[ptxdist] [PATCH] chrony: update to 2.1.1 and improve configuration

[Clemens Gruber <clemens.gruber@pqgruber.com>]

[-- Attachment #1: Type: text/plain, Size: 15987 bytes --]

Update chrony to the current stable version.
Adapt the rule file and the configuration accordingly.
Remove the single server configuration via Kconfig and use the default
NTP pool pool.ntp.org. (Returns ntp servers in the vicinity)
Autogenerate random key and use it with chrony command helper.

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 projectroot/etc/chrony/chrony.conf | 127 +++++++++++++++++++++----------------
 projectroot/etc/chrony/chrony.keys |   4 --
 projectroot/etc/init.d/chrony      |  72 +++++++--------------
 rules/chrony-bbinit.in             |   5 +-
 rules/chrony.in                    |  49 ++++++--------
 rules/chrony.make                  |  18 ++----
 6 files changed, 127 insertions(+), 148 deletions(-)
 delete mode 100644 projectroot/etc/chrony/chrony.keys

diff --git a/projectroot/etc/chrony/chrony.conf b/projectroot/etc/chrony/chrony.conf
index f2d5949..04c205a 100644
--- a/projectroot/etc/chrony/chrony.conf
+++ b/projectroot/etc/chrony/chrony.conf
@@ -1,84 +1,82 @@
 # ----------------------------------------------------------------------
-# chrony client configuration for Comsoft AG NTP Client
+# chrony client configuration
 # ----------------------------------------------------------------------
 # Author: 	Bj�rn B�rger <b.buerger@pengutronix.de>
-# Last Change: 	Tue Mar  6 15:12:41 UTC 2007
+# Updated by: Clemens Gruber <clemens.gruber@pqgruber.com>
 #
 # Hints:
 # ----------------------------------------------------------------------
 # a comment
 ! a comment
 # ----------------------------------------------------------------------
-# Specify your own NTP Servers:
+# NTP Servers:
 
-server @UNCONFIGURED_CHRONY_SERVER_IP@ auto_offline minpoll 5 maxpoll 10
+pool pool.ntp.org iburst
 
-# other servers may be referenced here, but they will only be requested,
-# if set online by /etc/init.d/chrony online
-! server 0.pool.ntp.org offline minpoll 8
-! server 1.pool.ntp.org offline minpoll 8
-! server 2.pool.ntp.org offline minpoll 8
+# May be replaced with country-specific pools, e.g.
+! pool de.pool.ntp.org iburst
+
+# If auto_offline is set, the server will be assumed to have gone
+# offline when 2 requests have been sent to it without receiving a
+# response. However, it is still necessary to use chronyc's online
+# command when the link has been established.
+! pool pool.ntp.org auto_offline iburst
+
+# Servers can also be specified directly
+! server foo.example.net iburst
+! server bar.example.net auto_offline iburst
+
+# Multiple clients in a network can be peered together.
+# Please consult the full documentation for details!
+! peer baz.example.net
 
 # To avoid changes being made to your computer's gain/loss compensation
 # when the measurement history is too erratic, you might want to enable
-# one of the following lines.  The first seems good for dial-up (or
-# other high-latency connections like slow leased lines), the second
-# seems OK for a LAN environment.
-! maxupdateskew 100
-! maxupdateskew 5
+# one of the following settings: 100ppm for dial-up or other high-
+# latency connections, 5-10ppm for LAN environments
 maxupdateskew 20
 
-# rtc
-rtcdevice /dev/rtc
-rtcfile /var/run/chrony.rtc
-rtconutc
-
-# driftfile
+# Record the rate at which the system clock gains/losses time.
 driftfile /var/run/chrony.drift
 
-# pidfile
-pidfile /var/run/chronyd.pid
-
-# keyfile for chronyc
+# Specify the keyfile for chronyc
 keyfile /etc/chrony/chrony.keys
 commandkey 1
 
-# chronyd can save the measurement history for the servers to files when
-# it it exits.  However, this will affect the lifetime of you flash
-# medium, if this is not used on a ramdisk. Be careful.
+# Automatically generate a random password
+generatecommandkey
+
+# chronyd can save the measurement history for the servers to files
+# when it exits. This can be used to flywheel chronyd between boots.
+# However, this might affect the lifetime of your flash medium.
 dumponexit
 dumpdir /var/run/chrony
 
-# INITIAL CLOCK CORRECTION
-# This option is only useful if your NTP servers are visible at
-# start-time of chrony. The value '10' means that if the error is less
-# than 10 seconds, it will be gradually removed by speeding up or
-# slowing down your computer's clock until it is correct.  If the error
-# is above 10 seconds, an immediate time jump will be applied to correct
-# it.
-#
-# Get Time from your configured NTP Server
-#
-initstepslew 10 @UNCONFIGURED_CHRONY_SERVER_IP@
+# Save PID to file
+pidfile /var/run/chronyd.pid
+
+# In first three updates, step the system clock instead of slew
+# if the adjustment is larger than 10 seconds.
+makestep 10 3
 
