diff options
Diffstat (limited to 'meta-networking/recipes-support/ntp')
20 files changed, 994 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch b/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch new file mode 100644 index 000000000..ddcb044e6 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch | |||
@@ -0,0 +1,112 @@ | |||
1 | ntp: fix CVE-2013-5211 | ||
2 | |||
3 | Upstream-status: Backport | ||
4 | |||
5 | The monlist feature in ntp_request.c in ntpd in NTP before | ||
6 | 4.2.7p26 allows remote attackers to cause a denial of service | ||
7 | (traffic amplification) via forged (1) REQ_MON_GETLIST or | ||
8 | (2) REQ_MON_GETLIST_1 requests, as exploited in the wild | ||
9 | in December 2013. | ||
10 | |||
11 | Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> | ||
12 | |||
13 | --- a/ntpd/ntp_request.c | ||
14 | +++ b/ntpd/ntp_request.c | ||
15 | @@ -1912,44 +1912,11 @@ mon_getlist_0( | ||
16 | struct req_pkt *inpkt | ||
17 | ) | ||
18 | { | ||
19 | - register struct info_monitor *im; | ||
20 | - register struct mon_data *md; | ||
21 | - extern struct mon_data mon_mru_list; | ||
22 | - extern int mon_enabled; | ||
23 | - | ||
24 | #ifdef DEBUG | ||
25 | if (debug > 2) | ||
26 | printf("wants monitor 0 list\n"); | ||
27 | #endif | ||
28 | - if (!mon_enabled) { | ||
29 | - req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); | ||
30 | - return; | ||
31 | - } | ||
32 | - im = (struct info_monitor *)prepare_pkt(srcadr, inter, inpkt, | ||
33 | - v6sizeof(struct info_monitor)); | ||
34 | - for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0; | ||
35 | - md = md->mru_next) { | ||
36 | - im->lasttime = htonl((u_int32)((current_time - | ||
37 | - md->firsttime) / md->count)); | ||
38 | - im->firsttime = htonl((u_int32)(current_time - md->lasttime)); | ||
39 | - im->restr = htonl((u_int32)md->flags); | ||
40 | - im->count = htonl((u_int32)(md->count)); | ||
41 | - if (IS_IPV6(&md->rmtadr)) { | ||
42 | - if (!client_v6_capable) | ||
43 | - continue; | ||
44 | - im->addr6 = SOCK_ADDR6(&md->rmtadr); | ||
45 | - im->v6_flag = 1; | ||
46 | - } else { | ||
47 | - im->addr = NSRCADR(&md->rmtadr); | ||
48 | - if (client_v6_capable) | ||
49 | - im->v6_flag = 0; | ||
50 | - } | ||
51 | - im->port = md->rmtport; | ||
52 | - im->mode = md->mode; | ||
53 | - im->version = md->version; | ||
54 | - im = (struct info_monitor *)more_pkt(); | ||
55 | - } | ||
56 | - flush_pkt(); | ||
57 | + req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); | ||
58 | } | ||
59 | |||
60 | /* | ||
61 | @@ -1962,50 +1929,7 @@ mon_getlist_1( | ||
62 | struct req_pkt *inpkt | ||
63 | ) | ||
64 | { | ||
65 | - register struct info_monitor_1 *im; | ||
66 | - register struct mon_data *md; | ||
67 | - extern struct mon_data mon_mru_list; | ||
68 | - extern int mon_enabled; | ||
69 | - | ||
70 | - if (!mon_enabled) { | ||
71 | - req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); | ||
72 | - return; | ||
73 | - } | ||
74 | - im = (struct info_monitor_1 *)prepare_pkt(srcadr, inter, inpkt, | ||
75 | - v6sizeof(struct info_monitor_1)); | ||
76 | - for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0; | ||
77 | - md = md->mru_next) { | ||
78 | - im->lasttime = htonl((u_int32)((current_time - | ||
79 | - md->firsttime) / md->count)); | ||
80 | - im->firsttime = htonl((u_int32)(current_time - md->lasttime)); | ||
81 | - im->restr = htonl((u_int32)md->flags); | ||
82 | - im->count = htonl((u_int32)md->count); | ||
83 | - if (IS_IPV6(&md->rmtadr)) { | ||
84 | - if (!client_v6_capable) | ||
85 | - continue; | ||
86 | - im->addr6 = SOCK_ADDR6(&md->rmtadr); | ||
87 | - im->v6_flag = 1; | ||
88 | - im->daddr6 = SOCK_ADDR6(&md->interface->sin); | ||
89 | - } else { | ||
90 | - im->addr = NSRCADR(&md->rmtadr); | ||
91 | - if (client_v6_capable) | ||
92 | - im->v6_flag = 0; | ||
93 | - if (MDF_BCAST == md->cast_flags) | ||
94 | - im->daddr = NSRCADR(&md->interface->bcast); | ||
95 | - else if (md->cast_flags) { | ||
96 | - im->daddr = NSRCADR(&md->interface->sin); | ||
97 | - if (!im->daddr) | ||
98 | - im->daddr = NSRCADR(&md->interface->bcast); | ||
99 | - } else | ||
100 | - im->daddr = 4; | ||
101 | - } | ||
102 | - im->flags = htonl(md->cast_flags); | ||
103 | - im->port = md->rmtport; | ||
104 | - im->mode = md->mode; | ||
105 | - im->version = md->version; | ||
106 | - im = (struct info_monitor_1 *)more_pkt(); | ||
107 | - } | ||
108 | - flush_pkt(); | ||
109 | + req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); | ||
110 | } | ||
111 | |||
112 | /* | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch new file mode 100644 index 000000000..cb1e2f734 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch | |||
@@ -0,0 +1,17 @@ | |||
1 | --- a/include/ntp_syscall.h.orig 2009-05-19 16:44:55.048156467 -0400 | ||
2 | +++ b/include/ntp_syscall.h 2009-05-19 16:46:19.293323686 -0400 | ||
3 | @@ -14,6 +14,14 @@ | ||
4 | # include <sys/timex.h> | ||
5 | #endif | ||
6 | |||
