From 2a581eb64141e55750a0569e15d1203c597b7dea Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Thu, 25 Dec 2014 17:40:53 +0000 Subject: ntp: upgrade to 4.2.8 * Upgrade to 4.2.8 which fixes several security issues, including CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296. For more details please see: https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A * LIC_FILES_CHKSUM changed due to a number of copyright year and patch list changes; nothing material about the license text changed. * This version moves a number of binaries from sbindir to bindir; there's supposed to be a configure option --with-locfile=legacy to use the old layout but it does not seem to work. I guess we'll just have to live with the change. * Drop patches which are no longer applicable. * Merge inc file into recipe; there were too many changes required to the inc file in this version and it's unlikely it was much use split out in any case. * Move remaining files in files/ to ntp/ Signed-off-by: Paul Eggleton --- .../recipes-support/ntp/files/CVE-2013-5211.patch | 112 -------------- .../ntp/files/ntp-4.2.4_p6-nano.patch | 17 --- meta-networking/recipes-support/ntp/files/ntp.conf | 17 --- meta-networking/recipes-support/ntp/files/ntpd | 84 ----------- meta-networking/recipes-support/ntp/files/ntpdate | 54 ------- .../recipes-support/ntp/files/ntpdate.default | 7 - .../recipes-support/ntp/files/openssl-check.patch | 59 -------- .../recipes-support/ntp/files/tickadj.c.patch | 32 ---- meta-networking/recipes-support/ntp/ntp.inc | 149 ------------------ .../ntp/ntp/ntp-4.2.4_p6-nano.patch | 17 +++ .../ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch | 168 +++++++++++++++++++++ meta-networking/recipes-support/ntp/ntp/ntp.conf | 17 +++ meta-networking/recipes-support/ntp/ntp/ntpd | 84 +++++++++++ meta-networking/recipes-support/ntp/ntp/ntpdate | 54 +++++++ .../recipes-support/ntp/ntp/ntpdate.default | 7 + meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb | 6 - meta-networking/recipes-support/ntp/ntp_4.2.8.bb | 154 +++++++++++++++++++ 17 files changed, 501 insertions(+), 537 deletions(-) delete mode 100644 meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch delete mode 100644 meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch delete mode 100644 meta-networking/recipes-support/ntp/files/ntp.conf delete mode 100755 meta-networking/recipes-support/ntp/files/ntpd delete mode 100755 meta-networking/recipes-support/ntp/files/ntpdate delete mode 100644 meta-networking/recipes-support/ntp/files/ntpdate.default delete mode 100644 meta-networking/recipes-support/ntp/files/openssl-check.patch delete mode 100644 meta-networking/recipes-support/ntp/files/tickadj.c.patch delete mode 100644 meta-networking/recipes-support/ntp/ntp.inc create mode 100644 meta-networking/recipes-support/ntp/ntp/ntp-4.2.4_p6-nano.patch create mode 100644 meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch create mode 100644 meta-networking/recipes-support/ntp/ntp/ntp.conf create mode 100755 meta-networking/recipes-support/ntp/ntp/ntpd create mode 100755 meta-networking/recipes-support/ntp/ntp/ntpdate create mode 100644 meta-networking/recipes-support/ntp/ntp/ntpdate.default delete mode 100644 meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb create mode 100644 meta-networking/recipes-support/ntp/ntp_4.2.8.bb diff --git a/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch b/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch deleted file mode 100644 index ddcb044e60..0000000000 --- a/meta-networking/recipes-support/ntp/files/CVE-2013-5211.patch +++ /dev/null @@ -1,112 +0,0 @@ -ntp: fix CVE-2013-5211 - -Upstream-status: Backport - -The monlist feature in ntp_request.c in ntpd in NTP before -4.2.7p26 allows remote attackers to cause a denial of service -(traffic amplification) via forged (1) REQ_MON_GETLIST or -(2) REQ_MON_GETLIST_1 requests, as exploited in the wild -in December 2013. - -Signed-off-by: Zhang Xiao - ---- a/ntpd/ntp_request.c -+++ b/ntpd/ntp_request.c -@@ -1912,44 +1912,11 @@ mon_getlist_0( - struct req_pkt *inpkt - ) - { -- register struct info_monitor *im; -- register struct mon_data *md; -- extern struct mon_data mon_mru_list; -- extern int mon_enabled; -- - #ifdef DEBUG - if (debug > 2) - printf("wants monitor 0 list\n"); - #endif -- if (!mon_enabled) { -- req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); -- return; -- } -- im = (struct info_monitor *)prepare_pkt(srcadr, inter, inpkt, -- v6sizeof(struct info_monitor)); -- for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0; -- md = md->mru_next) { -- im->lasttime = htonl((u_int32)((current_time - -- md->firsttime) / md->count)); -- im->firsttime = htonl((u_int32)(current_time - md->lasttime)); -- im->restr = htonl((u_int32)md->flags); -- im->count = htonl((u_int32)(md->count)); -- if (IS_IPV6(&md->rmtadr)) { -- if (!client_v6_capable) -- continue; -- im->addr6 = SOCK_ADDR6(&md->rmtadr); -- im->v6_flag = 1; -- } else { -- im->addr = NSRCADR(&md->rmtadr); -- if (client_v6_capable) -- im->v6_flag = 0; -- } -- im->port = md->rmtport; -- im->mode = md->mode; -- im->version = md->version; -- im = (struct info_monitor *)more_pkt(); -- } -- flush_pkt(); -+ req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); - } - - /* -@@ -1962,50 +1929,7 @@ mon_getlist_1( - struct req_pkt *inpkt - ) - { -- register struct info_monitor_1 *im; -- register struct mon_data *md; -- extern struct mon_data mon_mru_list; -- extern int mon_enabled; -- -- if (!mon_enabled) { -- req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); -- return; -- } -- im = (struct info_monitor_1 *)prepare_pkt(srcadr, inter, inpkt, -- v6sizeof(struct info_monitor_1)); -- for (md = mon_mru_list.mru_next; md != &mon_mru_list && im != 0; -- md = md->mru_next) { -- im->lasttime = htonl((u_int32)((current_time - -- md->firsttime) / md->count)); -- im->firsttime = htonl((u_int32)(current_time - md->lasttime)); -- im->restr = htonl((u_int32)md->flags); -- im->count = htonl((u_int32)md->count); -- if (IS_IPV6(&md->rmtadr)) { -- if (!client_v6_capable) -- continue; -- im->addr6 = SOCK_ADDR6(&md->rmtadr); -- im->v6_flag = 1; -- im->daddr6 = SOCK_ADDR6(&md->interface->sin); -- } else { -- im->addr = NSRCADR(&md->rmtadr); -- if (client_v6_capable) -- im->v6_flag = 0; -- if (MDF_BCAST == md->cast_flags) -- im->daddr = NSRCADR(&md->interface->bcast); -- else if (md->cast_flags) { -- im->daddr = NSRCADR(&md->interface->sin); -- if (!im->daddr) -- im->daddr = NSRCADR(&md->interface->bcast); -- } else -- im->daddr = 4; -- } -- im->flags = htonl(md->cast_flags); -- im->port = md->rmtport; -- im->mode = md->mode; -- im->version = md->version; -- im = (struct info_monitor_1 *)more_pkt(); -- } -- flush_pkt(); -+ req_ack(srcadr, inter, inpkt, INFO_ERR_NODATA); - } - - /* diff --git a/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch b/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch deleted file mode 100644 index cb1e2f7341..0000000000 --- a/meta-networking/recipes-support/ntp/files/ntp-4.2.4_p6-nano.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- a/include/ntp_syscall.h.orig 2009-05-19 16:44:55.048156467 -0400 -+++ b/include/ntp_syscall.h 2009-05-19 16:46:19.293323686 -0400 -@@ -14,6 +14,14 @@ - # include - #endif - -+#if defined(ADJ_NANO) && !defined(MOD_NANO) -+#define MOD_NANO ADJ_NANO -+#endif -+ -+#if defined(ADJ_TAI) && !defined(MOD_TAI) -+#define MOD_TAI ADJ_TAI -+#endif -+ - #ifndef NTP_SYSCALLS_LIBC - #ifdef NTP_SYSCALLS_STD - # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) diff --git a/meta-networking/recipes-support/ntp/files/ntp.conf b/meta-networking/recipes-support/ntp/files/ntp.conf deleted file mode 100644 index 676e186453..0000000000 --- a/meta-networking/recipes-support/ntp/files/ntp.conf +++ /dev/null @@ -1,17 +0,0 @@ -# This is the most basic ntp configuration file -# The driftfile must remain in a place specific to this -# machine - it records the machine specific clock error -driftfile /var/lib/ntp/drift -# This should be a server that is close (in IP terms) -# to the machine. Add other servers as required. -# Unless you un-comment the line below ntpd will sync -# only against the local system clock. -# -# server time.server.example.com -# -# Using local hardware clock as fallback -# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself -server 127.127.1.0 -fudge 127.127.1.0 stratum 14 -# Defining a default security setting -restrict default diff --git a/meta-networking/recipes-support/ntp/files/ntpd b/meta-networking/recipes-support/ntp/files/ntpd deleted file mode 100755 index d1b9c49076..0000000000 --- a/meta-networking/recipes-support/ntp/files/ntpd +++ /dev/null @@ -1,84 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: ntp -# Required-Start: $network $remote_fs $syslog -# Required-Stop: $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: -# Short-Description: Start NTP daemon -### END INIT INFO - -PATH=/sbin:/bin:/usr/bin:/usr/sbin - -DAEMON=/usr/sbin/ntpd -PIDFILE=/var/run/ntpd.pid - -# ntpd init.d script for ntpdc from ntp.isc.org -test -x $DAEMON -a -r /etc/ntp.conf || exit 0 - -# rcS contains TICKADJ -test -r /etc/default/rcS && . /etc/default/rcS - -# Source function library. -. /etc/init.d/functions - -# Functions to do individual actions -settick(){ - # If TICKADJ is set we *must* adjust it before we start, because the - # driftfile relies on the correct setting - test -n "$TICKADJ" -a -x /usr/sbin/tickadj && { - echo -n "Setting tick to $TICKADJ: " - /usr/sbin/tickadj "$TICKADJ" - echo "done" - } -} -startdaemon(){ - # The -g option allows ntpd to step the time to correct it just - # once. The daemon will exit if the clock drifts too much after - # this. If ntpd seems to disappear after a while assume TICKADJ - # above is set to a totally incorrect value. - echo -n "Starting ntpd: " - start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@" - echo "done" -} -stopdaemon(){ - echo -n "Stopping ntpd: " - start-stop-daemon --stop --quiet --oknodo -p $PIDFILE - echo "done" -} - -case "$1" in - start) - settick - startdaemon -g - ;; - stop) - stopdaemon - ;; - force-reload) - stopdaemon - settick - startdaemon -g - ;; - restart) - # Don't reset the tick here - stopdaemon - startdaemon -g - ;; - reload) - # Must do this by hand, but don't do -g - stopdaemon - startdaemon - ;; - status) - status /usr/sbin/ntpd; - exit $? - ;; - *) - echo "Usage: ntpd { start | stop | status | restart | reload }" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/meta-networking/recipes-support/ntp/files/ntpdate b/meta-networking/recipes-support/ntp/files/ntpdate deleted file mode 100755 index 17b64d1335..0000000000 --- a/meta-networking/recipes-support/ntp/files/ntpdate +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -PATH=/sbin:/bin:/usr/bin:/usr/sbin - -test -x /usr/sbin/ntpdate || exit 0 - -if test -f /etc/default/ntpdate ; then -. /etc/default/ntpdate -fi - -if [ "$NTPSERVERS" = "" ] ; then - if [ "$METHOD" = "" -a "$1" != "silent" ] ; then - echo "Please set NTPSERVERS in /etc/default/ntpdate" - exit 1 - else - exit 0 - fi -fi - -# This is a heuristic: The idea is that if a static interface is brought -# up, that is a major event, and we can put in some extra effort to fix -# the system time. Feel free to change this, especially if you regularly -# bring up new network interfaces. -if [ "$METHOD" = static ]; then - OPTS="-b" -fi - -if [ "$METHOD" = loopback ]; then - exit 0 -fi - -( - -LOCKFILE=/var/lock/ntpdate - -# Avoid running more than one at a time -if [ -x /usr/bin/lockfile-create ]; then - lockfile-create $LOCKFILE - lockfile-touch $LOCKFILE & - LOCKTOUCHPID="$!" -fi - -if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then - if [ "$UPDATE_HWCLOCK" = "yes" ]; then - hwclock --systohc || : - fi -fi - -if [ -x /usr/bin/lockfile-create ] ; then - kill $LOCKTOUCHPID - lockfile-remove $LOCKFILE -fi - -) & diff --git a/meta-networking/recipes-support/ntp/files/ntpdate.default b/meta-networking/recipes-support/ntp/files/ntpdate.default deleted file mode 100644 index 486b6e07d3..0000000000 --- a/meta-networking/recipes-support/ntp/files/ntpdate.default +++ /dev/null @@ -1,7 +0,0 @@ -# Configuration script used by ntpdate-sync script - -NTPSERVERS="" - -# Set to "yes" to write time to hardware clock on success -UPDATE_HWCLOCK="no" - diff --git a/meta-networking/recipes-support/ntp/files/openssl-check.patch b/meta-networking/recipes-support/ntp/files/openssl-check.patch deleted file mode 100644 index 8b4a6733cd..0000000000 --- a/meta-networking/recipes-support/ntp/files/openssl-check.patch +++ /dev/null @@ -1,59 +0,0 @@ -Hack OpenSSL check to work when libssl and libcrypto aren't in same dir - -Upstream-Status: Inappropriate [config] - -Signed-off-by: Paul Eggleton ---- - configure | 4 ++-- - m4/ntp_openssl.m4 | 4 ++-- - sntp/configure | 4 ++-- - 3 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/configure b/configure -index aae2c01..6a3c15e 100755 ---- a/configure -+++ b/configure -@@ -22868,8 +22868,8 @@ case "$ans" in - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; - *) -- test -f $i/libcrypto.so -a -f $i/libssl.so && break -- test -f $i/libcrypto.a -a -f $i/libssl.a && break -+ test -f $i/libssl.so && break -+ test -f $i/libssl.a && break - ;; - esac - done -diff --git a/m4/ntp_openssl.m4 b/m4/ntp_openssl.m4 -index 7d9f477..67bdd55 100644 ---- a/m4/ntp_openssl.m4 -+++ b/m4/ntp_openssl.m4 -@@ -41,8 +41,8 @@ case "$ans" in - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; - *) -- test -f $i/libcrypto.so -a -f $i/libssl.so && break -- test -f $i/libcrypto.a -a -f $i/libssl.a && break -+ test -f $i/libssl.so && break -+ test -f $i/libssl.a && break - ;; - esac - done -diff --git a/sntp/configure b/sntp/configure -index 7782c29..55e82d9 100755 ---- a/sntp/configure -+++ b/sntp/configure -@@ -14810,8 +14810,8 @@ case "$ans" in - test -f $i/libcrypto.dylib -a -f $i/libssl.dylib && break - ;; - *) -- test -f $i/libcrypto.so -a -f $i/libssl.so && break -- test -f $i/libcrypto.a -a -f $i/libssl.a && break -+ test -f $i/libssl.so && break -+ test -f $i/libssl.a && break - ;; - esac - done --- -1.7.1 - diff --git a/meta-networking/recipes-support/ntp/files/tickadj.c.patch b/meta-networking/recipes-support/ntp/files/tickadj.c.patch deleted file mode 100644 index 9ef9de9e1f..0000000000 --- a/meta-networking/recipes-support/ntp/files/tickadj.c.patch +++ /dev/null @@ -1,32 +0,0 @@ -Index: ntp-4.2.2p3-r0/ntp-4.2.2p3/util/tickadj.c -=================================================================== ---- ntp-4.2.2p3/util/tickadj.c 2004-02-25 06:58:33.000000000 +0100 -+++ ntp-4.2.2p3/util/tickadj.c 2007-07-07 01:00:54.000000000 +0200 -@@ -21,7 +21,8 @@ - # include - #endif /* HAVE_UNISTD_H */ - --#ifdef HAVE___ADJTIMEX /* Linux */ -+/* proper handling here has been moved to upstream ntp bugzilla */ -+#ifdef linux - - #include - struct timex txc; -@@ -91,7 +92,7 @@ - } - - if (!errflg) { -- if (__adjtimex(&txc) < 0) -+ if (adjtimex(&txc) < 0) - perror("adjtimex"); - else if (!quiet) - printf("tick = %ld\ntick_adj = %d\n", -@@ -146,7 +147,7 @@ - #endif - } - -- if (__adjtimex(&txc) < 0) -+ if (adjtimex(&txc) < 0) - { - perror("adjtimex"); - } diff --git a/meta-networking/recipes-support/ntp/ntp.inc b/meta-networking/recipes-support/ntp/ntp.inc deleted file mode 100644 index 142f904ad0..0000000000 --- a/meta-networking/recipes-support/ntp/ntp.inc +++ /dev/null @@ -1,149 +0,0 @@ -SUMMARY = "Network Time Protocol daemon and utilities" -DESCRIPTION = "The Network Time Protocol (NTP) is used to \ -synchronize the time of a computer client or server to \ -another server or reference time source, such as a radio \ -or satellite receiver or modem." -HOMEPAGE = "http://support.ntp.org" -SECTION = "console/network" -LICENSE = "NTP" -LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=fea4b50c33b18c2194b4b1c9ca512670" - -DEPENDS = "pps-tools" - -INC_PR = "r6" - -SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ - file://tickadj.c.patch \ - file://ntp-4.2.4_p6-nano.patch \ - file://openssl-check.patch \ - file://ntpd \ - file://ntp.conf \ - file://ntpdate \ - file://ntpdate.default \ - file://ntpdate.service \ - file://ntpd.service \ - file://sntp.service \ - file://sntp \ - file://ntpd.list \ - file://CVE-2013-5211.patch \ -" - -inherit autotools update-rc.d useradd systemd - -# The ac_cv_header_readline_history is to stop ntpdc depending on either -# readline or curses -EXTRA_OECONF += "--with-net-snmp-config=no --without-ntpsnmpd ac_cv_header_readline_history_h=no --with-binsubdir=sbin" -CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" - -USERADD_PACKAGES = "${PN}" -NTP_USER_HOME ?= "/var/lib/ntp" -USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ - --no-create-home \ - --shell /bin/false --user-group ntp" - -# NB: debug is default-enabled by NTP; keep it default-enabled here. -PACKAGECONFIG ??= "cap debug" -PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ - --with-openssl-incdir=${STAGING_INCDIR} \ - --with-crypto, \ - --without-openssl --without-crypto, \ - openssl" -PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" -PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" -PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" - -do_install_append() { - install -d ${D}${sysconfdir}/init.d - install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} - install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d - install -d ${D}${bindir} - install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync - - install -m 755 -d ${D}${NTP_USER_HOME} - chown ntp:ntp ${D}${NTP_USER_HOME} - - # Fix hardcoded paths in scripts - sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync - sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntptrace - sed -i '/use/i use warnings;' ${D}${sbindir}/ntptrace - sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${sbindir}/ntp-wait - sed -i '/use/i use warnings;' ${D}${sbindir}/ntp-wait - - install -d ${D}/${sysconfdir}/default - install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate - install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ - - install -d ${D}/${sysconfdir}/network/if-up.d - ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d - - install -d ${D}${systemd_unitdir}/system - install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ - - install -d ${D}${systemd_unitdir}/ntp-units.d - install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list -} - -PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" -# NOTE: you don't need ntpdate, use "ntpd -q -g -x" - -# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms -# with wonky clocks (e.g. OpenSlug) -RDEPENDS_${PN} = "${PN}-tickadj" -# Handle move from bin to utils package -RPROVIDES_${PN}-utils = "${PN}-bin" -RREPLACES_${PN}-utils = "${PN}-bin" -RCONFLICTS_${PN}-utils = "${PN}-bin" - -SYSTEMD_PACKAGES = "${PN} ntpdate sntp" -SYSTEMD_SERVICE_${PN} = "ntpd.service" -SYSTEMD_SERVICE_ntpdate = "ntpdate.service" -SYSTEMD_SERVICE_sntp = "sntp.service" - -RPROVIDES_${PN} += "${PN}-systemd" -RREPLACES_${PN} += "${PN}-systemd" -RCONFLICTS_${PN} += "${PN}-systemd" - -RPROVIDES_ntpdate += "ntpdate-systemd" -RREPLACES_ntpdate += "ntpdate-systemd" -RCONFLICTS_ntpdate += "ntpdate-systemd" - -RSUGGESTS_${PN} = "iana-etc" - -FILES_${PN} = "${sbindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ - ${NTP_USER_HOME} \ - ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ -" -FILES_${PN}-tickadj = "${sbindir}/tickadj" -FILES_${PN}-utils = "${sbindir}" -FILES_ntpdate = "${sbindir}/ntpdate \ - ${sysconfdir}/network/if-up.d/ntpdate-sync \ - ${bindir}/ntpdate-sync \ - ${sysconfdir}/default/ntpdate \ - ${systemd_unitdir}/system/ntpdate.service \ -" -FILES_sntp = "${sbindir}/sntp \ - ${sysconfdir}/default/sntp \ - ${systemd_unitdir}/system/sntp.service \ - " - -CONFFILES_${PN} = "${sysconfdir}/ntp.conf" -CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" - -INITSCRIPT_NAME = "ntpd" -# No dependencies, so just go in at the standard level (20) -INITSCRIPT_PARAMS = "defaults" - -pkg_postinst_ntpdate() { - if ! grep -q -s ntpdate $D/var/spool/cron/root; then - echo "adding crontab" - test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron - echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root - fi -} - diff --git a/meta-networking/recipes-support/ntp/ntp/ntp-4.2.4_p6-nano.patch b/meta-networking/recipes-support/ntp/ntp/ntp-4.2.4_p6-nano.patch new file mode 100644 index 0000000000..cb1e2f7341 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntp-4.2.4_p6-nano.patch @@ -0,0 +1,17 @@ +--- a/include/ntp_syscall.h.orig 2009-05-19 16:44:55.048156467 -0400 ++++ b/include/ntp_syscall.h 2009-05-19 16:46:19.293323686 -0400 +@@ -14,6 +14,14 @@ + # include + #endif + ++#if defined(ADJ_NANO) && !defined(MOD_NANO) ++#define MOD_NANO ADJ_NANO ++#endif ++ ++#if defined(ADJ_TAI) && !defined(MOD_TAI) ++#define MOD_TAI ADJ_TAI ++#endif ++ + #ifndef NTP_SYSCALLS_LIBC + #ifdef NTP_SYSCALLS_STD + # define ntp_adjtime(t) syscall(SYS_ntp_adjtime, (t)) diff --git a/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch b/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch new file mode 100644 index 0000000000..9b9af63ca3 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntp-4.2.8-ntp-keygen-no-openssl.patch @@ -0,0 +1,168 @@ +Fix ntp-keygen build without OpenSSL + +Patch borrowed from Gentoo, originally from upstream +Signed-off-by: Paul Eggleton +Upstream-Status: Backport + +Upstream commit: +http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=5497b345z5MNTuNvJWuqPSje25NQTg +Gentoo bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=533238 + +Signed-off-by: Markos Chandras +Index: ntp-4.2.8/Makefile.am +=================================================================== +--- ntp-4.2.8.orig/Makefile.am ++++ ntp-4.2.8/Makefile.am +@@ -2,7 +2,10 @@ ACLOCAL_AMFLAGS = -I sntp/m4 -I sntp/lib + + NULL = + ++# moved sntp first to get libtool and libevent built. ++ + SUBDIRS = \ ++ sntp \ + scripts \ + include \ + libntp \ +@@ -17,7 +20,6 @@ SUBDIRS = \ + clockstuff \ + kernel \ + util \ +- sntp \ + tests \ + $(NULL) + +@@ -64,7 +66,6 @@ BUILT_SOURCES = \ + .gcc-warning \ + 'libtool \ + html/.datecheck \ +- sntp/built-sources-only \ + $(srcdir)/COPYRIGHT \ + $(srcdir)/.checkChangeLog \ + $(NULL) +Index: ntp-4.2.8/configure.ac +=================================================================== +--- ntp-4.2.8.orig/configure.ac ++++ ntp-4.2.8/configure.ac +@@ -102,7 +102,7 @@ esac + enable_nls=no + LIBOPTS_CHECK_NOBUILD([sntp/libopts]) + +-NTP_ENABLE_LOCAL_LIBEVENT ++NTP_LIBEVENT_CHECK_NOBUILD([2], [sntp/libevent]) + + NTP_LIBNTP + +@@ -771,6 +771,10 @@ esac + + #### + ++AC_CHECK_FUNCS([arc4random_buf]) ++ ++#### ++ + saved_LIBS="$LIBS" + LIBS="$LIBS $LDADD_LIBNTP" + AC_CHECK_FUNCS([daemon]) +Index: ntp-4.2.8/libntp/ntp_crypto_rnd.c +=================================================================== +--- ntp-4.2.8.orig/libntp/ntp_crypto_rnd.c ++++ ntp-4.2.8/libntp/ntp_crypto_rnd.c +@@ -24,6 +24,21 @@ + int crypto_rand_init = 0; + #endif + ++#ifndef