rpms/ntp/devel ntp-4.2.4p2-filegen.patch, NONE, 1.1 ntp-4.2.4p2-noseed.patch, NONE, 1.1 ntp-4.2.4p2-tentative.patch, NONE, 1.1 ntp.cryptopw, NONE, 1.1 ntp.step-tickers, NONE, 1.1 ntp-4.2.4-htmldoc.patch, 1.2, 1.3 ntp-4.2.4p0-sleep.patch, 1.1, 1.2 ntp.conf, 1.13, 1.14 ntp.spec, 1.68, 1.69 ntpd.init, 1.25, 1.26 ntp-stable-4.2.0a-20050816-keyfile.patch, 1.1, NONE
Miroslav Lichvar (mlichvar)
fedora-extras-commits at redhat.com
Tue Jul 24 12:08:45 UTC 2007
Author: mlichvar
Update of /cvs/pkgs/rpms/ntp/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7768
Modified Files:
ntp-4.2.4-htmldoc.patch ntp-4.2.4p0-sleep.patch ntp.conf
ntp.spec ntpd.init
Added Files:
ntp-4.2.4p2-filegen.patch ntp-4.2.4p2-noseed.patch
ntp-4.2.4p2-tentative.patch ntp.cryptopw ntp.step-tickers
Removed Files:
ntp-stable-4.2.0a-20050816-keyfile.patch
Log Message:
- ignore tentative addresses (#246297)
- improve init script (#247003)
- fix sleep patch
- ease Autokey setup (#139673)
- change default keysdir to /etc/ntp/crypto
- set crypto password in /etc/ntp/crypto/pw
- don't use randfile if /dev/urandom is used by OpenSSL
- change default statsdir to /var/log/ntpstats/, use statistics type
as default filename
- package more doc files
ntp-4.2.4p2-filegen.patch:
--- NEW FILE ntp-4.2.4p2-filegen.patch ---
--- ntp-4.2.4p2/ntpd/ntp_config.c.filegen 2006-12-28 13:03:27.000000000 +0100
+++ ntp-4.2.4p2/ntpd/ntp_config.c 2007-07-19 17:09:42.000000000 +0200
@@ -1733,7 +1733,7 @@ getconfig(
* peerkey is (ab)used for filegen type
* peerflags is (ab)used for filegen flags
*/
- peerversion = 0;
+ peerversion = 1;
peerkey = filegen->type;
peerflags = filegen->flag;
errflg = 0;
ntp-4.2.4p2-noseed.patch:
--- NEW FILE ntp-4.2.4p2-noseed.patch ---
--- ntp-4.2.4p2/html/keygen.html.noseed 2007-07-18 16:03:45.000000000 +0200
+++ ntp-4.2.4p2/html/keygen.html 2007-07-18 16:03:33.000000000 +0200
@@ -102,6 +102,7 @@
<p>All cryptographically sound key generation schemes must have means to randomize the entropy seed used to initialize the internal pseudo-random number generator used by the library routines. The OpenSSL library uses a designated random seed file for this purpose. The file must be available when starting the NTP daemon and <tt>ntp-keygen</tt> program. If a site supports OpenSSL or its companion OpenSSH, it is very likely that means to do this are already available.</p>
<p>It is important to understand that entropy must be evolved for each generation, for otherwise the random number sequence would be predictable. Various means dependent on external events, such as keystroke intervals, can be used to do this and some systems have built-in entropy sources. Suitable means are described in the OpenSSL software documentation, but are outside the scope of this page.</p>
<p>The entropy seed used by the OpenSSL library is contained in a file, usually called <tt>.rnd</tt>, which must be available when starting the NTP daemon or the <tt>ntp-keygen</tt> program. The NTP daemon will first look for the file using the path specified by the <tt>randfile</tt> subcommand of the <tt>crypto</tt> configuration command. If not specified in this way, or when starting the <tt>ntp-keygen</tt> program, the OpenSSL library will look for the file using the path specified by the <tt>RANDFILE</tt> environment variable in the user home directory, whether root or some other user. If the <tt>RANDFILE</tt> environment variable is not present, the library will look for the <tt>.rnd</tt> file in the user home directory. If the file is not available or cannot be written, the daemon exits with a message to the system log and the program exits with a suitable error message.</p>
