* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e5a6fe6a944fdc68999a978ce983bee942722730
@ 2026-05-27 14:49 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2026-05-27 14:49 UTC (permalink / raw)
To: ipfire-scm
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via e5a6fe6a944fdc68999a978ce983bee942722730 (commit)
via 8bd0f053c9e576f008c6033a9837842e25b1d03e (commit)
via e525834da86cc0bdad835d6f43090d2f5459e8cc (commit)
via 5ea04ab890bfff3586ab85b16b1d81642445dba3 (commit)
via ecdf3c6e6c10c6a99d9b09afdbd88ee1c3942aff (commit)
via dfe971738eb268e05359ce014f99640fb7cbe9ce (commit)
via 942597de3684d17682d1188585c985fff2caad6b (commit)
via cffd2c3978e513f64a2549b14d1e08abf83ef6cc (commit)
via 43cddf7e40d72c290ea5fc3138e2e6769370cc1f (commit)
via 91a49f02ff9f79e5d11a839951fa47174fd1130e (commit)
via c0b8718ff8ef368208eed2e9934cfa35d1cd7272 (commit)
via 4efa083cab701e199acb6b0b904bdc4278e93a35 (commit)
from 81af070d7c62476dc5e9c6a39a271077a9a74bd1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e5a6fe6a944fdc68999a978ce983bee942722730
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 15:09:53 2026 +0100
knot resolver: Don't try to load RPZs which don't exist
Since we can no longer use the inotify feature, there is no point in
creating or loading an empty zone file. We can simply skip the load and
hope that sooner or later we will be reloaded and the zone is present.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 8bd0f053c9e576f008c6033a9837842e25b1d03e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 15:07:30 2026 +0100
update-rpzs: Always reload DNS
We might receive an error if only one zone could not be retrieved, but
we should still apply any changes from other zones.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit e525834da86cc0bdad835d6f43090d2f5459e8cc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 15:02:51 2026 +0100
update-rpzs: Run zone-sync as knot-resolver user
This is so that the code that is exposed to the network does not run
with root priviledges and so that zone-sync can take advantage of our
outbound firewall rules and perform the sync.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 5ea04ab890bfff3586ab85b16b1d81642445dba3
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:57:46 2026 +0100
dnsbl.cgi: Sync RPZs if categories are enabled/disabled
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit ecdf3c6e6c10c6a99d9b09afdbd88ee1c3942aff
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:54:30 2026 +0100
core203: Ship all time setting changes
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit dfe971738eb268e05359ce014f99640fb7cbe9ce
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:49:01 2026 +0100
settime: Remove braindead localization and subnet guessing
This is so broken. OMG.
There is no point to guess where the time servers are. The sync should
happen regardless. The NTP daemon will also try to sync the time now and
therefore we should rather fire and forget.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 942597de3684d17682d1188585c985fff2caad6b
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:44:43 2026 +0100
initscripts: Sync time when the system connects to the internet
This is a replacement of blocking the entire boot process. As soon as
the system becomes online, we will make sure that we have the correct
time.
If we cannot sync in this case, we will try using a statically
configured name server so that we get DNSSEC to work.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit cffd2c3978e513f64a2549b14d1e08abf83ef6cc
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:40:02 2026 +0100
settime: Return exit code from ntpdate
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 43cddf7e40d72c290ea5fc3138e2e6769370cc1f
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:36:30 2026 +0100
time.cgi: Remove the option to enable time sync at boot
I don't understand why this is an option. When would you not want to
sync time?
