summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
authorcy <cy@FreeBSD.org>2016-02-10 07:16:17 +0000
committercy <cy@FreeBSD.org>2016-02-10 07:16:17 +0000
commitab8cd691029d03339e2c5ca0d056aae390b2e7ac (patch)
tree73ccc7af60f9fedfd02474a7816821a707c7106e /etc
parentcb56e836d9a9db908a5f1e021e6483e1e8aab048 (diff)
downloadFreeBSD-src-ab8cd691029d03339e2c5ca0d056aae390b2e7ac.zip
FreeBSD-src-ab8cd691029d03339e2c5ca0d056aae390b2e7ac.tar.gz
MFC r289421, r293037, r294773, and r294884.
ntp leap-leapseconds support. r289421: Add default leap-seconds file. This should help ntp networks get the leap second date correct Updates to the file can be obtained from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. r293037: Update leap-seconds to latest. This will satisfy the ntpd leap-second version check. r294773: Add support for automatic leap-second file updates. The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default). Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf. r294884: Allow specification of fetch options for ntp leap-seconds fetch. Approved by: re (gjb)
Diffstat (limited to 'etc')
-rw-r--r--etc/Makefile3
-rw-r--r--etc/defaults/periodic.conf5
-rw-r--r--etc/defaults/rc.conf11
-rw-r--r--etc/mtree/BSD.var.dist2
-rw-r--r--etc/ntp.conf7
-rw-r--r--etc/ntp/Makefile10
-rw-r--r--etc/ntp/leap-seconds221
-rwxr-xr-xetc/periodic/daily/480.leapfile-ntpd28
-rw-r--r--etc/periodic/daily/Makefile3
-rwxr-xr-xetc/rc.d/ntpd67
10 files changed, 356 insertions, 1 deletions
diff --git a/etc/Makefile b/etc/Makefile
index 1030f5f..ffc299f 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -244,6 +244,9 @@ distribution:
${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
${_+_}cd ${.CURDIR}/devd; ${MAKE} install
${_+_}cd ${.CURDIR}/gss; ${MAKE} install
+.if ${MK_NTP} != "no"
+ ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
+.endif
${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
.if ${MK_PKGBOOTSTRAP} != "no"
${_+_}cd ${.CURDIR}/pkg; ${MAKE} install
diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index d97bd93..487a356 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -138,6 +138,11 @@ daily_status_mail_rejects_enable="YES" # Check mail rejects
daily_status_mail_rejects_logs=3 # How many logs to check
daily_status_mail_rejects_shorten="NO" # Shorten output
+# 480.leapfile-ntpd
+daily_ntpd_leapfile_enable="NO" # Fetch NTP leapfile
+daily_ntpd_avoid_congestion="YES" # Avoid congesting
+ # leapfile sources
+
# 480.status-ntpd
daily_status_ntpd_enable="NO" # Check NTP status
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index da3158c..ddaf657 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -366,6 +366,17 @@ ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
# Flags to ntpd (if enabled).
+ntp_src_leapfile="/etc/ntp/leap-seconds"
+ # Initial source for ntpd leapfile
+ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
+ # Working copy (updated weekly) leapfile
+ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
+ # Source from which to fetch leapfile
+ntp_leapfile_fetch_opts="-mq" # Options to use for ntp leapfile fetch,
+ # e.g. --no-verify-peer
+ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to
+ # expiry.
+ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
nis_client_enable="NO" # We're an NIS client (or NO).
diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist
index 2403814..4082ad4 100644
--- a/etc/mtree/BSD.var.dist
+++ b/etc/mtree/BSD.var.dist
@@ -46,6 +46,8 @@
..
ipf mode=0700
..
+ ntp mode=0700
+ ..
pkg
..
ports
diff --git a/etc/ntp.conf b/etc/ntp.conf
index ea39877..64edd93 100644
--- a/etc/ntp.conf
+++ b/etc/ntp.conf
@@ -77,3 +77,10 @@ restrict 127.127.1.0
#
#server 127.127.1.0
#fudge 127.127.1.0 stratum 10
+
+# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
+# for documentation regarding leapfile. Updates to the file can be obtained
+# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
+# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
+#leapfile "/etc/ntp/leap-seconds"
+leapfile "/var/db/ntpd.leap-seconds.list"
diff --git a/etc/ntp/Makefile b/etc/ntp/Makefile
new file mode 100644
index 0000000..f1aff4f
--- /dev/null
+++ b/etc/ntp/Makefile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+NO_OBJ=
+
+FILES= leap-seconds
+
+FILESDIR= /etc/ntp
+FILESMODE= 644
+
+.include <bsd.prog.mk>
diff --git a/etc/ntp/leap-seconds b/etc/ntp/leap-seconds
new file mode 100644
index 0000000..8fa6225
--- /dev/null
+++ b/etc/ntp/leap-seconds
@@ -0,0 +1,221 @@
+#
+# $FreeBSD$
+#
+# In the following text, the symbol '#' introduces
+# a comment, which continues from that symbol until
+# the end of the line. A plain comment line has a
+# whitespace character following the comment indicator.