7 | +#if defined(ADJ_NANO) && !defined(MOD_NANO) | ||
8 | +#define MOD_NANO ADJ_NANO | ||
9 | +#endif | ||
10 | + | ||
11 | +#if defined(ADJ_TAI) && !defined(MOD_TAI) | ||
12 | +#define MOD_TAI ADJ_TAI | ||
13 | +#endif | ||
14 | + | ||
15 | #ifndef NTP_SYSCALLS_LIBC | ||
16 | #ifdef NTP_SYSCALLS_STD | ||
17 | # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch new file mode 100644 index 000000000..667b705ea --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9293.patch | |||
@@ -0,0 +1,43 @@ | |||
1 | CVE-2014-9293 ntp: automatic generation of weak default key in config_auth() | ||
2 | |||
3 | Upstream-Status: Backport [Debian] | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | Index: git/ntpd/ntp_config.c | ||
8 | =================================================================== | ||
9 | --- git.orig/ntpd/ntp_config.c 2014-12-20 18:45:45.232872120 +0100 | ||
10 | +++ git/ntpd/ntp_config.c 2014-12-20 18:45:47.672921968 +0100 | ||
11 | @@ -1866,13 +1866,16 @@ | ||
12 | req_hashlen = digest_len; | ||
13 | #endif | ||
14 | } else { | ||
15 | - int rankey; | ||
16 | + unsigned char rankey[16]; | ||
17 | + | ||
18 | + if (ntp_crypto_random_buf(rankey, sizeof (rankey))) { | ||
19 | + msyslog(LOG_ERR, "ntp_crypto_random_buf() failed."); | ||
20 | + exit(1); | ||
21 | + } | ||
22 | |||
23 | - rankey = ntp_random(); | ||
24 | req_keytype = NID_md5; | ||
25 | req_hashlen = 16; | ||
26 | - MD5auth_setkey(req_keyid, req_keytype, | ||
27 | - (u_char *)&rankey, sizeof(rankey)); | ||
28 | + MD5auth_setkey(req_keyid, req_keytype, rankey, sizeof(rankey)); | ||
29 | authtrust(req_keyid, 1); | ||
30 | } | ||
31 | |||
32 | Index: git/ntpd/ntpd.c | ||
33 | =================================================================== | ||
34 | --- git.orig/ntpd/ntpd.c 2014-12-20 18:45:45.232872120 +0100 | ||
35 | +++ git/ntpd/ntpd.c 2014-12-20 18:45:47.672921968 +0100 | ||
36 | @@ -597,6 +597,7 @@ | ||
37 | get_systime(&now); | ||
38 | |||
39 | ntp_srandom((int)(now.l_i * now.l_uf)); | ||
40 | + ntp_crypto_srandom(); | ||
41 | |||
42 | #if !defined(VMS) | ||
43 | # ifndef NODETACH | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch new file mode 100644 index 000000000..67e532b9d --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9294.patch | |||
@@ -0,0 +1,128 @@ | |||
1 | CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys | ||
2 | |||
3 | Upstream-Status: Backport [Debian] | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | Index: ntp-4.2.6p5/include/ntp_random.h | ||
8 | =================================================================== | ||
9 | --- ntp-4.2.6p5.orig/include/ntp_random.h | ||
10 | +++ ntp-4.2.6p5/include/ntp_random.h | ||
11 | @@ -1,6 +1,9 @@ | ||
12 | |||
13 | #include <ntp_types.h> | ||
14 | |||
15 | +void ntp_crypto_srandom(void); | ||
16 | +int ntp_crypto_random_buf(void *buf, size_t nbytes); | ||
17 | + | ||
18 | long ntp_random (void); | ||
19 | void ntp_srandom (unsigned long); | ||
20 | void ntp_srandomdev (void); | ||
21 | Index: ntp-4.2.6p5/libntp/ntp_random.c | ||
22 | =================================================================== | ||
23 | --- ntp-4.2.6p5.orig/libntp/ntp_random.c | ||
24 | +++ ntp-4.2.6p5/libntp/ntp_random.c | ||
25 | @@ -481,3 +481,74 @@ ntp_random( void ) | ||
26 | } | ||
27 | return(i); | ||
28 | } | ||
29 | + | ||
30 | +/* | ||
31 | + * Crypto-quality random number functions | ||
32 | + * | ||
33 | + * Author: Harlan Stenn, 2014 | ||
34 | + * | ||
35 | + * This file is Copyright (c) 2014 by Network Time Foundation. | ||
36 | + * BSD terms apply: see the file COPYRIGHT in the distribution root for details. | ||
37 | + */ | ||
38 | + | ||
39 | +#ifdef OPENSSL | ||
40 | +#include <openssl/err.h> | ||
41 | +#include <openssl/rand.h> | ||
42 | + | ||
43 | +int crypto_rand_init = 0; | ||
44 | +#endif | ||
45 | + | ||
46 | +/* | ||
47 | + * ntp_crypto_srandom: | ||
48 | + * | ||
49 | + * Initialize the random number generator, if needed by the underlying | ||
50 | + * crypto random number generation mechanism. | ||
51 | + */ | ||
52 | + | ||
53 | +void | ||
54 | +ntp_crypto_srandom( | ||
55 | + void | ||
56 | + ) | ||
57 | +{ | ||
58 | +#ifdef OPENSSL | ||
59 | + if (!crypto_rand_init) { | ||
60 | + RAND_poll(); | ||
61 | + crypto_rand_init = 1; | ||
62 | + } | ||
63 | +#else | ||
64 | + /* No initialization needed for arc4random() */ | ||
65 | +#endif | ||
66 | +} | ||
67 | + | ||
68 | +/* | ||
69 | + * ntp_crypto_random_buf: | ||
70 | + * | ||
71 | + * Returns 0 on success, -1 on error. | ||
72 | + */ | ||
73 | +int | ||
74 | +ntp_crypto_random_buf( | ||
75 | + void *buf, | ||
76 | + size_t nbytes | ||
77 | + ) | ||
78 | +{ | ||
79 | +#ifdef OPENSSL | ||
80 | + int rc; | ||
81 | + | ||
82 | + rc = RAND_bytes(buf, nbytes); | ||
83 | + if (1 != rc) { | ||
84 | + unsigned long err; | ||
85 | + char *err_str; | ||
86 | + | ||
87 | + err = ERR_get_error(); | ||
88 | + err_str = ERR_error_string(err, NULL); | ||
89 | + /* XXX: Log the error */ | ||
