Date: Tue, 26 Jan 2016 07:06:44 +0000 (UTC) From: Cy Schubert <cy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r294773 - in head/etc: . defaults periodic/daily rc.d Message-ID: <201601260706.u0Q76iWk015311@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cy Date: Tue Jan 26 07:06:44 2016 New Revision: 294773 URL: https://svnweb.freebsd.org/changeset/base/294773 Log: Add support for automatic leap-second file updates. The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default). Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf. Suggested by: des Reviewed by: des, roberto, dwmalone, ian, cperciva, glebius, gjb MFC after: 1 week X-MFC with: r289421, r293037 Added: head/etc/periodic/daily/480.leapfile-ntpd (contents, props changed) Modified: head/etc/defaults/periodic.conf head/etc/defaults/rc.conf head/etc/ntp.conf head/etc/periodic/daily/Makefile head/etc/rc.d/ntpd Modified: head/etc/defaults/periodic.conf ============================================================================== --- head/etc/defaults/periodic.conf Tue Jan 26 07:06:38 2016 (r294772) +++ head/etc/defaults/periodic.conf Tue Jan 26 07:06:44 2016 (r294773) @@ -134,6 +134,11 @@ daily_status_mail_rejects_enable="YES" daily_status_mail_rejects_logs=3 # How many logs to check daily_status_mail_rejects_shorten="NO" # Shorten output +# 480.leapfile-ntpd +daily_ntpd_leapfile_enable="NO" # Fetch NTP leapfile +daily_ntpd_avoid_congestion="YES" # Avoid congesting + # leapfile sources + # 480.status-ntpd daily_status_ntpd_enable="NO" # Check NTP status Modified: head/etc/defaults/rc.conf ============================================================================== --- head/etc/defaults/rc.conf Tue Jan 26 07:06:38 2016 (r294772) +++ head/etc/defaults/rc.conf Tue Jan 26 07:06:44 2016 (r294773) @@ -362,6 +362,15 @@ ntpd_config="/etc/ntp.conf" # ntpd(8) co ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" # Flags to ntpd (if enabled). +ntp_src_leapfile="/etc/ntp/leap-seconds" + # Initial source for ntpd leapfile +ntp_db_leapfile="/var/db/ntpd.leap-seconds.list" + # Working copy (updated weekly) leapfile +ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list" + # Source from which to fetch leapfile +ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to + # expiry. +ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch # Network Information Services (NIS) options: All need rpcbind_enable="YES" ### nis_client_enable="NO" # We're an NIS client (or NO). Modified: head/etc/ntp.conf ============================================================================== --- head/etc/ntp.conf Tue Jan 26 07:06:38 2016 (r294772) +++ head/etc/ntp.conf Tue Jan 26 07:06:44 2016 (r294773) @@ -81,4 +81,6 @@ restrict 127.127.1.0 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. # for documentation regarding leapfile. Updates to the file can be obtained # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. -leapfile "/etc/ntp/leap-seconds" +# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db. +#leapfile "/etc/ntp/leap-seconds" +leapfile "/var/db/ntpd.leap-seconds.list" Added: head/etc/periodic/daily/480.leapfile-ntpd ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/etc/periodic/daily/480.leapfile-ntpd Tue Jan 26 07:06:44 2016 (r294773) @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_ntpd_leapfile_enable" in + [Yy][Ee][Ss]) + case "$daily_ntpd_avoid_congestion" in + [Yy][Ee][Ss]) + # Avoid dogpiling + (sleep $(jot -r 1 0 86400); service ntpd fetch) & + ;; + *) + service ntpd fetch + ;; + esac + ;; +esac + +exit $rc Modified: head/etc/periodic/daily/Makefile ============================================================================== --- head/etc/periodic/daily/Makefile Tue Jan 26 07:06:38 2016 (r294772) +++ head/etc/periodic/daily/Makefile Tue Jan 26 07:06:44 2016 (r294773) @@ -35,7 +35,8 @@ FILES+= 130.clean-msgs .endif .if ${MK_NTP} != "no" -FILES+= 480.status-ntpd +FILES+= 480.status-ntpd \ + 480.leapfile-ntpd .endif .if ${MK_RCMDS} != "no" Modified: head/etc/rc.d/ntpd ============================================================================== --- head/etc/rc.d/ntpd Tue Jan 26 07:06:38 2016 (r294772) +++ head/etc/rc.d/ntpd Tue Jan 26 07:06:44 2016 (r294773) @@ -14,6 +14,8 @@ name="ntpd" rcvar="ntpd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" +extra_commands="fetch" +fetch_cmd="ntpd_fetch_leapfile" start_precmd="ntpd_precmd" load_rc_config $name @@ -30,6 +32,10 @@ ntpd_precmd() return 0; fi + if [ ! -f $ntp_db_leapfile ]; then + ntpd_fetch_leapfile + fi + # If running in a chroot cage, ensure that the appropriate files # exist inside the cage, as well as helper symlinks into the cage # from outside. @@ -44,10 +50,71 @@ ntpd_precmd() ( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" ) fi ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift + ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile} # Change run_rc_commands()'s internal copy of $ntpd_flags # rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags" } +current_ntp_ts() { + # Seconds between 1900-01-01 and 1970-01-01 + # echo $(((70*365+17)*86400)) + ntp_to_unix=2208988800 + + echo $(($(date -u +%s)+$ntp_to_unix)) +} + +get_ntp_leapfile_ver() { + expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +get_ntp_leapfile_expiry() { + expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +ntpd_fetch_leapfile() { + local ntp_tmp_leapfile rc verbose + + if checkyesno ntp_leapfile_fetch_verbose; then + verbose=echo + else + verbose=: + fi + + ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list" + + ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile) + ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile) + $verbose ntp_src_leapfile version is $ntp_ver_no_src + $verbose ntp_db_leapfile version is $ntp_ver_no_db + + if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then + $verbose replacing $ntp_db_leapfile with $ntp_src_leapfile + cp -p $ntp_src_leapfile $ntp_db_leapfile + ntp_ver_no_db=$ntp_ver_no_src + else + $verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile + fi + ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile) + ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400)) + ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds)) + if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then + $verbose Within ntp leapfile expiry limit, initiating fetch + for url in $ntp_leapfile_sources ; do + $verbose fetching $url + fetch -mqo $ntp_tmp_leapfile $url && break + done + ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile) + if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then + $verbose using $url as $ntp_db_leapfile + mv $ntp_tmp_leapfile $ntp_db_leapfile + else + $verbose using existing $ntp_db_leapfile + fi + fi +} + run_rc_command "$1"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601260706.u0Q76iWk015311>