+ <p>On systems that provide /dev/urandom, the randomness device is used instead and the file specified by the <tt>randfile</tt> subcommand or the <tt>RANDFILE</tt> environment variable is ignored.</p>
<h4 id="priv">Cryptographic Data Files</h4>
<p>All other file formats begin with two lines. The first contains the file name, including the generated host name and filestamp. The second contains the datestamp in conventional Unix <tt>date</tt> format. Lines beginning with <tt>#</tt> are considered comments and ignored by the <i><tt>ntp-keygen </tt></i>program and <tt>ntpd</tt> daemon. Cryptographic values are encoded first using ASN.1 rules, then encrypted if necessary, and finally written PEM-encoded printable ASCII format preceded and followed by MIME content identifier lines.</p>
<p id="symkey">The format of the symmetric keys file is somewhat different than the other files in the interest of backward compatibility. Since DES-CBC is deprecated in NTPv4, the only key format of interest is MD5 alphanumeric strings. Following hte heard the keys are entered one per line in the format</p>
--- ntp-4.2.4p2/util/ntp-keygen.c.noseed 2007-06-20 13:03:23.000000000 +0200
+++ ntp-4.2.4p2/util/ntp-keygen.c 2007-07-18 16:03:45.000000000 +0200
@@ -362,20 +362,24 @@ main(
*/
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
- if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
- fprintf(stderr, "RAND_file_name %s\n",
- ERR_error_string(ERR_get_error(), NULL));
- return (-1);
- }
- temp = RAND_load_file(pathbuf, -1);
- if (temp == 0) {
+
+ /* But only if openssl doesn't use /dev/urandom */
+ if (RAND_status() != 1) {
+ if (RAND_file_name(pathbuf, MAXFILENAME) == NULL) {
+ fprintf(stderr, "RAND_file_name %s\n",
+ ERR_error_string(ERR_get_error(), NULL));
+ return (-1);
+ }
+ temp = RAND_load_file(pathbuf, -1);
+ if (temp == 0) {
+ fprintf(stderr,
+ "RAND_load_file %s not found or empty\n", pathbuf);
+ return (-1);
+ }
fprintf(stderr,
- "RAND_load_file %s not found or empty\n", pathbuf);
- return (-1);
+ "Random seed file %s %u bytes\n", pathbuf, temp);
+ RAND_add(&epoch, sizeof(epoch), 4.0);
}
- fprintf(stderr,
- "Random seed file %s %u bytes\n", pathbuf, temp);
- RAND_add(&epoch, sizeof(epoch), 4.0);
#endif
/*
--- ntp-4.2.4p2/ntpd/ntp_crypto.c.noseed 2006-12-28 13:03:28.000000000 +0100
+++ ntp-4.2.4p2/ntpd/ntp_crypto.c 2007-07-18 16:03:45.000000000 +0200
@@ -3878,6 +3878,9 @@ crypto_setup(void)
memset(&pubkey, 0, sizeof(pubkey));
memset(&tai_leap, 0, sizeof(tai_leap));
+ ERR_load_crypto_strings();
+ OpenSSL_add_all_algorithms();
+
/*
* Load required random seed file and seed the random number
* generator. Be default, it is found in the user home
@@ -3885,40 +3888,49 @@ crypto_setup(void)
* depending on the system. Wiggle the contents a bit and write
* it back so the sequence does not repeat when we next restart.
