diff --git a/net/chrony/Makefile b/net/chrony/Makefile index f69be16fe..99e933d17 100644 --- a/net/chrony/Makefile +++ b/net/chrony/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=chrony PKG_VERSION:=4.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.tuxfamily.org/chrony/ diff --git a/net/chrony/files/chrony.conf b/net/chrony/files/chrony.conf index 410e63b94..a4d24a7c6 100644 --- a/net/chrony/files/chrony.conf +++ b/net/chrony/files/chrony.conf @@ -1,4 +1,8 @@ -# This file is included from config file generated from /etc/config/chrony +# Load UCI configuration +confdir /var/etc/chrony.d + +# Load NTP servers from DHCP if enabled in UCI +sourcedir /var/run/chrony-dhcp # Log clock errors above 0.5 seconds logchange 0.5 @@ -6,5 +10,11 @@ logchange 0.5 # Don't log client accesses noclientlog -# set the system clock else the kernel will always stay in UNSYNC state +# Mark the system clock as synchronized rtcsync + +# Record the clock's drift +driftfile /var/run/chrony/drift + +# Save NTS keys and cookies +ntsdumpdir /var/run/chrony diff --git a/net/chrony/files/chrony.config b/net/chrony/files/chrony.config index 63f494d7a..7214ce430 100644 --- a/net/chrony/files/chrony.config +++ b/net/chrony/files/chrony.config @@ -5,6 +5,7 @@ config pool config dhcp_ntp_server option iburst 'yes' + option disabled 'no' config allow option interface 'lan' @@ -12,3 +13,7 @@ config allow config makestep option threshold '1.0' option limit '3' + +config nts + option rtccheck 'yes' + option systemcerts 'yes' diff --git a/net/chrony/files/chrony.hotplug b/net/chrony/files/chrony.hotplug index 6ab210466..eb44c28ee 100644 --- a/net/chrony/files/chrony.hotplug +++ b/net/chrony/files/chrony.hotplug @@ -1,20 +1,18 @@ #!/bin/sh # Set chronyd online/offline status, allow NTP access and add servers from DHCP -[ "$ACTION" = ifup -o "$ACTION" = ifdown ] || exit 0 +SOURCEFILE="/var/run/chrony-dhcp/$INTERFACE.sources" run_command() { /usr/bin/chronyc -n "$*" > /dev/null 2>&1 } -run_command tracking || exit 0 +run_command onoffline -. /lib/functions/network.sh - -network_find_wan iface4 -network_find_wan6 iface6 -run_command $([ -n "$iface4" ] && echo online || echo offline) 0.0.0.0/0.0.0.0 -run_command $([ -n "$iface6" ] && echo online || echo offline) ::/0 +if [ "$ACTION" = ifdown ] && [ -f "$SOURCEFILE" ]; then + rm -f "$SOURCEFILE" + run_command reload sources +fi [ "$ACTION" = ifup ] || exit 0 @@ -32,13 +30,16 @@ done . /usr/share/libubox/jshn.sh -for iface in $iface4 $iface6; do - json_load "$(ifstatus $iface)" - json_select data - json_get_var dhcp_ntp_servers ntpserver +json_load "$(ifstatus "$INTERFACE")" +json_select data +json_get_var dhcp_ntp_servers ntpserver - for server in $dhcp_ntp_servers; do - run_command add $(NTP_SOURCE_HOSTNAME=$server config_foreach \ - handle_source dhcp_ntp_server server) - done -done +[ -z "$dhcp_ntp_servers" ] && exit 0 + +mkdir -p "$(dirname "$SOURCEFILE")" + +for NTP_SOURCE_HOSTNAME in $dhcp_ntp_servers; do + config_foreach handle_source dhcp_ntp_server server +done > "$SOURCEFILE" + +run_command reload sources diff --git a/net/chrony/files/chronyd.init b/net/chrony/files/chronyd.init index 492f755ff..a734d431e 100644 --- a/net/chrony/files/chronyd.init +++ b/net/chrony/files/chronyd.init @@ -4,23 +4,28 @@ START=15 USE_PROCD=1 PROG=/usr/sbin/chronyd -CONFIGFILE=/var/etc/chrony.conf -INCLUDEFILE=/etc/chrony/chrony.conf +CONFIGFILE=/etc/chrony/chrony.conf +INCLUDEFILE=/var/etc/chrony.d/10-uci.conf +RTCDEVICE=/dev/rtc0 handle_source() { - local cfg=$1 sourcetype=$2 hostname minpoll maxpoll iburst + local cfg=$1 sourcetype=$2 disabled hostname minpoll maxpoll iburst nts + config_get_bool disabled "$cfg" disabled 0 + [ "$disabled" = "1" ] && return hostname=$NTP_SOURCE_HOSTNAME [ -z "$hostname" ] && config_get hostname "$cfg" hostname [ -z "$hostname" ] && return config_get minpoll "$cfg" minpoll config_get maxpoll "$cfg" maxpoll config_get_bool iburst "$cfg" iburst 0 + config_get_bool nts "$cfg" nts 0 echo $( echo $sourcetype $hostname [ -n "$minpoll" ] && echo minpoll $minpoll [ -n "$maxpoll" ] && echo maxpoll $maxpoll [ "$iburst" = "1" ] && echo iburst + [ "$nts" = "1" ] && echo nts ) } @@ -53,24 +58,36 @@ handle_makestep() { echo makestep $threshold $limit } +handle_nts() { + local cfg=$1 threshold limit + + config_get_bool rtccheck "$cfg" rtccheck 0 + config_get_bool systemcerts "$cfg" systemcerts 1 + config_get trustedcerts "$cfg" trustedcerts + # Disable certificate time checks if no RTC is present + [ "$rtccheck" = "1" ] && ! [ -c $RTCDEVICE ] && echo nocerttimecheck 1 + [ "$systemcerts" = "0" ] && echo nosystemcert + [ -n "$trustedcerts" ] && echo ntstrustedcerts "$trustedcerts" +} + start_service() { . /lib/functions/network.sh procd_open_instance - procd_set_param command $PROG -n -f $CONFIGFILE + procd_set_param command $PROG -n procd_set_param file $CONFIGFILE procd_set_param file $INCLUDEFILE procd_close_instance config_load chrony - mkdir -p $(dirname $CONFIGFILE) + mkdir -p $(dirname $INCLUDEFILE) ( - echo include $INCLUDEFILE config_foreach handle_source server server config_foreach handle_source pool pool config_foreach handle_source peer peer config_foreach handle_allow allow config_foreach handle_makestep makestep - ) > $CONFIGFILE + config_foreach handle_nts nts + ) > $INCLUDEFILE }