From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Date: Mon, 20 Jul 2015 19:40:04 +0200 From: Clemens Gruber Message-ID: <20150720174003.GA19115@pqgruber.com> MIME-Version: 1.0 Subject: [ptxdist] [PATCH] chrony: update to 2.1.1 and improve configuration List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: multipart/mixed; boundary="===============0320110461==" Errors-To: ptxdist-bounces@pengutronix.de Sender: "ptxdist" To: ptxdist@pengutronix.de Cc: Michael Olbrich --===============0320110461== Content-Type: text/plain; charset="utf-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit Update chrony to the current stable version. Adapt the rule file and the configuration accordingly. Remove the single server configuration via Kconfig and use the default NTP pool pool.ntp.org. (Returns ntp servers in the vicinity) Autogenerate random key and use it with chrony command helper. Signed-off-by: Clemens Gruber --- projectroot/etc/chrony/chrony.conf | 127 +++++++++++++++++++++---------------- projectroot/etc/chrony/chrony.keys | 4 -- projectroot/etc/init.d/chrony | 72 +++++++-------------- rules/chrony-bbinit.in | 5 +- rules/chrony.in | 49 ++++++-------- rules/chrony.make | 18 ++---- 6 files changed, 127 insertions(+), 148 deletions(-) delete mode 100644 projectroot/etc/chrony/chrony.keys diff --git a/projectroot/etc/chrony/chrony.conf b/projectroot/etc/chrony/chrony.conf index f2d5949..04c205a 100644 --- a/projectroot/etc/chrony/chrony.conf +++ b/projectroot/etc/chrony/chrony.conf @@ -1,84 +1,82 @@ # ---------------------------------------------------------------------- -# chrony client configuration for Comsoft AG NTP Client +# chrony client configuration # ---------------------------------------------------------------------- # Author: Bj�rn B�rger -# Last Change: Tue Mar 6 15:12:41 UTC 2007 +# Updated by: Clemens Gruber # # Hints: # ---------------------------------------------------------------------- # a comment ! a comment # ---------------------------------------------------------------------- -# Specify your own NTP Servers: +# NTP Servers: -server @UNCONFIGURED_CHRONY_SERVER_IP@ auto_offline minpoll 5 maxpoll 10 +pool pool.ntp.org iburst -# other servers may be referenced here, but they will only be requested, -# if set online by /etc/init.d/chrony online -! server 0.pool.ntp.org offline minpoll 8 -! server 1.pool.ntp.org offline minpoll 8 -! server 2.pool.ntp.org offline minpoll 8 +# May be replaced with country-specific pools, e.g. +! pool de.pool.ntp.org iburst + +# If auto_offline is set, the server will be assumed to have gone +# offline when 2 requests have been sent to it without receiving a +# response. However, it is still necessary to use chronyc's online +# command when the link has been established. +! pool pool.ntp.org auto_offline iburst + +# Servers can also be specified directly +! server foo.example.net iburst +! server bar.example.net auto_offline iburst + +# Multiple clients in a network can be peered together. +# Please consult the full documentation for details! +! peer baz.example.net # To avoid changes being made to your computer's gain/loss compensation # when the measurement history is too erratic, you might want to enable -# one of the following lines. The first seems good for dial-up (or -# other high-latency connections like slow leased lines), the second -# seems OK for a LAN environment. -! maxupdateskew 100 -! maxupdateskew 5 +# one of the following settings: 100ppm for dial-up or other high- +# latency connections, 5-10ppm for LAN environments maxupdateskew 20 -# rtc -rtcdevice /dev/rtc -rtcfile /var/run/chrony.rtc -rtconutc - -# driftfile +# Record the rate at which the system clock gains/losses time. driftfile /var/run/chrony.drift -# pidfile -pidfile /var/run/chronyd.pid - -# keyfile for chronyc +# Specify the keyfile for chronyc keyfile /etc/chrony/chrony.keys commandkey 1 -# chronyd can save the measurement history for the servers to files when -# it it exits. However, this will affect the lifetime of you flash -# medium, if this is not used on a ramdisk. Be careful. +# Automatically generate a random password +generatecommandkey + +# chronyd can save the measurement history for the servers to files +# when it exits. This can be used to flywheel chronyd between boots. +# However, this might affect the lifetime of your flash medium. dumponexit dumpdir /var/run/chrony -# INITIAL CLOCK CORRECTION -# This option is only useful if your NTP servers are visible at -# start-time of chrony. The value '10' means that if the error is less -# than 10 seconds, it will be gradually removed by speeding up or -# slowing down your computer's clock until it is correct. If the error -# is above 10 seconds, an immediate time jump will be applied to correct -# it. -# -# Get Time from your configured NTP Server -# -initstepslew 10 @UNCONFIGURED_CHRONY_SERVER_IP@ +# Save PID to file +pidfile /var/run/chronyd.pid + +# In first three updates, step the system clock instead of slew +# if the adjustment is larger than 10 seconds. +makestep 10 3 # Logging -# Comment this line out to turn off logging. +# Uncomment this line to enable logging. ! log measurements statistics tracking rtc logdir /var/run/chrony -# Access Rules -! allow 10.0.0.0/8 -! allow 192.168.0.0/16 +# Acting as NTP server +! allow 192.168/16 +! deny 192.168.100/24 -# Send Broadcast every 60 Seconds -! broadcast 60 10.255.255.255 +# Enable sending NTP broadcast packets every 60 seconds +! broadcast 60 192.168.255.255 -# Let computer be a server when it is unsynchronised. -# set local straum below 15, even if unsynced -# this will circumwent long delays when starting clients -local stratum 10 +# If you want to present your computer's time for others to synchronise +# with, even if you don't seem to be synchronised to any NTP servers +# yourself, enable the following line +! local stratum 10 -# we dont need an accesslog. +# Do not keep track of client accesses noclientlog # The next option causes a message to be written to syslog when chronyd @@ -91,7 +89,30 @@ noclientlog # system clock. ! mailonchange root@localhost 0.5 -# Allow command access -! cmdallow 10/8 -! cmdallow 192.168/16 -cmdallow 127.0.0.1 +# By default chronyd binds to the loopback interface. Uncomment the +# following lines to allow receiving command packets from remote hosts. +! bindcmdaddress 0.0.0.0 +! bindcmdaddress :: + +# Normally, chronyd will only allow connections from chronyc on the same +# machine as itself. This is for security. Uncomment and adapt the +# following lines to allow command access from other hosts: +! cmdallow 192.168.1/24 + +# Use an enhanced RTC device as real-time clock +rtcdevice /dev/rtc +rtcfile /var/run/chrony.rtc +rtconutc + +# Keep the RTC close to the system clock. Synchronize if the error +# between the two clocks grows larger than 30 seconds. +rtcautotrim 30 + +# Options for extreme clock-stability and lowest possible latency. +# You should not use the following options unless you really need them! + +# Select the SCHED_FIFO real-time scheduler at the specified priority +! sched_priority 1 + +# Lock chronyd into RAM so that it will never be paged out +! lock_all diff --git a/projectroot/etc/chrony/chrony.keys b/projectroot/etc/chrony/chrony.keys deleted file mode 100644 index 25e5071..0000000 --- a/projectroot/etc/chrony/chrony.keys +++ /dev/null @@ -1,4 +0,0 @@ -# Key File for chronyc -# this is needed, to access chronyd from chronyc client -# -1 @UNCONFIGURED_CHRONY_ACCESS_KEY@ diff --git a/projectroot/etc/init.d/chrony b/projectroot/etc/init.d/chrony index d112927..af12471 100644 --- a/projectroot/etc/init.d/chrony +++ b/projectroot/etc/init.d/chrony @@ -4,20 +4,13 @@ # with [start|stop] as argument. This version does not # need an additional start-stop daemon. # -# Last change: Bj�rn B�rger -# Date: Tue Mar 6 16:00:30 UTC 2007 +# Author: Bj�rn B�rger +# Updated by: Clemens Gruber PATH=/sbin:/bin:/usr/bin:/usr/sbin