[Buildroot] [PATCH v1] package/ntpsec: new package
Peter Seiderer
ps.report at gmx.net
Mon Oct 25 21:25:41 UTC 2021
- set 'CC=gcc' to avoid cross-compile failure (see [1]):
/bin/sh: line 1: .../build/ntpsec-1_2_0/build/host/ntpd/keyword-gen: cannot execute binary file: Exec format error
Waf: Leaving directory `.../build/ntpsec-1_2_0/build/host'
Build failed
-> task in 'ntp_keyword.h' failed with exit status 126 (run with -v to display more information)
- set '-std=gnu99"' to avoid compile failure with old compilers
- explicit set PYTHON_CONFIG
- add patch 001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch to
fix ntptime jfmt5/ofmt5 jfmt6/ofmt6 related compile failure
- add SYSV init file (S49ntp)
- add example ntpd.conf (with legacy option enabled and provide skeleton
for NTS configuration)
- add config option for NTS support
- depend on python3 (omit python2 to reduce test effort)
- add ntp user/group and run ntpd as restricted user
- add libcap dependency (compile time optional but needed for droproot
support)
[1] https://gitlab.com/NTPsec/ntpsec/-/issues/694
Signed-off-by: Peter Seiderer <ps.report at gmx.net>
---
DEVELOPERS | 1 +
package/Config.in | 1 +
...5-ofmt5-jfmt6-ofmt6-related-compile-.patch | 61 ++++++++++++++++
package/ntpsec/Config.in | 31 ++++++++
package/ntpsec/S49ntp | 58 +++++++++++++++
package/ntpsec/ntpd.etc.conf | 33 +++++++++
package/ntpsec/ntpsec.hash | 4 ++
package/ntpsec/ntpsec.mk | 71 +++++++++++++++++++
8 files changed, 260 insertions(+)
create mode 100644 package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch
create mode 100644 package/ntpsec/Config.in
create mode 100644 package/ntpsec/S49ntp
create mode 100644 package/ntpsec/ntpd.etc.conf
create mode 100644 package/ntpsec/ntpsec.hash
create mode 100644 package/ntpsec/ntpsec.mk
diff --git a/DEVELOPERS b/DEVELOPERS
index 771519fd9b..593526e61f 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -2167,6 +2167,7 @@ F: package/iwd/
F: package/libevdev/
F: package/libuev/
F: package/log4cplus/
+F: package/ntpsec/
F: package/postgresql/
F: package/python-colorzero/
F: package/python-flask-wtf/
diff --git a/package/Config.in b/package/Config.in
index d40eb9dabc..842e555342 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2256,6 +2256,7 @@ endif
source "package/nmap/Config.in"
source "package/noip/Config.in"
source "package/ntp/Config.in"
+ source "package/ntpsec/Config.in"
source "package/nuttcp/Config.in"
source "package/odhcp6c/Config.in"
source "package/odhcploc/Config.in"
diff --git a/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch b/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch
new file mode 100644
index 0000000000..c2838fe8e0
--- /dev/null
+++ b/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch
@@ -0,0 +1,61 @@
+From 4015a1183d2f79dad6dd675ca5e0d329825f3fa3 Mon Sep 17 00:00:00 2001
+From: Peter Seiderer <ps.report at gmx.net>
+Date: Mon, 4 Oct 2021 22:25:58 +0200
+Subject: [PATCH] ntptime: fix jfmt5/ofmt5 jfmt6/ofmt6 related compile failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use same define guard for definiton as for usage ('HAVE_STRUCT_NTPTIMEVAL_TAI'
+instead of 'NTP_API && NTP_API > 3').
+
+Fixes:
+
+ ../../ntptime/ntptime.c: In function ‘main’:
+ ../../ntptime/ntptime.c:349:17: error: ‘jfmt5’ undeclared (first use in this function); did you mean ‘jfmt6’?
+ 349 | printf(json ? jfmt5 : ofmt5, (long)ntv.tai);
+ | ^~~~~
+ | jfmt6
+ ../../ntptime/ntptime.c:349:17: note: each undeclared identifier is reported only once for each function it appears in
+ ../../ntptime/ntptime.c:349:25: error: ‘ofmt5’ undeclared (first use in this function); did you mean ‘ofmt6’?
