commit: 11ceb07fe0233dc7dd3c9596a6b256aa6c81acb9 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sun Jun 12 11:59:14 2022 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sun Jun 12 11:59:14 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11ceb07f
net-misc/ntpsec: backport glibc[nsd] seccomp patch Closes: https://bugs.gentoo.org/851531 Signed-off-by: Sam James <sam <AT> gentoo.org> .../ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch | 34 ++++ net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild | 178 +++++++++++++++++++++ 2 files changed, 212 insertions(+) diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch new file mode 100644 index 000000000000..5b7a4e51374c --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch @@ -0,0 +1,34 @@ +https://gitlab.com/NTPsec/ntpsec/-/commit/a49d53b7fe1d +https://bugs.gentoo.org/851531 + +From: "Maciej S. Szmigiero" <[email protected]> +Date: Sat, 11 Jun 2022 15:16:15 +0200 +Subject: [PATCH] ntpd/ntp_sandbox.c: allow readv() for glibc nscd + getaddrinfo() provider + +Otherwise, ntpd crashes from time to time with the following stack trace: +#0 0x00007f5763bfac4d in readv () from /lib64/libc.so.6 +#1 0x00007f5763c48b4c in __readvall () from /lib64/libc.so.6 +#2 0x00007f5763c467ed in nscd_gethst_r () from /lib64/libc.so.6 +#3 0x00007f5763c46c0d in __nscd_gethostbyname2_r () from /lib64/libc.so.6 +#4 0x00007f5763c15a2a in gethostbyname2_r () from /lib64/libc.so.6 +#5 0x00007f5763bed3ca in gaih_inet.constprop () from /lib64/libc.so.6 +#6 0x00007f5763bee225 in getaddrinfo () from /lib64/libc.so.6 +#7 0x000055fcf0ad6544 in open_TCP_socket () +#8 0x000055fcf0ad79b4 in nts_probe () +#9 0x000055fcf0ac37c4 in dns_lookup () +#10 0x00007f5763b8205a in start_thread () from /lib64/libc.so.6 +#11 0x00007f5763c05d1c in clone3 () from /lib64/libc.so.6 + +Signed-off-by: Maciej S. Szmigiero <[email protected]> +--- a/ntpd/ntp_sandbox.c ++++ b/ntpd/ntp_sandbox.c +@@ -357,6 +357,7 @@ int scmp_sc[] = { + SCMP_SYS(poll), + SCMP_SYS(pselect6), + SCMP_SYS(read), ++ SCMP_SYS(readv), /* nscd getaddrinfo() provider */ + SCMP_SYS(recvfrom), /* Comment this out for testing. + * It will die on the first reply. + * (Or maybe sooner if a request arrives.) +GitLab diff --git a/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild b/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild new file mode 100644 index 000000000000..faba59c221e6 --- /dev/null +++ b/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild @@ -0,0 +1,178 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{8..10} ) +PYTHON_REQ_USE='threads(+)' +DISTUTILS_USE_SETUPTOOLS=no + +inherit distutils-r1 flag-o-matic waf-utils systemd + +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://gitlab.com/NTPsec/ntpsec.git"; +else + SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${P}.tar.gz"; + KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86" +fi + +DESCRIPTION="The NTP reference implementation, refactored" +HOMEPAGE="https://www.ntpsec.org/"; + +NTPSEC_REFCLOCK=( + oncore trimble truetime gpsd jjy generic spectracom + shm pps hpgps zyfer arbiter nmea modem local +) + +IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_} + +LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0" +SLOT="0" +IUSE="${IUSE_NTPSEC_REFCLOCK} debug doc early gdb heat libbsd nist ntpviz samba seccomp smear" #ionice +REQUIRED_USE="${PYTHON_REQUIRED_USE} nist? ( rclock_local )" + +# net-misc/pps-tools oncore,pps +DEPEND="${PYTHON_DEPS} + dev-libs/openssl:= + dev-python/psutil[${PYTHON_USEDEP}] + sys-libs/libcap + libbsd? ( dev-libs/libbsd:0= ) + seccomp? ( sys-libs/libseccomp ) + rclock_oncore? ( net-misc/pps-tools ) + rclock_pps? ( net-misc/pps-tools )" +RDEPEND="${DEPEND} + !net-misc/ntp + !net-misc/openntpd + acct-group/ntp + acct-user/ntp + ntpviz? ( sci-visualization/gnuplot media-fonts/liberation-fonts )" +BDEPEND=">=app-text/asciidoc-8.6.8 + dev-libs/libxslt + app-text/docbook-xsl-stylesheets + sys-devel/bison" + +PATCHES=( + "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" + "${FILESDIR}/${PN}-1.2.1-seccomp-rollup.patch" + "${FILESDIR}/${PN}-1.2.1-seccomp-rseq-glibc-2.35.patch" + "${FILESDIR}/${PN}-1.2.1-build-notests.patch" + "${FILESDIR}/${PN}-py3-test-clarify.patch" + "${FILESDIR}/${PN}-1.2.1-seccomp-nsd.patch" +) + +WAF_BINARY="${S}/waf" + +src_prepare() { + default + + # Remove autostripping of binaries + sed -i -e '/Strip binaries/d' wscript || die + if ! use libbsd ; then + eapply "${FILESDIR}/${PN}-no-bsd.patch" + fi + # remove extra default pool servers + sed -i '/use-pool/s/^/#/' "${S}"/etc/ntp.d/default.conf || die + + python_copy_sources +} + +src_configure() { + is-flagq -flto* && filter-flags -flto* -fuse-linker-plugin + + local string_127="" + local rclocks=""; + local CLOCKSTRING="" + + for refclock in ${NTPSEC_REFCLOCK[@]} ; do + if use rclock_${refclock} ; then + string_127+="$refclock," + fi + done + CLOCKSTRING="`echo ${string_127}|sed 's|,$||'`" + + local myconf=( + --notests + --nopyc + --nopyo + --enable-pylib ext + --refclock="${CLOCKSTRING}" + #--build-epoch="$(date +%s)" + $(use doc || echo "--disable-doc") + $(use early && echo "--enable-early-droproot") + $(use gdb && echo "--enable-debug-gdb") + $(use samba && echo "--enable-mssntp") + $(use seccomp && echo "--enable-seccomp") + $(use smear && echo "--enable-leap-smear") + $(use debug && echo "--enable-debug") + ) + + python_configure() { + waf-utils_src_configure "${myconf[@]}" + } + python_foreach_impl run_in_build_dir python_configure +} + +src_compile() { + unset MAKEOPTS + python_compile() { + waf-utils_src_compile --notests + } + python_foreach_impl run_in_build_dir python_compile +} + +src_test() { + python_compile() { + waf-utils_src_compile check + } + python_foreach_impl run_in_build_dir python_compile +} + +python_test() { + # Silence QA warning as we're running tests via src_test anyway. + :; +} + +src_install() { + python_install() { + waf-utils_src_install --notests + python_fix_shebang "${ED}" + } + python_foreach_impl run_in_build_dir python_install + python_foreach_impl python_optimize + + # Install heat generating scripts + use heat && dosbin "${S}"/contrib/ntpheat{,usb} + + # Install the openrc files + newinitd "${FILESDIR}"/ntpd.rc-r3 ntp + newconfd "${FILESDIR}"/ntpd.confd ntp + + # Install the systemd unit file + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service + + # Prepare a directory for the ntp.drift file + mkdir -pv "${ED}"/var/lib/ntp + chown ntp:ntp "${ED}"/var/lib/ntp + chmod 770 "${ED}"/var/lib/ntp + keepdir /var/lib/ntp + + # Install a log rotate script + mkdir -pv "${ED}"/etc/logrotate.d + cp -v "${S}"/etc/logrotate-config.ntpd "${ED}"/etc/logrotate.d/ntpd + + # Install the configuration file and sample configuration + cp -v "${FILESDIR}"/ntp.conf "${ED}"/etc/ntp.conf + cp -Rv "${S}"/etc/ntp.d/ "${ED}"/etc/ + + # move doc files to /usr/share/doc/"${P}" + use doc && mv -v "${ED}"/usr/share/doc/"${PN}" "${ED}"/usr/share/doc/"${P}"/html +} + +pkg_postinst() { + einfo "If you want to serve time on your local network, then" + einfo "you should disable all the ref_clocks unless you have" + einfo "one and can get stable time from it. Feel free to try" + einfo "it but PPS probably won't work unless you have a UART" + einfo "GPS that actually provides PPS messages." +}
