Re: [PATCH] addon chrony

Hello Gerd,

Once again, what is the benefit of having a second time sync daemon as an addon?

The one that we use works and it will set the time correctly. So this won’t have any benefit at all. Especially as there is no way to disable the existing ntp-based scripts.

-Michael

On 20 Mar 2023, at 20:18, Gerd Hoerst gerd@hoerst.net wrote:

Signed-off-by: Gerd Hoerst gerd@hoerst.net

config/chrony/etc/chrony/chrony.conf | 32 +++++++++ config/chrony/etc/chrony/chrony.keys | 10 +++ config/chrony/etc/rc.d/init.d/chrony | 56 +++++++++++++++ config/rootfiles/packages/chrony | 12 ++++ lfs/chrony | 102 +++++++++++++++++++++++++++ make.sh | 1 + src/paks/chrony/install.sh | 33 +++++++++ src/paks/chrony/uninstall.sh | 31 ++++++++ src/paks/chrony/update.sh | 26 +++++++ 9 files changed, 303 insertions(+) create mode 100644 config/chrony/etc/chrony/chrony.conf create mode 100644 config/chrony/etc/chrony/chrony.keys create mode 100755 config/chrony/etc/rc.d/init.d/chrony create mode 100644 config/rootfiles/packages/chrony create mode 100644 lfs/chrony create mode 100644 src/paks/chrony/install.sh create mode 100644 src/paks/chrony/uninstall.sh create mode 100644 src/paks/chrony/update.sh

diff --git a/config/chrony/etc/chrony/chrony.conf b/config/chrony/etc/chrony/chrony.conf new file mode 100644 index 000000000..6c65f5c22 --- /dev/null +++ b/config/chrony/etc/chrony/chrony.conf @@ -0,0 +1,32 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives.

+pool 0.ipfire.pool.ntp.org

+# refclock SOCK /var/run/chrony.ttyAMA0.sock delay 0.0 refid SOCK +# refclock PPS /dev/pps0 refid PPS

+# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys

+# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift

+# Uncomment the following line to turn logging on. +#log tracking measurements statistics

+# Log files location. +logdir /var/log/chrony

+# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0

+# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync

+# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/config/chrony/etc/chrony/chrony.keys b/config/chrony/etc/chrony/chrony.keys new file mode 100644 index 000000000..cee70b392 --- /dev/null +++ b/config/chrony/etc/chrony/chrony.keys @@ -0,0 +1,10 @@ +# This file is solely used for NTP authentication with symmetric keys +# as defined by RFC 1305 and RFC 5905. +# +# It can contain ID/key pairs which can be generated using the “keygen” option +# from “chronyc”; for example: +# chronyc keygen 1 SHA256 256 >> /etc/chrony/chrony.keys +# would generate a 256-bit SHA-256 key using ID 1. +# +# A list of supported hash functions and output encoding can be found in +# the "keyfile" section from the "/usr/share/doc/chrony/chrony.txt.gz" file. diff --git a/config/chrony/etc/rc.d/init.d/chrony b/config/chrony/etc/rc.d/init.d/chrony new file mode 100755 index 000000000..0a2a0ee8e --- /dev/null +++ b/config/chrony/etc/rc.d/init.d/chrony @@ -0,0 +1,56 @@ +#!/bin/sh +######################################################################## +# Begin $rc_base/init.d/ +# +# Description : chrony initscript 4 ipfire 2.1x +# +# Authors : goerdi +# +# Version : 01.00 +# +# Notes : GPLv3 +# +########################################################################

+. /etc/sysconfig/rc +. $rc_functions

+SERVER="Chrony Time Server" +BINARY=chronyd +DAEMON=/usr/sbin/$BINARY +CONFIG=/etc/chrony/chrony.conf +PIDFILE=/run/chronyd.pid +START="$DAEMON -f $CONFIG"

+#test -f $DAEMON || exit 0 +[ -x $DAEMON ] || exit 0 +[ -f $CONFIG ] || exit 0

+case "$1" in

• start)

•  boot_mesg "Starting $SERVER"
  

•  loadproc $START
  

• ;;
• stop)

•  boot_mesg "Stopping $SERVER"
  

•  killproc -p $PIDFILE $DAEMON
  

• ;;
• restart)
• boot_mesg "Restarting $CAMSERVER"
• killproc -p $PIDFILE $DAEMON
• sleep 3
• loadproc $START
• ;;
• status)
• statusproc $DAEMON
• ;;
• *)
• echo "Usage: /etc/init.d/chrony {start|stop|restart|status}"
• exit 1
• ;;