+ 349 | printf(json ? jfmt5 : ofmt5, (long)ntv.tai);
+ | ^~~~~
+ | ofmt6
+ ../../ntptime/ntptime.c:321:15: warning: unused variable ‘jfmt6’ [-Wunused-variable]
+ 321 | const char *jfmt6 = "";
+ | ^~~~~
+ ../../ntptime/ntptime.c:311:15: warning: unused variable ‘ofmt6’ [-Wunused-variable]
+ 311 | const char *ofmt6 = "\n";
+ | ^~~~~
+
+[Upstream: https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1245]
+Signed-off-by: Peter Seiderer <ps.report at gmx.net>
+---
+ ntptime/ntptime.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/ntptime/ntptime.c b/ntptime/ntptime.c
+index ff861cb..5d58593 100644
+--- a/ntptime/ntptime.c
++++ b/ntptime/ntptime.c
+@@ -305,7 +305,7 @@ main(
+ const char *ofmt2 = " time %s, (.%0*d),\n";
+ const char *ofmt3 = " maximum error %lu us, estimated error %lu us";
+ const char *ofmt4 = " ntptime=%x.%x unixtime=%x.%0*d %s";
+-#if defined NTP_API && NTP_API > 3
++#if defined(HAVE_STRUCT_NTPTIMEVAL_TAI)
+ const char *ofmt5 = ", TAI offset %ld\n";
+ #else
+ const char *ofmt6 = "\n";
+@@ -315,7 +315,7 @@ main(
+ const char *jfmt2 = "\"time\":\"%s\",\"fractional-time\":\".%0*d\",";
+ const char *jfmt3 = "\"maximum-error\":%lu,\"estimated-error\":%lu,";
+ const char *jfmt4 = "\"raw-ntp-time\":\"%x.%x\",\"raw-unix-time\":\"%x.%0*d %s\",";
+-#if defined NTP_API && NTP_API > 3
++#if defined(HAVE_STRUCT_NTPTIMEVAL_TAI)
+ const char *jfmt5 = "\"TAI-offset\":%d,";
+ #else
+ const char *jfmt6 = "";
+--
+2.33.0
+
diff --git a/package/ntpsec/Config.in b/package/ntpsec/Config.in
new file mode 100644
index 0000000000..7275533d26
--- /dev/null
+++ b/package/ntpsec/Config.in
@@ -0,0 +1,31 @@
+config BR2_PACKAGE_NTPSEC
+ bool "ntpsec"
+ depends on BR2_PACKAGE_PYTHON3
+ select BR2_PACKAGE_LIBCAP
+ select BR2_PACKAGE_OPENSSL
+ help
+ NTPsec project - a secure, hardened, and improved
+ implementation of Network Time Protocol derived
+ from NTP Classic, Dave Mills’s original.
+
+ Provides things like ntpd, ntpdate, ntpq, etc...
+
+ https://www.ntpsec.org/
+
+if BR2_PACKAGE_NTPSEC
+
+config BR2_PACKAGE_NTPSEC_CLASSIC_MODE
+ bool "classic-mode"
+ help
+ Enable strict configuration and log-format compatibility
+ with NTP Classic.
+
+config BR2_PACKAGE_NTPSEC_NTS
+ bool "NTS support"
+ help
+ Enable Network Time Security (NTS) support.
+
+endif
+
+comment "ntpsec depens on Pyhton3"
+ depends on !BR2_PACKAGE_PYTHON3
diff --git a/package/ntpsec/S49ntp b/package/ntpsec/S49ntp
new file mode 100644
index 0000000000..f3db51418e
--- /dev/null
+++ b/package/ntpsec/S49ntp
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Starts Network Time Protocol daemon
+#
+
+DAEMON="ntpd"
+PIDFILE="/var/run/$DAEMON.pid"
+
+NTPD_ARGS="-g -u ntp:ntp -s /var/run/ntp"
+
+# shellcheck source=/dev/null
+[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
+
+mkdir -p /var/run/ntp && chown ntp:ntp /var/run/ntp
+
+start() {
+ printf 'Starting %s: ' "$DAEMON"
+ # shellcheck disable=SC2086 # we need the word splitting
+ start-stop-daemon -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \
+ -- $NTPD_ARGS -p "$PIDFILE"
+ status=$?
+ if [ "$status" -eq 0 ]; then
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ return "$status"
+}
+
+stop() {
+ printf 'Stopping %s: ' "$DAEMON"
+ start-stop-daemon -K -q -p "$PIDFILE"
+ status=$?
+ if [ "$status" -eq 0 ]; then
+ rm -f "$PIDFILE"
+ echo "OK"
+ else
+ echo "FAIL"
+ fi
+ return "$status"
+}
+
+restart() {
+ stop
+ sleep 1
+ start
+}
+
+case "$1" in
+ start|stop|restart)
+ "$1";;
+ reload)
+ # Restart, since there is no true "reload" feature.
+ restart;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload}"
+ exit 1
+esac
diff --git a/package/ntpsec/ntpd.etc.conf b/package/ntpsec/ntpd.etc.conf
new file mode 100644
index 0000000000..e0f45c1438
--- /dev/null
+++ b/package/ntpsec/ntpd.etc.conf
@@ -0,0 +1,33 @@
+#
+# legacy NTP configuration
+#
+pool 0.pool.ntp.org iburst
+pool 1.pool.ntp.org iburst
+pool 2.pool.ntp.org iburst
+pool 3.pool.ntp.org iburst
+
+#
+# NTS configuration
+#
+# Notes:
+# - uncomment the following lines to enable NTS support (but
+# make sure the initial clock is up-to-date (otherwise the
+# NTS certificate validation will fail with 'NTSc: certificate invalid:
+# 9=>certificate is not yet valid' as on boards without RTC support)
+# and/or keep at least one line from the legacy NTP lines
+# - enable BR2_PACKAGE_CA_CERTIFICATES to gain access to the certificate
+# files
+#
+# server time.cloudflare.com nts # Global, anycast
+# server nts.ntp.se:4443 nts # Sweden
+# server ntpmon.dcs1.biz nts # Singapore
+# server ntp1.glypnod.com nts # San Francisco
+# server ntp2.glypnod.com nts # London
+#
+# ca /usr/share/ca-certificates/mozilla
+
+# Allow only time queries, at a limited rate, sending KoD when in excess.
