diff options
author | Alex Kiernan <alex.kiernan@gmail.com> | 2021-11-03 12:10:16 +0000 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2021-11-04 07:43:14 -0700 |
commit | 57776d013ab6f74439a6963536421b81635d783c (patch) | |
tree | 20e15a7f492aad8151a5f98cf772c76ead206fe9 /meta-networking | |
parent | 611700b6a0dcdd15dcc586652918bffb7233b761 (diff) | |
download | meta-openembedded-contrib-57776d013ab6f74439a6963536421b81635d783c.tar.gz |
ntpsec: Add recipe
NTPsec, "a secure, hardened, and improved implementation of Network Time
Protocol derived from NTP Classic, Dave Mills’s original."
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking')
3 files changed, 227 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch new file mode 100644 index 0000000000..825f6c93c3 --- /dev/null +++ b/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch @@ -0,0 +1,111 @@ +From ba368822d0a197cb84c46c911d40d0c52cf9c391 Mon Sep 17 00:00:00 2001 +From: Hal Murray <hmurray@megapathdsl.net> +Date: Sun, 2 May 2021 22:24:26 -0700 +Subject: [PATCH] Update to OpenSSL 3.0.0-alpha15 + +Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/ba368822d0a197cb84c46c911d40d0c52cf9c391] +Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> +Signed-off-by: Alex Kiernan <alexk@zuma.ai> +--- + attic/cmac-timing.c | 37 ++++++++++++++----------------------- + 1 file changed, 14 insertions(+), 23 deletions(-) + +diff --git a/attic/cmac-timing.c b/attic/cmac-timing.c +index c2088db63a4c..464daa76b9e6 100644 +--- a/attic/cmac-timing.c ++++ b/attic/cmac-timing.c +@@ -225,28 +225,14 @@ static void DoPKEY( + #if OPENSSL_VERSION_NUMBER > 0x20000000L + static size_t One_EVP_MAC( + EVP_MAC_CTX *ctx, /* context */ +- char *cipher, + uint8_t *key, /* key pointer */ + int keylength, /* key length */ + uint8_t *pkt, /* packet pointer */ + int pktlength /* packet length */ + ) { +- OSSL_PARAM params[3]; + size_t len = EVP_MAX_MD_SIZE; + +- params[0] = +- OSSL_PARAM_construct_utf8_string("cipher", cipher, 0); +- params[1] = +- OSSL_PARAM_construct_octet_string("key", key, keylength); +- params[2] = OSSL_PARAM_construct_end(); +- if (0 == EVP_MAC_CTX_set_params(ctx, params)) { +- unsigned long err = ERR_get_error(); +- char * str = ERR_error_string(err, NULL); +- printf("## Oops, EVP_MAC_CTX_set_params() failed: %s.\n", str); +- return 0; +- } +- +- if (0 == EVP_MAC_init(ctx)) { ++ if (0 == EVP_MAC_init(ctx, key, keylength, NULL)) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); + printf("## Oops, EVP_MAC_init() failed: %s.\n", str); +@@ -255,13 +241,13 @@ static size_t One_EVP_MAC( + if (0 == EVP_MAC_update(ctx, pkt, pktlength)) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); +- printf("## Oops, EVP_MAC_init() failed: %s.\n", str); ++ printf("## Oops, EVP_MAC_update() failed: %s.\n", str); + return 0; + } + if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); +- printf("## Oops, EVP_MAC_init() failed: %s.\n", str); ++ printf("## Oops, EVP_MAC_final() failed: %s.\n", str); + return 0; + } + return len; +@@ -290,7 +276,7 @@ static void Do_EVP_MAC( + + clock_gettime(CLOCK_MONOTONIC, &start); + for (int i = 0; i < SAMPLESIZE; i++) { +- digestlength = One_EVP_MAC(evp, cbc, key, keylength, pkt, pktlength); ++ digestlength = One_EVP_MAC(evp, key, keylength, pkt, pktlength); + if (0 == digestlength) break; + } + clock_gettime(CLOCK_MONOTONIC, &stop); +@@ -305,26 +291,31 @@ static size_t One_EVP_MAC2( + uint8_t *pkt, /* packet pointer */ + int pktlength /* packet length */ + ) { ++ EVP_MAC_CTX *dup; + size_t len = EVP_MAX_MD_SIZE; + +- if (0 == EVP_MAC_init(ctx)) { ++ // dup = ctx; ++ dup = EVP_MAC_CTX_dup(ctx); ++ ++ if (0 == EVP_MAC_init(dup, NULL, 0, NULL)) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); + printf("## Oops, EVP_MAC_init() failed: %s.\n", str); + return 0; + } +- if (0 == EVP_MAC_update(ctx, pkt, pktlength)) { ++ if (0 == EVP_MAC_update(dup, pkt, pktlength)) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); +- printf("## Oops, EVP_MAC_init() failed: %s.\n", str); ++ printf("## Oops, EVP_MAC_update() failed: %s.\n", str); + return 0; + } +- if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) { ++ if (0 == EVP_MAC_final(dup, answer, &len, sizeof(answer))) { + unsigned long err = ERR_get_error(); + char * str = ERR_error_string(err, NULL); +- printf("## Oops, EVP_MAC_init() failed: %s.\n", str); ++ printf("## Oops, EVP_MAC_final() failed: %s.