90 | + | ||
91 | + return -1; | ||
92 | + } | ||
93 | + return 0; | ||
94 | +#else | ||
95 | + arc4random_buf(buf, nbytes); | ||
96 | + return 0; | ||
97 | +#endif | ||
98 | +} | ||
99 | + | ||
100 | Index: ntp-4.2.6p5/util/ntp-keygen.c | ||
101 | =================================================================== | ||
102 | --- ntp-4.2.6p5.orig/util/ntp-keygen.c | ||
103 | +++ ntp-4.2.6p5/util/ntp-keygen.c | ||
104 | @@ -261,6 +261,8 @@ main( | ||
105 | ssl_check_version(); | ||
106 | #endif /* OPENSSL */ | ||
107 | |||
108 | + ntp_crypto_srandom(); | ||
109 | + | ||
110 | /* | ||
111 | * Process options, initialize host name and timestamp. | ||
112 | */ | ||
113 | @@ -727,7 +729,14 @@ gen_md5( | ||
114 | int temp; | ||
115 | |||
116 | while (1) { | ||
117 | - temp = ntp_random() & 0xff; | ||
118 | + int rc; | ||
119 | + | ||
120 | + rc = ntp_crypto_random_buf(&temp, 1); | ||
121 | + if (-1 == rc) { | ||
122 | + fprintf(stderr, "ntp_crypto_random_buf() failed.\n"); | ||
123 | + exit (-1); | ||
124 | + } | ||
125 | + temp &= 0xff; | ||
126 | if (temp == '#') | ||
127 | continue; | ||
128 | |||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch new file mode 100644 index 000000000..6143f26e9 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9295.patch | |||
@@ -0,0 +1,113 @@ | |||
1 | CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets | ||
2 | |||
3 | Upstream-Status: Backport [Debian] | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | 2014-12-12 11:06:03+00:00, stenn@psp-fb1.ntp.org +12 -3 | ||
8 | [Sec 2667] buffer overflow in crypto_recv() | ||
9 | 2014-12-12 11:13:40+00:00, stenn@psp-fb1.ntp.org +16 -1 | ||
10 | [Sec 2668] buffer overflow in ctl_putdata() | ||
11 | 2014-12-12 11:19:37+00:00, stenn@psp-fb1.ntp.org +14 -0 | ||
12 | [Sec 2669] buffer overflow in configure() | ||
13 | |||
14 | Index: git/ntpd/ntp_crypto.c | ||
15 | =================================================================== | ||
16 | --- git.orig/ntpd/ntp_crypto.c 2014-12-20 18:45:44.208851199 +0100 | ||
17 | +++ git/ntpd/ntp_crypto.c 2014-12-20 18:45:56.425100776 +0100 | ||
18 | @@ -789,15 +789,24 @@ | ||
19 | * errors. | ||
20 | */ | ||
21 | if (vallen == (u_int)EVP_PKEY_size(host_pkey)) { | ||
22 | + u_int32 *cookiebuf = malloc( | ||
23 | + RSA_size(host_pkey->pkey.rsa)); | ||
24 | + if (!cookiebuf) { | ||
25 | + rval = XEVNT_CKY; | ||
26 | + break; | ||
27 | + } | ||
28 | + | ||
29 | if (RSA_private_decrypt(vallen, | ||
30 | (u_char *)ep->pkt, | ||
31 | - (u_char *)&temp32, | ||
32 | + (u_char *)cookiebuf, | ||
33 | host_pkey->pkey.rsa, | ||
34 | - RSA_PKCS1_OAEP_PADDING) <= 0) { | ||
35 | + RSA_PKCS1_OAEP_PADDING) != 4) { | ||
36 | rval = XEVNT_CKY; | ||
37 | + free(cookiebuf); | ||
38 | break; | ||
39 | } else { | ||
40 | - cookie = ntohl(temp32); | ||
41 | + cookie = ntohl(*cookiebuf); | ||
42 | + free(cookiebuf); | ||
43 | } | ||
44 | } else { | ||
45 | rval = XEVNT_CKY; | ||
46 | Index: git/ntpd/ntp_control.c | ||
47 | =================================================================== | ||
48 | --- git.orig/ntpd/ntp_control.c 2014-12-20 18:45:44.208851199 +0100 | ||
49 | +++ git/ntpd/ntp_control.c 2014-12-20 18:45:56.429100859 +0100 | ||
50 | @@ -486,6 +486,10 @@ | ||
51 | static char *reqpt; | ||
52 | static char *reqend; | ||
53 | |||
54 | +#ifndef MIN | ||
55 | +#define MIN(a, b) (((a) <= (b)) ? (a) : (b)) | ||
56 | +#endif | ||
57 | + | ||
58 | /* | ||
59 | * init_control - initialize request data | ||
60 | */ | ||
61 | @@ -995,6 +999,7 @@ | ||
62 | ) | ||
63 | { | ||
64 | int overhead; | ||
65 | + unsigned int currentlen; | ||
66 | |||
67 | overhead = 0; | ||
68 | if (!bin) { | ||
69 | @@ -1018,12 +1023,22 @@ | ||
70 | /* | ||
71 | * Save room for trailing junk | ||
72 | */ | ||
73 | - if (dlen + overhead + datapt > dataend) { | ||
74 | + while (dlen + overhead + datapt > dataend) { | ||
75 | /* | ||
76 | * Not enough room in this one, flush it out. | ||
77 | */ | ||
78 | + currentlen = MIN(dlen, dataend - datapt); | ||
79 | + | ||
80 | + memcpy(datapt, dp, currentlen); | ||
81 | + | ||
82 | + datapt += currentlen; | ||
83 | + dp += currentlen; | ||
84 | + dlen -= currentlen; | ||
85 | + datalinelen += currentlen; | ||
86 | + | ||
87 | ctl_flushpkt(CTL_MORE); | ||
88 | } | ||
89 | + | ||
90 | memmove((char *)datapt, dp, (unsigned)dlen); | ||
91 | datapt += dlen; | ||
92 | datalinelen += dlen; | ||
93 | @@ -2492,6 +2507,20 @@ | ||
94 | |||
95 | /* Initialize the remote config buffer */ | ||
96 | data_count = reqend - reqpt; | ||
97 | + | ||
98 | + if (data_count > sizeof(remote_config.buffer) - 2) { | ||
99 | + snprintf(remote_config.err_msg, | ||
100 | + sizeof(remote_config.err_msg), | ||
101 | + "runtime configuration failed: request too long"); | ||
102 | + ctl_putdata(remote_config.err_msg, | ||
103 | + strlen(remote_config.err_msg), 0); | ||
104 | + ctl_flushpkt(0); | ||
105 | + msyslog(LOG_NOTICE, | ||
106 | + "runtime config from %s rejected: request too long", | ||
