* [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
@ 2021-01-11 17:02 Simon South
2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
0 siblings, 2 replies; 3+ messages in thread
From: Simon South @ 2021-01-11 17:02 UTC (permalink / raw)
To: 45794
This patch removes support for OpenNTPD's deprecated "-s" command-line option
and the corresponding "allow-large-adjustment?" field from Guix's
openntpd-configuration record type.
Previously this option allowed OpenNTPD to make a single, arbitrarily large
adjustment to the clock at startup. In the current release this option has
been disabled[0] in favour of the use of authenticated constraints, and
configuring a service with "(allow-large-adjustment? #t)" now causes this
message to appear in /var/log/ntpd:
-s option no longer works and will be removed soon.
Please reconfigure to use constraints or trusted servers.
For systems like the ROCK64 that lack a battery-backed clock, generally the
solution is to replace the "allow-large-adjustment?" option with a setting
like
(constraint-from '("www.gnu.org"))
which will give OpenNTPD an independent estimate of the current time and allow
it to evaluate the trustworthiness of the configured NTP servers.
[0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup
--
Simon South
simon@simonsouth.net
Simon South (1):
services: openntpd: Remove support for deprecated "-s" option.
doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)
--
2.29.2
^ permalink raw reply [flat|nested] 3+ messages in thread
* [bug#45794] [PATCH 1/1] services: openntpd: Remove support for deprecated "-s" option.
2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
@ 2021-01-11 17:04 ` Simon South
2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
1 sibling, 0 replies; 3+ messages in thread
From: Simon South @ 2021-01-11 17:04 UTC (permalink / raw)
To: 45794
* gnu/services/networking.scm (openntpd-configuration): Remove
"allow-large-adjustment?" field.
(openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
configuration field and "-s" daemon option.
* tests/networking.scm (%openntpd-conf-sample): Remove
"allow-large-adjustment?" field.
* doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
"allow-large-adjustment?" field from sample configuration.
[openntpd-configuration]: Remove description of "allow-large-adjustment?"
field.
---
doc/guix.texi | 6 +-----
gnu/services/networking.scm | 12 +++---------
tests/networking.scm | 3 +--
3 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 27224fa0d8..0bb9dee3c1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16232,8 +16232,7 @@ clock synchronized with that of the given servers.
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
@end lisp
@end deffn
@@ -16271,9 +16270,6 @@ a constraint.
As with constraint from, specify a list of URLs, IP addresses or hostnames of
HTTPS servers to provide a constraint. Should the hostname resolve to multiple
IP addresses, @code{ntpd} will calculate a median constraint from all of them.
-@item @code{allow-large-adjustment?} (default: @code{#f})
-Determines if @code{ntpd} is allowed to make an initial adjustment of more
-than 180 seconds.
@end table
@end deftp
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 9ec0f6a9ca..71f8e702a0 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -552,9 +552,7 @@ make an initial adjustment of more than 1,000 seconds."
(constraint-from openntpd-constraint-from
(default '()))
(constraints-from openntpd-constraints-from
- (default '()))
- (allow-large-adjustment? openntpd-allow-large-adjustment?
- (default #f))) ; upstream default
+ (default '())))
(define (openntpd-configuration->string config)
@@ -586,8 +584,7 @@ make an initial adjustment of more than 1,000 seconds."
"\n"))) ;add a trailing newline
(define (openntpd-shepherd-service config)
- (let ((openntpd (openntpd-configuration-openntpd config))
- (allow-large-adjustment? (openntpd-allow-large-adjustment? config)))
+ (let ((openntpd (openntpd-configuration-openntpd config)))
(define ntpd.conf
(plain-file "ntpd.conf" (openntpd-configuration->string config)))
@@ -599,10 +596,7 @@ make an initial adjustment of more than 1,000 seconds."
(start #~(make-forkexec-constructor
(list (string-append #$openntpd "/sbin/ntpd")
"-f" #$ntpd.conf
- "-d" ;; don't daemonize
- #$@(if allow-large-adjustment?
- '("-s")
- '()))
+ "-d") ;; don't daemonize
;; When ntpd is daemonized it repeatedly tries to respawn
;; while running, leading shepherd to disable it. To
;; prevent spamming stderr, redirect output to logfile.
diff --git a/tests/networking.scm b/tests/networking.scm
index c494a48067..f2421370d2 100644
--- a/tests/networking.scm
+++ b/tests/networking.scm
@@ -68,8 +68,7 @@
(listen-on '("127.0.0.1" "::1"))
(sensor '("udcf0 correction 70000"))
(constraint-from '("www.gnu.org"))
- (constraints-from '("https://www.google.com/"))
- (allow-large-adjustment? #t)))
+ (constraints-from '("https://www.google.com/"))))
(test-assert "openntpd configuration generation sanity check"
--
2.29.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* bug#45794: [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option.
2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
@ 2021-01-16 22:34 ` Ludovic Courtès
1 sibling, 0 replies; 3+ messages in thread
From: Ludovic Courtès @ 2021-01-16 22:34 UTC (permalink / raw)
To: Simon South; +Cc: 45794-done
Hi,
Simon South <simon@simonsouth.net> skribis:
> This patch removes support for OpenNTPD's deprecated "-s" command-line option
> and the corresponding "allow-large-adjustment?" field from Guix's
> openntpd-configuration record type.
>
> Previously this option allowed OpenNTPD to make a single, arbitrarily large
> adjustment to the clock at startup. In the current release this option has
> been disabled[0] in favour of the use of authenticated constraints, and
> configuring a service with "(allow-large-adjustment? #t)" now causes this
> message to appear in /var/log/ntpd:
>
> -s option no longer works and will be removed soon.
> Please reconfigure to use constraints or trusted servers.
>
> For systems like the ROCK64 that lack a battery-backed clock, generally the
> solution is to replace the "allow-large-adjustment?" option with a setting
> like
>
> (constraint-from '("www.gnu.org"))
>
> which will give OpenNTPD an independent estimate of the current time and allow
> it to evaluate the trustworthiness of the configured NTP servers.
>
> [0] https://cvsweb.openbsd.org/src/usr.sbin/ntpd/ntpd.c?rev=1.127&content-type=text/x-cvsweb-markup
Thanks for explaining.
> * gnu/services/networking.scm (openntpd-configuration): Remove
> "allow-large-adjustment?" field.
> (openntpd-shepherd-service): Remove use of "allow-large-adjustment?"
> configuration field and "-s" daemon option.
> * tests/networking.scm (%openntpd-conf-sample): Remove
> "allow-large-adjustment?" field.
> * doc/guix.texi (Networking Services)[openntpd-service-type]: Remove
> "allow-large-adjustment?" field from sample configuration.
> [openntpd-configuration]: Remove description of "allow-large-adjustment?"
> field.
Applied, thanks!
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-16 22:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 17:02 [bug#45794] [PATCH 0/1] services: openntpd: Remove support for deprecated "-s" option Simon South
2021-01-11 17:04 ` [bug#45794] [PATCH 1/1] " Simon South
2021-01-16 22:34 ` bug#45794: [PATCH 0/1] " Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).