From 3271d1ac389d2ec93db9c5b9ce0991ce478476cf Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 18:09:41 +0200 Subject: Adding upstream version 4.3. Signed-off-by: Daniel Baumann --- contrib/andrew_bishop_1 | 114 +++++++++++++++ contrib/andrew_bishop_2 | 95 ++++++++++++ contrib/bryan_christianson_1/README.txt | 103 +++++++++++++ contrib/bryan_christianson_1/chronylogrotate.sh | 58 ++++++++ .../org.tuxfamily.chronyc.plist | 22 +++ .../org.tuxfamily.chronyd.plist | 19 +++ contrib/erik_bryer_1 | 65 +++++++++ contrib/ken_gillett_1 | 100 +++++++++++++ contrib/stephan_boettcher_1 | 162 +++++++++++++++++++++ contrib/wolfgang_weisselberg1 | 118 +++++++++++++++ 10 files changed, 856 insertions(+) create mode 100644 contrib/andrew_bishop_1 create mode 100644 contrib/andrew_bishop_2 create mode 100644 contrib/bryan_christianson_1/README.txt create mode 100755 contrib/bryan_christianson_1/chronylogrotate.sh create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist create mode 100644 contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist create mode 100644 contrib/erik_bryer_1 create mode 100644 contrib/ken_gillett_1 create mode 100644 contrib/stephan_boettcher_1 create mode 100644 contrib/wolfgang_weisselberg1 (limited to 'contrib') diff --git a/contrib/andrew_bishop_1 b/contrib/andrew_bishop_1 new file mode 100644 index 0000000..4c0b437 --- /dev/null +++ b/contrib/andrew_bishop_1 @@ -0,0 +1,114 @@ +From amb@gedanken.demon.co.uk Tue Aug 17 22:14:00 1999 +Date: Fri, 6 Aug 1999 19:00:24 +0100 +From: Andrew M. Bishop +To: richard@rrbcurnow.freeserve.co.uk +Subject: Re: Chrony and laptop configuration + +Hi, + +Attached is the apmd_proxy script from the apmd-3.0beta9 distribution. + +The changes that I would make are the following: + +Replace the update_clock function (line 122) with + +update_clock () { + +chronyd -f /etc/chrony.conf + +} + +Around line 171 (in the suspend actions section) I would kill chronyd. + +begin 644 apmd_proxy.gz +M'XL("+L@JS<``V%P;61?<')O>'D`I5K[;]M&$OY9^BLV2JZQ6TF.`Q2XUDA1 +MQU8<]>('_&A[.!R,-;D2MR&Y+)?TXZ[WO]\W,\N'%-E)[X08CJ2=V7G/-T,_ +M?[9S8_,=GPR?*_S3119?%Z6[?U`3A=_+4F9R +M$!R4VB[5L2X_WNDRKM161!]D/Z:)T9FVZ73I%]$TUUY/E^YV6[W>Q>$'M?O= +M=]^!^E#?VEB]+=U=;M)4;<4W/Q;.5]-$E[=@-S5QO:V^4S_5N0DD(+I,K%<^ +M(0(?E;:H%-Y'.DU-K&X>5)68GHAJBU3:5G>)R?DK7^G*@(M;*)T_J,+=0:U, +MYWII,I-7:E'G465!F&AP372^-/%4X5*CS+V.*F5N<9X5-C:IL9J:LYR^V2BP) +M3>J*HJS`@Z],IG2Q*NJ*M0(SJ!1[TK-4FA7RL(&-DN;H +MC5&%*>'/#&:K"XC'EH%".O>6"42,GBJ=G>\@F_*%B>S"1DJ7RSIKK0*-25Q< +M0.*RN""P(@1 +M:(;4:ASM37EK(Z.V;JU6.Y`TVH',VQRKF<-9FY.:FG0:DT+P!MA6^J-(J`O0 +M%*4E[<54HO@[T,/E69&:_:P.&:D?JM]!?/B3L-ZMRYC +M-1/$-%D0$BP=1,/OAD'F8A-";<6[X)(A9^ZL3X@LN$W!2V;2^2`X.;50J\Y3 +MIV.*Q;BTMZ:$U8D+$EG?<(B25+FI[ESYD60`1QW1W;^T:=**#(?4%",I[%.. +M0T`\8@HYJW(R=SH:4UQ+T%%4@Z_SC8DI-+M(+`T)B9A@P\\7+,)'4Z(J2"ZS +M%B0-G:/LW)WNOJ(@2.R2ZM)6[<69),T(/$(&D+T6EM*OKK;'_5B.=(YKJ[K, +M$1#*E"6817``AXT$6^,7XH/DR&-4%\G^,8P6VP@A!5NBM%1)*`%TGCXC5ZYI +M^)N)*H[Z3^(J2$0^CN%-R&`78W6C81`E1?;LBG1M'$86O*7DP&?0&W;)$2FU +MV!4L6\$10A6%-=7%$(IDS;?STXM-HK'Q\7KV3)V<7L[HMY)JBW^YJT*VM`+7 +M(B"41<`?FAL+0TK<^&>!U_GL\NK\1/V\_^%J]KUP5Z_06G*'^-9I\,#>$Z96 +ME.TZBDQ1<:FDURXXB-0]9:D*!LJMXZN+2_5^_^<9ZWMX/O]Y=BXAOL34[#IOU"F<)ID4IN%XL!N3'-%;[Y8K<#\LQQZ0JQR"&6LN4(X7/05 +MD9*X*%WVA"`-FW#/9]A\3IJ>EYY@L^ZI55:"9U!:JHIZZB=>*DWA*%I5"J@2 +M3FWD(+!)