ntpsec/ntpsec.spec

290 lines
9.0 KiB
RPMSpec

Name: ntpsec
Version: 1.2.2a
Release: 2%{?dist}
Summary: NTP daemon and utilities
# Primary license: MIT (NTP variant)
# attic/ntpdate: BSD
# include/{ascii,binio,ieee754io}.h: BSD
# include/{ntp_assert,isc_*.h}: ISC
# include/mbg_gps166.h: BSD
# include/ntp_{debug,endian,filegen}.h: BSD
# include/nts*.h: BSD
# include/parse*.h: BSD
# include/trimble.h: BSD
# libaes_siv: ASL 2.0
# libntp/emalloc.c: ISC
# libntp/ntp_{c,endian,random}.c: BSD
# libntp/pymodule*: BSD
# libntp/python_compatibility.h: BSD
# libntp/strl_obsd.c: ISC
# libparse: BSD
# ntpclients: BSD
# ntpd/ntp_config.c: BSD
# ntpd/ntp_dns.c: BSD
# ntpd/ntp_filegen.c: BSD
# ntpd/ntp_parser.y: BSD
# ntpd/ntp_sandbox.c: BSD
# ntpd/ntp_scanner.*: BSD
# ntpd/nts*.c: BSD
# ntpd/refclock_generic.c: BSD
# ntpd/refclock_jjy.c: BSD
# ntpd/refclock_oncore.c: Beerware (public domain)
# ntpd/refclock_trimble.c: BSD with advertising
# ntpfrob: BSD
# pylib: BSD
License: MIT and BSD and BSD with advertising and ISC and ASL 2.0
URL: https://www.ntpsec.org/
Source0: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz
Source1: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz.asc
Source2: https://ftp.ntpsec.org/pub/releases/ntpsec.gpg.pub.asc
Source3: ntp.conf
# Detect weak keys generated by ntpkeygen (CVE-2021-22212)
Patch1: ntpsec-weakkeys.patch
BuildRequires: bison
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: libbsd-devel
BuildRequires: libcap-devel
BuildRequires: m4
BuildRequires: openssl-devel
BuildRequires: pps-tools-devel
BuildRequires: python3-devel
BuildRequires: rubygem-asciidoctor
BuildRequires: systemd
BuildRequires: waf
Requires(pre): shadow-utils
%{?systemd_requires}
Conflicts: ntp ntp-perl ntpdate
Obsoletes: ntp < 4.2.10 ntp-perl < 4.2.10 ntp-doc < 4.2.10 ntpdate < 4.2.10 sntp < 4.2.10
# Set pool.ntp.org vendor zone for default configuration
%if 0%{!?vendorzone:1}
%global vendorzone %(source /etc/os-release && echo ${ID}.)
%endif
# Private library
%global __provides_exclude ^libntpc\\.so.*$
%global __requires_exclude ^libntpc\\.so.*$
%description
NTPsec is a more secure and improved implementation of the Network Time
Protocol derived from the original NTP project.
%prep
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
%autosetup -p1
# Fix egg info to use a shorter version which will work as an rpm provide
sed -i 's|NTPSEC_VERSION_EXTENDED|NTPSEC_VERSION|' pylib/ntp-in.egg-info
# Modify compiled-in statsdir
sed -i 's|/var/NTP|%{_localstatedir}/log/ntpstats|' \
docs/includes/ntpd-body.adoc ntpd/ntp_util.c
%build
export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS"
waf configure \
--enable-debug \
--enable-debug-gdb \
--disable-doc \
--refclock=all \
--prefix=%{_prefix} \
--exec-prefix=%{_exec_prefix} \
--bindir=%{_bindir} \
--sbindir=%{_sbindir} \
--sysconfdir=%{_sysconfdir} \
--datadir=%{_datadir} \
--includedir=%{_includedir} \
--libdir=%{_libdir} \
--libexecdir=%{_libexecdir} \
--localstatedir=%{_localstatedir} \
--sharedstatedir=%{_sharedstatedir} \
--mandir=%{_mandir} \
;
waf build
%install
waf --destdir=%{buildroot} install
install -p -m755 attic/ntpdate %{buildroot}%{_sbindir}/ntpdate
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -p -m644 etc/logrotate-config.ntpd \
%{buildroot}%{_sysconfdir}/logrotate.d/ntpsec.conf
rm -rf %{buildroot}%{_docdir}
rm %{buildroot}%{_bindir}/runtests
pushd %{buildroot}
sed -e 's|VENDORZONE\.|%{vendorzone}|' \
-e 's|VARNTP|%{_localstatedir}/lib/ntp|' \
< %{SOURCE3} > .%{_sysconfdir}/ntp.conf
touch -r %{SOURCE3} .%{_sysconfdir}/ntp.conf
for f in .%{_bindir}/*; do
head -c 30 "$f" | grep -q python || continue
%py3_shebang_fix "$f"
done
# Move ntpq to sbin for better compatibility with ntp package
mv .%{_bindir}/ntpq .%{_sbindir}/ntpq
mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats}
touch .%{_localstatedir}/lib/ntp/ntp.drift
mkdir -p .%{_prefix}/lib/systemd/ntp-units.d
echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list
popd
%check
waf check
%pre
