From 22c055b2f14f8be225dd66dbd44b39e0c732e0f5 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Mon, 23 Feb 2015 19:54:34 +0100 Subject: [PATCH 1/6] ntp: Enable the kernel PPS driver and use it on the ODU --- recipes-bsp/ntp/files/sysmocom-odu/ntp.conf | 11 +++++++++++ recipes-bsp/ntp/ntp_4.2.8.bb | 1 + 2 files changed, 12 insertions(+) diff --git a/recipes-bsp/ntp/files/sysmocom-odu/ntp.conf b/recipes-bsp/ntp/files/sysmocom-odu/ntp.conf index e344078c9d..4b75931a18 100644 --- a/recipes-bsp/ntp/files/sysmocom-odu/ntp.conf +++ b/recipes-bsp/ntp/files/sysmocom-odu/ntp.conf @@ -2,18 +2,29 @@ # The driftfile must remain in a place specific to this # machine - it records the machine specific clock error driftfile /etc/ntp.drift + # This obtains a random server which will be close # (in IP terms) to the machine. Add other servers # as required, or change this. server pool.ntp.org + # Using local hardware clock as fallback # Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself server 127.127.1.0 fudge 127.127.1.0 stratum 14 +# GPSD interface for NMEA based time server 127.127.28.0 fudge 127.127.28.0 refid GPS +# PPS interface to kernel +server 127.127.22.0 +fudge 127.127.22.0 refid PPS + # Defining a default security setting, allowing queries but declining # pretty much everything else restrict default limited kod nomodify notrap nopeer + +# Be more permissive with localhost +restrict 127.0.0.1 +restrict ::1 diff --git a/recipes-bsp/ntp/ntp_4.2.8.bb b/recipes-bsp/ntp/ntp_4.2.8.bb index 67f5645ca6..66e2574182 100644 --- a/recipes-bsp/ntp/ntp_4.2.8.bb +++ b/recipes-bsp/ntp/ntp_4.2.8.bb @@ -36,6 +36,7 @@ EXTRA_OECONF += "--with-net-snmp-config=no \ ac_cv_header_readline_history_h=no \ --with-yielding_select=yes \ --with-locfile=redhat \ + --enable-ATOM \ " CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" From 1a531a35c30f8260253cf631d6cdfb0db681271c Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Mon, 23 Feb 2015 20:26:11 +0100 Subject: [PATCH 2/6] ntp: Update from 4.2.8 to 4.2.8p1 (6 vulnerability fixes) --- .../ntp-4.2.8-ntp-keygen-no-openssl.patch | 168 ------------------ recipes-bsp/ntp/ntp_4.2.8.bb | 157 ---------------- 2 files changed, 325 deletions(-) delete mode 100644 recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch delete mode 100644 recipes-bsp/ntp/ntp_4.2.8.bb diff --git a/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch b/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch deleted file mode 100644 index 9b9af63ca3..0000000000 --- a/recipes-bsp/ntp/files/ntp-4.2.8-ntp-keygen-no-openssl.patch +++ /dev/null @@ -1,168 +0,0 @@ -Fix ntp-keygen build without OpenSSL - -Patch borrowed from Gentoo, originally from upstream -Signed-off-by: Paul Eggleton -Upstream-Status: Backport - -Upstream commit: -http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg -Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238 - -Signed-off-by: Markos Chandras -Index: ntp-4.2.8/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/Makefile.am -+++ ntp-4.2.8/Makefile.am -@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib - - NULL = - -+# moved sntp first to get libtool and libevent built. -+ - SUBDIRS = \ -+ sntp \ - scripts \ - include \ - libntp \ -@@ -17,7 +20,6 @@ SUBDIRS = \ - clockstuff \ - kernel \ - util \ -- sntp \ - tests \ - $(NULL) - -@@ -64,7 +66,6 @@ BUILT_SOURCES = \ - .gcc-warning \ - 'libtool \ - html/.datecheck \ -- sntp/built-sources-only \ - $(srcdir)/COPYRIGHT \ - $(srcdir)/.checkChangeLog \ - $(NULL) -Index: ntp-4.2.8/configure.ac -=================================================================== ---- ntp-4.2.8.orig/configure.ac -+++ ntp-4.2.8/configure.ac -@@ -102,7 +102,7 @@ esac - enable_nls=no - LIBOPTS_CHECK_NOBUILD([sntp/libopts]) - --NTP_ENABLE_LOCAL_LIBEVENT -+NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) - - NTP_LIBNTP - -@@ -771,6 +771,10 @@ esac - - #### - -+AC_CHECK_FUNCS([arc4random_buf]) -+ -+#### -+ - saved_LIBS="$LIBS" - LIBS="$LIBS $LDADD_LIBNTP" - AC_CHECK_FUNCS([daemon]) -Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c -=================================================================== ---- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c -+++ ntp-4.2.8/libntp/ntp_crypto_rnd.c -@@ -24,6 +24,21 @@ - int crypto_rand_init = 0; - #endif - -+#ifndef HAVE_ARC4RANDOM_BUF -+static void -+arc4random_buf(void *buf, size_t nbytes); -+ -+void -+evutil_secure_rng_get_bytes(void *buf, size_t nbytes); -+ -+static void -+arc4random_buf(void *buf, size_t nbytes) -+{ -+ evutil_secure_rng_get_bytes(buf, nbytes); -+ return; -+} -+#endif -+ - /* - * As of late 2014, here's how we plan to provide cryptographic-quality - * random numbers: -Index: ntp-4.2.8/sntp/configure.ac -=================================================================== ---- ntp-4.2.8.orig/sntp/configure.ac -+++ ntp-4.2.8/sntp/configure.ac -@@ -97,11 +97,14 @@ esac - enable_nls=no - LIBOPTS_CHECK - --AM_COND_IF( -- [BUILD_SNTP], -- [NTP_LIBEVENT_CHECK], -- [NTP_LIBEVENT_CHECK_NOBUILD] --) -+# From when we only used libevent for sntp: -+#AM_COND_IF( -+# [BUILD_SNTP], -+# [NTP_LIBEVENT_CHECK], -+# [NTP_LIBEVENT_CHECK_NOBUILD] -+#) -+ -+NTP_LIBEVENT_CHECK([2]) - - # Checks for libraries. - -Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4 -=================================================================== ---- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 -+++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 -@@ -1,4 +1,25 @@ --dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*- -+# SYNOPSIS -*- Autoconf -*- -+# -+# NTP_ENABLE_LOCAL_LIBEVENT -+# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]]) -+# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]]) -+# -+# DESCRIPTION -+# -+# AUTHOR -+# -+# Harlan Stenn -+# -+# LICENSE -+# -+# This file is Copyright (c) 2014 Network Time Foundation -+# -+# Copying and distribution of this file, with or without modification, are -+# permitted in any medium without royalty provided the copyright notice, -+# author attribution and this notice are preserved. This file is offered -+# as-is, without any warranty. -+ -+dnl NTP_ENABLE_LOCAL_LIBEVENT - dnl - dnl Provide only the --enable-local-libevent command-line option. - dnl -@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar - dnl but DO NOT invoke DIR/configure if we are going to use our bundled - dnl version. This may be the case for nested packages. - dnl --dnl provide --enable-local-libevent . -+dnl provides --enable-local-libevent . - dnl - dnl Examples: - dnl -Index: ntp-4.2.8/util/Makefile.am -=================================================================== ---- ntp-4.2.8.orig/util/Makefile.am -+++ ntp-4.2.8/util/Makefile.am -@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) - LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) - tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) - ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a -+ntp_keygen_LDADD += $(LDADD_LIBEVENT) - ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM) - ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h - diff --git a/recipes-bsp/ntp/ntp_4.2.8.bb b/recipes-bsp/ntp/ntp_4.2.8.bb deleted file mode 100644 index 66e2574182..0000000000 --- a/recipes-bsp/ntp/ntp_4.2.8.bb +++ /dev/null @@ -1,157 +0,0 @@ -SUMMARY = "Network Time Protocol daemon and utilities" -DESCRIPTION = "The Network Time Protocol (NTP) is used to \ -synchronize the time of a computer client or server to \ -another server or reference time source, such as a radio \ -or satellite receiver or modem." -HOMEPAGE = "http://support.ntp.org" -SECTION = "console/network" -LICENSE = "NTP" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f" - -DEPENDS = "libevent" - -SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ - file://ntp-4.2.4_p6-nano.patch \ - file://ntpd \ - file://ntp.conf \ - file://ntpdate \ - file://ntpdate.default \ - file://ntpdate.service \ - file://ntpd.service \ - file://sntp.service \ - file://sntp \ - file://ntpd.list \ - file://ntp-4.2.8-ntp-keygen-no-openssl.patch \ -" - -SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7" -SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee" - -inherit autotools update-rc.d useradd systemd pkgconfig - -# The ac_cv_header_readline_history is to stop ntpdc depending on either -# readline or curses -EXTRA_OECONF += "--with-net-snmp-config=no \ - --without-ntpsnmpd \ - ac_cv_header_readline_history_h=no \ - --with-yielding_select=yes \ - --with-locfile=redhat \ - --enable-ATOM \ - " -CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" - -USERADD_PACKAGES = "${PN}" -NTP_USER_HOME ?