unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / Atom feed
* [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
@ 2021-01-11 17:02 Simon South
  2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
  2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
  0 siblings, 2 replies; 3+ messages in thread
From: Simon South @ 2021-01-11 17:02 UTC (permalink / raw)
  To: 45794

This patch removes support for OpenNTPD's deprecated "-s" command-line option
and the corresponding "allow-large-adjustment?" field from Guix's
openntpd-configuration record type.

Previously this option allowed OpenNTPD to make a single, arbitrarily large
adjustment to the clock at startup. In the current release this option has
been disabled[0] in favour of the use of authenticated constraints, and
configuring a service with "(allow-large-adjustment? #t)" now causes this
message to appear in /var/log/ntpd:

    -s option no longer works and will be removed soon.
    Please reconfigure to use constraints or trusted servers.

For systems like the ROCK64 that lack a battery-backed clock, generally the
solution is to replace the "allow-large-adjustment?" option with a setting
like

    (constraint-from '("www.gnu.org"))

which will give OpenNTPD an independent estimate of the current time and allow
it to evaluate the trustworthiness of the configured NTP servers.

[0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup

--
Simon South
simon@simonsouth.net


Simon South (1):
  services: openntpd: Remove support for deprecated "-s" option.

 doc/guix.texi               |  6 +-----
 gnu/services/networking.scm | 12 +++---------
 tests/networking.scm        |  3 +--
 3 files changed, 5 insertions(+), 16 deletions(-)

-- 
2.29.2





^ permalink raw reply	[flat|nested] 3+ messages in thread

* [bug#45794] [PATCH 1/1] services: openntpd: Remove support for deprecated "-s" option.
  2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
@ 2021-01-11 17:04 ` Simon South
  2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
  1 sibling, 0 replies; 3+ messages in thread
From: Simon South @ 2021-01-11 17:04 UTC (permalink / raw)
  To: 45794

* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
---
 doc/guix.texi               |  6 +-----
 gnu/services/networking.scm | 12 +++---------
 tests/networking.scm        |  3 +--
 3 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 27224fa0d8..0bb9dee3c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers.
   (listen-on '("127.0.0.1" "::1"))
   (sensor '("udcf0 correction 70000"))
   (constraint-from '("www.gnu.org"))
-  (constraints-from '("https://www.google.com/"))
-  (allow-large-adjustment? #t)))
+  (constraints-from '("https://www.google.com/"))))
 
 @end lisp
 @end deffn
@@ -16271,9 +16270,6 @@ a constraint.
 As with constraint from, specify a list of URLs, IP addresses or hostnames of
 HTTPS servers to provide a constraint.  Should the hostname resolve to multiple
 IP addresses, @code{ntpd} will calculate a median constraint from all of them.
-@item @code{allow-large-adjustment?} (default: @code{#f})
-Determines if @code{ntpd} is allowed to make an initial adjustment of more
-than 180 seconds.
 @end table
 @end deftp
 
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9ec0f6a9ca..71f8e702a0 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds."
   (constraint-from         openntpd-constraint-from
                            (default '()))
   (constraints-from        openntpd-constraints-from
-                           (default '()))
-  (allow-large-adjustment? openntpd-allow-large-adjustment?
-                           (default #f))) ; upstream default
+                           (default '())))
 
 (define (openntpd-configuration->string config)
 
@@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds."
      "\n")))                              ;add a trailing newline
 
 (define (openntpd-shepherd-service config)
-  (let ((openntpd (openntpd-configuration-openntpd config))
-        (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
+  (let ((openntpd (openntpd-configuration-openntpd config)))
 
     (define ntpd.conf
       (plain-file "ntpd.conf" (openntpd-configuration->string config)))
@@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds."
            (start #~(make-forkexec-constructor
                      (list (string-append #$openntpd "/sbin/ntpd")
                            "-f" #$ntpd.conf
-                           "-d" ;; don't daemonize
-                           #$@(if allow-large-adjustment?
-                                  '("-s")
-                                  '()))
+                           "-d") ;; don't daemonize
                      ;; When ntpd is daemonized it repeatedly tries to respawn
                      ;; while running, leading shepherd to disable it.  To
                      ;; prevent spamming stderr, redirect output to logfile.
diff --git a/tests/networking.scm b/tests/networking.scm
index c494a48067..f2421370d2 100644
--- a/tests/networking.scm
+++ b/tests/networking.scm
@@ -68,8 +68,7 @@
    (listen-on '("127.0.0.1" "::1"))
    (sensor '("udcf0 correction 70000"))
    (constraint-from '("www.gnu.org"))
-   (constraints-from '("https://www.google.com/"))
-   (allow-large-adjustment? #t)))
+   (constraints-from '("https://www.google.com/"))))
 
 (test-assert "openntpd configuration generation sanity check"
 
-- 
2.29.2





^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#45794: [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
  2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
  2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
@ 2021-01-16 22:34 ` Ludovic Courtès
  1 sibling, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2021-01-16 22:34 UTC (permalink / raw)
  To: Simon South; +Cc: 45794-done

Hi,

Simon South <simon@simonsouth.net> skribis:

> This patch removes support for OpenNTPD's deprecated "-s" command-line option
> and the corresponding "allow-large-adjustment?" field from Guix's
> openntpd-configuration record type.
>
> Previously this option allowed OpenNTPD to make a single, arbitrarily large
> adjustment to the clock at startup. In the current release this option has
> been disabled[0] in favour of the use of authenticated constraints, and
> configuring a service with "(allow-large-adjustment? #t)" now causes this
> message to appear in /var/log/ntpd:
>
>     -s option no longer works and will be removed soon.
>     Please reconfigure to use constraints or trusted servers.
>
> For systems like the ROCK64 that lack a battery-backed clock, generally the
> solution is to replace the "allow-large-adjustment?" option with a setting
> like
>
>     (constraint-from '("www.gnu.org"))
>
> which will give OpenNTPD an independent estimate of the current time and allow
> it to evaluate the trustworthiness of the configured NTP servers.
>
> [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup

Thanks for explaining.

> * gnu/services/networking.scm (openntpd-configuration): Remove
> "allow-large-adjustment?" field.
> (openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
> configuration field and "-s" daemon option.
> * tests/networking.scm (%openntpd-conf-sample): Remove
> "allow-large-adjustment?" field.
> * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
> "allow-large-adjustment?" field from sample configuration.
> [openntpd-configuration]: Remove description of "allow-large-adjustment?"
> field.

Applied, thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-01-16 22:36 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès

unofficial mirror of guix-patches@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-patches/1 guix-patches/git/1.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-patches guix-patches/ https://yhetil.org/guix-patches \
		guix-patches@gnu.org
	public-inbox-index guix-patches

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.patches


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git