HAVE_ARC4RANDOM_BUF ++static void ++arc4random_buf(void *buf, size_t nbytes); ++ ++void ++evutil_secure_rng_get_bytes(void *buf, size_t nbytes); ++ ++static void ++arc4random_buf(void *buf, size_t nbytes) ++{ ++ evutil_secure_rng_get_bytes(buf, nbytes); ++ return; ++} ++#endif ++ + /* + * As of late 2014, here's how we plan to provide cryptographic-quality + * random numbers: +Index: ntp-4.2.8/sntp/configure.ac +=================================================================== +--- ntp-4.2.8.orig/sntp/configure.ac ++++ ntp-4.2.8/sntp/configure.ac +@@ -97,11 +97,14 @@ esac + enable_nls=no + LIBOPTS_CHECK + +-AM_COND_IF( +- [BUILD_SNTP], +- [NTP_LIBEVENT_CHECK], +- [NTP_LIBEVENT_CHECK_NOBUILD] +-) ++# From when we only used libevent for sntp: ++#AM_COND_IF( ++# [BUILD_SNTP], ++# [NTP_LIBEVENT_CHECK], ++# [NTP_LIBEVENT_CHECK_NOBUILD] ++#) ++ ++NTP_LIBEVENT_CHECK([2]) + + # Checks for libraries. + +Index: ntp-4.2.8/sntp/m4/ntp_libevent.m4 +=================================================================== +--- ntp-4.2.8.orig/sntp/m4/ntp_libevent.m4 ++++ ntp-4.2.8/sntp/m4/ntp_libevent.m4 +@@ -1,4 +1,25 @@ +-dnl NTP_ENABLE_LOCAL_LIBEVENT -*- Autoconf -*- ++# SYNOPSIS -*- Autoconf -*- ++# ++# NTP_ENABLE_LOCAL_LIBEVENT ++# NTP_LIBEVENT_CHECK([MINVERSION [, DIR]]) ++# NTP_LIBEVENT_CHECK_NOBUILD([MINVERSION [, DIR]]) ++# ++# DESCRIPTION ++# ++# AUTHOR ++# ++# Harlan Stenn ++# ++# LICENSE ++# ++# This file is Copyright (c) 2014 Network Time Foundation ++# ++# Copying and distribution of this file, with or without modification, are ++# permitted in any medium without royalty provided the copyright notice, ++# author attribution and this notice are preserved. This file is offered ++# as-is, without any warranty. ++ ++dnl NTP_ENABLE_LOCAL_LIBEVENT + dnl + dnl Provide only the --enable-local-libevent command-line option. + dnl +@@ -29,7 +50,7 @@ dnl If NOBUILD is provided as the 3rd ar + dnl but DO NOT invoke DIR/configure if we are going to use our bundled + dnl version. This may be the case for nested packages. + dnl +-dnl provide --enable-local-libevent . ++dnl provides --enable-local-libevent . + dnl + dnl Examples: + dnl +Index: ntp-4.2.8/util/Makefile.am +=================================================================== +--- ntp-4.2.8.orig/util/Makefile.am ++++ ntp-4.2.8/util/Makefile.am +@@ -19,6 +19,7 @@ AM_LDFLAGS = $(LDFLAGS_NTP) + LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) $(PTHREAD_LIBS) + tg2_LDADD= ../libntp/libntp.a $(LDADD_LIBNTP) $(LIBM) + ntp_keygen_LDADD = version.o $(LIBOPTS_LDADD) ../libntp/libntp.a ++ntp_keygen_LDADD += $(LDADD_LIBEVENT) + ntp_keygen_LDADD += $(LDADD_LIBNTP) $(PTHREAD_LIBS) $(LDADD_NTP) $(LIBM) + ntp_keygen_SOURCES = ntp-keygen.c ntp-keygen-opts.c ntp-keygen-opts.h + diff --git a/meta-networking/recipes-support/ntp/ntp/ntp.conf b/meta-networking/recipes-support/ntp/ntp/ntp.conf new file mode 100644 index 0000000000..676e186453 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntp.conf @@ -0,0 +1,17 @@ +# This is the most basic ntp configuration file +# The driftfile must remain in a place specific to this +# machine - it records the machine specific clock error +driftfile /var/lib/ntp/drift +# This should be a server that is close (in IP terms) +# to the machine. Add other servers as required. +# Unless you un-comment the line below ntpd will sync +# only against the local system clock. +# +# server time.server.example.com +# +# Using local hardware clock as fallback +# Disable this when using ntpd -q -g -x as ntpdate or it will sync to itself +server 127.127.1.0 +fudge 127.127.1.0 stratum 14 +# Defining a default security setting +restrict default diff --git a/meta-networking/recipes-support/ntp/ntp/ntpd b/meta-networking/recipes-support/ntp/ntp/ntpd new file mode 100755 index 0000000000..d1b9c49076 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpd @@ -0,0 +1,84 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: ntp +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: +# Short-Description: Start NTP daemon +### END INIT INFO + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +DAEMON=/usr/sbin/ntpd +PIDFILE=/var/run/ntpd.pid + +# ntpd init.d script for ntpdc from ntp.isc.org +test -x $DAEMON -a -r /etc/ntp.conf || exit 0 + +# rcS contains TICKADJ +test -r /etc/default/rcS && . /etc/default/rcS + +# Source function library. +. /etc/init.d/functions + +# Functions to do individual actions +settick(){ + # If TICKADJ is set we *must* adjust it before we start, because the + # driftfile relies on the correct setting + test -n "$TICKADJ" -a -x /usr/sbin/tickadj && { + echo -n "Setting tick to $TICKADJ: " + /usr/sbin/tickadj "$TICKADJ" + echo "done" + } +} +startdaemon(){ + # The -g option allows ntpd to step the time to correct it just + # once. The daemon will exit if the clock drifts too much after + # this. If ntpd seems to disappear after a while assume TICKADJ + # above is set to a totally incorrect value. + echo -n "Starting ntpd: " + start-stop-daemon --start --quiet --oknodo --pidfile $PIDFILE --startas $DAEMON -- -u ntp:ntp -p $PIDFILE "$@" + echo "done" +} +stopdaemon(){ + echo -n "Stopping ntpd: " + start-stop-daemon --stop --quiet --oknodo -p $PIDFILE + echo "done" +} + +case "$1" in + start) + settick + startdaemon -g + ;; + stop) + stopdaemon + ;; + force-reload) + stopdaemon + settick + startdaemon -g + ;; + restart) + # Don't reset the tick here + stopdaemon + startdaemon -g + ;; + reload) + # Must do this by hand, but don't do -g + stopdaemon + startdaemon + ;; + status) + status /usr/sbin/ntpd; + exit $? + ;; + *) + echo "Usage: ntpd { start | stop | status | restart | reload }" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/meta-networking/recipes-support/ntp/ntp/ntpdate b/meta-networking/recipes-support/ntp/ntp/ntpdate new file mode 100755 index 0000000000..17b64d1335 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpdate @@ -0,0 +1,54 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/bin:/usr/sbin + +test -x /usr/sbin/ntpdate || exit 0 + +if test -f /etc/default/ntpdate ; then +. /etc/default/ntpdate +fi + +if [ "$NTPSERVERS" = "" ] ; then + if [ "$METHOD" = "" -a "$1" != "silent" ] ; then + echo "Please set NTPSERVERS in /etc/default/ntpdate" + exit 1 + else + exit 0 + fi +fi + +# This is a heuristic: The idea is that if a static interface is brought +# up, that is a major event, and we can put in some extra effort to fix +# the system time. Feel free to change this, especially if you regularly +# bring up new network interfaces. +if [ "$METHOD" = static ]; then + OPTS="-b" +fi + +if [ "$METHOD" = loopback ]; then + exit 0 +fi + +( + +LOCKFILE=/var/lock/ntpdate + +# Avoid running more than one at a time +if [ -x /usr/bin/lockfile-create ]; then + lockfile-create $LOCKFILE + lockfile-touch $LOCKFILE & + LOCKTOUCHPID="$!" +fi + +if /usr/sbin/ntpdate -s $OPTS $NTPSERVERS 2>/dev/null; then + if [ "$UPDATE_HWCLOCK" = "yes" ]; then + hwclock --systohc || : + fi +fi + +if [ -x /usr/bin/lockfile-create ] ; then + kill $LOCKTOUCHPID + lockfile-remove $LOCKFILE +fi + +) & diff --git a/meta-networking/recipes-support/ntp/ntp/ntpdate.default b/meta-networking/recipes-support/ntp/ntp/ntpdate.default new file mode 100644 index 0000000000..486b6e07d3 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp/ntpdate.default @@ -0,0 +1,7 @@ +# Configuration script used by ntpdate-sync script + +NTPSERVERS="" + +# Set to "yes" to write time to hardware clock on success +UPDATE_HWCLOCK="no" + diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb b/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb deleted file mode 100644 index 588a1b03c9..0000000000 --- a/meta-networking/recipes-support/ntp/ntp_4.2.6p5.bb +++ /dev/null @@ -1,6 +0,0 @@ -require ntp.inc - -PR = "${INC_PR}.0" - -SRC_URI[md5sum] = "00df80a84ec9528fcfb09498075525bc" -SRC_URI[sha256sum] = "d6ab8371f9d31e594eb6922823d5ccd03dcc4e9d84b0e23ea25ac1405432f91c" diff --git a/meta-networking/recipes-support/ntp/ntp_4.2.8.bb b/meta-networking/recipes-support/ntp/ntp_4.2.8.bb new file mode 100644 index 0000000000..7e1b1c1529 --- /dev/null +++ b/meta-networking/recipes-support/ntp/ntp_4.2.8.bb @@ -0,0 +1,154 @@ +SUMMARY = "Network Time Protocol daemon and utilities" +DESCRIPTION = "The Network Time Protocol (NTP) is used to \ +synchronize the time of a computer client or server to \ +another server or reference time source, such as a radio \ +or satellite receiver or modem." +HOMEPAGE = "http://support.ntp.org" +SECTION = "console/network" +LICENSE = "NTP" +LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=ebe123f74017224947c78d472407c10f" + +DEPENDS = "pps-tools libevent" + +SRC_URI = "http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-${PV}.tar.gz \ + file://ntp-4.2.4_p6-nano.patch \ + file://ntpd \ + file://ntp.conf \ + file://ntpdate \ + file://ntpdate.default \ + file://ntpdate.service \ + file://ntpd.service \ + file://sntp.service \ + file://sntp \ + file://ntpd.list \ + file://ntp-4.2.8-ntp-keygen-no-openssl.patch \ +" + +SRC_URI[md5sum] = "6972a626be6150db8cfbd0b63d8719e7" +SRC_URI[sha256sum] = "2e920df8b6a5a410567a73767fa458c00c7f0acec3213e69ed0134414a50d8ee" + +inherit autotools update-rc.d useradd systemd pkgconfig + +# The ac_cv_header_readline_history is to stop ntpdc depending on either +# readline or curses +EXTRA_OECONF += "--with-net-snmp-config=no \ + --without-ntpsnmpd \ + ac_cv_header_readline_history_h=no \ + --with-yielding_select=yes \ + " +CFLAGS_append = " -DPTYS_ARE_GETPT -DPTYS_ARE_SEARCHED" + +USERADD_PACKAGES = "${PN}" +NTP_USER_HOME ?