+# There are also special comment lines defined below.
+# A special comment will always have a non-whitespace
+# character in column 2.
+#
+# A blank line should be ignored.
+#
+# The following table shows the corrections that must
+# be applied to compute International Atomic Time (TAI)
+# from the Coordinated Universal Time (UTC) values that
+# are transmitted by almost all time services.
+#
+# The first column shows an epoch as a number of seconds
+# since 1900.0 and the second column shows the number of
+# seconds that must be added to UTC to compute TAI for
+# any timestamp at or after that epoch. The value on
+# each line is valid from the indicated initial instant
+# until the epoch given on the next one or indefinitely
+# into the future if there is no next line.
+# (The comment on each line shows the representation of
+# the corresponding initial epoch in the usual
+# day-month-year format. The epoch always begins at
+# 00:00:00 UTC on the indicated day. See Note 5 below.)
+#
+# Important notes:
+#
+# 1. Coordinated Universal Time (UTC) is often referred to
+# as Greenwich Mean Time (GMT). The GMT time scale is no
+# longer used, and the use of GMT to designate UTC is
+# discouraged.
+#
+# 2. The UTC time scale is realized by many national
+# laboratories and timing centers. Each laboratory
+# identifies its realization with its name: Thus
+# UTC(NIST), UTC(USNO), etc. The differences among
+# these different realizations are typically on the
+# order of a few nanoseconds (i.e., 0.000 000 00x s)
+# and can be ignored for many purposes. These differences
+# are tabulated in Circular T, which is published monthly
+# by the International Bureau of Weights and Measures
+# (BIPM). See www.bipm.fr for more information.
+#
+# 3. The current defintion of the relationship between UTC
+# and TAI dates from 1 January 1972. A number of different
+# time scales were in use before than epoch, and it can be
+# quite difficult to compute precise timestamps and time
+# intervals in those "prehistoric" days. For more information,
+# consult:
+#
+# The Explanatory Supplement to the Astronomical
+# Ephemeris.
+# or
+# Terry Quinn, "The BIPM and the Accurate Measurement
+# of Time," Proc. of the IEEE, Vol. 79, pp. 894-905,
+# July, 1991.
+#
+# 4. The insertion of leap seconds into UTC is currently the
+# responsibility of the International Earth Rotation Service,
+# which is located at the Paris Observatory:
+#
+# Central Bureau of IERS
+# 61, Avenue de l'Observatoire
+# 75014 Paris, France.
+#
+# Leap seconds are announced by the IERS in its Bulletin C
+#
+# See hpiers.obspm.fr or www.iers.org for more details.
+#
+# All national laboratories and timing centers use the
+# data from the BIPM and the IERS to construct their
+# local realizations of UTC.
+#
+# Although the definition also includes the possibility
+# of dropping seconds ("negative" leap seconds), this has
+# never been done and is unlikely to be necessary in the
+# foreseeable future.
+#
+# 5. If your system keeps time as the number of seconds since
+# some epoch (e.g., NTP timestamps), then the algorithm for
+# assigning a UTC time stamp to an event that happens during a positive
+# leap second is not well defined. The official name of that leap
+# second is 23:59:60, but there is no way of representing that time
+# in these systems.
+# Many systems of this type effectively stop the system clock for
+# one second during the leap second and use a time that is equivalent
+# to 23:59:59 UTC twice. For these systems, the corresponding TAI
+# timestamp would be obtained by advancing to the next entry in the
+# following table when the time equivalent to 23:59:59 UTC
+# is used for the second time. Thus the leap second which
+# occurred on 30 June 1972 at 23:59:59 UTC would have TAI
+# timestamps computed as follows:
+#
+# ...
+# 30 June 1972 23:59:59 (2287785599, first time): TAI= UTC + 10 seconds
+# 30 June 1972 23:59:60 (2287785599,second time): TAI= UTC + 11 seconds
+# 1 July 1972 00:00:00 (2287785600) TAI= UTC + 11 seconds
+# ...
