MFC r289421, r293037, r294773, and r294884.

ntp leap-leapseconds support.

r289421:

Add default leap-seconds file. This should help ntp networks get the
leap second date correct

Updates to the file can be obtained from ftp://time.nist.gov/pub/ or
ftp://tycho.usno.navy.mil/pub/ntp/.

r293037:

Update leap-seconds to latest. This will satisfy the ntpd leap-second
version check.

r294773:

Add support for automatic leap-second file updates.

The working copy of leapfile resides in /var/dbntpd.leap-seconds.list.
/etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/
or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should
automatic leapfile updates be disabled (default).

Automatic leapfile updates are fetched from $ntp_leapfile_sources,
defaulting to https://www.ietf.org/timezones/data/leap-seconds.list,
within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds
file expiry. Automatic updates can be enabled by setting
$daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting
the ntp leapfile source the automatic update randomized by default but
can be disabled through daily_ntpd_avoid_congestion="NO" in
periodic.conf.

r294884:

Allow specification of fetch options for ntp leap-seconds fetch.

Approved by:	re (gjb)

etc/Makefile

@@ -244,6 +244,9 @@ distribution:
 	${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
 	${_+_}cd ${.CURDIR}/devd; ${MAKE} install
 	${_+_}cd ${.CURDIR}/gss; ${MAKE} install
+.if ${MK_NTP} != "no"
+	${_+_}cd ${.CURDIR}/ntp; ${MAKE} install
+.endif
 	${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
 .if ${MK_PKGBOOTSTRAP} != "no"
 	${_+_}cd ${.CURDIR}/pkg; ${MAKE} install

etc/defaults/periodic.conf

@@ -138,6 +138,11 @@ daily_status_mail_rejects_enable="YES"			# Check mail rejects
 daily_status_mail_rejects_logs=3			# How many logs to check
 daily_status_mail_rejects_shorten="NO"			# Shorten output
 
+# 480.leapfile-ntpd
+daily_ntpd_leapfile_enable="NO"				# Fetch NTP leapfile
+daily_ntpd_avoid_congestion="YES"			# Avoid congesting
+							# leapfile sources
+
 # 480.status-ntpd
 daily_status_ntpd_enable="NO"				# Check NTP status
 

etc/defaults/rc.conf

@@ -366,6 +366,17 @@ ntpd_config="/etc/ntp.conf"	# ntpd(8) configuration file
 ntpd_sync_on_start="NO"		# Sync time on ntpd startup, even if offset is high
 ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
 				# Flags to ntpd (if enabled).
+ntp_src_leapfile="/etc/ntp/leap-seconds"
+				# Initial source for ntpd leapfile
+ntp_db_leapfile="/var/db/ntpd.leap-seconds.list"
+				# Working copy (updated weekly) leapfile
+ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list"
+				# Source from which to fetch leapfile
+ntp_leapfile_fetch_opts="-mq"	# Options to use for ntp leapfile fetch,
+				# e.g. --no-verify-peer
+ntp_leapfile_expiry_days=30	# Check for new leapfile 30 days prior to
+				# expiry.
+ntp_leapfile_fetch_verbose="NO"	# Be verbose during NTP leapfile fetch
 
 # Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
 nis_client_enable="NO"		# We're an NIS client (or NO).

etc/mtree/BSD.var.dist

@@ -46,6 +46,8 @@
         ..
         ipf             mode=0700
         ..
+        ntp             mode=0700
+        ..
         pkg
         ..
         ports

etc/ntp.conf

@@ -77,3 +77,10 @@ restrict 127.127.1.0
 #
 #server 127.127.1.0
 #fudge 127.127.1.0 stratum 10
+
+# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14.
+# for documentation regarding leapfile. Updates to the file can be obtained
+# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/.
+# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db.
+#leapfile "/etc/ntp/leap-seconds"
+leapfile "/var/db/ntpd.leap-seconds.list"

etc/ntp/Makefile

@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+NO_OBJ=
+
+FILES=	leap-seconds
+
+FILESDIR=	/etc/ntp
+FILESMODE=	644
+
+.include <bsd.prog.mk>