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 91a49f02ff9f79e5d11a839951fa47174fd1130e
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:30:11 2026 +0100
initscripts: ntp: Don't block boot process if time cannot be synced
This is in the wrong place because we are running some race conditions
here. If the system is not connected at all, we will just unnecessarily
block the boot process without giving the user any option to abort the
wait.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit c0b8718ff8ef368208eed2e9934cfa35d1cd7272
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 14:25:45 2026 +0100
initscripts: settime: Refactor setting log time
This code been cleaned up so that the system is coming up with a recent
time if the RTC has been broken.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
commit 4efa083cab701e199acb6b0b904bdc4278e93a35
Author: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed May 27 13:29:11 2026 +0100
initscripts: Stop the boot process until DNS is ready
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/knot-resolver/config.lua | 74 +++++++++++------------
config/rootfiles/common/aarch64/initscripts | 3 +
config/rootfiles/common/riscv64/initscripts | 3 +
config/rootfiles/common/x86_64/initscripts | 3 +
config/rootfiles/core/203/filelists/files | 7 +++
doc/language_issues.de | 1 +
doc/language_issues.en | 1 -
doc/language_issues.es | 1 +
doc/language_issues.fr | 1 +
doc/language_issues.it | 1 +
doc/language_issues.nl | 1 +
doc/language_issues.pl | 1 +
doc/language_issues.ru | 1 +
doc/language_issues.tr | 1 +
doc/language_issues.tw | 1 +
doc/language_issues.zh | 1 +
html/cgi-bin/dnsbl.cgi | 4 +-
html/cgi-bin/time.cgi | 10 ---
lfs/initscripts | 1 +
src/initscripts/networking/red.up/26-time | 14 +++++
src/initscripts/system/ntp | 26 --------
src/initscripts/system/setclock | 47 +++++++++-----
src/initscripts/system/{waitdrives => waitfordns} | 59 +++++++++++-------
src/misc-progs/dnsctrl.c | 7 +++
src/scripts/settime | 62 +++++--------------
src/scripts/update-rpzs | 11 ++--
26 files changed, 176 insertions(+), 166 deletions(-)
create mode 100644 src/initscripts/networking/red.up/26-time
copy src/initscripts/system/{waitdrives => waitfordns} (69%)
Difference in files:
diff --git a/config/knot-resolver/config.lua b/config/knot-resolver/config.lua
index 162e8f5c6..e95a3c8b2 100644
--- a/config/knot-resolver/config.lua
+++ b/config/knot-resolver/config.lua
@@ -426,56 +426,54 @@ function config.load_rpzs()
local path = string.format("/var/cache/knot-resolver/rpzs/%s.zone", name)
-- Ensure the zone exists
- if not io.open(path) then
- io.open(path, "w")
- end
-
- -- Make the tag
- local tag = name:match("^([^.]+)"):lower()
+ if io.open(path) then
+ -- Make the tag
+ local tag = name:match("^([^.]+)"):lower()
- -- Load a new zone file
- local rpz = ffi.new("struct kr_rule_zonefile_config")
- rpz.nodata = true
- rpz.is_rpz = true
+ -- Load a new zone file
+ local rpz = ffi.new("struct kr_rule_zonefile_config")
+ rpz.nodata = true
+ rpz.is_rpz = true
- -- Load the zone from path
- rpz.filename = path
+ -- Load the zone from path
+ rpz.filename = path
- -- Set a default TTL
- rpz.ttl = C.KR_RULE_TTL_DEFAULT
- rpz.tags = policy.get_tagset({tag,})
+ -- Set a default TTL
+ rpz.ttl = C.KR_RULE_TTL_DEFAULT
+ rpz.tags = policy.get_tagset({tag,})
- -- opts are complicated
- rpz.opts = C.KR_RULE_OPTS_DEFAULT
- rpz.opts.score = 9
+ -- opts are complicated
+ rpz.opts = C.KR_RULE_OPTS_DEFAULT
+ rpz.opts.score = 9
- -- Enable logging
- rpz.opts.log_level = 3 -- NOTICE
- rpz.opts.log_ip = true
- rpz.opts.log_name = true
+ -- Enable logging
+ rpz.opts.log_level = 3 -- NOTICE
+ rpz.opts.log_ip = true
+ rpz.opts.log_name = true
- -- Load the file
- assert(C.kr_rule_zonefile(rpz) == 0)
+ -- Load the file
+ assert(C.kr_rule_zonefile(rpz) == 0)
- -- Apply zone ACLs
- for zone in enabled_zones:gmatch("[^|]+") do
- local subnet = get_zone(zone)
+ -- Apply zone ACLs
+ for zone in enabled_zones:gmatch("[^|]+") do
+ local subnet = get_zone(zone)
- if subnet then
- add_tag(views, subnet, tag)
+ if subnet then
+ add_tag(views, subnet, tag)
+ end
end
- end
- -- Apply custom ACLs
- for subnet in custom_acl:gmatch("[^|]+") do
- if subnet then
- add_tag(views, subnet, tag)
+ -- Apply custom ACLs
+ for subnet in custom_acl:gmatch("[^|]+") do
+ if subnet then
