From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCH] services: ntp: Support different NTP server types and options. Resent-From: maxim.cournoyer@gmail.com Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 03 Sep 2019 12:23:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 37295@debbugs.gnu.org X-Debbugs-Original-To: guix-patches Received: via spool by submit@debbugs.gnu.org id=B.15675133271882 (code B ref -1); Tue, 03 Sep 2019 12:23:01 +0000 Received: (at submit) by debbugs.gnu.org; 3 Sep 2019 12:22:07 +0000 Received: from localhost ([127.0.0.1]:59378 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i57ov-0000Tq-08 for submit@debbugs.gnu.org; Tue, 03 Sep 2019 08:22:07 -0400 Received: from lists.gnu.org ([209.51.188.17]:44437) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i57or-0000Tf-J3 for submit@debbugs.gnu.org; Tue, 03 Sep 2019 08:21:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33176) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i57op-0007Rb-4J for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:57 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, SPOOFED_FREEMAIL,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i57om-0006kX-LH for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:55 -0400 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:42044) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i57om-0006jr-80 for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:52 -0400 Received: by mail-pg1-x544.google.com with SMTP id p3so9034775pgb.9 for ; Tue, 03 Sep 2019 05:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=Z4nWXbeZpEfvT59hSAKYeU7lKIfIGPnYLn1YJN+Ao00=; b=BxeIMhZ+LcQ8/p0NRhFOkMIYox2VBAopyOY/Q+bU62njlPdVn71uPKEpQ4PfbsVqay No02iGqyES04bJCIS1p/tztGqZtZC0tgKGd0mia/5TgpliaGlBI7WOxCHZpSunKsXgOK BK2cEYgU/vgA/YAHzZnfUxGmv6qiLq0WmoLILnMrNmXBzgT4PXFWhIWYsS6P0Np1dqlS 0VK7fcAT1RhArGewsHCNmqPkOjTXf4aYKNVkUPrSHTFWwg45zDQpE1WXMqKLGX4/M8sd sbKYV72ruysD42b244hSbjVL4yBtYIje65HgqYlslRVp5FjpdUH5DuGKm2zFD2FioSxK 8a8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=Z4nWXbeZpEfvT59hSAKYeU7lKIfIGPnYLn1YJN+Ao00=; b=acYpgyRX7/I5e/GJ7YmBYJ7Px86wlO+mUsDJO8PQzXLFRC1XBrbCz40vELPpRB50xG zsFRQykOa1MTn+Mp7uf5vkpKL+4ExWCyNgzEJauZdvdy/FiiIv6hvk/xFiV1ZxUMrirc a7ODxHvq2KrXmezPYEwpLT9LUlgF0VnlvI6uVM3qxAGi/bVlsiwWUO4MtKPhuoGnA8E6 JrpVnu2QnPPGgz3rS9LjSjX3nXm8PR67CVPqa23XooyqIn6a+CQWOv/eEVq4XP1JVMRW K3HmxdGKoIA9iYGy9RYHVxr2qLi7p95R8wAyal9TargDwleExYIHfGVItGpXM+/RTNeD K4Pg== X-Gm-Message-State: APjAAAVKUCYf7HSLfUuzzATdMlxmpSmJHFgUkUtMu2nTJcNZCjV2/dZm uWrLgW07aCB52SPeT7eggeesKIxe X-Google-Smtp-Source: APXvYqym0WiEYDn8RIvjiRIYlZjxIkNWMlZtjKOYLtJyu9T4dO3cttso2YfXpNotFHnr1VNVa2VjuA== X-Received: by 2002:a63:4042:: with SMTP id n63mr29220237pga.75.1567513310210; Tue, 03 Sep 2019 05:21:50 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id d10sm1971510pfh.8.2019.09.03.05.21.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Sep 2019 05:21:49 -0700 (PDT) From: maxim.cournoyer@gmail.com Date: Tue, 03 Sep 2019 21:21:44 +0900 Message-ID: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::544 X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello! This patch series aims at improving our NTP service. While traveling, my date wouldn't be synchronized correctly, due to my hardware clock (the one configurable through the BIOS) was more than 1000 s off the time queried from the NTP servers, and 'ntpd' was not configured by default to allow an initial correction larger than 1000 s. This patch series fixes this use case (travelling across timezones) and further the ntp-configuration record to allow specifying different types of NTP servers as well as their options. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-services-ntp-Allow-large-adjustment-by-default.patch Content-Transfer-Encoding: quoted-printable From=207b86b4c80077690d2bfeed6211d2b52a596d080d Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 00:42:24 +0900 Subject: [PATCH 1/4] services: ntp: Allow large adjustment by default. This is documented as best practice in `man ntpd', and is required to allow the date to be set correctly when traveling (without having to manually upd= ate the hardware clock in the BIOS/UEFI). * gnu/services/networking.scm ()[allow-large-adjustment?]: Set = the default value to #t. * doc/guix.texi (Networking Services): Update documentation. =2D-- doc/guix.texi | 2 +- gnu/services/networking.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 031ee53295..50f800ef61 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12990,7 +12990,7 @@ This is the data type for the NTP service configura= tion. This is the list of servers (host names) with which @command{ntpd} will be synchronized. =20 =2D@item @code{allow-large-adjustment?} (default: @code{#f}) +@item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial adjustment of more than 1,000 seconds. =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 376b4ccc4e..e149fe0b69 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -315,7 +315,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." (servers ntp-configuration-servers (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? =2D (default #f))) + (default #t))) ;as recommended in the ntpd manu= al =20 (define ntp-shepherd-service (match-lambda =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-services-ntp-Fix-KOD-warning.patch Content-Transfer-Encoding: quoted-printable From=20bc2fe08fd6556a50af5a4209c77938d975f62f8f Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:05:06 +0900 Subject: [PATCH 2/4] services: ntp: Fix KOD warning. Otherwise the following messages would be printed by ntpd: Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing w= ithout LIMITE. Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing withou= t LIMITED. Debian uses the same set of "restrict" keywords (see: https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf). * gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited' keyword to both the IPv4 and IPv6 'restrict' directives. =2D-- gnu/services/networking.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index e149fe0b69..13a5c6c98d 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -330,8 +330,8 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." " # Disable status queries as a workaround for CVE-2013-5211: # . =2Drestrict default kod nomodify notrap nopeer noquery =2Drestrict -6 default kod nomodify notrap nopeer noquery +restrict default kod nomodify notrap nopeer noquery limited +restrict -6 default kod nomodify notrap nopeer noquery limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0003-doc-Add-index-to-find-ntpd.patch Content-Transfer-Encoding: quoted-printable From=2009f98715e4e7795d88c5b02f24c23f6128120a05 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:13:26 +0900 Subject: [PATCH 3/4] doc: Add index to find 'ntpd'. * doc/guix.texi (Networking Services): Add @cindex to find 'ntpd' =2D-- doc/guix.texi | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/guix.texi b/doc/guix.texi index 50f800ef61..9de0957d14 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12972,6 +12972,7 @@ objects}). @end deftp =20 @cindex NTP (Network Time Protocol), service +@cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock @defvr {Scheme Variable} ntp-service-type This is the type of the service running the @uref{http://www.ntp.org, =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0004-services-ntp-Support-different-NTP-server-types-and-.patch Content-Transfer-Encoding: quoted-printable From=2026e74f556c121f24241c3b7b7df5ae1a93d22b2d Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:14:59 +0900 Subject: [PATCH 4/4] services: ntp: Support different NTP server types and options. * gnu/services/networking.scm (ntp-server-types): New enum. (): New record type. (ntp-server->string): New procedure. (%ntp-servers): Define in terms of records. Use the first entrypoint server as a pool instead of a list of static servers. This is m= ore resilient since a new server of the pool can be interrogated on every request. Add the 'iburst' options. (ntp-configuration-servers): Define a custom accessor that warns but honors about the now deprecated server format. (): Use it. * tests/networking.scm: Test it. * doc/guix.texi: Document it. =2D-- doc/guix.texi | 31 ++++++++++- gnu/services/networking.scm | 100 ++++++++++++++++++++++++++++++------ tests/networking.scm | 50 ++++++++++++++++++ 3 files changed, 163 insertions(+), 18 deletions(-) create mode 100644 tests/networking.scm diff --git a/doc/guix.texi b/doc/guix.texi index 