\n", str); + return 0; + } ++ EVP_MAC_CTX_free(dup); + return len; + } + +-- +2.33.0 + diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/volatiles.ntpsec b/meta-networking/recipes-support/ntpsec/ntpsec/volatiles.ntpsec new file mode 100644 index 0000000000..b5f93568cd --- /dev/null +++ b/meta-networking/recipes-support/ntpsec/ntpsec/volatiles.ntpsec @@ -0,0 +1,3 @@ +d ntp ntp 0755 @NTP_USER_HOME@ none +d ntp ntp 0755 /var/log/ntpstats none +f ntp ntp 0644 /var/log/ntpd.log none diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb new file mode 100644 index 0000000000..1e075b0971 --- /dev/null +++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb @@ -0,0 +1,113 @@ +SUMMARY = "The Network Time Protocol suite, refactored" +HOMEPAGE = "https://www.ntpsec.org/" + +LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT" +LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=0520591566b6ed3a9ced8b15b4d4abf9 \ + file://libjsmn/LICENSE;md5=38118982429881235de8adf478a8e75d \ + file://docs/copyright.adoc;md5=9a1e3fce4b630078cb67ba2b619d2b13 \ + file://libaes_siv/COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57" + +DEPENDS += "bison-native \ + openssl \ + python3" + +SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \ + file://0001-Update-to-OpenSSL-3.0.0-alpha15.patch \ + file://volatiles.ntpsec" + +SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a" + +inherit pkgconfig python3-dir python3targetconfig systemd update-alternatives update-rc.d useradd waf + +PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'seccomp systemd', d)} \ + cap \ + leap-smear \ + mdns \ + mssntp \ + nts \ + refclocks" +PACKAGECONFIG[cap] = ",,libcap" +PACKAGECONFIG[leap-smear] = "--enable-leap-smear" +PACKAGECONFIG[mdns] = ",,mdns" +PACKAGECONFIG[mssntp] = "--enable-mssntp" +PACKAGECONFIG[nts] = ",--disable-nts" +PACKAGECONFIG[refclocks] = "--refclock=all,,pps-tools" +PACKAGECONFIG[seccomp] = "--enable-seccomp,,libseccomp" +PACKAGECONFIG[systemd] = ",,systemd" + +CC[unexport] = "1" +CFLAGS[unexport] = "1" +LDFLAGS[unexport] = "1" + +export PYTHON_VERSION = "${PYTHON_BASEVERSION}" +export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}" +export pyext_PATTERN = "%s.so" +export PYTHON_LDFLAGS = "-lpthread -ldl" + +CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}" + +EXTRA_OECONF = "--cross-compiler='${CC}' \ + --cross-cflags='${CFLAGS}' \ + --cross-ldflags='${LDFLAGS}' \ + --pyshebang=${bindir}/python3 \ + --pythondir=${PYTHON_SITEPACKAGES_DIR} \ + --pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \ + --enable-debug \ + --enable-debug-gdb \ + --enable-early-droproot" + +EXTRA_OEWAF_BUILD ?= "-v" + +NTP_USER_HOME ?= "/var/lib/ntp" + +do_install:append() { + install -d ${D}${sysconfdir}/init.d + install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d + cp -r ${S}/etc/ntp.d ${D}${sysconfdir} + + sed -e 's:@NTP_USER_HOME@:${NTP_USER_HOME}:g' ${WORKDIR}/volatiles.ntpsec >${T}/volatiles.ntpsec + if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then + cp ${B}/main/etc/* ${D}${systemd_system_unitdir} + awk '{print $1, $5, $4, $2, $3, "-"}' ${T}/volatiles.ntpsec >${T}/tmpfiles.ntpsec + install -D -m 0644 ${T}/tmpfiles.ntpsec ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf + else + install -D -m 0644 ${T}/volatiles.ntpsec ${D}${sysconfdir}/default/volatiles/99_${BPN} + fi +} + +PACKAGE_BEFORE_PN = "${PN}-python ${PN}-utils ${PN}-viz" + +FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/ntpsec.conf" +FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR} \ + ${libdir}/libntpc.so.*" +FILES:${PN}-utils = "${bindir}/ntpdig \ + ${bindir}/ntpkeygen \ + ${bindir}/ntpleapfetch \ + ${bindir}/ntpmon \ + ${bindir}/ntpq \ + ${bindir}/ntpsnmpd \ + ${bindir}/ntpsweep \ + ${bindir}/ntptrace \ + ${bindir}/ntpwait" +FILES:${PN}-viz = "${bindir}/ntplogtemp \ + ${bindir}/ntpviz" + +RDEPENDS:${PN} += "libgcc" +RDEPENDS:${PN}-utils += "${PN}-python python3-core" +RDEPENDS:${PN}-viz += "gnuplot ${PN}-python python3-core python3-compression python3-ctypes python3-logging python3-shell" + +USERADD_PACKAGES = "${PN}" +USERADD_PARAM:${PN} = "--system --home-dir ${NTP_USER_HOME} \ + --no-create-home \ + --shell /bin/false --user-group ntp" + +INITSCRIPT_NAME = "ntpd" + +SYSTEMD_PACKAGES = "${PN} ${PN}-viz" +SYSTEMD_SERVICE:${PN} = "ntpd.service ntp-wait.service" +SYSTEMD_SERVICE:${PN}-viz = "ntplogtemp.service ntpviz-weekly.timer ntpviz-weekly.service ntpviz-daily.timer ntpviz-daily.service ntplogtemp.timer" + +ALTERNATIVE_PRIORITY = "80" + +ALTERNATIVE:${PN} = "ntpd" +ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd" |