* Sun Mar 24 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.2.2a-2.sme

- first build for el8/SME11
This commit is contained in:
Jean-Philippe Pialasse 2024-03-24 16:45:43 -04:00
parent 7764ac38ac
commit 0622d6d5e3
8 changed files with 501 additions and 57 deletions

View File

@ -1,8 +1,8 @@
NAME := ${REPO_NAME} NAME := ntpsec
SPECFILE = $(firstword $(wildcard *.spec)) SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$$$d/Makefile.common ] ; then if [ -f $$$$d/CVS/Root -a -w $$$$d/Makefile.common ] ; then cd $$$$d ; cvs -Q update ; fi ; echo "$$$$d/Makefile.common" ; break ; fi ; done for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef endef
MAKEFILE_COMMON := $(shell $(find-makefile-common)) MAKEFILE_COMMON := $(shell $(find-makefile-common))

View File

@ -1,55 +0,0 @@
%define name ${REPO_NAME}
%define version 1.0
%define release 1
Summary: This is what ${REPO_NAME} does.
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
Source: %{name}-%{version}.tar.gz
License: GNU GPL version 2
Group: SMEserver/addon
BuildRoot: %{_tmppath}/%{name}-buildroot
Prefix: %{_prefix}
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires: e-smith-release >= 10.0
AutoReqProv: no
%description
${REPO_DESCRIPTION}
%changelog
* Day MMMM DD YYYY <brianr@koozali.org> 1.0-1.sme
- Initial code - create RPM [SME:99999]
%prep
%setup -q
%build
perl createlinks
%install
rm -rf $$RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $$RPM_BUILD_ROOT)
rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $$RPM_BUILD_ROOT \
> %{name}-%{version}-filelist
#echo "%doc COPYING" >> %{name}-%{version}-filelist
#--dir <dir> 'attr(755,user,grp)' \
#--file <file> 'attr(755,root,root)' \
%clean
cd ..
rm -rf %{name}-%{version}
%pre
%preun
%post
%postun
#uninstall
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)

21
ntp.conf Normal file
View File

@ -0,0 +1,21 @@
# For more information about this file, see the ntp.conf(5) man page.
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (https://www.pool.ntp.org/join.html).
pool 2.VENDORZONE.pool.ntp.org iburst
# Reduce the maximum number of servers used from the pool.
tos maxclock 5
# Record the frequency of the system clock.
driftfile VARNTP/drift
# Disable configuration and monitoring access by default.
restrict default nomodify noquery
# Enable all access for localhost.
restrict 127.0.0.1
restrict ::1
# Enable writing of statistics records.
#statistics clockstats cryptostats loopstats peerstats

BIN
ntpsec-1.2.2a.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

16
ntpsec-1.2.2a.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE5XI10idkEp+k8vTRf1JgjtDknXYFAmTLLB0ACgkQf1JgjtDk
nXYjaQ//TbtOrQjqcLH41mj1odw4BmXx1Ryns7mrgYBrP76lpAHKucJx2Pm/8pp0
MMuuF2UZ4jQesKK8mUYbFub4JIjF9BQxczbptt7YSYGROJFFbHKP6TktxBQbfpEs
whkk/RrMouid88FZRkbASlWDjzBEHLl0IibJRYkyd4jE2EgPne482IFGTqK47GWt
figGpGSQ0GKRKhj6MqoHUXkpi6G1TNVxLQNvo477rV7INXW9LDgPEE97Tj0pQzGB
BVS5t87HHeG8rdwV8+90mT3dfwNBvxgt4pycPet/HHhAbZsmyl8F2dhiXHPF/4ol
ZYlFsS+9NUo7qUSgpuZSmigiIDvsMk7quG4OYkfpCob3WHgzwOS48o5idDorSe1o
dApFDaU3MEE5gab9v77Lv7R8Q6ksCcqMcMZNnT2hyJ4Mss7lvL8q2Ma3TXx0QJ9A
iaRunLGP1hI9cJCFe226gm2Ur4Bejn5sd/QbrP9uOxtW2jvjnNnIYLRuDp2ewZhP
DbKQj9+UgcE1nXWiUcEXhVkb4FfvWqpfIKH67BakRcl7vK0w7qskb1acAuHaiFgX
H/Qg9tR3imB0ALkNH+SFjOdPh0rL14+tbP7k0+bpD0K97WMt53rvddOuYxQ+1e2a
N+Kq7koCnB+rDyNeIdkvVg9D7gL7qmjZ5BGaNV1/2BT0NKmp/Yg=
=LLcg
-----END PGP SIGNATURE-----