9de0957d14..e76c9322d8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12988,8 +12988,9 @@ This is the data type for the NTP service configura= tion. =20 @table @asis @item @code{servers} (default: @code{%ntp-servers}) =2DThis is the list of servers (host names) with which @command{ntpd} will = be =2Dsynchronized. +This is the list of servers (@code{} records) with which +@command{ntpd} will be synchronized. See the @code{ntp-server} data type +definition below. =20 @item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial @@ -13005,6 +13006,32 @@ List of host names used as the default NTP servers= . These are servers of the @uref{https://www.ntppool.org/en/, NTP Pool Project}. @end defvr =20 +@deftp {Data Type} ntp-server +The data type representing the configuration of a NTP server. + +@table @asis +@item @code{type} (default: @code{'server}) +The type of the NTP server, given as a symbol. One of @code{'pool}, +@code{'server}, @code{'peer}, @code{'broadcast} or @code{'manycastclient}. + +@item @code{address} +The address of the server, as a string. + +@item @code{options} +NTPD options to use with that specific server, given as a list of option n= ames +and/or of option names and values tuples. The following example define a s= erver +to use with the options @option{iburst} and @option{prefer}, as well as +@option{version} 3 and a @option{maxpoll} time of 16 seconds. + +@example +(ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) +@end example +@end table +@end deftp + @cindex OpenNTPD @deffn {Scheme Procedure} openntpd-service-type Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as impleme= nted diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 13a5c6c98d..752a165941 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -51,6 +51,7 @@ #:use-module (guix records) #:use-module (guix modules) #:use-module (guix deprecation) + #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -72,10 +73,18 @@ dhcpd-configuration-pid-file dhcpd-configuration-interfaces =20 =2D %ntp-servers =2D ntp-configuration ntp-configuration? + ntp-configuration-ntp + ntp-configuration-servers + ntp-allow-large-adjustment? + + %ntp-servers + ntp-server + ntp-server-type + ntp-server-address + ntp-server-options + ntp-service ntp-service-type =20 @@ -292,31 +301,87 @@ Protocol (DHCP) client, on all the non-loopback netwo= rk interfaces." (list (service-extension shepherd-root-service-type dhcpd-shepherd-ser= vice) (service-extension activation-service-type dhcpd-activation))))) =20 =2D(define %ntp-servers =2D ;; Default set of NTP servers. These URLs are managed by the NTP Pool = project. =2D ;; Within Guix, Leo Famulari is the administrative= contact =2D ;; for this NTP pool "zone". =2D '("0.guix.pool.ntp.org" =2D "1.guix.pool.ntp.org" =2D "2.guix.pool.ntp.org" =2D "3.guix.pool.ntp.org")) =2D ;;; ;;; NTP. ;;; =20 =2D;; TODO: Export. +(define ntp-server-types (make-enumeration + '(pool + server + peer + broadcast + manycastclient))) + +(define-record-type* + ntp-server make-ntp-server + ntp-server? + ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeratio= n. + (type ntp-server-type + (default 'server)) + (address ntp-server-address) ; a string + ;; The list of options can contain single option names or tuples in the = form + ;; '(name value). + (options ntp-server-options + (default '()))) + +(define (ntp-server->string ntp-server) + ;; Serialize the NTP server object as a string, ready to use in the NTP + ;; configuration file. + (define (flatten lst) + (reverse + (let loop ((x lst) + (res '())) + (if (list? x) + (fold loop res x) + (cons (format #f "~s" x) res))))) + + (match ntp-server + (($ type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (= for + ;; static ones at least). Perhaps the Guix record type could support= a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options)))))) + +(define %ntp-servers + ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. + ;; Within Guix, Leo Famulari is the administrative c= ontact + ;; for this NTP pool "zone". + (list + (ntp-server + (type 'pool) + (address "0.guix.pool.ntp.org") + (options '("iburst"))))) ;as recommended in the ntpd man= ual + (define-record-type* ntp-configuration make-ntp-configuration ntp-configuration? (ntp ntp-configuration-ntp (default ntp)) =2D (servers ntp-configuration-servers + (servers %ntp-configuration-servers ;list of objects (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? (default #t))) ;as recommended in the ntpd manu= al =20 +(define (ntp-configuration-servers ntp-configuration) + ;; A wrapper to support the deprecated form of this field. + (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) + (match ntp-servers + (((? string?) (? string?) ...) + (format (current-error-port) "warning: Defining NTP servers as stri= ngs is \ +deprecated. Please use records instead.\n") + (map (lambda (addr) + (ntp-server + (type 'server) + (address addr) + (options '()))) ntp-servers)) + ((($ ) ($ ) ...) + ntp-servers)))) + (define ntp-shepherd-service (match-lambda (($ ntp servers allow-large-adjustment?) @@ -324,8 +389,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." ;; TODO: Add authentication support. (define config (string-append "driftfile /var/run/ntpd/ntp.drift\n" =2D (string-join (map (cut string-append "server " <= >) =2D servers) + (string-join (map ntp-server->string servers) "\n") " # Disable status queries as a workaround for CVE-2013-5211: @@ -335,7 +399,11 @@ restrict -6 default kod nomodify notrap nopeer noquery= limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2Drestrict -6 ::1\n")) +restrict -6 ::1 + +# This is required to use servers from a pool directive when using the 'no= peer' +# option by default, as documented in the 'ntp.conf' manual. +restrict source notrap nomodify noquery\n")) =20 (define ntpd.conf (plain-file "ntpd.conf" config)) diff --git a/tests/networking.scm b/tests/networking.scm new file mode 100644 index 0000000000..001d7df74d =2D-- /dev/null +++ b/tests/networking.scm @@ -0,0 +1,50 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2019 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests networking) + #:use-module (gnu services networking) + #:use-module (srfi srfi-64)) + +;;; Tests for the (gnu services networking) module. + +(define ntp-server->string (@@ (gnu services networking) ntp-server->strin= g)) + +(define %ntp-server-sample + (ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) + +(test-begin "networking") + +(test-equal "ntp-server->string" + (ntp-server->string %ntp-server-sample) + "server some.ntp.server.org iburst version 3 maxpoll 16 prefer") + +(test-equal "ntp configuration servers deprecated form" + (ntp-configuration-servers + (ntp-configuration + (servers (list (ntp-server + (type 'server) + (address "example.pool.ntp.org") + (options '())))))) + (ntp-configuration-servers + (ntp-configuration + (servers (list "example.pool.ntp.org"))))) + +(test-end "networking") =2D-=20 2.23.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl1uWtgACgkQEmDkZILm NWLyug/9EzW5jH7Otyc2P/jk/4+Dmeg0Eqb+rtxVDD43H+gVOt2XWL9xH0Gdh2wa Fjh7LB75xSOAwKC38aNhb/lZ6YhisqAE0fnZ84XrCyPon6s/sgsml4hhpUoMLYUz S1Ce0He3LcxULTZQA7loaRTxcRvaqe/8CpB4/fliQZ5O+B+W/1yId+/psAHLpyM+ Fjt/oY6uwnL4He9ZH1MG+W8novH6oEh34KspdgdmtIXLcZzzX7vWkFdosWATMIPL 7+9z+hzlRVrcqsBirWVwjmfhMh/w6u1C68XHZ4RZpl0M639XgX9GSh+G9Wx5jIc2 A2n6WZNmRQKYaSVDj3NhsxTJDgG+1TfHwd117BAqu17qTvJJWhx2ptW+6bs45sxZ EBAr6+1H6BUeUKLRuE8T7efxRnkAbbD0HeRwUQpRLsfZgByzx8Zeqrfpvo+djiQO YGoRM8hqDjzkFa8y8wemJCm8w3/hoW3a4KwhihIcbtQvh5Il/55ZOkdjLgBLNPJb 3eXZvCjX6onF7CGpCclIZM+n4hL2N/EN7sVumFXHszFLhh0CKyjoTzzdEzHQZ96i QWLZ3TwRh+m/P647PRf+hr33p2txlIhEKuvX6MTDklyr31sDvIrrURgWUZMjI123 u7OQr/sE95kmnkWXOQohKI15i3OB8tH0QfgEwH1YuQLRTvRNgm0= =sGdI -----END PGP SIGNATURE----- --==-=-=-- From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv2] services: ntp: Support different NTP server types and options. