/ntp_core.keys | 8 + test/unit/ntp_ext.c | 167 + test/unit/ntp_sources.c | 364 ++ test/unit/nts_ke.crt | 8 + test/unit/nts_ke.key | 25 + test/unit/nts_ke_client.c | 144 + test/unit/nts_ke_server.c | 230 + test/unit/nts_ke_session.c | 224 + test/unit/nts_ntp_auth.c | 112 + test/unit/nts_ntp_client.c | 284 ++ test/unit/nts_ntp_server.c | 176 + test/unit/quantiles.c | 68 + test/unit/regress.c | 119 + test/unit/samplefilt.c | 120 + test/unit/siv.c | 321 ++ test/unit/smooth.c | 63 + test/unit/sources.c | 289 ++ test/unit/test.c | 181 + test/unit/test.h | 52 + test/unit/util.c | 744 +++ util.c | 1550 +++++++ util.h | 258 ++ version.txt | 1 + 291 files changed, 82732 insertions(+) create mode 100644 COPYING create mode 100644 FAQ create mode 100644 INSTALL create mode 100644 Makefile.in create mode 100644 NEWS create mode 100644 README create mode 100644 addressing.h create mode 100644 addrfilt.c create mode 100644 addrfilt.h create mode 100644 array.c create mode 100644 array.h create mode 100644 candm.h create mode 100644 client.c create mode 100644 clientlog.c create mode 100644 clientlog.h create mode 100644 cmac.h create mode 100644 cmac_gnutls.c create mode 100644 cmac_nettle.c create mode 100644 cmdmon.c create mode 100644 cmdmon.h create mode 100644 cmdparse.c create mode 100644 cmdparse.h create mode 100644 conf.c create mode 100644 conf.h create mode 100755 configure create mode 100644 contrib/andrew_bishop_1 create mode 100644 contrib/andrew_bishop_2 create mode 100644 contrib/bryan_christianson_1/README.txt create mode 100755 contrib/bryan_christianson_1/chronylogrotate.sh create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist create mode 100644 contrib/erik_bryer_1 create mode 100644 contrib/ken_gillett_1 create mode 100644 contrib/stephan_boettcher_1 create mode 100644 contrib/wolfgang_weisselberg1 create mode 100644 doc/Makefile.in create mode 100644 doc/chrony.conf.adoc create mode 100644 doc/chrony.conf.man.in create mode 100644 doc/chronyc.adoc create mode 100644 doc/chronyc.man.in create mode 100644 doc/chronyd.adoc create mode 100644 doc/chronyd.man.in create mode 100644 doc/faq.adoc create mode 100644 doc/installation.adoc create mode 100644 examples/chrony-wait.service create mode 100644 examples/chrony.conf.example1 create mode 100644 examples/chrony.conf.example2 create mode 100644 examples/chrony.conf.example3 create mode 100644 examples/chrony.keys.example create mode 100644 examples/chrony.logrotate create mode 100644 examples/chrony.nm-dispatcher.dhcp create mode 100644 examples/chrony.nm-dispatcher.onoffline create mode 100644 examples/chronyd.service create mode 100644 getdate.c create mode 100644 getdate.h create mode 100644 getdate.y create mode 100644 hash.h create mode 100644 hash_gnutls.c create mode 100644 hash_intmd5.c create mode 100644 hash_nettle.c create mode 100644 hash_nss.c create mode 100644 hash_tomcrypt.c create mode 100644 hwclock.c create mode 100644 hwclock.h create mode 100644 keys.c create mode 100644 keys.h create mode 100644 local.c create mode 100644 local.h create mode 100644 localp.h create mode 100644 logging.c create mode 100644 logging.h create mode 100644 main.c create mode 100644 main.h create mode 100644 manual.c create mode 100644 manual.h create mode 100644 md5.c create mode 100644 md5.h create mode 100644 memory.c create mode 100644 memory.h create mode 100644 nameserv.c create mode 100644 nameserv.h create mode 100644 nameserv_async.c create mode 100644 nameserv_async.h create mode 100644 ntp.h create mode 100644 ntp_auth.c create mode 100644 ntp_auth.h create mode 100644 ntp_core.c create mode 100644 ntp_core.h create mode 100644 ntp_ext.c create mode 100644 ntp_ext.h create mode 100644 ntp_io.c create mode 100644 ntp_io.h create mode 100644 ntp_io_linux.c create mode 100644 ntp_io_linux.h create mode 100644 ntp_signd.c create mode 100644 ntp_signd.h create mode 100644 ntp_sources.c create mode 100644 ntp_sources.h create mode 100644 nts_ke.h create mode 100644 nts_ke_client.c create mode 100644 nts_ke_client.h create mode 100644 nts_ke_server.c create mode 100644 nts_ke_server.h create mode 100644 nts_ke_session.c create mode 100644 nts_ke_session.h create mode 100644 nts_ntp.h create mode 100644 nts_ntp_auth.c create mode 100644 nts_ntp_auth.h create mode 100644 nts_ntp_client.c create mode 100644 nts_ntp_client.h create mode 100644 nts_ntp_server.c create mode 100644 nts_ntp_server.h create mode 100644 pktlength.c create mode 100644 pktlength.h create mode 100644 privops.c create mode 100644 privops.h create mode 100644 ptp.h create mode 100644 quantiles.c create mode 100644 quantiles.h create mode 100644 refclock.c create mode 100644 refclock.h create mode 100644 refclock_phc.c create mode 100644 refclock_pps.c create mode 100644 refclock_shm.c create mode 100644 refclock_sock.c create mode 100644 reference.c create mode 100644 reference.h create mode 100644 regress.c create mode 100644 regress.h create mode 100644 reports.h create mode 100644 rtc.c create mode 100644 rtc.h create mode 100644 rtc_linux.c create mode 100644 rtc_linux.h create mode 100644 samplefilt.c create mode 100644 samplefilt.h create mode 100644 sched.c create mode 100644 sched.h create mode 100644 siv.h create mode 100644 siv_gnutls.c create mode 100644 siv_nettle.c create mode 100644 siv_nettle_int.c create mode 100644 smooth.c create mode 100644 smooth.h create mode 100644 socket.c create mode 100644 socket.h create mode 100644 sources.c create mode 100644 sources.h create mode 100644 sourcestats.c create mode 100644 sourcestats.h create mode 100644 srcparams.h create mode 100644 stubs.c create mode 100644 sys.c create mode 100644 sys.h create mode 100644 sys_generic.c create mode 100644 sys_generic.h create mode 100644 sys_linux.c create mode 100644 sys_linux.h create mode 100644 sys_macosx.c create mode 100644 sys_macosx.h create mode 100644 sys_netbsd.c create mode 100644 sys_netbsd.h create mode 100644 sys_null.c create mode 100644 sys_null.h create mode 100644 sys_posix.c create mode 100644 sys_posix.h create mode 100644 sys_solaris.c create mode 100644 sys_solaris.h create mode 100644 sys_timex.c create mode 100644 sys_timex.h create mode 100644 sysincl.h create mode 100644 tempcomp.c create mode 100644 tempcomp.h create mode 100755 test/compilation/001-features create mode 100755 test/compilation/002-scanbuild create mode 100755 test/compilation/003-sanitizers create mode 100644 test/kernel/Makefile create mode 100644 test/kernel/adjtime.c create mode 100644 test/kernel/ntpadjtime.c create mode 100755 test/simulation/001-defaults create mode 100755 test/simulation/002-largenetwork create mode 100755 test/simulation/003-largefreqoffset create mode 100755 test/simulation/004-largetimeoffset create mode 100755 test/simulation/005-externalstep create mode 100755 test/simulation/006-largejitter create mode 100755 test/simulation/007-largewander create mode 100755 test/simulation/008-ntpera create mode 100755 test/simulation/009-sourceselection create mode 100755 test/simulation/010-multrecv create mode 100755 test/simulation/011-asymjitter create mode 100755 test/simulation/012-daemonts create mode 100755 test/simulation/013-nameserv create mode 100755 test/simulation/101-poll create mode 100755 test/simulation/102-iburst create mode 100755 test/simulation/103-initstepslew create mode 100755 test/simulation/104-driftfile create mode 100755 test/simulation/105-ntpauth create mode 100755 test/simulation/106-refclock create mode 100755 test/simulation/107-allowdeny create mode 100755 test/simulation/108-peer create mode 100755 test/simulation/109-makestep create mode 100755 test/simulation/110-chronyc create mode 100755 test/simulation/111-knownclient create mode 100755 test/simulation/112-port create mode 100755 test/simulation/113-leapsecond create mode 100755 test/simulation/114-presend create mode 100755 test/simulation/115-cmdmontime create mode 100755 test/simulation/116-minsources create mode 100755 test/simulation/117-fallbackdrift create mode 100755 test/simulation/118-maxdelay create mode 100755 test/simulation/119-smoothtime create mode 100755 test/simulation/120-selectoptions create mode 100755 test/simulation/121-orphan create mode 100755 test/simulation/122-xleave create mode 100755 test/simulation/123-mindelay create mode 100755 test/simulation/124-tai create mode 100755 test/simulation/125-packetloss create mode 100755 test/simulation/126-burst create mode 100755 test/simulation/127-filter create mode 100755 test/simulation/128-nocontrol create mode 100755 test/simulation/129-reload create mode 100755 test/simulation/130-quit create mode 100755 test/simulation/131-maxchange create mode 100755 test/simulation/132-logchange create mode 100755 test/simulation/133-hwtimestamp create mode 100755 test/simulation/134-log create mode 100755 test/simulation/135-ratelimit create mode 100755 test/simulation/136-broadcast create mode 100755 test/simulation/137-pool create mode 100755 test/simulation/138-syncloop create mode 100755 test/simulation/139-nts create mode 100755 test/simulation/140-noclientlog create mode 100755 test/simulation/141-copy create mode 100755 test/simulation/142-ptpport create mode 100755 test/simulation/143-manual create mode 100755 test/simulation/144-exp1 create mode 100755 test/simulation/201-freqaccumulation create mode 100755 test/simulation/202-prefer create mode 100644 test/simulation/README create mode 100755 test/simulation/run create mode 100644 test/simulation/test.common create mode 100755 test/system/001-minimal create mode 100755 test/system/002-extended create mode 100755 test/system/003-memlock create mode 100755 test/system/004-priority create mode 100755 test/system/006-privdrop create mode 100755 test/system/007-cmdmon create mode 100755 test/system/008-confload create mode 100755 test/system/009-binddevice create mode 100755 test/system/010-nts create mode 100755 test/system/099-scfilter create mode 100755 test/system/100-clockupdate create mode 100755 test/system/101-rtc create mode 100755 test/system/102-hwtimestamp create mode 100755 test/system/103-refclock create mode 100755 test/system/104-systemdirs create mode 100755 test/system/199-scfilter create mode 100755 test/system/run create mode 100644 test/system/test.common create mode 100644 test/unit/Makefile.in create mode 100644 test/unit/addrfilt.c create mode 100644 test/unit/clientlog.c create mode 100644 test/unit/cmac.c create mode 100644 test/unit/hash.c create mode 100644 test/unit/hwclock.c create mode 100644 test/unit/keys.c create mode 100644 test/unit/ntp_auth.c create mode 100644 test/unit/ntp_core.c create mode 100644 test/unit/ntp_core.keys create mode 100644 test/unit/ntp_ext.c create mode 100644 test/unit/ntp_sources.c create mode 100644 test/unit/nts_ke.crt create mode 100644 test/unit/nts_ke.key create mode 100644 test/unit/nts_ke_client.c create mode 100644 test/unit/nts_ke_server.c create mode 100644 test/unit/nts_ke_session.c create mode 100644 test/unit/nts_ntp_auth.c create mode 100644 test/unit/nts_ntp_client.c create mode 100644 test/unit/nts_ntp_server.c create mode 100644 test/unit/quantiles.c create mode 100644 test/unit/regress.c create mode 100644 test/unit/samplefilt.c create mode 100644 test/unit/siv.c create mode 100644 test/unit/smooth.c create mode 100644 test/unit/sources.c create mode 100644 test/unit/test.c create mode 100644 test/unit/test.h create mode 100644 test/unit/util.c create mode 100644 util.c create mode 100644 util.h create mode 100644 version.txt diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..d511905 --- /dev/null +++ b/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/FAQ b/FAQ new file mode 100644 index 0000000..2bbb24e --- /dev/null +++ b/FAQ @@ -0,0 +1,1045 @@ +Frequently Asked Questions + +Table of Contents + + o 1. chrony compared to other programs + ? 1.1. How does chrony compare to ntpd? + o 2. Configuration issues + ? 2.1. What is the minimum recommended configuration for an NTP client? + ? 2.2. How do I make an NTP server? + ? 2.3. Should all computers on a LAN be clients of an external server? + ? 2.4. Must I specify servers by IP address if DNS is not available on + chronyd start? + ? 2.5. How can I make chronyd more secure? + ? 2.6. How can I make the system clock more secure? + ? 2.7. How can I improve the accuracy of the system clock with NTP + sources? + ? 2.8. Does chronyd have an ntpdate mode? + ? 2.9. Can chronyd be configured to control the clock like ntpd? + ? 2.10. Can NTP server be separated from NTP client? + ? 2.11. Should be a leap smear enabled on NTP server? + ? 2.12. How should chronyd be configuration with gpsd? + ? 2.13. Does chrony support PTP? + ? 2.14. Why are client log records dropped before reaching + clientloglimit? + ? 2.15. What happened to the commandkey and generatecommandkey + directives? + o 3. Computer is not synchronising + ? 3.1. Behind a firewall? + ? 3.2. Are NTP servers specified with the offline option? + ? 3.3. Is name resolution working correctly? + ? 3.4. Is chronyd allowed to step the system clock? + ? 3.5. Using NTS? + ? 3.6. Using a Windows NTP server? + ? 3.7. An unreachable source is selected? + ? 3.8. Does selected source drop new measurements? + ? 3.9. Using a PPS reference clock? + o 4. Issues with chronyc + ? 4.1. I keep getting the error 506 Cannot talk to daemon + ? 4.2. I keep getting the error 501 Not authorised + ? 4.3. What is the reference ID reported by the tracking command? + ? 4.4. Is the chronyc / chronyd protocol documented anywhere? + o 5. Real-time clock issues + ? 5.1. What is the real-time clock (RTC)? + ? 5.2. Does hwclock have to be disabled? + ? 5.3. I just keep getting the 513 RTC driver not running message + ? 5.4. I get Could not open /dev/rtc, Device or resource busy in my + syslog file + ? 5.5. When I start chronyd, the log says Could not enable RTC interrupt + : Invalid argument (or it may say disable) + ? 5.6. What if my computer does not have an RTC or backup battery? + o 6. NTP-specific issues + ? 6.1. Can chronyd be driven from broadcast/multicast NTP servers? + ? 6.2. Can chronyd transmit broadcast NTP packets? + ? 6.3. Can chronyd keep the system clock a fixed offset away from real + time? + ? 6.4. What happens if the network connection is dropped without using + chronyc's offline command first? + ? 6.5. Why is an offset measured between two computers synchronised to + each another? + o 7. Operation + ? 7.1. What clocks does chronyd use? + o 8. Operating systems + ? 8.1. Does chrony support Windows? + ? 8.2. Are there any plans to support Windows? + +1. chrony compared to other programs + +1.1. How does chrony compare to ntpd? + +chrony and ntpd are two different implementations of the Network Time Protocol +(NTP). + +chrony is a newer implementation, which was designed to work well in a wider +range of conditions. It can usually synchronise the system clock faster and +with better time accuracy. It has many features, but it does not implement some +of the less useful NTP modes like broadcast client or multicast server/client. + +If your computer is connected to the Internet only for few minutes at a time, +the network connection is often congested, you turn your computer off or +suspend it frequently, the clock is not very stable (e.g. there are rapid +changes in the temperature or it is a virtual machine), or you want to use NTP +on an isolated network with no hardware reference clocks in sight, chrony will +probably work better for you. + +For a more detailed comparison of features and performance, see the comparison +page on the chrony website. + +2. Configuration issues + +2.1. What is the minimum recommended configuration for an NTP client? + +First, the client needs to know which NTP servers it should ask for the current +time. They are specified by the server or pool directive. The pool directive is +used with names that resolve to multiple addresses of different servers. For +reliable operation, the client should have at least three servers. + +The iburst option enables a burst of requests to speed up the initial +synchronisation. + +To stabilise the initial synchronisation on the next start, the estimated drift +of the system clock is saved to a file specified by the driftfile directive. + +If the system clock can be far from the true time after boot for any reason, +chronyd should be allowed to correct it quickly by stepping instead of slewing, +which would take a very long time. The makestep directive does that. + +In order to keep the real-time clock (RTC) close to the true time, so the +system time is reasonably close to the true time when it is initialised on the +next boot from the RTC, the rtcsync directive enables a mode in which the +system time is periodically copied to the RTC. It is supported on Linux and +macOS. + +If you wanted to use public NTP servers from the pool.ntp.org project, the +minimal chrony.conf file could be: + +pool pool.ntp.org iburst +driftfile /var/lib/chrony/drift +makestep 1 3 +rtcsync + +2.2. How do I make an NTP server? + +By default, chronyd does not operate as an NTP server. You need to add an allow +directive to the chrony.conf file in order for chronyd to open the server NTP +port and respond to client requests. + +allow 192.168.1.0/24 + +An allow directive with no specified subnet allows access from all IPv4 and +IPv6 addresses. + +2.3. Should all computers on a LAN be clients of an external server? + +It depends on the requirements. Usually, the best configuration is to make one +computer the server, with the others as clients of it. Add a local directive to +the server's chrony.conf file. This configuration will be better because + + o the load on the external connection is less + + o the load on the external NTP server(s) is less + + o if your external connection goes down, the computers on the LAN will + maintain a common time with each other. + +2.4. Must I specify servers by IP address if DNS is not available on chronyd +start? + +No, chronyd will keep trying to resolve the names specified by the server, +pool, and peer directives in an increasing interval until it succeeds. The +online command can be issued from chronyc to force chronyd to try to resolve +the names immediately. + +2.5. How can I make chronyd more secure? + +If you do not need to use chronyc, or you want to run chronyc only under the +root or chrony user (which can access chronyd through a Unix domain socket), +you can disable the IPv4 and IPv6 command sockets (by default listening on +localhost) by adding cmdport 0 to the configuration file. + +You can specify an unprivileged user with the -u option, or the user directive +in the chrony.conf file, to which chronyd will switch after start in order to +drop root privileges. The configure script has a --with-user option, which sets +the default user. On Linux, chronyd needs to be compiled with support for the +libcap library. On other systems, chronyd forks into two processes. The child +process retains root privileges, but can only perform a very limited range of +privileged system calls on behalf of the parent. + +Also, if chronyd is compiled with support for the Linux secure computing +(seccomp) facility, you can enable a system call filter with the -F option. It +will significantly reduce the kernel attack surface and possibly prevent kernel +exploits from the chronyd process if it is compromised. It is recommended to +enable the filter only when it is known to work on the version of the system +where chrony is installed as the filter needs to allow also system calls made +from libraries that chronyd is using (e.g. libc) and different versions or +implementations of the libraries might make different system calls. If the +filter is missing some system call, chronyd could be killed even in normal +operation. + +2.6. How can I make the system clock more secure? + +An NTP client synchronising the system clock to an NTP server is susceptible to +various attacks, which can break applications and network protocols relying on +accuracy of the clock (e.g. DNSSEC, Kerberos, TLS, WireGuard). + +Generally, a man-in-the-middle (MITM) attacker between the client and server +can + + o make fake responses, or modify real responses from the server, to create an + arbitrarily large time and frequency offset, make the server appear more + accurate, insert a leap second, etc. + + o delay the requests and/or responses to create a limited time offset and + temporarily also a limited frequency offset + + o drop the requests or responses to prevent updates of the clock with new + measurements + + o redirect the requests to a different server + +The attacks can be combined for a greater effect. The attacker can delay +packets to create a significant frequency offset first and then drop all +subsequent packets to let the clock quickly drift away from the true time. The +attacker might also be able to control the server's clock. + +Some attacks cannot be prevented. Monitoring is needed for detection, e.g. the +reachability register in the sources report shows missing packets. The extent +to which the attacker can control the client's clock depends on its +configuration. + +Enable authentication to prevent chronyd from accepting modified, fake, or +redirected packets. It can be enabled with a symmetric key specified by the key +option, or Network Time Security (NTS) by the nts option (supported since +chrony version 4.0). The server needs to support the selected authentication +mechanism. Symmetric keys have to be configured on both client and server, and +each client must have its own key (one per server). + +The maximum offset that the attacker can insert in an NTP measurement by +delaying packets can be limited by the maxdelay option. The default value is 3 +seconds. The measured delay is reported as the peer delay in the ntpdata report +and measurements log. Set the maxdelay option to a value larger than the +maximum value that is normally observed. Note that the delay can increase +significantly even when not under an attack, e.g. when the network is congested +or the routing has changed. + +The maximum accepted change in time offset between clock updates can be limited +by the maxchange directive. Larger changes in the offset will be ignored or +cause chronyd to exit. Note that the attacker can get around this limit by +splitting the offset into multiple smaller offsets and/or creating a large +frequency offset. When this directive is used, chronyd will have to be +restarted after a successful attack. It will not be able to recover on its own. +It must not be restarted automatically (e.g. by the service manager). + +The impact of a large accepted time offset can be reduced by disabling clock +steps, i.e. by not using the makestep and initstepslew directives. The offset +will be slowly corrected by speeding up or slowing down the clock at a rate +which can be limited by the maxslewrate directive. Disabling clock steps +completely is practical only if the clock cannot gain a larger error on its +own, e.g. when the computer is shut down or suspended, and the maxslewrate +limit is large enough to correct an expected error in an acceptable time. The +rtcfile directive with the -s option can be used to compensate for the RTC +drift. + +A more practical approach is to enable makestep for a limited number of clock +updates (the 2nd argument of the directive) and limit the offset change in all +updates by the maxchange directive. The attacker will be able to make only a +limited step and only if the attack starts in a short window after booting the +computer, or when chronyd is restarted without the -R option. + +The frequency offset can be limited by the maxdrift directive. The measured +frequency offset is reported in the drift file, tracking report, and tracking +log. Set maxdrift to a value larger than the maximum absolute value that is +normally observed. Note that the frequency of the clock can change due to aging +of the crystal, differences in calibration of the clock source between reboots, +migrated virtual machine, etc. A typical computer clock has a drift smaller +than 100 parts per million (ppm), but much larger drifts are possible (e.g. in +some virtual machines). + +Use only trusted servers, which you expect to be well configured and managed, +using authentication for their own servers, etc. Use multiple servers, ideally +in different locations. The attacker will have to deal with a majority of the +servers in order to pass the source selection and update the clock with a large +offset. Use the minsources directive to increase the required number of +selectable sources to make the selection more robust. + +Do not specify servers as peers. The symmetric mode is less secure than the +client/server mode. If not authenticated, it is vulnerable to off-path +denial-of-service attacks, and even when it is authenticated, it is still +susceptible to replay attacks. + +Mixing of authenticated and unauthenticated servers should generally be +avoided. If mixing is necessary (e.g. for a more accurate and stable +synchronisation to a closer server which does not support authentication), the +authenticated servers should be configured as trusted and required to not allow +the unauthenticated servers to override the authenticated servers in the source +selection. Since chrony version 4.0, the selection options are enabled in such +a case automatically. This behaviour can be disabled or modified by the +authselmode directive. + +An example of a client configuration limiting the impact of the attacks could +be + +server foo.example.net iburst nts maxdelay 0.1 +server bar.example.net iburst nts maxdelay 0.2 +server baz.example.net iburst nts maxdelay 0.05 +server qux.example.net iburst nts maxdelay 0.1 +server quux.example.net iburst nts maxdelay 0.1 +minsources 3 +maxchange 100 0 0 +makestep 0.001 1 +maxdrift 100 +maxslewrate 100 +driftfile /var/lib/chrony/drift +ntsdumpdir /var/lib/chrony +rtcsync + +2.7. How can I improve the accuracy of the system clock with NTP sources? + +Select NTP servers that are well synchronised, stable and close to your +network. It is better to use more than one server. Three or four is usually +recommended as the minimum, so chronyd can detect servers that serve false time +and combine measurements from multiple sources. + +If you have a network card with hardware timestamping supported on Linux, it +can be enabled by the hwtimestamp directive. It should make local receive and +transmit timestamps of NTP packets much more stable and accurate. + +The server directive has some useful options: minpoll, maxpoll, polltarget, +maxdelay, maxdelayratio, maxdelaydevratio, xleave, filter. + +The first three options set the minimum and maximum allowed polling interval, +and how should be the actual interval adjusted in the specified range. Their +default values are 6 (64 seconds) for minpoll, 10 (1024 seconds) for maxpoll +and 8 (samples) for polltarget. The default values should be used for general +servers on the Internet. With your own NTP servers, or if you have permission +to poll some servers more frequently, setting these options for shorter polling +intervals might significantly improve the accuracy of the system clock. + +The optimal polling interval depends mainly on two factors, stability of the +network latency and stability of the system clock (which mainly depends on the +temperature sensitivity of the crystal oscillator and the maximum rate of the +temperature change). + +Generally, if the sourcestats command usually reports a small number of samples +retained for a source (e.g. fewer than 16), a shorter polling interval should +be considered. If the number of samples is usually at the maximum of 64, a +longer polling interval might work better. + +An example of the directive for an NTP server on the Internet that you are +allowed to poll frequently could be + +server foo.example.net minpoll 4 maxpoll 6 polltarget 16 + +An example using shorter polling intervals with a server located in the same +LAN could be + +server ntp.local minpoll 2 maxpoll 4 polltarget 30 + +The maxdelay options are useful to ignore measurements with an unusually large +delay (e.g. due to congestion in the network) and improve the stability of the +synchronisation. The maxdelaydevratio option could be added to the example with +local NTP server + +server ntp.local minpoll 2 maxpoll 4 polltarget 30 maxdelaydevratio 2 + +If your server supports the interleaved mode (e.g. it is running chronyd), the +xleave option should be added to the server directive to enable the server to +provide the client with more accurate transmit timestamps (kernel or preferably +hardware). For example: + +server ntp.local minpoll 2 maxpoll 4 xleave + +When combined with local hardware timestamping, good network switches, and even +shorter polling intervals, a sub-microsecond accuracy and stability of a few +tens of nanoseconds might be possible. For example: + +server ntp.local minpoll 0 maxpoll 0 xleave +hwtimestamp eth0 + +For best stability, the CPU should be running at a constant frequency (i.e. +disabled power saving and performance boosting). Energy-Efficient Ethernet +(EEE) should be disabled in the network. The switches should be configured to +prioritize NTP packets, especially if the network is expected to be heavily +loaded. The dscp directive can be used to set the Differentiated Services Code +Point in transmitted NTP packets if needed. + +If it is acceptable for NTP clients in the network to send requests at a high +rate, a sub-second polling interval can be specified. A median filter can be +enabled in order to update the clock at a reduced rate with more stable +measurements. For example: + +server ntp.local minpoll -6 maxpoll -6 filter 15 xleave +hwtimestamp eth0 minpoll -6 + +Since chrony version 4.3, the minimum minpoll is -7 and a filter using a +long-term estimate of a delay quantile can be enabled by the maxdelayquant +option to replace the default maxdelaydevratio filter, which is sensitive to +outliers corrupting the minimum delay. For example: + +server ntp.local minpoll -7 maxpoll -7 filter 31 maxdelayquant 0.3 xleave + +As an experimental feature added in version 4.2, chronyd supports an NTPv4 +extension field containing an additional timestamp to enable frequency transfer +and significantly improve stability of synchronisation. It can be enabled by +the extfield F323 option. For example: + +server ntp.local minpoll 0 maxpoll 0 xleave extfield F323 + +2.8. Does chronyd have an ntpdate mode? + +Yes. With the -q option chronyd will set the system clock once and exit. With +the -Q option it will print the measured offset without setting the clock. If +you do not want to use a configuration file, NTP servers can be specified on +the command line. For example: + +# chronyd -q 'pool pool.ntp.org iburst' + +The command above would normally take about 5 seconds if the servers were well +synchronised and responding to all requests. If not synchronised or responding, +it would take about 10 seconds for chronyd to give up and exit with a non-zero +status. A faster configuration is possible. A single server can be used instead +of four servers, the number of measurements can be reduced with the maxsamples +option to one (supported since chrony version 4.0), and a timeout can be +specified with the -t option. The following command would take only up to about +one second. + +# chronyd -q -t 1 'server pool.ntp.org iburst maxsamples 1' + +It is not recommended to run chronyd with the -q option periodically (e.g. from +a cron job) as a replacement for the daemon mode, because it performs +significantly worse (e.g. the clock is stepped and its frequency is not +corrected). If you must run it this way and you are using a public NTP server, +make sure chronyd does not always start around the first second of a minute, +e.g. by adding a random sleep before the chronyd command. Public servers +typically receive large bursts of requests around the first second as there is +a large number of NTP clients started from cron with no delay. + +2.9. Can chronyd be configured to control the clock like ntpd? + +It is not possible to perfectly emulate ntpd, but there are some options that +can configure chronyd to behave more like ntpd if there is a reason to prefer +that. + +In the following example the minsamples directive slows down the response to +changes in the frequency and offset of the clock. The maxslewrate and +corrtimeratio directives reduce the maximum frequency error due to an offset +correction and the maxdrift directive reduces the maximum assumed frequency +error of the clock. The makestep directive enables a step threshold and the +maxchange directive enables a panic threshold. The maxclockerror directive +increases the minimum dispersion rate. + +minsamples 32 +maxslewrate 500 +corrtimeratio 100 +maxdrift 500 +makestep 0.128 -1 +maxchange 1000 1 1 +maxclockerror 15 + +Note that increasing minsamples might cause the offsets in the tracking and +sourcestats reports/logs to be significantly smaller than the actual offsets +and be unsuitable for monitoring. + +2.10. Can NTP server be separated from NTP client? + +Yes, it is possible to run multiple instances of chronyd on a computer at the +same time. One can operate primarily as an NTP client to synchronise the system +clock and another as a server for other computers. If they use the same +filesystem, they need to be configured with different pidfiles, Unix domain +command sockets, and any other file or directory specified in the configuration +file. If they run in the same network namespace, they need to use different NTP +and command ports, or bind the ports to different addresses or interfaces. + +The server instance should be started with the -x option to prevent it from +adjusting the system clock and interfering with the client instance. It can be +configured as a client to synchronise its NTP clock to other servers, or the +client instance running on the same computer. In the latter case, the copy +option (added in chrony version 4.1) can be used to assume the reference ID and +stratum of the client instance, which enables detection of synchronisation +loops with its own clients. + +On Linux, starting with chrony version 4.0, it is possible to run multiple +server instances sharing a port to better utilise multiple cores of the CPU. +Note that for rate limiting and client/server interleaved mode to work well it +is necessary that all packets received from the same address are handled by the +same server instance. + +An example configuration of the client instance could be + +pool pool.ntp.org iburst +allow 127.0.0.1 +port 11123 +driftfile /var/lib/chrony/drift +makestep 1 3 +rtcsync + +and configuration of the first server instance could be + +server 127.0.0.1 port 11123 minpoll 0 maxpoll 0 copy +allow +cmdport 11323 +bindcmdaddress /var/run/chrony/chronyd-server1.sock +pidfile /var/run/chronyd-server1.pid +driftfile /var/lib/chrony/drift-server1 + +2.11. Should be a leap smear enabled on NTP server? + +With the smoothtime and leapsecmode directives it is possible to enable a +server leap smear in order to hide leap seconds from clients and force them to +follow a slow server's adjustment instead. + +This feature should be used only in local networks and only when necessary, +e.g. when the clients cannot be configured to handle the leap seconds as +needed, or their number is so large that configuring them all would be +impractical. The clients should use only one leap-smearing server, or multiple +identically configured leap-smearing servers. Note that some clients can get +leap seconds from other sources (e.g. with the leapsectz directive in chrony) +and they will not work correctly with a leap smearing server. + +2.12. How should chronyd be configuration with gpsd? + +A GPS or other GNSS receiver can be used as a reference clock with gpsd. It can +work as one or two separate time sources for each connected receiver. The first +time source is based on timestamping of messages sent by the receiver. +Typically, it is accurate to milliseconds. The other source is much more +accurate. It is timestamping a pulse-per-second (PPS) signal, usually connected +to a serial port (e.g. DCD pin) or GPIO pin. + +If the PPS signal is connected to the serial port which is receiving messages +from the GPS/GNSS receiver, gpsd should detect and use it automatically. If it +is connected to a GPIO pin, or another serial port, the PPS device needs to be +specified on the command line as an additional data source. On Linux, the +ldattach utility can be used to create a PPS device for a serial device. + +The message-based time source provided by gpsd is specified as a SHM 0 +refclock, or other even number if gpsd is configured with multiple receivers. + +The PPS-based time source is specified as a SHM 1 refclock (or other odd +number), or SOCK /var/run/chrony.DEV.sock where DEV is the name of the serial +device (e.g. ttyS0). + +With chronyd and gpsd both supporting PPS, and gpsd providing two different +refclocks for PPS, there are three different recommended configurations: + +# First option +refclock SOCK /var/run/chrony.ttyS0.sock refid GPS + +# Second option +refclock SHM 1 refid GPS + +# Third option +refclock PPS /dev/pps0 lock NMEA refid GPS +refclock SHM 0 offset 0.5 delay 0.1 refid NMEA noselect + +Each option has some advantages: + + o SOCK does not use polling (i.e. it can get samples earlier than SHM), but + it requires gpsd to be started after chronyd in order to connect to its + socket + + o SOCK and SHM 1 can be more accurate than PPS if gpsd corrects for the + sawtooth error provided by the receiver in serial data + + o PPS can be used with higher PPS rates (specified by the rate option), but + it requires a second refclock or another time source to pair pulses with + seconds, and the SHM 0 offset needs to be specified correctly to compensate + for the message delay, while gpsd can apply HW-specific information + +If the PPS signal is not available, or cannot be used for some reason, the only +option is the message-based timing + +refclock SHM 0 offset 0.5 delay 0.1 refid GPS + +2.13. Does chrony support PTP? + +No, the Precision Time Protocol (PTP) is not supported as a protocol for +synchronisation of clocks and there are no plans to support it. It is a complex +protocol, which shares some issues with the NTP broadcast mode. One of the main +differences between NTP and PTP is that PTP was designed to be easily supported +in hardware (e.g. network switches and routers) in order to make more stable +and accurate measurements. PTP relies on the hardware support. NTP does not +rely on any support in the hardware, but if it had the same support as PTP, it +could perform equally well. + +On Linux, chrony supports hardware clocks that some NICs have for PTP. They are +called PTP hardware clocks (PHC). They can be used as reference clocks +(specified by the refclock directive) and for hardware timestamping of NTP +packets (enabled by the hwtimestamp directive) if the NIC can timestamp other +packets than PTP, which is usually the case at least for transmitted packets. +The ethtool -T command can be used to verify the timestamping support. + +As an experimental feature added in version 4.2, chrony can use PTP as a +transport for NTP messages (NTP over PTP) to enable hardware timestamping on +hardware which can timestamp PTP packets only. It can be enabled by the ptpport +directive. + +2.14. Why are client log records dropped before reaching clientloglimit? + +The number of dropped client log records reported by the serverstats command +can be increasing before the number of clients reported by the clients command +reaches the maximum value corresponding to the memory limit set by the +clientloglimit directive. + +This is due to the design of the data structure keeping the client records. It +is a hash table which can store only up to 16 colliding addresses per slot. If +a slot has more collisions and the table already has the maximum size, the +oldest record will be dropped and replaced by the new client. + +Note that the size of the table is always a power of two and it can only grow. +The limit set by the clientloglimit directive takes into account that two +copies of the table exist when it is being resized. This means the actual +memory usage reported by top and other utilities can be significantly smaller +than the limit even when the maximum number of records is used. + +The absolute maximum number of client records kept at the same time is +16777216. + +2.15. What happened to the commandkey and generatecommandkey directives? + +They were removed in version 2.2. Authentication is no longer supported in the +command protocol. Commands that required authentication are now allowed only +through a Unix domain socket, which is accessible only by the root and chrony +users. If you need to configure chronyd remotely or locally without the root +password, please consider using ssh and/or sudo to run chronyc under the root +or chrony user on the host where chronyd is running. + +3. Computer is not synchronising + +This is the most common problem. There are a number of reasons, see the +following questions. + +3.1. Behind a firewall? + +Check the Reach value printed by the chronyc's sources command. If it is zero, +it means chronyd did not get any valid responses from the NTP server you are +trying to use. If there is a firewall between you and the server, the packets +might be blocked. Try using a tool like wireshark or tcpdump to see if you are +getting any responses from the server. + +When chronyd is receiving responses from the servers, the output of the sources +command issued few minutes after chronyd start might look like this: + +MS Name/IP address Stratum Poll Reach LastRx Last sample +=============================================================================== +^* foo.example.net 2 6 377 34 +484us[ -157us] +/- 30ms +^- bar.example.net 2 6 377 34 +33ms[ +32ms] +/- 47ms +^+ baz.example.net 3 6 377 35 -1397us[-2033us] +/- 60ms + +3.2. Are NTP servers specified with the offline option? + +Check that the chronyc's online and offline commands are used appropriately +(e.g. in the system networking scripts). The activity command prints the number +of sources that are currently online and offline. For example: + +200 OK +3 sources online +0 sources offline +0 sources doing burst (return to online) +0 sources doing burst (return to offline) +0 sources with unknown address + +3.3. Is name resolution working correctly? + +NTP servers specified by their hostname (instead of an IP address) have to have +their names resolved before chronyd can send any requests to them. If the +activity command prints a non-zero number of sources with unknown address, +there is an issue with the resolution. Typically, a DNS server is specified in +/etc/resolv.conf. Make sure it is working correctly. + +Since chrony