36
ntpsec-weakkeys.patch Normal file
View File

@ -0,0 +1,36 @@
diff -up ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys ntpsec-1.2.1/libntp/authreadkeys.c
--- ntpsec-1.2.1/libntp/authreadkeys.c.weakkeys 2021-06-07 06:03:11.000000000 +0200
+++ ntpsec-1.2.1/libntp/authreadkeys.c 2021-06-17 12:19:41.555693047 +0200
@@ -249,6 +249,7 @@ authreadkeys(
char namebuf[NAMEBUFSIZE];
size_t len;
int keys = 0;
+ char * hashchr = NULL;
/*
* Open file. Complain and return if it can't be opened.
@@ -348,7 +349,7 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
continue;
}
-
+ hashchr = strchr(line, '#');
/*
* Finally, get key and insert it.
@@ -364,6 +365,15 @@ msyslog(LOG_ERR, "AUTH: authreadkeys: re
}
len = strlen(token);
if (len <= 20) { /* Bug 2537 */
+ /* Detect weak keys generated by ntpkeygen
+ (CVE-2021-22212). False positives are possible. */
+ if (token + len == hashchr) {
+ msyslog(LOG_ERR,
+ "AUTH: authreadkeys: key %u is followed by '#' (CVE-2021-22212)",
+ keyno);
+ exit(1);
+ }
+
len = check_key_length(keyno, type, name, upcased, len);
check_mac_length(keyno, type, name, upcased);
auth_setkey(keyno, type, name, (uint8_t *)token, len);