+#
+# If your system realizes the leap second by repeating 00:00:00 UTC twice
+# (this is possible but not usual), then the advance to the next entry
+# in the table must occur the second time that a time equivlent to
+# 00:00:00 UTC is used. Thus, using the same example as above:
+#
+# ...
+# 30 June 1972 23:59:59 (2287785599): TAI= UTC + 10 seconds
+# 30 June 1972 23:59:60 (2287785600, first time): TAI= UTC + 10 seconds
+# 1 July 1972 00:00:00 (2287785600,second time): TAI= UTC + 11 seconds
+# ...
+#
+# in both cases the use of timestamps based on TAI produces a smooth
+# time scale with no discontinuity in the time interval.
+#
+# This complexity would not be needed for negative leap seconds (if they
+# are ever used). The UTC time would skip 23:59:59 and advance from
+# 23:59:58 to 00:00:00 in that case. The TAI offset would decrease by
+# 1 second at the same instant. This is a much easier situation to deal
+# with, since the difficulty of unambiguously representing the epoch
+# during the leap second does not arise.
+#
+# Questions or comments to:
+# Jeff Prillaman
+# Time Service Department
+# US Naval Observatory
+# Washington, DC
+# jeffrey.prillaman@usno.navy.mil
+#
+# Last Update of leap second values: 31 Dec 2015
+#
+# The following line shows this last update date in NTP timestamp
+# format. This is the date on which the most recent change to
+# the leap second data was added to the file. This line can
+# be identified by the unique pair of characters in the first two
+# columns as shown below.
+#
+#$ 3660508800
+#
+# The data in this file will be updated periodically as new leap
+# seconds are announced. In addition to being entered on the line
+# above, the update time (in NTP format) will be added to the basic
+# file name leap-seconds to form the name leap-seconds.<NTP TIME>.
+# In addition, the generic name leap-seconds.list will always point to
+# the most recent version of the file.
+#
+# This update procedure will be performed only when a new leap second
+# is announced.
+#
+# The following entry specifies the expiration date of the data
+# in this file in units of seconds since 1900.0. This expiration date
+# will be changed at least twice per year whether or not a new leap
+# second is announced. These semi-annual changes will be made no
+# later than 1 June and 1 December of each year to indicate what
+# action (if any) is to be taken on 30 June and 31 December,
+# respectively. (These are the customary effective dates for new
+# leap seconds.) This expiration date will be identified by a
+# unique pair of characters in columns 1 and 2 as shown below.
+# In the unlikely event that a leap second is announced with an
+# effective date other than 30 June or 31 December, then this
+# file will be edited to include that leap second as soon as it is
+# announced or at least one month before the effective date
+# (whichever is later).
+# If an announcement by the IERS specifies that no leap second is
+# scheduled, then only the expiration date of the file will
+# be advanced to show that the information in the file is still
+# current -- the update time stamp, the data and the name of the file
+# will not change.
+#
+# Updated through IERS Bulletin C 50
+# File expires on: 1 Jun 2016
+#
+#@ 3673728000
+#
+2272060800 10 # 1 Jan 1972
+2287785600 11 # 1 Jul 1972
+2303683200 12 # 1 Jan 1973
+2335219200 13 # 1 Jan 1974
+2366755200 14 # 1 Jan 1975
+2398291200 15 # 1 Jan 1976
+2429913600 16 # 1 Jan 1977
+2461449600 17 # 1 Jan 1978
+2492985600 18 # 1 Jan 1979
+2524521600 19 # 1 Jan 1980
+2571782400 20 # 1 Jul 1981
+2603318400 21 # 1 Jul 1982
+2634854400 22 # 1 Jul 1983
+2698012800 23 # 1 Jul 1985
+2776982400 24 # 1 Jan 1988
+2840140800 25 # 1 Jan 1990
+2871676800 26 # 1 Jan 1991
+2918937600 27 # 1 Jul 1992
+2950473600 28 # 1 Jul 1993
+2982009600 29 # 1 Jul 1994
+3029443200 30 # 1 Jan 1996
+3076704000 31 # 1 Jul 1997
+3124137600 32 # 1 Jan 1999
+3345062400 33 # 1 Jan 2006
+3439756800 34 # 1 Jan 2009
+3550089600 35 # 1 Jul 2012
+3644697600 36 # 1 Jul 2015
+#
+# the following special comment contains the
+# hash value of the data in this file computed
+# use the secure hash algorithm as specified
+# by FIPS 180-1. See the files in ~/sha for
+# the details of how this hash value is
+# computed. Note that the hash computation
+# ignores comments and whitespace characters
+# in data lines. It includes the NTP values
+# of both the last modification time and the
+# expiration time of the file, but not the
+# white space on those lines.