/<%A_V"GN49H-O+AOO`DG]R0:E23Z6A=Q-2F/PF_P"[2A0[`X1%V +M`KNF#<'6-U('P'`U`ZD8HS;"&^BNTJZYVZ%.H-.T%8)(OV'26X!=-%>JW1LZ +MEZ\+$@"5%!`Y?(:?Z5H?$V$NYL=G'^;OYK-#=7!Z\FY^='6^?SD_/5$JX%_` +M'X``!C0$-OL(D=H:Y(::5>D8JAG+W8ERTTA%D>ZVP-?NCMX#:EL2W?>A4/HP +M)KFH#L>V(6L!=^5-NI"&<6$J=75YP)"JK%G_!U>CF:8N^DB5K&ED@J +M)`]Q!A.\<[!':>,8``27$HH-\L)HN=HQ5;0#9XK_=ICY=`B.;Q8Z]::5Y.+J +MXFQVG*]SS+QUT&H%D+I6V?C34T'7$+;X8&!%24S` +MG],`ZKRESKW0=5IUL,&S+QCMDO*-&T).T!S5T`]7A'Y#5F1]S@Z.#^;[8%,& +M9AR0`G[A+;@+H)MCCE3*)=Z#3JS%5,`4:9[H6S0ZYB50'/RHI=^T90Y*D?-- +MF:*!^AJ@#;5%JXN#BSGA*1`"0%5D%<1PAQY&`3V,`N15AN`DM]$^K`UQ*[I0 +MPZ7+B^3!4['"C8'+GD)8PTYC05-<96A$`$C@'NH6"PZT!#E-<)\A'S&-JE1X +MC!KH-V:_,H!EP,0XB`<=\)&:.1V*B:]G/\T.+LG\P1-=4-&0.GM[=70T/SGB +M=U2IN(RU6@GT0J,_U&B!&[.N7RV +M`ZP'5W((\*H3"`\NN%1196O5(;,)'F[%1*US-?E51NRN\$H):'6>J`]NZ5OP +MG5+:=,/AZESL\O1!KJ?YN??%BZ^I&W1L7S=LP<1"K[+.UUC!BCM55NSTY`); +MRN4H<>KEUVNOE^J''YXB&+UX!2%&?73V*`&WHPVOIV]X.5E[/272O8DV7/#Z +M40*4336Y9\?L4\5");#4K*@0)ZK$)!2J&<(HK6,I9IZ6$_33#MQ->2*.E:[J +ML`Y8-^;_\!H.A\SY&L+1\&ZVMM6_AP,IX//#&4_Y$LB^``@%``X#I".\GZ"1 +M\GLB.>215L(RE&#(.=CQM-5*XD)C4)[\KB87:O>O:B\#^->&'0UK!=(V&X[A$I_YQ`KUIY>C<_Y]'K>]4-:LT$ +MCR88<,7KZ6M.4I[(I;(CU6/>*J"O#@4D74L#;B0/R"FP@"4S6NEU"Q4^/1R@ +M4?Y#318;^ZWZYQXW@.&``G"Z\8Q\AT*=4D]]2(U\P&Q'+PX^G![\[?CT<#92 +M;]31\67'<4"MG#L?GU_8X8!^F.X%`8J1 +M,(`R]TJ,'W107WT5L,G$JQ=T7/WQATKN5C\C7Q"DX`D/U2;3L#_MEDQ%I2%S')8QJX&",HVX+B<"F:0K]!%% +M#ZFTB*`9W\G&=S+,HL=UX.+Y=BFH,M)G]%REC$(_6=9OB9JYAT?O@Q#,'M$RRYJ%I-BP6S*-*6@^T:S#&.`)QIZ3R*-P]^F,4)!IM#RDO]ION*2C: +M+-E/:W@Q^"HLMMK9:O`)6OS$_"W4%;[4]!0M<9#/"Z)G7;NE#'MYM+Y1;#8A +M"\IW>-W&*1<_%"CKJ+GOI]X%4\GRD9ID3N;4Z@.JVWUO)"'";@+9N$RC#LN+ +MM)7UV12434:NPNPF-R=:O7B-=P'.=,D-(I=?Z^A:$-T/7/CR.DW;$P-S#SBS +M2^X\E\W.%N^@@MQA?FK5DRB(MT$92D4CV2[='V*N$X"YOY*2P%G=WS!5#T5` +MH;%C7+ITJM"^DI`HG,VKL;JI&3,3>0B.!@?"-K(9N\$(PY@'K?)/AU8`^V&9 +M[:5DTU9^)6<"D`N'@QO#,HTBBR#=H+>YY"4M0>X`S@D+)S+,K:EFR@HECHC; +M>>.)^0!?06J,B#0>"`7'!TGG&YC?.`LW1V91DX#>+2IJ-Y-N'2H#"NO;0FN6 +MCK:Q8>)@*4H!``CUE9.<"9$KY<%!+`L\,;4`\_/9Q=7Q##<=A/U>,S#T+#7B +M%2=C9:Y<88V)O*:5=3`W!IF:I^22[]3MR$\&)&,ANR::U.M=1B"]1>..8)AE +MY])Y--\,=NDE5M>LPDP30EA)$B&^'YE8$/4\?7-/7Q8\UM$)7OR)B"3DA>$*A +ME/K-+N4-C6_6#H8>3#@,?655:YI6*53>=C,)Q;H?WM[ +M3\*1%I9("C]U;"B=@S6>3J>K.U6**^#JLS%@`CU(D&T_XSV!Q5-""*(J8`&5 +ML;8ET%%IH:&K"1V%#(_OC,`PQ[N(DTI;8!A;]]G^=9& +MV"[L>;%M2ZE?7-D^4\+6*E:ON7,+#QT$+?VQFO1_ER1+T]_C-:D)O7Y)>B17 +M0L1^+E?"L2YEPJ'I>F`_&K3YE\*!.B<=/5A>V1-ODQT9^ +MRD?F?6#?+!`9287V2!]E%-8(C&:F'C7XG[`O,4-@*_4%2.R3V;>9K@:K0[N` +MJ2^WQNG9TX>EHC=?!^_^1H1MSAXLNKBT=/TDW23^@N'L*06S;,KB.^G+ZA +M9+VS]`CDE71EP'K#3JV";?N478I^50D +MI"5+$%`FGU0ZC/P1"#Y?J7@]PB!EH&U"ELIPI4;H"B.5`L^F:DLV'&9!H!EV +M5&:ZG-+>^=M7?Q%:P-"7%>'RC#;2\D<[%2/8VA.F[-_:/?T)%PLWLA_J]5VW +>Z]AB9"M2/=L.+(S7D<0S_V\81H;_`M>*^#$A)0`` +` +end + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ + diff --git a/contrib/andrew_bishop_2 b/contrib/andrew_bishop_2 new file mode 100644 index 0000000..d3ede74 --- /dev/null +++ b/contrib/andrew_bishop_2 @@ -0,0 +1,95 @@ +From amb@gedanken.demon.co.uk Wed Sep 1 22:26:59 1999 +Date: Thu, 19 Aug 1999 17:30:14 +0100 +From: Andrew M. Bishop +To: richard@rrbcurnow.freeserve.co.uk +Subject: [amb@gedanken.demon.co.uk: Chrony and laptop configuration] + +Hi, + +What you need to do is replace 10.0.0.0 with the network of the +freeserve nameservers in the two scripts below. + +Other than that you can use it as is. + +------- Start of forwarded message ------- +From: "Andrew M. Bishop" +To: richard@rrbcurnow.freeserve.co.uk +Subject: Chrony and laptop configuration +Date: Sat, 31 Jul 1999 11:02:04 +0100 + +Attached are the ip-up and ip-down files that I use for chrony. +(Actually because of the way that debian works they are separate file +in the /etc/ppp/ip-up.d directory that are run in a SysV init style). + +They rely on the presence of an 'ipparam demon' or 'ipparam freeserve' +line in the PPP options file. + +-------------------- /etc/ppp/ip-up -------------------- +#!/bin/sh -f +# +# A script to start chrony +# + +PPP_IPPARAM="$6" + +if [ $PPP_IPPARAM = "demon" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +online 255.255.255.0/158.152.1.0 +online 255.255.255.0/194.159.253.0 +EOF + +fi + +if [ $PPP_IPPARAM = "freeserve" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +online 255.255.255.0/10.0.0.0 +EOF + +fi +-------------------- /etc/ppp/ip-up -------------------- + +-------------------- /etc/ppp/ip-down -------------------- +#!/bin/sh -f +# +# A script to stop chrony +# + +PPP_IPPARAM="$6" + +if [ $PPP_IPPARAM = "demon" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +offline 255.255.255.0/158.152.1.0 +offline 255.255.255.0/194.159.253.0 +EOF + +fi + +if [ $PPP_IPPARAM = "freeserve" ]; then + + /usr/local/bin/chronyc << EOF +password xxxxxxx +offline 255.255.255.0/10.0.0.0 +EOF + +fi +-------------------- /etc/ppp/ip-down -------------------- + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ +------- End of forwarded message ------- + +-- +Andrew. +---------------------------------------------------------------------- +Andrew M. Bishop amb@gedanken.demon.co.uk + http://www.gedanken.demon.co.uk/ + diff --git a/contrib/bryan_christianson_1/README.txt b/contrib/bryan_christianson_1/README.txt new file mode 100644 index 0000000..3a0a2ef --- /dev/null +++ b/contrib/bryan_christianson_1/README.txt @@ -0,0 +1,103 @@ +Notes for installing chrony on macOS +Author: Bryan Christianson (bryan@whatroute.net) +------------------------------------------------ + +These files are for those admins/users who would prefer to install chrony +from the source distribution and are intended as guidelines rather than +being definitive. They can be edited with a plain text editor, such as +vi, emacs or your favourite IDE (Xcode) + +It is assumed you are comfortable with installing software from the +terminal command line and know how to use sudo to acquire root access. + +If you are not familiar with the macOS command line then +please consider using ChronyControl from http://whatroute.net/chronycontrol.html + +ChronyControl provides a gui wrapper for installing these files and sets the +necessary permissions on each file. + + +Install the chrony software +--------------------------- + +You will need xcode and the commandline additions to build and install chrony. +These can be obtained from Apple's website via the App Store. + +cd to the chrony directory +./configure +make +sudo make install + +chrony is now installed in default locations (/usr/local/sbin/chronyd, +/usr/local/bin/chronyc) + +Create a chrony.conf file - see the chrony website for details + +The