generated from smedev/Template-for-SMEServer-Core-Perl
290 lines
9.0 KiB
RPMSpec
290 lines
9.0 KiB
RPMSpec
Name: ntpsec
|
|
Version: 1.2.2a
|
|
Release: 2%{?dist}
|
|
Summary: NTP daemon and utilities
|
|
|
|
# Primary license: MIT (NTP variant)
|
|
# attic/ntpdate: BSD
|
|
# include/{ascii,binio,ieee754io}.h: BSD
|
|
# include/{ntp_assert,isc_*.h}: ISC
|
|
# include/mbg_gps166.h: BSD
|
|
# include/ntp_{debug,endian,filegen}.h: BSD
|
|
# include/nts*.h: BSD
|
|
# include/parse*.h: BSD
|
|
# include/trimble.h: BSD
|
|
# libaes_siv: ASL 2.0
|
|
# libntp/emalloc.c: ISC
|
|
# libntp/ntp_{c,endian,random}.c: BSD
|
|
# libntp/pymodule*: BSD
|
|
# libntp/python_compatibility.h: BSD
|
|
# libntp/strl_obsd.c: ISC
|
|
# libparse: BSD
|
|
# ntpclients: BSD
|
|
# ntpd/ntp_config.c: BSD
|
|
# ntpd/ntp_dns.c: BSD
|
|
# ntpd/ntp_filegen.c: BSD
|
|
# ntpd/ntp_parser.y: BSD
|
|
# ntpd/ntp_sandbox.c: BSD
|
|
# ntpd/ntp_scanner.*: BSD
|
|
# ntpd/nts*.c: BSD
|
|
# ntpd/refclock_generic.c: BSD
|
|
# ntpd/refclock_jjy.c: BSD
|
|
# ntpd/refclock_oncore.c: Beerware (public domain)
|
|
# ntpd/refclock_trimble.c: BSD with advertising
|
|
# ntpfrob: BSD
|
|
# pylib: BSD
|
|
License: MIT and BSD and BSD with advertising and ISC and ASL 2.0
|
|
URL: https://www.ntpsec.org/
|
|
Source0: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz
|
|
Source1: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz.asc
|
|
Source2: https://ftp.ntpsec.org/pub/releases/ntpsec.gpg.pub.asc
|
|
Source3: ntp.conf
|
|
|
|
# Detect weak keys generated by ntpkeygen (CVE-2021-22212)
|
|
Patch1: ntpsec-weakkeys.patch
|
|
|
|
BuildRequires: bison
|
|
BuildRequires: gcc
|
|
BuildRequires: gnupg2
|
|
BuildRequires: libbsd-devel
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: m4
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pps-tools-devel
|
|
BuildRequires: python3-devel
|
|
BuildRequires: rubygem-asciidoctor
|
|
BuildRequires: systemd
|
|
BuildRequires: waf
|
|
|
|
Requires(pre): shadow-utils
|
|
%{?systemd_requires}
|
|
|
|
Conflicts: ntp ntp-perl ntpdate
|
|
Obsoletes: ntp < 4.2.10 ntp-perl < 4.2.10 ntp-doc < 4.2.10 ntpdate < 4.2.10 sntp < 4.2.10
|
|
|
|
# Set pool.ntp.org vendor zone for default configuration
|
|
%if 0%{!?vendorzone:1}
|
|
%global vendorzone %(source /etc/os-release && echo ${ID}.)
|
|
%endif
|
|
|
|
# Private library
|
|
%global __provides_exclude ^libntpc\\.so.*$
|
|
%global __requires_exclude ^libntpc\\.so.*$
|
|
|
|
%description
|
|
NTPsec is a more secure and improved implementation of the Network Time
|
|
Protocol derived from the original NTP project.
|
|
|
|
%prep
|
|
%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0}
|
|
%autosetup -p1
|
|
|
|
# Fix egg info to use a shorter version which will work as an rpm provide
|
|
sed -i 's|NTPSEC_VERSION_EXTENDED|NTPSEC_VERSION|' pylib/ntp-in.egg-info
|
|
|
|
# Modify compiled-in statsdir
|
|
sed -i 's|/var/NTP|%{_localstatedir}/log/ntpstats|' \
|
|
docs/includes/ntpd-body.adoc ntpd/ntp_util.c
|
|
|
|
%build
|
|
export CFLAGS="$RPM_OPT_FLAGS"
|
|
export LDFLAGS="$RPM_LD_FLAGS"
|
|
|
|
waf configure \
|
|
--enable-debug \
|
|
--enable-debug-gdb \
|
|
--disable-doc \
|
|
--refclock=all \
|
|
--prefix=%{_prefix} \
|
|
--exec-prefix=%{_exec_prefix} \
|
|
--bindir=%{_bindir} \
|
|
--sbindir=%{_sbindir} \
|
|
--sysconfdir=%{_sysconfdir} \
|
|
--datadir=%{_datadir} \
|
|
--includedir=%{_includedir} \
|
|
--libdir=%{_libdir} \
|
|
--libexecdir=%{_libexecdir} \
|
|
--localstatedir=%{_localstatedir} \
|
|
--sharedstatedir=%{_sharedstatedir} \
|
|
--mandir=%{_mandir} \
|
|
;
|
|
|
|
waf build
|
|
|
|
%install
|
|
waf --destdir=%{buildroot} install
|
|
|
|
install -p -m755 attic/ntpdate %{buildroot}%{_sbindir}/ntpdate
|
|
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
|
install -p -m644 etc/logrotate-config.ntpd \
|
|
%{buildroot}%{_sysconfdir}/logrotate.d/ntpsec.conf
|
|
|
|
rm -rf %{buildroot}%{_docdir}
|
|
rm %{buildroot}%{_bindir}/runtests
|
|
|
|
pushd %{buildroot}
|
|
|
|
sed -e 's|VENDORZONE\.|%{vendorzone}|' \
|
|
-e 's|VARNTP|%{_localstatedir}/lib/ntp|' \
|
|
< %{SOURCE3} > .%{_sysconfdir}/ntp.conf
|
|
touch -r %{SOURCE3} .%{_sysconfdir}/ntp.conf
|
|
|
|
for f in .%{_bindir}/*; do
|
|
head -c 30 "$f" | grep -q python || continue
|
|
%py3_shebang_fix "$f"
|
|
done
|
|
|
|
# Move ntpq to sbin for better compatibility with ntp package
|
|
mv .%{_bindir}/ntpq .%{_sbindir}/ntpq
|
|
|
|
mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats}
|
|
touch .%{_localstatedir}/lib/ntp/ntp.drift
|
|
|
|
mkdir -p .%{_prefix}/lib/systemd/ntp-units.d
|
|
echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list
|
|
|
|
popd
|
|
|
|
%check
|
|
waf check
|
|
|
|
%pre
|
|
# UID/GID inherited from the ntp package
|
|
/usr/sbin/groupadd -g 38 ntp 2> /dev/null || :
|
|
/usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r \
|
|
-d %{_localstatedir}/lib/ntp ntp 2>/dev/null || :
|
|
|
|
%post
|
|
%systemd_post ntpd.service ntp-wait.service
|
|
systemctl daemon-reload 2> /dev/null || :
|
|
|
|
%preun
|
|
%systemd_preun ntpd.service ntp-wait.service
|
|
|
|
%postun
|
|
%systemd_postun_with_restart ntpd.service
|
|
|
|
%global service_save_file /run/ntp-ntpsec.upgrade.services
|
|
|
|
%triggerprein -- ntp < 4.2.10
|
|
[ $1 = 0 ] || exit 0
|
|
# Save enabled ntp services and configuration (before our post)
|
|
for s in ntpd ntp-wait; do
|
|
systemctl is-enabled -q "$s".service 2> /dev/null &&
|
|
echo "$s" 2> /dev/null >> %{service_save_file}
|
|
done
|
|
rm -rf %{_sysconfdir}/ntp.ntpsec
|
|
cp -r --preserve=all %{_sysconfdir}/ntp %{_sysconfdir}/ntp.ntpsec 2> /dev/null
|
|
:
|
|
|
|
%triggerpostun -- ntp < 4.2.10
|
|
[ $2 = 0 ] || exit 0
|
|
# Restore the services and configuration from ntp (after its preun)
|
|
for s in ntpd ntp-wait; do
|
|
grep -q "^$s$" %{service_save_file} 2> /dev/null &&
|
|
systemctl enable -q "$s".service 2> /dev/null
|
|
done
|
|
rm -f %{service_save_file}
|
|
mv -f -T --backup=numbered %{_sysconfdir}/ntp.ntpsec %{_sysconfdir}/ntp
|
|
# Remove unsupported restrictions
|
|
sed -i.bak -E '/^restrict/s/no(e?peer|trap)//g' %{_sysconfdir}/ntp.conf
|
|
:
|
|
|
|
%files
|
|
%license LICENSES/*
|
|
%doc NEWS.adoc README.adoc
|
|
%config(noreplace) %{_sysconfdir}/ntp.conf
|
|
%dir %{_sysconfdir}/logrotate.d
|
|
%config(noreplace) %{_sysconfdir}/logrotate.d/ntpsec.conf
|
|
%{_bindir}/ntp*
|
|
%{_sbindir}/ntp*
|
|
%{_libdir}/libntpc.so*
|
|
%{_mandir}/man1/ntp*.1*
|
|
%{_mandir}/man5/ntp*.5*
|
|
%{_mandir}/man8/ntp*.8*
|
|
%{_unitdir}/ntp*.service
|
|
%{_unitdir}/ntp*.timer
|
|
%{_prefix}/lib/systemd/ntp-units.d/*ntpd.list
|
|
%dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp
|
|
%ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/ntp.drift
|
|
%dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats
|
|
%{python3_sitearch}/ntp-*.egg-info
|
|
%{python3_sitearch}/ntp
|
|
|
|
%changelog
|
|
* Sun Mar 24 2024 Jean-Philippe Pialasse <jpp@koozali.org> 1.2.2a-2.sme
|
|
- first build for el8/SME11
|
|
|
|
* Thu Aug 03 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2a-1
|
|
- update to 1.2.2a (CVE-2023-4012)
|
|
|
|
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-4
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
|
|
|
* Wed Jun 14 2023 Python Maint <python-maint@redhat.com> - 1.2.2-3
|
|
- Rebuilt for Python 3.12
|
|
|
|
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.2-2
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
|
|
* Mon Jan 02 2023 Miroslav Lichvar <mlichvar@redhat.com> 1.2.2-1
|
|
- update to 1.2.2
|
|
|
|
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-9
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
|
|
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 1.2.1-8
|
|
- Rebuilt for Python 3.11
|
|
|
|
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-7
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
|
|
* Wed Sep 15 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-6
|
|
- fix building with OpenSSL-3.0
|
|
|
|
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.2.1-5
|
|
- Rebuilt with OpenSSL 3.0.0
|
|
|
|
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-4
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
|
|
* Thu Jun 17 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-3
|
|
- detect weak keys generated by ntpkeygen (#1955859)
|
|
|
|
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 1.2.1-2
|
|
- Rebuilt for Python 3.10
|
|
|
|
* Mon Jun 07 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.1-1
|
|
- update to 1.2.1 (CVE-2021-22212)
|
|
- enable refclock support (#1955859)
|
|
- add libbsd-devel to build requirements
|
|
|
|
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 1.2.0-8
|
|
- Rebuilt for Python 3.10
|
|
|
|
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.2.0-7
|
|
- Rebuilt for updated systemd-rpm-macros
|
|
See https://pagure.io/fesco/issue/2583.
|
|
|
|
* Mon Feb 01 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-6
|
|
- change ntpdate defaults to follow classic ntpdate (#1917884)
|
|
|
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.0-5
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
|
* Mon Jan 18 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-4
|
|
- include associd in ntpq readvar output (#1914901)
|
|
- fix ntpq crash in raw mode (#1914901)
|
|
|
|
* Wed Jan 06 2021 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-3
|
|
- switch to flat default configuration
|
|
- save enabled services and configuration when replacing ntp
|
|
- move ntpdate and ntpq to /usr/sbin for better compatibility
|
|
- extend ntp conflicts and obsoletes
|
|
|
|
* Tue Dec 01 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-2
|
|
- address issues found in package review (#1896368)
|
|
|
|
* Tue Nov 10 2020 Miroslav Lichvar <mlichvar@redhat.com> 1.2.0-1
|
|
- package ntpsec
|