 # Logging
-# Comment this line out to turn off logging.
+# Uncomment this line to enable logging.
 ! log measurements statistics tracking rtc
 logdir /var/run/chrony
 
-# Access Rules
-! allow 10.0.0.0/8
-! allow 192.168.0.0/16
+# Acting as NTP server
+! allow 192.168/16
+! deny 192.168.100/24
 
-# Send Broadcast every 60 Seconds
-! broadcast 60 10.255.255.255
+# Enable sending NTP broadcast packets every 60 seconds
+! broadcast 60 192.168.255.255
 
-# Let computer be a server when it is unsynchronised.
-# set local straum below 15, even if unsynced
-# this will circumwent long delays when starting clients
-local stratum 10
+# If you want to present your computer's time for others to synchronise
+# with, even if you don't seem to be synchronised to any NTP servers
+# yourself, enable the following line
+! local stratum 10
 
-# we dont need an accesslog.
+# Do not keep track of client accesses
 noclientlog
 
 # The next option causes a message to be written to syslog when chronyd
@@ -91,7 +89,30 @@ noclientlog
 # system clock.
 ! mailonchange root@localhost 0.5
 
-# Allow command access
-! cmdallow 10/8
-! cmdallow 192.168/16
-cmdallow 127.0.0.1
+# By default chronyd binds to the loopback interface. Uncomment the
+# following lines to allow receiving command packets from remote hosts.
+! bindcmdaddress 0.0.0.0
+! bindcmdaddress ::
+
+# Normally, chronyd will only allow connections from chronyc on the same
+# machine as itself.  This is for security. Uncomment and adapt the
+# following lines to allow command access from other hosts:
+! cmdallow 192.168.1/24
+
+# Use an enhanced RTC device as real-time clock
+rtcdevice /dev/rtc
+rtcfile /var/run/chrony.rtc
+rtconutc
+
+# Keep the RTC close to the system clock. Synchronize if the error
+# between the two clocks grows larger than 30 seconds.
+rtcautotrim 30
+
+# Options for extreme clock-stability and lowest possible latency.
+# You should not use the following options unless you really need them!
+
+# Select the SCHED_FIFO real-time scheduler at the specified priority
+! sched_priority 1
+
+# Lock chronyd into RAM so that it will never be paged out
+! lock_all
diff --git a/projectroot/etc/chrony/chrony.keys b/projectroot/etc/chrony/chrony.keys
deleted file mode 100644
index 25e5071..0000000
--- a/projectroot/etc/chrony/chrony.keys
+++ /dev/null
@@ -1,4 +0,0 @@
-# Key File for chronyc
-# this is needed, to access chronyd from chronyc client
-#
-1 @UNCONFIGURED_CHRONY_ACCESS_KEY@
diff --git a/projectroot/etc/init.d/chrony b/projectroot/etc/init.d/chrony
index d112927..af12471 100644
--- a/projectroot/etc/init.d/chrony
+++ b/projectroot/etc/init.d/chrony
@@ -4,20 +4,13 @@
 # with [start|stop] as argument. This version does not
 # need an additional start-stop daemon.
 #
-# Last change:  Bj�rn B�rger <b.buerger@pengutronix.de>
-# Date:		Tue Mar  6 16:00:30 UTC 2007
+# Author: Bj�rn B�rger <b.buerger@pengutronix.de>
+# Updated by: Clemens Gruber <clemens.gruber@pqgruber.com>
 
 PATH=/sbin:/bin:/usr/bin:/usr/sbin
 BINARY="/usr/sbin/chronyd"
 CONFIG="/etc/chrony/chrony.conf"
 PREFIX="chrony: "
-# This system doesn�t have full rtc ioctl support for
-# chrony statistic functions
-RTC_IOCTL="incomplete"
-
-# some chronyc commands need prior autentication: extract keys from config
-KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf)
-PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys`
 
 # convenience functions
 message(){
@@ -43,9 +36,6 @@ killproc() {
 
 # main functions
 start_proc() {
-	message_n "Reading system time from RealTimeClock ..."
-	/sbin/hwclock --hctosys || message_n " ### FAILED ### "
-	message "DONE"
 	message_n "Starting NTP server: chronyd ..."
 	[ -e "$CONFIG" ] || bailout "Configfile $CONFIG not found, PANIC!"
 	$BINARY -f $CONFIG
@@ -56,16 +46,12 @@ stop_proc() {
 	message_n "Stopping NTP server: chronyd ..."
 	killproc chronyd
 	message "DONE"
-	message_n "Writing system time to RealTimeClock ..."
-	/sbin/hwclock --systohc || message_n " ### FAILED ### "
-	message "DONE"
 }
 