support files here assume the following directives are specified in the +chrony.conf file + +keyfile /etc/chrony.d/chrony.keys +driftfile /var/db/chrony/chrony.drift +bindcmdaddress /var/db/chrony/chronyd.sock +logdir /var/log/chrony +dumpdir /var/db/chrony + +Install this file as /etc/chrony.d/chrony.conf and create +the directories specified in the above directives if they don't exist. +You will need root permissions to create the directories. + + +Running chronyd +--------------- +At this point chronyd *could* be run as a daemon. Apple discourage running +daemons and their preferred method uses the launchd facility. The +support files here provide a launchd configuration file for chronyd and also +a shell script and launchd configuration file to rotate the chronyd logs on a daily basis. + + +Support files +------------- +Dates and sizes may differ +-rw-r--r-- 1 yourname staff 2084 4 Aug 22:54 README.txt +-rwxr-xr-x 1 yourname staff 676 4 Aug 21:18 chronylogrotate.sh +-rw-r--r-- 1 yourname staff 543 18 Jul 20:10 org.tuxfamily.chronyc.plist +-rw-r--r-- 1 yourname staff 511 19 Jun 18:30 org.tuxfamily.chronyd.plist + +If you have used chrony support directories other than those suggested, you +will need to edit each file and make the appropriate changes. + + +Installing the support files +---------------------------- + +1. chronylogrotate.sh +This is a simple shell script that deletes old log files. Unfortunately because +of the need to run chronyc, the standard macOS logrotation does not work with +chrony logs. + +This script runs on a daily basis under control of launchd and should be +installed in the /usr/local/bin directory + +sudo cp chronylogrotate.sh /usr/local/bin +sudo chmod +x /usr/local/bin/chronylogrotate.sh +sudo chown root:wheel /usr/local/bin/chronylogrotate.sh + + +2. org.tuxfamily.chronyc.plist +This file is the launchd plist that runs logrotation each day. You may +wish to edit this file to change the time of day at which the rotation +will run, currently 04:05 am + +sudo cp org.tuxfamily.chronyc.plist /Library/LaunchDaemons +sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyc.plist +sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyc.plist +sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyc.plist + + +3. org.tuxfamily.chronyd.plist +This file is the launchd plist that runs chronyd when the Macintosh starts. + +sudo cp org.tuxfamily.chronyd.plist /Library/LaunchDaemons +sudo chown root:wheel /Library/LaunchDaemons/org.tuxfamily.chronyd.plist +sudo chmod 0644 /Library/LaunchDaemons/org.tuxfamily.chronyd.plist +sudo launchctl load -w /Library/LaunchDaemons/org.tuxfamily.chronyd.plist diff --git a/contrib/bryan_christianson_1/chronylogrotate.sh b/contrib/bryan_christianson_1/chronylogrotate.sh new file mode 100755 index 0000000..f919544 --- /dev/null +++ b/contrib/bryan_christianson_1/chronylogrotate.sh @@ -0,0 +1,58 @@ +#!