version 4.0, you can run chronyc -N sources -a command to print +all sources, even those that do not have a known address yet, with their names +as they were specified in the configuration. This can be useful to verify that +the names specified in the configuration are used as expected. + +3.4. Is chronyd allowed to step the system clock? + +By default, chronyd adjusts the clock gradually by slowing it down or speeding +it up. If the clock is too far from the true time, it will take a long time to +correct the error. The System time value printed by the chronyc's tracking +command is the remaining correction that needs to be applied to the system +clock. + +The makestep directive can be used to allow chronyd to step the clock. For +example, if chrony.conf had + +makestep 1 3 + +the clock would be stepped in the first three updates if its offset was larger +than one second. Normally, it is recommended to allow the step only in the +first few updates, but in some cases (e.g. a computer without an RTC or virtual +machine which can be suspended and resumed with an incorrect time) it might be +necessary to allow the step on any clock update. The example above would change +to + +makestep 1 -1 + +3.5. Using NTS? + +The Network Time Security (NTS) mechanism uses Transport Layer Security (TLS) +to establish the keys needed for authentication of NTP packets. + +Run the authdata command to check whether the key establishment was successful: + +# chronyc -N authdata +Name/IP address Mode KeyID Type KLen Last Atmp NAK Cook CLen +========================================================================= +foo.example.net NTS 1 15 256 33m 0 0 8 100 +bar.example.net NTS 1 15 256 33m 0 0 8 100 +baz.example.net NTS 1 15 256 33m 0 0 8 100 + +The KeyID, Type, and KLen columns should have non-zero values. If they are +zero, check the system log for error messages from chronyd. One possible cause +of failure is a firewall blocking the client's connection to the server's TCP +port 4460. + +Another possible cause of failure is a certificate that is failing to verify +because the client's clock is wrong. This is a chicken-and-egg problem with +NTS. You might need to manually correct the date, or temporarily disable NTS, +in order to get NTS working. If your computer has an RTC and it is backed up by +a good battery, this operation should be needed only once, assuming the RTC +will be set periodically with the rtcsync directive, or compensated with the +rtcfile directive and the -s option. + +If the computer does not have an RTC or battery, you can use the -s option +without rtcfile directive to restore time of the last shutdown or reboot from +the drift file. The clock will start behind the true time, but if the computer +was not shut down for too long and the server's certificate was not renewed too +close to its expiration, it should be sufficient for the time checks to +succeed. + +If you run your own server, you can use a self-signed certificate covering all +dates where the client can start (e.g. years 1970-2100). The certificate needs +to be installed on the client and specified with the ntstrustedcerts directive. +The server can have multiple names and certificates. To avoid trusting a +certificate for too long, a new certificate can be added to the server +periodically (e.g. once per year) and the client can have the server name and +trusted certificate updated automatically (e.g. using a package repository, or +a cron script downloading the files directly from the server over HTTPS). A +client that was shut down for years will still be able to synchronise its clock +and perform the update as long as the server keeps the old certificate. + +As a last resort, you can disable the time checks by the nocerttimecheck +directive. This has some important security implications. To reduce the +security risk, you can use the nosystemcert and ntstrustedcerts directives to +disable the system's default trusted certificate authorities and trust only a +minimal set of selected authorities needed to validate the certificates of used +NTP servers. + +3.6. Using a Windows NTP server? + +A common issue with Windows NTP servers is that they report a very large root +dispersion (e.g. three seconds or more), which causes chronyd to ignore the +server for being too inaccurate. The sources command might show a valid +measurement, but the server is not selected for synchronisation. You can check +the root dispersion of the server with the chronyc's ntpdata command. + +The maxdistance value needs to be increased in chrony.conf to enable +synchronisation to such a server. For example: + +maxdistance 16.0 + +3.7. An unreachable source is selected? + +When chronyd is configured with multiple time sources, it tries to select the +most accurate and stable sources for synchronisation of the system clock. They +are marked with the * or + symbol in the report printed by the sources command. + +When the best source (marked with the * symbol) becomes unreachable (e.g. NTP +server stops responding), chronyd will not immediately switch to the second +best source in an attempt to minimise the error of the clock. It will let the +clock run free for as long as its estimated error (in terms of root distance) +based on previous measurements is smaller than the estimated error of the +second source, and there is still an interval which contains some measurements +from both sources. + +If the first source was significantly better than the second source, it can +take many hours before the second source is selected, depending on its polling +interval. You can force a faster reselection by increasing the clock error rate +(maxclockerror directive), shortening the polling interval (maxpoll option), or +reducing the number of samples (maxsamples option). + +3.8. Does selected source drop new measurements? + +chronyd can drop a large number of successive NTP measurements if they are not +passing some of the NTP tests. The sources command can report for a selected +source the fully-reachable value of 377 in the Reach column and at the same +time a LastRx value that is much larger than the current polling interval. If +the source is online, this indicates that a number of measurements was dropped. +You can use the ntpdata command to check the NTP tests for the last +measurement. Usually, it is the test C which fails. + +This can be an issue when there is a long-lasting increase in the measured +delay, e.g. due to a routing change in the network. Unfortunately, chronyd does +not know for how long it should wait for the delay to come back to the original +values, or whether it is a permanent increase and it should start from scratch. + +The test C is an adaptive filter. It can take many hours before it accepts a +measurement with the larger delay, and even much longer before it drops all +measurements with smaller delay, which determine an expected delay used by the +test. You can use the reset sources command to drop all measurements +immediately (available in chrony 4.0 and later). If this issue happens +frequently, you can effectively disable the test by setting the +maxdelaydevratio option to a very large value (e.g. 1000000), or speed up the +recovery by increasing the clock error rate with the maxclockerror directive. + +3.9. Using a PPS reference clock? + +A pulse-per-second (PPS) reference clock requires a non-PPS time source to +determine which second of UTC corresponds to each pulse. If it is another +reference clock specified with the lock option in the refclock directive, the +offset between the two reference clocks must be smaller than 0.4 seconds (0.2 +seconds with chrony versions before 4.1) in order for the PPS reference clock +to work. With NMEA reference clocks it is common to have a larger offset. It +needs to be corrected with the offset option. + +One approach to find out a good value of the offset option is to configure the +reference clocks with the noselect option and compare them to an NTP server. +For example, if the sourcestats command showed + +Name/IP Address NP NR Span Frequency Freq Skew Offset Std Dev +============================================================================== +PPS0 0 0 0 +0.000 2000.000 +0ns 4000ms +NMEA 58 30 231 -96.494 38.406 +504ms 6080us +foo.example.net 7 3 200 -2.991 16.141 -107us 492us + +the offset of the NMEA source would need to be increased by about 0.504 +seconds. It does not have to be very accurate. As long as the offset of the +NMEA reference clock stays below the limit, the PPS reference clock should be +able to determine the seconds corresponding to the pulses and allow the samples +to be used for synchronisation. + +4. Issues with chronyc + +4.1. I keep getting the error 506 Cannot talk to daemon + +When accessing chronyd remotely, make sure that the chrony.conf file (on the +computer where chronyd is running) has a cmdallow entry for the computer you +are running chronyc on and an appropriate bindcmdaddress directive. This is not +necessary for localhost. + +Perhaps chronyd is not running. Try using the ps command (e.g. on Linux, ps +-auxw) to see if it is running. Or try netstat -a and see if the UDP port 323 +is listening. If chronyd is not running, you might have a problem with the way +you are trying to start it (e.g. at boot time). + +Perhaps you have a firewall set up in a way that blocks packets on the UDP port +323. You need to amend the firewall configuration in this case. + +4.2. I keep getting the error 501 Not authorised + +This error indicates that chronyc sent the command to chronyd using a UDP +socket instead of the Unix domain socket (e.g. /var/run/chrony/chronyd.sock), +which is required for some commands. For security reasons, only the root and +chrony users are allowed to access the socket. + +It is also possible that the socket does not exist. chronyd will not create the +socket if the directory has a wrong owner or permissions. In this case there +should be an error message from chronyd in the system log. + +4.3. What is the reference ID reported by the tracking command? + +The reference ID is a 32-bit value used in NTP to prevent synchronisation +loops. + +In chrony versions before 3.0 it was printed in the quad-dotted notation, even +if the reference source did not actually have an IPv4 address. For IPv4 +addresses, the reference ID is equal to the address, but for IPv6 addresses it +is the first 32 bits of the MD5 sum of the address. For reference clocks, the +reference ID is the value specified with the refid option in the refclock +directive. + +Since version 3.0, the reference ID is printed as a hexadecimal number to avoid +confusion with IPv4 addresses. + +If you need to get the IP address of the current reference source, use the -n +option to disable resolving of IP addresses and read the second field (printed +in parentheses) on the Reference ID line. + +4.4. Is the chronyc / chronyd protocol documented anywhere? + +Only by the source code. See cmdmon.c (chronyd side) and client.c (chronyc +side). + +Note that this protocol is not compatible with the mode 6 or mode 7 protocol +supported by ntpd, i.e. the ntpq or ntpdc utility cannot be used to monitor +chronyd, and chronyc cannot be used to monitor ntpd. + +5. Real-time clock issues + +5.1. What is the real-time clock (RTC)? + +This is the clock which keeps the time even when your computer is turned off. +It is used to initialise the system clock on boot. It normally does not drift +more than few seconds per day. + +There are two approaches how chronyd can work with it. One is to use the +rtcsync directive, which tells chronyd to enable a kernel mode which sets the +RTC from the system clock every 11 minutes. chronyd itself will not touch the +RTC. If the computer is not turned off for a long time, the RTC should still be +close to the true time when the system clock will be initialised from it on the +next boot. + +The other option is to use the rtcfile directive, which tells chronyd to +monitor the rate at which the RTC gains or loses time. When chronyd is started +with the -s option on the next boot, it will set the system time from the RTC +and also compensate for the drift it has measured previously. The rtcautotrim +directive can be used to keep the RTC close to the true time, but it is not +strictly necessary if its only purpose is to set the system clock when chronyd +is started on boot. See the documentation for details. + +5.2. Does hwclock have to be disabled? + +The hwclock program is run by default in the boot and/or shutdown scripts in +some Linux installations. With the kernel RTC synchronisation (rtcsync +directive), the RTC will be set also every 11 minutes as long as the system +clock is synchronised. If you want to use chronyd's RTC monitoring (rtcfile +directive), it is important to disable hwclock in the shutdown procedure. If +you do not do that, it will overwrite the RTC with a new value, unknown to +chronyd. At the next reboot, chronyd started with the -s option will compensate +this (wrong) time with its estimate of how far the RTC has drifted whilst the +power was off, giving a meaningless initial system time. + +There is no need to remove hwclock from the boot process, as long as chronyd is +started after it has run. + +5.3. I just keep getting the 513 RTC driver not running message + +For the real-time clock support to work, you need the following three things + + o an RTC in your computer + + o a Linux kernel with enabled RTC support + + o an rtcfile directive in your chrony.conf file + +5.4. I get Could not open /dev/rtc, Device or resource busy in my syslog file + +Some other program running on the system might be using the device. + +5.5. When I start chronyd, the log says Could not enable RTC interrupt : +Invalid argument (or it may say disable) + +Your real-time clock hardware might not support the required ioctl requests: + + o RTC_UIE_ON + + o RTC_UIE_OFF + +A possible solution could be to build the Linux kernel with support for +software emulation instead; try enabling the following configuration option +when building the Linux kernel: + + o CONFIG_RTC_INTF_DEV_UIE_EMUL + +5.6. What if my computer does not have an RTC or backup battery? + +In this case you can still use the -s option to set the system clock to the +last modification time of the drift file, which should correspond to the system +time when chronyd was previously stopped. The initial system time will be +increasing across reboots and applications started after chronyd will not +observe backward steps. + +6. NTP-specific issues + +6.1. Can chronyd be driven from broadcast/multicast NTP servers? + +No, the broadcast/multicast client mode is not supported and there is currently +no plan to implement it. While this mode can simplify configuration of clients +in large networks, it is inherently less accurate and less secure (even with +authentication) than the ordinary client/server mode. + +When configuring a large number of clients in a network, it is recommended to +use the pool directive with a DNS name which resolves to addresses of multiple +NTP servers. The clients will automatically replace the servers when they +become unreachable, or otherwise unsuitable for synchronisation, with new +servers from the pool. + +Even with very modest hardware, an NTP server can serve time to hundreds of +thousands of clients using the ordinary client/server mode. + +6.2. Can chronyd transmit broadcast NTP packets? + +Yes, the broadcast directive can be used to enable the broadcast server mode to +serve time to clients in the network which support the broadcast client mode +(it is not supported in chronyd). Note that this mode should generally be +avoided. See the previous question. + +6.3. Can chronyd keep the system clock a fixed offset away from real time? + +Yes. Starting from version 3.0, an offset can be specified by the offset option +for all time sources in the chrony.conf file. + +6.4. What happens if the network connection is dropped without using chronyc's +offline command first? + +chronyd will keep trying to access the sources that it thinks are online, and +it will take longer before new measurements are actually made and the clock is +corrected when the network is connected again. If the sources were set to +offline, chronyd would make new measurements immediately after issuing the +online command. + +Unless the network connection lasts only few minutes (less than the maximum +polling interval), the delay is usually not a problem, and it might be +acceptable to keep all sources online all the time. + +6.5. Why is an offset measured between two computers synchronised to each +another? + +When two computers are synchronised to each other using the client/server or +symmetric NTP mode, there is an expectation that NTP measurements between the +two computers made on both ends show an average offset close to zero. + +With chronyd that can be expected only when the interleaved mode is enabled by +the xleave option. Otherwise, chronyd will use different transmit timestamps +(e.g. daemon timestamp vs kernel timestamp) for serving time and +synchronisation of its own clock, which will cause the other computer to +measure a significant offset. + +7. Operation + +7.1. What clocks does chronyd use? + +There are several different clocks used by chronyd: + + o System clock: software clock maintained by the kernel. It is the main clock + used by applications running on the computer. It is synchronised by chronyd + to its NTP clock, unless started with the -x option. + + o NTP clock: software clock (virtual) based on the system clock and internal + to chronyd. It keeps the best estimate of the true time according to the + configured time sources, which is served to NTP clients unless time + smoothing is enabled by the smoothtime directive. The System time value in + the tracking report is the current offset between the system and NTP clock. + + o Real-time clock (RTC): hardware clock keeping time even when the computer + is turned off. It is used by the kernel to initialise the system clock on + boot and also by chronyd to compensate for its measured drift if configured + with the rtcfile directive and started with the -s option. The clock can be + kept accurate only by stepping enabled by the rtcsync or rtcautotrim + directive. + + o Reference clock: hardware clock used as a time source. It is specified by + the refclock directive. + + o NIC clock (also known as PTP hardware clock): hardware clock timestamping + packets received and transmitted by a network device specified by the + hwtimestamp directive. The clock is expected to be running free. It is not + synchronised by chronyd. Its offset is tracked relative to the NTP clock in + order to convert the hardware timestamps. + +8. Operating systems + +8.1. Does chrony support Windows? + +No. The chronyc program (the command-line client used for configuring chronyd +while it is running) has been successfully built and run under Cygwin in the +past. chronyd is not portable, because part of it is very system-dependent. It +needs adapting to work with Windows' equivalent of the adjtimex() call, and it +needs to be made to work as a service. + +8.2. Are there any plans to support Windows? + +We have no plans to do this. Anyone is welcome to pick this work up and +contribute it back to the project. + +Last updated 2022-08-29 15:04:33 +0200 diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..e73dcd2 --- /dev/null +++ b/INSTALL @@ -0,0 +1,165 @@ +Installation + +The software is distributed as source code which has to be compiled. The source +code is supplied in the form of a gzipped tar file, which unpacks to a +subdirectory identifying the name and version of the program. + +A C compiler (e.g. gcc or clang) and GNU Make are needed to build chrony. The +following libraries with their development files, and programs, are needed to +enable optional features: + + o pkg-config: detection of development libraries + + o Nettle, GnuTLS, NSS, or LibTomCrypt: secure hash functions (SECHASH) + + o libcap: dropping root privileges on Linux (DROPROOT) + + o libseccomp: system call filter on Linux (SCFILTER) + + o GnuTLS and Nettle: Network Time Security (NTS) + + o Editline: line editing in chronyc (READLINE) + + o timepps.h header: PPS reference clock + + o Asciidoctor: documentation in HTML format + + o Bash: test suite + +The following programs are needed when building chrony from the git repository +instead of a released tar file: + + o Asciidoctor: manual pages + + o Bison: parser for chronyc settime command + +After unpacking the source code, change directory into it, and type + +./configure + +This is a shell script that automatically determines the system type. There is +an optional parameter --prefix, which indicates the directory tree where the +software should be installed. For example, + +./configure --prefix=/opt/free + +will install the chronyd daemon into /opt/free/sbin and the chronyc control +program into /opt/free/bin. The default value for the prefix is /usr/local. + +The configure script assumes you want to use gcc as your compiler. If you want +to use a different compiler, you can configure this way: + +CC=cc ./configure --prefix=/opt/free + +for Bourne-family shells, or + +setenv CC cc +setenv CFLAGS -O +./configure --prefix=/opt/free + +for C-family shells. + +If the software cannot (yet) be built on your system, an error message will be +shown. Otherwise, Makefile will be generated. + +On Linux, if development