 set_online(){
-        message_n "Setting NTP server ONLINE ... "
+	message_n "Setting NTP server ONLINE ... "
 	pidof chronyd > /dev/null || bailout " chronyd is not running "
-	/usr/bin/chronyc <<-EOF
-	password $PASSWORD
+	/usr/bin/chronyc -a -f $CONFIG <<-EOF
 	online
 	burst 5/10
 	quit
@@ -75,10 +61,9 @@ set_online(){
 }
 
 set_offline(){
-        message_n "Setting NTP server OFFLINE ... "
+	message_n "Setting NTP server OFFLINE ... "
 	pidof chronyd > /dev/null || bailout " chronyd is not running "
-	/usr/bin/chronyc <<-EOF
-	password $PASSWORD
+	/usr/bin/chronyc -a -f $CONFIG <<-EOF
 	offline
 	EOF
 	message "DONE"
@@ -87,31 +72,19 @@ set_offline(){
 
 set_rtc(){
 	pidof chronyd > /dev/null || bailout " chronyd is not running "
-	if [ "$RTC_IOCTL" == "incomplete" ] ; then 
-	# We are running on a system with limited rtc support,
-	# so we cannot let the ntp client do the job. 
-	stop_proc
-	sleep 1
-	start_proc
-	exit 0
-	else
-	# This requires enhanced rtc support
-        message_n "Setting NTP time to RTC ... "
-	cat <<-EOF | /usr/bin/chronyc
-	password $PASSWORD
+	message_n "Setting NTP time to RTC ... "
+	cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
 	trimrtc
 	writertc
 	dump
 	EOF
 	message "DONE"
 	exit 0
-	fi
 }
 
 status(){
 	pidof chronyd > /dev/null || bailout " chronyd is not running "
-	cat <<-EOF | /usr/bin/chronyc
-	password $PASSWORD
+	cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
 	tracking
 	sources
 	EOF
@@ -119,27 +92,26 @@ status(){
 
 statistics(){
 	pidof chronyd > /dev/null || bailout " chronyd is not running "
-	cat <<-EOF | /usr/bin/chronyc
-	password $PASSWORD
+	cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG
 	sourcestats
 	EOF
 }
 
 case "$1" in
-        start)
-        	start_proc
+	start)
+		start_proc
 		;;
 	stop)
 		stop_proc
 		;;
-        restart|force-reload)
-                message "Restarting NTP server: chronyd ... "
-                stop_proc
+	restart|force-reload)
+		message "Restarting NTP server: chronyd ... "
+		stop_proc
 		sleep 1
-                start_proc
-                ;;
-        reload)
-                message "Reload is not supported"
+		start_proc
+		;;
+	reload)
+		message "Reload is not supported"
 		exit 1
 		;;
 	online)
@@ -157,10 +129,10 @@ case "$1" in
 	statistics)
 		statistics
 		;;
-        *)
-                usage
+	*)
+		usage
 		exit 1
-                ;;
+		;;
 esac
 
 exit 0
diff --git a/rules/chrony-bbinit.in b/rules/chrony-bbinit.in
index 831337f..21f7a5f 100644
--- a/rules/chrony-bbinit.in
+++ b/rules/chrony-bbinit.in
@@ -3,6 +3,9 @@
 config CHRONY_BBINIT_LINK
 	string
 	depends on CHRONY_STARTSCRIPT
+	depends on !BUSYBOX_HWCLOCK_STARTSCRIPT || ALLYES
 	prompt "chrony"
-	default "S20chrony"
+	default "S30chrony"
 
+comment "chrony startscript is disabled because busybox hwclock is enabled!"
+	depends on BUSYBOX_HWCLOCK_STARTSCRIPT
diff --git a/rules/chrony.in b/rules/chrony.in
index ccdcb71..42b5e94 100644
--- a/rules/chrony.in
+++ b/rules/chrony.in
@@ -12,12 +12,19 @@ menuconfig CHRONY
 	  the accuracy of the system clock on a computer. The two
 	  programs are called  chronyd  and  chronyc .
 
-	  Chronyd is a background (daemon) program, which can be
-	  started at boot time, Chronyc provides a user interface
+	  chronyd is a background (daemon) program, which can be
+	  started at boot time, chronyc provides a user interface
 	  to chronyd for monitoring its performance and configuring
 	  various settings.
 