*/
- ERR_load_crypto_strings();
- if (rand_file == NULL) {
- if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+
+ /* But only if openssl doesn't use /dev/urandom */
+ if (RAND_status() != 1) {
+ if (rand_file == NULL) {
+ if ((RAND_file_name(filename, MAXFILENAME)) != NULL) {
+ rand_file = emalloc(strlen(filename) + 1);
+ strcpy(rand_file, filename);
+ }
+ } else if (*rand_file != '/') {
+ snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
+ rand_file);
+ free(rand_file);
rand_file = emalloc(strlen(filename) + 1);
strcpy(rand_file, filename);
}
- } else if (*rand_file != '/') {
- snprintf(filename, MAXFILENAME, "%s/%s", keysdir,
- rand_file);
- free(rand_file);
- rand_file = emalloc(strlen(filename) + 1);
- strcpy(rand_file, filename);
- }
- if (rand_file == NULL) {
- msyslog(LOG_ERR,
- "crypto_setup: random seed file not specified");
- exit (-1);
- }
- if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
- msyslog(LOG_ERR,
- "crypto_setup: random seed file %s not found\n",
- rand_file);
- exit (-1);
- }
- get_systime(&seed);
- RAND_seed(&seed, sizeof(l_fp));
- RAND_write_file(rand_file);
- OpenSSL_add_all_algorithms();
+ if (rand_file == NULL) {
+ msyslog(LOG_ERR,
+ "crypto_setup: random seed file not specified");
+ exit (-1);
+ }
+ if ((bytes = RAND_load_file(rand_file, -1)) == 0) {
+ msyslog(LOG_ERR,
+ "crypto_setup: random seed file %s not found\n",
+ rand_file);
+ exit (-1);
+ }
+ get_systime(&seed);
+ RAND_seed(&seed, sizeof(l_fp));
+ RAND_write_file(rand_file);
#ifdef DEBUG
- if (debug)
- printf(
- "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
- SSLeay(), rand_file, bytes);
+ if (debug)
+ printf(
+ "crypto_setup: OpenSSL version %lx random seed file %s bytes read %d\n",
+ SSLeay(), rand_file, bytes);
#endif
+ } else {
+#ifdef DEBUG
+ if (debug)
+ printf(
+ "crypto_setup: OpenSSL version %lx seeding not required\n",
+ SSLeay());
+#endif
+ }
/*
* Load required host key from file "ntpkey_host_<hostname>". It
ntp-4.2.4p2-tentative.patch:
--- NEW FILE ntp-4.2.4p2-tentative.patch ---
--- ntp-4.2.4p2/libisc/ifiter_ioctl.c.tentative 2006-12-28 13:03:07.000000000 +0100
+++ ntp-4.2.4p2/libisc/ifiter_ioctl.c 2007-07-16 13:04:15.000000000 +0200
@@ -94,6 +94,7 @@ struct isc_interfaceiter {
#include <sys/socket.h>
#endif
+#include <linux/rtnetlink.h>
/*
* Size of buffer for SIOCGLIFCONF, in bytes. We assume no sane system
@@ -516,6 +517,9 @@ linux_if_inet6_current(isc_interfaceiter
if ((ifreq.ifr_flags & IFF_MULTICAST) != 0)
iter->current.flags |= INTERFACE_F_MULTICAST;
#endif
+ /* ignore tentative address */
+ if (flags & IFA_F_TENTATIVE)
+ iter->current.flags &= ~INTERFACE_F_UP;
/*
* enable_multicast_if() requires scopeid for setsockopt,
--- NEW FILE ntp.cryptopw ---
# Specify the password to decrypt files containing private keys and identity
# parameters. This is required only if these files have been encrypted.
#
#crypto pw apassword
--- NEW FILE ntp.step-tickers ---
# List of servers used for initial synchronization.
ntp-4.2.4-htmldoc.patch:
Index: ntp-4.2.4-htmldoc.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp-4.2.4-htmldoc.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ntp-4.2.4-htmldoc.patch 23 Jan 2007 14:24:06 -0000 1.2
+++ ntp-4.2.4-htmldoc.patch 24 Jul 2007 12:08:12 -0000 1.3
@@ -34,10 +34,37 @@
+ <dd>Listen on interface. This option may appear an unlimited number of times.
<dt><tt>-k <i>keyfile</i></tt>
- <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp.keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
-+ <dd>Specify the name and path of the symmetric key file, default <tt>/etc/ntp/keys</tt>. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
++ <dd>Specify the name and path of the symmetric key file. This is the same operation as the <tt>keys <i>keyfile</i></tt> configuration command.
<dt><tt>-l <i>logfile</i></tt>
<dd>Specify the name and path of the log file. The default is the system log file. This is the same operation as the <tt>logfile <i>logfile</i></tt> configuration command.