files for the libcap library are available, chronyd +will be built with support for dropping root privileges. On other systems no +extra library is needed. The default user which chronyd should run as can be +specified with the --with-user option of the configure script. + +If development files for the POSIX threads library are available, chronyd will +be built with support for asynchronous resolving of hostnames specified in the +server, peer, and pool directives. This allows chronyd operating as a server to +respond to client requests when resolving a hostname. If you don't want to +enable the support, specify the --disable-asyncdns flag to configure. + +If development files for the Nettle, NSS, or libtomcrypt library are available, +chronyd will be built with support for other cryptographic hash functions than +MD5, which can be used for NTP authentication with a symmetric key. If you +don't want to enable the support, specify the --disable-sechash flag to +configure. + +If development files for the editline library are available, chronyc will be +built with line editing support. If you don't want this, specify the +--disable-readline flag to configure. + +If a timepps.h header is available (e.g. from the LinuxPPS project), chronyd +will be built with PPS API reference clock driver. If the header is installed +in a location that isn't normally searched by the compiler, you can add it to +the searched locations by setting the CPPFLAGS variable to -I/path/to/timepps. + +The --help option can be specified to configure to print all options supported +by the script. + +Now type + +make + +to build the programs. + +If you want to build the manual in HTML, type + +make docs + +Once the programs have been successfully compiled, they need to be installed in +their target locations. This step normally needs to be performed by the +superuser, and requires the following command to be entered. + +make install + +This will install the binaries and man pages. + +To install the HTML version of the manual, enter the command + +make install-docs + +Now that the software is successfully installed, the next step is to set up a +configuration file. The default location of the file is /etc/chrony.conf. +Several examples of configuration with comments are included in the examples +directory. Suppose you want to use public NTP servers from the pool.ntp.org +project as your time reference. A minimal useful configuration file could be + +pool pool.ntp.org iburst +makestep 1.0 3 +rtcsync + +Then, chronyd can be run. For security reasons, it's recommended to create an +unprivileged user for chronyd and specify it with the -u command-line option or +the user directive in the configuration file, or set the default user with the +--with-user configure option before building. + +Support for system call filtering + +chronyd can be built with support for the Linux secure computing (seccomp) +facility. This requires development files for the libseccomp library and the +--enable-scfilter option specified to configure. The -F option of chronyd will +enable a system call filter, which should significantly reduce the kernel +attack surface and possibly prevent kernel exploits from chronyd if it is +compromised. + +Extra options for package builders + +The configure and make procedures have some extra options that may be useful if +you are building a distribution package for chrony. + +The --mandir=DIR option to configure specifies an installation directory for +the man pages. This overrides the man subdirectory of the argument to the +--prefix option. + +./configure --prefix=/usr --mandir=/usr/share/man + +to set both options together. + +The final option is the DESTDIR option to the make command. For example, you +could use the commands + +./configure --prefix=/usr --mandir=/usr/share/man +make all docs +make install DESTDIR=./tmp +cd tmp +tar cvf - . | gzip -9 > chrony.tar.gz + +to build a package. When untarred within the root directory, this will install +the files to the intended final locations. + +Last updated 2022-08-29 15:04:33 +0200 diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..ef100a4 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,139 @@ +################################################## +# +# chronyd/chronyc - Programs for keeping computer clocks accurate. +# +# Copyright (C) Richard P. Curnow 1997-2003 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# ======================================================================= +# +# Makefile template + +SYSCONFDIR = @SYSCONFDIR@ +BINDIR = @BINDIR@ +SBINDIR = @SBINDIR@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +CHRONYVARDIR = @CHRONYVARDIR@ +DESTDIR = + +CC = @CC@ +CFLAGS = @CFLAGS@ +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ + +EXTRA_OBJS = @EXTRA_OBJS@ + +OBJS = array.o cmdparse.o conf.o local.o logging.o main.o memory.o quantiles.o \ + reference.o regress.o rtc.o samplefilt.o sched.o socket.o sources.o sourcestats.o \ + stubs.o smooth.o sys.o sys_null.o tempcomp.o util.o $(EXTRA_OBJS) + +EXTRA_CLI_OBJS = @EXTRA_CLI_OBJS@ + +CLI_OBJS = array.o client.o cmdparse.o getdate.o memory.o nameserv.o \ + pktlength.o socket.o util.o $(EXTRA_CLI_OBJS) + +ALL_OBJS = $(OBJS) $(CLI_OBJS) + +LIBS = @LIBS@ +EXTRA_LIBS = @EXTRA_LIBS@ +EXTRA_CLI_LIBS = @EXTRA_CLI_LIBS@ + +# Until we have a main procedure we can link, just build object files +# to test compilation + +all : chronyd chronyc + +chronyd : $(OBJS) + $(CC) $(CFLAGS) -o chronyd $(OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_LIBS) + +chronyc : $(CLI_OBJS) + $(CC) $(CFLAGS) -o chronyc $(CLI_OBJS) $(LDFLAGS) $(LIBS) $(EXTRA_CLI_LIBS) + +distclean : clean + $(MAKE) -C doc distclean + $(MAKE) -C test/unit distclean + -rm -f .DS_Store + -rm -f Makefile config.h config.log + +clean : + $(MAKE) -C test/unit clean + -rm -f *.o *.s chronyc chronyd core.* *~ + -rm -f *.gcda *.gcno + -rm -rf .deps + -rm -rf *.dSYM + +getdate.c : getdate.y + bison -o getdate.c getdate.y + +# This can be used to force regeneration of getdate.c +getdate : + bison -o getdate.c getdate.y + +# For install, don't use the install command, because its switches +# seem to vary between systems. + +install: chronyd chronyc + [ -d $(DESTDIR)$(SYSCONFDIR) ] || mkdir -p $(DESTDIR)$(SYSCONFDIR) + [ -d $(DESTDIR)$(SBINDIR) ] || mkdir -p $(DESTDIR)$(SBINDIR) + [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) + [ -d $(DESTDIR)$(CHRONYVARDIR) ] || mkdir -p $(DESTDIR)$(CHRONYVARDIR) + if [ -f $(DESTDIR)$(SBINDIR)/chronyd ]; then rm -f $(DESTDIR)$(SBINDIR)/chronyd ; fi + if [ -f $(DESTDIR)$(BINDIR)/chronyc ]; then rm -f $(DESTDIR)$(BINDIR)/chronyc ; fi + cp chronyd $(DESTDIR)$(SBINDIR)/chronyd + chmod 755 $(DESTDIR)$(SBINDIR)/chronyd + cp chronyc $(DESTDIR)$(BINDIR)/chronyc + chmod 755 $(DESTDIR)$(BINDIR)/chronyc + $(MAKE) -C doc install + +docs : + $(MAKE) -C doc docs + +install-docs : + $(MAKE) -C doc install-docs + +%.o : %.c + $(CC) $(CFLAGS) $(CPPFLAGS) -c $< + +%.s : %.c + $(CC) $(CFLAGS) $(CPPFLAGS) -S $< + +quickcheck : chronyd chronyc + $(MAKE) -C test/unit check + cd test/simulation && ./run + cd test/system && ./run + +check : chronyd chronyc + $(MAKE) -C test/unit check + cd test/simulation && ./run -i 20 -m 2 + cd test/system && ./run + +print-chronyd-objects : + @echo $(OBJS) + +Makefile : Makefile.in configure + @echo + @echo Makefile needs to be regenerated, run ./configure + @echo + @exit 1 + +.deps: + @mkdir .deps + +.deps/%.d: %.c | .deps + @$(CC) -MM $(CPPFLAGS) -MT '$(<:%.c=%.o) $@' $< -o $@ + +ifndef NODEPS +-include $(ALL_OBJS:%.o=.deps/%.d) +endif diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..8673fd6 --- /dev/null +++ b/NEWS @@ -0,0 +1,977 @@ +New in version 4.3 +================== + +Enhancements +------------ +* Add local option to refclock directive to stabilise system clock + with more stable free-running clock (e.g. TCXO, OCXO) +* Add maxdelayquant option to server/pool/peer directive to replace + maxdelaydevratio filter with long-term quantile-based filtering +* Add selection option to log directive +* Allow external PPS in PHC refclock without configurable pin +* Don't accept first interleaved response to minimise error in delay +* Don't use arc4random on Linux to avoid server performance loss +* Improve filter option to better handle missing NTP samples +* Improve stability with hardware timestamping and PHC refclock +* Update seccomp filter + +Bug fixes +--------- +* Fix waitsync command to reconnect when not getting response + +New in version 4.2 +================== + +Enhancements +------------ +* Add support for NTPv4 extension field improving synchronisation + stability and resolution of root delay and dispersion (experimental) +* Add support for NTP over PTP (experimental) +* Add support for AES-CMAC and hash functions in GnuTLS +* Improve server interleaved mode to be more reliable and support + multiple clients behind NAT +* Update seccomp filter +* Add statistics about interleaved mode to serverstats report + +Bug fixes +--------- +* Fix RTC support with 64-bit time_t on 32-bit Linux +* Fix seccomp filter to work correctly with bind*device directives +* Suppress kernel adjustments of system clock (dosynctodr) on illumos + +Other changes +------------- +* Switch Solaris support to illumos + +New in version 4.1 +================== + +Enhancements +------------ +* Add support for NTS servers specified by IP address (matching + Subject Alternative Name in server certificate) +* Add source-specific configuration of trusted certificates +* Allow multiple files and directories with trusted certificates +* Allow multiple pairs of server keys and certificates +* Add copy option to server/pool directive +* Increase PPS lock limit to 40% of pulse interval +* Perform source selection immediately after loading dump files +* Reload dump files for addresses negotiated by NTS-KE server +* Update seccomp filter and add less restrictive level +* Restart ongoing name resolution on online command + +Bug fixes +--------- +* Fix responding to IPv4 command requests on FreeBSD +* Fix dump files to not include uncorrected offset +* Fix initstepslew to accept time from own NTP clients +* Reset NTP address and port when no longer negotiated by NTS-KE server + +New in version 4.0 +================== + +Enhancements +------------ +* Add support for Network Time Security (NTS) authentication +* Add support for AES-CMAC keys (AES128, AES256) with Nettle +* Add authselectmode directive to control selection of unauthenticated sources +* Add binddevice, bindacqdevice, bindcmddevice directives +* Add confdir directive to better support fragmented configuration +* Add sourcedir directive and "reload sources" command to support dynamic + NTP sources specified in files +* Add clockprecision directive +* Add dscp directive to set Differentiated Services Code Point (DSCP) +* Add -L option to limit log messages by severity +* Add -p option to print whole configuration with included files +* Add -U option to allow start under non-root user +* Allow maxsamples to be set to 1 for faster update with -q/-Q option +* Avoid replacing NTP sources with sources that have unreachable address +* Improve pools to repeat name resolution to get "maxsources" sources +* Improve source selection with trusted sources +* Improve NTP loop test to prevent synchronisation to itself +* Repeat iburst when NTP source is switched from offline state to online +* Update clock synchronisation status and leap status more frequently +* Update seccomp filter +* Add "add pool" command +* Add "reset sources" command to drop all measurements +* Add authdata command to print details about NTP authentication +* Add selectdata command to print details about source selection +* Add -N option and sourcename command to print original names of sources +* Add -a option to some commands to print also unresolved sources +* Add -k, -p, -r options to clients command to select, limit, reset data + +Bug fixes +--------- +* Don't set interface for NTP responses to allow asymmetric routing +* Handle RTCs that don't support interrupts +* Respond to command requests with correct address on multihomed hosts + +Removed features +---------------- +* Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) +* Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x + clients using non-MD5/SHA1 keys need to use option "version 3") +* Drop support for line editing with GNU Readline + +New in version 3.5.1 +==================== + +Security fixes +-------------- +* Create new file when writing pidfile (CVE-2020-14367) + +New in version 3.5 +================== + +Enhancements +------------ +* Add support for more accurate reading of PHC on Linux 5.0 +* Add support for hardware timestamping on interfaces with read-only + timestamping configuration +* Add support for memory locking and real-time priority on FreeBSD, + NetBSD, Solaris +* Update seccomp filter to work on more architectures +* Validate refclock driver options + +Bug fixes +--------- +* Fix bindaddress directive on FreeBSD +* Fix transposition of hardware RX timestamp on Linux 4.13 and later +* Fix building on non-glibc systems + +New in version 3.4 +================== + +Enhancements +------------ +* Add filter option to server/pool/peer directive +* Add minsamples and maxsamples options to hwtimestamp directive +* Add support for faster frequency adjustments in Linux 4.19 +* Change default pidfile to /var/run/chrony/chronyd.pid to allow + chronyd without root privileges to remove it on exit +* Disable sub-second polling intervals for distant NTP sources +* Extend range of supported sub-second polling intervals +* Get/set IPv4 destination/source address of NTP packets on FreeBSD +* Make burst options and command useful with short polling intervals +* Modify auto_offline option to activate when sending request failed +* Respond from interface that received NTP request if possible +* Add onoffline command to switch between online and offline state + according to current system network configuration +* Improve example NetworkManager dispatcher script + +Bug fixes +--------- +* Avoid waiting in Linux getrandom system call +* Fix PPS support on FreeBSD and NetBSD + +New in version 3.3 +================== + +Enhancements +------------ +* Add burst option to server/pool directive +* Add stratum and tai options to refclock directive +* Add support for Nettle crypto library +* Add workaround for missing kernel receive timestamps on Linux +* Wait for late hardware transmit timestamps +* Improve source selection with unreachable sources +* Improve protection against replay attacks on symmetric mode +* Allow PHC refclock to use socket in /var/run/chrony +* Add shutdown command to stop chronyd +* Simplify format of response to manual list command +* Improve handling of unknown responses in chronyc + +Bug fixes +--------- +* Respond to NTPv1 client requests with zero mode +* Fix -x option to not require CAP_SYS_TIME under non-root user +* Fix acquisitionport directive to work with privilege separation +* Fix handling of socket errors on Linux to avoid high CPU usage +* Fix chronyc to not get stuck in infinite loop after clock step + +New in version 3.2 +================== + +Enhancements +------------ +* Improve stability with NTP sources and reference clocks +* Improve stability with hardware timestamping +* Improve support for NTP interleaved modes +* Control frequency of system clock on macOS 10.13 and later +* Set TAI-UTC offset of system clock with leapsectz directive +* Minimise data in client requests to improve privacy +* Allow transmit-only hardware timestamping +* Add support for new timestamping options introduced in Linux 4.13 +* Add root delay, root dispersion and maximum error to tracking log +* Add mindelay and asymmetry options to server/peer/pool directive +* Add extpps option to PHC refclock to timestamp external PPS signal +* Add pps option to refclock directive to treat any refclock as PPS +* Add width option to refclock directive to filter wrong pulse edges +* Add rxfilter option to hwtimestamp directive +* Add -x option to disable control of system clock +* Add -l option to log to specified file instead of syslog +* Allow multiple command-line options to be specified together +* Allow starting without root privileges with -Q option +* Update seccomp filter for new glibc versions +* Dump history on exit by default with dumpdir directive +* Use hardening compiler options by default + +Bug fixes +--------- +* Don't drop PHC samples with low-resolution system clock +* Ignore outliers in PHC tracking, RTC tracking, manual input +* Increase polling interval when peer is not responding +* Exit with error message when include directive fails +* Don't allow slash after hostname in allow/deny directive/command +* Try to connect to all addresses in chronyc before giving up + +New in version 3.1 +================== + +Enhancements +------------ +* Add support for precise cross timestamping of PHC on Linux +* Add minpoll, precision, nocrossts options to hwtimestamp directive +* Add rawmeasurements option to log directive and modify measurements + option to log only valid measurements from synchronised sources +* Allow sub-second polling interval with NTP sources + +Bug fixes +--------- +* Fix time smoothing in interleaved mode + +New in version 3.0 +================== + +Enhancements +------------ +* Add support for software and hardware timestamping on Linux +* Add support for client/server and symmetric interleaved modes +* Add support for MS-SNTP authentication in Samba +* Add support for truncated MACs in NTPv4 packets +* Estimate and correct for asymmetric network jitter +* Increase default minsamples and polltarget to improve stability + with very low jitter +* Add maxjitter directive to limit source selection by jitter +* Add offset option to server/pool/peer directive +* Add maxlockage option to refclock directive +* Add -t option to chronyd to exit after specified time +* Add partial protection against replay attacks on symmetric mode +* Don't reset polling interval when switching sources to online state +* Allow rate limiting with very short intervals +* Improve maximum server throughput on Linux and NetBSD +* Remove dump files after start +* Add tab-completion to chronyc with libedit/readline +* Add ntpdata command to print details about NTP measurements +* Allow all source options to be set in add server/peer command +* Indicate truncated addresses/hostnames in chronyc output +* Print reference IDs as hexadecimal numbers to avoid confusion with + IPv4 addresses + +Bug fixes +--------- +* Fix crash with disabled asynchronous name resolving + +New in version 2.4.1 +==================== + +Bug fixes +--------- +* Fix processing of kernel timestamps on non-Linux systems +* Fix crash with smoothtime directive +* Fix validation of refclock sample times +* Fix parsing of refclock directive + +New in version 2.4 +================== + +Enhancements +------------ +* Add orphan option to local directive for orphan mode compatible with ntpd +* Add distance option to local directive to set activation threshold + (1 second by default) +* Add maxdrift directive to set maximum allowed drift of system clock +* Try to replace NTP sources exceeding maximum distance +* Randomise source replacement to avoid getting stuck with bad sources +* Randomise selection of sources from pools on start +* Ignore reference timestamp as ntpd doesn't always set it correctly +* Modify tracking report to use same values as seen by NTP clients +* Add -c option to chronyc to write reports in CSV format +* Provide detailed manual pages + +Bug fixes +--------- +* Fix SOCK refclock to work correctly when not specified as last refclock +* Fix initstepslew and -q/-Q options to accept time from own NTP clients +* Fix authentication with keys using 512-bit hash functions +* Fix crash on exit when multiple signals are received +* Fix conversion of very small floating-point numbers in command packets + +Removed features +---------------- +* Drop documentation in Texinfo format + +New in version 2.3 +================== + +Enhancements +------------ +* Add support for NTP and command response rate limiting +* Add support for dropping root privileges on Mac OS X, FreeBSD, Solaris +* Add require and trust options for source selection +* Enable logchange by default (1 second threshold) +* Set RTC on Mac OS X with rtcsync directive +* Allow binding to NTP port after dropping root privileges on NetBSD +* Drop CAP_NET_BIND_SERVICE capability on Linux when NTP port is disabled +* Resolve names in separate process when seccomp filter is enabled +* Replace old records in client log when memory limit is reached +* Don't reveal local time and synchronisation state in client packets +* Don't keep client sockets open for longer than necessary +* Ignore poll in KoD RATE packets as ntpd doesn't always set it correctly +* Warn when using keys shorter than 80 bits +* Add keygen command to generate random keys easily +* Add serverstats command to report NTP and command packet statistics + +Bug fixes +--------- +* Fix clock correction after making step on Mac OS X +* Fix building on Solaris + +New in version 2.2.1 +==================== + +Security fixes +-------------- +* Restrict authentication of NTP server/peer to specified key (CVE-2016-1567) + +New in version 2.2 +================== + +Enhancements +------------ +* Add support for configuration and monitoring over Unix domain socket + (accessible by root or chrony