+# the hash line is also ignored in the
+# computation.
+#
+#h 44a44c49 35b22601 a9c7054c 8c56cf57 9b6f6ed5
+#
diff --git a/etc/periodic/daily/480.leapfile-ntpd b/etc/periodic/daily/480.leapfile-ntpd
new file mode 100755
index 0000000..8429824
--- /dev/null
+++ b/etc/periodic/daily/480.leapfile-ntpd
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_ntpd_leapfile_enable" in
+ [Yy][Ee][Ss])
+ case "$daily_ntpd_avoid_congestion" in
+ [Yy][Ee][Ss])
+ # Avoid dogpiling
+ (sleep $(jot -r 1 0 86400); service ntpd fetch) &
+ ;;
+ *)
+ service ntpd fetch
+ ;;
+ esac
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile
index 593c0f6..617af49 100644
--- a/etc/periodic/daily/Makefile
+++ b/etc/periodic/daily/Makefile
@@ -34,7 +34,8 @@ FILES+= 130.clean-msgs
.endif
.if ${MK_NTP} != "no"
-FILES+= 480.status-ntpd
+FILES+= 480.status-ntpd \
+ 480.leapfile-ntpd
.endif
.if ${MK_PKGTOOLS} != "no"
diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd
index 3935b29..7f28358 100755
--- a/etc/rc.d/ntpd
+++ b/etc/rc.d/ntpd
@@ -14,6 +14,8 @@ name="ntpd"
rcvar="ntpd_enable"
command="/usr/sbin/${name}"
pidfile="/var/run/${name}.pid"
+extra_commands="fetch"
+fetch_cmd="ntpd_fetch_leapfile"
start_precmd="ntpd_precmd"
load_rc_config $name
@@ -30,6 +32,10 @@ ntpd_precmd()
return 0;
fi
+ if [ ! -f $ntp_db_leapfile ]; then
+ ntpd_fetch_leapfile
+ fi
+
# If running in a chroot cage, ensure that the appropriate files
# exist inside the cage, as well as helper symlinks into the cage
# from outside.
@@ -44,10 +50,71 @@ ntpd_precmd()
( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
fi
ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
+ ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile}
# Change run_rc_commands()'s internal copy of $ntpd_flags
#
rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
}
+current_ntp_ts() {
+ # Seconds between 1900-01-01 and 1970-01-01
+ # echo $(((70*365+17)*86400))
+ ntp_to_unix=2208988800
+
+ echo $(($(date -u +%s)+$ntp_to_unix))
+}
+
+get_ntp_leapfile_ver() {
+ expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
+ '^\([1-9][0-9]*\)$' \| 0
+}
+
+get_ntp_leapfile_expiry() {
+ expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
+ '^\([1-9][0-9]*\)$' \| 0
+}
+
+ntpd_fetch_leapfile() {
+ local ntp_tmp_leapfile rc verbose
+
+ if checkyesno ntp_leapfile_fetch_verbose; then
+ verbose=echo
+ else
+ verbose=:
+ fi
+
+ ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
+
+ ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+ ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+ $verbose ntp_src_leapfile version is $ntp_ver_no_src
+ $verbose ntp_db_leapfile version is $ntp_ver_no_db
+
+ if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+ $verbose replacing $ntp_db_leapfile with $ntp_src_leapfile
+ cp -p $ntp_src_leapfile $ntp_db_leapfile
+ ntp_ver_no_db=$ntp_ver_no_src
+ else
+ $verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile
+ fi
+ ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
+ ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+ ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
+ if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
+ $verbose Within ntp leapfile expiry limit, initiating fetch
+ for url in $ntp_leapfile_sources ; do
+ $verbose fetching $url
+ fetch $ntp_leapfile_fetch_opts -o $ntp_tmp_leapfile $url && break
+ done
+ ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
+ if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
+ $verbose using $url as $ntp_db_leapfile
+ mv $ntp_tmp_leapfile $ntp_db_leapfile
+ else
+ $verbose using existing $ntp_db_leapfile
+ fi
+ fi
+}
+
run_rc_command "$1"
OpenPOWER on IntegriCloud