<dt><tt>-L</tt>
+@@ -143,7 +149,7 @@
+ </tr>
+ <tr>
+ <td width="30%">frequency file</td>
+- <td width="30%"><tt>/etc/ntp.drift</tt></td>
++ <td width="30%"><tt>none</tt></td>
+ <td width="20%"><tt>-f</tt></td>
+ <td width="20%"><tt>driftfile</tt></td>
+ </tr>
+@@ -167,14 +173,14 @@
+ </tr>
+ <tr>
+ <td width="30%">statistics path</td>
+- <td width="30%"><tt>/var/NTP</tt></td>
++ <td width="30%"><tt>/var/log/ntpstats/</tt></td>
+ <td width="20%"><tt>-s</tt></td>
+ <td width="20%"><tt>statsdir</tt></td>
+ </tr>
+ <tr>
+ <td width="30%">keys path</td>
+- <td width="30%"><tt>/usr/local/etc</tt></td>
+- <td width="20%"><tt>-k</tt></td>
++ <td width="30%"><tt>/etc/ntp/crypto</tt></td>
++ <td width="20%"><tt>none</tt></td>
+ <td width="20%"><tt>keysdir</tt></td>
+ </tr>
+ </table>
--- ntp-4.2.4/html/ntpdate.html.htmldoc 2007-01-05 15:40:59.000000000 +0100
+++ ntp-4.2.4/html/ntpdate.html 2007-01-05 15:40:59.000000000 +0100
@@ -18,9 +18,9 @@
@@ -119,9 +146,29 @@
</dl>
<h4>Bugs</h4>
<p>This program makes no attempt to improve accuracy by doing multiple samples.</p>
+--- ntp-4.2.4p2/html/authopt.html.htmldoc 2006-12-28 13:02:54.000000000 +0100
++++ ntp-4.2.4p2/html/authopt.html 2007-07-18 18:04:37.000000000 +0200
+@@ -74,7 +74,7 @@
+ <dt><tt>controlkey <i>key</i></tt>
+ <dd>Specifies the key identifier to use with the <a href="ntpq.html"><tt>ntpq</tt></a> utility, which uses the standard protocol defined in RFC-1305. The <tt><i>key</i></tt> argument is the key identifier for a trusted key, where the value can be in the range 1 to 65,534, inclusive.
+ <dt><tt>crypto [cert <i>file</i>] [leap <i>file</i>] [randfile <i>file</i>] [host <i>file</i>] [sign <i>file</i>] [ident <i>scheme</i>] [iffpar <i>file</i>] [gqpar <i>file</i>] [mvpar <i>file</i>] [pw <i>password</i>]</tt>
+- <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/usr/local/etc</tt>. Following are the subcommands:
++ <dd>This command requires the OpenSSL library. It activates public key cryptography, selects the message digest and signature encryption scheme and loads the required private and public values described above. If one or more files are left unspecified, the default names are used as described above. Unless the complete path and name of the file are specified, the location of a file is relative to the keys directory specified in the <tt>keysdir</tt> command or default <tt>/etc/ntp/crypto</tt>. Following are the subcommands:
+ <dl>
+ <dt><tt>cert <i>file</i></tt>
+ <dd>Specifies the location of the required host public certificate file. This overrides the link <tt>ntpkey_cert_<i>hostname</i></tt> in the keys directory.
+@@ -103,7 +103,7 @@
+ <dt><tt>keys <i>keyfile</i></tt>
+ <dd>Specifies the complete path and location of the MD5 key file containing the keys and key identifiers used by <tt>ntpd</tt>, <tt>ntpq</tt> and <tt>ntpdc</tt> when operating with symmetric key cryptography. This is the same operation as the <tt>-k </tt>command line option.
+ <dt><tt>keysdir <i>path</i></tt>
+- <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/usr/local/etc/</tt>.
++ <dd>This command specifies the default directory path for cryptographic keys, parameters and certificates. The default is <tt>/etc/ntp/crypto</tt>.
+ <dt><tt>requestkey <i>key</i></tt>
+ <dd>Specifies the key identifier to use with the <a href="ntpdc.html"><tt>ntpdc</tt></a> utility program, which uses a proprietary protocol specific to this implementation of <tt>ntpd</tt>. The <tt><i>key</i></tt> argument is a key identifier for the trusted key, where the value can be in the range 1 to 65,534, inclusive.