user when root privileges are dropped) +* Add support for system call filtering with seccomp on Linux (experimental) +* Add support for dropping root privileges on NetBSD +* Control frequency of system clock on FreeBSD, NetBSD, Solaris +* Add system leap second handling mode on FreeBSD, NetBSD, Solaris +* Add dynamic drift removal on Mac OS X +* Add support for setting real-time priority on Mac OS X +* Add maxdistance directive to limit source selection by root distance + (3 seconds by default) +* Add refresh command to get new addresses of NTP sources +* Allow wildcard patterns in include directive +* Restore time from driftfile with -s option if later than RTC time +* Add configure option to set default hwclockfile +* Add -d option to chronyc to enable debug messages +* Allow multiple addresses to be specified for chronyc with -h option + and reconnect when no valid reply is received +* Make check interval in waitsync command configurable + +Bug fixes +--------- +* Fix building on NetBSD, Solaris +* Restore time from driftfile with -s option if reading RTC failed + +Removed features +---------------- +* Drop support for authentication with command key (run-time configuration + is now allowed only for local users that can access the Unix domain socket) + +New in version 2.1.1 +==================== + +Bug fixes +--------- +* Fix clock stepping by integer number of seconds on Linux + +New in version 2.1 +================== + +Enhancements +------------ +* Add support for Mac OS X +* Try to replace unreachable and falseticker servers/peers specified + by name like pool sources +* Add leaponly option to smoothtime directive to allow synchronised + leap smear between multiple servers +* Use specific reference ID when smoothing served time +* Add smoothing command to report time smoothing status +* Add smoothtime command to activate or reset time smoothing + +Bug fixes +--------- +* Fix crash in source selection with preferred sources +* Fix resetting of time smoothing +* Include packet precision in peer dispersion +* Fix crash in chronyc on invalid command syntax + +New in version 2.0 +================== + +Enhancements +------------ +* Update to NTP version 4 (RFC 5905) +* Add pool directive to specify pool of NTP servers +* Add leapsecmode directive to select how to correct clock for leap second +* Add smoothtime directive to smooth served time and enable leap smear +* Add minsources directive to set required number of selectable sources +* Add minsamples and maxsamples options for all sources +* Add tempcomp configuration with list of points +* Allow unlimited number of NTP sources, refclocks and keys +* Allow unreachable sources to remain selected +* Improve source selection +* Handle offline sources as unreachable +* Open NTP server port only when necessary (client access is allowed by + allow directive/command or peer/broadcast is configured) +* Change default bindcmdaddress to loopback address +* Change default maxdelay to 3 seconds +* Change default stratumweight to 0.001 +* Update adjtimex synchronisation status +* Use system headers for adjtimex +* Check for memory allocation errors +* Reduce memory usage +* Add configure options to compile without NTP, cmdmon, refclock support +* Extend makestep command to set automatic clock stepping + +Bug fixes +--------- +* Add sanity checks for time and frequency offset +* Don't report synchronised status during leap second +* Don't combine reference clocks with close NTP sources +* Fix accepting requests from configured sources +* Fix initial fallback drift setting + +New in version 1.31.1 +===================== + +Security fixes +-------------- +* Protect authenticated symmetric NTP associations against DoS attacks + (CVE-2015-1853) +* Fix access configuration with subnet size indivisible by 4 (CVE-2015-1821) +* Fix initialization of reply slots for authenticated commands (CVE-2015-1822) + +New in version 1.31 +=================== + +Enhancements +------------ +* Support operation in other NTP eras (next era begins in 2036), + NTP time is mapped to [-50, +86] years around build date by default +* Restore time from driftfile with -s when RTC is missing/unsupported +* Close connected client sockets when not waiting for reply +* Use one client socket with random port when acquisitionport is 0 +* Use NTP packets instead of UDP echo for presend +* Don't adjust polling interval when sending fails +* Allow binding to addresses that don't exist yet +* Ignore measurements around leap second +* Improve detection of unexpected time jumps +* Include example of logrotate configuration, systemd services and + NetworkManager dispatcher script + +Bug fixes +--------- +* Reconnect client sockets for each request to follow changes + in network configuration automatically +* Restart timer when polling interval is changed on reset + +New in version 1.30 +=================== + +Enhancements +------------ +* Add asynchronous name resolving with POSIX threads +* Add PTP hardware clock (PHC) refclock driver +* Add new generic clock driver to slew by adjusting frequency only + (without kernel PLL or adjtime) and use it on Linux +* Add rtcautotrim directive to trim RTC automatically +* Add hwclockfile directive to share RTC LOCAL/UTC setting with hwclock +* Add maxslewrate directive to set maximum allowed slew rate +* Add maxdispersion option for refclocks +* Add -q/-Q options to set clock/print offset once and exit +* Allow directives to be specified on chronyd command line +* Replace frequency scaling in Linux driver with retaining of tick +* Try to detect unexpected forward time jumps and reset state +* Exit with non-zero code when maxchange limit is reached +* Improve makestep to not start and stop slew unnecessarily +* Change default corrtimeratio to 3.0 to improve frequency accuracy +* Announce leap second only on last day of June and December +* Use separate connected client sockets for each NTP server +* Remove separate NTP implementation used for initstepslew +* Limit maximum minpoll set by KoD RATE to default maxpoll +* Don't send NTP requests with unknown key +* Print warning when source is added with unknown key +* Take leap second in PPS refclock from locked source +* Make reading of RTC for initial trim more reliable +* Don't create cmdmon sockets when cmdport is 0 +* Add configure option to set default user to drop root privileges +* Add configure option to compile with debug messages +* Print debug messages when -d is used more than once +* Change format of messages written to terminal with -d +* Write fatal messages also to stderr with -n +* Use IP_RECVERR socket option in chronyc to not wait unnecessarily +* Shorten default chronyc timeout for localhost +* Change default hostname in chronyc from localhost to 127.0.0.1 +* Print error message on invalid syntax with all chronyc commands +* Include simulation test suite using clknetsim + +Bug fixes +--------- +* Fix crash when selecting with multiple preferred sources +* Fix frequency calculation with large frequency offsets +* Fix code writing drift and RTC files to compile correctly +* Fix -4/-6 options in chronyc to not reset hostname set by -h +* Fix refclock sample validation with sub-second polling interval +* Set stratum correctly with non-PPS SOCK refclock and local stratum +* Modify dispersion accounting in refclocks to prevent PPS getting + stuck with large dispersion and not accepting new samples + +New in version 1.29.1 +===================== + +Security fixes +-------------- +* Modify chronyc protocol to prevent amplification attacks (CVE-2014-0021) + (incompatible with previous protocol version, chronyc supports both) + +New in version 1.29 +=================== + +Security fixes +-------------- +* Fix crash when processing crafted commands (CVE-2012-4502) + (possible with IP addresses allowed by cmdallow and localhost) +* Don't send uninitialized data in SUBNETS_ACCESSED and CLIENT_ACCESSES + replies (CVE-2012-4503) (not used by chronyc) + +Other changes +------------- +* Drop support for SUBNETS_ACCESSED and CLIENT_ACCESSES commands + +New in version 1.28 +=================== + +* Combine sources to improve accuracy +* Make config and command parser strict +* Add -a option to chronyc to authenticate automatically +* Add -R option to ignore initstepslew and makestep directives +* Add generatecommandkey, minsamples, maxsamples and user directives +* Improve compatibility with NTPv1 and NTPv2 clients +* Create sockets only in selected family with -4/-6 option +* Treat address bind errors as non-fatal +* Extend tracking log +* Accept float values as initstepslew threshold +* Allow hostnames in offline, online and burst commands +* Fix and improve peer polling +* Fix crash in config parsing with too many servers +* Fix crash with duplicated initstepslew address +* Fix delta calculation with extreme frequency offsets +* Set local stratum correctly +* Remove unnecessary adjtimex calls +* Set paths in documentation by configure +* Update chrony.spec + +New in version 1.27 +=================== + +* Support for stronger keys via NSS or libtomcrypt library +* Support reading leap second data from tz database +* Support for precise clock stepping on Linux +* Support for nanoseconds in SHM refclock +* Make offset corrections smoother on Linux +* Make transmit timestamps random below clock precision +* Add corrtimeratio and maxchange directives +* Extend tracking, sources and activity reports +* Wait in foreground process until daemon is fully initialized +* Fix crash with slow name resolving +* Fix iburst with jittery sources +* Fix offset stored in rtc data right after trimrtc +* Fix crash and hang with RTC or manual samples +* Don't use readonly adjtime on Linux kernels before 2.6.28 +* Changed chronyc protocol, incompatible with older versions + +New in version 1.26 +=================== + +* Add compatibility with Linux 3.0 and later +* Use proper source address in NTP replies on multihomed IPv6 hosts +* Accept NTP packets with versions 4, 3 and 2 +* Cope with unexpected backward time jumps +* Don't reset kernel frequency on start without drift file +* Retry on permanent DNS error by default +* Add waitsync command + +New in version 1.25 +=================== + +* Improve accuracy with NTP sources +* Improve accuracy with reference clocks +* Improve polling interval adjustment +* Improve stability with temporary asymmetric delays +* Improve source selection +* Improve initial synchronisation +* Add delayed server name resolving +* Add temperature compensation +* Add nanosecond slewing to Linux driver +* Add fallback drifts +* Add iburst, minstratum, maxdelaydevratio, polltarget, + prefer, noselect options +* Add rtcsync directive to enable Linux 11-minute mode +* Add reselectdist, stratumweight, logbanner, maxclockerror, + include directives +* Add -n option to not detach daemon from terminal +* Fix pidfile directive +* Fix name resolving with disabled IPv6 support +* Fix reloading sample histories with reference clocks +* Fix crash with auto_offline option +* Fix online command on auto_offline sources +* Fix file descriptor leaks +* Increase burst polling interval and stop on KoD RATE +* Set maxupdateskew to 1000 ppm by default +* Require password for clients command +* Update drift file at most once per hour +* Use system headers for Linux RTC support +* Reduce default chronyc timeout and make it configurable +* Avoid large values in chronyc sources and sourcestats output +* Add reselect command to force reselecting best source +* Add -m option to allow multiple commands on command line + +New in version 1.24 +=================== + +Security fixes +-------------- +* Don't reply to invalid cmdmon packets (CVE-2010-0292) +* Limit client log memory size (CVE-2010-0293) +* Limit rate of syslog messages (CVE-2010-0294) + +Bug fixes/Enhancements +---------------------- +* Support for reference clocks (SHM, SOCK, PPS drivers) +* IPv6 support +* Linux capabilities support (to drop root privileges) +* Memory locking support on Linux +* Real-time scheduler support on Linux +* Leap second support on Linux +* Support for editline library +* Support for new Linux readonly adjtime +* NTP client support for KoD RATE +* Read kernel timestamps for received NTP packets +* Reply to NTP requests with correct address on multihomed hosts +* Retry name resolving after temporary failure +* Fix makestep command, make it available on all systems +* Add makestep directive for automatic clock stepping +* Don't require _bigadj kernel symbol on NetBSD +* Avoid blocking read in Linux RTC driver +* Support for Linux on S/390 and PowerPC +* Fix various bugs on 64-bit systems +* Fix valgrind errors and compiler warnings +* Improve configure to support common options and variables +* Improve status checking and printing in chronyc +* Return non-zero exit code on errors in chronyc +* Reduce request timeout in chronyc +* Print estimated offset in sourcestats +* Changed chronyc protocol, incompatible with older versions + +New in version 1.23 +=================== + +* Support for MIPS, x86_64, sparc, alpha, arm, FreeBSD +* Fix serious sign-extension error in handling IP addresses +* RTC support can be excluded at compile time +* Make sources gcc-4 compatible +* Fix various compiler warnings +* Handle fluctuations in peer distance better. +* Fixed handling of stratum zero. +* Fix various problems for 64-bit systems +* Flush chronyc output streams after each command, to allow it to be driven + through pipes +* Manpage improvements + +Version 1.22 +============ + +This release number was claimed by a release that Mandriva made to patch +important bugs in 1.21. The official numbering has jumped to 1.23 as a +consequence. + +New in version 1.21 +=================== + +* Don't include Linux kernel header files any longer : allows chrony to compile + on recent distros. +* Stop trying to use RTC if continuous streams of error messages would occur + (Linux with HPET). + +New in version 1.20 +=================== + +* Many small tidy-ups and security improvements +* Improve documentation (RTC support in post 2.0 kernels) +* Remove trailing \n from syslog messages +* Syslog messages now include IP and port number when packet cannot be sent. +* Added the "acquisitionport" directive. (Kalle Olavi Niemitalo) +* Use uname(2) instead of /proc/version to get kernel version. +* Merge support for Linux on Alpha +* Merge support for 64bit architectures +* Don't link -lm if it's not needed +* Fix Solaris build (broken by 64bit change) +* Add detection of Linux 2.5 +* Allow arbitrary value of HZ in Linux kernel +* Fix for chrony.spec on SuSE (Paul Elliot) +* Fix handling of initstepslew if no servers are listed (John Hasler) +* Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek) +* Replace sprintf by snprintf to remove risk of buffer overrun (John Hasler) +* Add --help to configure script + +New in version 1.19 +=================== + +* Auto-detect kernel's timer interrupt rate (so-called 'HZ') when chronyd + starts instead of relying on compiled-in value. +* Fix 2 bugs in function that creates the directory for the log and dump files. +* Amended webpage URL and contact details. +* Generate more informative syslog messages before exiting on failed + assertions. +* Fix bugs in clamping code for the tick value used when slewing a large + offset. +* Don't chown files to root during install (should be pointless, and makes RPM + building awkward as ordinary user.) +* Include chrony.spec file for building RPMs + +New in version 1.18 +=================== +* Amend homepage and mailing list information to chrony.sunsite.dk +* Delete pidfile on exit from chronyd. +* Improvements to readline interface to chronyc +* Only generate syslog message when synchronisation is initially lost (instead + of on every failed synchronisation attempt) +* Use double fork approach when initialising daemon. +* More things in contrib directory. +* New options to help package builders: --infodir/--mandir for configure, and + DESTDIR=xxx for make. (See section 2.2 of chrony.txt for details). +* Changed the wording of the messages generated by mailonchange and logchange + directives. + +New in version 1.17 +=================== +* Port to NetBSD +* Configuration supports Linux on PPC +* Fix compilation warnings +* Several documentation improvements +* Bundled manpages (taken from the 'missing manpages project') +* Cope with lack of bzero function for Solaris 2.3 systems +* Store chronyd's pid in a file (default /var/run/chronyd.pid) and check if + chronyd may already be running when starting up. New pidfile directive in + configuration file. +* Any size subnet is now allowed in allow and deny commands. (Example: + 6.7.8/20 or 6.7.8.x/20 (any x) mean a 20 bit subnet). +* The environment variables CC and CFLAGS passed to configure can now be used + to select the compiler and optimisation/debug options to use +* Write syslog messages when chronyd loses synchronisation. +* Print GPL text when chronyc is run. +* Add NTP broadcast server capability (new broadcast directive). +* Add 'auto_offline' option to server/peer (conf file) or add server/peer (via + chronyc). +* Add 'activity' command to chronyc, to report how many servers/peers are + currently online/offline. +* Fix long-standing bug with how the system time quantum was calculated. +* Include support for systems with HZ!=100 (HZ is the timer interrupt + frequency). +* Include example chrony.conf and chrony.keys files (examples subdirectory). +* Include support for readline in chronyc. + +New in version 1.16.1 +===================== +* Fix compilation problem on Linux 2.4.13 (spinlock.h / spinlock_t) + +New in version 1.16 +=================== +* More informative captions for 'sources' and 'sourcestats' commands in chronyc + (use 'sources -v' and 'sourcestats -v' to get them). +* Correct behaviour for Solaris versions>=2.6 (dosynctodr not required on these + versions.) +* Remove some compiler warnings (Solaris) +* If last line of keys file doesn't have end-of-line, don't truncate final + character of that key. +* Change timestamp format used in logfiles to make it fully numeric (to aid + importing data into spreadsheets etc) +* Minor documentation updates and improvements. + +New in version 1.15 +=================== +* Add contributed change to 'configure' to support Solaris 2.8 on x86 +* Workaround for assertion failure that arises if two received packets occur + close together. (Still need to find out why this happens at all.) +* Hopefully fix problem where fast slewing was incompatible with machines + that have a large background drift rate (=> tick value went out of range + for adjtimex() on Linux.) +* Fix rtc_linux.c compile problems with 2.4.x kernel include files. +* Include support for RTC device not being at /dev/rtc (new rtcdevice directive + in configuration file). +* Include support for restricting network interfaces for commands (new + bindcmdaddress directive in configuration file) +* Fix potential linking fault in pktlength.c (use of CROAK macro replaced by + normal assert). +* Add some material on bug reporting + contributing to the chrony.texi file +* Made the chrony.texi file "Vim6-friendly" (removed xrefs on @node lines, + added folding markers to chapters + sections.) +* Switched over to GPL for the licence + +New in version 1.14 +=================== +* Fix compilation for certain other Linux distributions (including Mandrake + 7.1) + +New in version 1.13 +=================== +* Fixed compilation problems on Redhat/SuSE installations with recent 2.2.x + kernels. +* Minor tidy-ups and documentation enhancements. +* Add support for Linux 2.4 kernels + +New in version 1.12 +=================== + +* Trial fix for long-standing bug in Linux RTC estimator when system time is + slewed. +* Fix bug in chronyc if -h is specified without a hostname +* Fixes to logging various error conditions when operating in daemon mode. +* More stuff under contrib/ +* Changes to README file (e.g. about the new chrony-users mailing list) + +New in version 1.11a +==================== + +* Minor changes to contact details +* Minor changes to installation details (chrony subdirectory under doc/) + +New in version 1.11 +=================== + +* Improve robustness of installation procedure +* Tidy up documenation and contact details +* Distribute manual as .txt rather than as .ps +* Add -n option to chronyc to work with numeric IP addresses rather than + names. +* Add material in contrib subdirectory +* Improve robustness of handling drift file and RTC coefficients file +* Improve robustness of regression algorithm + +New in version 1.1 +================== + +Bug fixes +--------- + +* Made linear regression more resistant to rounding errors (old one + occasionally generated negative variances which made everything go + haywire). Trap infinite or 'not-a-number' values being used to + alter system clock to increase robustness further. + +Other changes/Enhancements +-------------------------- + +* Support for Linux 2.1 and 2.2 kernels + +* New command 'makestep' in chronyc to immediately jump the system + time to match the NTP estimated time (Linux only) - a response to + systems booting an hour wrong after summertime/wintertime changes, + due to RTCs running on local time. Needs extending to Sun driver + files too. + +* New directives 'logchange' and 'mailonchange' to log to syslog or + email to a specific address respectively if chronyd detects a clock + offset exceeding a defined threshold. + +* Added