+ add_tag(views, subnet, tag)
+ end
end
- end
- -- Load it globally if no ACLs have been defined
- if enabled_zones == "" and custom_acl == "" then
- add_tag(views, "0.0.0.0/0", tag)
+ -- Load it globally if no ACLs have been defined
+ if enabled_zones == "" and custom_acl == "" then
+ add_tag(views, "0.0.0.0/0", tag)
+ end
end
end
end
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 4ea4cf933..ecd0923c7 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -61,6 +61,7 @@ etc/rc.d/init.d/networking/red.up/20-firewall
etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/25-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/26-time
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
@@ -95,6 +96,7 @@ etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/waitfordns
etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
@@ -131,6 +133,7 @@ etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
+etc/rc.d/rc3.d/S17waitfordns
#etc/rc.d/rc3.d/S18cpufreq
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
diff --git a/config/rootfiles/common/riscv64/initscripts b/config/rootfiles/common/riscv64/initscripts
index 8773c09cc..20e806e9d 100644
--- a/config/rootfiles/common/riscv64/initscripts
+++ b/config/rootfiles/common/riscv64/initscripts
@@ -61,6 +61,7 @@ etc/rc.d/init.d/networking/red.up/20-firewall
etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/25-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/26-time
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
@@ -94,6 +95,7 @@ etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/waitfordns
etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
@@ -130,6 +132,7 @@ etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
+etc/rc.d/rc3.d/S17waitfordns
#etc/rc.d/rc3.d/S18cpufreq
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 8773c09cc..20e806e9d 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -61,6 +61,7 @@ etc/rc.d/init.d/networking/red.up/20-firewall
etc/rc.d/init.d/networking/red.up/23-suricata
etc/rc.d/init.d/networking/red.up/24-RS-qos
etc/rc.d/init.d/networking/red.up/25-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/26-time
etc/rc.d/init.d/networking/red.up/27-RS-squid
etc/rc.d/init.d/networking/red.up/30-ddns
#etc/rc.d/init.d/networking/red.up/35-guardian
@@ -94,6 +95,7 @@ etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/vnstat
etc/rc.d/init.d/waitdrives
+etc/rc.d/init.d/waitfordns
etc/rc.d/init.d/wireguard
etc/rc.d/init.d/wlanclient
#etc/rc.d/rc0.d
@@ -130,6 +132,7 @@ etc/rc.d/rc3.d/S11knot-resolver
etc/rc.d/rc3.d/S12acpid
etc/rc.d/rc3.d/S15fireinfo
etc/rc.d/rc3.d/S15messagebus
+etc/rc.d/rc3.d/S17waitfordns
#etc/rc.d/rc3.d/S18cpufreq
etc/rc.d/rc3.d/S19smartenabler
etc/rc.d/rc3.d/S19wlanclient
diff --git a/config/rootfiles/core/203/filelists/files b/config/rootfiles/core/203/filelists/files
index 11c0da452..87d9e6533 100644
--- a/config/rootfiles/core/203/filelists/files
+++ b/config/rootfiles/core/203/filelists/files
@@ -5,8 +5,13 @@ etc/rc.d/init.d/firewall
etc/rc.d/init.d/functions
etc/rc.d/init.d/knot-resolver
etc/rc.d/init.d/networking/red.up/25-update-dns-forwarders
+etc/rc.d/init.d/networking/red.up/26-time
+etc/rc.d/init.d/ntp
+etc/rc.d/init.d/setclock
+etc/rc.d/init.d/waitfordns
etc/rc.d/rc0.d/K86knot-resolver
etc/rc.d/rc3.d/S11knot-resolver
+etc/rc.d/rc3.d/S17waitfordns
etc/rc.d/rc6.d/K86knot-resolver
srv/web/ipfire/cgi-bin/dhcp.cgi
srv/web/ipfire/cgi-bin/dns.cgi
@@ -14,6 +19,8 @@ srv/web/ipfire/cgi-bin/dnsbl.cgi
srv/web/ipfire/cgi-bin/dnsforward.cgi
srv/web/ipfire/cgi-bin/hosts.cgi
srv/web/ipfire/cgi-bin/services.cgi
+srv/web/ipfire/cgi-bin/time.cgi
+usr/local/bin/settime
usr/local/bin/update-rpzs
var/ipfire/backup/bin/backup.pl
var/ipfire/backup/include
diff --git a/doc/language_issues.de b/doc/language_issues.de
index d8ea3d611..bfcb004a6 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -37,6 +37,7 @@ WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan for Songs
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 53d55d90a..56350c178 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -77,7 +77,6 @@ WARNING: untranslated string: Number of Ports for the pie chart = Number of port
WARNING: untranslated string: OpenVPN = OpenVPN
WARNING: untranslated string: Port Rule = Port-Rule
WARNING: untranslated string: QoS not enabled = QoS is not enabled!