etc/ntp/leap-seconds

@@ -0,0 +1,221 @@
+#
+# $FreeBSD$
+#
+#	In the following text, the symbol '#' introduces
+#	a comment, which continues from that symbol until 
+#	the end of the line. A plain comment line has a
+#	whitespace character following the comment indicator.
+#	There are also special comment lines defined below. 
+#	A special comment will always have a non-whitespace 
+#	character in column 2.
+#
+#	A blank line should be ignored.
+#
+#	The following table shows the corrections that must
+#	be applied to compute International Atomic Time (TAI)
+#	from the Coordinated Universal Time (UTC) values that
+#	are transmitted by almost all time services.
+#
+#	The first column shows an epoch as a number of seconds
+#	since 1900.0 and the second column shows the number of
+#	seconds that must be added to UTC to compute TAI for
+#	any timestamp at or after that epoch. The value on 
+#	each line is valid from the indicated initial instant
+#	until the epoch given on the next one or indefinitely 
+#	into the future if there is no next line.
+#	(The comment on each line shows the representation of
+#	the corresponding initial epoch in the usual 
+#	day-month-year format. The epoch always begins at
+#	00:00:00 UTC on the indicated day. See Note 5 below.)
+#	
+#	Important notes:
+#
+#	1. Coordinated Universal Time (UTC) is often referred to
+#	as Greenwich Mean Time (GMT). The GMT time scale is no
+#	longer used, and the use of GMT to designate UTC is
+#	discouraged.
+#
+#	2. The UTC time scale is realized by many national 
+#	laboratories and timing centers. Each laboratory
+#	identifies its realization with its name: Thus
+#	UTC(NIST), UTC(USNO), etc. The differences among
+#	these different realizations are typically on the
+#	order of a few nanoseconds (i.e., 0.000 000 00x s)
+#	and can be ignored for many purposes. These differences
+#	are tabulated in Circular T, which is published monthly
+#	by the International Bureau of Weights and Measures
+#	(BIPM). See www.bipm.fr for more information.
+#
+#	3. The current defintion of the relationship between UTC 
+#	and TAI dates from 1 January 1972. A number of different 
+#	time scales were in use before than epoch, and it can be 
+#	quite difficult to compute precise timestamps and time 
+#	intervals in those "prehistoric" days. For more information,
+#	consult:
+#
+#		The Explanatory Supplement to the Astronomical
+#		Ephemeris.
+#	or
+#		Terry Quinn, "The BIPM and the Accurate Measurement
+#		of Time," Proc. of the IEEE, Vol. 79, pp. 894-905,
+#		July, 1991.
+#
+#	4.  The insertion of leap seconds into UTC is currently the
+#	responsibility of the International Earth Rotation Service,
+#	which is located at the Paris Observatory: 
+#
+#	Central Bureau of IERS
+#	61, Avenue de l'Observatoire
+#	75014 Paris, France.
+#
+#	Leap seconds are announced by the IERS in its Bulletin C
+#
+#	See hpiers.obspm.fr or www.iers.org for more details.
+#
+#	All national laboratories and timing centers use the
+#	data from the BIPM and the IERS to construct their
+#	local realizations of UTC.
+#
+#	Although the definition also includes the possibility
+#	of dropping seconds ("negative" leap seconds), this has 
+#	never been done and is unlikely to be necessary in the 
+#	foreseeable future.
+#
+#	5. If your system keeps time as the number of seconds since
+#	some epoch (e.g., NTP timestamps), then the algorithm for
+#	assigning a UTC time stamp to an event that happens during a positive
+#	leap second is not well defined. The official name of that leap 
+#	second is 23:59:60, but there is no way of representing that time 
+#	in these systems. 
+#	Many systems of this type effectively stop the system clock for 
+#	one second during the leap second and use a time that is equivalent 
+#	to 23:59:59 UTC twice. For these systems, the corresponding TAI 
+#	timestamp would be obtained by advancing to the next entry in the
+#	following table when the time equivalent to 23:59:59 UTC
+#	is used for the second time. Thus the leap second which
+#	occurred on 30 June 1972 at 23:59:59 UTC would have TAI
+#	timestamps computed as follows:
+#
+#	...
+#	30 June 1972 23:59:59 (2287785599, first time):	TAI= UTC + 10 seconds
+#	30 June 1972 23:59:60 (2287785599,second time):	TAI= UTC + 11 seconds
+#	1  July 1972 00:00:00 (2287785600)		TAI= UTC + 11 seconds
+#	...
+#
+#	If your system realizes the leap second by repeating 00:00:00 UTC twice
+#	(this is possible but not usual), then the advance to the next entry
+#	in the table must occur the second time that a time equivlent to 
+#	00:00:00 UTC is used. Thus, using the same example as above:
+#
+#	...
+#       30 June 1972 23:59:59 (2287785599):		TAI= UTC + 10 seconds
+#       30 June 1972 23:59:60 (2287785600, first time):	TAI= UTC + 10 seconds
+#       1  July 1972 00:00:00 (2287785600,second time):	TAI= UTC + 11 seconds
+#	...
+#
+#	in both cases the use of timestamps based on TAI produces a smooth
+#	time scale with no discontinuity in the time interval.
+#
+#	This complexity would not be needed for negative leap seconds (if they 
+#	are ever used). The UTC time would skip 23:59:59 and advance from 
+#	23:59:58 to 00:00:00 in that case.  The TAI offset would decrease by 
+#	1 second at the same instant.  This is a much easier situation to deal 
+#	with, since the difficulty of unambiguously representing the epoch 
+#	during the leap second does not arise.
+#
+#	Questions or comments to:
+#		Jeff Prillaman
+#		Time Service Department
+#		US Naval Observatory
+#		Washington, DC
+#		jeffrey.prillaman@usno.navy.mil
+#
+#	Last Update of leap second values:  31 Dec 2015
+#
+#	The following line shows this last update date in NTP timestamp 
+#	format. This is the date on which the most recent change to
+#	the leap second data was added to the file. This line can
+#	be identified by the unique pair of characters in the first two 
+#	columns as shown below.
+#
+#$	 3660508800
+#
+#	The data in this file will be updated periodically as new leap 
+#	seconds are announced. In addition to being entered on the line
+#	above, the update time (in NTP format) will be added to the basic 
+#	file name leap-seconds to form the name leap-seconds.<NTP TIME>.
+#	In addition, the generic name leap-seconds.list will always point to 
+#	the most recent version of the file.
+#
+#	This update procedure will be performed only when a new leap second
+#	is announced. 
+#
+#	The following entry specifies the expiration date of the data
+#	in this file in units of seconds since 1900.0.  This expiration date 
+#	will be changed at least twice per year whether or not a new leap 
+#	second is announced. These semi-annual changes will be made no
+#	later than 1 June and 1 December of each year to indicate what
+#	action (if any) is to be taken on 30 June and 31 December, 
+#	respectively. (These are the customary effective dates for new
+#	leap seconds.) This expiration date will be identified by a
+#	unique pair of characters in columns 1 and 2 as shown below.
+#	In the unlikely event that a leap second is announced with an 
+#	effective date other than 30 June or 31 December, then this
+#	file will be edited to include that leap second as soon as it is
+#	announced or at least one month before the effective date
+#	(whichever is later). 
+#	If an announcement by the IERS specifies that no leap second is 
+#	scheduled, then only the expiration date of the file will 
+#	be advanced to show that the information in the file is still
+#	current -- the update time stamp, the data and the name of the file 
+#	will not change.
+#
+#	Updated through IERS Bulletin C 50
+#	File expires on:  1 Jun 2016
+#
+#@	3673728000
+#
+2272060800	10	# 1 Jan 1972
+2287785600	11	# 1 Jul 1972
+2303683200	12	# 1 Jan 1973
+2335219200	13	# 1 Jan 1974
+2366755200	14	# 1 Jan 1975
+2398291200	15	# 1 Jan 1976
+2429913600	16	# 1 Jan 1977
+2461449600	17	# 1 Jan 1978
+2492985600	18	# 1 Jan 1979
+2524521600	19	# 1 Jan 1980
+2571782400	20	# 1 Jul 1981
+2603318400	21	# 1 Jul 1982
+2634854400	22	# 1 Jul 1983
+2698012800	23	# 1 Jul 1985
+2776982400	24	# 1 Jan 1988
+2840140800	25	# 1 Jan 1990
+2871676800	26	# 1 Jan 1991
+2918937600	27	# 1 Jul 1992
+2950473600	28	# 1 Jul 1993
+2982009600	29	# 1 Jul 1994
+3029443200	30	# 1 Jan 1996
+3076704000	31	# 1 Jul 1997
+3124137600	32	# 1 Jan 1999
+3345062400	33	# 1 Jan 2006
+3439756800	34	# 1 Jan 2009
+3550089600	35	# 1 Jul 2012
+3644697600	36	# 1 Jul 2015
+#
+#	the following special comment contains the
+#	hash value of the data in this file computed
+#	use the secure hash algorithm as specified
+#	by FIPS 180-1. See the files in ~/sha for
+#	the details of how this hash value is
+#	computed. Note that the hash computation
+#	ignores comments and whitespace characters
+#	in data lines. It includes the NTP values
+#	of both the last modification time and the 
+#	expiration time of the file, but not the
+#	white space on those lines.
+#	the hash line is also ignored in the
+#	computation.
+#
+#h	44a44c49 35b22601 a9c7054c 8c56cf57 9b6f6ed5
+#