/bin/sh + +# chronyd/chronyc - Programs for keeping computer clocks accurate. +# +# ********************************************************************** +# * Copyright (C) Bryan Christianson 2015 +# * +# * This program is free software; you can redistribute it and/or modify +# * it under the terms of version 2 of the GNU General Public License as +# * published by the Free Software Foundation. +# * +# * This program is distributed in the hope that it will be useful, but +# * WITHOUT ANY WARRANTY; without even the implied warranty of +# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# * General Public License for more details. +# * +# * You should have received a copy of the GNU General Public License along +# * with this program; if not, write to the Free Software Foundation, Inc., +# * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# * +# ********************************************************************** + +LOGDIR=/var/log/chrony + +rotate () { + prefix=$1 + + rm -f $prefix.log.10 + + for (( count=9; count>= 0; count-- )) + do + next=$(( $count+1 )) + if [ -f $prefix.log.$count ]; then + mv $prefix.log.$count $prefix.log.$next + fi + done + + if [ -f $prefix.log ]; then + mv $prefix.log $prefix.log.0 + fi +} + +if [ ! -e "$LOGDIR" ]; then + logger -s "missing directory: $LOGDIR" + exit 1 +fi + +cd $LOGDIR + +rotate measurements +rotate statistics +rotate tracking + +# +# signal chronyd via chronyc +/usr/local/bin/chronyc cyclelogs > /dev/null + +exit $? \ No newline at end of file diff --git a/contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist b/contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist new file mode 100644 index 0000000..a3c42c6 --- /dev/null +++ b/contrib/bryan_christianson_1/org.tuxfamily.chronyc.plist @@ -0,0 +1,22 @@ + + + + + Label + org.tuxfamily.logrotate + KeepAlive + + ProgramArguments + + /bin/sh + /usr/local/bin/chronylogrotate.sh + + StartCalendarInterval + + Minute + 5 + Hour + 4 + + + diff --git a/contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist b/contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist new file mode 100644 index 0000000..2bf42aa --- /dev/null +++ b/contrib/bryan_christianson_1/org.tuxfamily.chronyd.plist @@ -0,0 +1,19 @@ + + + + + Label + org.tuxfamily.chronyd + Program + /usr/local/sbin/chronyd + ProgramArguments + + chronyd + -n + -f + /private/etc/chrony.d/chrony.conf + + KeepAlive + + + diff --git a/contrib/erik_bryer_1 b/contrib/erik_bryer_1 new file mode 100644 index 0000000..c551dfe --- /dev/null +++ b/contrib/erik_bryer_1 @@ -0,0 +1,65 @@ +#!/bin/sh +# +# chrony Start time synchronization. This script +# starts chronyd. +# +# Hacked by: Erik Bryer using inet as a template +# +# chkconfig: 2345 02 82 +# description: chronyd helps keep the system time accurate by calculating \ +# and applying correction factors to compensate for the drift \ +# in the clock. chronyd can also correct the hardware clock \ +# (RTC) on some systems. +# processname: chronyd +# config: /etc/chrony.conf + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Set path to include chronyd in /usr/local/sbin +PATH="$PATH:/usr/local/sbin" + +[ -f /usr/local/sbin/chronyd ] || exit 0 + +[ -f /etc/chrony.conf ] || exit 0 + +RETVAL=0 + +# See how we were called. +case "$1" in + start) + # Start daemons. + echo -n "Starting chronyd: " + daemon chronyd + RETVAL=$? + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/chrony + echo + ;; + stop) + # Stop daemons. + echo -n "Shutting down chronyd: " +# If not dead killproc automatically sleeps for 4.1 seconds then does +# kill -9. "chrony.txt" prefers a 5 second delay, but this should be ok. + killproc chronyd -15 + RETVAL=$? + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/chrony + echo + ;; + status) + status chronyd + exit $? + ;; + restart) + $0 stop + $0 start + ;; + *) + echo "Usage: named {start|stop|status|restart}" + exit 1 +esac + +exit $RETVAL + diff --git a/contrib/ken_gillett_1 b/contrib/ken_gillett_1 new file mode 100644 index 0000000..48b7999 --- /dev/null +++ b/contrib/ken_gillett_1 @@ -0,0 +1,100 @@ +#!