-WARNING: untranslated string: Set time on boot = Force setting the system clock on boot
WARNING: untranslated string: TOS Rule = TOS-Rule
WARNING: untranslated string: TOS rule = TOS rule
WARNING: untranslated string: The class number does not match the specified interface. = The class number does not match the specified interface.
diff --git a/doc/language_issues.es b/doc/language_issues.es
index d97db4fe3..e2b55a490 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -37,6 +37,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 3cab8d793..52533f74b 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -41,6 +41,7 @@ WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan for Songs
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 0006f5f8e..82f1bf67c 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -15,6 +15,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index c2d149c45..16971ff77 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -15,6 +15,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 7e51a3ac8..52bf31f36 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -15,6 +15,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index 0b2947913..5567ac637 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -15,6 +15,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 01d93ba78..146a5c7fe 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -36,6 +36,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.tw b/doc/language_issues.tw
index a46e15f61..d7e311deb 100644
--- a/doc/language_issues.tw
+++ b/doc/language_issues.tw
@@ -38,6 +38,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/doc/language_issues.zh b/doc/language_issues.zh
index a46e15f61..d7e311deb 100644
--- a/doc/language_issues.zh
+++ b/doc/language_issues.zh
@@ -38,6 +38,7 @@ WARNING: translation string unused: Remote VPN IP
WARNING: translation string unused: Resolv
WARNING: translation string unused: Scan for Files
WARNING: translation string unused: Scan from Directory
+WARNING: translation string unused: Set time on boot
WARNING: translation string unused: Subclass
WARNING: translation string unused: TOS Bits
WARNING: translation string unused: Utilization on
diff --git a/html/cgi-bin/dnsbl.cgi b/html/cgi-bin/dnsbl.cgi
index cb527919e..cb6adb7c7 100644
--- a/html/cgi-bin/dnsbl.cgi
+++ b/html/cgi-bin/dnsbl.cgi
@@ -107,8 +107,8 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") {
# Write config hash.
&writesettings("$settings_file", \%tmphash);
- # Reload DNS
- &General::system_background("/usr/local/bin/dnsctrl", "reload");
+ # Sync RPZs
+ &General::system_background("/usr/local/bin/dnsctrl", "sync-rpzs");
# Save changed zone ACL
} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'update'}") {
diff --git a/html/cgi-bin/time.cgi b/html/cgi-bin/time.cgi
index d465354bb..56bca7cf6 100644
--- a/html/cgi-bin/time.cgi
+++ b/html/cgi-bin/time.cgi
@@ -45,7 +45,6 @@ $timesettings{'UPDATE_METHOD'} = 'manually';
$timesettings{'UPDATE_VALUE'} = '0';
$timesettings{'UPDATE_PERIOD'} = '';
$timesettings{'ENABLECLNTP'} = 'off';
-$timesettings{'ENABLESETONBOOT'} = 'off';
&Header::getcgihash(\%timesettings);
@@ -178,7 +177,6 @@ if ($timesettings{'VALID'} eq '')
