diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:09:42 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:09:42 +0000 |
| commit | 33895c7300d6e43e4d3df30cb192d17891d799be (patch) | |
| tree | 9415c122d9b49604b0e3748f4c41b2bd937f63ba /debian/tests/ntp-server-and-nts-auth | |
| parent | Adding upstream version 4.3. (diff) | |
| download | chrony-debian.tar.xz chrony-debian.zip | |
Adding debian version 4.3-2+deb12u1.debian/4.3-2+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/tests/ntp-server-and-nts-auth')
| -rw-r--r-- | debian/tests/ntp-server-and-nts-auth | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/debian/tests/ntp-server-and-nts-auth b/debian/tests/ntp-server-and-nts-auth new file mode 100644 index 0000000..b7d8877 --- /dev/null +++ b/debian/tests/ntp-server-and-nts-auth @@ -0,0 +1,59 @@ +#!/bin/sh +# Check that chronyd is able to authenticate NTP packets when NTS is enabled +# on the server. + +set -e + +. debian/tests/helper-functions + +cert_dir="/var/lib/chrony" +cert_template="$cert_dir/cert.cfg" +cert_file="$cert_dir/server.crt" +priv_key="$cert_dir/server.key" +server_addr="127.0.1.1" +server_name="chrony-nts-test" + +create_cert_template() { + printf "Creating certificate template: " + cat <<EOF > "$cert_template" +cn = "$server_name" +serial = 001 +activation_date = "$(date -d '1 year ago' +'%Y-%m-%d') 00:00:00 UTC" +expiration_date = "$(date -d '1 year' +'%Y-%m-%d') 00:00:00 UTC" +signing_key +encryption_key +EOF +} + +generate_cert() { + printf "Generating self-signed certificate: " + certtool --generate-privkey --key-type=ed25519 --outfile "$priv_key" > /dev/null 2>&1 + certtool --generate-self-signed --load-privkey "$priv_key" --template "$cert_template" \ + --outfile "$cert_file" > /dev/null 2>&1 +} + +server_config() { + printf "Preparing chronyd configuration: " + cat <<EOF > /etc/chrony/conf.d/local-server-config.conf +server $server_name nts minpoll -6 maxpoll -6 +ntsserverkey $priv_key +ntsservercert $cert_file +ntstrustedcerts $cert_file +EOF + + __no_system_clock_control + __restart_chronyd +} + +echo "$server_addr $server_name" >> /etc/hosts + +create_cert_template && __test_ok || __test_skip "unable to create certificate template" + +generate_cert && __test_ok || __test_skip "unable to generate self-signed certificate" + +server_config && __test_ok || __test_skip + +printf "Checking if server authenticates NTP packets: " +__check_auth "$server_addr,NTS" + +exit 0 |