134
ntpsec.gpg.pub.asc Normal file
View File

@ -0,0 +1,134 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFcPDLMBEACenOnM3H3AGmqlVD2PUW8mH4SmtkPFyCDg4UiWu7TQCO86W7ha
3H4tA77UpEpbfoCh3RrScgEDhQpFpjfKjxq3pg+nbPZlfId3dWsk01QeyE/JYL7A
eUmDsR2trjnhVqjXAHHzEi2G7Mvf/xfuwvJaFN9f7l0rpm3kypuE1hsEByo4qydj
vXkL3MEp08j3Id+fQK3sJZCfj7wyvjE6URC8UJYxMkf/lrxBWpiDTAfTrrYGofdu
B+DywyH39Bh9vVGm+B5xLIuEkcBVE6etqzzhApB7GZsnEaJrlxqvtAf2egQk75Vg
cYuLX9xR4I58Sve5ztAahO6FoquETMlOtFx8pEbAARWmCnO9OyQU8tJDpsDnIBSS
ocDggJ5oKaNqd8rKgzKFk+qNXQnTpzyI4QKnHu48AKOdeJ+3Wsuhq4Nm/foSLxe3
16e2CVSVRmiHdAr71tZZPTiSfsDWRPppnVnP1zUEUwhZjcHOOxB5hz+Z/YA5GIMl
kvXdLLvOhgsPyvnaAsgM0jw8z2ugc9TdhxEchBnP1sw6nZKZ72a9HPSReashrBiD
VTDM2yjHPP+0i6Cgl6iZLKTbl4pcLVj4uDgQIG+PNBfUPjW4CJjrFv7sBevRRSHi
SyODtvZzxnqCpRFG2cGkY6OQEdhZwEJIKHXjOkxZ0WOwh3k3OnS2pwKbIwARAQAB
tC9OVFBzZWMgU2VjdXJpdHkgUmVwb3J0aW5nIDxzZWN1cml0eUBudHBzZWMub3Jn
PokCVgQTAQgAQAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAFiEE2j/fd0zH
D6ZHKexFBdmzcUd8dSgFAl9757wFCRs43gkACgkQBdmzcUd8dSjJRBAAnpoiqeT/
D64HUOEPAlc5apNgMnGt6PFRWIrUTN9v2cXeDJWQ7DCIdlqV0rhHwRT3WL6aZY5i
igu1FTun8bsV9hSCCQ7BveTIZFAMg+4bsjDBANNvteT/329Am1cSrlGzK6U5HVHU
nNZhP2PrVsqg9OVIF/u3lkO8AJjYBvp8Jlvvbl2MOcojAR7DqTslmCZaacjA9zuI
JJ6L+V56KU+l9xvO6A8XOoi8xPdxS11seZiMRODuKYC4AAdkBmcNKZVuOWqTQfxn
txEkaI5Q3t+kivkZiclqYVojkVCm77IQI3+23w1YikW1EJJ6lf9MNzrq9DMG0A4B
hopZ8mslazvOBMydq9wtpbXL7bZV3+a9wV+KQdIQhb0go7DaSfOxzW/+QyTL8dCd
khmip4o/eOLuteoIBODHZE84vBU8zCZACbgjE4nSGNIit091PBN91izhWUvBD7FX
tra69i4JoRW2sV3KZy1zsBMJ+ptULtfHD1A46Ss8fEYaRgZASXvmSrpH0hL8uA2O
OxcHb5Vo8+O4Ofx47SrD7Lf06cw/pIfd5acQ/Td3pJj8SxYECqVtjOIuusOVawEx
MXtaSMTQagoGmc16O7yvASibnArQxKbX6LACzEV5o3V12ZS3HT6yVSU3MN3xgsdb
pA7O1bPEwz4zsQIhI+DvHBVlvDD0yikTWluJAj8EEwEIACkFAlcPDLMCGwMFCQWj
moAHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRAF2bNxR3x1KCISEACHp8Ut
Rx2ZRQ3KyBQnNF6k+RD4T9k4dQPomve8P3rWKEY373Q7jMAFp+UGerNgTIyGpus0
UKzswrLyeSOT3lvA5nU66r95IPqpWeYBy4o1lgSDq/xdAINkRozw2CpzsUdg+APU
WbiddKfqlcDaHOfyWT9Vo83YLX+o1FZkWE5+7Y2hIfiI5cuLYpRhCoOGVJlSHBOR
0ihIlF9n1PACo+dd6q4++Kyw47I+OCGx2qxuWS25CrxWEupjSivQvw8DuD9VWQMa
03sUKUUQ9MSDrt+soAUYrsShttAfy6UKTIY+inDA+e6b150qzJZ4PbMsChNAHhUA