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 04 Sep 2019 00:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.156755677327443 (code B ref 37295); Wed, 04 Sep 2019 00:27:02 +0000 Received: (at 37295) by debbugs.gnu.org; 4 Sep 2019 00:26:13 +0000 Received: from localhost ([127.0.0.1]:60681 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i5J7e-00078R-V4 for submit@debbugs.gnu.org; Tue, 03 Sep 2019 20:26:13 -0400 Received: from mail-pf1-f179.google.com ([209.85.210.179]:38171) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i5J7c-00077q-Pm for 37295@debbugs.gnu.org; Tue, 03 Sep 2019 20:26:05 -0400 Received: by mail-pf1-f179.google.com with SMTP id h195so5464649pfe.5 for <37295@debbugs.gnu.org>; Tue, 03 Sep 2019 17:26:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:references:date:in-reply-to:message-id:user-agent :mime-version; bh=mOTvy+H3st7Pf/V31wcse24GGzVpB/alfkzPoAjl78E=; b=Y31992bQtuCqf2SG5NyP9XUpInflNfLMOU1wLKxV0XGJJAWzsnvLLWp4qMOaDSxsNt Gw+mv3A6TjOw5WcIw7jBkLyNVgbNIVED9j4MQFn1zgpPiw8QZbYAwLjq3sdo9iAB4fn7 6mE7qR86vzx2EI3oo44tIINaZj+DqGLd3DbBmCzQXPM9/zAEn1uTsTF4WLXYw3B7qCKa 6YEBN/1EbT7wCrKmkFMSRv+D+pi58teH9/hBKJUouiFmLS1Rr7TzUgZDci6Xz1Ys3Irp 5cBQ1rC1bUuxLJMu56s36+WtQve/lh7GqQt7QR908ZENuNXcfoEenByl2vPw8VIx9Taa HSJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=mOTvy+H3st7Pf/V31wcse24GGzVpB/alfkzPoAjl78E=; b=qRF8DD3Y+OX/dGgzORz5LazW0TaZQStxTRrmf1aYR0so4F3AYoNNR3Duw7hx7Y3UiA C1X0welGpvkeBSjx0qfJfAkDfUERpo2oKE+IXuO7V3SpTcrpf+aftc0wwmt0u7oOnrLa ZxhrC0y4Kt9sVjPHnekmG85tg57vTkVtA4H31HN99ktjooLyfI6TDeenHTquqz1IGbKX WY9j7Gr0UqE0quhEUU0pkDN9DfDHTPyWB6XovaZneOn9TLiwqJqDHaLHjM9vnJjOZdcM 0RLu3lkckOafGE7YJ9DvO+JBAhQf2K5hUcpLN5sICDeKRaFMSCQyZoF+wmyjP9u+jiyG DsZg== X-Gm-Message-State: APjAAAUWNnTUyMm7sJwqIcYzdpmoELgomcBHKLym7RjWXfuEsGmd5iw6 ATs/VHC+7Ny9kxbELwT3eI8VB064 X-Google-Smtp-Source: APXvYqzJ70MhlWtgQAakE3dCiJWBkpMGcgVtMUu4PmEHXHZ4aMpVNXmzKt2HbHU5rVHnDQ2Go/HT+A== X-Received: by 2002:a63:1908:: with SMTP id z8mr31707587pgl.433.1567556758833; Tue, 03 Sep 2019 17:25:58 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id g11sm38657605pfk.187.2019.09.03.17.25.56 for <37295@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Sep 2019 17:25:56 -0700 (PDT) From: Maxim Cournoyer References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> Date: Wed, 04 Sep 2019 09:25:52 +0900 In-Reply-To: (GNU bug Tracking System's message of "Tue, 03 Sep 2019 12:23:02 +0000") Message-ID: <87ef0wzz3j.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello, I had forgotten to register the new test module in the file Makefile.am. Attached is the corrected patch. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-services-ntp-Support-different-NTP-server-types-and-.patch Content-Transfer-Encoding: quoted-printable From=200287d5c51a0f257cc9c1df4034001d795c155dd7 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:14:59 +0900 Subject: [PATCH] services: ntp: Support different NTP server types and options. * gnu/services/networking.scm (ntp-server-types): New enum. (): New record type. (ntp-server->string): New procedure. (%ntp-servers): Define in terms of records. Use the first entrypoint server as a pool instead of a list of static servers. This is m= ore resilient since a new server of the pool can be interrogated on every request. Add the 'iburst' options. (ntp-configuration-servers): Define a custom accessor that warns but honors the now deprecated server format. (): Use it. * tests/networking.scm: New file. * Makefile.am (SCM_TESTS): Register it. * doc/guix.texi: Update documentation. =2D-- Makefile.am | 1 + doc/guix.texi | 31 ++++++++++- gnu/services/networking.scm | 100 ++++++++++++++++++++++++++++++------ tests/networking.scm | 50 ++++++++++++++++++ 4 files changed, 164 insertions(+), 18 deletions(-) create mode 100644 tests/networking.scm diff --git a/Makefile.am b/Makefile.am index fa6bf8fe80..32d518acbd 100644 =2D-- a/Makefile.am +++ b/Makefile.am @@ -399,6 +399,7 @@ SCM_TESTS =3D \ tests/modules.scm \ tests/monads.scm \ tests/nar.scm \ + tests/networking.scm \ tests/opam.scm \ tests/packages.scm \ tests/pack.scm \ diff --git a/doc/guix.texi b/doc/guix.texi index 9de0957d14..e76c9322d8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12988,8 +12988,9 @@ This is the data type for the NTP service configura= tion. =20 @table @asis @item @code{servers} (default: @code{%ntp-servers}) =2DThis is the list of servers (host names) with which @command{ntpd} will = be =2Dsynchronized. +This is the list of servers (@code{} records) with which +@command{ntpd} will be synchronized. See the @code{ntp-server} data type +definition below. =20 @item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial @@ -13005,6 +13006,32 @@ List of host names used as the default NTP servers= . These are servers of the @uref{https://www.ntppool.org/en/, NTP Pool Project}. @end defvr =20 +@deftp {Data Type} ntp-server +The data type representing the configuration of a NTP server. + +@table @asis +@item @code{type} (default: @code{'server}) +The type of the NTP server, given as a symbol. One of @code{'pool}, +@code{'server}, @code{'peer}, @code{'broadcast} or @code{'manycastclient}. + +@item @code{address} +The address of the server, as a string. + +@item @code{options} +NTPD options to use with that specific server, given as a list of option n= ames +and/or of option names and values tuples. The following example define a s= erver +to use with the options @option{iburst} and @option{prefer}, as well as +@option{version} 3 and a @option{maxpoll} time of 16 seconds. + +@example +(ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) +@end example +@end table +@end deftp + @cindex OpenNTPD @deffn {Scheme Procedure} openntpd-service-type Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as impleme= nted diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 13a5c6c98d..752a165941 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -51,6 +51,7 @@ #:use-module (guix records) #:use-module (guix modules) #:use-module (guix deprecation) + #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -72,10 +73,18 @@ dhcpd-configuration-pid-file dhcpd-configuration-interfaces =20 =2D %ntp-servers =2D ntp-configuration ntp-configuration? + ntp-configuration-ntp + ntp-configuration-servers + ntp-allow-large-adjustment? + + %ntp-servers + ntp-server + ntp-server-type + ntp-server-address + ntp-server-options + ntp-service ntp-service-type =20 @@ -292,31 +301,87 @@ Protocol (DHCP) client, on all the non-loopback netwo= rk interfaces." (list (service-extension shepherd-root-service-type dhcpd-shepherd-ser= vice) (service-extension activation-service-type dhcpd-activation))))) =20 =2D(define %ntp-servers =2D ;; Default set of NTP servers. These URLs are managed by the NTP Pool = project. =2D ;; Within Guix, Leo Famulari is the administrative= contact =2D ;; for this NTP pool "zone". =2D '("0.guix.pool.ntp.org" =2D "1.guix.pool.ntp.org" =2D "2.guix.pool.ntp.org" =2D "3.guix.pool.ntp.org")) =2D ;;; ;;; NTP. ;;; =20 =2D;; TODO: Export. +(define ntp-server-types (make-enumeration + '(pool + server + peer + broadcast + manycastclient))) + +(define-record-type* + ntp-server make-ntp-server + ntp-server? + ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeratio= n. + (type ntp-server-type + (default 'server)) + (address ntp-server-address) ; a string + ;; The list of options can contain single option names or tuples in the = form + ;; '(name value). + (options ntp-server-options + (default '()))) + +(define (ntp-server->string ntp-server) + ;; Serialize the NTP server object as a string, ready to use in the NTP + ;; configuration file. + (define (flatten lst) + (reverse + (let loop ((x lst) + (res '())) + (if (list? x) + (fold loop res x) + (cons (format #f "~s" x) res))))) + + (match ntp-server + (($ type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (= for + ;; static ones at least). Perhaps the Guix record type could support= a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options)))))) + +(define %ntp-servers + ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. + ;; Within Guix, Leo Famulari is the administrative c= ontact + ;; for this NTP pool "zone". + (list + (ntp-server + (type 'pool) + (address "0.guix.pool.ntp.org") + (options '("iburst"))))) ;as recommended in the ntpd man= ual + (define-record-type* ntp-configuration make-ntp-configuration ntp-configuration? (ntp ntp-configuration-ntp (default ntp)) =2D (servers ntp-configuration-servers + (servers %ntp-configuration-servers ;list of objects (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? (default #t))) ;as recommended in the ntpd manu= al =20 +(define (ntp-configuration-servers ntp-configuration) + ;; A wrapper to support the deprecated form of this field. + (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) + (match ntp-servers + (((? string?) (? string?) ...) + (format (current-error-port) "warning: Defining NTP servers as stri= ngs is \ +deprecated. Please use records instead.