From: Frank Brehm Date: Wed, 7 Apr 2021 20:09:52 +0000 (+0200) Subject: committing changes in /etc made by "apt install chrony" X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=20f5ca8548df911e76af9abac2cacbda2ce65899;p=config%2Fhelga-hetzner%2Fetc.git committing changes in /etc made by "apt install chrony" Package changes: +chrony 3.4-4+deb10u1 amd64 --- diff --git a/.etckeeper b/.etckeeper index 0496330..cea78b0 100755 --- a/.etckeeper +++ b/.etckeeper @@ -23,7 +23,6 @@ mkdir -p './initramfs-tools/scripts/nfs-premount' mkdir -p './initramfs-tools/scripts/nfs-top' mkdir -p './initramfs-tools/scripts/panic' mkdir -p './kernel/install.d' -mkdir -p './network/if-post-down.d' mkdir -p './opt' mkdir -p './perl/CPAN' mkdir -p './qemu/fsfreeze-hook.d' @@ -40,6 +39,7 @@ maybe chmod 0700 '.etckeeper' maybe chmod 0600 '.gitignore' maybe chmod 0755 'NetworkManager' maybe chmod 0755 'NetworkManager/dispatcher.d' +maybe chmod 0755 'NetworkManager/dispatcher.d/20-chrony' maybe chmod 0755 'NetworkManager/dispatcher.d/cloud-init-hook-network-manager' maybe chmod 0755 'X11' maybe chmod 0755 'X11/Xsession.d' @@ -57,8 +57,10 @@ maybe chmod 0755 'apparmor.d' maybe chmod 0755 'apparmor.d/force-complain' maybe chmod 0755 'apparmor.d/local' maybe chmod 0644 'apparmor.d/local/usr.bin.man' +maybe chmod 0644 'apparmor.d/local/usr.sbin.chronyd' maybe chmod 0644 'apparmor.d/local/usr.sbin.named' maybe chmod 0644 'apparmor.d/usr.bin.man' +maybe chmod 0644 'apparmor.d/usr.sbin.chronyd' maybe chmod 0644 'apparmor.d/usr.sbin.named' maybe chmod 0755 'apt' maybe chmod 0644 'apt/SALTSTACK-GPG-KEY.pub' @@ -135,6 +137,9 @@ maybe chmod 0644 'ca-certificates.conf' maybe chmod 0755 'ca-certificates/update.d' maybe chmod 0755 'calendar' maybe chmod 0644 'calendar/default' +maybe chmod 0755 'chrony' +maybe chmod 0644 'chrony/chrony.conf' +maybe chmod 0640 'chrony/chrony.keys' maybe chmod 0755 'cloud' maybe chmod 0644 'cloud/cloud.cfg' maybe chmod 0755 'cloud/cloud.cfg.d' @@ -239,6 +244,7 @@ maybe chmod 0755 'default' maybe chmod 0644 'default/acpid' maybe chmod 0644 'default/bind9' maybe chmod 0644 'default/bsdmainutils' +maybe chmod 0644 'default/chrony' maybe chmod 0644 'default/console-setup' maybe chmod 0644 'default/cron' maybe chmod 0644 'default/cryptdisks' @@ -261,6 +267,7 @@ maybe chmod 0755 'dhcp' maybe chmod 0644 'dhcp/debug' maybe chmod 0755 'dhcp/dhclient-enter-hooks.d' maybe chmod 0755 'dhcp/dhclient-exit-hooks.d' +maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/chrony' maybe chmod 0755 'dhcp/dhclient-exit-hooks.d/hook-dhclient' maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes' maybe chmod 0644 'dhcp/dhclient-exit-hooks.d/timesyncd' @@ -352,6 +359,7 @@ maybe chmod 0755 'init.d' maybe chmod 0755 'init.d/acpid' maybe chmod 0755 'init.d/atd' maybe chmod 0755 'init.d/bind9' +maybe chmod 0755 'init.d/chrony' maybe chmod 0755 'init.d/cloud-config' maybe chmod 0755 'init.d/cloud-final' maybe chmod 0755 'init.d/cloud-init' @@ -448,6 +456,7 @@ maybe chmod 0644 'logrotate.d/apt' maybe chmod 0644 'logrotate.d/aptitude' maybe chmod 0644 'logrotate.d/bind' maybe chmod 0644 'logrotate.d/btmp' +maybe chmod 0644 'logrotate.d/chrony' maybe chmod 0644 'logrotate.d/dpkg' maybe chmod 0644 'logrotate.d/rsyslog' maybe chmod 0644 'logrotate.d/wtmp' @@ -486,10 +495,12 @@ maybe chmod 0755 'network' maybe chmod 0755 'network/if-down.d' maybe chmod 0755 'network/if-down.d/bind9' maybe chmod 0755 'network/if-post-down.d' +maybe chmod 0755 'network/if-post-down.d/chrony' maybe chmod 0755 'network/if-pre-up.d' maybe chmod 0755 'network/if-pre-up.d/ethtool' maybe chmod 0755 'network/if-up.d' maybe chmod 0755 'network/if-up.d/bind9' +maybe chmod 0755 'network/if-up.d/chrony' maybe chmod 0755 'network/if-up.d/ethtool' maybe chmod 0644 'network/interfaces' maybe chmod 0755 'network/interfaces.d' @@ -529,8 +540,10 @@ maybe chmod 0644 'perl/Net/libnet.cfg' maybe chmod 0755 'ppp' maybe chmod 0755 'ppp/ip-down.d' maybe chmod 0755 'ppp/ip-down.d/bind9' +maybe chmod 0755 'ppp/ip-down.d/chrony' maybe chmod 0755 'ppp/ip-up.d' maybe chmod 0755 'ppp/ip-up.d/bind9' +maybe chmod 0755 'ppp/ip-up.d/chrony' maybe chmod 0644 'profile' maybe chmod 0755 'profile.d' maybe chmod 0644 'profile.d/Z99-cloud-locale-test.sh' diff --git a/NetworkManager/dispatcher.d/20-chrony b/NetworkManager/dispatcher.d/20-chrony new file mode 100755 index 0000000..0b0c3e7 --- /dev/null +++ b/NetworkManager/dispatcher.d/20-chrony @@ -0,0 +1,15 @@ +#!/bin/sh +# This is a NetworkManager dispatcher / networkd-dispatcher script for +# chronyd to set its NTP sources online or offline when a network interface +# is configured or removed + +export LC_ALL=C + +# For NetworkManager consider only up/down events +[ $# -ge 2 ] && [ "$2" != "up" ] && [ "$2" != "down" ] && exit 0 + +# Note: for networkd-dispatcher routable.d ~= on and off.d ~= off + +chronyc onoffline > /dev/null 2>&1 + +exit 0 diff --git a/apparmor.d/local/usr.sbin.chronyd b/apparmor.d/local/usr.sbin.chronyd new file mode 100644 index 0000000..e69de29 diff --git a/apparmor.d/usr.sbin.chronyd b/apparmor.d/usr.sbin.chronyd new file mode 100644 index 0000000..04f9d47 --- /dev/null +++ b/apparmor.d/usr.sbin.chronyd @@ -0,0 +1,61 @@ +# Last Modified: Sat Jan 20 10:45:05 2018 +#include + +/usr/sbin/chronyd (attach_disconnected) { + #include + #include + + capability sys_time, + capability net_bind_service, + capability setuid, + capability setgid, + capability sys_nice, + capability sys_resource, + # for /run/chrony to be created + capability chown, + # Needed to support HW timestamping + capability net_admin, + + /usr/sbin/chronyd mr, + + /etc/chrony/{,**} r, + /{,var/}run/chronyd.pid w, + /{,var/}run/chrony/{,*} rw, + /var/lib/chrony/{,*} r, + /var/lib/chrony/* w, + /var/log/chrony/{,*} r, + /var/log/chrony/* w, + + # Using the “tempcomp” directive gives chronyd the ability to improve + # the stability and accuracy of the clock by compensating the temperature + # changes measured by a sensor close to the oscillator. + @{sys}/class/hwmon/hwmon[0-9]*/temp[0-9]*_input r, + @{sys}/devices/virtual/thermal/thermal_zone[0-9]*/hwmon[0-9]*/temp[0-9]*_input r, + + # Support all paths suggested in the man page (LP: #1771028). Assume these + # are common use cases; others should be set as local include (see below). + # Configs using a 'chrony.' prefix like the tempcomp config file example + /etc/chrony.* r, + # Example gpsd socket is outside /{,var/}run/chrony/ + /{,var/}run/chrony.tty{,*}.sock rw, + # To sign replies to MS-SNTP clients by the smbd daemon + /var/lib/samba/ntp_signd r, + /var/lib/samba/ntp_signd/{,*} rw, + + # rtc + /etc/adjtime r, + /dev/rtc{,[0-9]*} rw, + + # gps devices + /dev/pps[0-9]* rw, + /dev/ptp[0-9]* rw, + + # For use with clocks that report via shared memory (e.g. gpsd), + # you may need to give ntpd access to all of shared memory, though + # this can be considered dangerous. See https://launchpad.net/bugs/722815 + # for details. To enable, add this to local/usr.sbin.chronyd: + # capability ipc_owner, + + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/chrony/chrony.conf b/chrony/chrony.conf new file mode 100644 index 0000000..6c19767 --- /dev/null +++ b/chrony/chrony.conf @@ -0,0 +1,28 @@ +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usuable directives. +pool 2.debian.pool.ntp.org iburst + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can’t be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1 3 diff --git a/chrony/chrony.keys b/chrony/chrony.keys new file mode 100644 index 0000000..cee70b3 --- /dev/null +++ b/chrony/chrony.keys @@ -0,0 +1,10 @@ +# This file is solely used for NTP authentication with symmetric keys +# as defined by RFC 1305 and RFC 5905. +# +# It can contain ID/key pairs which can be generated using the “keygen” option +# from “chronyc”; for example: +# chronyc keygen 1 SHA256 256 >> /etc/chrony/chrony.keys +# would generate a 256-bit SHA-256 key using ID 1. +# +# A list of supported hash functions and output encoding can be found in +# the "keyfile" section from the "/usr/share/doc/chrony/chrony.txt.gz" file. diff --git a/default/chrony b/default/chrony new file mode 100644 index 0000000..eead3e6 --- /dev/null +++ b/default/chrony @@ -0,0 +1,6 @@ +# This is a configuration file for /etc/init.d/chrony and +# /lib/systemd/system/chrony.service; it allows you to pass various options to +# the chrony daemon without editing the init script or service file. + +# Options to pass to chrony. +DAEMON_OPTS="-F -1" diff --git a/dhcp/dhclient-exit-hooks.d/chrony b/dhcp/dhclient-exit-hooks.d/chrony new file mode 100644 index 0000000..690f3ab --- /dev/null +++ b/dhcp/dhclient-exit-hooks.d/chrony @@ -0,0 +1,25 @@ +SERVERFILE=/var/lib/dhcp/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + for server in $new_ntp_servers; do + echo "$server iburst" >> $SERVERFILE + done + /usr/lib/chrony/chrony-helper update-daemon || : +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + /usr/lib/chrony/chrony-helper update-daemon || : + fi +} + +case $reason in + BOUND|RENEW|REBIND|REBOOT) + chrony_config + ;; + EXPIRE|FAIL|RELEASE|STOP) + chrony_restore + ;; +esac diff --git a/group b/group index b047672..2c89513 100644 --- a/group +++ b/group @@ -51,3 +51,4 @@ ssh:x:111: systemd-coredump:x:999: bind:x:112: mlocate:x:113: +_chrony:x:114: diff --git a/group- b/group- index eb0de48..b047672 100644 --- a/group- +++ b/group- @@ -50,3 +50,4 @@ messagebus:x:110: ssh:x:111: systemd-coredump:x:999: bind:x:112: +mlocate:x:113: diff --git a/gshadow b/gshadow index 7ab0b53..6394cc6 100644 --- a/gshadow +++ b/gshadow @@ -51,3 +51,4 @@ ssh:!:: systemd-coredump:!!:: bind:!:: mlocate:!:: +_chrony:!:: diff --git a/gshadow- b/gshadow- index 24ca8c4..7ab0b53 100644 --- a/gshadow- +++ b/gshadow- @@ -50,3 +50,4 @@ messagebus:!:: ssh:!:: systemd-coredump:!!:: bind:!:: +mlocate:!:: diff --git a/init.d/chrony b/init.d/chrony new file mode 100755 index 0000000..bc376b5 --- /dev/null +++ b/init.d/chrony @@ -0,0 +1,73 @@ +#! /bin/sh +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for Debian by Christoph Lameter +# Modified for chrony by John Hasler 1998-2012 +# Modified for Debian by Vincent Blut + +### BEGIN INIT INFO +# Provides: chrony +# Required-Start: $remote_fs +# Required-Stop: $remote_fs +# Should-Start: $syslog $network $named $time +# Should-Stop: $syslog $network $named $time +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Controls chronyd NTP time daemon +# Description: Chronyd is the NTP time daemon in the Chrony package +### END INIT INFO + +PATH=/bin:/usr/bin:/sbin:/usr/sbin +DAEMON=/usr/sbin/chronyd +NAME="chronyd" +DESC="time daemon" +PIDFILE=/run/chronyd.pid +CHRONY_HELPER=/usr/lib/chrony/chrony-helper + +[ -x "$DAEMON" ] || exit 0 + +. /lib/lsb/init-functions + +# Override this variable by editing /etc/default/chrony. +DAEMON_OPTS="" +if [ -f /etc/default/chrony ]; then + . /etc/default/chrony +fi + +case "$1" in + start) + if $0 status > /dev/null ; then + log_success_msg "$NAME is already running" + else + log_daemon_msg "Starting $DESC" "$NAME" + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS + if [ -x $CHRONY_HELPER ]; then + $CHRONY_HELPER update-daemon + fi + log_end_msg $? + fi + ;; + + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --remove-pidfile --exec $DAEMON + log_end_msg $? + ;; + + restart|force-reload) + $0 stop + $0 start + ;; + + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + + *) + log_action_msg "Usage: /etc/init.d/chrony {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac + +exit 0 diff --git a/logrotate.d/chrony b/logrotate.d/chrony new file mode 100644 index 0000000..2823a1a --- /dev/null +++ b/logrotate.d/chrony @@ -0,0 +1,8 @@ +/var/log/chrony/*.log { + missingok + nocreate + sharedscripts + postrotate + /usr/bin/chronyc cyclelogs > /dev/null 2>&1 || true + endscript +} diff --git a/network/if-post-down.d/chrony b/network/if-post-down.d/chrony new file mode 100755 index 0000000..2505e5a --- /dev/null +++ b/network/if-post-down.d/chrony @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +[ -x /usr/sbin/chronyd ] || exit 0 + +if [ -e /run/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/network/if-up.d/chrony b/network/if-up.d/chrony new file mode 100755 index 0000000..2505e5a --- /dev/null +++ b/network/if-up.d/chrony @@ -0,0 +1,11 @@ +#!/bin/sh + +set -e + +[ -x /usr/sbin/chronyd ] || exit 0 + +if [ -e /run/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/passwd b/passwd index 303c799..73bd5bf 100644 --- a/passwd +++ b/passwd @@ -24,3 +24,4 @@ messagebus:x:104:110::/nonexistent:/usr/sbin/nologin sshd:x:105:65534::/run/sshd:/usr/sbin/nologin systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin bind:x:106:112::/var/cache/bind:/usr/sbin/nologin +_chrony:x:107:114:Chrony daemon,,,:/var/lib/chrony:/usr/sbin/nologin diff --git a/passwd- b/passwd- index 303c799..4926c44 100644 --- a/passwd- +++ b/passwd- @@ -24,3 +24,4 @@ messagebus:x:104:110::/nonexistent:/usr/sbin/nologin sshd:x:105:65534::/run/sshd:/usr/sbin/nologin systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin bind:x:106:112::/var/cache/bind:/usr/sbin/nologin +_chrony:x:107:114::/var/lib/chrony:/usr/sbin/nologin diff --git a/ppp/ip-down.d/chrony b/ppp/ip-down.d/chrony new file mode 100755 index 0000000..da15be4 --- /dev/null +++ b/ppp/ip-down.d/chrony @@ -0,0 +1,13 @@ +#!/bin/sh +# This script tells chronyd that the connection is down +# so that it won't try to contact the server. +# John Hasler 1998-2003 +# Any possessor of a copy of this program may treat it as if it +# were in the public domain. I waive all rights. +# Modified by Vincent Blut + +if [ -e /run/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/ppp/ip-up.d/chrony b/ppp/ip-up.d/chrony new file mode 100755 index 0000000..7bc92de --- /dev/null +++ b/ppp/ip-up.d/chrony @@ -0,0 +1,12 @@ +#!/bin/sh +# This script tells chronyd that the connection is up so that it can +# contact the server. John Hasler 1998-2003 +# Any possessor of a copy of this program may treat it as if it +# were in the public domain. I waive all rights. +# Modified by Vincent Blut + +if [ -e /run/chronyd.pid ]; then + chronyc onoffline > /dev/null 2>&1 +fi + +exit 0 diff --git a/rc0.d/K01chrony b/rc0.d/K01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc0.d/K01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc1.d/K01chrony b/rc1.d/K01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc1.d/K01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc2.d/S01chrony b/rc2.d/S01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc2.d/S01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc3.d/S01chrony b/rc3.d/S01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc3.d/S01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc4.d/S01chrony b/rc4.d/S01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc4.d/S01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc5.d/S01chrony b/rc5.d/S01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc5.d/S01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/rc6.d/K01chrony b/rc6.d/K01chrony new file mode 120000 index 0000000..53f1361 --- /dev/null +++ b/rc6.d/K01chrony @@ -0,0 +1 @@ +../init.d/chrony \ No newline at end of file diff --git a/shadow b/shadow index 00cd84d..1db3181 100644 --- a/shadow +++ b/shadow @@ -24,3 +24,4 @@ messagebus:*:18686:0:99999:7::: sshd:*:18686:0:99999:7::: systemd-coredump:!!:18686:::::: bind:*:18724:0:99999:7::: +_chrony:*:18724:0:99999:7::: diff --git a/shadow- b/shadow- index 00cd84d..1db3181 100644 --- a/shadow- +++ b/shadow- @@ -24,3 +24,4 @@ messagebus:*:18686:0:99999:7::: sshd:*:18686:0:99999:7::: systemd-coredump:!!:18686:::::: bind:*:18724:0:99999:7::: +_chrony:*:18724:0:99999:7::: diff --git a/systemd/system/chronyd.service b/systemd/system/chronyd.service new file mode 120000 index 0000000..cf434ea --- /dev/null +++ b/systemd/system/chronyd.service @@ -0,0 +1 @@ +/lib/systemd/system/chrony.service \ No newline at end of file diff --git a/systemd/system/multi-user.target.wants/chrony.service b/systemd/system/multi-user.target.wants/chrony.service new file mode 120000 index 0000000..cf434ea --- /dev/null +++ b/systemd/system/multi-user.target.wants/chrony.service @@ -0,0 +1 @@ +/lib/systemd/system/chrony.service \ No newline at end of file