= "/var/lib/ntp" +USERADD_PARAM_${PN} = "--system --home-dir ${NTP_USER_HOME} \ + --no-create-home \ + --shell /bin/false --user-group ntp" + +# NB: debug is default-enabled by NTP; keep it default-enabled here. +PACKAGECONFIG ??= "cap debug" +PACKAGECONFIG[openssl] = "--with-openssl-libdir=${STAGING_LIBDIR} \ + --with-openssl-incdir=${STAGING_INCDIR} \ + --with-crypto, \ + --without-openssl --without-crypto, \ + openssl" +PACKAGECONFIG[cap] = "--enable-linuxcaps,--disable-linuxcaps,libcap" +PACKAGECONFIG[readline] = "--with-lineeditlibs,--without-lineeditlibs,readline" +PACKAGECONFIG[debug] = "--enable-debugging,--disable-debugging" + +do_install_append() { + install -d ${D}${sysconfdir}/init.d + install -m 644 ${WORKDIR}/ntp.conf ${D}${sysconfdir} + install -m 755 ${WORKDIR}/ntpd ${D}${sysconfdir}/init.d + install -d ${D}${bindir} + install -m 755 ${WORKDIR}/ntpdate ${D}${bindir}/ntpdate-sync + + install -m 755 -d ${D}${NTP_USER_HOME} + chown ntp:ntp ${D}${NTP_USER_HOME} + + # Fix hardcoded paths in scripts + sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/usr/bin/!${bindir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/etc/!${sysconfdir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!/var/!${localstatedir}/!g' ${D}${sysconfdir}/init.d/ntpd ${D}${bindir}/ntpdate-sync + sed -i 's!^PATH=.*!PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}${bindir}/ntpdate-sync + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${bindir}/ntptrace + sed -i '/use/i use warnings;' ${D}${bindir}/ntptrace + sed -i '1s,#!.*perl -w,#! ${bindir}/env perl,' ${D}${bindir}/ntp-wait + sed -i '/use/i use warnings;' ${D}${bindir}/ntp-wait + + install -d ${D}/${sysconfdir}/default + install -m 644 ${WORKDIR}/ntpdate.default ${D}${sysconfdir}/default/ntpdate + install -m 0644 ${WORKDIR}/sntp ${D}${sysconfdir}/default/ + + install -d ${D}/${sysconfdir}/network/if-up.d + ln -s ${bindir}/ntpdate-sync ${D}/${sysconfdir}/network/if-up.d + + install -d ${D}${systemd_unitdir}/system + install -m 0644 ${WORKDIR}/ntpdate.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/ntpd.service ${D}${systemd_unitdir}/system/ + install -m 0644 ${WORKDIR}/sntp.service ${D}${systemd_unitdir}/system/ + + install -d ${D}${systemd_unitdir}/ntp-units.d + install -m 0644 ${WORKDIR}/ntpd.list ${D}${systemd_unitdir}/ntp-units.d/60-ntpd.list + + rmdir ${D}${sbindir} +} + +PACKAGES += "ntpdate sntp ${PN}-tickadj ${PN}-utils" +# NOTE: you don't need ntpdate, use "ntpd -q -g -x" + +# ntp originally includes tickadj. It's split off for inclusion in small firmware images on platforms +# with wonky clocks (e.g. OpenSlug) +RDEPENDS_${PN} = "${PN}-tickadj" +# Handle move from bin to utils package +RPROVIDES_${PN}-utils = "${PN}-bin" +RREPLACES_${PN}-utils = "${PN}-bin" +RCONFLICTS_${PN}-utils = "${PN}-bin" + +SYSTEMD_PACKAGES = "${PN} ntpdate sntp" +SYSTEMD_SERVICE_${PN} = "ntpd.service" +SYSTEMD_SERVICE_ntpdate = "ntpdate.service" +SYSTEMD_SERVICE_sntp = "sntp.service" + +RPROVIDES_${PN} += "${PN}-systemd" +RREPLACES_${PN} += "${PN}-systemd" +RCONFLICTS_${PN} += "${PN}-systemd" + +RPROVIDES_ntpdate += "ntpdate-systemd" +RREPLACES_ntpdate += "ntpdate-systemd" +RCONFLICTS_ntpdate += "ntpdate-systemd" + +RSUGGESTS_${PN} = "iana-etc" + +FILES_${PN} = "${bindir}/ntpd ${sysconfdir}/ntp.conf ${sysconfdir}/init.d/ntpd ${libdir} \ + ${NTP_USER_HOME} \ + ${systemd_unitdir}/ntp-units.d/60-ntpd.list \ +" +FILES_${PN}-tickadj = "${bindir}/tickadj" +FILES_${PN}-utils = "${bindir} ${datadir}/ntp/lib" +FILES_ntpdate = "${bindir}/ntpdate \ + ${sysconfdir}/network/if-up.d/ntpdate-sync \ + ${bindir}/ntpdate-sync \ + ${sysconfdir}/default/ntpdate \ + ${systemd_unitdir}/system/ntpdate.service \ +" +FILES_sntp = "${bindir}/sntp \ + ${sysconfdir}/default/sntp \ + ${systemd_unitdir}/system/sntp.service \ + " + +CONFFILES_${PN} = "${sysconfdir}/ntp.conf" +CONFFILES_ntpdate = "${sysconfdir}/default/ntpdate" + +INITSCRIPT_NAME = "ntpd" +# No dependencies, so just go in at the standard level (20) +INITSCRIPT_PARAMS = "defaults" + +pkg_postinst_ntpdate() { + if ! grep -q -s ntpdate $D/var/spool/cron/root; then + echo "adding crontab" + test -d $D/var/spool/cron || mkdir -p $D/var/spool/cron + echo "30 * * * * ${bindir}/ntpdate-sync silent" >> $D/var/spool/cron/root + fi +} + -- cgit 1.2.3-korg