[oe] [OE-devel] [PATCH] ntp: Resolve some abnormal behaviors
Stephen Arnold
stephen.arnold42 at gmail.com
Sat Mar 1 04:33:55 UTC 2014
Sorry I missed the previous traffic, but does it make more sense to set the
ntp user's home to something like /var/lib/ntp instead? For me it's always
been that way as the typical place for the drift file (written to by the
ntpd process running as ntp) as well as a *.keys file it needed. IMHO the
above with a suitable line in the default ntp.conf would be a Good Thing.
Lastly, what about using pool.ntp.org as the default server for both ntpd
and ntpdate? That way everything works out of the box (as long as there's
a net connection) and users can customize from there. I have a bbappend
for ntp right now, so maybe I should look at the default config again...
On Thu, Feb 27, 2014 at 11:41 PM, Xufeng Zhang
<xufeng.zhang at windriver.com>wrote:
> On 06/10/2013 11:29 PM, Joe MacDonald wrote:
>
>> Hey Xufeng,
>>
>> [[oe] [OE-devel] [PATCH] ntp: Resolve some abnormal behaviors] On
>> 13.05.31 (Fri 14:18) Xufeng Zhang wrote:
>>
>>
>>
>>> The main changes include:
>>> 1). Add ntp:ntp(user:group) to system.
>>> 2). Running ntpd dameon as ntp:ntp.
>>> 3). Move relevant files from /usr/bin to /usr/sbin.
>>> 4). Add crypto support.
>>>
>>>
>> This one seems to have trailed off. Sorry if you guys were waiting on
>> my input as well.
>>
>>
>
> Sorry for late response, I have missed this email.
>
> First, I agree with Paul on both #3 and #4.
>>
>
> Now I also agree that I should drop #4.
>
> I would rather see a patch
>> that updates NTP to use sbindir instead of bindir in the options
>>
>
> I'm not quite understand what's the meaning of "in the options".
>
> I'll explain how "--with-binsubdir" works for ntp:
> "--with-binsubdir" controls whether we use bin_PROGRAMS or sbin_PROGRAMS
> for built binaries in Makefile, in others words, it controls where we
> install the
> binaries. If "--with-binsubdir" is not set or if "--with-binsubdir=bin",
> then we use
> bindir, otherwise, if "--with-binsubdir=sbin", we use sbindir, so if we
> want to
> install the binaries into sbindir, we must specify "--with-binsubdir=sbin".
>
>
> (or at
>> least a follow-up indicating that it's infeasible for some reason, I
>> also don't know what NTP's build system looks like, so maybe that's not
>> an option). I also agree that my preferred scenario is for the system
>> to be as secure as possible by default, but crypto support is available
>> and not everyone wants or needs it. We (relatively) recently when
>> through an extended discussion about ntp versus ntp-ssl and the current
>> situation seems to be the best compromise for everyone.
>>
>> As a more general comment, you have four bullet-points below. That's
>> normally an indication (to me, at least) that four patches are
>> appropriate. Looking a bit closer, it looks like two related changes
>> and two unrelated ones, so I'd want to see three patches for this unless
>> there's a good reason why all of them are tied together.
>>
>> #1 and #2 aren't likely to be contentious, so feel free to send out a
>> single patch doing both of those any time and we can revisit #3 and #4
>> at your convenience.
>>
>>
>
> Thank you very much for the detail suggestions and explanations!
> I'll send V2 patch until we come to a agreement on #3.
>
>
> Xufeng
>
> Thanks,
>> -J.
>>
>>
>>
>>> [YOCTO #4567]
>>> [ CQID: WIND00417282 ]
>>>
>>> Signed-off-by: Xufeng Zhang<xufeng.zhang at windriver.com>
>>> ---
>>> meta-networking/recipes-support/ntp/files/ntpd | 8 ++++----
>>> meta-networking/recipes-support/ntp/files/ntpdate | 6 +++---
>>> meta-networking/recipes-support/ntp/ntp.inc | 20
>>> ++++++++++++--------
>>> 3 files changed, 19 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/meta-networking/recipes-support/ntp/files/ntpd
>>> b/meta-networking/recipes-support/ntp/files/ntpd
>>> index ae50f13..285f5c0 100755
>>> --- a/meta-networking/recipes-support/ntp/files/ntpd
>>> +++ b/meta-networking/recipes-support/ntp/files/ntpd
>>> @@ -1,7 +1,7 @@
>>> #! /bin/sh
>>> #
>>> # ntpd init.d script for ntpdc from ntp.isc.org
>>> -test -x /usr/bin/ntpd -a -r /etc/ntp.conf || exit 0
>>> +test -x /usr/sbin/ntpd -a -r /etc/ntp.conf || exit 0
>>> # rcS contains TICKADJ
>>> test -r /etc/default/rcS&& . /etc/default/rcS
>>>
>>> @@ -9,9 +9,9 @@ test -r /etc/default/rcS&& . /etc/default/rcS
>>> settick(){
>>> # If TICKADJ is set we *must* adjust it before we start, because
>>> the
>>> # driftfile relies on the correct setting
>>> - test -n "$TICKADJ" -a -x /usr/bin/tickadj&& {
>>> + test -n "$TICKADJ" -a -x /usr/sbin/tickadj&& {
>>> echo -n "Setting tick to $TICKADJ: "
>>> - /usr/bin/tickadj "$TICKADJ"
>>> + /usr/sbin/tickadj "$TICKADJ"
>>> echo "done"
>>> }
>>> }
>>> @@ -21,7 +21,7 @@ startdaemon(){
>>> # this. If ntpd seems to disappear after a while assume TICKADJ
>>> # above is set to a totally incorrect value.
