From: Clemens Gruber <clemens.gruber@pqgruber.com>
To: ptxdist@pengutronix.de
Cc: Michael Olbrich <m.olbrich@pengutronix.de>
Subject: [ptxdist] [PATCH] chrony: update to 2.1.1 and improve configuration
Date: Mon, 20 Jul 2015 19:40:04 +0200 [thread overview]
Message-ID: <20150720174003.GA19115@pqgruber.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 15987 bytes --]
Update chrony to the current stable version.
Adapt the rule file and the configuration accordingly.
Remove the single server configuration via Kconfig and use the default
NTP pool pool.ntp.org. (Returns ntp servers in the vicinity)
Autogenerate random key and use it with chrony command helper.
Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
projectroot/etc/chrony/chrony.conf | 127 +++++++++++++++++++++----------------
projectroot/etc/chrony/chrony.keys | 4 --
projectroot/etc/init.d/chrony | 72 +++++++--------------
rules/chrony-bbinit.in | 5 +-
rules/chrony.in | 49 ++++++--------
rules/chrony.make | 18 ++----
6 files changed, 127 insertions(+), 148 deletions(-)
delete mode 100644 projectroot/etc/chrony/chrony.keys
diff --git a/projectroot/etc/chrony/chrony.conf b/projectroot/etc/chrony/chrony.conf
index f2d5949..04c205a 100644
--- a/projectroot/etc/chrony/chrony.conf
+++ b/projectroot/etc/chrony/chrony.conf
@@ -1,84 +1,82 @@
# ----------------------------------------------------------------------
-# chrony client configuration for Comsoft AG NTP Client
+# chrony client configuration
# ----------------------------------------------------------------------
# Author: Bj�rn B�rger <b.buerger@pengutronix.de>
-# Last Change: Tue Mar 6 15:12:41 UTC 2007
+# Updated by: Clemens Gruber <clemens.gruber@pqgruber.com>
#
# Hints:
# ----------------------------------------------------------------------
# a comment
! a comment
# ----------------------------------------------------------------------
-# Specify your own NTP Servers:
+# NTP Servers:
-server @UNCONFIGURED_CHRONY_SERVER_IP@ auto_offline minpoll 5 maxpoll 10
+pool pool.ntp.org iburst
-# other servers may be referenced here, but they will only be requested,
-# if set online by /etc/init.d/chrony online
-! server 0.pool.ntp.org offline minpoll 8
-! server 1.pool.ntp.org offline minpoll 8
-! server 2.pool.ntp.org offline minpoll 8
+# May be replaced with country-specific pools, e.g.
+! pool de.pool.ntp.org iburst
+
+# If auto_offline is set, the server will be assumed to have gone
+# offline when 2 requests have been sent to it without receiving a
+# response. However, it is still necessary to use chronyc's online
+# command when the link has been established.
+! pool pool.ntp.org auto_offline iburst
+
+# Servers can also be specified directly
+! server foo.example.net iburst
+! server bar.example.net auto_offline iburst
+
+# Multiple clients in a network can be peered together.
+# Please consult the full documentation for details!
+! peer baz.example.net
# To avoid changes being made to your computer's gain/loss compensation
# when the measurement history is too erratic, you might want to enable
-# one of the following lines. The first seems good for dial-up (or
-# other high-latency connections like slow leased lines), the second
-# seems OK for a LAN environment.
-! maxupdateskew 100
-! maxupdateskew 5
+# one of the following settings: 100ppm for dial-up or other high-
+# latency connections, 5-10ppm for LAN environments
maxupdateskew 20
-# rtc
-rtcdevice /dev/rtc
-rtcfile /var/run/chrony.rtc
-rtconutc
-
-# driftfile
+# Record the rate at which the system clock gains/losses time.
driftfile /var/run/chrony.drift
-# pidfile
-pidfile /var/run/chronyd.pid
-
-# keyfile for chronyc
+# Specify the keyfile for chronyc
keyfile /etc/chrony/chrony.keys
commandkey 1
-# chronyd can save the measurement history for the servers to files when
-# it it exits. However, this will affect the lifetime of you flash
-# medium, if this is not used on a ramdisk. Be careful.
+# Automatically generate a random password
+generatecommandkey
+
+# chronyd can save the measurement history for the servers to files
+# when it exits. This can be used to flywheel chronyd between boots.
+# However, this might affect the lifetime of your flash medium.
dumponexit
dumpdir /var/run/chrony
-# INITIAL CLOCK CORRECTION
-# This option is only useful if your NTP servers are visible at
-# start-time of chrony. The value '10' means that if the error is less
-# than 10 seconds, it will be gradually removed by speeding up or
-# slowing down your computer's clock until it is correct. If the error
-# is above 10 seconds, an immediate time jump will be applied to correct
-# it.