76lHqO1mrAISNi+vbMnXOshGQrs70svbgxYibHi636eyn1yivQND8nadVPbQQwPX
6plKbqup4XVntT7idH5ZA99Ny7WXpRzbJ0yL/Jc1YRrZ1t5QeNYrhLld/IjN1rsp
MS0OlQeIGMvidhCR8DEsDjQJ405QAwgwiAaum5DBiiQ12U8eAqgpF89OVca+Q3bt
15mCNUkBF4fj7hJwbKRtqmHBi8b6I3x+dXqcl0hma6M+n7wc9sbN/fR/m0OHSV/U
66ywRKu47199p3Yj0etSP39tgWxiUdhvx0tdbOeGA1RygXNjLTsTOa5EBHuKetWW
4WAOgM2uYqgotTAUNjalFZbkz2AM94hMQWGrqokCHAQQAQgABgUCVw8NmgAKCRBz
IpFyYszB5d+2EACbTkI7XkF7wBI7pzEf8avOhwg0qKA3slX7oYqrnkaaCSMISllF
m7U2tPTOJJQOtno4NfmURcvdMg3ozyYUeeBj+yUEYhM5PGm9j47pzcCkf8/2R9Mp
Z4oOCo9pKOuoWATG2wVMZEGh5aNs3Sq/f11ao9RSYEv1pxgy8dFBUQ+43v7WBImC
WyU/jHWmPqewLOADzESZRriMGfaSXs1BbCfggmiV+EHe1RhbXCzdPDCIQugDTg+Z
9kHrn44TTKXJJ3Fhord+klIwO06iR7poz8EO4ZiDqK1t2QBwtVAsUPd/RbO0lSuG
QJ0OYDHF/6W3DJn1leGZ+4ozDWmrQEObt8ciVOYf+qPws/4qEdsw5E2r3ZsofBYC
j4zqqJntZm4+3d98zpLIbZ/KdUAKPuDLZzxPbcvPXDM5RNUvFnnEjz6NJMcRP2CS
UBxugndmqGQm5xXZ8DBNcfH73WtHyWedlxUaS/uY4VzvW+nA5OJLV/BvDzKTwdq4
T4IrGX2Fevg/Sl8PUWHeUlNyFMBa6c3gB90MjkznQFwPTX9WsEXkAIYSJSEdg+aH
nhGiQXAuETTqaEEiW76jtS6l8cJ5aFNXQa4GW5cZckJTlUHvkv8RTrTW8BUjgeAq
azzQbTYDnhwEJms1pPASHPF4LXpmauffJ4qcKAsPTIfYSFptMMxRxn2JKokCHAQQ
AQgABgUCVw8OCwAKCRAqfD42zCgtvsLKD/9ssv6W4gj9O5DZf+ISfo+7AdrwmjN8
ppvhy/699I3duGevKKQS7UEHY+Sjmf9YVWRzI1AGvJsjUsb/Btfa8zNijtP3PH6v
eTtlFOVeNP6OAjcUVgePBgHgMqu17m+EGGReH7a8ruBl7Z6wzIU60qHX27hPbZHm
12W6X+EF7/+QevVurVdVYG3gzFM7J7Zbh05RWq0JUVimRk5zadrHRam+5yxPGsx1
Hf5lzR2XIRoFxNzBh8eN9ilpbQ37GidTEyD4fOt3MKIEBGr1pFBnFc+ivxBsAMAI
7a2bkku1v15d84zyjEAAgE17/AmYtqH2EIzMZ7I8a/sOIdLfaULT8uxr73yivC7Y
nGMPamL4KMmo0XHj/TjXop4nWIP4rma8G+yPYlk8PMpEHVyQZLcG1mtFmQKMtWSe
jiZfVNtcYzAVbrC1t0wF9b5x8VfJACVwV8JkGV8CwfabqEzouIq1dh9Sm793bwG4
LKd+W0DP5+QSYacpCEkgPeq4jVVZ+SEN+bCstEJwxW1WJ1p3rIBIGESpX+NKFAGl
Hl8i1fhrJ1foZr9Gx4L94GKrU4zgmB457I/t1k9iRpYVDfICgY5sy6ZHcrkhLiOZ
hr199QWHv33Bd7u3Y5pqoLamA3bjPZEJk82p7ywMas0z4sg2kdzol7iC5OjBjySv
gRFclkrSfKK9VrkCDQRXDwyzARAA0XTbXJBhJMaAOFvPWaw+dThy4RDlvV3hHiNJ
9uIIROYnmiu4W6t+jrZsJ3WWdJqNggY+XLnwVyRXWbmFXf8qViStoBfs62cDzmYn
dsfnl5ZcRdqrHJ+ErdblYU1Sc2WdnfoJQY49VaSLNJMDvU9gRdC9dVdI9Z2YR+m7
RNXNZbqtxdDMgMFZYBq3jdWNkutpQA9PKwco4qGpQdsWLpyGXZRHF6iz63WRWhAe
YhLftUvoTXCISN+WTSuT4tC0pDfDfcdX7ber5icVg7Uh4aizFTenS4jlsbkE1I93
