GNU bug report logs -
#45794
[PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
Previous Next
Reported by: Simon South <simon <at> simonsouth.net>
Date: Mon, 11 Jan 2021 17:03:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 45794 in the body.
You can then email your comments to 45794 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#45794
; Package
guix-patches
.
(Mon, 11 Jan 2021 17:03:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Simon South <simon <at> simonsouth.net>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Mon, 11 Jan 2021 17:03:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This patch removes support for OpenNTPD's deprecated "-s" command-line option
and the corresponding "allow-large-adjustment?" field from Guix's
openntpd-configuration record type.
Previously this option allowed OpenNTPD to make a single, arbitrarily large
adjustment to the clock at startup. In the current release this option has
been disabled[0] in favour of the use of authenticated constraints, and
configuring a service with "(allow-large-adjustment? #t)" now causes this
message to appear in /var/log/ntpd:
-s option no longer works and will be removed soon.
Please reconfigure to use constraints or trusted servers.
For systems like the ROCK64 that lack a battery-backed clock, generally the
solution is to replace the "allow-large-adjustment?" option with a setting
like
(constraint-from '("www.gnu.org"))
which will give OpenNTPD an independent estimate of the current time and allow
it to evaluate the trustworthiness of the configured NTP servers.
[0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup
--
Simon South
simon <at> simonsouth.net
Simon South (1):
services: openntpd: Remove support for deprecated "-s" option.
doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)
--
2.29.2
Information forwarded
to
guix-patches <at> gnu.org
:
bug#45794
; Package
guix-patches
.
(Mon, 11 Jan 2021 17:06:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 45794 <at> debbugs.gnu.org (full text, mbox):
* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
---
doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 27224fa0d8..0bb9dee3c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers.
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
@end lisp
@end deffn
@@ -16271,9 +16270,6 @@ a constraint.
As with constraint from, specify a list of URLs, IP addresses or hostnames of
HTTPS servers to provide a constraint. Should the hostname resolve to multiple
IP addresses, @code{ntpd} will calculate a median constraint from all of them.
-@item @code{allow-large-adjustment?} (default: @code{#f})
-Determines if @code{ntpd} is allowed to make an initial adjustment of more
-than 180 seconds.
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9ec0f6a9ca..71f8e702a0 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds."
(constraint-from openntpd-constraint-from
(default '()))
(constraints-from openntpd-constraints-from
- (default '()))
- (allow-large-adjustment? openntpd-allow-large-adjustment?
- (default #f))) ; upstream default
+ (default '())))
(define (openntpd-configuration->string config)
@@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds."
"\n"))) ;add a trailing newline
(define (openntpd-shepherd-service config)
- (let ((openntpd (openntpd-configuration-openntpd config))
- (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
+ (let ((openntpd (openntpd-configuration-openntpd config)))
(define ntpd.conf
(plain-file "ntpd.conf" (openntpd-configuration->string config)))
@@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds."
(start #~(make-forkexec-constructor
(list (string-append #$openntpd "/sbin/ntpd")
"-f" #$ntpd.conf
- "-d" ;; don't daemonize
- #$@(if allow-large-adjustment?
- '("-s")
- '()))
+ "-d") ;; don't daemonize
;; When ntpd is daemonized it repeatedly tries to respawn
;; while running, leading shepherd to disable it. To
;; prevent spamming stderr, redirect output to logfile.
diff --git a/tests/networking.scm b/tests/networking.scm
index c494a48067..f2421370d2 100644
--- a/tests/networking.scm
+++ b/tests/networking.scm
@@ -68,8 +68,7 @@
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
(test-assert "openntpd configuration generation sanity check"
--
2.29.2
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>
:
You have taken responsibility.
(Sat, 16 Jan 2021 22:35:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Simon South <simon <at> simonsouth.net>
:
bug acknowledged by developer.
(Sat, 16 Jan 2021 22:35:01 GMT)
Full text and
rfc822 format available.
Message #13 received at 45794-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Simon South <simon <at> simonsouth.net> skribis:
> This patch removes support for OpenNTPD's deprecated "-s" command-line option
> and the corresponding "allow-large-adjustment?" field from Guix's
> openntpd-configuration record type.
>
> Previously this option allowed OpenNTPD to make a single, arbitrarily large
> adjustment to the clock at startup. In the current release this option has
> been disabled[0] in favour of the use of authenticated constraints, and
> configuring a service with "(allow-large-adjustment? #t)" now causes this
> message to appear in /var/log/ntpd:
>
> -s option no longer works and will be removed soon.
> Please reconfigure to use constraints or trusted servers.
>
> For systems like the ROCK64 that lack a battery-backed clock, generally the
> solution is to replace the "allow-large-adjustment?" option with a setting
> like
>
> (constraint-from '("www.gnu.org"))
>
> which will give OpenNTPD an independent estimate of the current time and allow
> it to evaluate the trustworthiness of the configured NTP servers.
>
> [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup
Thanks for explaining.
> * gnu/services/networking.scm (openntpd-configuration): Remove
> "allow-large-adjustment?" field.
> (openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
> configuration field and "-s" daemon option.
> * tests/networking.scm (%openntpd-conf-sample): Remove
> "allow-large-adjustment?" field.
> * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
> "allow-large-adjustment?" field from sample configuration.
> [openntpd-configuration]: Remove description of "allow-large-adjustment?"
> field.
Applied, thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sun, 14 Feb 2021 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 3 years and 71 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.