BINARY="/usr/sbin/chronyd" CONFIG="/etc/chrony/chrony.conf" PREFIX="chrony: " -# This system doesn�t have full rtc ioctl support for -# chrony statistic functions -RTC_IOCTL="incomplete" - -# some chronyc commands need prior autentication: extract keys from config -KEY=$(awk '$1 ~ /^commandkey$/ { print $2; exit}' /etc/chrony/chrony.conf) -PASSWORD=`awk '$1 ~ /^'$KEY'$/ {print $2; exit}' /etc/chrony/chrony.keys` # convenience functions message(){ @@ -43,9 +36,6 @@ killproc() { # main functions start_proc() { - message_n "Reading system time from RealTimeClock ..." - /sbin/hwclock --hctosys || message_n " ### FAILED ### " - message "DONE" message_n "Starting NTP server: chronyd ..." [ -e "$CONFIG" ] || bailout "Configfile $CONFIG not found, PANIC!" $BINARY -f $CONFIG @@ -56,16 +46,12 @@ stop_proc() { message_n "Stopping NTP server: chronyd ..." killproc chronyd message "DONE" - message_n "Writing system time to RealTimeClock ..." - /sbin/hwclock --systohc || message_n " ### FAILED ### " - message "DONE" } set_online(){ - message_n "Setting NTP server ONLINE ... " + message_n "Setting NTP server ONLINE ... " pidof chronyd > /dev/null || bailout " chronyd is not running " - /usr/bin/chronyc <<-EOF - password $PASSWORD + /usr/bin/chronyc -a -f $CONFIG <<-EOF online burst 5/10 quit @@ -75,10 +61,9 @@ set_online(){ } set_offline(){ - message_n "Setting NTP server OFFLINE ... " + message_n "Setting NTP server OFFLINE ... " pidof chronyd > /dev/null || bailout " chronyd is not running " - /usr/bin/chronyc <<-EOF - password $PASSWORD + /usr/bin/chronyc -a -f $CONFIG <<-EOF offline EOF message "DONE" @@ -87,31 +72,19 @@ set_offline(){ set_rtc(){ pidof chronyd > /dev/null || bailout " chronyd is not running " - if [ "$RTC_IOCTL" == "incomplete" ] ; then - # We are running on a system with limited rtc support, - # so we cannot let the ntp client do the job. - stop_proc - sleep 1 - start_proc - exit 0 - else - # This requires enhanced rtc support - message_n "Setting NTP time to RTC ... " - cat <<-EOF | /usr/bin/chronyc - password $PASSWORD + message_n "Setting NTP time to RTC ... " + cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG trimrtc writertc dump EOF message "DONE" exit 0 - fi } status(){ pidof chronyd > /dev/null || bailout " chronyd is not running " - cat <<-EOF | /usr/bin/chronyc - password $PASSWORD + cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG tracking sources EOF @@ -119,27 +92,26 @@ status(){ statistics(){ pidof chronyd > /dev/null || bailout " chronyd is not running " - cat <<-EOF | /usr/bin/chronyc - password $PASSWORD + cat <<-EOF | /usr/bin/chronyc -a -f $CONFIG sourcestats EOF } case "$1" in - start) - start_proc + start) + start_proc ;; stop) stop_proc ;; - restart|force-reload) - message "Restarting NTP server: chronyd ... " - stop_proc + restart|force-reload) + message "Restarting NTP server: chronyd ... " + stop_proc sleep 1 - start_proc - ;; - reload) - message "Reload is not supported" + start_proc + ;; + reload) + message "Reload is not supported" exit 1 ;; online) @@ -157,10 +129,10 @@ case "$1" in statistics) statistics ;; - *) - usage + *) + usage exit 1 - ;; + ;; esac exit 0 diff --git a/rules/chrony-bbinit.in b/rules/chrony-bbinit.in index 831337f..21f7a5f 100644 --- a/rules/chrony-bbinit.in +++ b/rules/chrony-bbinit.in @@ -3,6 +3,9 @@ config CHRONY_BBINIT_LINK string depends on CHRONY_STARTSCRIPT + depends on !BUSYBOX_HWCLOCK_STARTSCRIPT || ALLYES prompt "chrony" - default "S20chrony" + default "S30chrony" +comment "chrony startscript is disabled because busybox hwclock is enabled!" + depends on BUSYBOX_HWCLOCK_STARTSCRIPT diff --git a/rules/chrony.in b/rules/chrony.in index ccdcb71..42b5e94 100644 --- a/rules/chrony.in +++ b/rules/chrony.in @@ -12,12 +12,19 @@ menuconfig CHRONY the accuracy of the system clock on a computer. The two programs are called chronyd and chronyc . - Chronyd is a background (daemon) program, which can be - started at boot