etc/periodic/daily/480.leapfile-ntpd

@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+    . /etc/defaults/periodic.conf
+    source_periodic_confs
+fi
+
+case "$daily_ntpd_leapfile_enable" in
+    [Yy][Ee][Ss])
+	case "$daily_ntpd_avoid_congestion" in
+    	[Yy][Ee][Ss])
+	    # Avoid dogpiling
+	    (sleep $(jot -r 1 0 86400); service ntpd fetch) &
+	    ;;
+	*)
+	    service ntpd fetch
+	    ;;
+	esac
+	;;
+esac
+
+exit $rc

etc/periodic/daily/Makefile

@@ -34,7 +34,8 @@ FILES+=	130.clean-msgs
 .endif
 
 .if ${MK_NTP} != "no"
-FILES+=	480.status-ntpd
+FILES+=	480.status-ntpd \
+	480.leapfile-ntpd
 .endif
 
 .if ${MK_PKGTOOLS} != "no"

etc/rc.d/ntpd

@@ -14,6 +14,8 @@ name="ntpd"
 rcvar="ntpd_enable"
 command="/usr/sbin/${name}"
 pidfile="/var/run/${name}.pid"
+extra_commands="fetch"
+fetch_cmd="ntpd_fetch_leapfile"
 start_precmd="ntpd_precmd"
 
 load_rc_config $name
@@ -30,6 +32,10 @@ ntpd_precmd()
 		return 0;
 	fi
 
+	if [ ! -f $ntp_db_leapfile ]; then
+		ntpd_fetch_leapfile
+	fi
+
 	# If running in a chroot cage, ensure that the appropriate files
 	# exist inside the cage, as well as helper symlinks into the cage
 	# from outside.
@@ -44,10 +50,71 @@ ntpd_precmd()
 		( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
 	fi
 	ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
+	ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile}
 
 	#	Change run_rc_commands()'s internal copy of $ntpd_flags
 	#
 	rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
 }
 
+current_ntp_ts() {
+	# Seconds between 1900-01-01 and 1970-01-01
+	# echo $(((70*365+17)*86400))
+	ntp_to_unix=2208988800
+
+	echo $(($(date -u +%s)+$ntp_to_unix))
+}
+	
+get_ntp_leapfile_ver() {
+	expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+get_ntp_leapfile_expiry() {
+	expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
+		'^\([1-9][0-9]*\)$' \| 0
+}
+
+ntpd_fetch_leapfile() {
+	local ntp_tmp_leapfile rc verbose
+	
+	if checkyesno ntp_leapfile_fetch_verbose; then
+		verbose=echo
+	else
+		verbose=:
+	fi
+
+	ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
+
+	ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+	ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+	$verbose ntp_src_leapfile version is $ntp_ver_no_src
+	$verbose ntp_db_leapfile version is $ntp_ver_no_db
+
+	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+		$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile 
+		cp -p $ntp_src_leapfile $ntp_db_leapfile
+		ntp_ver_no_db=$ntp_ver_no_src
+	else
+		$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile 
+	fi
+	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
+	ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+	ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
+	if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
+		$verbose Within ntp leapfile expiry limit, initiating fetch
+		for url in $ntp_leapfile_sources ; do
+			$verbose fetching $url
+			fetch $ntp_leapfile_fetch_opts -o $ntp_tmp_leapfile $url && break
+		done
+		ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
+		if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then
+			$verbose using $url as $ntp_db_leapfile
+			mv $ntp_tmp_leapfile $ntp_db_leapfile
+		else
+			$verbose using existing $ntp_db_leapfile
+		fi
+	fi
+}
+
 run_rc_command "$1"