capability to log all client/peer NTP accesses and command + accesses (can be turned off with conf file directive 'noclientlog'). + Added 'clients' command to chronyc to display this data. + +* Improved manual mode to use robust regression rather than 2 point + fit. + +* Added 'manual list' and 'manual delete' commands to chronyc to + allow display of entered timestamps and discretionary deletion of + outliers. + +* If host goes unsynchronised the dummy IP address 0.0.0.0 is detected + to avoid attempting a reverse name lookup (to stop dial on demand IP + links from being started) + +* Changed chronyc/chronyd protocol so messages are now all variable + length. Saves on network bandwidth particularly for large replies + from chronyd to chronyc (to support the clients command). + +* Added bindaddress directive to configuration file, to give + additional control over limiting which hosts can access the local + server. + +* Groundwork done for a port to Windows NT to compile with Cygwin + toolkit. chronyc works (to monitor another host). sys_winnt.c + needs finishing to use NT clock control API. Program structure + needs adapting to use Windows NT service functions, so it can be + started at boot time. Hopefully a Windows NT / Cygwin guru with + some spare time can take this port over :-) + +New in version 1.02 +=================== + +Bug fixes +--------- + +* Fix error messages in chronyc if daemon is not reachable. + +* Fix config file problem for 'allow all' and 'deny all' without a + trailing machine address. + +* Remove fatal failed assertion if command socket cannot be read from + in daemon. + +* Rewrote timezone handling for Linux real time clock, following + various reported problems related to daylight saving. + +Other changes/Enhancements +-------------------------- + +* Configure script recognizes BSD/386 and uses SunOS 4.1 driver for + it. + +* Log files now print date as day-month-year rather than as a day + number. Milliseconds removed from timestamps of logged data. + Banners included in file to give meanings of columns. + +* Only do 1 initial step (followed by a trimming slew) when + initialising from RTC on Linux (previously did 2 steps). + +New in version 1.01 +=================== + +Bug fixes +--------- + +* Handle timezone of RTC correctly with respect to daylight saving + time + +* Syntax check the chronyc 'local' command properly + +* Fixed assertion failed fault in median finder (used by RTC + regression fitting) + +Other changes/Enhancements +-------------------------- + +* Log selection of new NTP reference source to syslog. + +* Don't zero-pad IP address fields + +* Add new command to chronyc to allow logfiles to be cycled. + +* Extend allow/deny directive syntax in configuration file to so + directive can apply to all hosts on the Internet. + +* Tidy up printout of timestamps to make it clear they are in UTC + +* Make 'configure' check the processor type as well as the operating + system. diff --git a/README b/README new file mode 100644 index 0000000..00214a5 --- /dev/null +++ b/README @@ -0,0 +1,160 @@ +This is the README for chrony. + +What is chrony? +=============== + +chrony is a versatile implementation of the Network Time Protocol (NTP). +It can synchronise the system clock with NTP servers, reference clocks +(e.g. GPS receiver), and manual input using wristwatch and keyboard. +It can also operate as an NTPv4 (RFC 5905) server and peer to provide +a time service to other computers in the network. + +It is designed to perform well in a wide range of conditions, including +intermittent network connections, heavily congested networks, changing +temperatures (ordinary computer clocks are sensitive to temperature), +and systems that do not run continuosly, or run on a virtual machine. + +Typical accuracy between two machines synchronised over the Internet is +within a few milliseconds; on a LAN, accuracy is typically in tens of +microseconds. With hardware timestamping, or a hardware reference clock, +sub-microsecond accuracy may be possible. + +Two programs are included in chrony, chronyd is a daemon that can be +started at boot time and chronyc is a command-line interface program +which can be used to monitor chronyd's performance and to change various +operating parameters whilst it is running. + +What will chrony run on? +======================== + +The software is known to work on Linux, FreeBSD, NetBSD, macOS and +illumos. Closely related systems may work too. Any other system will +likely require a porting exercise. + +How do I set it up? +=================== + +The file INSTALL gives instructions. On supported systems the +compilation process should be automatic. You will need a C compiler, +e.g. gcc or clang. + +What documentation is there? +============================ + +The distribution includes manual pages and a document containing +Frequently Asked Questions (FAQ). + +The documentation is also available on the chrony web pages, accessible +through the URL + + https://chrony.tuxfamily.org/ + +Where are new versions announced? +================================= + +There is a low volume mailing list where new versions and other +important news relating to chrony are announced. You can join this list +by sending mail with the subject "subscribe" to + +chrony-announce-request@chrony.tuxfamily.org + +How can I get support for chrony? +================================= + +There are two other mailing lists relating to chrony. chrony-users is a +discussion list for users, e.g. for questions about chrony configuration +and bug reports. chrony-dev is a more technical list for developers, +e.g. for submitting patches and discussing how new features should be +implemented. To subscribe to either of these lists, send a message with +the subject "subscribe" to + +chrony-users-request@chrony.tuxfamily.org +or +chrony-dev-request@chrony.tuxfamily.org + +as applicable. + +License +======= + +chrony is distributed under the GNU General Public License version 2. + +Authors +======= + +Richard P. Curnow +Miroslav Lichvar + +Acknowledgements +================ + +In writing the chronyd program, extensive use has been made of the NTPv3 (RFC +1305) and NTPv4 (RFC 5905) specification. The source code of the xntpd/ntpd +implementation written by Dennis Fergusson, Lars Mathiesen, David Mills, and +others has been used to check the details of the protocol. + +The following people have provided patches and other major contributions +to chrony: + +Lonnie Abelbeck +Benny Lyne Amorsen +Andrew Bishop +Vincent Blut +Stephan I. Boettcher +David Bohman +Goswin Brederlow +Leigh Brown +Erik Bryer +Jonathan Cameron +Bryan Christianson +Juliusz Chroboczek +Kamil Dudka +Christian Ehrhardt +Paul Elliott +Robert Fairley +Stefan R. Filipek +Mike Fleetwood +Alexander Gretencord +Andrew Griffiths +Walter Haidinger +Juergen Hannken-Illjes +John Hasler +Tjalling Hattink +Liam Hatton +Jachym Holecek +Håkan Johansson +Jim Knoble +Antti Jrvinen +Uwe Kleine-König +Eric Lammerts +Stefan Lucke +Victor Lum +Kevin Lyda +Paul Menzel +Vladimir Michl +Victor Moroz +Kalle Olavi Niemitalo +Frank Otto +Denny Page +Chris Perl +Gautier PHILIPPON +Andreas Piesk +Baruch Siach +Foster Snowhill +Andreas Steinmetz +NAKAMURA Takumi +Timo Teras +Bill Unruh +Stephen Wadeley +Bernhard Weiss +Wolfgang Weisselberg +Bernhard M. Wiedemann +Joachim Wiedorn +Ralf Wildenhues +Ulrich Windl +Michael Witten +Doug Woodward +Thomas Zajic + +Many other people have contributed bug reports and suggestions. We are sorry +we cannot identify all of you individually. diff --git a/addressing.h b/addressing.h new file mode 100644 index 0000000..3e311fa --- /dev/null +++ b/addressing.h @@ -0,0 +1,67 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Types used for addressing sources etc + */ + +#ifndef GOT_ADDRESSING_H +#define GOT_ADDRESSING_H + +#include "sysincl.h" + +/* This type is used to represent an IPv4 address or IPv6 address. + Addresses which are not resolved yet can be represented with an ID. + All parts are in HOST order, NOT network order. */ + +#define IPADDR_UNSPEC 0 +#define IPADDR_INET4 1 +#define IPADDR_INET6 2 +#define IPADDR_ID 3 + +typedef struct { + union { + uint32_t in4; + uint8_t in6[16]; + uint32_t id; + } addr; + uint16_t family; + uint16_t _pad; +} IPAddr; + +typedef struct { + IPAddr ip_addr; + uint16_t port; +} IPSockAddr; + +typedef IPSockAddr NTP_Remote_Address; + +#define INVALID_IF_INDEX -1 + +typedef struct { + IPAddr ip_addr; + int if_index; + int sock_fd; +} NTP_Local_Address; + +#endif /* GOT_ADDRESSING_H */ + diff --git a/addrfilt.c b/addrfilt.c new file mode 100644 index 0000000..6208b46 --- /dev/null +++ b/addrfilt.c @@ -0,0 +1,405 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997,1998,1999,2000,2001,2002,2005 + * Copyright (C) Miroslav Lichvar 2009, 2015 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + This module provides a set of routines for checking IP addresses + against a set of rules and deciding whether they are allowed or + disallowed. + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "addrfilt.h" +#include "memory.h" + +/* Define the number of bits which are stripped off per level of + indirection in the tables */ +#define NBITS 4 + +/* Define the table size */ +#define TABLE_SIZE (1UL<addr.in6[i * 4 + 0] << 24 | + ip->addr.in6[i * 4 + 1] << 16 | + ip->addr.in6[i * 4 + 2] << 8 | + ip->addr.in6[i * 4 + 3]; +} + +/* ================================================== */ + +inline static uint32_t +get_subnet(uint32_t *addr, unsigned int where) +{ + int off; + + off = where / 32; + where %= 32; + + return (addr[off] >> (32 - NBITS - where)) & ((1UL << NBITS) - 1); +} + +/* ================================================== */ + +ADF_AuthTable +ADF_CreateTable(void) +{ + ADF_AuthTable result; + result = MallocNew(struct ADF_AuthTableInst); + + /* Default is that nothing is allowed */ + result->base4.state = DENY; + result->base4.extended = NULL; + result->base6.state = DENY; + result->base6.extended = NULL; + + return result; +} + +/* ================================================== */ +/* This function deletes all definitions of child nodes, in effect + pruning a whole subnet definition back to a single parent + record. */ +static void +close_node(TableNode *node) +{ + int i; + TableNode *child_node; + + if (node->extended != NULL) { + for (i=0; iextended[i]); + close_node(child_node); + } + Free(node->extended); + node->extended = NULL; + } +} + + +/* ================================================== */ +/* Allocate the extension field in a node, and set all the children's + states to default to that of the node being extended */ + +static void +open_node(TableNode *node) +{ + int i; + TableNode *child_node; + + if (node->extended == NULL) { + + node->extended = MallocArray(struct _TableNode, TABLE_SIZE); + + for (i=0; iextended[i]); + child_node->state = AS_PARENT; + child_node->extended = NULL; + } + } +} + +/* ================================================== */ + +static ADF_Status +set_subnet(TableNode *start_node, + uint32_t *ip, + int ip_len, + int subnet_bits, + State new_state, + int delete_children) +{ + int bits_to_go, bits_consumed; + uint32_t subnet; + TableNode *node; + + bits_consumed = 0; + bits_to_go = subnet_bits; + node = start_node; + + if ((subnet_bits < 0) || + (subnet_bits > 32 * ip_len)) { + + return ADF_BADSUBNET; + + } else { + + if ((bits_to_go & (NBITS-1)) == 0) { + + while (bits_to_go > 0) { + subnet = get_subnet(ip, bits_consumed); + if (!(node->extended)) { + open_node(node); + } + node = &(node->extended[subnet]); + bits_to_go -= NBITS; + bits_consumed += NBITS; + } + + if (delete_children) { + close_node(node); + } + node->state = new_state; + + } else { /* Have to set multiple entries */ + int N, i, j; + TableNode *this_node; + + while (bits_to_go >= NBITS) { + subnet = get_subnet(ip, bits_consumed); + if (!(node->extended)) { + open_node(node); + } + node = &(node->extended[subnet]); + bits_to_go -= NBITS; + bits_consumed += NBITS; + } + + /* How many subnet entries to set : 1->8, 2->4, 3->2 */ + N = 1 << (NBITS-bits_to_go); + + subnet = get_subnet(ip, bits_consumed) & ~(N - 1); + assert(subnet + N <= TABLE_SIZE); + + if (!(node->extended)) { + open_node(node); + } + + for (i=subnet, j=0; jextended[i]); + if (delete_children) { + close_node(this_node); + } + this_node->state = new_state; + } + } + + return ADF_SUCCESS; + } + +} + +/* ================================================== */ + +static ADF_Status +set_subnet_(ADF_AuthTable table, + IPAddr *ip_addr, + int subnet_bits, + State new_state, + int delete_children) +{ + uint32_t ip6[4]; + + switch (ip_addr->family) { + case IPADDR_INET4: + return set_subnet(&table->base4, &ip_addr->addr.in4, 1, subnet_bits, new_state, delete_children); + case IPADDR_INET6: + split_ip6(ip_addr, ip6); + return set_subnet(&table->base6, ip6, 4, subnet_bits, new_state, delete_children); + case IPADDR_UNSPEC: + /* Apply to both, subnet_bits has to be 0 */ + if (subnet_bits != 0) + return ADF_BADSUBNET; + memset(ip6, 0, sizeof (ip6)); + if (set_subnet(&table->base4, ip6, 1, 0, new_state, delete_children) == ADF_SUCCESS && + set_subnet(&table->base6, ip6, 4, 0, new_state, delete_children) == ADF_SUCCESS) + return ADF_SUCCESS; + break; + default: + break; + } + + return ADF_BADSUBNET; +} + +ADF_Status +ADF_Allow(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, ALLOW, 0); +} + +/* ================================================== */ + + +ADF_Status +ADF_AllowAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, ALLOW, 1); +} + +/* ================================================== */ + +ADF_Status +ADF_Deny(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, DENY, 0); +} + +/* ================================================== */ + +ADF_Status +ADF_DenyAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits) +{ + return set_subnet_(table, ip, subnet_bits, DENY, 1); +} + +/* ================================================== */ + +void +ADF_DestroyTable(ADF_AuthTable table) +{ + close_node(&table->base4); + close_node(&table->base6); + Free(table); +} + +/* ================================================== */ + +static int +check_ip_in_node(TableNode *start_node, uint32_t *ip) +{ + uint32_t subnet; + int bits_consumed = 0; + int result = 0; + int finished = 0; + TableNode *node; + State state=DENY; + + node = start_node; + + do { + if (node->state != AS_PARENT) { + state = node->state; + } + if (node->extended) { + subnet = get_subnet(ip, bits_consumed); + node = &(node->extended[subnet]); + bits_consumed += NBITS; + } else { + /* Make decision on this node */ + finished = 1; + } + } while (!finished); + + switch (state) { + case ALLOW: + result = 1; + break; + case DENY: + result = 0; + break; + case AS_PARENT: + assert(0); + break; + } + + return result; +} + + +/* ================================================== */ + +int +ADF_IsAllowed(ADF_AuthTable table, + IPAddr *ip_addr) +{ + uint32_t ip6[4]; + + switch (ip_addr->family) { + case IPADDR_INET4: + return check_ip_in_node(&table->base4, &ip_addr->addr.in4); + case IPADDR_INET6: + split_ip6(ip_addr, ip6); + return check_ip_in_node(&table->base6, ip6); + default: + return 0; + } +} + +/* ================================================== */ + +static int +is_any_allowed(TableNode *node, State parent) +{ + State state; + int i; + + state = node->state != AS_PARENT ? node->state : parent; + assert(state != AS_PARENT); + + if (node->extended) { + for (i = 0; i < TABLE_SIZE; i++) { + if (is_any_allowed(&node->extended[i], state)) + return 1; + } + } else if (state == ALLOW) { + return 1; + } + + return 0; +} + +/* ================================================== */ + +int +ADF_IsAnyAllowed(ADF_AuthTable table, int family) +{ + switch (family) { + case IPADDR_INET4: + return is_any_allowed(&table->base4, AS_PARENT); + case IPADDR_INET6: + return is_any_allowed(&table->base6, AS_PARENT); + default: + return 0; + } +} diff --git a/addrfilt.h b/addrfilt.h new file mode 100644 index 0000000..b8c131f --- /dev/null +++ b/addrfilt.h @@ -0,0 +1,80 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2002 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Module for providing an authorisation filter on IP addresses + */ + +#ifndef GOT_ADDRFILT_H +#define GOT_ADDRFILT_H + +#include "addressing.h" + +typedef struct ADF_AuthTableInst *ADF_AuthTable; + +typedef enum { + ADF_SUCCESS, + ADF_BADSUBNET +} ADF_Status; + + +/* Create a new table. The default rule is deny for everything */ +extern ADF_AuthTable ADF_CreateTable(void); + +/* Allow anything in the supplied subnet, EXCEPT for any more specific + subnets that are already defined */ +extern ADF_Status ADF_Allow(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Allow anything in the supplied subnet, overwriting existing + definitions for any more specific subnets */ +extern ADF_Status ADF_AllowAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Deny anything in the supplied subnet, EXCEPT for any more specific + subnets that are already defined */ +extern ADF_Status ADF_Deny(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Deny anything in the supplied subnet, overwriting existing + definitions for any more specific subnets */ +extern ADF_Status ADF_DenyAll(ADF_AuthTable table, + IPAddr *ip, + int subnet_bits); + +/* Clear up the table */ +extern void ADF_DestroyTable(ADF_AuthTable table); + +/* Check whether a given IP address is allowed by the rules in + the table */ +extern int ADF_IsAllowed(ADF_AuthTable table, + IPAddr *ip); + +/* Check if at least one address from a given family is allowed by + the rules in the table */ +extern int ADF_IsAnyAllowed(ADF_AuthTable table, + int family); + +#endif /* GOT_ADDRFILT_H */ diff --git a/array.c b/array.c new file mode 100644 index 0000000..d70cff9 --- /dev/null +++ b/array.c @@ -0,0 +1,130 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Functions implementing an array with automatic memory allocation. + + */ + +#include "config.h" + +#include "sysincl.h" + +#include "array.h" +#include "memory.h" + +struct ARR_Instance_Record { + void *data; + unsigned int elem_size; + unsigned int used; + unsigned int allocated; +}; + +ARR_Instance +ARR_CreateInstance(unsigned int elem_size) +{ + ARR_Instance array; + + assert(elem_size > 0); + + array = MallocNew(struct ARR_Instance_Record); + + array->data = NULL; + array->elem_size = elem_size; + array->used = 0; + array->allocated = 0; + + return array; +} + +void +ARR_DestroyInstance(ARR_Instance array) +{ + Free(array->data); + Free(array); +} + +static void +realloc_array(ARR_Instance array, unsigned int min_size) +{ + assert(min_size <= 2 * min_size); + if (array->allocated >= min_size && array->allocated <= 2 * min_size) + return; + + if (array->allocated < min_size) { + while (array->allocated < min_size) + array->allocated = array->allocated ? 