$timesettings{'UPDATE_PERIOD'} = 'daily';
$timesettings{'NTP_ADDR_1'} = '0.ipfire.pool.ntp.org';
$timesettings{'NTP_ADDR_2'} = '1.ipfire.pool.ntp.org';
- $timesettings{'ENABLESETONBOOT'} = 'off';
}
unless ($errormessage) {
@@ -209,10 +207,6 @@ $checked{'ENABLECLNTP'}{'off'} = '';
$checked{'ENABLECLNTP'}{'on'} = '';
$checked{'ENABLECLNTP'}{$timesettings{'ENABLECLNTP'}} = "checked='checked'";
-$checked{'ENABLESETONBOOT'}{'off'} = '';
-$checked{'ENABLESETONBOOT'}{'on'} = '';
-$checked{'ENABLESETONBOOT'}{$timesettings{'ENABLESETONBOOT'}} = "checked='checked'";
-
$checked{'UPDATE_METHOD'}{'manually'} = '';
$checked{'UPDATE_METHOD'}{'periodically'} = '';
$checked{'UPDATE_METHOD'}{$timesettings{'UPDATE_METHOD'}} = "checked='checked'";
@@ -281,10 +275,6 @@ print <<END
<td> </td>
<td class='base' colspan='4'><input type='checkbox' name='ENABLECLNTP' $checked{'ENABLECLNTP'}{'on'} /> $Lang::tr{'clenabled'}</td>
</tr>
-<tr>
- <td> </td>
- <td class='base' colspan='4'><input type='checkbox' name='ENABLESETONBOOT' $checked{'ENABLESETONBOOT'}{'on'} /> $Lang::tr{'Set time on boot'}</td>
-</tr>
</table>
END
;
diff --git a/lfs/initscripts b/lfs/initscripts
index cadd270e7..ff277749f 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -122,6 +122,7 @@ $(TARGET) :
ln -sf ../init.d/knot-resolver /etc/rc.d/rc3.d/S11knot-resolver
ln -sf ../init.d/fireinfo /etc/rc.d/rc3.d/S15fireinfo
ln -sf ../init.d/messagebus /etc/rc.d/rc3.d/S15messagebus
+ ln -sf ../init.d/waitfordns /etc/rc.d/rc3.d/S17waitfordns
ln -sf ../init.d/cpufreq /etc/rc.d/rc3.d/S18cpufreq
ln -sf ../init.d/smartenabler /etc/rc.d/rc3.d/S19smartenabler
ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient
diff --git a/src/initscripts/networking/red.up/26-time b/src/initscripts/networking/red.up/26-time
new file mode 100644
index 000000000..f80778494
--- /dev/null
+++ b/src/initscripts/networking/red.up/26-time
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Sync the system time
+if [ -r "/var/ipfire/time/settime.conf" ]; then
+ # Try the configured time servers
+ if /usr/local/bin/settime $(</var/ipfire/time/settime.conf); then
+ exit 0
+ fi
+fi
+
+# If there is no time server configuration or the sync failed,
+# we will try to sync using the IPFire time service. This is needed
+# to get DNSSEC to work if we are REALLY far away.
+exec /usr/local/bin/settime 81.3.27.46
diff --git a/src/initscripts/system/ntp b/src/initscripts/system/ntp
index 6c8174d25..673f64da3 100644
--- a/src/initscripts/system/ntp
+++ b/src/initscripts/system/ntp
@@ -26,32 +26,6 @@ eval $(/usr/local/bin/readhash /var/ipfire/time/settings)
case "$1" in
start)
- if [ "$ENABLESETONBOOT" == "on" ]; then
- boot_mesg -n "Setting time on boot..."
- pidof wpa_supplicant dhcpcd 2>&1 > /dev/null
- if [ "${?}" == "0" ]; then
- if [ ! -e /var/ipfire/red/active ]; then
- boot_mesg ""
- boot_mesg -n "Waiting for red connection"
- for (( i=30; i>1; i-- )) do
- if [ -e /var/ipfire/red/active ]; then
- break;
- fi
- boot_mesg -n "."
- sleep 2
- done
- sleep 5
- fi
- fi
- if [ -e /var/ipfire/red/active ]; then
- boot_mesg ""
- loadproc /usr/local/bin/settime $(cat /var/ipfire/time/settime.conf)
- else
- boot_mesg " ERROR! Not online!"
