* [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option. @ 2021-01-11 17:02 Simon South 2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South 2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès 0 siblings, 2 replies; 3+ messages in thread From: Simon South @ 2021-01-11 17:02 UTC (permalink / raw) To: 45794 This patch removes support for OpenNTPD's deprecated "-s" command-line option and the corresponding "allow-large-adjustment?" field from Guix's openntpd-configuration record type. Previously this option allowed OpenNTPD to make a single, arbitrarily large adjustment to the clock at startup. In the current release this option has been disabled[0] in favour of the use of authenticated constraints, and configuring a service with "(allow-large-adjustment? #t)" now causes this message to appear in /var/log/ntpd: -s option no longer works and will be removed soon. Please reconfigure to use constraints or trusted servers. For systems like the ROCK64 that lack a battery-backed clock, generally the solution is to replace the "allow-large-adjustment?" option with a setting like (constraint-from '("www.gnu.org")) which will give OpenNTPD an independent estimate of the current time and allow it to evaluate the trustworthiness of the configured NTP servers. [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup -- Simon South simon@simonsouth.net Simon South (1): services: openntpd: Remove support for deprecated "-s" option. doc/guix.texi | 6 +----- gnu/services/networking.scm | 12 +++--------- tests/networking.scm | 3 +-- 3 files changed, 5 insertions(+), 16 deletions(-) -- 2.29.2 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#45794] [PATCH 1/1] services: openntpd: Remove support for deprecated "-s" option. 2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South @ 2021-01-11 17:04 ` Simon South 2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès 1 sibling, 0 replies; 3+ messages in thread From: Simon South @ 2021-01-11 17:04 UTC (permalink / raw) To: 45794 * gnu/services/networking.scm (openntpd-configuration): Remove "allow-large-adjustment?" field. (openntpd-shepherd-service): Remove use of "allow-large-adjustment?" configuration field and "-s" daemon option. * tests/networking.scm (%openntpd-conf-sample): Remove "allow-large-adjustment?" field. * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove "allow-large-adjustment?" field from sample configuration. [openntpd-configuration]: Remove description of "allow-large-adjustment?" field. --- doc/guix.texi | 6 +----- gnu/services/networking.scm | 12 +++--------- tests/networking.scm | 3 +-- 3 files changed, 5 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 27224fa0d8..0bb9dee3c1 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers. (listen-on '("127.0.0.1" "::1")) (sensor '("udcf0 correction 70000")) (constraint-from '("www.gnu.org")) - (constraints-from '("https://www.google.com/")) - (allow-large-adjustment? #t))) + (constraints-from '("https://www.google.com/")))) @end lisp @end deffn @@ -16271,9 +16270,6 @@ a constraint. As with constraint from, specify a list of URLs, IP addresses or hostnames of HTTPS servers to provide a constraint. Should the hostname resolve to multiple IP addresses, @code{ntpd} will calculate a median constraint from all of them. -@item @code{allow-large-adjustment?} (default: @code{#f}) -Determines if @code{ntpd} is allowed to make an initial adjustment of more -than 180 seconds. @end table @end deftp diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 9ec0f6a9ca..71f8e702a0 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds." (constraint-from openntpd-constraint-from (default '())) (constraints-from openntpd-constraints-from - (default '())) - (allow-large-adjustment? openntpd-allow-large-adjustment? - (default #f))) ; upstream default + (default '()))) (define (openntpd-configuration->string config) @@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds." "\n"))) ;add a trailing newline (define (openntpd-shepherd-service config) - (let ((openntpd (openntpd-configuration-openntpd config)) - (allow-large-adjustment? (openntpd-allow-large-adjustment? config))) + (let ((openntpd (openntpd-configuration-openntpd config))) (define ntpd.conf (plain-file "ntpd.conf" (openntpd-configuration->string config))) @@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds." (start #~(make-forkexec-constructor (list (string-append #$openntpd "/sbin/ntpd") "-f" #$ntpd.conf - "-d" ;; don't daemonize - #$@(if allow-large-adjustment? - '("-s") - '())) + "-d") ;; don't daemonize ;; When ntpd is daemonized it repeatedly tries to respawn ;; while running, leading shepherd to disable it. To ;; prevent spamming stderr, redirect output to logfile. diff --git a/tests/networking.scm b/tests/networking.scm index c494a48067..f2421370d2 100644 --- a/tests/networking.scm +++ b/tests/networking.scm @@ -68,8 +68,7 @@ (listen-on '("127.0.0.1" "::1")) (sensor '("udcf0 correction 70000")) (constraint-from '("www.gnu.org")) - (constraints-from '("https://www.google.com/")) - (allow-large-adjustment? #t))) + (constraints-from '("https://www.google.com/")))) (test-assert "openntpd configuration generation sanity check" -- 2.29.2 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#45794: [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option. 2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South 2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South @ 2021-01-16 22:34 ` Ludovic Courtès 1 sibling, 0 replies; 3+ messages in thread From: Ludovic Courtès @ 2021-01-16 22:34 UTC (permalink / raw) To: Simon South; +Cc: 45794-done Hi, Simon South <simon@simonsouth.net> skribis: > This patch removes support for OpenNTPD's deprecated "-s" command-line option > and the corresponding "allow-large-adjustment?" field from Guix's > openntpd-configuration record type. > > Previously this option allowed OpenNTPD to make a single, arbitrarily large > adjustment to the clock at startup. In the current release this option has > been disabled[0] in favour of the use of authenticated constraints, and > configuring a service with "(allow-large-adjustment? #t)" now causes this > message to appear in /var/log/ntpd: > > -s option no longer works and will be removed soon. > Please reconfigure to use constraints or trusted servers. > > For systems like the ROCK64 that lack a battery-backed clock, generally the > solution is to replace the "allow-large-adjustment?" option with a setting > like > > (constraint-from '("www.gnu.org")) > > which will give OpenNTPD an independent estimate of the current time and allow > it to evaluate the trustworthiness of the configured NTP servers. > > [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup Thanks for explaining. > * gnu/services/networking.scm (openntpd-configuration): Remove > "allow-large-adjustment?" field. > (openntpd-shepherd-service): Remove use of "allow-large-adjustment?" > configuration field and "-s" daemon option. > * tests/networking.scm (%openntpd-conf-sample): Remove > "allow-large-adjustment?" field. > * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove > "allow-large-adjustment?" field from sample configuration. > [openntpd-configuration]: Remove description of "allow-large-adjustment?" > field. Applied, thanks! Ludo’. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-16 22:36 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South 2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South 2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).