# UID/GID inherited from the ntp package
/usr/sbin/groupadd -g 38 ntp 2> /dev/null || :
/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r \
-d %{_localstatedir}/lib/ntp ntp 2>/dev/null || :
%post
%systemd_post ntpd.service ntp-wait.service
systemctl daemon-reload 2> /dev/null || :
%preun
%systemd_preun ntpd.service ntp-wait.service
%postun
%systemd_postun_with_restart ntpd.service
%global service_save_file /run/ntp-ntpsec.upgrade.services
%triggerprein -- ntp < 4.2.10
[ $1 = 0 ] || exit 0
# Save enabled ntp services and configuration (before our post)
for s in ntpd ntp-wait; do
systemctl is-enabled -q "$s".service 2> /dev/null &&
echo "$s" 2> /dev/null >> %{service_save_file}
done
rm -rf %{_sysconfdir}/ntp.ntpsec
cp -r --preserve=all %{_sysconfdir}/ntp %{_sysconfdir}/ntp.ntpsec 2> /dev/null
:
%triggerpostun -- ntp < 4.2.10
[ $2 = 0 ] || exit 0
# Restore the services and configuration from ntp (after its preun)
for s in ntpd ntp-wait; do
grep -q "^$s$" %{service_save_file} 2> /dev/null &&
systemctl enable -q "$s".service 2> /dev/null
done
rm -f %{service_save_file}
mv -f -T --backup=numbered %{_sysconfdir}/ntp.ntpsec %{_sysconfdir}/ntp
# Remove unsupported restrictions
sed -i.bak -E '/^restrict/s/no(e?peer|trap)//g' %{_sysconfdir}/ntp.conf
:
%files
%license LICENSES/*
%doc NEWS.adoc README.adoc
%config(noreplace) %{_sysconfdir}/ntp.conf
%dir %{_sysconfdir}/logrotate.d
%config(noreplace) %{_sysconfdir}/logrotate.d/ntpsec.conf
%{_bindir}/ntp*
%{_sbindir}/ntp*
%{_libdir}/libntpc.so*
%{_mandir}/man1/ntp*.1*
%{_mandir}/man5/ntp*.5*
%{_mandir}/man8/ntp*.8*
%{_unitdir}/ntp*.service
%{_unitdir}/ntp*.timer
%{_prefix}/lib/systemd/ntp-units.d/*ntpd.list
%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp
%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/ntp.drift
%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats
%{python3_sitearch}/ntp-*.egg-info
%{python3_sitearch}/ntp
%changelog
* Sun Mar 24 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.2.2a-2.sme
- first build for el8/SME11
* Thu Aug 03 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2a-1
- update to 1.2.2a (CVE-2023-4012)
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.2.2-3
- Rebuilt for Python 3.12
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Jan 02 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2-1
- update to 1.2.2
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1.2.1-8
- Rebuilt for Python 3.11
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Sep 15 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-6
- fix building with OpenSSL-3.0
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-5
- Rebuilt with OpenSSL 3.0.0
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu Jun 17 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-3
- detect weak keys generated by ntpkeygen (#1955859)
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 1.2.1-2
- Rebuilt for Python 3.10
* Mon Jun 07 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-1
- update to 1.2.1 (CVE-2021-22212)
- enable refclock support (#1955859)
- add libbsd-devel to build requirements
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.2.0-8
- Rebuilt for Python 3.10
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.0-7
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Feb 01 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-6
- change ntpdate defaults to follow classic ntpdate (#1917884)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-4
- include associd in ntpq readvar output (#1914901)
- fix ntpq crash in raw mode (#1914901)
* Wed Jan 06 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-3
- switch to flat default configuration
- save enabled services and configuration when replacing ntp
- move ntpdate and ntpq to /usr/sbin for better compatibility
- extend ntp conflicts and obsoletes
* Tue Dec 01 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-2
- address issues found in package review (#1896368)
* Tue Nov 10 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-1
- package ntpsec