>>> echo -n "Starting ntpd: "
>>> - start-stop-daemon --start -x /usr/bin/ntpd -- -p
>>> /var/run/ntp.pid "$@"
>>> + start-stop-daemon --start -x /usr/sbin/ntpd -- -u ntp:ntp -p
>>> /var/run/ntp.pid "$@"
>>> echo "done"
>>> }
>>> stopdaemon(){
>>> diff --git a/meta-networking/recipes-support/ntp/files/ntpdate
>>> b/meta-networking/recipes-support/ntp/files/ntpdate
>>> index ab0551c..17b64d1 100755
>>> --- a/meta-networking/recipes-support/ntp/files/ntpdate
>>> +++ b/meta-networking/recipes-support/ntp/files/ntpdate
>>> @@ -1,8 +1,8 @@
>>> #!/bin/sh
>>>
>>> -PATH=/sbin:/bin:/usr/bin
>>> +PATH=/sbin:/bin:/usr/bin:/usr/sbin
>>>
>>> -test -x /usr/bin/ntpdate || exit 0
>>> +test -x /usr/sbin/ntpdate || exit 0
>>>
>>> if test -f /etc/default/ntpdate ; then
>>> . /etc/default/ntpdate
>>> @@ -40,7 +40,7 @@ if [ -x /usr/bin/lockfile-create ]; then
>>> LOCKTOUCHPID="$!"
>>> fi
>>>
>>> -if /usr/bin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
>>> +if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then
>>> if [ "$UPDATE_HWCLOCK" = "yes" ]; then
>>> hwclock --systohc || :
>>> fi
>>> diff --git a/meta-networking/recipes-support/ntp/ntp.inc
>>> b/meta-networking/recipes-support/ntp/ntp.inc
>>> index 79e7401..b52a7d6 100644
>>> --- a/meta-networking/recipes-support/ntp/ntp.inc
>>> +++ b/meta-networking/recipes-support/ntp/ntp.inc
>>> @@ -24,14 +24,19 @@ SRC_URI = "http://www.eecis.udel.edu/~
>>> ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.g
>>> file://sntp \
>>> "
>>>
>>> -inherit autotools update-rc.d systemd
>>> +inherit autotools update-rc.d systemd useradd
>>>
>>> # The ac_cv_header_readline_history is to stop ntpdc depending on
>>> either
>>> # readline or curses
>>> -EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd
>>> ac_cv_header_readline_history_h=no"
>>> +EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd
>>> ac_cv_header_readline_history_h=no --with-binsubdir=sbin"
>>> CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED"
>>>
>>> -PACKAGECONFIG ??= ""
>>> +USERADD_PACKAGES = "${PN}"
>>> +USERADD_PARAM_${PN} = "--system --home /etc/ntp \
>>> + --no-create-home --shell /bin/false \
>>> + --user-group ntp"
>>> +
>>> +PACKAGECONFIG ??= "openssl"
>>> PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \
>>> --with-openssl-incdir=${STAGING_INCDIR} \
>>> --with-crypto, \
>>> @@ -91,10 +96,10 @@ RCONFLICTS_ntpdate += "ntpdate-systemd"
>>>
>>> RSUGGESTS_${PN} = "iana-etc"
>>>
>>> -FILES_${PN} = "${bindir}/ntpd ${sysconfdir}/ntp.conf
>>> ${sysconfdir}/init.d/ntpd ${sbindir} ${libdir}"
>>> -FILES_${PN}-tickadj = "${bindir}/tickadj"
>>> -FILES_${PN}-utils = "${bindir}"
>>> -FILES_ntpdate = "${bindir}/ntpdate \
>>> +FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf
>>> ${sysconfdir}/init.d/ntpd ${libdir}"
>>> +FILES_${PN}-tickadj = "${sbindir}/tickadj"
>>> +FILES_${PN}-utils = "${sbindir}"
>>> +FILES_ntpdate = "${sbindir}/ntpdate \
>>> ${sysconfdir}/network/if-up.d/ntpdate-sync \
>>> ${bindir}/ntpdate-sync \
>>> ${sysconfdir}/default/ntpdate \
>>> @@ -122,4 +127,3 @@ else
>>> fi
>>> fi
>>> }
>>> -
>>>
>>>
>>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
More information about the Openembedded-devel
mailing list