From owner-svn-src-all@freebsd.org  Tue Jan 26 07:06:46 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 670FDA461E3;
 Tue, 26 Jan 2016 07:06:46 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1D74D29B;
 Tue, 26 Jan 2016 07:06:45 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u0Q76jf6015317;
 Tue, 26 Jan 2016 07:06:45 GMT (envelope-from cy@FreeBSD.org)
Received: (from cy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u0Q76iWk015311;
 Tue, 26 Jan 2016 07:06:44 GMT (envelope-from cy@FreeBSD.org)
Message-Id: <201601260706.u0Q76iWk015311@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org
 using -f
From: Cy Schubert <cy@FreeBSD.org>
Date: Tue, 26 Jan 2016 07:06:44 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r294773 - in head/etc: . defaults periodic/daily rc.d
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2016 07:06:46 -0000

Author: cy
Date: Tue Jan 26 07:06:44 2016
New Revision: 294773
URL: https://svnweb.freebsd.org/changeset/base/294773

Log:
  Add support for automatic leap-second file updates.
  
  The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
  /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
  or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
  automatic leapfile updates be disabled (default).
  
  Automatic leapfile updates are fetched from $ntp_leapfile_sources,
  defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
  within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
  file expiry. Automatic updates can be enabled by setting
  $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
  the ntp leapfile source the automatic update randomized by default but
  can be disabled through daily_ntpd_avoid_congestion="NO" in
  periodic.conf.
  
  Suggested by:	des
  Reviewed by:	des, roberto, dwmalone, ian, cperciva, glebius, gjb
  MFC after:	1 week
  X-MFC with:	r289421, r293037

Added:
  head/etc/periodic/daily/480.leapfile-ntpd   (contents, props changed)
Modified:
  head/etc/defaults/periodic.conf
  head/etc/defaults/rc.conf
  head/etc/ntp.conf
  head/etc/periodic/daily/Makefile
  head/etc/rc.d/ntpd

Modified: head/etc/defaults/periodic.conf
==============================================================================
--- head/etc/defaults/periodic.conf	Tue Jan 26 07:06:38 2016	(r294772)
+++ head/etc/defaults/periodic.conf	Tue Jan 26 07:06:44 2016	(r294773)
@@ -134,6 +134,11 @@ daily_status_mail_rejects_enable="YES"		
 daily_status_mail_rejects_logs=3			# How many logs to check
 daily_status_mail_rejects_shorten="NO"			# Shorten output
 
+# 480.leapfile-ntpd
+daily_ntpd_leapfile_enable="NO"				# Fetch NTP leapfile
+daily_ntpd_avoid_congestion="YES"			# Avoid congesting
+							# leapfile sources
+
 # 480.status-ntpd
 daily_status_ntpd_enable="NO"				# Check NTP status
 

Modified: head/etc/defaults/rc.conf
==============================================================================
--- head/etc/defaults/rc.conf	Tue Jan 26 07:06:38 2016	(r294772)
+++ head/etc/defaults/rc.conf	Tue Jan 26 07:06:44 2016	(r294773)
@@ -362,6 +362,15 @@ ntpd_config="/etc/ntp.conf"	# ntpd(8) co
 ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset is high
 ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
 				# Flags to ntpd (if enabled).
+ntp_src_leapfile="/etc/ntp/leap-seconds"
+				# Initial source for ntpd leapfile
+ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
+				# Working copy (updated weekly) leapfile
+ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
+				# Source from which to fetch leapfile
+ntp_leapfile_expiry_days=30	# Check for new leapfile 30 days prior to
+				# expiry.
+ntp_leapfile_fetch_verbose="NO"	# Be verbose during NTP leapfile fetch
 
 # Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
 nis_client_enable="NO"		# We're an NIS client (or NO).