+ <dt><tt>revoke [<i>logsec</i>]</tt>
--- ntp-4.2.4/html/keygen.html.htmldoc 2006-06-06 22:16:00.000000000 +0200
+++ ntp-4.2.4/html/keygen.html 2007-01-05 15:40:59.000000000 +0100
-@@ -32,7 +32,7 @@
+@@ -32,17 +32,17 @@
</ul>
<hr>
<h4 id="synop">Synopsis</h4>
@@ -130,6 +177,18 @@
<h4 id="descrip">Description</h4>
<p>This program generates cryptographic data files used by the NTPv4 authentication and identification schemes. It generates MD5 key files used in symmetric key cryptography. In addition, if the OpenSSL software library has been installed, it generates keys, certificate and identity files used in public key cryptography. These files are used for cookie encryption, digital signature and challenge/response identification algorithms compatible with the Internet standard security infrastructure.</p>
<p>By default, files are not encrypted by <tt>ntp-keygen</tt>. The <tt>-p <i>password</i></tt> option specifies the write password and <tt>-q <i>password</i></tt> option the read password for previously encrypted files. The <tt>ntp-keygen</tt> program prompts for the password if it reads an encrypted file and the password is missing or incorrect. If an encrypted file is read successfully and no write password is specified, the read password is used as the write password by default.</p>
+ <p>The <tt>ntpd</tt> configuration command <tt>crypto pw <i>password</i></tt> specifies the read password for previously encrypted files. The daemon expires on the spot if the password is missing or incorrect. For convenience, if a file has been previously encrypted, the default read password is the name of the host running the program. If the previous write password is specified as the host name, these files can be read by that host with no explicit password.</p>
+ <p>All files are in PEM-encoded printable ASCII format, so they can be embedded as MIME attachments in mail to other sites and certificate authorities. File names begin with the prefix <tt>ntpkey_</tt> and end with the postfix <tt><i>_hostname.filestamp</i></tt>, where <tt><i>hostname</i></tt> is usually the string returned by the Unix <tt>gethostname()</tt> routine, and <tt><i>filestamp</i></tt> is the NTP seconds when the file was generated, in decimal digits. This both guarantees uniqueness and simplifies maintenance procedures, since all files can be quickly removed by a <tt>rm ntpkey*</tt> command or all files generated at a specific time can be removed by a <tt>rm *<i>filestamp</i></tt> command. To further reduce the risk of misconfiguration, the first two lines of a file contain the file name and generation date and time as comments.</p>
+- <p>All files are installed by default in the keys directory <tt>/usr/local/etc</tt>, which is normally in a shared filesystem in NFS-mounted networks. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
++ <p>All files are installed by default in the keys directory <tt>/etc/ntp/crypto</tt>. The actual location of the keys directory and each file can be overridden by configuration commands, but this is not recommended. Normally, the files for each host are generated by that host and used only by that host, although exceptions exist as noted later on this page.</p>
+ <p>Normally, files containing private values, including the host key, sign key and identification parameters, are permitted root read/write-only; while others containing public values are permitted world readable. Alternatively, files containing private values can be encrypted and these files permitted world readable, which simplifies maintenance in shared file systems. Since uniqueness is insured by the hostname and file name extensions, the files for a NFS server and dependent clients can all be installed in the same shared directory.</p>
+ <p>The recommended practice is to keep the file name extensions when installing a file and to install a soft link from the generic names specified elsewhere on this page to the generated files. This allows new file generations to be activated simply by changing the link. If a link is present, <tt>ntpd</tt> follows it to the file name to extract the filestamp. If a link is not present, <tt>ntpd</tt> extracts the filestamp from the file itself. This allows clients to verify that the file and generation times are always current. The <tt>ntp-keygen</tt> program uses the same extension for all files generated at one time, so each generation is distinct and can be readily recognized in monitoring data.</p>
+ <h4 id="run">Running the program</h4>
+- <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/ust/local/etc</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
++ <p>The safest way to run the <tt>ntp-keygen</tt> program is logged in directly as root. The recommended procedure is change to the keys directory, usually <tt>/etc/ntp/crypto</tt>, then run the program. When run for the first time, or if all <tt>ntpkey</tt> files have been removed, the program generates a RSA host key file and matching RSA-MD5 certificate file, which is all that is necessary in many cases. The program also generates soft links from the generic names to the respective files. If run again, the program uses the same host key file, but generates a new certificate file and link.</p>
+ <p>The host key is used to encrypt the cookie when required and so must be RSA type. By default, the host key is also the sign key used to encrypt signatures. When necessary, a different sign key can be specified and this can be either RSA or DSA type. By default, the message digest type is MD5, but any combination of sign key type and message digest type supported by the OpenSSL library can be specified, including those using the MD2, MD5, SHA, SHA1, MDC2 and RIPE160 message digest algorithms. However, the scheme specified in the certificate must be compatible with the sign key. Certificates using any digest algorithm are compatible with RSA sign keys; however, only SHA and SHA1 certificates are compatible with DSA sign keys.</p>
+ <p>Private/public key files and certificates are compatible with other OpenSSL applications and very likely other libraries as well. Certificates or certificate requests derived from them should be compatible with extant industry practice, although some users might find the interpretation of X509v3 extension fields somewhat liberal. However, the identification parameter files, although encoded as the other files, are probably not compatible with anything other than Autokey.</p>
+ <p>Running the program as other than root and using the Unix <tt>su</tt> command to assume root may not work properly, since by default the OpenSSL library looks for the random seed file <tt>.rnd</tt> in the user home directory. However, there should be only one <tt>.rnd</tt>, most conveniently in the root directory, so it is convenient to define the <tt>$RANDFILE</tt> environment variable used by the OpenSSL library as the path to <tt>/.rnd</tt>.</p>
@@ -81,11 +81,13 @@
<dd>Set the suject name to <i>name</i>. This is used as the subject field in certificates and in the file name for host and sign keys.
