GNU bug report logs - #45794
[PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.

Previous Next

Package: guix-patches;

Reported by: Simon South <simon <at> simonsouth.net>

Date: Mon, 11 Jan 2021 17:03:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 45794 in the body.
You can then email your comments to 45794 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#45794; Package guix-patches. (Mon, 11 Jan 2021 17:03:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Simon South <simon <at> simonsouth.net>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Mon, 11 Jan 2021 17:03:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Simon South <simon <at> simonsouth.net>
To: guix-patches <at> gnu.org
Subject: [PATCH 0/1] services: openntpd: Remove support for deprecated "-s"
 option.
Date: Mon, 11 Jan 2021 12:02:34 -0500

This patch removes support for OpenNTPD's deprecated "-s" command-line option
and the corresponding "allow-large-adjustment?" field from Guix's
openntpd-configuration record type.

Previously this option allowed OpenNTPD to make a single, arbitrarily large
adjustment to the clock at startup. In the current release this option has
been disabled[0] in favour of the use of authenticated constraints, and
configuring a service with "(allow-large-adjustment? #t)" now causes this
message to appear in /var/log/ntpd:

    -s option no longer works and will be removed soon.
    Please reconfigure to use constraints or trusted servers.

For systems like the ROCK64 that lack a battery-backed clock, generally the
solution is to replace the "allow-large-adjustment?" option with a setting
like

    (constraint-from '("www.gnu.org"))

which will give OpenNTPD an independent estimate of the current time and allow
it to evaluate the trustworthiness of the configured NTP servers.

[0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup

--
Simon South
simon <at> simonsouth.net


Simon South (1):
  services: openntpd: Remove support for deprecated "-s" option.

 doc/guix.texi               |  6 +-----
 gnu/services/networking.scm | 12 +++---------
 tests/networking.scm        |  3 +--
 3 files changed, 5 insertions(+), 16 deletions(-)

-- 
2.29.2
Information forwarded to guix-patches <at> gnu.org:
bug#45794; Package guix-patches. (Mon, 11 Jan 2021 17:06:01 GMT) Full text and rfc822 format available.

Message #8 received at 45794 <at> debbugs.gnu.org (full text, mbox):

From: Simon South <simon <at> simonsouth.net>
To: 45794 <at> debbugs.gnu.org
Subject: [PATCH 1/1] services: openntpd: Remove support for deprecated "-s"
 option.
Date: Mon, 11 Jan 2021 12:04:59 -0500

* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
---
 doc/guix.texi               |  6 +-----
 gnu/services/networking.scm | 12 +++---------
 tests/networking.scm        |  3 +--
 3 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 27224fa0d8..0bb9dee3c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers.
   (listen-on '("127.0.0.1" "::1"))
   (sensor '("udcf0 correction 70000"))
   (constraint-from '("www.gnu.org"))
-  (constraints-from '("https://www.google.com/"))
-  (allow-large-adjustment? #t)))
+  (constraints-from '("https://www.google.com/"))))
 
 @end lisp
 @end deffn
@@ -16271,9 +16270,6 @@ a constraint.
 As with constraint from, specify a list of URLs, IP addresses or hostnames of
 HTTPS servers to provide a constraint.  Should the hostname resolve to multiple
 IP addresses, @code{ntpd} will calculate a median constraint from all of them.
-@item @code{allow-large-adjustment?} (default: @code{#f})
-Determines if @code{ntpd} is allowed to make an initial adjustment of more
-than 180 seconds.
 @end table
 @end deftp
 
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9ec0f6a9ca..71f8e702a0 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds."
   (constraint-from         openntpd-constraint-from
                            (default '()))
   (constraints-from        openntpd-constraints-from
-                           (default '()))
-  (allow-large-adjustment? openntpd-allow-large-adjustment?
-                           (default #f))) ; upstream default
+                           (default '())))
 
 (define (openntpd-configuration->string config)
 
@@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds."
      "\n")))                              ;add a trailing newline
 
 (define (openntpd-shepherd-service config)
-  (let ((openntpd (openntpd-configuration-openntpd config))
-        (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
+  (let ((openntpd (openntpd-configuration-openntpd config)))
 
     (define ntpd.conf
       (plain-file "ntpd.conf" (openntpd-configuration->string config)))
@@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds."
            (start #~(make-forkexec-constructor
                      (list (string-append #$openntpd "/sbin/ntpd")
                            "-f" #$ntpd.conf
-                           "-d" ;; don't daemonize
-                           #$@(if allow-large-adjustment?
-                                  '("-s")
-                                  '()))
+                           "-d") ;; don't daemonize
                      ;; When ntpd is daemonized it repeatedly tries to respawn
                      ;; while running, leading shepherd to disable it.  To
                      ;; prevent spamming stderr, redirect output to logfile.
diff --git a/tests/networking.scm b/tests/networking.scm
index c494a48067..f2421370d2 100644
--- a/tests/networking.scm
+++ b/tests/networking.scm
@@ -68,8 +68,7 @@
    (listen-on '("127.0.0.1" "::1"))
    (sensor '("udcf0 correction 70000"))
    (constraint-from '("www.gnu.org"))
-   (constraints-from '("https://www.google.com/"))
-   (allow-large-adjustment? #t)))
+   (constraints-from '("https://www.google.com/"))))
 
 (test-assert "openntpd configuration generation sanity check"
 
-- 
2.29.2
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Sat, 16 Jan 2021 22:35:01 GMT) Full text and rfc822 format available.
Notification sent to Simon South <simon <at> simonsouth.net>:
bug acknowledged by developer. (Sat, 16 Jan 2021 22:35:01 GMT) Full text and rfc822 format available.

Message #13 received at 45794-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Simon South <simon <at> simonsouth.net>
Cc: 45794-done <at> debbugs.gnu.org
Subject: Re: bug#45794: [PATCH 0/1] services: openntpd: Remove support for
 deprecated "-s" option.
Date: Sat, 16 Jan 2021 23:34:22 +0100

Hi,

Simon South <simon <at> simonsouth.net> skribis:

> This patch removes support for OpenNTPD's deprecated "-s" command-line option
> and the corresponding "allow-large-adjustment?" field from Guix's
> openntpd-configuration record type.
>
> Previously this option allowed OpenNTPD to make a single, arbitrarily large
> adjustment to the clock at startup. In the current release this option has
> been disabled[0] in favour of the use of authenticated constraints, and
> configuring a service with "(allow-large-adjustment? #t)" now causes this
> message to appear in /var/log/ntpd:
>
>     -s option no longer works and will be removed soon.
>     Please reconfigure to use constraints or trusted servers.
>
> For systems like the ROCK64 that lack a battery-backed clock, generally the
> solution is to replace the "allow-large-adjustment?" option with a setting
> like
>
>     (constraint-from '("www.gnu.org"))
>
> which will give OpenNTPD an independent estimate of the current time and allow
> it to evaluate the trustworthiness of the configured NTP servers.
>
> [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup

Thanks for explaining.

> * gnu/services/networking.scm (openntpd-configuration): Remove
> "allow-large-adjustment?" field.
> (openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
> configuration field and "-s" daemon option.
> * tests/networking.scm (%openntpd-conf-sample): Remove
> "allow-large-adjustment?" field.
> * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
> "allow-large-adjustment?" field from sample configuration.
> [openntpd-configuration]: Remove description of "allow-large-adjustment?"
> field.

Applied, thanks!

Ludo’.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 14 Feb 2021 12:24:09 GMT) Full text and rfc822 format available.
This bug report was last modified 3 years and 71 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.