= "/var/lib/ntp" -USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ - --no-create-home \ - --shell /bin/false --user-group ntp" - -# NB: debug is default-enabled by NTP; keep it default-enabled here. -PACKAGECONFIG ??= "cap debug" -PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ - --with-openssl-incdir=${STAGING_INCDIR} \ - --with-crypto, \ - --without-openssl --without-crypto, \ - openssl" -PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" -PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" -PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" - -do_install_append() { - install -d ${D}${sysconfdir}/init.d - install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} - install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d - install -d ${D}${bindir} - install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync - - install -m 755 -d ${D}${NTP_USER_HOME} - chown ntp:ntp ${D}${NTP_USER_HOME} - - # Fix hardcoded paths in scripts - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace - sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace - sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait - sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj - sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj - - install -d ${D}/${sysconfdir}/default - install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate - install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ - - install -d ${D}/${sysconfdir}/network/if-up.d - ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ - - install -d ${D}${systemd_unitdir}/ntp-units.d - install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list -} - -PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" -# NOTE: you don't need ntpdate, use "ntpd -q -g -x" - -# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms -# with wonky clocks (e.g. OpenSlug) -RDEPENDS_${PN} = "${PN}-tickadj" -# Handle move from bin to utils package -RPROVIDES_${PN}-utils = "${PN}-bin" -RREPLACES_${PN}-utils = "${PN}-bin" -RCONFLICTS_${PN}-utils = "${PN}-bin" - -SYSTEMD_PACKAGES = "${PN} ntpdate sntp" -SYSTEMD_SERVICE_${PN} = "ntpd.service" -SYSTEMD_SERVICE_ntpdate = "ntpdate.service" -SYSTEMD_SERVICE_sntp = "sntp.service" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" - -RPROVIDES_ntpdate += "ntpdate-systemd" -RREPLACES_ntpdate += "ntpdate-systemd" -RCONFLICTS_ntpdate += "ntpdate-systemd" - -RSUGGESTS_${PN} = "iana-etc" - -FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ - ${NTP_USER_HOME} \ - ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ -" -FILES_${PN}-tickadj = "${sbindir}/tickadj" -FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib" -RDEPENDS_${PN}-utils += "perl" -FILES_ntpdate = "${sbindir}/ntpdate \ - ${sysconfdir}/network/if-up.d/ntpdate-sync \ - ${bindir}/ntpdate-sync \ - ${sysconfdir}/default/ntpdate \ - ${systemd_unitdir}/system/ntpdate.service \ -" -FILES_sntp = "${sbindir}/sntp \ - ${sysconfdir}/default/sntp \ - ${systemd_unitdir}/system/sntp.service \ - " - -CONFFILES_${PN} = "${sysconfdir}/ntp.conf" -CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" - -INITSCRIPT_NAME = "ntpd" -# No dependencies, so just go in at the standard level (20) -INITSCRIPT_PARAMS = "defaults" - -pkg_postinst_ntpdate() { - if ! grep -q -s ntpdate $D/var/spool/cron/root; then - echo "adding crontab" - test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron - echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root - fi -} - From 4de8fd1b0840739d0d7f17c48e2c4b3656a12927 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Mon, 23 Feb 2015 20:26:28 +0100 Subject: [PATCH 3/6] linux-sysmocom: Add PPS platform device --- recipes-bsp/linux/linux-sysmocom_3.2.