From ab8cd691029d03339e2c5ca0d056aae390b2e7ac Mon Sep 17 00:00:00 2001 From: cy Date: Wed, 10 Feb 2016 07:16:17 +0000 Subject: [PATCH] MFC r289421, r293037, r294773, and r294884. ntp leap-leapseconds support. r289421: Add default leap-seconds file. This should help ntp networks get the leap second date correct Updates to the file can be obtained from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. r293037: Update leap-seconds to latest. This will satisfy the ntpd leap-second version check. r294773: Add support for automatic leap-second file updates. The working copy of leapfile resides in /var/dbntpd.leap-seconds.list. /etc/ntp/leap-seconds (periodically updated from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/) contains the master copy should automatic leapfile updates be disabled (default). Automatic leapfile updates are fetched from $ntp_leapfile_sources, defaulting to https://www.ietf.org/timezones/data/leap-seconds.list, within $ntp_leapfile_expiry_days (default 30 days) from leap-seconds file expiry. Automatic updates can be enabled by setting $daily_ntpd_leapfile_enable="YES" in periodic.conf. To avoid congesting the ntp leapfile source the automatic update randomized by default but can be disabled through daily_ntpd_avoid_congestion="NO" in periodic.conf. r294884: Allow specification of fetch options for ntp leap-seconds fetch. Approved by: re (gjb) --- etc/Makefile | 3 + etc/defaults/periodic.conf | 5 + etc/defaults/rc.conf | 11 ++ etc/mtree/BSD.var.dist | 2 + etc/ntp.conf | 7 + etc/ntp/Makefile | 10 ++ etc/ntp/leap-seconds | 221 +++++++++++++++++++++++++++ etc/periodic/daily/480.leapfile-ntpd | 28 ++++ etc/periodic/daily/Makefile | 3 +- etc/rc.d/ntpd | 67 ++++++++ 10 files changed, 356 insertions(+), 1 deletion(-) create mode 100644 etc/ntp/Makefile create mode 100644 etc/ntp/leap-seconds create mode 100755 etc/periodic/daily/480.leapfile-ntpd diff --git a/etc/Makefile b/etc/Makefile index 1030f5f5c0a5..ffc299f362ad 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -244,6 +244,9 @@ distribution: ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install ${_+_}cd ${.CURDIR}/devd; ${MAKE} install ${_+_}cd ${.CURDIR}/gss; ${MAKE} install +.if ${MK_NTP} != "no" + ${_+_}cd ${.CURDIR}/ntp; ${MAKE} install +.endif ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install .if ${MK_PKGBOOTSTRAP} != "no" ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf index d97bd938170b..487a3563d3eb 100644 --- a/etc/defaults/periodic.conf +++ b/etc/defaults/periodic.conf @@ -138,6 +138,11 @@ daily_status_mail_rejects_enable="YES" # Check mail rejects daily_status_mail_rejects_logs=3 # How many logs to check daily_status_mail_rejects_shorten="NO" # Shorten output +# 480.leapfile-ntpd +daily_ntpd_leapfile_enable="NO" # Fetch NTP leapfile +daily_ntpd_avoid_congestion="YES" # Avoid congesting + # leapfile sources + # 480.status-ntpd daily_status_ntpd_enable="NO" # Check NTP status diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index da3158cf6c9a..ddaf657eb1e8 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -366,6 +366,17 @@ ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift" # Flags to ntpd (if enabled). +ntp_src_leapfile="/etc/ntp/leap-seconds" + # Initial source for ntpd leapfile +ntp_db_leapfile="/var/db/ntpd.leap-seconds.list" + # Working copy (updated weekly) leapfile +ntp_leapfile_sources="https://www.ietf.org/timezones/data/leap-seconds.list" + # Source from which to fetch leapfile +ntp_leapfile_fetch_opts="-mq" # Options to use for ntp leapfile fetch, + # e.g. --no-verify-peer +ntp_leapfile_expiry_days=30 # Check for new leapfile 30 days prior to + # expiry. +ntp_leapfile_fetch_verbose="NO" # Be verbose during NTP leapfile fetch # Network Information Services (NIS) options: All need rpcbind_enable="YES" ### nis_client_enable="NO" # We're an NIS client (or NO). diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist index 24038144949f..4082ad4ae0a3 100644 --- a/etc/mtree/BSD.var.dist +++ b/etc/mtree/BSD.var.dist @@ -46,6 +46,8 @@ .. ipf mode=0700 .. + ntp mode=0700 + .. pkg .. ports diff --git a/etc/ntp.conf b/etc/ntp.conf index ea3987766058..64edd9377bcc 100644 --- a/etc/ntp.conf +++ b/etc/ntp.conf @@ -77,3 +77,10 @@ restrict 127.127.1.0 # #server 127.127.1.0 #fudge 127.127.1.0 stratum 10 + +# See http://support.ntp.org/bin/view/Support/ConfiguringNTP#Section_6.14. +# for documentation regarding leapfile. Updates to the file can be obtained +# from ftp://time.nist.gov/pub/ or ftp://tycho.usno.navy.mil/pub/ntp/. +# Use either leapfile in /etc/ntp or weekly updated leapfile in /var/db. +#leapfile "/etc/ntp/leap-seconds" +leapfile "/var/db/ntpd.leap-seconds.list" diff --git a/etc/ntp/Makefile b/etc/ntp/Makefile new file mode 100644 index 000000000000..f1aff4f9006b --- /dev/null +++ b/etc/ntp/Makefile @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= leap-seconds + +FILESDIR= /etc/ntp +FILESMODE= 644 + +.include diff --git a/etc/ntp/leap-seconds b/etc/ntp/leap-seconds new file mode 100644 index 000000000000..8fa6225f65e3 --- /dev/null +++ b/etc/ntp/leap-seconds @@ -0,0 +1,221 @@ +# +# $FreeBSD$ +# +# In the following text, the symbol '#' introduces +# a comment, which continues from that symbol until +# the end of the line. A plain comment line has a +# whitespace character following the comment indicator. +# There are also special comment lines defined below. +# A special comment will always have a non-whitespace +# character in column 2. +# +# A blank line should be ignored. +# +# The following table shows the corrections that must +# be applied to compute International Atomic Time (TAI) +# from the Coordinated Universal Time (UTC) values that +# are transmitted by almost all time services. +# +# The first column shows an epoch as a number of seconds +# since 1900.0 and the second column shows the number of +# seconds that must be added to UTC to compute TAI for +# any timestamp at or after that epoch. The value on +# each line is valid from the indicated initial instant +# until the epoch given on the next one or indefinitely +# into the future if there is no next line. +# (The comment on each line shows the representation of +# the corresponding initial epoch in the usual +# day-month-year format. The epoch always begins at +# 00:00:00 UTC on the indicated day. See Note 5 below.) +# +# Important notes: +# +# 1. Coordinated Universal Time (UTC) is often referred to +# as Greenwich Mean Time (GMT). The GMT time scale is no +# longer used, and the use of GMT to designate UTC is +# discouraged. +# +# 2. The UTC time scale is realized by many national +# laboratories and timing centers. Each laboratory +# identifies its realization with its name: Thus +# UTC(NIST), UTC(USNO), etc. The differences among +# these different realizations are typically on the +# order of a few nanoseconds (i.e., 0.000 000 00x s) +# and can be ignored for many purposes. These differences +# are tabulated in Circular T, which is published monthly +# by the International Bureau of Weights and Measures +# (BIPM). See www.bipm.fr for more information. +# +# 3. The current defintion of the relationship between UTC +# and TAI dates from 1 January 1972. A number of different +# time scales were in use before than epoch, and it can be +# quite difficult to compute precise timestamps and time +# intervals in those "prehistoric" days. For more information, +# consult: +# +# The Explanatory Supplement to the Astronomical +# Ephemeris. +# or +# Terry Quinn, "The BIPM and the Accurate Measurement +# of Time," Proc. of the IEEE, Vol. 79, pp. 894-905, +# July, 1991. +# +# 4. The insertion of leap seconds into UTC is currently the +# responsibility of the International Earth Rotation Service, +# which is located at the Paris Observatory: +# +# Central Bureau of IERS +# 61, Avenue de l'Observatoire +# 75014 Paris, France. +# +# Leap seconds are announced by the IERS in its Bulletin C +# +# See hpiers.obspm.fr or www.iers.org for more details. +# +# All national laboratories and timing centers use the +# data from the BIPM and the IERS to construct their +# local realizations of UTC. +# +# Although the definition also includes the possibility +# of dropping seconds ("negative" leap seconds), this has +# never been done and is unlikely to be necessary in the +# foreseeable future. +# +# 5. If your system keeps time as the number of seconds since +# some epoch (e.g., NTP timestamps), then the algorithm for +# assigning a UTC time stamp to an event that happens during a positive +# leap second is not well defined. The official name of that leap +# second is 23:59:60, but there is no way of representing that time +# in these systems. +# Many systems of this type effectively stop the system clock for +# one second during the leap second and use a time that is equivalent +# to 23:59:59 UTC twice. For these systems, the corresponding TAI +# timestamp