[PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Simon South
Owner
unassigned
Submitted by
Simon South
Severity
normal

Debbugs page

Simon South wrote 4 years ago
(address . guix-patches@gnu.org)
cover.1610381875.git.simon@simonsouth.net
This patch removes support for OpenNTPD's deprecated "-s" command-line option
and the corresponding "allow-large-adjustment?" field from Guix's
openntpd-configuration record type.

Previously this option allowed OpenNTPD to make a single, arbitrarily large
adjustment to the clock at startup. In the current release this option has
been disabled[0] in favour of the use of authenticated constraints, and
configuring a service with "(allow-large-adjustment? #t)" now causes this
message to appear in /var/log/ntpd:

-s option no longer works and will be removed soon.
Please reconfigure to use constraints or trusted servers.

For systems like the ROCK64 that lack a battery-backed clock, generally the
solution is to replace the "allow-large-adjustment?" option with a setting
like

(constraint-from '("www.gnu.org"))

which will give OpenNTPD an independent estimate of the current time and allow
it to evaluate the trustworthiness of the configured NTP servers.


--
Simon South
simon@simonsouth.net


Simon South (1):
services: openntpd: Remove support for deprecated "-s" option.

doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)

--
2.29.2
Simon South wrote 4 years ago
[PATCH 1/1] services: openntpd: Remove support for deprecated "-s" option.
(address . 45794@debbugs.gnu.org)
29e75ffc49e69c67692bf0b48034b494af671f4a.1610381875.git.simon@simonsouth.net
* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
---
doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)

Toggle diff (77 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 27224fa0d8..0bb9dee3c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers.
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
@end lisp
@end deffn
@@ -16271,9 +16270,6 @@ a constraint.
As with constraint from, specify a list of URLs, IP addresses or hostnames of
HTTPS servers to provide a constraint. Should the hostname resolve to multiple
IP addresses, @code{ntpd} will calculate a median constraint from all of them.
-@item @code{allow-large-adjustment?} (default: @code{#f})
-Determines if @code{ntpd} is allowed to make an initial adjustment of more
-than 180 seconds.
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9ec0f6a9ca..71f8e702a0 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds."
(constraint-from openntpd-constraint-from
(default '()))
(constraints-from openntpd-constraints-from
- (default '()))
- (allow-large-adjustment? openntpd-allow-large-adjustment?
- (default #f))) ; upstream default
+ (default '())))
(define (openntpd-configuration->string config)
@@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds."
"\n"))) ;add a trailing newline
(define (openntpd-shepherd-service config)
- (let ((openntpd (openntpd-configuration-openntpd config))
- (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
+ (let ((openntpd (openntpd-configuration-openntpd config)))
(define ntpd.conf
(plain-file "ntpd.conf" (openntpd-configuration->string config)))
@@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds."
(start #~(make-forkexec-constructor
(list (string-append #$openntpd "/sbin/ntpd")
"-f" #$ntpd.conf
- "-d" ;; don't daemonize
- #$@(if allow-large-adjustment?
- '("-s")
- '()))
+ "-d") ;; don't daemonize
;; When ntpd is daemonized it repeatedly tries to respawn
;; while running, leading shepherd to disable it. To
;; prevent spamming stderr, redirect output to logfile.
diff --git a/tests/networking.scm b/tests/networking.scm
index c494a48067..f2421370d2 100644
--- a/tests/networking.scm
+++ b/tests/networking.scm
@@ -68,8 +68,7 @@
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
(test-assert "openntpd configuration generation sanity check"
--
2.29.2
Ludovic Courtès wrote 4 years ago
Re: bug#45794: [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
(name . Simon South)(address . simon@simonsouth.net)(address . 45794-done@debbugs.gnu.org)
8735z0wlxt.fsf@gnu.org
Hi,

Simon South <simon@simonsouth.net> skribis:

Toggle quote (24 lines)
> This patch removes support for OpenNTPD's deprecated "-s" command-line option
> and the corresponding "allow-large-adjustment?" field from Guix's
> openntpd-configuration record type.
>
> Previously this option allowed OpenNTPD to make a single, arbitrarily large
> adjustment to the clock at startup. In the current release this option has
> been disabled[0] in favour of the use of authenticated constraints, and
> configuring a service with "(allow-large-adjustment? #t)" now causes this
> message to appear in /var/log/ntpd:
>
> -s option no longer works and will be removed soon.
> Please reconfigure to use constraints or trusted servers.
>
> For systems like the ROCK64 that lack a battery-backed clock, generally the
> solution is to replace the "allow-large-adjustment?" option with a setting
> like
>
> (constraint-from '("www.gnu.org"))
>
> which will give OpenNTPD an independent estimate of the current time and allow
> it to evaluate the trustworthiness of the configured NTP servers.
>
> [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup

Thanks for explaining.

Toggle quote (11 lines)
> * gnu/services/networking.scm (openntpd-configuration): Remove
> "allow-large-adjustment?" field.
> (openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
> configuration field and "-s" daemon option.
> * tests/networking.scm (%openntpd-conf-sample): Remove
> "allow-large-adjustment?" field.
> * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
> "allow-large-adjustment?" field from sample configuration.
> [openntpd-configuration]: Remove description of "allow-large-adjustment?"
> field.

Applied, thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 45794@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 45794
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help