Merge ^/head r294599 through r294776.

7 files changed, 117 insertions, 5 deletions

diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
index e9dac27..2364d7f 100644
--- a/etc/defaults/periodic.conf
+++ b/etc/defaults/periodic.conf
@@ -134,6 +134,11 @@ daily_status_mail_rejects_enable="YES"			# Check mail rejects
 daily_status_mail_rejects_logs=3			# How many logs to check
 daily_status_mail_rejects_shorten="NO"			# Shorten output
 
+# 480.leapfile-ntpd
+daily_ntpd_leapfile_enable="NO"				# Fetch NTP leapfile
+daily_ntpd_avoid_congestion="YES"			# Avoid congesting
+							# leapfile sources
+
 # 480.status-ntpd
 daily_status_ntpd_enable="NO"				# Check NTP status
 
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 54facb8..380f0d3 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -362,6 +362,15 @@ ntpd_config="/etc/ntp.conf"	# ntpd(8) configuration file
 ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset is high
 ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
 				# Flags to ntpd (if enabled).
+ntp_src_leapfile="/etc/ntp/leap-seconds"
+				# Initial source for ntpd leapfile
+ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
+				# Working copy (updated weekly) leapfile
+ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
+				# Source from which to fetch leapfile
+ntp_leapfile_expiry_days=30	# Check for new leapfile 30 days prior to
+				# expiry.
+ntp_leapfile_fetch_verbose="NO"	# Be verbose during NTP leapfile fetch
 
 # Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
 nis_client_enable="NO"		# We're an NIS client (or NO).
diff --git a/etc/ntp.conf b/etc/ntp.conf
index c4ad0aa..64edd93 100644
--- a/etc/ntp.conf
+++ b/etc/ntp.conf
@@ -81,4 +81,6 @@ restrict 127.127.1.0
 # See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
 # for documentation regarding leapfile. Updates to the file can be obtained
 # from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
-leapfile "/etc/ntp/leap-seconds"
+# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
+#leapfile "/etc/ntp/leap-seconds"
+leapfile "/var/db/ntpd.leap-seconds.list"
diff --git a/etc/periodic/daily/480.leapfile-ntpd b/etc/periodic/daily/480.leapfile-ntpd
new file mode 100755
index 0000000..8429824
--- /dev/null
+++ b/etc/periodic/daily/480.leapfile-ntpd
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_ntpd_leapfile_enable" in
+    [Yy][Ee][Ss])
+	case "$daily_ntpd_avoid_congestion" in
+    	[Yy][Ee][Ss])
+	    # Avoid dogpiling
+	    (sleep $(jot -r 1 0 86400); service ntpd fetch) &
+	    ;;
+	*)
+	    service ntpd fetch
+	    ;;
+	esac
+	;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile
index 939dd15..de0f8f2 100644
--- a/etc/periodic/daily/Makefile
+++ b/etc/periodic/daily/Makefile
@@ -35,7 +35,8 @@ FILES+=	130.clean-msgs
 .endif
 
 .if ${MK_NTP} != "no"
-FILES+=	480.status-ntpd
+FILES+=	480.status-ntpd \
+	480.leapfile-ntpd
 .endif
 
 .if ${MK_RCMDS} != "no"
diff --git a/etc/rc.d/jail b/etc/rc.d/jail
index a1b4bbc..fa0bc46 100755
--- a/etc/rc.d/jail
+++ b/etc/rc.d/jail
@@ -32,7 +32,7 @@ need_dad_wait=
 #	Extract value from ${jail_$jv_$name} or ${jail_$name} and
 #	set it to $param.  If not defined, $defval is used.
 #	When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and
-#	$param is set by using +=.
+#	$param is set by using +=.  $num=0 is optional (params may start at 1).
 #	When $num is YN or NY, the value is interpret as boolean.
 extract_var()
 {
@@ -72,7 +72,7 @@ extract_var()
 			eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\"
 			if [ -n "$_tmpargs" ]; then 
 				echo "	$_param += \"$_tmpargs\";"
-			else
+			elif [ $i != 0 ]; then
 				break;
 			fi
 			i=$(($i + 1))
@@ -202,7 +202,7 @@ parse_options()
 		extract_var $_jv exec_poststop exec.poststop 0 ""
 
 		echo "	exec.start += \"$_exec_start\";"
-		extract_var $_jv exec_afterstart exec.start 1 ""
+		extract_var $_jv exec_afterstart exec.start 0 ""
 		echo "	exec.stop = \"$_exec_stop\";"
 
 		extract_var $_jv consolelog exec.consolelog - \
diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd
index 3935b29..f014110 100755
--- a/etc/rc.d/ntpd
+++ b/etc/rc.d/ntpd
@@ -14,6 +14,8 @@ name="ntpd"
 rcvar="ntpd_enable"
 command="/usr/sbin/${name}"
 pidfile="/var/run/${name}.pid"
+extra_commands="fetch"
+fetch_cmd="ntpd_fetch_leapfile"
 start_precmd="ntpd_precmd"
 
 load_rc_config $name
@@ -30,6 +32,10 @@ ntpd_precmd()
 		return 0;
 	fi
 
+	if [ ! -f $ntp_db_leapfile ]; then
+		ntpd_fetch_leapfile
+	fi
+
 	# If running in a chroot cage, ensure that the appropriate files
 	# exist inside the cage, as well as helper symlinks into the cage
 	# from outside.
@@ -44,10 +50,71 @@ ntpd_precmd()
 		( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
 	fi
 	ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
+	ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile}
 
 	#	Change run_rc_commands()'s internal copy of $ntpd_flags
 	#
 	rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
 }
 
+current_ntp_ts() {
+	# Seconds between 1900-01-01 and 1970-01-01
+	# echo $(((70*365+17)*86400))
+	ntp_to_unix=2208988800
+
+	echo $(($(date -u +%s)+$ntp_to_unix))
+}
+	
+get_ntp_leapfile_ver() {
+	expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+get_ntp_leapfile_expiry() {
+	expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+ntpd_fetch_leapfile() {
+	local ntp_tmp_leapfile rc verbose
+	
+	if checkyesno ntp_leapfile_fetch_verbose; then
+		verbose=echo
+	else
+		verbose=:
+	fi
+
+	ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
+
+	ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+	ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+	$verbose ntp_src_leapfile version is $ntp_ver_no_src
+	$verbose ntp_db_leapfile version is $ntp_ver_no_db
+
+	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+		$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile 
+		cp -p $ntp_src_leapfile $ntp_db_leapfile
+		ntp_ver_no_db=$ntp_ver_no_src
+	else
+		$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile 
+	fi
+	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
+	ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+	ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
+	if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
+		$verbose Within ntp leapfile expiry limit, initiating fetch
+		for url in $ntp_leapfile_sources ; do
+			$verbose fetching $url
+			fetch -mqo $ntp_tmp_leapfile $url && break
+		done
+		ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
+		if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
+			$verbose using $url as $ntp_db_leapfile
+			mv $ntp_tmp_leapfile $ntp_db_leapfile
+		else
+			$verbose using existing $ntp_db_leapfile
+		fi
+	fi
+}
+
 run_rc_command "$1"