<dt><tt>-M</tt>
ntp-4.2.4p0-sleep.patch:
Index: ntp-4.2.4p0-sleep.patch
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp-4.2.4p0-sleep.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ntp-4.2.4p0-sleep.patch 9 May 2007 16:45:01 -0000 1.1
+++ ntp-4.2.4p0-sleep.patch 24 Jul 2007 12:08:12 -0000 1.2
@@ -140,7 +140,7 @@
+
+ for (ts_last_index = 0; ts_last_index < TS_LAST_SIZE; ts_last_index++)
+ L_CLR(&ts_last[ts_last_index]);
-+ time_elapsed = 0;
++ time_elapsed = ts_last_index = 0;
+
for (;;)
{
Index: ntp.conf
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp.conf,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- ntp.conf 8 Jan 2007 12:50:10 -0000 1.13
+++ ntp.conf 24 Jul 2007 12:08:12 -0000 1.14
@@ -1,3 +1,8 @@
+# For more information about this file, see the man pages
+# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
+
+driftfile VARNTP/drift
+
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
@@ -18,27 +23,26 @@
server 1.fedora.pool.ntp.org dynamic
server 2.fedora.pool.ntp.org dynamic
-#broadcast 192.168.1.255 key 42 # broadcast server
+#broadcast 192.168.1.255 autokey # broadcast server
#broadcastclient # broadcast client
-#broadcast 224.0.1.1 key 42 # multicast server
+#broadcast 224.0.1.1 autokey # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
-#manycastclient 239.255.254.254 key 42 # manycast client
+#manycastclient 239.255.254.254 autokey # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0 # local clock
#fudge 127.127.1.0 stratum 10
-# Drift file. Put this in a directory which the daemon can write to.
-# No symbolic links allowed, either, since the daemon updates the file
-# by creating a temporary in the same directory and then rename()'ing
-# it to the file.
-driftfile /var/lib/ntp/drift
+# Enable public key cryptography.
+#crypto
+
+includefile ETCNTP/crypto/pw
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
-keys /etc/ntp/keys
+keys ETCNTP/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
@@ -48,3 +52,6 @@
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
+
+# Enable writing of statistics records.