-#
-# Get Time from your configured NTP Server
-#
-initstepslew 10 @UNCONFIGURED_CHRONY_SERVER_IP@
+# Save PID to file
+pidfile /var/run/chronyd.pid
+
+# In first three updates, step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
# Logging
-# Comment this line out to turn off logging.
+# Uncomment this line to enable logging.
! log measurements statistics tracking rtc
logdir /var/run/chrony
-# Access Rules
-! allow 10.0.0.0/8
-! allow 192.168.0.0/16
+# Acting as NTP server
+! allow 192.168/16
+! deny 192.168.100/24
-# Send Broadcast every 60 Seconds
-! broadcast 60 10.255.255.255
+# Enable sending NTP broadcast packets every 60 seconds
+! broadcast 60 192.168.255.255
-# Let computer be a server when it is unsynchronised.
-# set local straum below 15, even if unsynced
-# this will circumwent long delays when starting clients
-local stratum 10
+# If you want to present your computer's time for others to synchronise
+# with, even if you don't seem to be synchronised to any NTP servers
+# yourself, enable the following line
+! local stratum 10
-# we dont need an accesslog.
+# Do not keep track of client accesses
noclientlog
# The next option causes a message to be written to syslog when chronyd
@@ -91,7 +89,30 @@ noclientlog
# system clock.
! mailonchange root@localhost 0.5
-# Allow command access
-! cmdallow 10/8
-! cmdallow 192.168/16
-cmdallow 127.0.0.1
+# By default chronyd binds to the loopback interface. Uncomment the
+# following lines to allow receiving command packets from remote hosts.
+! bindcmdaddress 0.0.0.0
+! bindcmdaddress ::
+
+# Normally, chronyd will only allow connections from chronyc on the same
+# machine as itself. This is for security. Uncomment and adapt the
+# following lines to allow command access from other hosts:
+! cmdallow 192.168.1/24
+
+# Use an enhanced RTC device as real-time clock
+rtcdevice /dev/rtc
+rtcfile /var/run/chrony.rtc
+rtconutc
+
+# Keep the RTC close to the system clock. Synchronize if the error
+# between the two clocks grows larger than 30 seconds.
+rtcautotrim 30
+
+# Options for extreme clock-stability and lowest possible latency.
+# You should not use the following options unless you really need them!
+
+# Select the SCHED_FIFO real-time scheduler at the specified priority
+! sched_priority 1
+
+# Lock chronyd into RAM so that it will never be paged out
+! lock_all
diff --git a/projectroot/etc/chrony/chrony.keys b/projectroot/etc/chrony/chrony.keys
deleted file mode 100644
index 25e5071..0000000
--- a/projectroot/etc/chrony/chrony.keys
+++ /dev/null
@@ -1,4 +0,0 @@
-# Key File for chronyc
-# this is needed, to access chronyd from chronyc client
-#
-1 @UNCONFIGURED_CHRONY_ACCESS_KEY@
diff --git a/projectroot/etc/init.d/chrony b/projectroot/etc/init.d/chrony
index d112927..af12471 100644
--- a/projectroot/etc/init.d/chrony
+++ b/projectroot/etc/init.d/chrony
@@ -4,20 +4,13 @@
# with [start|stop] as argument. This version does not
# need an additional start-stop daemon.
#
-# Last change: Bj�rn B�rger <b.buerger@pengutronix.de>
-# Date: Tue Mar 6 16:00:30 UTC 2007
+# Author: Bj�rn B�rger <b.buerger@pengutronix.de>
+# Updated by: Clemens Gruber <clemens.gruber@pqgruber.com>
PATH=/sbin:/bin:/usr/bin:/usr/sbin
BINARY="/usr/sbin/chronyd"
CONFIG="/etc/chrony/chrony.conf"
PREFIX="chrony: "
-# This system doesn�t have full rtc ioctl support for
-# chrony statistic functions
-RTC_IOCTL="incomplete"
-
-# some chronyc commands need prior autentication: extract keys from config
-KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf)
-PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys`
# convenience functions
message(){
@@ -43,9 +36,6 @@ killproc() {
# main functions
start_proc() {
- message_n "Reading system time from RealTimeClock ..."
- /sbin/hwclock --hctosys || message_n " ### FAILED ### "
- message "DONE"
message_n "Starting NTP server: chronyd ..."
[ -e "$CONFIG" ] || bailout "Configfile $CONFIG not found, PANIC!"