/bin/sh +# +# chronyd This shell script takes care of starting and stopping +# chronyd (NTP daemon). +# +# chkconfig: 45 80 20 +# description: chronyd is the NTP daemon. + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +PREDIR="/usr/local" +CHRONYD=$PREDIR"/sbin/chronyd" +CHRONYC=$PREDIR"/bin/chronyc" + +[ -x $CHRONYD -a -x $CHRONYC -a -f /etc/chrony.conf ] || exit 0 + +dochrony() { + if [ -z "$(pidofproc chronyd)" ]; then + echo -e "\n\tchronyd not running\n\n" + exit 2 + fi + KEY=`awk '$1 == "commandkey" {print $2; exit}' /etc/chrony.conf` + PASSWORD=`awk '$1 == '$KEY' {print $2; exit}' /etc/chrony/keys` + + $CHRONYC <<- EOF + password $PASSWORD + $@ + quit + EOF +} + +# make the first parameter' lower case +set - `echo $1 | awk '{print tolower($1)}';shift;echo "$@"` + +# Expand any shortcuts. +case "$1" in + on|1) + set - "online" + ;; + off|0) + set - "offline" +esac + +# See how we were called. +case "$1" in + start) + # Start daemons. + echo -n "Starting chronyd: " + daemon $CHRONYD + if [ $? -eq 0 ]; then + echo $(pidofproc chronyd) > /var/run/chronyd.pid + touch /var/lock/subsys/chronyd + fi + echo + ;; + stop) + # Stop daemons. + echo -n "Shutting down chronyd: " + killproc chronyd + echo + rm -f /var/lock/subsys/chronyd + ;; + status) + status chronyd + ;; + restart|reload) + $0 stop + $0 start + ;; + condrestart) + if [ -f /var/lock/subsys/chronyd ]; then + $0 stop + $0 start + fi + ;; + "") + echo "Usage: chronyd +{start|stop|restart|reload|condrestart|status|[on|off]line etc}" + exit 1 + ;; + +accheck|cmdaccheck|clients|manual|rtcdata|sources|sourcestats|tracking|clients) + dochrony "$@" + ;; + *) + echo -n "Chrony $1: " + dochrony "$@" > /dev/null + [ $? -eq 0 ] && echo_success || echo_failure + echo +esac + +exit 0 + diff --git a/contrib/stephan_boettcher_1 b/contrib/stephan_boettcher_1 new file mode 100644 index 0000000..e5eda11 --- /dev/null +++ b/contrib/stephan_boettcher_1 @@ -0,0 +1,162 @@ +From stephan@nevis1.nevis.columbia.edu Mon Jun 7 20:51:57 1999 +Date: 04 Jun 1999 00:17:25 -0400 +From: Stephan I. Boettcher +To: richard@rrbcurnow.freeserve.co.uk +Subject: chrony 1.1 sysV startup script for notebooks + + +Dear Richard, + +I installed chrony on my notebook, running RedHat 5.1 Linux. +It looks like it works. No problems. + +Thank you! + +I like to donate my sysV startup script, appended below. + +Special feature: the `online' command scans the config file to +selectively turn some servers online, depending on the pcmcia SCHEME. + +booting: /etc/rc.d/init.d/chrony start +/etc/ppp/ip-up: /etc/rc.d/init.d/chrony online +/etc/ppp/ip-down: /etc/rc.d/init.d/chrony offline +logrotate cron: /etc/rc.d/init.d/chrony cyclelogs +a user: /etc/rc.d/init.d/chrony status +a sysadmin: /etc/rc.d/init.d/chrony restart +shutdown: /etc/rc.d/init.d/chrony stop + +Best regards +Stephan + +-- + +------------------------------------------------------------------------ +Stephan Boettcher FAX: +1-914-591-4540 +Columbia University, Nevis Labs Tel: +1-914-591-2863 +P.O. Box 137, 136 South Broadway mailto:stephan@nevis1.columbia.edu +Irvington, NY 10533, USA http://www.nevis.columbia.edu/~stephan +------------------------------------------------------------------------ + +########################### cut here ################################### +#! /bin/bash +# +# /etc/rc.d/init.d/chrony +# +# SYS V startup script for +# chrony ntp daemon +# on Linux 2.0.3x notebooks with pcmcia scheme support +# $Id: stephan_boettcher_1,v 1.1 2000/04/24 21:36:04 richard Exp $ +# +# 1999-06-02 SiB +# +# For PCMCIA users: +# In /etc/chrony.conf, precede the server commands for each SCHEME +# with a comment line that contains the word SCHEME and the name of +# the scheme(s) that should use the servers, up to the next line that +# contains the word SCHEME. The servers must be `offline' and +# specified by their IP address. The hostname will not do. +# +# Like: +# +# # SCHEME nevisppp nevislan +# # stephanpc.nevis.columbia.edu +# server 192.12.82.222 offline +# +# # SCHEME desyppp desylan +# +# # dsygw2.desy.de +# server 131.169.30.15 offline +# # dscomsa.desy.de +# server 131.169.197.35 offline + +CONF=/etc/chrony.conf +CHRONYD=/usr/local/sbin/chronyd +CHRONYC=/usr/local/bin/chronyc +KEYS=/etc/chrony.keys + +# See if we got all we need: + +[ -f $CHRONYD -a -f $CHRONYC -a -r $CONF ] || exit + + +[ -r $KEYS ] \ +&& CMDKEY=`awk '/^commandkey/{print $2}' $CONF` \ +&& PASSWORD=`awk -v KEY=$CMDKEY '$1==KEY{print $2}' $KEYS` + + +case "$1" in + + start) + echo -n "Starting chronyd " + $CHRONYD -r -s -f $CONF + echo + ;; + + stop) + echo -n "Shutting down chronyd " + /usr/bin/killall chronyd + echo + ;; + + restart) + $0 stop + $0 start + ;; + + on*) + + [ -f /var/run/pcmcia-scheme ] && SCHEME=`cat /var/run/pcmcia-scheme` + + awk -v SCHEME=${SCHEME:-default} -v PASSWORD=$PASSWORD \ + ' + BEGIN { + SEL=1; + print "password", PASSWORD; + } + /SCHEME/ { + SEL=match($0, SCHEME); + } + SEL && /^server[ \t]*[0-9.]+[ \t].*offline/ { + print "online 255.255.255.255/" $2; + } + ' \ + $CONF \ + | $CHRONYC + + ;; + + off*) + cat <<-EOF | $CHRONYC + password $PASSWORD + offline + trimrtc + dump + EOF + ;; + + *log*) + cat <<-EOF | $CHRONYC + password $PASSWORD + cyclelogs + EOF + ;; + + stat*) + cat <<-EOF | $CHRONYC + sources + sourcestats + tracking + rtcdata + EOF + ;; + + *) + echo "Usage: chronyd {start|stop|restart|status|online|offline|cyclelogs}" + exit 1 + ;; + +esac + +exit 0 + + diff --git a/contrib/wolfgang_weisselberg1 b/contrib/wolfgang_weisselberg1 new file mode 100644 index 0000000..2c41752 --- /dev/null +++ b/contrib/wolfgang_weisselberg1 @@ -0,0 +1,118 @@ + +> Is it possible to limit chronyc to only those commands that +> are readonly plus those necessary to bring a dialup connection up +> and down? That is: online offline dump writertc and password. + +This is trivial on the same host and workable for non-local +hosts: use a wrapper program or script. An *untested* +sample follows. To use it, best create a special user (say +chronyc) and a special group (say chronyg). Make the script +chronyc:chronyg, and 4750 (suid, rwxr-x---). Add all users +who may run the script to the