\n") + (map (lambda (addr) + (ntp-server + (type 'server) + (address addr) + (options '()))) ntp-servers)) + ((($ ) ($ ) ...) + ntp-servers)))) + (define ntp-shepherd-service (match-lambda (($ ntp servers allow-large-adjustment?) @@ -324,8 +389,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." ;; TODO: Add authentication support. (define config (string-append "driftfile /var/run/ntpd/ntp.drift\n" =2D (string-join (map (cut string-append "server " <= >) =2D servers) + (string-join (map ntp-server->string servers) "\n") " # Disable status queries as a workaround for CVE-2013-5211: @@ -335,7 +399,11 @@ restrict -6 default kod nomodify notrap nopeer noquery= limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2Drestrict -6 ::1\n")) +restrict -6 ::1 + +# This is required to use servers from a pool directive when using the 'no= peer' +# option by default, as documented in the 'ntp.conf' manual. +restrict source notrap nomodify noquery\n")) =20 (define ntpd.conf (plain-file "ntpd.conf" config)) diff --git a/tests/networking.scm b/tests/networking.scm new file mode 100644 index 0000000000..001d7df74d =2D-- /dev/null +++ b/tests/networking.scm @@ -0,0 +1,50 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2019 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests networking) + #:use-module (gnu services networking) + #:use-module (srfi srfi-64)) + +;;; Tests for the (gnu services networking) module. + +(define ntp-server->string (@@ (gnu services networking) ntp-server->strin= g)) + +(define %ntp-server-sample + (ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) + +(test-begin "networking") + +(test-equal "ntp-server->string" + (ntp-server->string %ntp-server-sample) + "server some.ntp.server.org iburst version 3 maxpoll 16 prefer") + +(test-equal "ntp configuration servers deprecated form" + (ntp-configuration-servers + (ntp-configuration + (servers (list (ntp-server + (type 'server) + (address "example.pool.ntp.org") + (options '())))))) + (ntp-configuration-servers + (ntp-configuration + (servers (list "example.pool.ntp.org"))))) + +(test-end "networking") =2D-=20 2.23.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl1vBJAACgkQEmDkZILm NWL++RAAmlTyu0P5QkTJp6/gkGEMW4EWbHPT9HeLnPPKIg/AEZ9Msot/KH4Rn+Lr hvt7/4YQyNvCuaGMyh18aWCq28w0IvnmfnfY1t7c9s4w54ZpXSYtHFLiRXL9xkdO kVD5+dk/31VhCSefxef06tkfGxzLITBXATN6inPJqM3u9iXtQ+l0b1LdD9il/90c g2uUGPdtsrNQRYts8nFRxlGQPYrGZr5e1pAHAILb5YxxrW3foz76/w/olwKZ/As8 g0W+qlFAKOVhWfS2d624SDjeRSswaWKe6K4Jtk/6mtq17Q9UXmg5Tk0APVy7KPm9 oNfkYxHB0b7ihMEMGsVDOkos+Drih39DZ78PoU3kVD0ETTb5/dKdvSscJ4lMXlZ9 XM+TouKriLOvH3Gn6jv1XLFbt9rneNsifxaohnHnzX02HXDfK8v0jIcuhNdAcM0B yD7pTxnYKOTUkoJVFECjb+du/8G8lWF9L1f9WzWMG+fc/GPTOZbiwDUsiHCACERb 1svQTVqQH5eRfPTRoDbElq9fwGMKXdvQhdk4jvirkhII9ju/Gwroi1TuRK4CCm1q rqTj+e3eH5MhwN3JKPiPiwfhN8vdVNBQHtO1+PuqQglM7T4yQIydsIhco1Dj8uDH kn+vWbi7EKPgbP6ZPYE6hJk30h+RUYphSpSBxWu2x1SCQYHb3/g= =pITw -----END PGP SIGNATURE----- --==-=-=-- From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv2] services: ntp: Support different NTP server types and options. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 05 Sep 2019 07:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.156766739528608 (code B ref 37295); Thu, 05 Sep 2019 07:10:02 +0000 Received: (at 37295) by debbugs.gnu.org; 5 Sep 2019 07:09:55 +0000 Received: from localhost ([127.0.0.1]:34606 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i5lty-0007RL-MO for submit@debbugs.gnu.org; Thu, 05 Sep 2019 03:09:54 -0400 Received: from flashner.co.il ([178.62.234.194]:32792) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i5ltv-0007R7-AT for 37295@debbugs.gnu.org; Thu, 05 Sep 2019 03:09:52 -0400 Received: from localhost (unknown [188.120.128.191]) by flashner.co.il (Postfix) with ESMTPSA id 162D740116; Thu, 5 Sep 2019 07:09:44 +0000 (UTC) Date: Thu, 5 Sep 2019 10:09:43 +0300 From: Efraim Flashner Message-ID: <20190905070943.GT13917@E5400> References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ck3np9Ek/EMsFxRu" Content-Disposition: inline In-Reply-To: <87ef0wzz3j.fsf_-_@gmail.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --ck3np9Ek/EMsFxRu Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Can you check how this affects the openntpd service? It currently also uses %ntp-servers --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --ck3np9Ek/EMsFxRu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl1wtLQACgkQQarn3Mo9 g1HRjhAAljzuqtySfw5iIcyX3kUEpAuOTKJYUg4YJZgJmV6d4EamP1KASsrgRc9/ 08IhATBJ4C7KYiOrq1Trk0PUYvNiqP7JVr1bYSrIqJjLSNTsTDoN8+bhleOQCKkn rKfNJUos+foafS4h5YshoMf8Tk8jemf9nSf9yh13oeT/PfCpzNeSdySm0WtvvGGW 01WJtXfLtWdA5nyKt4TX2TNhHOIYP9sKpaVRK2ReaGMRnc90/BR9dqU57KXpnFRQ QsDxbXof8nwAnxJ6zEgu+FUJUi2R0yku9obRZLVKmpusuCUhWTuRWH1v4wubF8Vj 0f6IME2vp9o77UbkY2C0gsuwXQrPkvqgdYxI+Jqb9HyQ38cZW2GJ+nIxFhVnD48e DZERAggTXE54xrUlgnN+y+eRgPlX6JSAA3m1rXrhcyi1dByp/Tq3V3f9AMfqATM8 IPrMWtk5GF7aTpfRRRwc79VHPGVhLQTFIudy6bhAFdNqITA2K7Ni0rG3DloKOuaT 4sP2ky4Rcw2LjmL+IXrM2+PMG9fg5tvng0WPQq0NeMM1mx+HXpyTXSr8yLWEiGtg g8CjkFmd79N6YXQslrTuPsubLZTLgxnCIfPQg900HXxoL7HLmDe4O+78PyFv3KeW 0M+RhILEFgsolXdGnS27juCq0lwvZuQ94IAkuVtxeDxAB0MJPmw= =jBlY -----END PGP SIGNATURE----- --ck3np9Ek/EMsFxRu-- From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 06 Sep 2019 06:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Efraim Flashner Cc: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.156775208512658 (code B ref 37295); Fri, 06 Sep 2019 06:42:02 +0000 Received: (at 37295) by debbugs.gnu.org; 6 Sep 2019 06:41:25 +0000 Received: from localhost ([127.0.0.1]:36353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i67vm-0003Hq-7k for submit@debbugs.gnu.org; Fri, 06 Sep 2019 02:41:24 -0400 Received: from mail-pl1-f174.google.com ([209.85.214.174]:39532) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i67vi-0003HX-NJ for 37295@debbugs.gnu.org; Fri, 06 Sep 2019 02:41:12 -0400 Received: by mail-pl1-f174.google.com with SMTP id bd8so2639841plb.6 for <37295@debbugs.gnu.org>; Thu, 05 Sep 2019 23:41:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=s1a6ZIq2lS1po7tOPVq3WLT3Bhu6f/K5/YD+jIEKfts=; b=p+k9D3M6Q66YqDSSxNLnWMHujZ39IzrX/RUR5vbPdP+XXTZzGbxfVdx2F36bL700KD iMQY+VkGKUjtb2r8we7dJI450bem3J+OCJx/V/1JB2mYLjibWsIyPwANrO0uhbkZBnpu ih2/eVXmile3VxEgojjl/zaRlvJwDvcxzHOQcLKR5p8Ws16h5NouOQWZM9iHVGqG7oil y5Zw8caf7obPeC8Xwao9IPWzebh52WrGjX+xfJ4HUvxeLcOZ1HYn1RA6k80TulxgqS2I l3PfHWGPQbLJZiStwcCO5y7lZJd7GMtFD+5hH4p2iKgdFOUGyKh5/HVYDX+jfHyPVxOD WkRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=s1a6ZIq2lS1po7tOPVq3WLT3Bhu6f/K5/YD+jIEKfts=; b=lqJShbccKiAN5kLYN6U7r6ygdAlx96CbL+DU1K5GVtitQsdbPDg7ivCngKutRTBkrL YhLLOIMD7hguvc/0ihwLDDkopAw7ivqkpmXJInBgfNVTyg3f1GCpQzuhx16SDXtyV30K OG2asY5zJi66pioojvx+Rpv0ACd/aBcH5H/7THwOFQ7XAYDJHAAcWN6mDtett8De8LSJ muuCateMfBeYBfSZ88pP60t0jhsBC82tbPsf9nhk1E1cfJqUBep6dIhzRyQmhoMi9dUz E886Zn0VZ53ATFOdGB9xTuP3Nnyw7MV+0dCB9T5YVCsVohYin4HmtA/Jcxrp8yCQRg6H zCLQ== X-Gm-Message-State: APjAAAVk+YryvVHr+bpX0HLQ9NEq0YlROvl33+jq8M2T4IdXoo/BCTbZ M/2IJ6VFVUne3uFSMnEFuz2AJhKaeb4= X-Google-Smtp-Source: APXvYqwdtBDqr6/VdKnX8rvt+v2BxyKhLrsrJDgRtECOThaXObqPH2rg2Kk5i+mTBnt3WsUEp7A9PA== X-Received: by 2002:a17:902:9348:: with SMTP id g8mr7896586plp.18.1567752064715; Thu, 05 Sep 2019 23:41:04 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id f14sm7551827pfq.187.2019.09.05.23.41.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 05 Sep 2019 23:41:03 -0700 (PDT) From: Maxim Cournoyer References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> <20190905070943.GT13917@E5400> Date: Tue, 03 Sep 2019 17:04:27 +0900 In-Reply-To: <20190905070943.GT13917@E5400> (Efraim Flashner's message of "Thu, 5 Sep 2019 10:09:43 +0300") Message-ID: <87k1apx0tw.fsf_-_@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Hello Efraim, Efraim Flashner writes: > Can you check how this affects the openntpd service? It currently also > uses %ntp-servers I had overlooked this important detail; thanks for pointing it out! I made the simplest change possible, by introducing a %openntpd-servers variable that holds a list of addresses (strings), which is defined as (map ntp-server-address %ntp-servers). This variable is used as the new default value for the "servers" field of the openntpd-configuration record. See the attached patch for details. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-services-ntp-Support-different-NTP-server-types-and-.patch Content-Transfer-Encoding: quoted-printable >From 98d246ba9c0119e6a2441c635193cc34b7218b4e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:14:59 +0900 Subject: [PATCH] services: ntp: Support different NTP server types and options. * gnu/services/networking.scm (ntp-server-types): New enum. (): New record type. (ntp-server->string): New procedure. (%ntp-servers): Define in terms of records. Use the first entrypoint server as a pool instead of a list of static servers. This is m= ore resilient since a new server of the pool can be interrogated on every request. Add the 'iburst' options. (ntp-configuration-servers): Define a custom accessor that warns but honors the now deprecated server format. (): Use it. (%openntpd-servers): New variable, (): Use it, as a pool ('servers' field) instead of a regular server. * tests/networking.scm: New file. * Makefile.am (SCM_TESTS): Register it. * doc/guix.texi: Update documentation. --- Makefile.am | 1 + doc/guix.texi | 40 +++++++++++-- gnu/services/networking.scm | 108 ++++++++++++++++++++++++++++++------ tests/networking.scm | 50 +++++++++++++++++ 4 files changed, 177 insertions(+), 22 deletions(-) create mode 100644 tests/networking.scm diff --git a/Makefile.am b/Makefile.am index fa6bf8fe80..32d518acbd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -399,6 +399,7 @@ SCM_TESTS =3D \ tests/modules.scm \ tests/monads.scm \ tests/nar.scm \ + tests/networking.scm \ tests/opam.scm \ tests/packages.scm \ tests/pack.scm \ diff --git a/doc/guix.texi b/doc/guix.texi index 9de0957d14..12bb1c18e2 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -12988,8 +12988,9 @@ This is the data type for the NTP service configura= tion. =20 @table @asis @item @code{servers} (default: @code{%ntp-servers}) -This is the list of servers (host names) with which @command{ntpd} will be -synchronized. +This is the list of servers (@code{} records) with which +@command{ntpd} will be synchronized. See the @code{ntp-server} data type +definition below. =20 @item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial @@ -13005,6 +13006,32 @@ List of host names used as the default NTP servers= . These are servers of the @uref{https://www.ntppool.org/en/, NTP Pool Project}. @end defvr =20 +@deftp {Data Type} ntp-server +The data type representing the configuration of a NTP server. + +@table @asis +@item @code{type} (default: @code{'server}) +The type of the NTP server, given as a symbol. One of @code{'pool}, +@code{'server}, @code{'peer}, @code{'broadcast} or @code{'manycastclient}. + +@item @code{address} +The address of the server, as a string. + +@item @code{options} +NTPD options to use with that specific server, given as a list of option n= ames +and/or of option names and values tuples. The following example define a s= erver +to use with the options @option{iburst} and @option{prefer}, as well as +@option{version} 3 and a @option{maxpoll} time of 16 seconds. + +@example +(ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) +@end example +@end table +@end deftp + @cindex OpenNTPD @deffn {Scheme Procedure} openntpd-service-type Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as impleme= nted @@ -13024,6 +13051,11 @@ clock synchronized with that of the given servers. @end example @end deffn =20 +@defvr {Scheme Variable} %openntpd-servers +This variable is a list of the server addresses defined in +@var{%ntp-servers}. +@end defvr + @deftp {Data Type} openntpd-configuration @table @asis @item @code{openntpd} (default: @code{(file-append openntpd "/sbin/ntpd")}) @@ -13037,9 +13069,9 @@ Specify a list of timedelta sensor devices ntpd sho= uld use. @code{ntpd} will listen to each sensor that actually exists and ignore non-existent on= es. See @uref{https://man.openbsd.org/ntpd.conf, upstream documentation} for m= ore information. -@item @code{server} (default: @var{%ntp-servers}) +@item @code{server} (default: @code{'()}) Specify a list of IP addresses or hostnames of NTP servers to synchronize = to. -@item @code{servers} (default: @code{'()}) +@item @code{servers} (default: @var{%openntp-servers}) Specify a list of IP addresses or hostnames of NTP pools to synchronize to. @item @code{constraint-from} (default: @code{'()}) @code{ntpd} can be configured to query the =E2=80=98Date=E2=80=99 from tru= sted HTTPS servers via TLS. diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 13a5c6c98d..c45bfcdad9 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -51,6 +51,7 @@ #:use-module (guix records) #:use-module (guix modules) #:use-module (guix deprecation) + #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -72,13 +73,22 @@ dhcpd-configuration-pid-file dhcpd-configuration-interfaces =20 - %ntp-servers - ntp-configuration ntp-configuration? + ntp-configuration-ntp + ntp-configuration-servers + ntp-allow-large-adjustment? + + %ntp-servers + ntp-server + ntp-server-type + ntp-server-address + ntp-server-options + ntp-service ntp-service-type =20 + %openntpd-servers openntpd-configuration openntpd-configuration? openntpd-service-type @@ -292,31 +302,87 @@ Protocol (DHCP) client, on all the non-loopback netwo= rk interfaces." (list (service-extension shepherd-root-service-type dhcpd-shepherd-ser= vice) (service-extension activation-service-type dhcpd-activation))))) =20 -(define %ntp-servers - ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. - ;; Within Guix, Leo Famulari is the administrative c= ontact - ;; for this NTP pool "zone". - '("0.guix.pool.ntp.org" - "1.guix.pool.ntp.org" - "2.guix.pool.ntp.org" - "3.guix.pool.ntp.org")) - ;;; ;;; NTP. ;;; =20 -;; TODO: Export. +(define ntp-server-types (make-enumeration + '(pool + server + peer + broadcast + manycastclient))) + +(define-record-type* + ntp-server make-ntp-server + ntp-server? + ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeratio= n. + (type ntp-server-type + (default 'server)) + (address ntp-server-address) ; a string + ;; The list of options can contain single option names or tuples in the = form + ;; '(name value). + (options ntp-server-options + (default '()))) + +(define (ntp-server->string ntp-server) + ;; Serialize the NTP server object as a string, ready to use in the NTP + ;; configuration file. + (define (flatten lst) + (reverse + (let loop ((x lst) + (res '())) + (if (list? x) + (fold loop res x) + (cons (format #f "~s" x) res))))) + + (match ntp-server + (($ type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (= for + ;; static ones at least). Perhaps the Guix record type could support= a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options)))))) + +(define %ntp-servers + ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. + ;; Within Guix, Leo Famulari is the administrative c= ontact + ;; for this NTP pool "zone". + (list + (ntp-server + (type 'pool) + (address "0.guix.pool.ntp.org") + (options '("iburst"))))) ;as recommended in the ntpd man= ual + (define-record-type* ntp-configuration make-ntp-configuration ntp-configuration? (ntp ntp-configuration-ntp (default ntp)) - (servers ntp-configuration-servers + (servers %ntp-configuration-servers ;list of objects (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? (default #t))) ;as recommended in the ntpd manu= al =20 +(define (ntp-configuration-servers ntp-configuration) + ;; A wrapper to support the deprecated form of this field. + (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) + (match ntp-servers + (((? string?) (? string?) ...) + (format (current-error-port) "warning: Defining NTP servers as stri= ngs is \ +deprecated. Please use records instead.\n") + (map (lambda (addr) + (ntp-server + (type 'server) + (address addr) + (options '()))) ntp-servers)) + ((($ ) ($ ) ...) + ntp-servers)))) + (define ntp-shepherd-service (match-lambda (($ ntp servers allow-large-adjustment?) @@ -324,8 +390,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." ;; TODO: Add authentication support. (define config (string-append "driftfile /var/run/ntpd/ntp.drift\n" - (string-join (map (cut string-append "server " <>) - servers) + (string-join (map ntp-server->string servers) "\n") " # Disable status queries as a workaround for CVE-2013-5211: @@ -335,7 +400,11 @@ restrict -6 default kod nomodify notrap nopeer noquery= limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 -restrict -6 ::1\n")) +restrict -6 ::1 + +# This is required to use servers from a pool directive when using the 'no= peer' +# option by default, as documented in the 'ntp.conf' manual. +restrict source notrap nomodify noquery\n")) =20 (define ntpd.conf (plain-file "ntpd.conf" config)) @@ -409,6 +478,9 @@ make an initial adjustment of more than 1,000 seconds." ;;; OpenNTPD. ;;; =20 +(define %openntpd-servers + (map ntp-server-address %ntp-servers)) + (define-record-type* openntpd-configuration make-openntpd-configuration openntpd-configuration? @@ -422,9 +494,9 @@ make an initial adjustment of more than 1,000 seconds." (sensor openntpd-sensor (default '())) (server openntpd-server - (default %ntp-servers)) - (servers openntpd-servers (default '())) + (servers openntpd-servers + (default %openntpd-servers)) (constraint-from openntpd-constraint-from (default '())) (constraints-from openntpd-constraints-from diff --git a/tests/networking.scm b/tests/networking.scm new file mode 100644 index 0000000000..001d7df74d --- /dev/null +++ b/tests/networking.scm @@ -0,0 +1,50 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2019 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests networking) + #:use-module (gnu services networking) + #:use-module (srfi srfi-64)) + +;;; Tests for the (gnu services networking) module. + +(define ntp-server->string (@@ (gnu services networking) ntp-server->strin= g)) + +(define %ntp-server-sample + (ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) + +(test-begin "networking") + +(test-equal "ntp-server->string" + (ntp-server->string %ntp-server-sample) + "server some.ntp.server.org iburst version 3 maxpoll 16 prefer") + +(test-equal "ntp configuration servers deprecated form" + (ntp-configuration-servers + (ntp-configuration + (servers (list (ntp-server + (type 'server) + (address "example.pool.ntp.org") + (options '())))))) + (ntp-configuration-servers + (ntp-configuration + (servers (list "example.pool.ntp.org"))))) + +(test-end "networking") --=20 2.23.0 --=-=-= Content-Type: text/plain We could also overhaul the code of the openntpd-service-type so that it'd be possible to provide different server types and options like for the 'ntp-service-type', but I'm not sure it's worth it, given that OpenNTPD is more spartan than NTP (it only supports two server types ('server' vs 'servers'), already captured as fields in its configuration record; and its server directives only support one option, 'weight', which can currently be included in the server string if desired). However, I noticed that the configuration file produced by the openntpd service, while valid, is not very clean. For the documented following openntpd-service-type definition: --8<---------------cut here---------------start------------->8--- (openntpd-configuration (listen-on '("127.0.0.1" "::1")) (sensor '("udcf0 correction 70000")) (constraint-from '("www.gnu.org")) (constraints-from '("https://www.google.com/")) (allow-large-adjustment? #t))) --8<---------------cut here---------------end--------------->8--- The following configuration file is generated: --8<---------------cut here---------------start------------->8--- listen on 127.0.0.1 listen on ::1 constraints from "https://www.google.com/" constraints from "https://www.google.com/" sensor udcf0 correction 70000 constraints from "https://www.google.com/" constraints from "https://www.google.com/" servers 0.guix.pool.ntp.org constraints from "https://www.google.com/" constraint from www.gnu.org --8<---------------cut here---------------end--------------->8--- This is reproducible when testing without my changes (with the difference that multiple servers were used instead of a single "pool" entry point). I've opened an issue so that this issue can be tracked separately here: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318. Thank you! Maxim --=-=-=-- From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 06 Sep 2019 10:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.15677667833454 (code B ref 37295); Fri, 06 Sep 2019 10:47:02 +0000 Received: (at 37295) by debbugs.gnu.org; 6 Sep 2019 10:46:23 +0000 Received: from localhost ([127.0.0.1]:36491 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6Bl0-0000td-9K for submit@debbugs.gnu.org; Fri, 06 Sep 2019 06:46:23 -0400 Received: from flashner.co.il ([178.62.234.194]:36422) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6Bky-0000tQ-MK for 37295@debbugs.gnu.org; Fri, 06 Sep 2019 06:46:21 -0400 Received: from localhost (unknown [188.120.128.191]) by flashner.co.il (Postfix) with ESMTPSA id BDD7C401B4; Fri, 6 Sep 2019 10:46:14 +0000 (UTC) Date: Fri, 6 Sep 2019 13:46:13 +0300 From: Efraim Flashner Message-ID: <20190906104613.GB13943@E5400> References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> <20190905070943.GT13917@E5400> <87k1apx0tw.fsf_-_@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="/NkBOFFp2J2Af1nK" Content-Disposition: inline In-Reply-To: <87k1apx0tw.fsf_-_@gmail.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --/NkBOFFp2J2Af1nK Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I like the changes to the openntpd service in relation to the other changes. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --/NkBOFFp2J2Af1nK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl1yOPIACgkQQarn3Mo9 g1G8Mg/9ENMlYqkAARo9HPfl6ezlZgUsDJc02jUsBuMnN1/TXOqPfivYw1Mx7wCZ DjkLDhQVk5D5ffaHLtWLOXmiDT7sAg7GzAcvrgdprZVrz0aTnp22UzXemoeklvBr c1SuW+S9f+l2rRSaym2XvChhr8pCUmjISqCI7nGRkYqIEjbORrDDh+TJGFwAHcbG Hy6PJR7JUNkUzgQer3KmxFdZW+H5Ih2tebLQbUuRpmZs77v0xUhVj1ICH3jUpObN l1Ox25An7Oio27t28mwBPC/QCgeNKeHjTDW/DTpqyCMuQ78RlTQ2IstzO3DWjRYB UzgmNVfG5U3vuOR9eTp5Nb/p2rFMKYG5IrLboqK1AZuSwq2rfex87X5nrwRResK6 VIjXhIhMs0Psv6uWwP0N4GTFinSCihXR57nkreMpshi0i9QVfzOwVRdRpsArgy0G jLRg9vlSn24+IAeVspsNS3hX498/EDung8Y0zYAPGk8XxXK+PJN9gZPtzHlyn6pk RE4VriVOmIZCCy7JvunFTLLlm42aCnACNVYgMLKkTQAvu6hmWzsEHge6DlH8puOi qruFqdqEAifJ72mWXD2aFqddHcKhe6xlGrS9MaFU0n6/jxc0bc/Bx4Wpc1eSC6eS iquXSM8kOdHoJMarVA9KX9TjBxGAJagNeZE14ZcRq9x3nDi4e5U= =c5QU -----END PGP SIGNATURE----- --/NkBOFFp2J2Af1nK-- From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 07 Sep 2019 04:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Efraim Flashner Cc: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.15678304528858 (code B ref 37295); Sat, 07 Sep 2019 04:28:02 +0000 Received: (at 37295) by debbugs.gnu.org; 7 Sep 2019 04:27:32 +0000 Received: from localhost ([127.0.0.1]:37485 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6SJu-0002Il-9R for submit@debbugs.gnu.org; Sat, 07 Sep 2019 00:27:32 -0400 Received: from mail-pf1-f175.google.com ([209.85.210.175]:39158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6SJr-0002IY-Rr for 37295@debbugs.gnu.org; Sat, 07 Sep 2019 00:27:28 -0400 Received: by mail-pf1-f175.google.com with SMTP id s12so5885581pfe.6 for <37295@debbugs.gnu.org>; Fri, 06 Sep 2019 21:27:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=bhaw7wIKwCYi98UkRfeEb7jyomt3u6ovAeoZta+dypg=; b=icjHl87hyRtFPLFUJ+taX2KHnWg+h+ebo98tT83tso6c8h7wb6REpvPRJCyT3F9Onp anyHoQDwfYPeJfGhXulEEV8vNSpym0GW6K/3igGRv7hx4KIU1iPnynvChj/VFKeAQwQ/ R1tJTgVDylKIRji09CvBdnRLkd3Myq88JVUDkbHcWFHkplEkGFKeqNjJ2Pc2wWuZQruZ jt6GlVpeU9v7FtsJHj1vx5PFQHqvP9exxaQEwl+9SpLYeB0oyCUpgBaoo1CB50/qUSYr g/S3CHhyGe8eB3Flw+/hi/bYpDCdl9njAHcaZWQ4WLSxxfXwLjt9q46qjWT8If0zpc3Z ldIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=bhaw7wIKwCYi98UkRfeEb7jyomt3u6ovAeoZta+dypg=; b=aUG6JBNhgb+GaxN63YFvWDs1P5HDq7LRdlQSyF5ZBH9r/oAUNyqpovbUOmPZRFSlD1 S2QMVnu0r6TxpWd6BBn9XegAKtGtUTfXMndyMZXB+u4FbHdw5SLYMJbXdN4SSnh3xMtO s7kCjQ50knVr6YHQYZGj6w7lLa+t1fMYxdQAqYsFLNBJJenD4iGi8cIQDW9ItXebh4A0 TZPvacl5MF5Cy6qS52SEVJSsnpLm836V+4vANG7w4+FB8BLOSw74OBXgfhhkrll1nood 3ZZxILyDIVgrB73aGSDmRUrqv1Zf8yy3buC4z5i+vH4G2MgZwBzChbd0LUtERYhm/4vV QFWA== X-Gm-Message-State: APjAAAX3b7m/Qag0kpNyrqCHYjkL6oqXtiAsR8dmzWJIHSAyk0qZI0yD EaK1C/KxJO+i2vyMu8USh70ibyvk X-Google-Smtp-Source: APXvYqzhBhsmbqkl9Yj+p3L7/3jymOOkeE8yCPOJnWvV3X17nkpxrINAjfoN/s0a7vR50LABlrUG/A== X-Received: by 2002:a62:4e52:: with SMTP id c79mr15089112pfb.28.1567830441797; Fri, 06 Sep 2019 21:27:21 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id g14sm7459197pfo.133.2019.09.06.21.27.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Sep 2019 21:27:20 -0700 (PDT) From: Maxim Cournoyer References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> <20190905070943.GT13917@E5400> <87k1apx0tw.fsf_-_@gmail.com> <20190906104613.GB13943@E5400> Date: Sat, 07 Sep 2019 13:27:15 +0900 In-Reply-To: <20190906104613.GB13943@E5400> (Efraim Flashner's message of "Fri, 6 Sep 2019 13:46:13 +0300") Message-ID: <87r24sviho.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Efraim Flashner writes: > I like the changes to the openntpd service in relation to the other > changes. Great! I'll be awaiting an OK or let some time pass (2 weeks from now) before I merge these patches into master. You may want to check out the fixes I did to the openntp package/service here as well: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318. Thank you, Maxim From unknown Sat Jun 14 19:21:33 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options. Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 08 Sep 2019 08:07:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 37295 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Maxim Cournoyer Cc: 37295@debbugs.gnu.org Received: via spool by 37295-submit@debbugs.gnu.org id=B37295.15679300045312 (code B ref 37295); Sun, 08 Sep 2019 08:07:01 +0000 Received: (at 37295) by debbugs.gnu.org; 8 Sep 2019 08:06:44 +0000 Received: from localhost ([127.0.0.1]:38335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6sDc-0001Nc-9z for submit@debbugs.gnu.org; Sun, 08 Sep 2019 04:06:44 -0400 Received: from flashner.co.il ([178.62.234.194]:43392) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6sDb-0001NQ-27 for 37295@debbugs.gnu.org; Sun, 08 Sep 2019 04:06:43 -0400 Received: from localhost (unknown [188.120.128.191]) by flashner.co.il (Postfix) with ESMTPSA id E17FC401E4; Sun, 8 Sep 2019 08:06:36 +0000 (UTC) Date: Sun, 8 Sep 2019 11:06:35 +0300 From: Efraim Flashner Message-ID: <20190908080635.GB977@E5400> References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> <20190905070943.GT13917@E5400> <87k1apx0tw.fsf_-_@gmail.com> <20190906104613.GB13943@E5400> <87r24sviho.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xgyAXRrhYN0wYx8y" Content-Disposition: inline In-Reply-To: <87r24sviho.fsf@gmail.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 User-Agent: Mutt/1.12.1 (2019-06-15) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --xgyAXRrhYN0wYx8y Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 07, 2019 at 01:27:15PM +0900, Maxim Cournoyer wrote: > Efraim Flashner writes: >=20 > > I like the changes to the openntpd service in relation to the other > > changes. >=20 > Great! I'll be awaiting an OK or let some time pass (2 weeks from now) > before I merge these patches into master. >=20 > You may want to check out the fixes I did to the openntp package/service > here as well: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D37318. >=20 This looks good to me! --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --xgyAXRrhYN0wYx8y Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl10tosACgkQQarn3Mo9 g1EKkw//ai92NyvszB0U4gv/5W3ynEUqfcv4NO/q5O92rbo2Szv6yMh30vBfGnvm yX290A2bjMWH5UmF+1l8UF61Z7+D2QUnK7MwYIJfjw7BEatvoEzV1JwMNZktNF35 CmK95O9H7O+RKfteuZrz/96O+GNjKCIy1OoOlYKPJ/+rb07xZbCkUVUu5xc9dV5T PewgQH2+mtwKxt/9eg0Haj2Jb+nVp6o3jirr4QOBBhASD/H/c/8cecFUPLGfB9JC k+Xp9hSwVbco2B6EN+LXFxKjcPLwTfouVu0fg7GbGzcy4bt4l5nIGJJaLV9v459h W0cDQAh9v7mhNzzTm3korL+g3RXksNMfI3sOWUiWsEPJClIRIAabAZ2f1HTTemEV vXVyO/6X7J6c1UcrFK+7RDuTcPUv1auMzKpFWW2Ioas+v9vYOK3vuoBaqb8Jte4W 8ulHFdw2AWyD1Mql1QjEcgf3J5LIEfxH9+C+hUrEr/U4Vy3av+0GUTdx0if9JncH dEvKN+oxhrQ4jc8vOUdBDnxkDXEvDk7mLkLMqyVfdNfPyBsYyF/JxdyNmFvCD9kp qCzRgU2I1GOjlEIZ+GmL7J9zzDGHM9+CawiAxy+0993o7Gn9zLd1JVG7zIhSuPqH /bmR8/pVfsRE0iVIUXsu3Ucp0ekg8zAYf7BvreUPtIhu9MLapQc= =W6i0 -----END PGP SIGNATURE----- --xgyAXRrhYN0wYx8y-- From unknown Sat Jun 14 19:21:33 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: maxim.cournoyer@gmail.com Subject: bug#37295: closed (Re: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options.) Message-ID: References: <87h85mzx8n.fsf@gmail.com> <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> X-Gnu-PR-Message: they-closed 37295 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 37295@debbugs.gnu.org Date: Sun, 08 Sep 2019 14:20:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1567952402-31432-1" This is a multi-part message in MIME format... ------------=_1567952402-31432-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #37295: [PATCH] services: ntp: Support different NTP server types and optio= ns. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 37295@debbugs.gnu.org. --=20 37295: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D37295 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1567952402-31432-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 37295-done) by debbugs.gnu.org; 8 Sep 2019 14:19:49 +0000 Received: from localhost ([127.0.0.1]:39013 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6y2e-0008AU-Jd for submit@debbugs.gnu.org; Sun, 08 Sep 2019 10:19:48 -0400 Received: from mail-pf1-f182.google.com ([209.85.210.182]:39563) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i6y2d-0008AH-12 for 37295-done@debbugs.gnu.org; Sun, 08 Sep 2019 10:19:47 -0400 Received: by mail-pf1-f182.google.com with SMTP id s12so7522296pfe.6 for <37295-done@debbugs.gnu.org>; Sun, 08 Sep 2019 07:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=Dv7OL0jhSEg/U290SRTW3g4viMG0GmUOu+PmtFDKtDk=; b=e3YtUp8eD/p7mvwnJmFug4RfJKpqvzLchPO0OPCzttjRQ0mH8sJ0CvW28BSYitjuoB 9h90UzDvCCtox4rMSOKgGBnlEkJx/FB1XZlIcf341U7pUelKri8ylWLe1enZLZdlbbTE qsjikxAHD/Ws9HVcGnyM3O6RBrNpy10kHjYT3/YnngcYbwInKsEInVkYrQKkInT2Vdax X73vJQ1+cycFq189QTKewAXF5cPNAl0jk6pDlmboUyXA9l/GKIMZtCN6G3AgHbdBsRoh GXTZ22Kh6Lt6iFJ9rW0kvSCcWI7E93XuBawpJcdsHEt4jIILHfWGUcswBfJRRvUA9bE7 VKgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Dv7OL0jhSEg/U290SRTW3g4viMG0GmUOu+PmtFDKtDk=; b=j4nRv6TQKeBqk2Kc24390oecXW1sIeIX0etrgFHLlbOfm1Tvetc4ES/CIXDJtaweAL hca2QNP9EUfUQUVFKtGk4wjGrTS7PMBhzYQAsheKaZrOKxMKVGM4kAtbRTZUxBMiMYim TqBxpyA1KzVcUXvr+TC3ux1FZt4YDBROLQC5pKJeF+PwT1bKJ0+RRxsoT1H9jM7ssUB5 eJya37SYBtWwg6P0ZYkWJVBWWUTzcg2sAz80ht+0fQricsktmTobDRimn9gQRmQCnRv+ rHY7ZjwHgqXpv7D05GFUPPZAseSVg6GrATMz4cYD8ZkMi9chQretqyrMRbi5unBGCJAv qONQ== X-Gm-Message-State: APjAAAWCSKoIgJLC1MYje2eT2ZP109xCc6/ok7Kk1rCGii0xb5KXwbH0 35Y05WyrwrErxAPLX1XA/GHv2nBa X-Google-Smtp-Source: APXvYqwLUlJFfbKdgYiw3A4QLCgY8Ye1r5mHzw2J9ZvcI0VeiI2lR847J++/qnThDZDhi+GJCaPoDg== X-Received: by 2002:a17:90a:148:: with SMTP id z8mr20231597pje.96.1567952380955; Sun, 08 Sep 2019 07:19:40 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id o19sm10518331pjr.23.2019.09.08.07.19.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Sep 2019 07:19:40 -0700 (PDT) From: Maxim Cournoyer To: Efraim Flashner Subject: Re: [bug#37295] [PATCHv3] services: ntp: Support different NTP server types and options. References: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> <87ef0wzz3j.fsf_-_@gmail.com> <20190905070943.GT13917@E5400> <87k1apx0tw.fsf_-_@gmail.com> <20190906104613.GB13943@E5400> <87r24sviho.fsf@gmail.com> <20190908080635.GB977@E5400> Date: Sun, 08 Sep 2019 23:19:36 +0900 In-Reply-To: <20190908080635.GB977@E5400> (Efraim Flashner's message of "Sun, 8 Sep 2019 11:06:35 +0300") Message-ID: <87h85mzx8n.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 37295-done Cc: 37295-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi! Efraim Flashner writes: > On Sat, Sep 07, 2019 at 01:27:15PM +0900, Maxim Cournoyer wrote: >> Efraim Flashner writes: >> >> > I like the changes to the openntpd service in relation to the other >> > changes. >> >> Great! I'll be awaiting an OK or let some time pass (2 weeks from now) >> before I merge these patches into master. >> >> You may want to check out the fixes I did to the openntp package/service >> here as well: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37318. >> > > This looks good to me! Thanks for the quick feedback; I've merged this into master with commit 5658ae8a0a. Maxim ------------=_1567952402-31432-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 3 Sep 2019 12:22:07 +0000 Received: from localhost ([127.0.0.1]:59378 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i57ov-0000Tq-08 for submit@debbugs.gnu.org; Tue, 03 Sep 2019 08:22:07 -0400 Received: from lists.gnu.org ([209.51.188.17]:44437) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1i57or-0000Tf-J3 for submit@debbugs.gnu.org; Tue, 03 Sep 2019 08:21:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33176) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i57op-0007Rb-4J for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:57 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM, SPOOFED_FREEMAIL,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i57om-0006kX-LH for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:55 -0400 Received: from mail-pg1-x544.google.com ([2607:f8b0:4864:20::544]:42044) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i57om-0006jr-80 for guix-patches@gnu.org; Tue, 03 Sep 2019 08:21:52 -0400 Received: by mail-pg1-x544.google.com with SMTP id p3so9034775pgb.9 for ; Tue, 03 Sep 2019 05:21:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=Z4nWXbeZpEfvT59hSAKYeU7lKIfIGPnYLn1YJN+Ao00=; b=BxeIMhZ+LcQ8/p0NRhFOkMIYox2VBAopyOY/Q+bU62njlPdVn71uPKEpQ4PfbsVqay No02iGqyES04bJCIS1p/tztGqZtZC0tgKGd0mia/5TgpliaGlBI7WOxCHZpSunKsXgOK BK2cEYgU/vgA/YAHzZnfUxGmv6qiLq0WmoLILnMrNmXBzgT4PXFWhIWYsS6P0Np1dqlS 0VK7fcAT1RhArGewsHCNmqPkOjTXf4aYKNVkUPrSHTFWwg45zDQpE1WXMqKLGX4/M8sd sbKYV72ruysD42b244hSbjVL4yBtYIje65HgqYlslRVp5FjpdUH5DuGKm2zFD2FioSxK 8a8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=Z4nWXbeZpEfvT59hSAKYeU7lKIfIGPnYLn1YJN+Ao00=; b=acYpgyRX7/I5e/GJ7YmBYJ7Px86wlO+mUsDJO8PQzXLFRC1XBrbCz40vELPpRB50xG zsFRQykOa1MTn+Mp7uf5vkpKL+4ExWCyNgzEJauZdvdy/FiiIv6hvk/xFiV1ZxUMrirc a7ODxHvq2KrXmezPYEwpLT9LUlgF0VnlvI6uVM3qxAGi/bVlsiwWUO4MtKPhuoGnA8E6 JrpVnu2QnPPGgz3rS9LjSjX3nXm8PR67CVPqa23XooyqIn6a+CQWOv/eEVq4XP1JVMRW K3HmxdGKoIA9iYGy9RYHVxr2qLi7p95R8wAyal9TargDwleExYIHfGVItGpXM+/RTNeD K4Pg== X-Gm-Message-State: APjAAAVKUCYf7HSLfUuzzATdMlxmpSmJHFgUkUtMu2nTJcNZCjV2/dZm uWrLgW07aCB52SPeT7eggeesKIxe X-Google-Smtp-Source: APXvYqym0WiEYDn8RIvjiRIYlZjxIkNWMlZtjKOYLtJyu9T4dO3cttso2YfXpNotFHnr1VNVa2VjuA== X-Received: by 2002:a63:4042:: with SMTP id n63mr29220237pga.75.1567513310210; Tue, 03 Sep 2019 05:21:50 -0700 (PDT) Received: from x200 ([240f:c7:38e9:1:314b:485c:9ba4:72c6]) by smtp.gmail.com with ESMTPSA id d10sm1971510pfh.8.2019.09.03.05.21.