107 | + stoa(&rbufp->recv_srcadr)); | ||
108 | + return; | ||
109 | + } | ||
110 | + | ||
111 | memcpy(remote_config.buffer, reqpt, data_count); | ||
112 | if (data_count > 0 | ||
113 | && '\n' != remote_config.buffer[data_count - 1]) | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch new file mode 100644 index 000000000..a85f65d2a --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-4.2.6p5-cve-2014-9296.patch | |||
@@ -0,0 +1,21 @@ | |||
1 | CVE-2014-9296 ntp: receive() missing return on error | ||
2 | |||
3 | Upstream-Status: Backport [Debian] | ||
4 | |||
5 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
6 | |||
7 | 2014-12-12 11:24:22+00:00, stenn@psp-fb1.ntp.org +1 -0 | ||
8 | [Sec 2670] Missing return; from error clause | ||
9 | |||
10 | Index: git/ntpd/ntp_proto.c | ||
11 | =================================================================== | ||
12 | --- git.orig/ntpd/ntp_proto.c 2014-12-20 18:45:42.760821618 +0100 | ||
13 | +++ git/ntpd/ntp_proto.c 2014-12-20 18:46:00.153176945 +0100 | ||
14 | @@ -947,6 +947,7 @@ | ||
15 | fast_xmit(rbufp, MODE_ACTIVE, 0, | ||
16 | restrict_mask); | ||
17 | sys_restricted++; | ||
18 | + return; | ||
19 | } | ||
20 | } | ||
21 | |||
diff --git a/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch b/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch new file mode 100644 index 000000000..f576e2ee8 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp-keygen_no_openssl.patch | |||
@@ -0,0 +1,108 @@ | |||
1 | Fix ntp-keygen build without OpenSSL | ||
2 | |||
3 | Patch borrowed from Gentoo, originally from upstream | ||
4 | Added --enable-libenvent to config since this version | ||
5 | does not have local libevent support but we need the | ||
6 | functions from the lib. | ||
7 | |||
8 | Signed-off-by: Armin Kuster <akuster808@gmail.com> | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | |||
12 | Upstream commit: | ||
13 | http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg | ||
14 | Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238 | ||
15 | |||
16 | Signed-off-by: Markos Chandras <hwoarang@gentoo.org> | ||
17 | |||
18 | Index: ntp-4.2.6p5/libntp/ntp_random.c | ||
19 | =================================================================== | ||
20 | --- ntp-4.2.6p5.orig/libntp/ntp_random.c | ||
21 | +++ ntp-4.2.6p5/libntp/ntp_random.c | ||
22 | @@ -498,6 +498,21 @@ ntp_random( void ) | ||
23 | int crypto_rand_init = 0; | ||
24 | #endif | ||
25 | |||
26 | +#ifndef HAVE_ARC4RANDOM_BUF | ||
27 | +static void | ||
28 | +arc4random_buf(void *buf, size_t nbytes); | ||
29 | + | ||
30 | +void | ||
31 | +evutil_secure_rng_get_bytes(void *buf, size_t nbytes); | ||
32 | + | ||
33 | +static void | ||
34 | +arc4random_buf(void *buf, size_t nbytes) | ||
35 | +{ | ||
36 | + evutil_secure_rng_get_bytes(buf, nbytes); | ||
37 | + return; | ||
38 | +} | ||
39 | +#endif | ||
40 | + | ||
41 | /* | ||
42 | * ntp_crypto_srandom: | ||
43 | * | ||
44 | Index: ntp-4.2.6p5/util/Makefile.am | ||
45 | =================================================================== | ||
46 | --- ntp-4.2.6p5.orig/util/Makefile.am | ||
47 | +++ ntp-4.2.6p5/util/Makefile.am | ||
48 | @@ -21,6 +21,7 @@ AM_CPPFLAGS= -I$(top_srcdir)/include -I$ | ||
49 | LDADD= ../libntp/libntp.a | ||
50 | ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h | ||
51 | ntp_keygen_LDADD= version.o $(LIBOPTS_LDADD) ../libntp/libntp.a @LCRYPTO@ | ||
52 | +ntp_keygen_LDADD += $(LDADD_LIBEVENT) | ||
53 | |||
54 | ETAGS_ARGS= Makefile.am | ||
55 | #EXTRA_DIST= README TAGS | ||
56 | Index: ntp-4.2.6p5/configure.ac | ||
57 | =================================================================== | ||
58 | --- ntp-4.2.6p5.orig/configure.ac | ||
59 | +++ ntp-4.2.6p5/configure.ac | ||
60 | @@ -376,6 +376,8 @@ AC_CHECK_FUNC([openlog], , | ||
61 | AC_SEARCH_LIBS([MD5Init], [md5 md]) | ||
62 | AC_CHECK_FUNCS(MD5Init) | ||
63 | |||
64 | +AC_CHECK_FUNC([arc4random_buf]) | ||
65 | + | ||
66 | NTP_LINEEDITLIBS | ||
67 | |||
68 | dnl Digital UNIX V4.0 and Solaris 7 have POSIX.1c functions in -lrt | ||
69 | @@ -5205,6 +5207,39 @@ AC_MSG_RESULT([$ntp_use_dev_clockctl]) | ||
70 | |||
71 | AC_CHECK_HEADERS([sys/capability.h sys/prctl.h]) | ||
72 | |||
73 | +AC_MSG_CHECKING([if we have libevent capabilities (libevent)]) | ||
74 | + | ||
75 | +case "$ac_cv_header_event2_event-config_h" in | ||
76 | + yes) | ||
77 | + case "$host" in | ||
78 | + *) ntp_have_linuxcaps=yes | ||
79 | + ;; | ||
80 | + esac | ||
81 | + ;; | ||
82 | + *) | ||
83 | + ntp_have_linuxcaps=no | ||
84 | + ;; | ||
85 | +esac | ||
86 | + | ||
87 | +AC_ARG_ENABLE( | ||
88 | + [libevent], | ||
89 | + [AS_HELP_STRING( | ||
90 | + [--enable-libevent], | ||
91 | + [+ Use libevent capabilities for arc4random] | ||
92 | + )], | ||
93 | + [ntp_have_libevent=$enableval] | ||
94 | +) | ||
95 | + | ||
96 | +AC_MSG_RESULT([$ntp_have_libevent]) | ||
97 | + | ||
98 | +case "$ntp_have_libevent" in | ||
99 | + yes) | ||