- echo_warning
- fi
- fi
-
echo -e "server ${NTP_ADDR_1} prefer\nserver ${NTP_ADDR_2}" > /etc/ntp/ntpInclude.conf
boot_mesg "Starting ntpd..."
diff --git a/src/initscripts/system/setclock b/src/initscripts/system/setclock
index 963507f9a..4feab75de 100644
--- a/src/initscripts/system/setclock
+++ b/src/initscripts/system/setclock
@@ -24,6 +24,36 @@
CLOCKPARAMS=
+# Restore log time
+# This is a fallback mechanism for systems without or with broken RTCs which
+# will reset the system clock to at least the timestamp of the last log file
+# modification date.
+restore_log_time() {
+ local file="/var/log/messages"
+
+ # Cannot restore the log time if the file does not exist
+ if [ ! -e "${file}" ]; then
+ return 0
+ fi
+
+ # Fetch the log timestamp
+ local t_log="$(stat --format="%Y" "${file}")"
+
+ # Fetch the current system time
+ local t_sys="$(date "+%s")"
+
+ # If the log time greater than the system time, we update the system time
+ if [ -n "${t_log}" -a -n "${t_sys}" -a "${t_log}" -gt "${t_sys}" ]; then
+ boot_mesg "The clock has been reset to the last log access" "${WARNING}"
+
+ # Set the time
+ date -s "@${t_log}" >/dev/null
+ evaluate_retval
+ fi
+
+ return 0
+}
+
case ${1} in
start)
@@ -45,20 +75,9 @@ case ${1} in
fi
hwclock --hctosys ${CLOCKPARAMS} &>/dev/null
- date
-
- if [ -e /var/log/messages ]; then
- LOGTIMESTAMP=`stat --format "%y" /var/log/messages`
- LOGTIME=`date +%s -d "$LOGTIMESTAMP"`
- SYSTIME=`date +%s`
- if [ $SYSTIME -lt $LOGTIME ]; then
- boot_mesg "Warning! clock runs later than last log access. Check battery/rtc!"
- date -s "$LOGTIMESTAMP"
- echo_warning;
- else
- echo_ok;
- fi
- fi
+
+ # Restore the log time if the system clock is behind time
+ restore_log_time
;;
stop)
diff --git a/src/initscripts/system/waitfordns b/src/initscripts/system/waitfordns
new file mode 100644
index 000000000..82ba96679
--- /dev/null
+++ b/src/initscripts/system/waitfordns
@@ -0,0 +1,73 @@
+#!/bin/sh
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall #
+# Copyright (C) 2026 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+wait_for_dns() {
+ local args=(
+ # Wait for one second only
+ "+timeout=1"
+
+ # Don't retry
+ "+retry=0"
+
+ # Query the local DNS service
+ "@127.0.0.1"
+
+ # Query the nameservers for root
+ "NS" "."
+ )
+
+ local timeout=120
+ local i=0
+
+ while [ "${i}" -lt "${timeout}" ]; do
+ echo "${i}"
+ if kdig "${args[@]}" >/dev/null 2>&1; then
+ return 0
+ fi
+
+ # Increment i
+ (( i++ ))
+ done
+
+ # Fail
+ return 1
+}
+
+case "${1}" in
+ start)
+ boot_mesg "Waiting for DNS to become ready..."