$BINARY -f $CONFIG
@@ -56,16 +46,12 @@ stop_proc() {
message_n "Stopping NTP server: chronyd ..."
killproc chronyd
message "DONE"
- message_n "Writing system time to RealTimeClock ..."
- /sbin/hwclock --systohc || message_n " ### FAILED ### "
- message "DONE"
}
set_online(){
- message_n "Setting NTP server ONLINE ... "
+ message_n "Setting NTP server ONLINE ... "
pidof chronyd > /dev/null || bailout " chronyd is not running "
- /usr/bin/chronyc <<-EOF
- password $PASSWORD
+ /usr/bin/chronyc -a -f $CONFIG <<-EOF
online
burst 5/10
quit
@@ -75,10 +61,9 @@ set_online(){
}
set_offline(){
- message_n "Setting NTP server OFFLINE ... "
+ message_n "Setting NTP server OFFLINE ... "
pidof chronyd > /dev/null || bailout " chronyd is not running "
- /usr/bin/chronyc <<-EOF
- password $PASSWORD
+ /usr/bin/chronyc -a -f $CONFIG <<-EOF
offline
EOF
message "DONE"
@@ -87,31 +72,19 @@ set_offline(){
set_rtc(){
pidof chronyd > /dev/null || bailout " chronyd is not running "
- if [ "$RTC_IOCTL" == "incomplete" ] ; then
- # We are running on a system with limited rtc support,
- # so we cannot let the ntp client do the job.
- stop_proc
- sleep 1
- start_proc
- exit 0
- else
- # This requires enhanced rtc support
- message_n "Setting NTP time to RTC ... "
- cat <<-EOF | /usr/bin/chronyc
- password $PASSWORD
+ message_n "Setting NTP time to RTC ... "
+ cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
trimrtc
writertc
dump
EOF
message "DONE"
exit 0
- fi
}
status(){
pidof chronyd > /dev/null || bailout " chronyd is not running "
- cat <<-EOF | /usr/bin/chronyc
- password $PASSWORD
+ cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
tracking
sources
EOF
@@ -119,27 +92,26 @@ status(){
statistics(){
pidof chronyd > /dev/null || bailout " chronyd is not running "
- cat <<-EOF | /usr/bin/chronyc
- password $PASSWORD
+ cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
sourcestats
EOF
}
case "$1" in
- start)
- start_proc
+ start)
+ start_proc
;;
stop)
stop_proc
;;
- restart|force-reload)
- message "Restarting NTP server: chronyd ... "
- stop_proc
+ restart|force-reload)
+ message "Restarting NTP server: chronyd ... "
+ stop_proc
sleep 1
- start_proc
- ;;
- reload)
- message "Reload is not supported"
+ start_proc
+ ;;
+ reload)
+ message "Reload is not supported"
exit 1
;;
online)
@@ -157,10 +129,10 @@ case "$1" in
statistics)
statistics
;;
- *)
- usage
+ *)
+ usage
exit 1
- ;;
+ ;;
esac
exit 0
diff --git a/rules/chrony-bbinit.in b/rules/chrony-bbinit.in
index 831337f..21f7a5f 100644
--- a/rules/chrony-bbinit.in
+++ b/rules/chrony-bbinit.in
@@ -3,6 +3,9 @@
config CHRONY_BBINIT_LINK
string
depends on CHRONY_STARTSCRIPT
+ depends on !BUSYBOX_HWCLOCK_STARTSCRIPT || ALLYES
prompt "chrony"
- default "S20chrony"
+ default "S30chrony"
+comment "chrony startscript is disabled because busybox hwclock is enabled!"
+ depends on BUSYBOX_HWCLOCK_STARTSCRIPT
diff --git a/rules/chrony.in b/rules/chrony.in
index ccdcb71..42b5e94 100644
--- a/rules/chrony.in
+++ b/rules/chrony.in
@@ -12,12 +12,19 @@ menuconfig CHRONY
the accuracy of the system clock on a computer. The two
programs are called chronyd and chronyc .
- Chronyd is a background (daemon) program, which can be
- started at boot time, Chronyc provides a user interface
+ chronyd is a background (daemon) program, which can be
+ started at boot time, chronyc provides a user interface
to chronyd for monitoring its performance and configuring
various settings.
- See http://chrony.sunsite.dk/ for details
+ A random access key will be created and used automatically
+ for the chrony command helper.
+ Per default the pool.ntp.org pool is selected, which returns
+ NTP servers in your vicinity (according to your IP).
+ Override chrony.conf if you need custom servers or specific
+ pools to synchronize with.