100 | + AC_DEFINE([HAVE_LIBEVENT], [1], | ||
101 | + [Do we have libevent capabilities?]) | ||
102 | + LIBS="$LIBS -levent" | ||
103 | +esac | ||
104 | + | ||
105 | + | ||
106 | AC_MSG_CHECKING([if we have linux capabilities (libcap)]) | ||
107 | |||
108 | case "$ac_cv_header_sys_capability_h$ac_cv_header_sys_prctl_h" in | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntp.conf b/meta-networking/recipes-support/ntp/files/ntp.conf new file mode 100644 index 000000000..676e18645 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntp.conf | |||
@@ -0,0 +1,17 @@ | |||
1 | # This is the most basic ntp configuration file | ||
2 | # The driftfile must remain in a place specific to this | ||
3 | # machine - it records the machine specific clock error | ||
4 | driftfile /var/lib/ntp/drift | ||
5 | # This should be a server that is close (in IP terms) | ||
6 | # to the machine. Add other servers as required. | ||
7 | # Unless you un-comment the line below ntpd will sync | ||
8 | # only against the local system clock. | ||
9 | # | ||
10 | # server time.server.example.com | ||
11 | # | ||
12 | # Using local hardware clock as fallback | ||
13 | # Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself | ||
14 | server 127.127.1.0 | ||
15 | fudge 127.127.1.0 stratum 14 | ||
16 | # Defining a default security setting | ||
17 | restrict default | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntpd b/meta-networking/recipes-support/ntp/files/ntpd new file mode 100755 index 000000000..d1b9c4907 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntpd | |||
@@ -0,0 +1,84 @@ | |||
1 | #! /bin/sh | ||
2 | |||
3 | ### BEGIN INIT INFO | ||
4 | # Provides: ntp | ||
5 | # Required-Start: $network $remote_fs $syslog | ||
6 | # Required-Stop: $network $remote_fs $syslog | ||
7 | # Default-Start: 2 3 4 5 | ||
8 | # Default-Stop: | ||
9 | # Short-Description: Start NTP daemon | ||
10 | ### END INIT INFO | ||
11 | |||
12 | PATH=/sbin:/bin:/usr/bin:/usr/sbin | ||
13 | |||
14 | DAEMON=/usr/sbin/ntpd | ||
15 | PIDFILE=/var/run/ntpd.pid | ||
16 | |||
17 | # ntpd init.d script for ntpdc from ntp.isc.org | ||
18 | test -x $DAEMON -a -r /etc/ntp.conf || exit 0 | ||
19 | |||
20 | # rcS contains TICKADJ | ||
21 | test -r /etc/default/rcS && . /etc/default/rcS | ||
22 | |||
23 | # Source function library. | ||
24 | . /etc/init.d/functions | ||
25 | |||
26 | # Functions to do individual actions | ||
27 | settick(){ | ||
28 | # If TICKADJ is set we *must* adjust it before we start, because the | ||
29 | # driftfile relies on the correct setting | ||
30 | test -n "$TICKADJ" -a -x /usr/sbin/tickadj && { | ||
31 | echo -n "Setting tick to $TICKADJ: " | ||
32 | /usr/sbin/tickadj "$TICKADJ" | ||
33 | echo "done" | ||
34 | } | ||
35 | } | ||
36 | startdaemon(){ | ||
37 | # The -g option allows ntpd to step the time to correct it just | ||
38 | # once. The daemon will exit if the clock drifts too much after | ||
39 | # this. If ntpd seems to disappear after a while assume TICKADJ | ||
40 | # above is set to a totally incorrect value. | ||
41 | echo -n "Starting ntpd: " | ||
42 | start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@" | ||
43 | echo "done" | ||
44 | } | ||
45 | stopdaemon(){ | ||
46 | echo -n "Stopping ntpd: " | ||
47 | start-stop-daemon --stop --quiet --oknodo -p $PIDFILE | ||
48 | echo "done" | ||
49 | } | ||
50 | |||
51 | case "$1" in | ||
52 | start) | ||
53 | settick | ||
54 | startdaemon -g | ||
55 | ;; | ||
56 | stop) | ||
57 | stopdaemon | ||
58 | ;; | ||
59 | force-reload) | ||
60 | stopdaemon | ||
61 | settick | ||
62 | startdaemon -g | ||
63 | ;; | ||
64 | restart) | ||
65 | # Don't reset the tick here | ||
66 | stopdaemon | ||
67 | startdaemon -g | ||
68 | ;; | ||
69 | reload) | ||
70 | # Must do this by hand, but don't do -g | ||
71 | stopdaemon | ||
72 | startdaemon | ||
73 | ;; | ||
74 | status) | ||
75 | status /usr/sbin/ntpd; | ||
76 | exit $? | ||
77 | ;; | ||
78 | *) | ||
79 | echo "Usage: ntpd { start | stop | status | restart | reload }" >&2 | ||
80 | exit 1 | ||
81 | ;; | ||
82 | esac | ||
83 | |||
84 | exit 0 | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntpdate b/meta-networking/recipes-support/ntp/files/ntpdate new file mode 100755 index 000000000..17b64d133 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntpdate | |||
@@ -0,0 +1,54 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | PATH=/sbin:/bin:/usr/bin:/usr/sbin | ||
4 | |||
5 | test -x /usr/sbin/ntpdate || exit 0 | ||
6 | |||
7 | if test -f /etc/default/ntpdate ; then | ||
8 | . /etc/default/ntpdate | ||
9 | fi | ||
10 | |||
11 | if [ "$NTPSERVERS" = "" ] ; then | ||
12 | if [ "$METHOD" = "" -a "$1" != "silent" ] ; then | ||
13 | echo "Please set NTPSERVERS in /etc/default/ntpdate" | ||
14 | exit 1 | ||
15 | else | ||
16 | exit 0 | ||
17 | fi | ||
18 | fi | ||
19 | |||
20 | # This is a heuristic: The idea is that if a static interface is brought | ||
21 | # up, that is a major event, and we can put in some extra effort to fix | ||