+esac

+exit 0 diff --git a/config/rootfiles/packages/chrony b/config/rootfiles/packages/chrony new file mode 100644 index 000000000..8386502d4 --- /dev/null +++ b/config/rootfiles/packages/chrony @@ -0,0 +1,12 @@ +#etc/chrony +etc/chrony/chrony.keys +etc/chrony/chrony.conf +etc/rc.d/init.d/chrony +usr/bin/chronyc +#usr/lib/chrony +usr/lib/chrony/chrony-helper +usr/sbin/chronyd +#usr/share/man/man1/chronyc.1 +#usr/share/man/man5/chrony.conf.5 +#usr/share/man/man8/chronyd.8 +#var/lib/chrony diff --git a/lfs/chrony b/lfs/chrony new file mode 100644 index 000000000..8e471ef77 --- /dev/null +++ b/lfs/chrony @@ -0,0 +1,102 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2020 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +###############################################################################

+############################################################################### +# Definitions +###############################################################################

+include Config

+VER = 4.3

+THISAPP = chrony-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = https://download.tuxfamily.org/chrony +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = chrony +PAK_VER = 1 +DEPS = "" +############################################################################### +# Top-level Rules +###############################################################################

+objects = $(DL_FILE)

+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

+$(DL_FILE)_BLAKE2 = 51ba6d19312fd52cd6d6d8ab9437c886a3779877170674db6dc37d657e849101e2669fd6c8723d24e43c895cd1924c3d8d2ff442baeef9abe8a6c313929edf5f

+install : $(TARGET)

+check : $(patsubst %,$(DIR_CHK)/%,$(objects))

+download :$(patsubst %,$(DIR_DL)/%,$(objects)) +b2 : $(subst %,%_BLAKE2,$(objects))

+dist:

• @$(PAK)

+############################################################################### +# Downloading, checking, md5sum +###############################################################################

+$(patsubst %,$(DIR_CHK)/%,$(objects)) :

• @$(CHECK)

+$(patsubst %,$(DIR_DL)/%,$(objects)) :

• @$(LOAD)

+$(subst %,%_MD5,$(objects)) :

• @$(MD5)

+############################################################################### +# Installation Details +###############################################################################

+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))

• @$(PREBUILD)
• @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
• cd $(DIR_APP) && \
• ./configure \
• --prefix=/usr \
• --mandir=/usr/share/man \
• --sysconfdir=/etc/chrony \
• --without-readline \
• --enable-scfilter \
• --chronyrundir=/run/chrony \
• --with-ntp-era=$(shell date -d '1970-01-01 00:00:00+00:00' +'%s') \
• --enable-ntp-signd \
• --with-hwclockfile=/etc/adjtime \
• --with-pidfile=/run/chronyd.pid \
• --host-system=Linux
• cd $(DIR_APP) && make $(MAKETUNING)
• cd $(DIR_APP) && make install
• mkdir -p /etc/chrony
• cp -avf $(DIR_CONF)/chrony/etc/chrony/* /etc/chrony
• cp -vrf $(DIR_CONF)/chrony/etc/rc.d/init.d/chrony /etc/rc.d/init.d
• mkdir -p /usr/lib/chrony
• cp -avf $(DIR_CONF)/chrony/usr/lib/chrony/* /usr/lib/chrony
• @rm -rf $(DIR_APP)
• @$(POSTBUILD)

diff --git a/make.sh b/make.sh index 3b7f9850c..ab995c20e 100755 --- a/make.sh +++ b/make.sh @@ -1397,6 +1397,7 @@ buildipfire() { lfsmake2 python3-docutils lfsmake2 python3-daemon lfsmake2 ntp

• lfsmake2 chrony lfsmake2 openssh lfsmake2 fontconfig lfsmake2 dejavu-fonts-ttf

diff --git a/src/paks/chrony/install.sh b/src/paks/chrony/install.sh new file mode 100644 index 000000000..b0b053bd6 --- /dev/null +++ b/src/paks/chrony/install.sh @@ -0,0 +1,33 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh

+extract_files +restore_backup ${NAME} +chmod ugo+x /etc/rc.d/init.d/chrony +ln -svf ../init.d/chrony /etc/rc.d/rc0.d/K46chrony +ln -svf ../init.d/chrony /etc/rc.d/rc3.d/S26chrony +ln -svf ../init.d/chrony /etc/rc.d/rc6.d/K46chrony

+start_service --background ${NAME} diff --git a/src/paks/chrony/uninstall.sh b/src/paks/chrony/uninstall.sh new file mode 100644 index 000000000..9472553d3 --- /dev/null +++ b/src/paks/chrony/uninstall.sh @@ -0,0 +1,31 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +stop_service ${NAME} +# wait2 terminate +sleep 3 +make_backup ${NAME} +remove_files +rm -rf /etc/rc.d/rc*.d/*chrony +rm /etc/rc.d/rc3.d/off/*chrony diff --git a/src/paks/chrony/update.sh b/src/paks/chrony/update.sh new file mode 100644 index 000000000..89c40d0d7 --- /dev/null +++ b/src/paks/chrony/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh

+./install.sh

2.25.1