group chronyg. + +Make a chrony password file e.g. +/usr/local/etc/chrony_password. It should be owned by chronyc +and readable only for the owner, containing only the chrony +password (and maybe a newline) in the first line. + +In this way only the script (call it run_chrony, for example) +can read the password. It will allow only those commands you +explicitely allow. You can add a password check -- especially +if you add an internet port so you can access it over the +internet this is advisable. You really want to add logging +to this untested script as well. + + +BTW, if you use some sort of PPP, you probably can use +/etc/ppp/ip-up and /etc/ppp/ip-down to transparently set chrony +on- and offline as the ip connection goes up and comes down. +This is _far_ more user friendly, IMHO, and a DOS by switching +chrony offline all the time is avoided as well. + + +#! /usr/bin/perl -T +use v5.6.1; +use warnings; +use strict; + +sub laundered_command(); +sub order_chrony($$); +sub read_password(); +sub usage($); + +our $CHRONY = "/usr/local/bin/chronyc"; + +# NOTE: select the file system protection wisely for the +# PASSWORDFILE! +our $PASSWORDFILE = "/usr/local/etc/chrony_password"; + +our @ALLOWED_COMMANDS = ( + 'online', # switch online mode on + 'offline', # switch online mode off + 'dump', # save measurements to file + 'writerc', # save RTC accumulated data + + 'clients', # which clients are served by us? + 'rtcdata', # Quality of RTC measurements + 'sources(?: -v)?', # Show our sources (verbose) + 'sourcestats(?: -v)?', # How good are our sources (verbose)? + 'tracking', # whom do we adjust to? + + # 'burst \d+/\d+', # allow them to send bursts? +); + +usage("No command given.") unless $ARGV[0]; + +%ENV = (); # nuke all environment variables. Rather + # drastic, but better safe than sorry! + # Add whatever you really need to get it + # working (again). +$ENV{'PATH'} = '/usr/local/bin:/bin:/usr/bin'; + +order_chrony(laundered_command(), read_password()); + +exit 0; # command succeeded + +############################################################ + +sub usage($) { + print STDERR "Error: ", shift, "\n"; + + # OK, this eats the -v... + print STDERR "Legal commands are:\n\t", join "\n", + map { $_ =~ m:(\w+):; $1 } @ALLOWED_COMMANDS; + exit 1; # error +} + +############################################################ + +sub laundered_command() { + my $regexp = "^(" . join ( "|", @ALLOWED_COMMANDS ) . ")\$"; + my $parameters = join " ", @ARGV; + $parameters =~ m:$regexp: or usage("Command $parameters not allowed."); + + return $1; # this value, then, is untainted. +}; + +############################################################ + +sub read_password() { + open PASS, $PASSWORDFILE + or die "Could not read protected password file: $!"; + my $password = ; + chomp $password; + return $password; +}; + +############################################################ + +sub order_chrony($$) { + my ($clean_command, $password) = @_; + open CHRONY, "| $CHRONY &> /dev/null" or die "could not run $CHRONY: $!\n"; + print CHRONY "password $password\n"; + print CHRONY "$clean_command\n"; + close CHRONY + or die "Error running command $clean_command\n", "\ton $CHRONY: $!\n"; +} + +############################################################ -- cgit v1.2.3