2 * array->allocated : 1; + } else { + array->allocated = min_size; + } + + array->data = Realloc2(array->data, array->allocated, array->elem_size); +} + +void * +ARR_GetNewElement(ARR_Instance array) +{ + array->used++; + realloc_array(array, array->used); + return ARR_GetElement(array, array->used - 1); +} + +void * +ARR_GetElement(ARR_Instance array, unsigned int index) +{ + assert(index < array->used); + return (void *)((char *)array->data + (size_t)index * array->elem_size); +} + +void * +ARR_GetElements(ARR_Instance array) +{ + /* Return a non-NULL pointer when the array has zero size */ + if (!array->data) { + assert(!array->used); + return array; + } + + return array->data; +} + +void +ARR_AppendElement(ARR_Instance array, void *element) +{ + void *e; + + e = ARR_GetNewElement(array); + memcpy(e, element, array->elem_size); +} + +void +ARR_SetSize(ARR_Instance array, unsigned int size) +{ + realloc_array(array, size); + array->used = size; +} + +unsigned int +ARR_GetSize(ARR_Instance array) +{ + return array->used; +} diff --git a/array.h b/array.h new file mode 100644 index 0000000..c812e84 --- /dev/null +++ b/array.h @@ -0,0 +1,56 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Miroslav Lichvar 2014 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Header file for array functions. + */ + +#ifndef GOT_ARRAY_H +#define GOT_ARRAY_H + +typedef struct ARR_Instance_Record *ARR_Instance; + +/* Create a new array with given element size */ +extern ARR_Instance ARR_CreateInstance(unsigned int elem_size); + +/* Destroy the array */ +extern void ARR_DestroyInstance(ARR_Instance array); + +/* Return pointer to a new element added to the end of the array */ +extern void *ARR_GetNewElement(ARR_Instance array); + +/* Return element with given index */ +extern void *ARR_GetElement(ARR_Instance array, unsigned int index); + +/* Return pointer to the internal array of elements */ +extern void *ARR_GetElements(ARR_Instance array); + +/* Add a new element to the end of the array */ +extern void ARR_AppendElement(ARR_Instance array, void *element); + +/* Set the size of the array */ +extern void ARR_SetSize(ARR_Instance array, unsigned int size); + +/* Return current size of the array */ +extern unsigned int ARR_GetSize(ARR_Instance array); + +#endif diff --git a/candm.h b/candm.h new file mode 100644 index 0000000..3071828 --- /dev/null +++ b/candm.h @@ -0,0 +1,824 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Definitions for the network protocol used for command and monitoring + of the timeserver. + + */ + +#ifndef GOT_CANDM_H +#define GOT_CANDM_H + +#include "sysincl.h" +#include "addressing.h" + +/* This is the default port to use for CANDM, if no alternative is + defined */ +#define DEFAULT_CANDM_PORT 323 + +/* Request codes */ +#define REQ_NULL 0 +#define REQ_ONLINE 1 +#define REQ_OFFLINE 2 +#define REQ_BURST 3 +#define REQ_MODIFY_MINPOLL 4 +#define REQ_MODIFY_MAXPOLL 5 +#define REQ_DUMP 6 +#define REQ_MODIFY_MAXDELAY 7 +#define REQ_MODIFY_MAXDELAYRATIO 8 +#define REQ_MODIFY_MAXUPDATESKEW 9 +#define REQ_LOGON 10 +#define REQ_SETTIME 11 +#define REQ_LOCAL 12 +#define REQ_MANUAL 13 +#define REQ_N_SOURCES 14 +#define REQ_SOURCE_DATA 15 +#define REQ_REKEY 16 +#define REQ_ALLOW 17 +#define REQ_ALLOWALL 18 +#define REQ_DENY 19 +#define REQ_DENYALL 20 +#define REQ_CMDALLOW 21 +#define REQ_CMDALLOWALL 22 +#define REQ_CMDDENY 23 +#define REQ_CMDDENYALL 24 +#define REQ_ACCHECK 25 +#define REQ_CMDACCHECK 26 +#define REQ_ADD_SERVER 27 +#define REQ_ADD_PEER 28 +#define REQ_DEL_SOURCE 29 +#define REQ_WRITERTC 30 +#define REQ_DFREQ 31 +#define REQ_DOFFSET 32 +#define REQ_TRACKING 33 +#define REQ_SOURCESTATS 34 +#define REQ_RTCREPORT 35 +#define REQ_TRIMRTC 36 +#define REQ_CYCLELOGS 37 +#define REQ_SUBNETS_ACCESSED 38 +#define REQ_CLIENT_ACCESSES 39 +#define REQ_CLIENT_ACCESSES_BY_INDEX 40 +#define REQ_MANUAL_LIST 41 +#define REQ_MANUAL_DELETE 42 +#define REQ_MAKESTEP 43 +#define REQ_ACTIVITY 44 +#define REQ_MODIFY_MINSTRATUM 45 +#define REQ_MODIFY_POLLTARGET 46 +#define REQ_MODIFY_MAXDELAYDEVRATIO 47 +#define REQ_RESELECT 48 +#define REQ_RESELECTDISTANCE 49 +#define REQ_MODIFY_MAKESTEP 50 +#define REQ_SMOOTHING 51 +#define REQ_SMOOTHTIME 52 +#define REQ_REFRESH 53 +#define REQ_SERVER_STATS 54 +#define REQ_CLIENT_ACCESSES_BY_INDEX2 55 +#define REQ_LOCAL2 56 +#define REQ_NTP_DATA 57 +#define REQ_ADD_SERVER2 58 +#define REQ_ADD_PEER2 59 +#define REQ_ADD_SERVER3 60 +#define REQ_ADD_PEER3 61 +#define REQ_SHUTDOWN 62 +#define REQ_ONOFFLINE 63 +#define REQ_ADD_SOURCE 64 +#define REQ_NTP_SOURCE_NAME 65 +#define REQ_RESET_SOURCES 66 +#define REQ_AUTH_DATA 67 +#define REQ_CLIENT_ACCESSES_BY_INDEX3 68 +#define REQ_SELECT_DATA 69 +#define REQ_RELOAD_SOURCES 70 +#define REQ_DOFFSET2 71 +#define N_REQUEST_TYPES 72 + +/* Structure used to exchange timespecs independent of time_t size */ +typedef struct { + uint32_t tv_sec_high; + uint32_t tv_sec_low; + uint32_t tv_nsec; +} Timespec; + +/* This is used in tv_sec_high for 32-bit timestamps */ +#define TV_NOHIGHSEC 0x7fffffff + +/* 32-bit floating-point format consisting of 7-bit signed exponent + and 25-bit signed coefficient without hidden bit. + The result is calculated as: 2^(exp - 25) * coef */ +typedef struct { + int32_t f; +} Float; + +/* The EOR (end of record) fields are used by the offsetof operator in + pktlength.c, to get the number of bytes that ought to be + transmitted for each packet type. */ + +typedef struct { + int32_t EOR; +} REQ_Null; + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t EOR; +} REQ_Online; + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t EOR; +} REQ_Offline; + +typedef struct { + IPAddr mask; + IPAddr address; + int32_t n_good_samples; + int32_t n_total_samples; + int32_t EOR; +} REQ_Burst; + +typedef struct { + IPAddr address; + int32_t new_minpoll; + int32_t EOR; +} REQ_Modify_Minpoll; + +typedef struct { + IPAddr address; + int32_t new_maxpoll; + int32_t EOR; +} REQ_Modify_Maxpoll; + +typedef struct { + int32_t pad; + int32_t EOR; +} REQ_Dump; + +typedef struct { + IPAddr address; + Float new_max_delay; + int32_t EOR; +} REQ_Modify_Maxdelay; + +typedef struct { + IPAddr address; + Float new_max_delay_ratio; + int32_t EOR; +} REQ_Modify_Maxdelayratio; + +typedef struct { + IPAddr address; + Float new_max_delay_dev_ratio; + int32_t EOR; +} REQ_Modify_Maxdelaydevratio; + +typedef struct { + IPAddr address; + int32_t new_min_stratum; + int32_t EOR; +} REQ_Modify_Minstratum; + +typedef struct { + IPAddr address; + int32_t new_poll_target; + int32_t EOR; +} REQ_Modify_Polltarget; + +typedef struct { + Float new_max_update_skew; + int32_t EOR; +} REQ_Modify_Maxupdateskew; + +typedef struct { + int32_t limit; + Float threshold; + int32_t EOR; +} REQ_Modify_Makestep; + +typedef struct { + Timespec ts; + int32_t EOR; +} REQ_Logon; + +typedef struct { + Timespec ts; + int32_t EOR; +} REQ_Settime; + +typedef struct { + int32_t on_off; + int32_t stratum; + Float distance; + int32_t orphan; + int32_t EOR; +} REQ_Local; + +typedef struct { + int32_t option; + int32_t EOR; +} REQ_Manual; + +typedef struct { + int32_t index; + int32_t EOR; +} REQ_Source_Data; + +typedef struct { + IPAddr ip; + int32_t subnet_bits; + int32_t EOR; +} REQ_Allow_Deny; + +typedef struct { + IPAddr ip; + int32_t EOR; +} REQ_Ac_Check; + +/* Source types in NTP source requests */ +#define REQ_ADDSRC_SERVER 1 +#define REQ_ADDSRC_PEER 2 +#define REQ_ADDSRC_POOL 3 + +/* Flags used in NTP source requests */ +#define REQ_ADDSRC_ONLINE 0x1 +#define REQ_ADDSRC_AUTOOFFLINE 0x2 +#define REQ_ADDSRC_IBURST 0x4 +#define REQ_ADDSRC_PREFER 0x8 +#define REQ_ADDSRC_NOSELECT 0x10 +#define REQ_ADDSRC_TRUST 0x20 +#define REQ_ADDSRC_REQUIRE 0x40 +#define REQ_ADDSRC_INTERLEAVED 0x80 +#define REQ_ADDSRC_BURST 0x100 +#define REQ_ADDSRC_NTS 0x200 +#define REQ_ADDSRC_COPY 0x400 +#define REQ_ADDSRC_EF_EXP1 0x800 + +typedef struct { + uint32_t type; + uint8_t name[256]; + uint32_t port; + int32_t minpoll; + int32_t maxpoll; + int32_t presend_minpoll; + uint32_t min_stratum; + uint32_t poll_target; + uint32_t version; + uint32_t max_sources; + int32_t min_samples; + int32_t max_samples; + uint32_t authkey; + uint32_t nts_port; + Float max_delay; + Float max_delay_ratio; + Float max_delay_dev_ratio; + Float min_delay; + Float asymmetry; + Float offset; + uint32_t flags; + int32_t filter_length; + uint32_t cert_set; + Float max_delay_quant; + uint32_t reserved[1]; + int32_t EOR; +} REQ_NTP_Source; + +typedef struct { + IPAddr ip_addr; + int32_t EOR; +} REQ_Del_Source; + +typedef struct { + Float dfreq; + int32_t EOR; +} REQ_Dfreq; + +typedef struct { + Float doffset; + int32_t EOR; +} REQ_Doffset; + +typedef struct { + uint32_t index; + int32_t EOR; +} REQ_Sourcestats; + +/* This is based on the response size rather than the + request size */ +#define MAX_CLIENT_ACCESSES 8 + +typedef struct { + uint32_t first_index; + uint32_t n_clients; + uint32_t min_hits; + uint32_t reset; + int32_t EOR; +} REQ_ClientAccessesByIndex; + +typedef struct { + int32_t index; + int32_t EOR; +} REQ_ManualDelete; + +typedef struct { + Float distance; + int32_t EOR; +} REQ_ReselectDistance; + +#define REQ_SMOOTHTIME_RESET 0 +#define REQ_SMOOTHTIME_ACTIVATE 1 + +typedef struct { + int32_t option; + int32_t EOR; +} REQ_SmoothTime; + +typedef struct { + IPAddr ip_addr; + int32_t EOR; +} REQ_NTPData; + +typedef struct { + IPAddr ip_addr; + int32_t EOR; +} REQ_NTPSourceName; + +typedef struct { + IPAddr ip_addr; + int32_t EOR; +} REQ_AuthData; + +typedef struct { + uint32_t index; + int32_t EOR; +} REQ_SelectData; + +/* ================================================== */ + +#define PKT_TYPE_CMD_REQUEST 1 +#define PKT_TYPE_CMD_REPLY 2 + +/* This version number needs to be incremented whenever the packet + size and/or the format of any of the existing messages is changed. + Other changes, e.g. new command types, should be handled cleanly by + client.c and cmdmon.c anyway, so the version can stay the same. + + Version 1 : original version with fixed size packets + + Version 2 : both command and reply packet sizes made capable of + being variable length. + + Version 3 : NTP_Source message lengthened (auto_offline) + + Version 4 : IPv6 addressing added, 64-bit time values, sourcestats + and tracking reports extended, added flags to NTP source request, + trimmed source report, replaced fixed-point format with floating-point + and used also instead of integer microseconds, new commands: modify stratum, + modify polltarget, modify maxdelaydevratio, reselect, reselectdistance + + Version 5 : auth data moved to the end of the packet to allow hashes with + different sizes, extended sources, tracking and activity reports, dropped + subnets accessed and client accesses + + Version 6 : added padding to requests to prevent amplification attack, + changed maximum number of samples in manual list to 16, new commands: modify + makestep, smoothing, smoothtime + + Support for authentication was removed later in version 6 of the protocol + and commands that required authentication are allowed only locally over Unix + domain socket. + + Version 6 (no authentication) : changed format of client accesses by index + (two times), delta offset, and manual timestamp, added new fields and + flags to NTP source request and report, made length of manual list constant, + added new commands: authdata, ntpdata, onoffline, refresh, reset, + selectdata, serverstats, shutdown, sourcename + */ + +#define PROTO_VERSION_NUMBER 6 + +/* The oldest protocol versions that are compatible enough with the current + version to report a version mismatch for the server and the client */ +#define PROTO_VERSION_MISMATCH_COMPAT_SERVER 5 +#define PROTO_VERSION_MISMATCH_COMPAT_CLIENT 4 + +/* The first protocol version using padding in requests */ +#define PROTO_VERSION_PADDING 6 + +/* The maximum length of padding in request packet, currently + defined by CLIENT_ACCESSES_BY_INDEX3 */ +#define MAX_PADDING_LENGTH 484 + +/* ================================================== */ + +typedef struct { + uint8_t version; /* Protocol version */ + uint8_t pkt_type; /* What sort of packet this is */ + uint8_t res1; + uint8_t res2; + uint16_t command; /* Which command is being issued */ + uint16_t attempt; /* How many resends the client has done + (count up from zero for same sequence + number) */ + uint32_t sequence; /* Client's sequence number */ + uint32_t pad1; + uint32_t pad2; + + union { + REQ_Null null; + REQ_Online online; + REQ_Offline offline; + REQ_Burst burst; + REQ_Modify_Minpoll modify_minpoll; + REQ_Modify_Maxpoll modify_maxpoll; + REQ_Dump dump; + REQ_Modify_Maxdelay modify_maxdelay; + REQ_Modify_Maxdelayratio modify_maxdelayratio; + REQ_Modify_Maxdelaydevratio modify_maxdelaydevratio; + REQ_Modify_Minstratum modify_minstratum; + REQ_Modify_Polltarget modify_polltarget; + REQ_Modify_Maxupdateskew modify_maxupdateskew; + REQ_Modify_Makestep modify_makestep; + REQ_Logon logon; + REQ_Settime settime; + REQ_Local local; + REQ_Manual manual; + REQ_Source_Data source_data; + REQ_Allow_Deny allow_deny; + REQ_Ac_Check ac_check; + REQ_NTP_Source ntp_source; + REQ_Del_Source del_source; + REQ_Dfreq dfreq; + REQ_Doffset doffset; + REQ_Sourcestats sourcestats; + REQ_ClientAccessesByIndex client_accesses_by_index; + REQ_ManualDelete manual_delete; + REQ_ReselectDistance reselect_distance; + REQ_SmoothTime smoothtime; + REQ_NTPData ntp_data; + REQ_NTPSourceName ntp_source_name; + REQ_AuthData auth_data; + REQ_SelectData select_data; + } data; /* Command specific parameters */ + + /* Padding used to prevent traffic amplification. It only defines the + maximum size of the packet, there is no hole after the data field. */ + uint8_t padding[MAX_PADDING_LENGTH]; + +} CMD_Request; + +/* ================================================== */ +/* Authority codes for command types */ + +#define PERMIT_OPEN 0 +#define PERMIT_LOCAL 1 +#define PERMIT_AUTH 2 + +/* ================================================== */ + +/* Reply codes */ +#define RPY_NULL 1 +#define RPY_N_SOURCES 2 +#define RPY_SOURCE_DATA 3 +#define RPY_MANUAL_TIMESTAMP 4 +#define RPY_TRACKING 5 +#define RPY_SOURCESTATS 6 +#define RPY_RTC 7 +#define RPY_SUBNETS_ACCESSED 8 +#define RPY_CLIENT_ACCESSES 9 +#define RPY_CLIENT_ACCESSES_BY_INDEX 10 +#define RPY_MANUAL_LIST 11 +#define RPY_ACTIVITY 12 +#define RPY_SMOOTHING 13 +#define RPY_SERVER_STATS 14 +#define RPY_CLIENT_ACCESSES_BY_INDEX2 15 +#define RPY_NTP_DATA 16 +#define RPY_MANUAL_TIMESTAMP2 17 +#define RPY_MANUAL_LIST2 18 +#define RPY_NTP_SOURCE_NAME 19 +#define RPY_AUTH_DATA 20 +#define RPY_CLIENT_ACCESSES_BY_INDEX3 21 +#define RPY_SERVER_STATS2 22 +#define RPY_SELECT_DATA 23 +#define RPY_SERVER_STATS3 24 +#define N_REPLY_TYPES 25 + +/* Status codes */ +#define STT_SUCCESS 0 +#define STT_FAILED 1 +#define STT_UNAUTH 2 +#define STT_INVALID 3 +#define STT_NOSUCHSOURCE 4 +#define STT_INVALIDTS 5 +#define STT_NOTENABLED 6 +#define STT_BADSUBNET 7 +#define STT_ACCESSALLOWED 8 +#define STT_ACCESSDENIED 9 +#define STT_NOHOSTACCESS 10 /* Deprecated */ +#define STT_SOURCEALREADYKNOWN 11 +#define STT_TOOMANYSOURCES 12 +#define STT_NORTC 13 +#define STT_BADRTCFILE 14 +#define STT_INACTIVE 15 +#define STT_BADSAMPLE 16 +#define STT_INVALIDAF 17 +#define STT_BADPKTVERSION 18 +#define STT_BADPKTLENGTH 19 +#define STT_INVALIDNAME 21 + +typedef struct { + int32_t EOR; +} RPY_Null; + +typedef struct { + uint32_t n_sources; + int32_t EOR; +} RPY_N_Sources; + +#define RPY_SD_MD_CLIENT 0 +#define RPY_SD_MD_PEER 1 +#define RPY_SD_MD_REF 2 + +#define RPY_SD_ST_SELECTED 0 +#define RPY_SD_ST_NONSELECTABLE 1 +#define RPY_SD_ST_FALSETICKER 2 +#define RPY_SD_ST_JITTERY 3 +#define RPY_SD_ST_UNSELECTED 4 +#define RPY_SD_ST_SELECTABLE 5 + +typedef struct { + IPAddr ip_addr; + int16_t poll; + uint16_t stratum; + uint16_t state; + uint16_t mode; + uint16_t flags; + uint16_t reachability; + uint32_t since_sample; + Float orig_latest_meas; + Float latest_meas; + Float latest_meas_err; + int32_t EOR; +} RPY_Source_Data; + +typedef struct { + uint32_t ref_id; + IPAddr ip_addr; + uint16_t stratum; + uint16_t leap_status; + Timespec ref_time; + Float current_correction; + Float last_offset; + Float rms_offset; + Float freq_ppm; + Float resid_freq_ppm; + Float skew_ppm; + Float root_delay; + Float root_dispersion; + Float last_update_interval; + int32_t EOR; +} RPY_Tracking; + +typedef struct { + uint32_t ref_id; + IPAddr ip_addr; + uint32_t n_samples; + uint32_t n_runs; + uint32_t span_seconds; + Float sd; + Float resid_freq_ppm; + Float skew_ppm; + Float est_offset; + Float est_offset_err; + int32_t EOR; +} RPY_Sourcestats; + +typedef struct { + Timespec ref_time; + uint16_t n_samples; + uint16_t n_runs; + uint32_t span_seconds; + Float rtc_seconds_fast; + Float rtc_gain_rate_ppm; + int32_t EOR; +} RPY_Rtc; + +typedef struct { + Float offset; + Float dfreq_ppm; + Float new_afreq_ppm; + int32_t EOR; +} RPY_ManualTimestamp; + +typedef struct { + IPAddr ip; + uint32_t ntp_hits; + uint32_t nke_hits; + uint32_t cmd_hits; + uint32_t ntp_drops; + uint32_t nke_drops; + uint32_t cmd_drops; + int8_t ntp_interval; + int8_t nke_interval; + int8_t cmd_interval; + int8_t ntp_timeout_interval; + uint32_t last_ntp_hit_ago; + uint32_t last_nke_hit_ago; + uint32_t last_cmd_hit_ago; +} RPY_ClientAccesses_Client; + +typedef struct { + uint32_t n_indices; /* how many indices there are in the server's table */ + uint32_t next_index; /* the index 1 beyond those processed on this call */ + uint32_t n_clients; /* the number of valid entries in the following array */ + RPY_ClientAccesses_Client clients[MAX_CLIENT_ACCESSES]; + int32_t EOR; +} RPY_ClientAccessesByIndex; + +typedef struct { + uint32_t ntp_hits; + uint32_t nke_hits; + uint32_t cmd_hits; + uint32_t ntp_drops; + uint32_t nke_drops; + uint32_t cmd_drops; + uint32_t log_drops; + uint32_t ntp_auth_hits; + uint32_t ntp_interleaved_hits; + uint32_t ntp_timestamps; + uint32_t ntp_span_seconds; + int32_t EOR; +} RPY_ServerStats; + +#define MAX_MANUAL_LIST_SAMPLES 16 + +typedef struct { + Timespec when; + Float slewed_offset; + Float orig_offset; + Float residual; +} RPY_ManualListSample; + +typedef struct { + uint32_t n_samples; + RPY_ManualListSample samples[MAX_MANUAL_LIST_SAMPLES]; + int32_t EOR; +} RPY_ManualList; + +typedef struct { + int32_t online; + int32_t offline; + int32_t burst_online; + int32_t burst_offline; + int32_t unresolved; + int32_t EOR; +} RPY_Activity; + +#define RPY_SMT_FLAG_ACTIVE 0x1 +#define RPY_SMT_FLAG_LEAPONLY 0x2 + +typedef struct { + uint32_t flags; + Float offset; + Float freq_ppm; + Float wander_ppm; + Float last_update_ago; + Float remaining_time; + int32_t EOR; +} RPY_Smoothing; + +#define RPY_NTP_FLAGS_TESTS 0x3ff +#define RPY_NTP_FLAG_INTERLEAVED 0x4000 +#define RPY_NTP_FLAG_AUTHENTICATED 0x8000 + +typedef struct { + IPAddr remote_addr; + IPAddr local_addr; + uint16_t remote_port; + uint8_t leap; + uint8_t version; + uint8_t mode; + uint8_t stratum; + int8_t poll; + int8_t precision; + Float root_delay; + Float root_dispersion; + uint32_t ref_id; + Timespec ref_time; + Float offset; + Float peer_delay; + Float peer_dispersion; + Float response_time; + Float jitter_asymmetry; + uint16_t flags; + uint8_t tx_tss_char; + uint8_t rx_tss_char; + uint32_t total_tx_count; + uint32_t total_rx_count; + uint32_t total_valid_count; + uint32_t total_good_count; + uint32_t reserved[3]; + int32_t EOR; +} RPY_NTPData; + +typedef struct { + uint8_t name[256]; + int32_t EOR; +} RPY_NTPSourceName; + +#define RPY_AD_MD_NONE 0 +#define RPY_AD_MD_SYMMETRIC 1 +#define RPY_AD_MD_NTS 2 + +typedef struct { + uint16_t mode; + uint16_t key_type; + uint32_t key_id; + uint16_t key_length; + uint16_t ke_attempts; + uint32_t last_ke_ago; + uint16_t cookies; + uint16_t cookie_length; + uint16_t nak; + uint16_t pad; + int32_t EOR; +} RPY_AuthData; + +#define RPY_SD_OPTION_NOSELECT 0x1 +#define RPY_SD_OPTION_PREFER 0x2 +#define RPY_SD_OPTION_TRUST 0x4 +#define RPY_SD_OPTION_REQUIRE 0x8 + +typedef struct { + uint32_t ref_id; + IPAddr ip_addr; + uint8_t state_char; + uint8_t authentication; + uint8_t leap; + uint8_t pad; + uint16_t conf_options; + uint16_t eff_options; + uint32_t last_sample_ago; + Float score; + Float lo_limit; + Float hi_limit; + int32_t EOR; +} RPY_SelectData; + +typedef struct { + uint8_t version; + uint8_t pkt_type; + uint8_t res1; + uint8_t res2; + uint16_t command; /* Which command is being replied to */ + uint16_t reply; /* Which format of reply this is */ + uint16_t status; /* Status of command processing */ + uint16_t pad1; /* Padding for compatibility and 4 byte alignment */ + uint16_t pad2; + uint16_t pad3; + uint32_t sequence; /* Echo of client's sequence number */ + uint32_t pad4; + uint32_t pad5; + + union { + RPY_Null null; + RPY_N_Sources n_sources; + RPY_Source_Data source_data; + RPY_ManualTimestamp manual_timestamp; + RPY_Tracking tracking; + RPY_Sourcestats sourcestats; + RPY_Rtc rtc; + RPY_ClientAccessesByIndex client_accesses_by_index; + RPY_ServerStats server_stats; + RPY_ManualList manual_list; + RPY_Activity activity; + RPY_Smoothing smoothing; + RPY_NTPData ntp_data; + RPY_NTPSourceName ntp_source_name; + RPY_AuthData auth_data; + RPY_SelectData select_data; + } data; /* Reply specific parameters */ + +} CMD_Reply; + +/* ================================================== */ + +#endif /* GOT_CANDM_H */ diff --git a/client.c b/client.c new file mode 100644 index 0000000..0a7bcc8 --- /dev/null +++ b/client.c @@ -0,0 +1,3451 @@ +/* + chronyd/chronyc - Programs for keeping computer clocks accurate. + + ********************************************************************** + * Copyright (C) Richard P. Curnow 1997-2003 + * Copyright (C) Lonnie Abelbeck 2016, 2018 + * Copyright (C) Miroslav Lichvar 2009-2021 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + ********************************************************************** + + ======================================================================= + + Command line client for configuring the daemon and obtaining status + from it whilst running. + */ + +#include "config.h" + +#include "sysincl.h" + +#include "array.h" +#include "candm.h" +#include "cmac.h" +#include "logging.h" +#include "memory.h" +#include "nameserv.h" +#include "getdate.h" +#include "cmdparse.h" +#include "pktlength.h" +#include "socket.h" +#include "util.h" + +#ifdef FEAT_READLINE +#include +#endif + +/* ================================================== */ + +struct Address { + SCK_AddressType type; + union { + IPSockAddr ip; + char *path; + } addr; +}; + +static ARR_Instance server_addresses; + +static int sock_fd = -1; + +static volatile int quit = 0; + +static int on_terminal = 0; + +static int no_dns = 0; + +static int source_names = 0; + +static int csv_mode = 0; + +/* ================================================== */ +/* Log a message. This is a minimalistic replacement of the logging.c + implementation to avoid linking with it and other modules. */ + +LOG_Severity log_min_severity = LOGS_INFO; + +void LOG_Message(LOG_Severity severity, +#if DEBUG > 0 + int line_number, const char *filename, const char *function_name, +#endif + const char *format, ...) +{ + va_list ap; + + if (severity < log_min_severity) + return; + + va_start(ap, format); + vfprintf(stderr, format, ap); + putc('\n', stderr); + va_end(ap); +} + +/* ================================================== */ +/* Read a single line of commands from standard input */ + +#ifdef FEAT_READLINE +static char **command_name_completion(const char *text, int start, int end); +#endif + +static char * +read_line(void) +{ + static char line[2048]; + static const char *prompt = "chronyc> "; + + if (on_terminal) { +#ifdef FEAT_READLINE + char *cmd; + + rl_attempted_completion_function = command_name_completion; + rl_basic_word_break_characters = " \t\n\r"; + + /* save line only if not empty */ + cmd = readline(prompt); + if( cmd == NULL ) return( NULL ); + + /* user pressed return */ + if( *cmd != '\0' ) { + strncpy(line, cmd, sizeof(line) - 1); + line[sizeof(line) - 1] = '\0'; + add_history(cmd); + /* free the buffer allocated by readline */ + Free(cmd); + } else { + /* simulate the user has entered an empty line */ + *line = '\0'; + } + return( line ); +#else + printf("%s", prompt); + fflush(stdout); +#endif + } + if (fgets(line, sizeof(line), stdin)) { + return line; + } else { + return NULL; + } + +} + +/* ================================================== */ + +static ARR_Instance +get_addresses(const char *hostnames, int port) +{ + struct Address *addr; + ARR_Instance addrs; + char *hostname, *s1, *s2; + IPAddr ip_addrs[DNS_MAX_ADDRESSES]; + int i; + + addrs = ARR_CreateInstance(sizeof (*addr)); + s1 = Strdup(hostnames); + + /* Parse the comma-separated list of hostnames */ + for (hostname = s1; hostname && *hostname; hostname = s2) { + s2 = strchr(hostname, ','); + if (s2) + *s2++ = '\0'; + + /* hostname starting with / is considered a path of Unix domain socket */ + if (hostname[0] == '/') { + addr = ARR_GetNewElement(addrs); + addr->type = SCK_ADDR_UNIX; + addr->addr.path = Strdup(hostname); + } else { + if (DNS_Name2IPAddress(hostname, ip_addrs, DNS_MAX_ADDRESSES) != DNS_Success) { + DEBUG_LOG("Could not get IP address for %s", hostname); + continue; + } + + for (i = 0; i < DNS_MAX_ADDRESSES && ip_addrs[i].family != IPADDR_UNSPEC; i++) { + addr = ARR_GetNewElement(addrs); + addr->type = SCK_ADDR_IP; + addr->addr.ip.ip_addr = ip_addrs[i]; + addr->addr.ip.port = port; + DEBUG_LOG("Resolved %s to %s", hostname, UTI_IPToString(&ip_addrs[i])); + } + } + } + + Free(s1); + return addrs; +} + +/* ================================================== */ + +static void +free_addresses(ARR_Instance addresses) +{ + struct Address *addr; + unsigned int i; + + for (i = 0; i < ARR_GetSize(addresses); i++) { + addr = ARR_GetElement(addresses, i); + + if (addr->type == SCK_ADDR_UNIX) + Free(addr->addr.path); + } + + ARR_DestroyInstance(addresses); +} + +/* ================================================== */ +/* Initialise the socket used to talk to the daemon */ + +static int +open_socket(struct Address *addr) +{ + char *dir, *local_addr; + size_t local_addr_len; + + switch (addr->type) { + case SCK_ADDR_IP: + sock_fd = SCK_OpenUdpSocket(&addr->addr.ip, NULL, NULL, 0); + break; + case SCK_ADDR_UNIX: + /* Construct path of our socket. Use the same directory as the server + socket and include our process ID to allow multiple chronyc instances + running at the same time. */ + + dir = UTI_PathToDir(addr->addr.path); + local_addr_len = strlen(dir) + 50; + local_addr = Malloc(local_addr_len); + + snprintf(local_addr, local_addr_len, "%s/chronyc.