Modified: head/etc/ntp.conf
==============================================================================
--- head/etc/ntp.conf	Tue Jan 26 07:06:38 2016	(r294772)
+++ head/etc/ntp.conf	Tue Jan 26 07:06:44 2016	(r294773)
@@ -81,4 +81,6 @@ restrict 127.127.1.0
 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
 # for documentation regarding leapfile. Updates to the file can be obtained
 # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
-leapfile "/etc/ntp/leap-seconds"
+# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
+#leapfile "/etc/ntp/leap-seconds"
+leapfile "/var/db/ntpd.leap-seconds.list"

Added: head/etc/periodic/daily/480.leapfile-ntpd
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/etc/periodic/daily/480.leapfile-ntpd	Tue Jan 26 07:06:44 2016	(r294773)
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_ntpd_leapfile_enable" in
+    [Yy][Ee][Ss])
+	case "$daily_ntpd_avoid_congestion" in
+    	[Yy][Ee][Ss])
+	    # Avoid dogpiling
+	    (sleep $(jot -r 1 0 86400); service ntpd fetch) &
+	    ;;
+	*)
+	    service ntpd fetch
+	    ;;
+	esac
+	;;
+esac
+
+exit $rc

Modified: head/etc/periodic/daily/Makefile
==============================================================================
--- head/etc/periodic/daily/Makefile	Tue Jan 26 07:06:38 2016	(r294772)
+++ head/etc/periodic/daily/Makefile	Tue Jan 26 07:06:44 2016	(r294773)
@@ -35,7 +35,8 @@ FILES+=	130.clean-msgs
 .endif
 
 .if ${MK_NTP} != "no"
-FILES+=	480.status-ntpd
+FILES+=	480.status-ntpd \
+	480.leapfile-ntpd
 .endif
 
 .if ${MK_RCMDS} != "no"

Modified: head/etc/rc.d/ntpd
==============================================================================
--- head/etc/rc.d/ntpd	Tue Jan 26 07:06:38 2016	(r294772)
+++ head/etc/rc.d/ntpd	Tue Jan 26 07:06:44 2016	(r294773)
@@ -14,6 +14,8 @@ name="ntpd"
 rcvar="ntpd_enable"
 command="/usr/sbin/${name}"
 pidfile="/var/run/${name}.pid"
+extra_commands="fetch"
+fetch_cmd="ntpd_fetch_leapfile"
 start_precmd="ntpd_precmd"
 
 load_rc_config $name
@@ -30,6 +32,10 @@ ntpd_precmd()
 		return 0;
 	fi
 
+	if [ ! -f $ntp_db_leapfile ]; then
+		ntpd_fetch_leapfile
+	fi
+
 	# If running in a chroot cage, ensure that the appropriate files
 	# exist inside the cage, as well as helper symlinks into the cage
 	# from outside.
@@ -44,10 +50,71 @@ ntpd_precmd()
 		( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
 	fi
 	ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
+	ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile}
 
 	#	Change run_rc_commands()'s internal copy of $ntpd_flags
 	#
 	rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
 }
 
+current_ntp_ts() {
+	# Seconds between 1900-01-01 and 1970-01-01
+	# echo $(((70*365+17)*86400))
+	ntp_to_unix=2208988800
+
+	echo $(($(date -u +%s)+$ntp_to_unix))
+}
+	
+get_ntp_leapfile_ver() {
+	expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+get_ntp_leapfile_expiry() {
+	expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+ntpd_fetch_leapfile() {
+	local ntp_tmp_leapfile rc verbose
+	
+	if checkyesno ntp_leapfile_fetch_verbose; then
+		verbose=echo
+	else
+		verbose=:
+	fi
+
+	ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
+
+	ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+	ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+	$verbose ntp_src_leapfile version is $ntp_ver_no_src
+	$verbose ntp_db_leapfile version is $ntp_ver_no_db
+
+	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+		$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile 
+		cp -p $ntp_src_leapfile $ntp_db_leapfile
+		ntp_ver_no_db=$ntp_ver_no_src
+	else
+		$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile 
+	fi
+	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
+	ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+	ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
+	if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
+		$verbose Within ntp leapfile expiry limit, initiating fetch
+		for url in $ntp_leapfile_sources ; do
+			$verbose fetching $url
+			fetch -mqo $ntp_tmp_leapfile $url && break
+		done
+		ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
+		if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
+			$verbose using $url as $ntp_db_leapfile
+			mv $ntp_tmp_leapfile $ntp_db_leapfile
+		else
+			$verbose using existing $ntp_db_leapfile
+		fi
+	fi
+}
+
 run_rc_command "$1"