+
+ See http://chrony.tuxfamily.org for details
if CHRONY
@@ -25,16 +32,18 @@ comment "install options ---"
config CHRONY_INSTALL_CHRONY_COMMAND
bool
+ default y
prompt "Install chrony command helper"
help
Install a command helper in /usr/bin/chrony_command,
- which extracts the command access key from
- /etc/chrony/chrony.keys and uses it to run
- one given command. Note: The user needs access to
- the chrony.keys file.
+ which extracts the generated command access key from
+ /etc/chrony/chrony.keys and uses it to run one given
+ command. Note: The user needs access to the
+ chrony.keys file.
config CHRONY_INSTALL_CHRONY_STAT
bool
+ default y
prompt "Install chrony statistics helper"
help
Install a convenience wrapper in /usr/bin/chrony_stat,
@@ -58,35 +67,17 @@ config CHRONY_INSTALL_CHRONY_STAT
config CHRONY_INSTALL_CONFIG
bool
default y
- prompt "Install chrony config files"
+ prompt "Install chrony config file"
help
- Install /etc/chrony/chrony.conf and /etc/chrony/chony.keys.
+ Install /etc/chrony/chrony.conf.
if CHRONY_INSTALL_CONFIG
-config CHRONY_DEFAULT_ACCESS_KEY
- string
- prompt "setup default access key for chronyc"
- default "undefined"
- help
- This will install a default access key with the
- given content to the chrony.keys file. This is
- used by /etc/init.d/chrony to access status
- data, etc.
-
-config CHRONY_DEFAULT_NTP_SERVER
- string
- prompt "setup default ntp peer"
- default "10.1.1.2"
- help
- This will set the ntp server for simple
- configurations.
-
-endif
-
config CHRONY_STARTSCRIPT
bool
default y
prompt "install /etc/init.d/chrony"
endif
+
+endif
diff --git a/rules/chrony.make b/rules/chrony.make
index fac604c..5048ddb 100644
--- a/rules/chrony.make
+++ b/rules/chrony.make
@@ -2,6 +2,7 @@
#
# Copyright (C) 2005 by Bjoern Buerger <b.buerger@pengutronix.de>
# 2009 by Marc Kleine-Budde <mkl@pengutronix.de>
+# 2015 by Clemens Gruber <clemens.gruber@pqgruber.com>
#
# See CREDITS for details about who has contributed to this project.
#
@@ -17,8 +18,9 @@ PACKAGES-$(PTXCONF_CHRONY) += chrony
#
# Paths and names
#
-CHRONY_VERSION := 1.31
-CHRONY_MD5 := 04ab702fc81150db06809562a9aaed92
+CHRONY_VERSION := 2.1.1
+CHRONY_MD5 := 15e470a51ab6e09e65bc0a2fbc5299af
+CHRONY_SHA256 := b0565148eaa38e971291281d76556c32f0138ec22e9784f8bceab9c65f7ad7d4
CHRONY := chrony-$(CHRONY_VERSION)
CHRONY_SUFFIX := tar.gz
CHRONY_URL := http://download.tuxfamily.org/chrony/$(CHRONY).$(CHRONY_SUFFIX)
@@ -37,7 +39,9 @@ CHRONY_ENV := $(CROSS_ENV)
#
CHRONY_AUTOCONF := \
$(CROSS_AUTOCONF_USR) \
- --disable-readline
+ --disable-readline \
+ --with-ntp-era=1420070400 \
+ --with-user=nobody
# ----------------------------------------------------------------------------
# Target-Install
@@ -71,14 +75,6 @@ endif
# generic one
ifdef PTXCONF_CHRONY_INSTALL_CONFIG
@$(call install_alternative, chrony, 0, 0, 0644, /etc/chrony/chrony.conf)
- @$(call install_alternative, chrony, 0, 0, 0600, /etc/chrony/chrony.keys)
-
-# modify placeholders with data from configuration
- @$(call install_replace, chrony, /etc/chrony/chrony.conf, \
- @UNCONFIGURED_CHRONY_SERVER_IP@, $(PTXCONF_CHRONY_DEFAULT_NTP_SERVER))
-
- @$(call install_replace, chrony, /etc/chrony/chrony.keys, \
- @UNCONFIGURED_CHRONY_ACCESS_KEY@, $(PTXCONF_CHRONY_DEFAULT_ACCESS_KEY))
endif
# #
--
2.4.6
[-- Attachment #2: Type: text/plain, Size: 48 bytes --]
--
ptxdist mailing list
ptxdist@pengutronix.de
reply other threads:[~2015-07-20 17:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150720174003.GA19115@pqgruber.com \
--to=clemens.gruber@pqgruber.com \
--cc=m.olbrich@pengutronix.de \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox