From 7a526a85ee4393bff52dc0af62f0d6005054a190 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Thu, 25 Oct 2018 11:13:35 +0200
Subject: [PATCH] Back to NTP

---
 bin/postinst | 111 ++++++++++++++-------------------------------------
 1 file changed, 29 insertions(+), 82 deletions(-)

diff --git a/bin/postinst b/bin/postinst
index 86bc1c5..f68a36b 100644
--- a/bin/postinst
+++ b/bin/postinst
@@ -572,105 +572,52 @@ install_legato_networker() {
 }
 
 #-----------------------------------------------------------
-install_chrony() {
+install_ntp() {
 
     echo
     echo "${HASH_LINE}"
     echo
-    log "Deinstalling ntp ..."
-    echo "Stopping ntpd.service ..."
-    systemctl stop ntpd.service
-    echo "Disabling ntpd.service ..."
-    systemctl disable ntpd.service
-    echo "Deinstalling ntp ..."
-    yum remove -y ntp
+    log "Deinstalling chrony from whatever reason ..."
+    echo "Stopping chronyd ..."
+    systemctl stop chronyd
+    echo "Disabling chronyd ..."
+    systemctl disable chronyd
+    echo "Deinstalling chrony ..."
+    yum remove -y chrony
 
     echo
-    log "Installing Chrony ..."
-    if yum install -y chrony ; then
+    log "Installing NTP ..."
+    if yum install -y ntp ; then
         :
     else
-        echo "[$(date)]: Could not install chrony" | tee -a "${ERROR_POINTER}"
+        echo "[$(date)]: Could not install ntp." | tee -a "${ERROR_POINTER}"
     fi
 
-    echo "Configuring chrony ..."
-
-    cat <<-EOF > /etc/chrony.conf
-	# Chrony configuration
-
-	# Using timeservers of pixelpark
+    echo "Cofiguring ntpd ..."
+    mkdir -pv /etc/ntp
+
+    cat <<-EOF > /etc/ntp.conf
+	tinker panic 0
+	driftfile /var/lib/ntp/drift
+	# Permit time synchronization with our time source, but do not
+	# permit the source to query or modify the service on this system.
+	restrict default kod nomodify notrap nopeer noquery
+	restrict -6 default kod nomodify notrap nopeer noquery
+	restrict 127.0.0.1
+	restrict -6 ::1
 	server time01.pixelpark.com iburst
 	server time02.pixelpark.com iburst
 	server time03.pixelpark.com iburst
 
-	# Record the rate at which the system clock gains/losses time.
-	driftfile /var/lib/chrony/drift
-
-	# Allow the system clock to be stepped in the first three updates
-	# if its offset is larger than 1 second.
-	makestep 1.0 3
-
-	# Enable kernel synchronization of the real-time clock (RTC).
-	rtcsync
-
-	# Enable hardware timestamping on all interfaces that support it.
-	#hwtimestamp *
-
-	# Increase the minimum number of selectable sources required to adjust
-	# the system clock.
-	minsources 2
-
-	# Allow NTP client access from local network.
-	#allow 192.168.0.0/16
-	allow 10/8
-	allow 192.168/16
-	allow 172.16/12
-
-	# Serve time even if not synchronized to a time source.
-	local stratum 10
-
-	# Specify file containing keys for NTP authentication.
-	keyfile /etc/chrony.keys
-
-	# Specify directory for log files.
-	logdir /var/log/chrony
-
-	# Select which information is logged.
-	log measurements statistics tracking
-
 	EOF
 
-    echo "Configuring chrony keys ..."
-
-    cat <<-EOF > /etc/chrony.keys
-	# This is the chrony keys file. It is used for NTP authentication with
-	# symmetric keys. It should be readable only by root or the user to which
-	# chronyd is configured to switch to after start.
-
-	# Examples of valid keys:
-
-	#1 MD5 AVeryLongAndRandomPassword
-	#2 MD5 HEX:12114855C7931009B4049EF3EFC48A139C3F989F
-	#3 SHA1 HEX:B2159C05D6A219673A3B7E896B6DE07F6A440995
-
-	1 SHA256 HEX:4739BD84604DE5A1CCEE906C23EB3947398B31DA33BD0C5FE9A863B4CA9BA4AA
-	2 MD5 HEX:4D534773C63AA638BE493B154844AADEEFFCA0AB98358E61815FA12466C8C807
+    cat <<-EOF > /etc/ntp/step-tickers
+	time01.pixelpark.com
+	time02.pixelpark.com
+	time03.pixelpark.com
 	EOF
 
-    chown -v root:chrony /etc/chrony.keys
-    chmod -v 0640 /etc/chrony.keys
-
-    echo "Ensuring /var/lib/chrony ..."
-    mkdir -pv /var/lib/chrony
-    cmmod -v 0755 /var/lib/chrony
-    chown -v chrony:chrony /var/lib/chrony
-
-    echo "Ensuring /var/log/chrony ..."
-    mkdir -pv /var/log/chrony
-    cmmod -v 0755 /var/log/chrony
-    chown -v chrony:chrony /var/log/chrony
-
-    systemctl enable chronyd.service
+    systemctl enable ntpd
 
 }
 
@@ -1136,7 +1083,7 @@ main() {
     remove_ipv6_localhost
     create_motd
     install_legato_networker
-    install_chrony
+    install_ntp
     install_openvm_tools
     remove_uek_packages
     disable_floppy
-- 
2.39.5