would be obtained by advancing to the next entry in the +# following table when the time equivalent to 23:59:59 UTC +# is used for the second time. Thus the leap second which +# occurred on 30 June 1972 at 23:59:59 UTC would have TAI +# timestamps computed as follows: +# +# ... +# 30 June 1972 23:59:59 (2287785599, first time): TAI= UTC + 10 seconds +# 30 June 1972 23:59:60 (2287785599,second time): TAI= UTC + 11 seconds +# 1 July 1972 00:00:00 (2287785600) TAI= UTC + 11 seconds +# ... +# +# If your system realizes the leap second by repeating 00:00:00 UTC twice +# (this is possible but not usual), then the advance to the next entry +# in the table must occur the second time that a time equivlent to +# 00:00:00 UTC is used. Thus, using the same example as above: +# +# ... +# 30 June 1972 23:59:59 (2287785599): TAI= UTC + 10 seconds +# 30 June 1972 23:59:60 (2287785600, first time): TAI= UTC + 10 seconds +# 1 July 1972 00:00:00 (2287785600,second time): TAI= UTC + 11 seconds +# ... +# +# in both cases the use of timestamps based on TAI produces a smooth +# time scale with no discontinuity in the time interval. +# +# This complexity would not be needed for negative leap seconds (if they +# are ever used). The UTC time would skip 23:59:59 and advance from +# 23:59:58 to 00:00:00 in that case. The TAI offset would decrease by +# 1 second at the same instant. This is a much easier situation to deal +# with, since the difficulty of unambiguously representing the epoch +# during the leap second does not arise. +# +# Questions or comments to: +# Jeff Prillaman +# Time Service Department +# US Naval Observatory +# Washington, DC +# jeffrey.prillaman@usno.navy.mil +# +# Last Update of leap second values: 31 Dec 2015 +# +# The following line shows this last update date in NTP timestamp +# format. This is the date on which the most recent change to +# the leap second data was added to the file. This line can +# be identified by the unique pair of characters in the first two +# columns as shown below. +# +#$ 3660508800 +# +# The data in this file will be updated periodically as new leap +# seconds are announced. In addition to being entered on the line +# above, the update time (in NTP format) will be added to the basic +# file name leap-seconds to form the name leap-seconds.. +# In addition, the generic name leap-seconds.list will always point to +# the most recent version of the file. +# +# This update procedure will be performed only when a new leap second +# is announced. +# +# The following entry specifies the expiration date of the data +# in this file in units of seconds since 1900.0. This expiration date +# will be changed at least twice per year whether or not a new leap +# second is announced. These semi-annual changes will be made no +# later than 1 June and 1 December of each year to indicate what +# action (if any) is to be taken on 30 June and 31 December, +# respectively. (These are the customary effective dates for new +# leap seconds.) This expiration date will be identified by a +# unique pair of characters in columns 1 and 2 as shown below. +# In the unlikely event that a leap second is announced with an +# effective date other than 30 June or 31 December, then this +# file will be edited to include that leap second as soon as it is +# announced or at least one month before the effective date +# (whichever is later). +# If an announcement by the IERS specifies that no leap second is +# scheduled, then only the expiration date of the file will +# be advanced to show that the information in the file is still +# current -- the update time stamp, the data and the name of the file +# will not change. +# +# Updated through IERS Bulletin C 50 +# File expires on: 1 Jun 2016 +# +#@ 3673728000 +# +2272060800 10 # 1 Jan 1972 +2287785600 11 # 1 Jul 1972 +2303683200 12 # 1 Jan 1973 +2335219200 13 # 1 Jan 1974 +2366755200 14 # 1 Jan 1975 +2398291200 15 # 1 Jan 1976 +2429913600 16 # 1 Jan 1977 +2461449600 17 # 1 Jan 1978 +2492985600 18 # 1 Jan 1979 +2524521600 19 # 1 Jan 1980 +2571782400 20 # 1 Jul 1981 +2603318400 21 # 1 Jul 1982 +2634854400 22 # 1 Jul 1983 +2698012800 23 # 1 Jul 1985 +2776982400 24 # 1 Jan 1988 +2840140800 25 # 1 Jan 1990 +2871676800 26 # 1 Jan 1991 +2918937600 27 # 1 Jul 1992 +2950473600 28 # 1 Jul 1993 +2982009600 29 # 1 Jul 1994 +3029443200 30 # 1 Jan 1996 +3076704000 31 # 1 Jul 1997 +3124137600 32 # 1 Jan 1999 +3345062400 33 # 1 Jan 2006 +3439756800 34 # 1 Jan 