22 | # the system time. Feel free to change this, especially if you regularly | ||
23 | # bring up new network interfaces. | ||
24 | if [ "$METHOD" = static ]; then | ||
25 | OPTS="-b" | ||
26 | fi | ||
27 | |||
28 | if [ "$METHOD" = loopback ]; then | ||
29 | exit 0 | ||
30 | fi | ||
31 | |||
32 | ( | ||
33 | |||
34 | LOCKFILE=/var/lock/ntpdate | ||
35 | |||
36 | # Avoid running more than one at a time | ||
37 | if [ -x /usr/bin/lockfile-create ]; then | ||
38 | lockfile-create $LOCKFILE | ||
39 | lockfile-touch $LOCKFILE & | ||
40 | LOCKTOUCHPID="$!" | ||
41 | fi | ||
42 | |||
43 | if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then | ||
44 | if [ "$UPDATE_HWCLOCK" = "yes" ]; then | ||
45 | hwclock --systohc || : | ||
46 | fi | ||
47 | fi | ||
48 | |||
49 | if [ -x /usr/bin/lockfile-create ] ; then | ||
50 | kill $LOCKTOUCHPID | ||
51 | lockfile-remove $LOCKFILE | ||
52 | fi | ||
53 | |||
54 | ) & | ||
diff --git a/meta-networking/recipes-support/ntp/files/ntpdate.default b/meta-networking/recipes-support/ntp/files/ntpdate.default new file mode 100644 index 000000000..486b6e07d --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/ntpdate.default | |||
@@ -0,0 +1,7 @@ | |||
1 | # Configuration script used by ntpdate-sync script | ||
2 | |||
3 | NTPSERVERS="" | ||
4 | |||
5 | # Set to "yes" to write time to hardware clock on success | ||
6 | UPDATE_HWCLOCK="no" | ||
7 | |||
diff --git a/meta-networking/recipes-support/ntp/files/openssl-check.patch b/meta-networking/recipes-support/ntp/files/openssl-check.patch new file mode 100644 index 000000000..8b4a6733c --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/openssl-check.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | Hack OpenSSL check to work when libssl and libcrypto aren't in same dir | ||
2 | |||
3 | Upstream-Status: Inappropriate [config] | ||
4 | |||
5 | Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> | ||
6 | --- | ||
7 | configure | 4 ++-- | ||
8 | m4/ntp_openssl.m4 | 4 ++-- | ||
9 | sntp/configure | 4 ++-- | ||
10 | 3 files changed, 6 insertions(+), 6 deletions(-) | ||
11 | |||
12 | diff --git a/configure b/configure | ||
13 | index aae2c01..6a3c15e 100755 | ||
14 | --- a/configure | ||
15 | +++ b/configure | ||
16 | @@ -22868,8 +22868,8 @@ case "$ans" in | ||
17 | test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break | ||
18 | ;; | ||
19 | *) | ||
20 | - test -f $i/libcrypto.so -a -f $i/libssl.so && break | ||
21 | - test -f $i/libcrypto.a -a -f $i/libssl.a && break | ||
22 | + test -f $i/libssl.so && break | ||
23 | + test -f $i/libssl.a && break | ||
24 | ;; | ||
25 | esac | ||
26 | done | ||
27 | diff --git a/m4/ntp_openssl.m4 b/m4/ntp_openssl.m4 | ||
28 | index 7d9f477..67bdd55 100644 | ||
29 | --- a/m4/ntp_openssl.m4 | ||
30 | +++ b/m4/ntp_openssl.m4 | ||
31 | @@ -41,8 +41,8 @@ case "$ans" in | ||
32 | test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break | ||
33 | ;; | ||
34 | *) | ||
35 | - test -f $i/libcrypto.so -a -f $i/libssl.so && break | ||
36 | - test -f $i/libcrypto.a -a -f $i/libssl.a && break | ||
37 | + test -f $i/libssl.so && break | ||
38 | + test -f $i/libssl.a && break | ||
39 | ;; | ||
40 | esac | ||
41 | done | ||
42 | diff --git a/sntp/configure b/sntp/configure | ||
43 | index 7782c29..55e82d9 100755 | ||
44 | --- a/sntp/configure | ||
45 | +++ b/sntp/configure | ||
46 | @@ -14810,8 +14810,8 @@ case "$ans" in | ||
47 | test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break | ||
48 | ;; | ||
49 | *) | ||
50 | - test -f $i/libcrypto.so -a -f $i/libssl.so && break | ||
51 | - test -f $i/libcrypto.a -a -f $i/libssl.a && break | ||
52 | + test -f $i/libssl.so && break | ||
53 | + test -f $i/libssl.a && break | ||
54 | ;; | ||
55 | esac | ||
56 | done | ||
57 | -- | ||
58 | 1.7.1 | ||
59 | |||
diff --git a/meta-networking/recipes-support/ntp/files/tickadj.c.patch b/meta-networking/recipes-support/ntp/files/tickadj.c.patch new file mode 100644 index 000000000..9ef9de9e1 --- /dev/null +++ b/meta-networking/recipes-support/ntp/files/tickadj.c.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | Index: ntp-4.2.2p3-r0/ntp-4.2.2p3/util/tickadj.c | ||
2 | =================================================================== | ||
3 | --- ntp-4.2.2p3/util/tickadj.c 2004-02-25 06:58:33.000000000 +0100 | ||
4 | +++ ntp-4.2.2p3/util/tickadj.c 2007-07-07 01:00:54.000000000 +0200 | ||
5 | @@ -21,7 +21,8 @@ | ||
6 | # include <unistd.h> | ||
7 | #endif /* HAVE_UNISTD_H */ | ||
8 | |||
9 | -#ifdef HAVE___ADJTIMEX /* Linux */ | ||
10 | +/* proper handling here has been moved to upstream ntp bugzilla */ | ||
11 | +#ifdef linux | ||
12 | |||
13 | #include <sys/timex.h> | ||
14 | struct timex txc; | ||
15 | @@ -91,7 +92,7 @@ | ||
16 | } | ||
17 | |||
18 | if (!errflg) { | ||
19 | - if (__adjtimex(&txc) < 0) | ||
20 | + if (adjtimex(&txc) < 0) | ||
21 | perror("adjtimex"); | ||
22 | else if (!quiet) | ||
23 | printf("tick = %ld\ntick_adj = %d\n", | ||