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-bsp/linux/linux-sysmocom_3.2.bb b/recipes-bsp/linux/linux-sysmocom_3.2.bb index 6ae731cfc8..18bc1ddadb 100644 --- a/recipes-bsp/linux/linux-sysmocom_3.2.bb +++ b/recipes-bsp/linux/linux-sysmocom_3.2.bb @@ -15,11 +15,11 @@ SRCREV = "bcc4fa827be7f59486ff305d664b42a142025f9b" # odu handling. BRANCH="v3.2" -SRCREV_sysmocom-odu = "dcaeb640fca7524f70f155fd573b72a245a9161e" +SRCREV_sysmocom-odu = "3ed283bea6c0be2fa44e3c8298895190c1bd93b5" BRANCH_sysmocom-odu = "sob-odu/linux-3.2.63" LINUX_VERSION_sysmocom-odu = "3.2.63" -PR = "r40" +PR = "r41" PV = "${LINUX_VERSION}+git${SRCPV}" SRC_URI = "git://git.sysmocom.de/sysmo-bts/linux.git;protocol=git;branch=${BRANCH} \ From 3a5cd732a93a0ef99a5382a49ca5ecd2d7db6083 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Mon, 23 Feb 2015 20:54:11 +0100 Subject: [PATCH 4/6] ntp: forgot to add ntp_4.2.8p1.bb --- recipes-bsp/ntp/ntp_4.2.8p1.bb | 156 +++++++++++++++++++++++++++++++++ 1 file changed, 156 insertions(+) create mode 100644 recipes-bsp/ntp/ntp_4.2.8p1.bb diff --git a/recipes-bsp/ntp/ntp_4.2.8p1.bb b/recipes-bsp/ntp/ntp_4.2.8p1.bb new file mode 100644 index 0000000000..1bb754e354 --- /dev/null +++ b/recipes-bsp/ntp/ntp_4.2.8p1.bb @@ -0,0 +1,156 @@ +SUMMARY = "Network Time Protocol daemon and utilities" +DESCRIPTION = "The Network Time Protocol (NTP) is used to \ +synchronize the time of a computer client or server to \ +another server or reference time source, such as a radio \ +or satellite receiver or modem." +HOMEPAGE = "http://support.ntp.org" +SECTION = "console/network" +LICENSE = "NTP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=f41fedb22dffefcbfafecc85b0f79cfa" + +DEPENDS = "libevent" + +SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ + file://ntp-4.2.4_p6-nano.patch \ + file://ntpd \ + file://ntp.conf \ + file://ntpdate \ + file://ntpdate.default \ + file://ntpdate.service \ + file://ntpd.service \ + file://sntp.service \ + file://sntp \ + file://ntpd.list \ +" + +SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7" +SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee" + +inherit autotools update-rc.d useradd systemd pkgconfig + +# The ac_cv_header_readline_history is to stop ntpdc depending on either +# readline or curses +EXTRA_OECONF += "--with-net-snmp-config=no \ + --without-ntpsnmpd \ + ac_cv_header_readline_history_h=no \ + --with-yielding_select=yes \ + --with-locfile=redhat \ + --enable-ATOM \ + " +CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" + +USERADD_PACKAGES = "${PN}" +NTP_USER_HOME ?= "/var/lib/ntp" +USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ + --no-create-home \ + --shell /bin/false --user-group ntp" + +# NB: debug is default-enabled by NTP; keep it default-enabled here. +PACKAGECONFIG ??= "cap debug" +PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ + --with-openssl-incdir=${STAGING_INCDIR} \ + --with-crypto, \ + --without-openssl --without-crypto, \ + openssl" +PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" +PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" +PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" + +do_install_append() { + install -d ${D}${sysconfdir}/init.d + install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} + install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d + install -d ${D}${bindir} + install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync + + install -m 755 -d ${D}${NTP_USER_HOME} + chown ntp:ntp ${D}${NTP_USER_HOME} + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace + sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace + sed -i '1s,#!.*perl,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait + sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/calc_tickadj + sed -i '/use/i use warnings;' ${D}${sbindir}/calc_tickadj + + install -d ${D}/${sysconfdir}/default + install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate + install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ + + install -d ${D}/${sysconfdir}/network/if-up.d + ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ + + install -d ${D}${systemd_unitdir}/ntp-units.d + install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list +} + +PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" +# NOTE: you don't need ntpdate, use "ntpd -q -g -x" + +# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms +# with wonky clocks (e.g. OpenSlug) +RDEPENDS_${PN} = "${PN}-tickadj" +# Handle