oZCaPN3t8gah+iiCkIRVYpd0jy6RpZXIHLvRrgmdpZZ59Bkg3Xi4WtggJ5jg0wc8
csC545M0wXlgktQN8w9RibR0woJoPUkh/dWiyXU/eEsQ84G1iMBHUGBDJ9g/vu/d
nqhRiu/A+jx2JbeYuxvR1MmL6WXJmQ8eHdJvnUQiS9nRqb8xQeSxoZlrBNw1QULk
11fFMy0h3adOX3KXbnqZsPUvCkt5P3UyEJSQ4lnN5K/Acbd/5toENeB2kq1hLdJk
HthrblnfkNtefY1fPHKtp56UqsuUcaLUpvLijUntR4PSwAbhDNKXKdLJroSNV0Wr
rOH1Rn64apQlrPw0ZwUdIdjXQFCxdMsagL2TgwuULmYjQUP/noX0c4bmglqmcKel
KrROdCEAEQEAAYkCNgQYAQgAIAIbDBYhBNo/33dMxw+mRynsRQXZs3FHfHUoBQJf
e+dGAAoJEAXZs3FHfHUoEq8P/35SlCVQIwWv9x7Bg3rpJR1WO5VDX//+UWWP5i2+
fF8LGgkwNNno63VSSsJmla8A6IAT5pAisixCJuXJrQ2RWUiVgCOvUIOgczQFuv83
T+mnbFh6Y9Ic9Ag4p5sLRDiwofceB+lNIOlmjAdg1KhFbBEczyRWqho5khfKSsxM
OtJ1LhcGwEhWF3DeHjJgGdb1SuAwpxiLpa/DgASLYXhEFfayYxlT4la+SkpGJXzK
gEZ7vc5GB0FKAD0/Jz9Yq1fBoR0j6pyEhqa4p1okUTP8YxsNHmw9gUcwLqs44JS/
AhTJ1pghdha0m3h4pUV7k1LpqXbCqKPl+edwNLotN9I7WlfcEJuBAudP46f9mq29
N0cp3ATUmuZsioPkr+u+LDK7uSylAJaJ3wG+RSGjTiV4N/AlN6W4syT8PAT/cfjW
sdboKD0Df8lVx/PUHsmeLc1vfNoawo7KwjNVaksBiXvGrXgMhTs3Koub5rMpyMB8
OXsFGPwho62yr6euMW1zrxmlobaR5Fv3QWmANTk6HpqVmKLEDy1xDsp54sw9sQqx
lRrxt4NqZeaCZuuBwyn+pu5icIo01rguWU2P3r8WEbgbWh+JgGHvowTQEVz7jJVg
yTduFzQLtAuskrz81gZ0Tmy8PnD2D2JRylXSmDwKeShFeV6r1eWBjmk25LlnpQ40
TR4EmQINBF977m0BEAC8mpXeJ4uuAXsNOaunJVk6bP0D+P4SazaxTVTu6p3c68LN
4F2zaxeVuagmf5Yk8u42EwwKfuhoaqX79n/hZYKRoZLsm1S6l+0jJFLVoUkUegXl
oUdifxFSSXzZB2f06xVVDb7HS9KMdxL/26i9X893hwsNuOqRP3e5kFZFQSXbLuYn
pFPrXhb/PVoJyEqb/iIvYsMgNMbKEN3bn6NBdq5FLy7T0Rr2v9U9yOqrWDvxMk1b
WhmhoPeMkVOI6YBXckb3T4l7CH2I7N3PHBegv5m5zQ2zblSKrCzbKMe9mZ4yejXI
u7tNA9ZRXPt+aLaaOC7pFZ+/skBqKVMn3y8X3dR7J6NulPxTP2sHpPYZ4RXuv0E4
6WLgeoh08c4+VIyo5SCUoYJC1Sa6Fb/w7L48ZvkKACABrK+HZuaFNjn6ECWVpXqw
aYfTMItm70MY9wcxzw70ugnUOja+YVrQv/qyBWtRgMKTIs+wz7EEpIepqe3C2WBq
VJbTNXsGCi7O4KjKPyYbEGbTyh3BhyZA0btwvxqStlszrXXWkLInodfUt5DmVrqt
qFKO8DQ0fTVhFTBxZ0nDpinSbNWjCx0FIm9fVf3QYT+dmirXbyqAGgvchpx67ar2
Fzr71+jVdV1N57WGepteIeHhhT1XwuS0G5PMF1/yRbl3b8JsaQeoOKi9Us9aSwAR
AQABtC9OVFBzZWMgU2VjdXJpdHkgUmVwb3J0aW5nIDxzZWN1cml0eUBudHBzZWMu
b3JnPokCUwQTAQoAPhYhBOVyNdInZBKfpPL00X9SYI7Q5J12BQJfe+5tAhsDBQkJ
ZgGABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEH9SYI7Q5J12L9cP+PuM4Dgr
dizgNupWj7/szlv4FKeq10MNu1wM9+XByzp4OEnkgvJK5qm9O+/AvkwIsmh5G1qQ