+
+ # Check if the DNS service is responding
+ if wait_for_dns; then
+ echo_ok
+ else
+ echo_failure
+ fi
+ ;;
+
+ *)
+ echo "Usage: ${0} {start}"
+ exit 1
+ ;;
+esac
diff --git a/src/misc-progs/dnsctrl.c b/src/misc-progs/dnsctrl.c
index 8f4955116..84b0ae211 100644
--- a/src/misc-progs/dnsctrl.c
+++ b/src/misc-progs/dnsctrl.c
@@ -27,6 +27,13 @@ int main(int argc, char** argv) {
};
return run("/etc/rc.d/init.d/knot-resolver", args);
+
+ } else if (strcmp(argv[1], "sync-rpzs") == 0) {
+ char* args[] = {
+ NULL,
+ };
+
+ return run("/usr/local/bin/update-rpzs", args);
}
fprintf(stderr, "Invalid command\n");
diff --git a/src/scripts/settime b/src/scripts/settime
index 2d181659b..8f47b18e6 100644
--- a/src/scripts/settime
+++ b/src/scripts/settime
@@ -19,58 +19,24 @@
# #
###############################################################################
-ongreen=1
-green=$(cat /var/ipfire/ethernet/settings | grep GREEN_NETADDRESS)
-if [ -z "$green" ]; then
- : # no Green subnet
-else
- green=${green##*=}; green="${green%.*}.[0-9]"
- if [ -n "$(cat /var/ipfire/time/settime.conf | grep $green)" ]; then
- ongreen=0 # NTP on Green
- fi
-fi
-
-onorange=1
-orange=$(cat /var/ipfire/ethernet/settings | grep ORANGE_NETADDRESS)
-if [ -z "$orange" ]; then
- : # no Orange subnet
-else
- orange=${orange##*=}; orange="${orange%.*}.[0-9]"
- if [ -n "$(cat /var/ipfire/time/settime.conf | grep $orange)" ]; then
- onorange=0 # NTP on Orange
- fi
-fi
-
-# find out language
-tlanguage=$(cat /var/ipfire/main/settings | grep LANGUAGE)
-tlanguage=${tlanguage##*=}
-
if [ -n "$1" ]; then
- if [ -e /var/ipfire/red/active ] || [ "$ongreen" -eq 0 ] || [ "$onorange" -eq 0 ]; then
- /usr/bin/ntpdate -su $1 $2
- ntpdatetest=$?
+ /usr/bin/ntpdate -su $1 $2
+ ntpdatetest=$?
- if [ "$ntpdatetest" -eq 0 ]; then
- case $tlanguage in
- en ) date "+%X %Z on %d %B %Y" > /var/lock/time/lastset ;
- logger -t ipfire "NTP synchronisation event" ;;
- de ) date "+%X Uhr am %d.%m.%Y" > /var/lock/time/lastset ;
- logger -t ipfire "NTP Synchronisierung" ;;
- * ) date "+%X %Z, %Y-%m-%d" > /var/lock/time/lastset ;
- logger -t ipfire "NTP synchronisation" ;;
- esac
+ if [ "$ntpdatetest" -eq 0 ]; then
+ date "+%X %Z, %Y-%m-%d" > /var/lock/time/lastset
- /sbin/hwclock --systohc
- rm -f /var/lock/time/settimenow
- # reset counter variable
- cp /var/ipfire/time/counter.conf /var/lock/time/counter
- else
- case $tlanguage in
- de ) logger -t ipfire "ntpdate fehlerhaft" ;;
- * ) logger -t ipfire "ntpdate error" ;;
- esac
- fi
+ /sbin/hwclock --systohc
+ rm -f /var/lock/time/settimenow
+ # reset counter variable
+ cp /var/ipfire/time/counter.conf /var/lock/time/counter
+ else
+ logger -t ipfire "ntpdate error"
fi
+
+ exit ${ntpdatetest}
else
echo Missing parameter
fi
+
+exit 0
diff --git a/src/scripts/update-rpzs b/src/scripts/update-rpzs
index 51a29b305..f8cf313a8 100644
--- a/src/scripts/update-rpzs
+++ b/src/scripts/update-rpzs
@@ -71,14 +71,13 @@ main() {
fi
done
- # Run the sync
- zone-sync "${ZONE_SYNC_ARGS[@]}" --primary="${primary}" "${zones[@]}" || failed=$?
+ # Run the sync as unprivileged user
+ setpriv --reuid="knot-resolver" --init-groups \
+ zone-sync "${ZONE_SYNC_ARGS[@]}" --primary="${primary}" "${zones[@]}" || failed=$?
done
- # Reload DNS if things went well
- if [ ${failed} -eq 0 ]; then
- /usr/local/bin/dnsctrl reload
- fi
+ # Reload DNS
+ /usr/local/bin/dnsctrl reload
return ${failed}
}
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-27 14:49 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-05-27 14:49 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. e5a6fe6a944fdc68999a978ce983bee942722730 Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox