Gentoo Archives: gentoo-commits

From: "Robin H. Johnson (robbat2)" <robbat2@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-misc/ntp: ntp-4.2.6_p5-r10.ebuild ChangeLog
Date: Wed, 01 Jan 2014 23:59:59
Message-Id: 20140101235955.F0A0C2004C@flycatcher.gentoo.org
1 robbat2 14/01/01 23:59:55
2
3 Modified: ChangeLog
4 Added: ntp-4.2.6_p5-r10.ebuild
5 Log:
6 Secure default configuration (approved by NTP upstream per IRC): by default deny all non-time queries so that monlist-based NTP reflection attacks are blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6 localhost is allowed as it is used by default.
7
8 (Portage version: 2.2.7/cvs/Linux x86_64, unsigned Manifest commit)
9
10 Revision Changes Path
11 1.203 net-misc/ntp/ChangeLog
12
13 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?rev=1.203&view=markup
14 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?rev=1.203&content-type=text/plain
15 diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ChangeLog?r1=1.202&r2=1.203
16
17 Index: ChangeLog
18 ===================================================================
19 RCS file: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v
20 retrieving revision 1.202
21 retrieving revision 1.203
22 diff -p -w -b -B -u -u -r1.202 -r1.203
23 --- ChangeLog 24 Dec 2013 11:01:52 -0000 1.202
24 +++ ChangeLog 1 Jan 2014 23:59:55 -0000 1.203
25 @@ -1,6 +1,15 @@
26 # ChangeLog for net-misc/ntp
27 -# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
28 -# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.202 2013/12/24 11:01:52 vapier Exp $
29 +# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
30 +# $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ChangeLog,v 1.203 2014/01/01 23:59:55 robbat2 Exp $
31 +
32 +*ntp-4.2.6_p5-r10 (01 Jan 2014)
33 +
34 + 01 Jan 2014; Robin H. Johnson <robbat2@g.o> +ntp-4.2.6_p5-r10.ebuild,
35 + files/ntp.conf:
36 + Secure default configuration (approved by NTP upstream per IRC): by default
37 + deny all non-time queries so that monlist-based NTP reflection attacks are
38 + blocked; Rate-limit queries and issue KoD for limit-exceeded; Ensure IPv6
39 + localhost is allowed as it is used by default.
40
41 24 Dec 2013; Mike Frysinger <vapier@g.o> files/ntp-client.confd,
42 files/ntp-client.rc:
43
44
45
46 1.1 net-misc/ntp/ntp-4.2.6_p5-r10.ebuild
47
48 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild?rev=1.1&view=markup
49 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild?rev=1.1&content-type=text/plain
50
51 Index: ntp-4.2.6_p5-r10.ebuild
52 ===================================================================
53 # Copyright 1999-2014 Gentoo Foundation
54 # Distributed under the terms of the GNU General Public License v2
55 # $Header: /var/cvsroot/gentoo-x86/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild,v 1.1 2014/01/01 23:59:55 robbat2 Exp $
56
57 EAPI="4"
58
59 inherit eutils toolchain-funcs flag-o-matic user systemd
60
61 MY_P=${P/_p/p}
62 DESCRIPTION="Network Time Protocol suite/programs"
63 HOMEPAGE="http://www.ntp.org/"
64 SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz
65 mirror://gentoo/${MY_P}-manpages.tar.bz2"
66
67 LICENSE="HPND BSD ISC"
68 SLOT="0"
69 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~ia64-linux ~x86-linux ~m68k-mint"
70 IUSE="caps debug ipv6 openntpd parse-clocks samba selinux snmp ssl vim-syntax zeroconf"
71
72 DEPEND=">=sys-libs/ncurses-5.2
73 >=sys-libs/readline-4.1
74 kernel_linux? ( caps? ( sys-libs/libcap ) )
75 zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
76 !openntpd? ( !net-misc/openntpd )
77 snmp? ( net-analyzer/net-snmp )
78 ssl? ( dev-libs/openssl )
79 selinux? ( sec-policy/selinux-ntp )
80 parse-clocks? ( net-misc/pps-tools )"
81 RDEPEND="${DEPEND}
82 vim-syntax? ( app-vim/ntp-syntax )"
83 PDEPEND="openntpd? ( net-misc/openntpd )"
84
85 S=${WORKDIR}/${MY_P}
86
87 pkg_setup() {
88 enewgroup ntp 123
89 enewuser ntp 123 -1 /dev/null ntp
90 }
91
92 src_prepare() {
93 epatch "${FILESDIR}"/${PN}-4.2.4_p5-adjtimex.patch #254030
94 epatch "${FILESDIR}"/${PN}-4.2.4_p7-nano.patch #270483
95 append-cppflags -D_GNU_SOURCE #264109
96 }
97
98 src_configure() {
99 # avoid libmd5/libelf
100 export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no
101 export ac_cv_lib_elf_nlist=no
102 # blah, no real configure options #176333
103 export ac_cv_header_dns_sd_h=$(usex zeroconf)
104 export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h}
105 econf \
106 --with-lineeditlibs=readline,edit,editline \
107 $(use_enable caps linuxcaps) \
108 $(use_enable parse-clocks) \
109 $(use_enable ipv6) \
110 $(use_enable debug debugging) \
111 $(use_enable samba ntp-signd) \
112 $(use_with snmp ntpsnmpd) \
113 $(use_with ssl crypto)
114 }
115
116 src_install() {
117 default
118 # move ntpd/ntpdate to sbin #66671
119 dodir /usr/sbin
120 mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
121
122 dodoc INSTALL WHERE-TO-START
123 doman "${WORKDIR}"/man/*.[58]
124 dohtml -r html/*
125
126 insinto /usr/share/ntp
127 doins "${FILESDIR}"/ntp.conf
128 cp -r scripts/* "${ED}"/usr/share/ntp/ || die
129 use prefix || fperms -R go-w /usr/share/ntp
130 find "${ED}"/usr/share/ntp \
131 '(' \
132 -name '*.in' -o \
133 -name 'Makefile*' -o \
134 -name support \
135 ')' \
136 -exec rm -r {} \;
137
138 insinto /etc
139 doins "${FILESDIR}"/ntp.conf
140 newinitd "${FILESDIR}"/ntpd.rc ntpd
141 newconfd "${FILESDIR}"/ntpd.confd ntpd
142 newinitd "${FILESDIR}"/ntp-client.rc ntp-client
143 newconfd "${FILESDIR}"/ntp-client.confd ntp-client
144 newinitd "${FILESDIR}"/sntp.rc sntp
145 newconfd "${FILESDIR}"/sntp.confd sntp
146 if ! use caps ; then
147 sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die
148 fi
149 sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die
150
151 keepdir /var/lib/ntp
152 use prefix || fowners ntp:ntp /var/lib/ntp
153
154 if use openntpd ; then
155 cd "${ED}"
156 rm usr/sbin/ntpd || die
157 rm -r var/lib
158 rm etc/{conf,init}.d/ntpd
159 rm usr/share/man/*/ntpd.8 || die
160 else
161 systemd_newunit "${FILESDIR}"/ntpd.service-r1 ntpd.service
162 systemd_enable_ntpunit 60-ntpd ntpd.service
163 fi
164
165 systemd_dounit "${FILESDIR}"/ntpdate.service
166 systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf
167 systemd_dounit "${FILESDIR}"/sntp.service
168 systemd_install_serviced "${FILESDIR}"/sntp.service.conf
169 }
170
171 pkg_postinst() {
172 ewarn "You can find an example /etc/ntp.conf in /usr/share/ntp/"
173 ewarn "Review /etc/ntp.conf to setup server info."
174 ewarn "Review /etc/conf.d/ntpd to setup init.d info."
175 echo
176 elog "The way ntp sets and maintains your system time has changed."
177 elog "Now you can use /etc/init.d/ntp-client to set your time at"
178 elog "boot while you can use /etc/init.d/ntpd to maintain your time"
179 elog "while your machine runs"
180 if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then
181 echo
182 eerror "The notrust option was found in your /etc/ntp.conf!"
183 ewarn "If your ntpd starts sending out weird responses,"
184 ewarn "then make sure you have keys properly setup and see"
185 ewarn "http://bugs.gentoo.org/41827"
186 fi
187 }