From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:56265) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i5J8a-0004tA-Nf for guix-patches@gnu.org; Tue, 03 Sep 2019 20:27:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i5J8Y-0008QI-MN for guix-patches@gnu.org; Tue, 03 Sep 2019 20:27:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:51860) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i5J8Y-0008P4-FP for guix-patches@gnu.org; Tue, 03 Sep 2019 20:27:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1i5J8Y-0007A0-6b for guix-patches@gnu.org; Tue, 03 Sep 2019 20:27:02 -0400 Subject: [bug#37295] [PATCHv2] services: ntp: Support different NTP server types and options. Resent-Message-ID: From: Maxim Cournoyer References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> Date: Wed, 04 Sep 2019 09:25:52 +0900 In-Reply-To: (GNU bug Tracking System's message of "Tue, 03 Sep 2019 12:23:02 +0000") Message-ID: <87ef0wzz3j.fsf_-_@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 37295@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello, I had forgotten to register the new test module in the file Makefile.am. Attached is the corrected patch. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-services-ntp-Support-different-NTP-server-types-and-.patch Content-Transfer-Encoding: quoted-printable From=200287d5c51a0f257cc9c1df4034001d795c155dd7 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:14:59 +0900 Subject: [PATCH] services: ntp: Support different NTP server types and options. * gnu/services/networking.scm (ntp-server-types): New enum. (): New record type. (ntp-server->string): New procedure. (%ntp-servers): Define in terms of records. Use the first entrypoint server as a pool instead of a list of static servers. This is m= ore resilient since a new server of the pool can be interrogated on every request. Add the 'iburst' options. (ntp-configuration-servers): Define a custom accessor that warns but honors the now deprecated server format. (): Use it. * tests/networking.scm: New file. * Makefile.am (SCM_TESTS): Register it. * doc/guix.texi: Update documentation. =2D-- Makefile.am | 1 + doc/guix.texi | 31 ++++++++++- gnu/services/networking.scm | 100 ++++++++++++++++++++++++++++++------ tests/networking.scm | 50 ++++++++++++++++++ 4 files changed, 164 insertions(+), 18 deletions(-) create mode 100644 tests/networking.scm diff --git a/Makefile.am b/Makefile.am index fa6bf8fe80..32d518acbd 100644 =2D-- a/Makefile.am +++ b/Makefile.am @@ -399,6 +399,7 @@ SCM_TESTS =3D \ tests/modules.scm \ tests/monads.scm \ tests/nar.scm \ + tests/networking.scm \ tests/opam.scm \ tests/packages.scm \ tests/pack.scm \ diff --git a/doc/guix.texi b/doc/guix.texi index 9de0957d14..e76c9322d8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12988,8 +12988,9 @@ This is the data type for the NTP service configura= tion. =20 @table @asis @item @code{servers} (default: @code{%ntp-servers}) =2DThis is the list of servers (host names) with which @command{ntpd} will = be =2Dsynchronized. +This is the list of servers (@code{} records) with which +@command{ntpd} will be synchronized. See the @code{ntp-server} data type +definition below. =20 @item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial @@ -13005,6 +13006,32 @@ List of host names used as the default NTP servers= . These are servers of the @uref{https://www.ntppool.org/en/, NTP Pool Project}. @end defvr =20 +@deftp {Data Type} ntp-server +The data type representing the configuration of a NTP server. + +@table @asis +@item @code{type} (default: @code{'server}) +The type of the NTP server, given as a symbol. One of @code{'pool}, +@code{'server}, @code{'peer}, @code{'broadcast} or @code{'manycastclient}. + +@item @code{address} +The address of the server, as a string. + +@item @code{options} +NTPD options to use with that specific server, given as a list of option n= ames +and/or of option names and values tuples. The following example define a s= erver +to use with the options @option{iburst} and @option{prefer}, as well as +@option{version} 3 and a @option{maxpoll} time of 16 seconds. + +@example +(ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) +@end example +@end table +@end deftp + @cindex OpenNTPD @deffn {Scheme Procedure} openntpd-service-type Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as impleme= nted diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 13a5c6c98d..752a165941 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -51,6 +51,7 @@ #:use-module (guix records) #:use-module (guix modules) #:use-module (guix deprecation) + #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -72,10 +73,18 @@ dhcpd-configuration-pid-file dhcpd-configuration-interfaces =20 =2D %ntp-servers =2D ntp-configuration ntp-configuration? + ntp-configuration-ntp + ntp-configuration-servers + ntp-allow-large-adjustment? + + %ntp-servers + ntp-server + ntp-server-type + ntp-server-address + ntp-server-options + ntp-service ntp-service-type =20 @@ -292,31 +301,87 @@ Protocol (DHCP) client, on all the non-loopback netwo= rk interfaces." (list (service-extension shepherd-root-service-type dhcpd-shepherd-ser= vice) (service-extension activation-service-type dhcpd-activation))))) =20 =2D(define %ntp-servers =2D ;; Default set of NTP servers. These URLs are managed by the NTP Pool = project. =2D ;; Within Guix, Leo Famulari is the administrative= contact =2D ;; for this NTP pool "zone". =2D '("0.guix.pool.ntp.org" =2D "1.guix.pool.ntp.org" =2D "2.guix.pool.ntp.org" =2D "3.guix.pool.ntp.org")) =2D ;;; ;;; NTP. ;;; =20 =2D;; TODO: Export. +(define ntp-server-types (make-enumeration + '(pool + server + peer + broadcast + manycastclient))) + +(define-record-type* + ntp-server make-ntp-server + ntp-server? + ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeratio= n. + (type ntp-server-type + (default 'server)) + (address ntp-server-address) ; a string + ;; The list of options can contain single option names or tuples in the = form + ;; '(name value). + (options ntp-server-options + (default '()))) + +(define (ntp-server->string ntp-server) + ;; Serialize the NTP server object as a string, ready to use in the NTP + ;; configuration file. + (define (flatten lst) + (reverse + (let loop ((x lst) + (res '())) + (if (list? x) + (fold loop res x) + (cons (format #f "~s" x) res))))) + + (match ntp-server + (($ type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (= for + ;; static ones at least). Perhaps the Guix record type could support= a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options)))))) + +(define %ntp-servers + ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. + ;; Within Guix, Leo Famulari is the administrative c= ontact + ;; for this NTP pool "zone". + (list + (ntp-server + (type 'pool) + (address "0.guix.pool.ntp.org") + (options '("iburst"))))) ;as recommended in the ntpd man= ual + (define-record-type* ntp-configuration make-ntp-configuration ntp-configuration? (ntp ntp-configuration-ntp (default ntp)) =2D (servers ntp-configuration-servers + (servers %ntp-configuration-servers ;list of objects (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? (default #t))) ;as recommended in the ntpd manu= al =20 +(define (ntp-configuration-servers ntp-configuration) + ;; A wrapper to support the deprecated form of this field. + (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) + (match ntp-servers + (((? string?) (? string?) ...) + (format (current-error-port) "warning: Defining NTP servers as stri= ngs is \ +deprecated. Please use records instead.\n") + (map (lambda (addr) + (ntp-server + (type 'server) + (address addr) + (options '()))) ntp-servers)) + ((($ ) ($ ) ...) + ntp-servers)))) + (define ntp-shepherd-service (match-lambda (($ ntp servers allow-large-adjustment?) @@ -324,8 +389,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." ;; TODO: Add authentication support. (define config (string-append "driftfile /var/run/ntpd/ntp.drift\n" =2D (string-join (map (cut string-append "server " <= >) =2D servers) + (string-join (map ntp-server->string servers) "\n") " # Disable status queries as a workaround for CVE-2013-5211: @@ -335,7 +399,11 @@ restrict -6 default kod nomodify notrap nopeer noquery= limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2Drestrict -6 ::1\n")) +restrict -6 ::1 + +# This is required to use servers from a pool directive when using the 'no= peer' +# option by default, as documented in the 'ntp.conf' manual. +restrict source notrap nomodify noquery\n")) =20 (define ntpd.conf (plain-file "ntpd.conf" config)) diff --git a/tests/networking.scm b/tests/networking.scm new file mode 100644 index 0000000000..001d7df74d =2D-- /dev/null +++ b/tests/networking.scm @@ -0,0 +1,50 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2019 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests networking) + #:use-module (gnu services networking) + #:use-module (srfi srfi-64)) + +;;; Tests for the (gnu services networking) module. + +(define ntp-server->string (@@ (gnu services networking) ntp-server->strin= g)) + +(define %ntp-server-sample + (ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) + +(test-begin "networking") + +(test-equal "ntp-server->string" + (ntp-server->string %ntp-server-sample) + "server some.ntp.server.org iburst version 3 maxpoll 16 prefer") + +(test-equal "ntp configuration servers deprecated form" + (ntp-configuration-servers + (ntp-configuration + (servers (list (ntp-server + (type 'server) + (address "example.pool.ntp.org") + (options '())))))) + (ntp-configuration-servers + (ntp-configuration + (servers (list "example.pool.ntp.org"))))) + +(test-end "networking") =2D-=20 2.23.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl1vBJAACgkQEmDkZILm NWL++RAAmlTyu0P5QkTJp6/gkGEMW4EWbHPT9HeLnPPKIg/AEZ9Msot/KH4Rn+Lr hvt7/4YQyNvCuaGMyh18aWCq28w0IvnmfnfY1t7c9s4w54ZpXSYtHFLiRXL9xkdO kVD5+dk/31VhCSefxef06tkfGxzLITBXATN6inPJqM3u9iXtQ+l0b1LdD9il/90c g2uUGPdtsrNQRYts8nFRxlGQPYrGZr5e1pAHAILb5YxxrW3foz76/w/olwKZ/As8 g0W+qlFAKOVhWfS2d624SDjeRSswaWKe6K4Jtk/6mtq17Q9UXmg5Tk0APVy7KPm9 oNfkYxHB0b7ihMEMGsVDOkos+Drih39DZ78PoU3kVD0ETTb5/dKdvSscJ4lMXlZ9 XM+TouKriLOvH3Gn6jv1XLFbt9rneNsifxaohnHnzX02HXDfK8v0jIcuhNdAcM0B yD7pTxnYKOTUkoJVFECjb+du/8G8lWF9L1f9WzWMG+fc/GPTOZbiwDUsiHCACERb 1svQTVqQH5eRfPTRoDbElq9fwGMKXdvQhdk4jvirkhII9ju/Gwroi1TuRK4CCm1q rqTj+e3eH5MhwN3JKPiPiwfhN8vdVNBQHtO1+PuqQglM7T4yQIydsIhco1Dj8uDH kn+vWbi7EKPgbP6ZPYE6hJk30h+RUYphSpSBxWu2x1SCQYHb3/g= =pITw -----END PGP SIGNATURE----- --==-=-=--