+# Allow all local queries (IPv4, IPv6)
+restrict default nomodify nopeer noquery limited kod
+restrict 127.0.0.1
+restrict [::1]
diff --git a/package/ntpsec/ntpsec.hash b/package/ntpsec/ntpsec.hash
new file mode 100644
index 0000000000..9c30605cbd
--- /dev/null
+++ b/package/ntpsec/ntpsec.hash
@@ -0,0 +1,4 @@
+# Locally calculated
+sha256 80e5b4c07dc1f8f7dc90851662c72a80a4111477c48040ae9e1f2e56f893251d ntpsec-NTPsec_1_2_0.tar.bz2
+sha256 b4db4de3317c3b0554ed91eb692968800bdfd6ad2c16ffbeee8ce4895ed91da4 LICENSE.adoc
+sha256 d3b21470adadd9abd9c6d675378f8c371ac5a4ea6dbec91859e02fadca3c0856 docs/copyright.adoc
diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk
new file mode 100644
index 0000000000..c62077dce6
--- /dev/null
+++ b/package/ntpsec/ntpsec.mk
@@ -0,0 +1,71 @@
+################################################################################
+#
+# ntpsec
+#
+################################################################################
+
+NTPSEC_VERSION_MAJOR = 1
+NTPSEC_VERSION_MINOR = 2
+NTPSEC_VERSION_POINT = 0
+NTPSEC_VERSION = $(NTPSEC_VERSION_MAJOR)_$(NTPSEC_VERSION_MINOR)_$(NTPSEC_VERSION_POINT)
+NTPSEC_SOURCE = ntpsec-NTPsec_$(NTPSEC_VERSION).tar.bz2
+NTPSEC_SITE = https://gitlab.com/NTPsec/ntpsec/-/archive/NTPsec_$(NTPSEC_VERSION)
+NTPSEC_LICENSE = BSD-2-Clause NTP BSD-3-Clause MIT
+NTPSEC_LICENSE_FILES = LICENSE.adoc docs/copyright.adoc
+
+NTPSEC_CPE_ID_VENDOR = ntpsec
+NTPSEC_CPE_ID_VERSION = $(NTPSEC_VERSION_MAJOR).$(NTPSEC_VERSION_MINOR)
+NTPSEC_CPE_ID_UPDATE = $(NTPSEC_VERSION_POINT)
+
+NTPSEC_DEPENDENCIES = \
+ host-pkgconf \
+ $(if $(BR2_PACKAGE_PYTHON),python,python3) \
+ libcap \
+ openssl
+
+NTPSEC_CONF_OPTS = \
+ CC=gcc \
+ PYTHON_CONFIG="$(STAGING_DIR)/usr/bin/$(if $(BR2_PACKAGE_PYTHON),python,python3)-config" \
+ --cross-compiler="$(TARGET_CC)" \
+ --cross-cflags="$(TARGET_CFLAGS) -std=gnu99" \
+ --cross-ldflags="$(TARGET_LDFLAGS)" \
+ --notests \
+ --enable-early-droproot \
+ --disable-mdns-registration \
+ --enable-pylib=ffi \
+ --nopyc \
+ --nopyo \
+ --nopycache \
+ --disable-doc \
+ --disable-manpage
+
+ifeq ($(BR2_PACKAGE_NTPSEC_CLASSIC_MODE),y)
+NTPSEC_CONF_OPTS += --enable-classic-mode
+endif
+
+ifeq ($(BR2_PACKAGE_NTPSEC_NTS),y)
+#NTPSEC_CONF_OPTS += --enable-nts
+else
+NTPSEC_CONF_OPTS += --disable-nts
+endif
+
+# add a link to libntpc.so where python searches for it
+define NTPSEC_LIBNTPC_LINK
+ ln -sf /usr/lib/ntp/libntpc.so $(TARGET_DIR)/usr/lib/libntpc.so
+endef
+NTPSEC_POST_INSTALL_TARGET_HOOKS += NTPSEC_LIBNTPC_LINK
+
+define NTPSEC_INSTALL_NTPSEC_CONF
+ $(INSTALL) -m 644 package/ntpsec/ntpd.etc.conf $(TARGET_DIR)/etc/ntp.conf
+endef
+NTPSEC_POST_INSTALL_TARGET_HOOKS += NTPSEC_INSTALL_NTPSEC_CONF
+
+define NTPSEC_INSTALL_INIT_SYSV
+ $(INSTALL) -D -m 755 package/ntpsec/S49ntp $(TARGET_DIR)/etc/init.d/S49ntp
+endef
+
+define NTPSEC_USERS
+ ntp -1 ntp -1 * - - - ntpd user
+endef
+
+$(eval $(waf-package))
--
2.33.1
More information about the buildroot
mailing list