+#statistics clockstats cryptostats loopstats peerstats
Index: ntp.spec
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntp.spec,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ntp.spec 21 Jun 2007 10:23:39 -0000 1.68
+++ ntp.spec 24 Jul 2007 12:08:12 -0000 1.69
@@ -3,7 +3,7 @@
Summary: Synchronizes system time using the Network Time Protocol (NTP)
Name: ntp
Version: 4.2.4p2
-Release: 1%{?dist}
+Release: 2%{?dist}
License: distributable
Group: System Environment/Daemons
Source0: http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-%{version}.tar.gz
@@ -12,6 +12,8 @@
Source3: ntpd.init
Source4: ntpd.sysconfig
Source5: ntpstat-0.2.tgz
+Source6: ntp.step-tickers
+Source8: ntp.cryptopw
# new find-requires
Source7: filter-requires-ntp.sh
@@ -21,10 +23,12 @@
Patch3: ntp-4.2.4-groups.patch
Patch4: ntp-4.1.1c-rc3-authkey.patch
Patch5: ntp-4.2.4-linkfastmath.patch
+Patch6: ntp-4.2.4p2-tentative.patch
+Patch7: ntp-4.2.4p2-noseed.patch
Patch8: ntp-4.2.4p2-multilisten.patch
Patch9: ntp-4.2.4-html2man.patch
Patch10: ntp-4.2.4-htmldoc.patch
-Patch11: ntp-stable-4.2.0a-20050816-keyfile.patch
+Patch11: ntp-4.2.4p2-filegen.patch
Patch12: ntp-4.2.4-sprintf.patch
Patch14: ntp-4.2.4p2-mlock.patch
Patch17: ntp-4.2.4p0-sleep.patch
@@ -57,10 +61,12 @@
%patch2 -p1 -b .droproot
%patch3 -p1 -b .groups
%patch4 -p1 -b .authkey
+%patch6 -p1 -b .tentative
+%patch7 -p1 -b .noseed
%patch8 -p1 -b .multilisten
%patch9 -p1 -b .html2man
%patch10 -p1 -b .htmldoc
-%patch11 -p1 -b .keyfile
+%patch11 -p1 -b .filegen
%patch12 -p1 -b .sprintf
%patch14 -p1 -b .mlock
%patch17 -p1 -b .sleep
@@ -78,10 +84,13 @@
rm -f pietest
fi
%configure \
- --sysconfdir=%{_sysconfdir}/ntp \
+ --sysconfdir=%{_sysconfdir}/ntp/crypto \
--with-openssl-libdir=%{_libdir} \
--enable-all-clocks --enable-parse-clocks \
--enable-linuxcaps
+echo '#define KEYFILE "%{_sysconfdir}/ntp/keys"' >> config.h
+echo '#define NTP_VAR "%{_localstatedir}/log/ntpstats/"' >> config.h
+
make %{?_smp_mflags}
sed -i 's|$ntpq = "ntpq"|$ntpq = "%{_sbindir}/ntpq"|' scripts/ntptrace
@@ -119,13 +128,17 @@
find htmldoc -type d | xargs chmod 755
pushd $RPM_BUILD_ROOT
-mkdir -p .%{_sysconfdir}/{ntp,sysconfig} .%{_initrddir}
-mkdir -p .%{_localstatedir}/lib/ntp
-touch .%{_localstatedir}/lib/ntp/drift .%{_sysconfdir}/ntp/step-tickers
-install -m644 %{SOURCE1} .%{_sysconfdir}
-install -m600 %{SOURCE2} .%{_sysconfdir}/ntp/keys
-install -m755 %{SOURCE3} .%{_initrddir}/ntpd
-install -m644 %{SOURCE4} .%{_sysconfdir}/sysconfig/ntpd
+mkdir -p .%{_sysconfdir}/{ntp,ntp/crypto,sysconfig} .%{_initrddir}
+mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats}
+touch .%{_localstatedir}/lib/ntp/drift
+sed -e 's|ETCNTP|%{_sysconfdir}/ntp|' -e 's|VARNTP|%{_localstatedir}/lib/ntp|' \
+ < %{SOURCE1} > .%{_sysconfdir}/ntp.conf
+touch -r %{SOURCE1} .%{_sysconfdir}/ntp.conf
+install -p -m600 %{SOURCE2} .%{_sysconfdir}/ntp/keys
+install -p -m755 %{SOURCE3} .%{_initrddir}/ntpd
+install -p -m644 %{SOURCE4} .%{_sysconfdir}/sysconfig/ntpd
+install -p -m644 %{SOURCE6} .%{_sysconfdir}/ntp/step-tickers
+install -p -m600 %{SOURCE8} .%{_sysconfdir}/ntp/crypto/pw
popd
%clean
@@ -154,7 +167,7 @@
%files
%defattr(-,root,root)
-%doc htmldoc/html/* NEWS TODO
+%doc htmldoc/html/* COPYRIGHT ChangeLog NEWS TODO
%{_sbindir}/ntp-wait
%{_sbindir}/ntptrace
%{_sbindir}/ntp-keygen
@@ -166,18 +179,33 @@
%{_sbindir}/sntp
%{_sbindir}/tickadj
%{_initrddir}/ntpd
-%config(noreplace) %{_sysconfdir}/sysconfig/ntpd
-%config(noreplace) %{_sysconfdir}/ntp.conf
-%dir %{_sysconfdir}/ntp
+%config(noreplace) %{_sysconfdir}/sysconfig/ntpd
+%dir %{_sysconfdir}/ntp