24 | @@ -146,7 +147,7 @@ | ||
25 | #endif | ||
26 | } | ||
27 | |||
28 | - if (__adjtimex(&txc) < 0) | ||
29 | + if (adjtimex(&txc) < 0) | ||
30 | { | ||
31 | perror("adjtimex"); | ||
32 | } | ||
diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc new file mode 100644 index 000000000..ab7bd9c53 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp.inc | |||
@@ -0,0 +1,158 @@ | |||
1 | SUMMARY = "Network Time Protocol daemon and utilities" | ||
2 | DESCRIPTION = "The Network Time Protocol (NTP) is used to \ | ||
3 | synchronize the time of a computer client or server to \ | ||
4 | another server or reference time source, such as a radio \ | ||
5 | or satellite receiver or modem." | ||
6 | HOMEPAGE = "http://support.ntp.org" | ||
7 | SECTION = "console/network" | ||
8 | LICENSE = "NTP" | ||
9 | LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fea4b50c33b18c2194b4b1c9ca512670" | ||
10 | |||
11 | DEPENDS = "pps-tools" | ||
12 | |||
13 | INC_PR = "r6" | ||
14 | |||
15 | SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ | ||
16 | file://tickadj.c.patch \ | ||
17 | file://ntp-4.2.4_p6-nano.patch \ | ||
18 | file://openssl-check.patch \ | ||
19 | file://ntpd \ | ||
20 | file://ntp.conf \ | ||
21 | file://ntpdate \ | ||
22 | file://ntpdate.default \ | ||
23 | file://ntpdate.service \ | ||
24 | file://ntpd.service \ | ||
25 | file://sntp.service \ | ||
26 | file://sntp \ | ||
27 | file://ntpd.list \ | ||
28 | file://CVE-2013-5211.patch \ | ||
29 | file://ntp-4.2.6p5-cve-2014-9293.patch \ | ||
30 | file://ntp-4.2.6p5-cve-2014-9294.patch \ | ||
31 | file://ntp-4.2.6p5-cve-2014-9295.patch \ | ||
32 | file://ntp-4.2.6p5-cve-2014-9296.patch \ | ||
33 | file://ntp-keygen_no_openssl.patch \ | ||
34 | " | ||
35 | |||
36 | inherit autotools update-rc.d useradd systemd | ||
37 | |||
38 | # The ac_cv_header_readline_history is to stop ntpdc depending on either | ||
39 | # readline or curses | ||
40 | EXTRA_OECONF += "--with-net-snmp-config=no \ | ||
41 | --without-ntpsnmpd \ | ||
42 | ac_cv_header_readline_history_h=no \ | ||
43 | --with-binsubdir=sbin" | ||
44 | |||
45 | CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" | ||
46 | |||
47 | USERADD_PACKAGES = "${PN}" | ||
48 | NTP_USER_HOME ?= "/var/lib/ntp" | ||
49 | USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ | ||
50 | --no-create-home \ | ||
51 | --shell /bin/false --user-group ntp" | ||
52 | |||
53 | # NB: debug is default-enabled by NTP; keep it default-enabled here. | ||
54 | PACKAGECONFIG ??= "event cap debug" | ||
55 | PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ | ||
56 | --with-openssl-incdir=${STAGING_INCDIR} \ | ||
57 | --with-crypto, \ | ||
58 | --without-openssl --without-crypto, \ | ||
59 | openssl" | ||
60 | PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" | ||
61 | PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" | ||
62 | PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" | ||
63 | PACKAGECONFIG[event] = "--enable-libevent,--disable-libevent, libevent" | ||
64 | |||
65 | do_install_append() { | ||
66 | install -d ${D}${sysconfdir}/init.d | ||
67 | install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} | ||
68 | install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d | ||
69 | install -d ${D}${bindir} | ||
70 | install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync | ||
71 | |||
72 | install -m 755 -d ${D}${NTP_USER_HOME} | ||
73 | chown ntp:ntp ${D}${NTP_USER_HOME} | ||
74 | |||
75 | # Fix hardcoded paths in scripts | ||
76 | sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync | ||
77 | sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync | ||
78 | sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync | ||
79 | sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync | ||
80 | sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync | ||
81 | sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace | ||
82 | sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace | ||
83 | sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait | ||
84 | sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait | ||
85 | |||
86 | install -d ${D}/${sysconfdir}/default | ||
87 | install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate | ||
88 | install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ | ||
89 | |||
90 | install -d ${D}/${sysconfdir}/network/if-up.d | ||
91 | ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d | ||
92 | |||
93 | install -d ${D}${systemd_unitdir}/system | ||
94 | install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ | ||
95 | install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ | ||
96 | install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ | ||
97 | |||
98 | install -d ${D}${systemd_unitdir}/ntp-units.d | ||
99 | install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list | ||
100 | } | ||
101 | |||
102 | PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" | ||