move from bin to utils package +RPROVIDES_${PN}-utils = "${PN}-bin" +RREPLACES_${PN}-utils = "${PN}-bin" +RCONFLICTS_${PN}-utils = "${PN}-bin" + +SYSTEMD_PACKAGES = "${PN} ntpdate sntp" +SYSTEMD_SERVICE_${PN} = "ntpd.service" +SYSTEMD_SERVICE_ntpdate = "ntpdate.service" +SYSTEMD_SERVICE_sntp = "sntp.service" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" + +RPROVIDES_ntpdate += "ntpdate-systemd" +RREPLACES_ntpdate += "ntpdate-systemd" +RCONFLICTS_ntpdate += "ntpdate-systemd" + +RSUGGESTS_${PN} = "iana-etc" + +FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ + ${NTP_USER_HOME} \ + ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +" +FILES_${PN}-tickadj = "${sbindir}/tickadj" +FILES_${PN}-utils = "${sbindir} ${datadir}/ntp/lib" +RDEPENDS_${PN}-utils += "perl" +FILES_ntpdate = "${sbindir}/ntpdate \ + ${sysconfdir}/network/if-up.d/ntpdate-sync \ + ${bindir}/ntpdate-sync \ + ${sysconfdir}/default/ntpdate \ + ${systemd_unitdir}/system/ntpdate.service \ +" +FILES_sntp = "${sbindir}/sntp \ + ${sysconfdir}/default/sntp \ + ${systemd_unitdir}/system/sntp.service \ + " + +CONFFILES_${PN} = "${sysconfdir}/ntp.conf" +CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" + +INITSCRIPT_NAME = "ntpd" +# No dependencies, so just go in at the standard level (20) +INITSCRIPT_PARAMS = "defaults" + +pkg_postinst_ntpdate() { + if ! grep -q -s ntpdate $D/var/spool/cron/root; then + echo "adding crontab" + test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron + echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root + fi +} + From 2251e090de0e967ec61c554a39ea3d2562a9d472 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Sun, 22 Feb 2015 15:12:46 +0100 Subject: [PATCH 5/6] busybox: After renaming the the bbappend rename the configs we use --- .../busybox/{busybox-1.22.1 => busybox-1.23.1}/busybox-ifplugd.sh | 0 recipes-core/busybox/{busybox-1.22.1 => busybox-1.23.1}/defconfig | 0 .../ifplugd-use-a-larger-netlink-buffer.patch | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename recipes-core/busybox/{busybox-1.22.1 => busybox-1.23.1}/busybox-ifplugd.sh (100%) rename recipes-core/busybox/{busybox-1.22.1 => busybox-1.23.1}/defconfig (100%) rename recipes-core/busybox/{busybox-1.22.1 => busybox-1.23.1}/ifplugd-use-a-larger-netlink-buffer.patch (100%) diff --git a/recipes-core/busybox/busybox-1.22.1/busybox-ifplugd.sh b/recipes-core/busybox/busybox-1.23.1/busybox-ifplugd.sh similarity index 100% rename from recipes-core/busybox/busybox-1.22.1/busybox-ifplugd.sh rename to recipes-core/busybox/busybox-1.23.1/busybox-ifplugd.sh diff --git a/recipes-core/busybox/busybox-1.22.1/defconfig b/recipes-core/busybox/busybox-1.23.1/defconfig similarity index 100% rename from recipes-core/busybox/busybox-1.22.1/defconfig rename to recipes-core/busybox/busybox-1.23.1/defconfig diff --git a/recipes-core/busybox/busybox-1.22.1/ifplugd-use-a-larger-netlink-buffer.patch b/recipes-core/busybox/busybox-1.23.1/ifplugd-use-a-larger-netlink-buffer.patch similarity index 100% rename from recipes-core/busybox/busybox-1.22.1/ifplugd-use-a-larger-netlink-buffer.patch rename to recipes-core/busybox/busybox-1.23.1/ifplugd-use-a-larger-netlink-buffer.patch From c2356c429d8cfd6c22d694f67b70de62c1bca643 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Mon, 23 Feb 2015 20:45:11 +0100 Subject: [PATCH 6/6] ntp: Upgrade to patch level 1 for additional security fixes When re-importing the recipe I accidently went back to a vulnerable version again. *sigh*. Fixes: SYS#1211 --- recipes-bsp/ntp/ntp_4.2.8p1.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes-bsp/ntp/ntp_4.2.8p1.bb b/recipes-bsp/ntp/ntp_4.2.8p1.bb index 1bb754e354..768241bbb4 100644 --- a/recipes-bsp/ntp/ntp_4.2.8p1.bb +++ b/recipes-bsp/ntp/ntp_4.2.8p1.bb @@ -23,8 +23,8 @@ SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g file://ntpd.list \ " -SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7" -SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee" +SRC_URI[md5sum] = "65d8cdfae4722226fbe29863477641ed" +SRC_URI[sha256sum] = "948274b88f1ed002d867ced6aaefdfd0999668b11285ac2b3a67ff2629d59d88" inherit autotools update-rc.d useradd systemd pkgconfig