+%config(noreplace) %{_sysconfdir}/ntp.conf
%config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/ntp/step-tickers
%config(noreplace) %{_sysconfdir}/ntp/keys
+%dir %attr(750,root,ntp) %{_sysconfdir}/ntp/crypto
+%config(noreplace) %{_sysconfdir}/ntp/crypto/pw
%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp
%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/drift
+%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats
%{_mandir}/man[58]/*.[58]*
%{_bindir}/ntpstat
%changelog
+* Tue Jul 24 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-2
+- ignore tentative addresses (#246297)
+- improve init script (#247003)
+- fix sleep patch
+- ease Autokey setup (#139673)
+ - change default keysdir to /etc/ntp/crypto
+ - set crypto password in /etc/ntp/crypto/pw
+ - don't use randfile if /dev/urandom is used by OpenSSL
+- change default statsdir to /var/log/ntpstats/, use statistics type
+ as default filename
+- package more doc files
+
* Thu Jun 21 2007 Miroslav Lichvar <mlichvar at redhat.com> 4.2.4p2-1
- update to 4.2.4p2
Index: ntpd.init
===================================================================
RCS file: /cvs/pkgs/rpms/ntp/devel/ntpd.init,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- ntpd.init 22 May 2007 13:47:54 -0000 1.25
+++ ntpd.init 24 Jul 2007 12:08:12 -0000 1.26
@@ -9,6 +9,19 @@
# a computer client or server to another server or reference time source, \
# such as a radio or satellite receiver or modem.
+### BEGIN INIT INFO
+# Provides: ntpd
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop: $network $local_fs $remote_fs
+# Should-Start: $syslog $named
+# Should-Stop: $syslog $named
+# Short-Description: start and stop ntpd
+# Description: ntpd is the NTPv4 daemon. The Network Time Protocol (NTP)
+# is used to synchronize the time of a computer client or
+# server to another server or reference time source, such
+# as a radio or satellite receiver or modem.
+### END INIT INFO
+
# Source function library.
. /etc/init.d/functions
@@ -19,13 +32,11 @@
. /etc/sysconfig/ntpd
fi
+prog=ntpd
+lockfile=/var/lock/subsys/$prog
ntpconf=/etc/ntp.conf
ntpstep=/etc/ntp/step-tickers
-
-RETVAL=0
-prog="ntpd"
-
sync_hwclock() {
ARC=0
SRM=0
@@ -73,8 +84,6 @@
esac
done
- [ -x /usr/sbin/ntpd -a -f $ntpconf ] || exit 0
-
tickers=''
if [ -s "$ntpstep" ]; then
tickers=$(sed 's/#.*//' $ntpstep)
@@ -92,6 +101,8 @@
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 1
+ [ -x /usr/sbin/ntpd ] || exit 5
+
readconf;
if [ -n "$dostep" ]; then
@@ -112,19 +123,19 @@
fi
# Start daemons.
echo -n $"Starting $prog: "
- daemon ntpd $OPTIONS
+ daemon $prog $OPTIONS
RETVAL=$?
echo
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
+ [ $RETVAL -eq 0 ] && touch $lockfile
return $RETVAL
}
stop() {
echo -n $"Shutting down $prog: "
- killproc ntpd
+ killproc $prog
RETVAL=$?
echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ntpd
+ [ $RETVAL -eq 0 ] && rm -f $lockfile
return $RETVAL
}
@@ -132,29 +143,27 @@
case "$1" in
start)
start
- ;;
+ ;;
stop)
stop
- ;;
+ ;;
status)
- status ntpd
- RETVAL=$?
+ status $prog
;;
- restart|reload)
+ restart|force-reload)
stop
start
- RETVAL=$?
;;
- condrestart)
- if [ -f /var/lock/subsys/ntpd ]; then
+ try-restart|condrestart)
+ if status $prog > /dev/null; then
stop
start
- RETVAL=$?
fi
;;
+ reload)
+ exit 3
+ ;;
*)
- echo $"Usage: $0 {start|stop|restart|condrestart|status}"
- RETVAL=3
+ echo $"Usage: $0 {start|stop|status|restart|try-restart|force-reload}"
+ exit 2
esac
-
-exit $RETVAL
--- ntp-stable-4.2.0a-20050816-keyfile.patch DELETED ---
More information about the scm-commits
mailing list