2009 +3550089600 35 # 1 Jul 2012 +3644697600 36 # 1 Jul 2015 +# +# the following special comment contains the +# hash value of the data in this file computed +# use the secure hash algorithm as specified +# by FIPS 180-1. See the files in ~/sha for +# the details of how this hash value is +# computed. Note that the hash computation +# ignores comments and whitespace characters +# in data lines. It includes the NTP values +# of both the last modification time and the +# expiration time of the file, but not the +# white space on those lines. +# the hash line is also ignored in the +# computation. +# +#h 44a44c49 35b22601 a9c7054c 8c56cf57 9b6f6ed5 +# diff --git a/etc/periodic/daily/480.leapfile-ntpd b/etc/periodic/daily/480.leapfile-ntpd new file mode 100755 index 000000000000..8429824f9b9e --- /dev/null +++ b/etc/periodic/daily/480.leapfile-ntpd @@ -0,0 +1,28 @@ +#!/bin/sh +# +# $FreeBSD$ +# + +# If there is a global system configuration file, suck it in. +# +if [ -r /etc/defaults/periodic.conf ] +then + . /etc/defaults/periodic.conf + source_periodic_confs +fi + +case "$daily_ntpd_leapfile_enable" in + [Yy][Ee][Ss]) + case "$daily_ntpd_avoid_congestion" in + [Yy][Ee][Ss]) + # Avoid dogpiling + (sleep $(jot -r 1 0 86400); service ntpd fetch) & + ;; + *) + service ntpd fetch + ;; + esac + ;; +esac + +exit $rc diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile index 593c0f6fac95..617af49d7a99 100644 --- a/etc/periodic/daily/Makefile +++ b/etc/periodic/daily/Makefile @@ -34,7 +34,8 @@ FILES+= 130.clean-msgs .endif .if ${MK_NTP} != "no" -FILES+= 480.status-ntpd +FILES+= 480.status-ntpd \ + 480.leapfile-ntpd .endif .if ${MK_PKGTOOLS} != "no" diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd index 3935b295ed40..7f28358d7a82 100755 --- a/etc/rc.d/ntpd +++ b/etc/rc.d/ntpd @@ -14,6 +14,8 @@ name="ntpd" rcvar="ntpd_enable" command="/usr/sbin/${name}" pidfile="/var/run/${name}.pid" +extra_commands="fetch" +fetch_cmd="ntpd_fetch_leapfile" start_precmd="ntpd_precmd" load_rc_config $name @@ -30,6 +32,10 @@ ntpd_precmd() return 0; fi + if [ ! -f $ntp_db_leapfile ]; then + ntpd_fetch_leapfile + fi + # If running in a chroot cage, ensure that the appropriate files # exist inside the cage, as well as helper symlinks into the cage # from outside. @@ -44,10 +50,71 @@ ntpd_precmd() ( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" ) fi ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift + ln -fs "${ntpd_chrootdir}${ntp_tmp_leapfile}" ${ntp_tmp_leapfile} # Change run_rc_commands()'s internal copy of $ntpd_flags # rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags" } +current_ntp_ts() { + # Seconds between 1900-01-01 and 1970-01-01 + # echo $(((70*365+17)*86400)) + ntp_to_unix=2208988800 + + echo $(($(date -u +%s)+$ntp_to_unix)) +} + +get_ntp_leapfile_ver() { + expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +get_ntp_leapfile_expiry() { + expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \ + '^\([1-9][0-9]*\)$' \| 0 +} + +ntpd_fetch_leapfile() { + local ntp_tmp_leapfile rc verbose + + if checkyesno ntp_leapfile_fetch_verbose; then + verbose=echo + else + verbose=: + fi + + ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list" + + ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile) + ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile) + $verbose ntp_src_leapfile version is $ntp_ver_no_src + $verbose ntp_db_leapfile version is $ntp_ver_no_db + + if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then + $verbose replacing $ntp_db_leapfile with $ntp_src_leapfile + cp -p $ntp_src_leapfile $ntp_db_leapfile + ntp_ver_no_db=$ntp_ver_no_src + else + $verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile + fi + ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile) + ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400)) + ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds)) + if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then + $verbose Within ntp leapfile expiry limit, initiating fetch + for url in $ntp_leapfile_sources ; do + $verbose fetching $url + fetch $ntp_leapfile_fetch_opts -o $ntp_tmp_leapfile $url && break + done + ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile) + if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" ]; then + $verbose using $url as $ntp_db_leapfile + mv $ntp_tmp_leapfile $ntp_db_leapfile + else + $verbose using existing $ntp_db_leapfile + fi + fi +} + run_rc_command "$1"