103 | # NOTE: you don't need ntpdate, use "ntpd -q -g -x" | ||
104 | |||
105 | # ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms | ||
106 | # with wonky clocks (e.g. OpenSlug) | ||
107 | RDEPENDS_${PN} = "${PN}-tickadj libbsd" | ||
108 | # Handle move from bin to utils package | ||
109 | RPROVIDES_${PN}-utils = "${PN}-bin" | ||
110 | RREPLACES_${PN}-utils = "${PN}-bin" | ||
111 | RCONFLICTS_${PN}-utils = "${PN}-bin" | ||
112 | |||
113 | SYSTEMD_PACKAGES = "${PN} ntpdate sntp" | ||
114 | SYSTEMD_SERVICE_${PN} = "ntpd.service" | ||
115 | SYSTEMD_SERVICE_ntpdate = "ntpdate.service" | ||
116 | SYSTEMD_SERVICE_sntp = "sntp.service" | ||
117 | |||
118 | RPROVIDES_${PN} += "${PN}-systemd" | ||
119 | RREPLACES_${PN} += "${PN}-systemd" | ||
120 | RCONFLICTS_${PN} += "${PN}-systemd" | ||
121 | |||
122 | RPROVIDES_ntpdate += "ntpdate-systemd" | ||
123 | RREPLACES_ntpdate += "ntpdate-systemd" | ||
124 | RCONFLICTS_ntpdate += "ntpdate-systemd" | ||
125 | |||
126 | RSUGGESTS_${PN} = "iana-etc" | ||
127 | |||
128 | FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ | ||
129 | ${NTP_USER_HOME} \ | ||
130 | ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ | ||
131 | " | ||
132 | FILES_${PN}-tickadj = "${sbindir}/tickadj" | ||
133 | FILES_${PN}-utils = "${sbindir}" | ||
134 | FILES_ntpdate = "${sbindir}/ntpdate \ | ||
135 | ${sysconfdir}/network/if-up.d/ntpdate-sync \ | ||
136 | ${bindir}/ntpdate-sync \ | ||
137 | ${sysconfdir}/default/ntpdate \ | ||
138 | ${systemd_unitdir}/system/ntpdate.service \ | ||
139 | " | ||
140 | FILES_sntp = "${sbindir}/sntp \ | ||
141 | ${sysconfdir}/default/sntp \ | ||
142 | " | ||
143 | |||
144 | CONFFILES_${PN} = "${sysconfdir}/ntp.conf" | ||
145 | CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" | ||
146 | |||
147 | INITSCRIPT_NAME = "ntpd" | ||
148 | # No dependencies, so just go in at the standard level (20) | ||
149 | INITSCRIPT_PARAMS = "defaults" | ||
150 | |||
151 | pkg_postinst_ntpdate() { | ||
152 | if ! grep -q -s ntpdate $D/var/spool/cron/root; then | ||
153 | echo "adding crontab" | ||
154 | test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron | ||
155 | echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root | ||
156 | fi | ||
157 | } | ||
158 | |||
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpd.list b/meta-networking/recipes-support/ntp/ntp/ntpd.list new file mode 100644 index 000000000..d1fe6b7e2 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpd.list | |||
@@ -0,0 +1 @@ | |||
ntpd.service | |||
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpd.service b/meta-networking/recipes-support/ntp/ntp/ntpd.service new file mode 100644 index 000000000..b7c426864 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpd.service | |||
@@ -0,0 +1,11 @@ | |||
1 | [Unit] | ||
2 | Description=Network Time Service | ||
3 | After=network.target | ||
4 | |||
5 | [Service] | ||
6 | Type=forking | ||
7 | PIDFile=/run/ntpd.pid | ||
8 | ExecStart=/usr/sbin/ntpd -p /run/ntpd.pid -g | ||
9 | |||
10 | [Install] | ||
11 | WantedBy=multi-user.target | ||
diff --git a/meta-networking/recipes-support/ntp/ntp/ntpdate.service b/meta-networking/recipes-support/ntp/ntp/ntpdate.service new file mode 100644 index 000000000..10cbd70f9 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpdate.service | |||
@@ -0,0 +1,11 @@ | |||
1 | [Unit] | ||
2 | Description=Network Time Service (one-shot ntpdate mode) | ||
3 | Before=ntpd.service | ||
4 | |||
5 | [Service] | ||
6 | Type=oneshot | ||
7 | ExecStart=/usr/bin/ntpdate-sync silent | ||
8 | RemainAfterExit=yes | ||
9 | |||
10 | [Install] | ||
11 | WantedBy=multi-user.target | ||
diff --git a/meta-networking/recipes-support/ntp/ntp/sntp b/meta-networking/recipes-support/ntp/ntp/sntp new file mode 100644 index 000000000..f8c5895b7 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/sntp | |||
@@ -0,0 +1 @@ | |||
NTPSERVER="ntpserver.example.org" | |||
diff --git a/meta-networking/recipes-support/ntp/ntp/sntp.service b/meta-networking/recipes-support/ntp/ntp/sntp.service new file mode 100644 index 000000000..4898b8a70 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/sntp.service | |||
@@ -0,0 +1,11 @@ | |||
1 | [Unit] | ||
2 | Description=Simple Network Time Service Client | ||
3 | After=network.target | ||
4 | |||
5 | [Service] | ||
6 | Type=oneshot | ||
7 | EnvironmentFile=-/etc/default/sntp | ||
8 | ExecStart=/usr/sbin/sntp -s $NTPSERVER | ||
9 | |||
10 | [Install] | ||
11 | WantedBy=multi-user.target | ||
diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb b/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb new file mode 100644 index 000000000..588a1b03c --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb | |||
@@ -0,0 +1,6 @@ | |||
1 | require ntp.inc | ||
2 | |||
3 | PR = "${INC_PR}.0" | ||
4 | |||
5 | SRC_URI[md5sum] = "00df80a84ec9528fcfb09498075525bc" | ||
6 | SRC_URI[sha256sum] = "d6ab8371f9d31e594eb6922823d5ccd03dcc4e9d84b0e23ea25ac1405432f91c" | ||