OnbvrhhNlUWzlBJ9McubUQYXQBUPiwS82QavGKhDW99IlV856+qpPhN30oQsqC0o
U00V+NT7rQ9BU0CTgTfgdJ3CktIzjoQpUwXK8PwL3hd6cs7Z7n709RNrcP0omWHf
CHc6FAHy5gH7p+vL+4raziuXS8ScKh2bY11NA0GhJ240ryRXKd1znv1wUdv9AwwG
lfiqWtq8r1YQNKIik2slrkD8aIze0rw6JgKskc0vFpDV9iHkfw1pD3sX1W9TRID9
nWqT9PLaVYDvInN4T+mPEnp4jFgp7B4mmr138GGtJFyTyzgcpvJv0oDsRxshBkEF
MF3YYn5f6ZX3OZBlzclUH9yoNEnAn+GjaeZTW4V0qwjmnZD5g0OpVP1ljrxWlhAE
v6D5yj7RIhg7Xdau/hlYZ83onRYT3isO5QDK9SGIKT2B2cclBzEuBhRXCxnF5uzL
+ilpxUWx/0Xi8kOd1QBbfXMVCDkGSKIZQ1MatGFYQ7uGNnTNdbShTW15uXOmliC0
kAchHHMT9rQ7i8tTe+ChgmRZ2pOdB77LyegHJ6Vp0FEH0ri4Qec2Qm6rV/nqaWTS
GBFMncN0nu9LDJZS/S5Fdn1909Ze9sJM8YK5Ag0EX3vubQEQANseMvfX3Bxqdp2r
BQOm4Pq8jYiRqlrUi8obgKwA6VC5IuyK+xyXd5O7Grq08DHMug1hxVsyBblTFe6m
mmlZWrCX91441golgCGsgmGK52y37XOXEk5K7I9kHako+8xbFB4pwJqGICqTCu03
XJsCHNrLYWB1x36FEEC80B5Riusp++i4sQPa5Bl1p+z5C8LNme0OLbDtRRNpNXDN
q2r0GczT8uNIW5bTqXGqnv/MHnfQvcUHlapjVbsOMFFtbdrGyGPvKnwhjYg7xeeW
IZ1id4uIfZrpm567Pailaf+bRkUVfY6tsoody/S8/4pY+XVr5DX+2Wd5rK9EGSj8
CEy1JBTXKJ5AJa9sq2PGTzyXwA9/CgUhRRkqjyK7k1nqT6n/mD/uz2jMZIeodRes
xl3BChnp3rs+zxb0I5kI6Kpu0zcjrMf/qA6eJciBmv9XlQwE9xG8tkzI1HB7rtds
PFVYAP5byM387l/bX+Uev+RSSa8ZUI5HcNkiXY0MuljsTEok4f8Vl6cWjrXcZVJj
+Grgo6x0pcRMwJAOODWZxlHAxelt9x3nKDdfO/pmRYx1/sx5MtgJs0Zht+xevksa
vypPitSKjwGoDylvkGLc+d3+iKv6yrT4Nil6uxnSIsHhWW3GG4xWyDiy3vzwnlDj
RnD3rZv8ntfhkq4JvaGdHpJD71tdABEBAAGJAjwEGAEKACYWIQTlcjXSJ2QSn6Ty
9NF/UmCO0OSddgUCX3vubQIbDAUJCWYBgAAKCRB/UmCO0OSddleREACpajO7uKng
tyYE+laputykGlYeReE0Hih4hL9om6hmkiYN1GSWP1i1g7Ce71pEZfT7Sm+O3xl2
IU/GMUZz5etQk9wGgPKkRA5fEwq1KRJ1sXNBzSNKt8bvYa05BODWz4mAFsQYIiEZ
RNMvvsSwg3O/cvDk6xH0Yp9fIZcMG2nbk+ktQlkd7SYwSbrvpenmv90b9diW4LUn
zLBH6DmRdL+28PXUnbuZ4gbko8+8p8kU/ITNAh9dgTmiGDc8IiGmxPiSir2bnJiz
k9mXyHub7yipMbgvRBra+oQMIibSk9SQA4qNNUiDGdYPRKZKL3yNyOTsb4F+qpql
m2/HHqVXH9vcFYAFDjUkKXPikfoQGMvWf1v4Db9eNMKHS45Q2UgFTXNC0C+rwXxZ
ouzdruGeBE5p733wBo3f8yNFabifPZr7nfvdb/+Z+TLMGRGXyH1hjR3eLjUjuF9p
uIbfcoKjKgxsYDx/f74WKarH5qTZsbVzFoQHtCSKCKdMGS2JgzAr9pU3FSRjnTSO
pRFr64n6/qGZ+0e0OjIAzgpDI9vDw8z2p20FNUlvLqfI4IaPrnpu9+msJLneC/Hz
RlJoPBgR/KzCo65yKT0DBBWw/w1fMD0GidwJRnHy5EvF8oha6SaOQ/EhL7rT01lF
+z7an3UhBdX8UAhjgSOt3rzVZiNxyp5N0w==
=9YTT
-----END PGP PUBLIC KEY BLOCK-----