%d.sock", dir, (int)getpid()); + + sock_fd = SCK_OpenUnixDatagramSocket(addr->addr.path, local_addr, + SCK_FLAG_ALL_PERMISSIONS); + Free(dir); + Free(local_addr); + + break; + default: + assert(0); + } + + if (sock_fd < 0) + return 0; + + return 1; +} + +/* ================================================== */ + +static void +close_io(void) +{ + if (sock_fd < 0) + return; + + SCK_RemoveSocket(sock_fd); + SCK_CloseSocket(sock_fd); + sock_fd = -1; +} + +/* ================================================== */ + +static int +open_io(void) +{ + static unsigned int address_index = 0; + struct Address *addr; + + /* If a socket is already opened, close it and try the next address */ + if (sock_fd >= 0) { + close_io(); + address_index++; + } + + /* Find an address for which a socket can be opened and connected */ + for (; address_index < ARR_GetSize(server_addresses); address_index++) { + addr = ARR_GetElement(server_addresses, address_index); + + if (open_socket(addr)) + return 1; + + close_io(); + } + + /* Start from the first address if called again */ + address_index = 0; + + return 0; +} + +/* ================================================== */ + +static void +bits_to_mask(int bits, int family, IPAddr *mask) +{ + int i; + + mask->family = family; + switch (family) { + case IPADDR_INET4: + if (bits > 32 || bits < 0) + bits = 32; + if (bits > 0) { + mask->addr.in4 = -1; + mask->addr.in4 <<= 32 - bits; + } else { + mask->addr.in4 = 0; + } + break; + case IPADDR_INET6: + if (bits > 128 || bits < 0) + bits = 128; + for (i = 0; i < bits / 8; i++) + mask->addr.in6[i] = 0xff; + if (i < 16) + mask->addr.in6[i++] = (0xff << (8 - bits % 8)) & 0xff; + for (; i < 16; i++) + mask->addr.in6[i] = 0x0; + break; + case IPADDR_ID: + mask->family = IPADDR_UNSPEC; + break; + default: + assert(0); + } +} + +/* ================================================== */ + +static int +parse_source_address(char *word, IPAddr *address) +{ + if (UTI_StringToIdIP(word, address)) + return 1; + + if (DNS_Name2IPAddress(word, address, 1) == DNS_Success) + return 1; + + return 0; +} + +/* ================================================== */ + +static int +read_mask_address(char *line, IPAddr *mask, IPAddr *address) +{ + unsigned int bits; + char *p, *q; + + p = line; + if (!*p) { + mask->family = address->family = IPADDR_UNSPEC; + return 1; + } else { + q = strchr(p, '/'); + if (q) { + *q++ = 0; + if (UTI_StringToIP(p, mask)) { + p = q; + if (UTI_StringToIP(p, address)) { + if (address->family == mask->family) + return 1; + } else if (sscanf(p, "%u", &bits) == 1) { + *address = *mask; + bits_to_mask(bits, address->family, mask); + return 1; + } + } + } else { + if (parse_source_address(p, address)) { + bits_to_mask(-1, address->family, mask); + return 1; + } else { + LOG(LOGS_ERR, "Could not get address for hostname"); + return 0; + } + } + } + + LOG(LOGS_ERR, "Invalid syntax for mask/address"); + return 0; +} + +/* ================================================== */ + +static int +process_cmd_offline(CMD_Request *msg, char *line) +{ + IPAddr mask, address; + int ok; + + if (read_mask_address(line, &mask, &address)) { + UTI_IPHostToNetwork(&mask, &msg->data.offline.mask); + UTI_IPHostToNetwork(&address, &msg->data.offline.address); + msg->command = htons(REQ_OFFLINE); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + + +static int +process_cmd_online(CMD_Request *msg, char *line) +{ + IPAddr mask, address; + int ok; + + if (read_mask_address(line, &mask, &address)) { + UTI_IPHostToNetwork(&mask, &msg->data.online.mask); + UTI_IPHostToNetwork(&address, &msg->data.online.address); + msg->command = htons(REQ_ONLINE); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static void +process_cmd_onoffline(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_ONOFFLINE); +} + +/* ================================================== */ + +static int +read_address_integer(char *line, IPAddr *address, int *value) +{ + char *hostname; + int ok = 0; + + hostname = line; + line = CPS_SplitWord(line); + + if (sscanf(line, "%d", value) != 1) { + LOG(LOGS_ERR, "Invalid syntax for address value"); + ok = 0; + } else { + if (!parse_source_address(hostname, address)) { + LOG(LOGS_ERR, "Could not get address for hostname"); + ok = 0; + } else { + ok = 1; + } + } + + return ok; + +} + + +/* ================================================== */ + +static int +read_address_double(char *line, IPAddr *address, double *value) +{ + char *hostname; + int ok = 0; + + hostname = line; + line = CPS_SplitWord(line); + + if (sscanf(line, "%lf", value) != 1) { + LOG(LOGS_ERR, "Invalid syntax for address value"); + ok = 0; + } else { + if (!parse_source_address(hostname, address)) { + LOG(LOGS_ERR, "Could not get address for hostname"); + ok = 0; + } else { + ok = 1; + } + } + + return ok; + +} + + +/* ================================================== */ + +static int +process_cmd_minpoll(CMD_Request *msg, char *line) +{ + IPAddr address; + int minpoll; + int ok; + + if (read_address_integer(line, &address, &minpoll)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_minpoll.address); + msg->data.modify_minpoll.new_minpoll = htonl(minpoll); + msg->command = htons(REQ_MODIFY_MINPOLL); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxpoll(CMD_Request *msg, char *line) +{ + IPAddr address; + int maxpoll; + int ok; + + if (read_address_integer(line, &address, &maxpoll)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxpoll.address); + msg->data.modify_maxpoll.new_maxpoll = htonl(maxpoll); + msg->command = htons(REQ_MODIFY_MAXPOLL); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelay(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay; + int ok; + + if (read_address_double(line, &address, &max_delay)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelay.address); + msg->data.modify_maxdelay.new_max_delay = UTI_FloatHostToNetwork(max_delay); + msg->command = htons(REQ_MODIFY_MAXDELAY); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelaydevratio(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay_dev_ratio; + int ok; + + if (read_address_double(line, &address, &max_delay_dev_ratio)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelaydevratio.address); + msg->data.modify_maxdelayratio.new_max_delay_ratio = UTI_FloatHostToNetwork(max_delay_dev_ratio); + msg->command = htons(REQ_MODIFY_MAXDELAYDEVRATIO); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxdelayratio(CMD_Request *msg, char *line) +{ + IPAddr address; + double max_delay_ratio; + int ok; + + if (read_address_double(line, &address, &max_delay_ratio)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_maxdelayratio.address); + msg->data.modify_maxdelayratio.new_max_delay_ratio = UTI_FloatHostToNetwork(max_delay_ratio); + msg->command = htons(REQ_MODIFY_MAXDELAYRATIO); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_minstratum(CMD_Request *msg, char *line) +{ + IPAddr address; + int min_stratum; + int ok; + + if (read_address_integer(line, &address, &min_stratum)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_minstratum.address); + msg->data.modify_minstratum.new_min_stratum = htonl(min_stratum); + msg->command = htons(REQ_MODIFY_MINSTRATUM); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_polltarget(CMD_Request *msg, char *line) +{ + IPAddr address; + int poll_target; + int ok; + + if (read_address_integer(line, &address, &poll_target)) { + UTI_IPHostToNetwork(&address, &msg->data.modify_polltarget.address); + msg->data.modify_polltarget.new_poll_target = htonl(poll_target); + msg->command = htons(REQ_MODIFY_POLLTARGET); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static int +process_cmd_maxupdateskew(CMD_Request *msg, char *line) +{ + int ok; + double new_max_update_skew; + + if (sscanf(line, "%lf", &new_max_update_skew) == 1) { + msg->data.modify_maxupdateskew.new_max_update_skew = UTI_FloatHostToNetwork(new_max_update_skew); + msg->command = htons(REQ_MODIFY_MAXUPDATESKEW); + ok = 1; + } else { + ok = 0; + } + + return ok; + +} + +/* ================================================== */ + +static void +process_cmd_dump(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_DUMP); + msg->data.dump.pad = htonl(0); +} + +/* ================================================== */ + +static void +process_cmd_writertc(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_WRITERTC); +} + +/* ================================================== */ + +static void +process_cmd_trimrtc(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_TRIMRTC); +} + +/* ================================================== */ + +static void +process_cmd_cyclelogs(CMD_Request *msg, char *line) +{ + msg->command = htons(REQ_CYCLELOGS); +} + +/* ================================================== */ + +static int +process_cmd_burst(CMD_Request *msg, char *line) +{ + int n_good_samples, n_total_samples; + char *s1, *s2; + IPAddr address, mask; + + s1 = line; + s2 = CPS_SplitWord(s1); + CPS_SplitWord(s2); + + if (sscanf(s1, "%d/%d", &n_good_samples, &n_total_samples) != 2) { + LOG(LOGS_ERR, "Invalid syntax for burst command"); + return 0; + } + + mask.family = address.family = IPADDR_UNSPEC; + if (*s2 && !read_mask_address(s2, &mask, &address)) { + return 0; + } + + msg->command = htons(REQ_BURST); + msg->data.burst.n_good_samples = ntohl(n_good_samples); + msg->data.burst.n_total_samples = ntohl(n_total_samples); + + UTI_IPHostToNetwork(&mask, &msg->data.burst.mask); + UTI_IPHostToNetwork(&address, &msg->data.burst.address); + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_local(CMD_Request *msg, char *line) +{ + int on_off, stratum = 0, orphan = 0; + double distance = 0.0; + + if (!strcmp(line, "off")) { + on_off = 0; + } else if (CPS_ParseLocal(line, &stratum, &orphan, &distance)) { + on_off = 1; + } else { + LOG(LOGS_ERR, "Invalid syntax for local command"); + return 0; + } + + msg->command = htons(REQ_LOCAL2); + msg->data.local.on_off = htonl(on_off); + msg->data.local.stratum = htonl(stratum); + msg->data.local.distance = UTI_FloatHostToNetwork(distance); + msg->data.local.orphan = htonl(orphan); + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_manual(CMD_Request *msg, const char *line) +{ + const char *p; + + p = line; + + if (!strcmp(p, "off")) { + msg->data.manual.option = htonl(0); + } else if (!strcmp(p, "on")) { + msg->data.manual.option = htonl(1); + } else if (!strcmp(p, "reset")) { + msg->data.manual.option = htonl(2); + } else { + LOG(LOGS_ERR, "Invalid syntax for manual command"); + return 0; + } + msg->command = htons(REQ_MANUAL); + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_allowdeny(CMD_Request *msg, char *line, int cmd, int allcmd) +{ + int all, subnet_bits; + IPAddr ip; + + if (!CPS_ParseAllowDeny(line, &all, &ip, &subnet_bits)) { + LOG(LOGS_ERR, "Could not read address"); + return 0; + } + + msg->command = htons(all ? allcmd : cmd); + UTI_IPHostToNetwork(&ip, &msg->data.allow_deny.ip); + msg->data.allow_deny.subnet_bits = htonl(subnet_bits); + + return 1; +} + +/* ================================================== */ + +static int +process_cmd_accheck(CMD_Request *msg, char *line) +{ + IPAddr ip; + msg->command = htons(REQ_ACCHECK); + if (DNS_Name2IPAddress(line, &ip, 1) == DNS_Success) { + UTI_IPHostToNetwork(&ip, &msg->data.ac_check.ip); + return 1; + } else { + LOG(LOGS_ERR, "Could not read address"); + return 0; + } +} + +/* ================================================== */ + +static int +process_cmd_cmdaccheck(CMD_Request *msg, char *line) +{ + IPAddr ip; + msg->command = htons(REQ_CMDACCHECK); + if (DNS_Name2IPAddress(line, &ip, 1) == DNS_Success) { + UTI_IPHostToNetwork(&ip, &msg->data.ac_check.ip); + return 1; + } else { + LOG(LOGS_ERR, "Could not read address"); + return 0; + } +} + +/* ================================================== */ + +static int +process_cmd_dfreq(CMD_Request *msg, char *line) +{ + double dfreq; + + msg->command = htons(REQ_DFREQ); + + if (sscanf(line, "%lf", &dfreq) != 1) { + LOG(LOGS_ERR, "Invalid value"); + return 0; + } + + msg->data.dfreq.dfreq = UTI_FloatHostToNetwork(dfreq); + return 1; +} + +/* ================================================== */ + +static int +process_cmd_doffset(CMD_Request *msg, char *line) +{ + double doffset; + + msg->command = htons(REQ_DOFFSET2); + + if (sscanf(line, "%lf", &doffset) != 1) { + LOG(LOGS_ERR, "Invalid value"); + return 0; + } + + msg->data.doffset.doffset = UTI_FloatHostToNetwork(doffset); + return 1; +} + +/* ================================================== */ + +static int +process_cmd_add_source(CMD_Request *msg, char *line) +{ + CPS_NTP_Source data; + IPAddr ip_addr; + int result = 0, status, type; + const char *opt_name, *word; + + msg->command = htons(REQ_ADD_SOURCE); + + word = line; + line = CPS_SplitWord(line); + + if (!strcasecmp(word, "server")) { + type = REQ_ADDSRC_SERVER; + } else if (!strcasecmp(word, "peer")) { + type = REQ_ADDSRC_PEER; + } else if (!strcasecmp(word, "pool")) { + type = REQ_ADDSRC_POOL; + } else { + LOG(LOGS_ERR, "Invalid syntax for add command"); + return 0; + } + + status = CPS_ParseNTPSourceAdd(line, &data); + switch (status) { + case 0: + LOG(LOGS_ERR, "Invalid syntax for add command"); + break; + default: + /* Verify that the address is resolvable (chronyc and chronyd are + assumed to be running on the same host) */ + if (strlen(data.name) >= sizeof (msg->data.ntp_source.name) || + DNS_Name2IPAddress(data.name, &ip_addr, 1) != DNS_Success) { + LOG(LOGS_ERR, "Invalid host/IP address"); + break; + } + + opt_name = NULL; + if (opt_name) { + LOG(LOGS_ERR, "%s can't be set in chronyc", opt_name); + break; + } + + msg->data.ntp_source.type = htonl(type); + if (strlen(data.name) >= sizeof (msg->data.ntp_source.name)) + assert(0); + strncpy((char *)msg->data.ntp_source.name, data.name, + sizeof (msg->data.ntp_source.name)); + msg->data.ntp_source.port = htonl(data.port); + msg->data.ntp_source.minpoll = htonl(data.params.minpoll); + msg->data.ntp_source.maxpoll = htonl(data.params.maxpoll); + msg->data.ntp_source.presend_minpoll = htonl(data.params.presend_minpoll); + msg->data.ntp_source.min_stratum = htonl(data.params.min_stratum); + msg->data.ntp_source.poll_target = htonl(data.params.poll_target); + msg->data.ntp_source.version = htonl(data.params.version); + msg->data.ntp_source.max_sources = htonl(data.params.max_sources); + msg->data.ntp_source.min_samples = htonl(data.params.min_samples); + msg->data.ntp_source.max_samples = htonl(data.params.max_samples); + msg->data.ntp_source.authkey = htonl(data.params.authkey); + msg->data.ntp_source.nts_port = htonl(data.params.nts_port); + msg->data.ntp_source.max_delay = UTI_FloatHostToNetwork(data.params.max_delay); + msg->data.ntp_source.max_delay_ratio = UTI_FloatHostToNetwork(data.params.max_delay_ratio); + msg->data.ntp_source.max_delay_dev_ratio = + UTI_FloatHostToNetwork(data.params.max_delay_dev_ratio); + msg->data.ntp_source.min_delay = UTI_FloatHostToNetwork(data.params.min_delay); + msg->data.ntp_source.asymmetry = UTI_FloatHostToNetwork(data.params.asymmetry); + msg->data.ntp_source.offset = UTI_FloatHostToNetwork(data.params.offset); + msg->data.ntp_source.flags = htonl( + (data.params.connectivity == SRC_ONLINE ? REQ_ADDSRC_ONLINE : 0) | + (data.params.auto_offline ? REQ_ADDSRC_AUTOOFFLINE : 0) | + (data.params.iburst ? REQ_ADDSRC_IBURST : 0) | + (data.params.interleaved ? REQ_ADDSRC_INTERLEAVED : 0) | + (data.params.burst ? REQ_ADDSRC_BURST : 0) | + (data.params.nts ? REQ_ADDSRC_NTS : 0) | + (data.params.copy ? REQ_ADDSRC_COPY : 0) | + (data.params.ext_fields & NTP_EF_FLAG_EXP1 ? REQ_ADDSRC_EF_EXP1 : 0) | + (data.params.sel_options & SRC_SELECT_PREFER ? REQ_ADDSRC_PREFER : 0) | + (data.params.sel_options & SRC_SELECT_NOSELECT ? REQ_ADDSRC_NOSELECT : 0) | + (data.params.sel_options & SRC_SELECT_TRUST ? REQ_ADDSRC_TRUST : 0) | + (data.params.sel_options & SRC_SELECT_REQUIRE ? REQ_ADDSRC_REQUIRE : 0)); + msg->data.ntp_source.filter_length = htonl(data.params.filter_length); + msg->data.ntp_source.cert_set = htonl(data.params.cert_set); + msg->data.ntp_source.max_delay_quant = + UTI_FloatHostToNetwork(data.params.max_delay_quant); + memset(msg->data.ntp_source.reserved, 0, sizeof (msg->data.ntp_source.reserved)); + + result = 1; + + break; + } + + return result; +} + +/* ================================================== */ + +static int +process_cmd_delete(CMD_Request *msg, char *line) +{ + char *hostname; + int ok = 0; + IPAddr address; + + msg->command = htons(REQ_DEL_SOURCE); + hostname = line; + CPS_SplitWord(line); + + if (!*hostname) { + LOG(LOGS_ERR, "Invalid syntax for address"); + ok = 0; + } else { + if (!parse_source_address(hostname, &address)) { + LOG(LOGS_ERR, "Could not get address for hostname"); + ok = 0; + } else { + UTI_IPHostToNetwork(&address, &msg->data.del_source.ip_addr); + ok = 1; + } + } + + return ok; + +} + +/* ================================================== */ + +static void +give_help(void) +{ + int line, len; + const char *s, cols[] = + "System clock:\0\0" + "tracking\0Display system time information\0" + "makestep\0Correct clock by stepping immediately\0" + "makestep \0Configure automatic clock stepping\0" + "maxupdateskew \0Modify maximum valid skew to update frequency\0" + "waitsync [ [ [ []]]]\0" + "Wait until synchronised in specified limits\0" + "\0\0" + "Time sources:\0\0" + "sources [-a] [-v]\0Display information about current sources\0" + "sourcestats [-a] [-v]\0Display statistics about collected measurements\0" + "selectdata [-a] [-v]\0Display information about source selection\0" + "reselect\0Force reselecting synchronisation source\0" + "reselectdist \0Modify reselection distance\0" + "\0\0" + "NTP sources:\0\0" + "activity\0Check how many NTP sources are online/offline\0" + "authdata [-a] [-v]\0Display information about authentication\0" + "ntpdata [
]\0Display information about last valid measurement\0" + "add server [options]\0Add new NTP server\0" + "add pool [options]\0Add new pool of NTP servers\0" + "add peer [options]\0Add new NTP peer\0" + "delete
\0Remove server or peer\0" + "burst / [[/]
]\0Start rapid set of measurements\0" + "maxdelay
\0Modify maximum valid sample delay\0" + "maxdelayratio
\0Modify maximum valid delay/minimum ratio\0" + "maxdelaydevratio
\0Modify maximum valid delay/deviation ratio\0" + "minpoll
\0Modify minimum polling interval\0" + "maxpoll
\0Modify maximum polling interval\0" + "minstratum
\0Modify minimum stratum\0" + "offline [[/]
]\0Set sources in subnet to offline status\0" + "online [[/]
]\0Set sources in subnet to online status\0" + "onoffline\0Set all sources to online or offline status\0" + "\0according to network configuration\0" + "polltarget
\0Modify poll target\0" + "refresh\0Refresh IP addresses\0" + "reload sources\0Re-read *.sources files\0" + "sourcename
\0Display original name\0" + "\0\0" + "Manual time input:\0\0" + "manual off|on|reset\0Disable/enable/reset settime command\0" + "manual list\0Show previous settime entries\0" + "manual delete \0Delete previous settime entry\0" + "settime