time, Chronyc provides a user interface + chronyd is a background (daemon) program, which can be + started at boot time, chronyc provides a user interface to chronyd for monitoring its performance and configuring various settings. - See http://chrony.sunsite.dk/ for details + A random access key will be created and used automatically + for the chrony command helper. + Per default the pool.ntp.org pool is selected, which returns + NTP servers in your vicinity (according to your IP). + Override chrony.conf if you need custom servers or specific + pools to synchronize with. + + See http://chrony.tuxfamily.org for details if CHRONY @@ -25,16 +32,18 @@ comment "install options ---" config CHRONY_INSTALL_CHRONY_COMMAND bool + default y prompt "Install chrony command helper" help Install a command helper in /usr/bin/chrony_command, - which extracts the command access key from - /etc/chrony/chrony.keys and uses it to run - one given command. Note: The user needs access to - the chrony.keys file. + which extracts the generated command access key from + /etc/chrony/chrony.keys and uses it to run one given + command. Note: The user needs access to the + chrony.keys file. config CHRONY_INSTALL_CHRONY_STAT bool + default y prompt "Install chrony statistics helper" help Install a convenience wrapper in /usr/bin/chrony_stat, @@ -58,35 +67,17 @@ config CHRONY_INSTALL_CHRONY_STAT config CHRONY_INSTALL_CONFIG bool default y - prompt "Install chrony config files" + prompt "Install chrony config file" help - Install /etc/chrony/chrony.conf and /etc/chrony/chony.keys. + Install /etc/chrony/chrony.conf. if CHRONY_INSTALL_CONFIG -config CHRONY_DEFAULT_ACCESS_KEY - string - prompt "setup default access key for chronyc" - default "undefined" - help - This will install a default access key with the - given content to the chrony.keys file. This is - used by /etc/init.d/chrony to access status - data, etc. - -config CHRONY_DEFAULT_NTP_SERVER - string - prompt "setup default ntp peer" - default "10.1.1.2" - help - This will set the ntp server for simple - configurations. - -endif - config CHRONY_STARTSCRIPT bool default y prompt "install /etc/init.d/chrony" endif + +endif diff --git a/rules/chrony.make b/rules/chrony.make index fac604c..5048ddb 100644 --- a/rules/chrony.make +++ b/rules/chrony.make @@ -2,6 +2,7 @@ # # Copyright (C) 2005 by Bjoern Buerger # 2009 by Marc Kleine-Budde +# 2015 by Clemens Gruber # # See CREDITS for details about who has contributed to this project. # @@ -17,8 +18,9 @@ PACKAGES-$(PTXCONF_CHRONY) += chrony # # Paths and names # -CHRONY_VERSION := 1.31 -CHRONY_MD5 := 04ab702fc81150db06809562a9aaed92 +CHRONY_VERSION := 2.1.1 +CHRONY_MD5 := 15e470a51ab6e09e65bc0a2fbc5299af +CHRONY_SHA256 := b0565148eaa38e971291281d76556c32f0138ec22e9784f8bceab9c65f7ad7d4 CHRONY := chrony-$(CHRONY_VERSION) CHRONY_SUFFIX := tar.gz CHRONY_URL := http://download.tuxfamily.org/chrony/$(CHRONY).$(CHRONY_SUFFIX) @@ -37,7 +39,9 @@ CHRONY_ENV := $(CROSS_ENV) # CHRONY_AUTOCONF := \ $(CROSS_AUTOCONF_USR) \ - --disable-readline + --disable-readline \ + --with-ntp-era=1420070400 \ + --with-user=nobody # ---------------------------------------------------------------------------- # Target-Install @@ -71,14 +75,6 @@ endif # generic one ifdef PTXCONF_CHRONY_INSTALL_CONFIG @$(call install_alternative, chrony, 0, 0, 0644, /etc/chrony/chrony.conf) - @$(call install_alternative, chrony, 0, 0, 0600, /etc/chrony/chrony.keys) - -# modify placeholders with data from configuration - @$(call install_replace, chrony, /etc/chrony/chrony.conf, \ - @UNCONFIGURED_CHRONY_SERVER_IP@, $(PTXCONF_CHRONY_DEFAULT_NTP_SERVER)) - - @$(call install_replace, chrony, /etc/chrony/chrony.keys, \ - @UNCONFIGURED_CHRONY_ACCESS_KEY@, $(PTXCONF_CHRONY_DEFAULT_ACCESS_KEY)) endif # # -- 2.4.6 --===============0320110461== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline LS0gCnB0eGRpc3QgbWFpbGluZyBsaXN0CnB0eGRpc3RAcGVuZ3V0cm9uaXguZGUK --===============0320110461==--