289
ntpsec.spec Normal file
View File

@ -0,0 +1,289 @@
Name: ntpsec
Version: 1.2.2a
Release: 2%{?dist}
Summary: NTP daemon and utilities
# Primary license: MIT (NTP variant)
# attic/ntpdate: BSD
# include/{ascii,binio,ieee754io}.h: BSD
# include/{ntp_assert,isc_*.h}: ISC
# include/mbg_gps166.h: BSD
# include/ntp_{debug,endian,filegen}.h: BSD
# include/nts*.h: BSD
# include/parse*.h: BSD
# include/trimble.h: BSD
# libaes_siv: ASL 2.0
# libntp/emalloc.c: ISC
# libntp/ntp_{c,endian,random}.c: BSD
# libntp/pymodule*: BSD
# libntp/python_compatibility.h: BSD
# libntp/strl_obsd.c: ISC
# libparse: BSD
# ntpclients: BSD
# ntpd/ntp_config.c: BSD
# ntpd/ntp_dns.c: BSD
# ntpd/ntp_filegen.c: BSD
# ntpd/ntp_parser.y: BSD
# ntpd/ntp_sandbox.c: BSD
# ntpd/ntp_scanner.*: BSD
# ntpd/nts*.c: BSD
# ntpd/refclock_generic.c: BSD
# ntpd/refclock_jjy.c: BSD
# ntpd/refclock_oncore.c: Beerware (public domain)
# ntpd/refclock_trimble.c: BSD with advertising
# ntpfrob: BSD
# pylib: BSD
License: MIT and BSD and BSD with advertising and ISC and ASL 2.0
URL: https://www.ntpsec.org/
Source0: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz
Source1: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz.asc
Source2: https://ftp.ntpsec.org/pub/releases/ntpsec.gpg.pub.asc
Source3: ntp.conf
# Detect weak keys generated by ntpkeygen (CVE-2021-22212)
Patch1: ntpsec-weakkeys.patch
BuildRequires: bison
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: libbsd-devel
BuildRequires: libcap-devel
BuildRequires: m4
BuildRequires: openssl-devel
BuildRequires: pps-tools-devel
BuildRequires: python3-devel
BuildRequires: rubygem-asciidoctor
BuildRequires: systemd
BuildRequires: waf
Requires(pre): shadow-utils
%{?systemd_requires}
Conflicts: ntp ntp-perl ntpdate
Obsoletes: ntp < 4.2.10 ntp-perl < 4.2.10 ntp-doc < 4.2.10 ntpdate < 4.2.10 sntp < 4.2.10
# Set pool.ntp.org vendor zone for default configuration
%if 0%{!?vendorzone:1}
%global vendorzone %(source /etc/os-release && echo ${ID}.)
%endif
# Private library
%global __provides_exclude ^libntpc\\.so.*$
%global __requires_exclude ^libntpc\\.so.*$
%description
NTPsec is a more secure and improved implementation of the Network Time
Protocol derived from the original NTP project.
%prep
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
%autosetup -p1
# Fix egg info to use a shorter version which will work as an rpm provide
sed -i 's|NTPSEC_VERSION_EXTENDED|NTPSEC_VERSION|' pylib/ntp-in.egg-info
# Modify compiled-in statsdir
sed -i 's|/var/NTP|%{_localstatedir}/log/ntpstats|' \
docs/includes/ntpd-body.adoc ntpd/ntp_util.c
%build
export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS"
waf configure \
--enable-debug \
--enable-debug-gdb \
--disable-doc \
--refclock=all \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--sysconfdir=%{_sysconfdir} \
--datadir=%{_datadir} \
--includedir=%{_includedir} \
--libdir=%{_libdir} \
--libexecdir=%{_libexecdir} \
--localstatedir=%{_localstatedir} \
--sharedstatedir=%{_sharedstatedir} \
--mandir=%{_mandir} \
;
waf build
%install
waf --destdir=%{buildroot} install
install -p -m755 attic/ntpdate %{buildroot}%{_sbindir}/ntpdate
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -p -m644 etc/logrotate-config.ntpd \
%{buildroot}%{_sysconfdir}/logrotate.d/ntpsec.conf
rm -rf %{buildroot}%{_docdir}
rm %{buildroot}%{_bindir}/runtests
pushd %{buildroot}
sed -e 's|VENDORZONE\.|%{vendorzone}|' \
-e 's|VARNTP|%{_localstatedir}/lib/ntp|' \
< %{SOURCE3} > .%{_sysconfdir}/ntp.conf
touch -r %{SOURCE3} .%{_sysconfdir}/ntp.conf
for f in .%{_bindir}/*; do
head -c 30 "$f" | grep -q python || continue
%py3_shebang_fix "$f"
done
# Move ntpq to sbin for better compatibility with ntp package
mv .%{_bindir}/ntpq .%{_sbindir}/ntpq
mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats}
touch .%{_localstatedir}/lib/ntp/ntp.drift
mkdir -p .%{_prefix}/lib/systemd/ntp-units.d
echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list
popd
%check
waf check
%pre
# UID/GID inherited from the ntp package
/usr/sbin/groupadd -g 38 ntp 2> /dev/null || :
/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r \
-d %{_localstatedir}/lib/ntp ntp 2>/dev/null || :
%post
%systemd_post ntpd.service ntp-wait.service
systemctl daemon-reload 2> /dev/null || :
%preun
%systemd_preun ntpd.service ntp-wait.service
%postun
%systemd_postun_with_restart ntpd.service
%global service_save_file /run/ntp-ntpsec.upgrade.services
%triggerprein -- ntp < 4.2.10
[ $1 = 0 ] || exit 0
# Save enabled ntp services and configuration (before our post)
for s in ntpd ntp-wait; do
systemctl is-enabled -q "$s".service 2> /dev/null &&
echo "$s" 2> /dev/null >> %{service_save_file}
done
rm -rf %{_sysconfdir}/ntp.ntpsec
cp -r --preserve=all %{_sysconfdir}/ntp %{_sysconfdir}/ntp.ntpsec 2> /dev/null
:
%triggerpostun -- ntp < 4.2.10
[ $2 = 0 ] || exit 0
# Restore the services and configuration from ntp (after its preun)
for s in ntpd ntp-wait; do
grep -q "^$s$" %{service_save_file} 2> /dev/null &&
systemctl enable -q "$s".service 2> /dev/null
done
rm -f %{service_save_file}
mv -f -T --backup=numbered %{_sysconfdir}/ntp.ntpsec %{_sysconfdir}/ntp
# Remove unsupported restrictions
sed -i.bak -E '/^restrict/s/no(e?peer|trap)//g' %{_sysconfdir}/ntp.conf
:
%files
%license LICENSES/*
%doc NEWS.adoc README.adoc
%config(noreplace) %{_sysconfdir}/ntp.conf
%dir %{_sysconfdir}/logrotate.d
%config(noreplace) %{_sysconfdir}/logrotate.d/ntpsec.conf
%{_bindir}/ntp*
%{_sbindir}/ntp*
%{_libdir}/libntpc.so*
%{_mandir}/man1/ntp*.1*
%{_mandir}/man5/ntp*.5*
%{_mandir}/man8/ntp*.8*
%{_unitdir}/ntp*.service
%{_unitdir}/ntp*.timer
%{_prefix}/lib/systemd/ntp-units.d/*ntpd.list
%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp
%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/ntp.drift
%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats
%{python3_sitearch}/ntp-*.egg-info
%{python3_sitearch}/ntp
%changelog
* Sun Mar 24 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.2.2a-2.sme
- first build for el8/SME11
* Thu Aug 03 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2a-1
- update to 1.2.2a (CVE-2023-4012)
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.2.2-3
- Rebuilt for Python 3.12
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 02 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2-1
- update to 1.2.2
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1.2.1-8
- Rebuilt for Python 3.11
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Sep 15 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-6
- fix building with OpenSSL-3.0
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-5
- Rebuilt with OpenSSL 3.0.0
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 17 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-3
- detect weak keys generated by ntpkeygen (#1955859)
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 1.2.1-2
- Rebuilt for Python 3.10
* Mon Jun 07 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-1
- update to 1.2.1 (CVE-2021-22212)
- enable refclock support (#1955859)
- add libbsd-devel to build requirements
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.2.0-8
- Rebuilt for Python 3.10
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.0-7
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 01 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-6
- change ntpdate defaults to follow classic ntpdate (#1917884)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-4
- include associd in ntpq readvar output (#1914901)
- fix ntpq crash in raw mode (#1914901)
* Wed Jan 06 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-3
- switch to flat default configuration
- save enabled services and configuration when replacing ntp
- move ntpdate and ntpq to /usr/sbin for better compatibility
- extend ntp conflicts and obsoletes
* Tue Dec 01 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-2
- address issues found in package review (#1896368)
* Tue Nov 10 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-1
- package ntpsec