-	  See http://chrony.sunsite.dk/ for details
+	  A random access key will be created and used automatically
+	  for the chrony command helper.
+	  Per default the pool.ntp.org pool is selected, which returns
+	  NTP servers in your vicinity (according to your IP).
+	  Override chrony.conf if you need custom servers or specific
+	  pools to synchronize with.
+
+	  See http://chrony.tuxfamily.org for details
 
 if CHRONY
 
@@ -25,16 +32,18 @@ comment "install options   ---"
 
 config CHRONY_INSTALL_CHRONY_COMMAND
 	bool
+	default y
 	prompt "Install chrony command helper"
 	help
 	  Install a command helper in /usr/bin/chrony_command,
-	  which extracts the command access key from
-	  /etc/chrony/chrony.keys and uses it to run
-	  one given command. Note: The user needs access to
-	  the chrony.keys file.
+	  which extracts the generated command access key from
+	  /etc/chrony/chrony.keys and uses it to run one given
+	  command. Note: The user needs access to the
+	  chrony.keys file.
 
 config CHRONY_INSTALL_CHRONY_STAT
 	bool
+	default y
 	prompt "Install chrony statistics helper"
 	help
 	  Install a convenience wrapper in /usr/bin/chrony_stat,
@@ -58,35 +67,17 @@ config CHRONY_INSTALL_CHRONY_STAT
 config CHRONY_INSTALL_CONFIG
 	bool
 	default y
-	prompt "Install chrony config files"
+	prompt "Install chrony config file"
 	help
-	  Install /etc/chrony/chrony.conf and /etc/chrony/chony.keys.
+	  Install /etc/chrony/chrony.conf.
 
 if CHRONY_INSTALL_CONFIG
 
-config CHRONY_DEFAULT_ACCESS_KEY
-	string
-	prompt "setup default access key for chronyc"
-	default "undefined"
-	help
-	  This will install a default access key with the
-	  given content to the chrony.keys file. This is
-	  used by /etc/init.d/chrony to access status
-	  data, etc.
-
-config CHRONY_DEFAULT_NTP_SERVER
-	string
-	prompt "setup default ntp peer"
-	default "10.1.1.2"
-	help
-	  This will set the ntp server for simple
-	  configurations.
-
-endif
-
 config CHRONY_STARTSCRIPT
 	bool
 	default y
 	prompt "install /etc/init.d/chrony"
 
 endif
+
+endif
diff --git a/rules/chrony.make b/rules/chrony.make
index fac604c..5048ddb 100644
--- a/rules/chrony.make
+++ b/rules/chrony.make
@@ -2,6 +2,7 @@
 #
 # Copyright (C) 2005 by Bjoern Buerger <b.buerger@pengutronix.de>
 #               2009 by Marc Kleine-Budde <mkl@pengutronix.de>
+#               2015 by Clemens Gruber <clemens.gruber@pqgruber.com>
 #
 # See CREDITS for details about who has contributed to this project.
 #
@@ -17,8 +18,9 @@ PACKAGES-$(PTXCONF_CHRONY) += chrony
 #
 # Paths and names
 #
-CHRONY_VERSION	:= 1.31
-CHRONY_MD5	:= 04ab702fc81150db06809562a9aaed92
+CHRONY_VERSION	:= 2.1.1
+CHRONY_MD5	:= 15e470a51ab6e09e65bc0a2fbc5299af
+CHRONY_SHA256 := b0565148eaa38e971291281d76556c32f0138ec22e9784f8bceab9c65f7ad7d4
 CHRONY		:= chrony-$(CHRONY_VERSION)
 CHRONY_SUFFIX	:= tar.gz
 CHRONY_URL	:= http://download.tuxfamily.org/chrony/$(CHRONY).$(CHRONY_SUFFIX)
@@ -37,7 +39,9 @@ CHRONY_ENV 	:= $(CROSS_ENV)
 #
 CHRONY_AUTOCONF := \
 	$(CROSS_AUTOCONF_USR) \
-	--disable-readline
+	--disable-readline \
+	--with-ntp-era=1420070400 \
+	--with-user=nobody
 
 # ----------------------------------------------------------------------------
 # Target-Install
@@ -71,14 +75,6 @@ endif
 # generic one
 ifdef PTXCONF_CHRONY_INSTALL_CONFIG
 	@$(call install_alternative, chrony, 0, 0, 0644, /etc/chrony/chrony.conf)
-	@$(call install_alternative, chrony, 0, 0, 0600, /etc/chrony/chrony.keys)
-
-# modify placeholders with data from configuration
-	@$(call install_replace, chrony, /etc/chrony/chrony.conf, \
-		@UNCONFIGURED_CHRONY_SERVER_IP@, $(PTXCONF_CHRONY_DEFAULT_NTP_SERVER))
-
-	@$(call install_replace, chrony, /etc/chrony/chrony.keys, \
-		@UNCONFIGURED_CHRONY_ACCESS_KEY@, $(PTXCONF_CHRONY_DEFAULT_ACCESS_KEY))
 endif
 
 #	#
-- 
2.4.6



[-- Attachment #2: Type: text/plain, Size: 48 bytes --]

-- 
ptxdist mailing list
ptxdist@pengutronix.de