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Sep 2019 05:21:49 -0700 (PDT) From: maxim.cournoyer@gmail.com To: guix-patches Subject: [PATCH] services: ntp: Support different NTP server types and options. Date: Tue, 03 Sep 2019 21:21:44 +0900 Message-ID: <8736hd1sfb.fsf@x200.i-did-not-set--mail-host-address--so-tickle-me> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::544 X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Hello! This patch series aims at improving our NTP service. While traveling, my date wouldn't be synchronized correctly, due to my hardware clock (the one configurable through the BIOS) was more than 1000 s off the time queried from the NTP servers, and 'ntpd' was not configured by default to allow an initial correction larger than 1000 s. This patch series fixes this use case (travelling across timezones) and further the ntp-configuration record to allow specifying different types of NTP servers as well as their options. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-services-ntp-Allow-large-adjustment-by-default.patch Content-Transfer-Encoding: quoted-printable From=207b86b4c80077690d2bfeed6211d2b52a596d080d Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 00:42:24 +0900 Subject: [PATCH 1/4] services: ntp: Allow large adjustment by default. This is documented as best practice in `man ntpd', and is required to allow the date to be set correctly when traveling (without having to manually upd= ate the hardware clock in the BIOS/UEFI). * gnu/services/networking.scm ()[allow-large-adjustment?]: Set = the default value to #t. * doc/guix.texi (Networking Services): Update documentation. =2D-- doc/guix.texi | 2 +- gnu/services/networking.scm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 031ee53295..50f800ef61 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12990,7 +12990,7 @@ This is the data type for the NTP service configura= tion. This is the list of servers (host names) with which @command{ntpd} will be synchronized. =20 =2D@item @code{allow-large-adjustment?} (default: @code{#f}) +@item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial adjustment of more than 1,000 seconds. =20 diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 376b4ccc4e..e149fe0b69 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -315,7 +315,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." (servers ntp-configuration-servers (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? =2D (default #f))) + (default #t))) ;as recommended in the ntpd manu= al =20 (define ntp-shepherd-service (match-lambda =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0002-services-ntp-Fix-KOD-warning.patch Content-Transfer-Encoding: quoted-printable From=20bc2fe08fd6556a50af5a4209c77938d975f62f8f Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:05:06 +0900 Subject: [PATCH 2/4] services: ntp: Fix KOD warning. Otherwise the following messages would be printed by ntpd: Sep 2 05:18:21 localhost ntpd[15849]: restrict default: KOD does nothing w= ithout LIMITE. Sep 2 05:18:21 localhost ntpd[15849]: restrict ::: KOD does nothing withou= t LIMITED. Debian uses the same set of "restrict" keywords (see: https://sources.debian.org/src/ntp/1:4.2.8p13+dfsg-2/debian/ntp.conf). * gnu/services/networking.scm (ntp-shepherd-service): Add the 'limited' keyword to both the IPv4 and IPv6 'restrict' directives. =2D-- gnu/services/networking.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index e149fe0b69..13a5c6c98d 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -330,8 +330,8 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." " # Disable status queries as a workaround for CVE-2013-5211: # . =2Drestrict default kod nomodify notrap nopeer noquery =2Drestrict -6 default kod nomodify notrap nopeer noquery +restrict default kod nomodify notrap nopeer noquery limited +restrict -6 default kod nomodify notrap nopeer noquery limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0003-doc-Add-index-to-find-ntpd.patch Content-Transfer-Encoding: quoted-printable From=2009f98715e4e7795d88c5b02f24c23f6128120a05 Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:13:26 +0900 Subject: [PATCH 3/4] doc: Add index to find 'ntpd'. * doc/guix.texi (Networking Services): Add @cindex to find 'ntpd' =2D-- doc/guix.texi | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/guix.texi b/doc/guix.texi index 50f800ef61..9de0957d14 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12972,6 +12972,7 @@ objects}). @end deftp =20 @cindex NTP (Network Time Protocol), service +@cindex ntpd, service for the Network Time Protocol daemon @cindex real time clock @defvr {Scheme Variable} ntp-service-type This is the type of the service running the @uref{http://www.ntp.org, =2D-=20 2.23.0 --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0004-services-ntp-Support-different-NTP-server-types-and-.patch Content-Transfer-Encoding: quoted-printable From=2026e74f556c121f24241c3b7b7df5ae1a93d22b2d Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Tue, 3 Sep 2019 10:14:59 +0900 Subject: [PATCH 4/4] services: ntp: Support different NTP server types and options. * gnu/services/networking.scm (ntp-server-types): New enum. (): New record type. (ntp-server->string): New procedure. (%ntp-servers): Define in terms of records. Use the first entrypoint server as a pool instead of a list of static servers. This is m= ore resilient since a new server of the pool can be interrogated on every request. Add the 'iburst' options. (ntp-configuration-servers): Define a custom accessor that warns but honors about the now deprecated server format. (): Use it. * tests/networking.scm: Test it. * doc/guix.texi: Document it. =2D-- doc/guix.texi | 31 ++++++++++- gnu/services/networking.scm | 100 ++++++++++++++++++++++++++++++------ tests/networking.scm | 50 ++++++++++++++++++ 3 files changed, 163 insertions(+), 18 deletions(-) create mode 100644 tests/networking.scm diff --git a/doc/guix.texi b/doc/guix.texi index 9de0957d14..e76c9322d8 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -12988,8 +12988,9 @@ This is the data type for the NTP service configura= tion. =20 @table @asis @item @code{servers} (default: @code{%ntp-servers}) =2DThis is the list of servers (host names) with which @command{ntpd} will = be =2Dsynchronized. +This is the list of servers (@code{} records) with which +@command{ntpd} will be synchronized. See the @code{ntp-server} data type +definition below. =20 @item @code{allow-large-adjustment?} (default: @code{#t}) This determines whether @command{ntpd} is allowed to make an initial @@ -13005,6 +13006,32 @@ List of host names used as the default NTP servers= . These are servers of the @uref{https://www.ntppool.org/en/, NTP Pool Project}. @end defvr =20 +@deftp {Data Type} ntp-server +The data type representing the configuration of a NTP server. + +@table @asis +@item @code{type} (default: @code{'server}) +The type of the NTP server, given as a symbol. One of @code{'pool}, +@code{'server}, @code{'peer}, @code{'broadcast} or @code{'manycastclient}. + +@item @code{address} +The address of the server, as a string. + +@item @code{options} +NTPD options to use with that specific server, given as a list of option n= ames +and/or of option names and values tuples. The following example define a s= erver +to use with the options @option{iburst} and @option{prefer}, as well as +@option{version} 3 and a @option{maxpoll} time of 16 seconds. + +@example +(ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) +@end example +@end table +@end deftp + @cindex OpenNTPD @deffn {Scheme Procedure} openntpd-service-type Run the @command{ntpd}, the Network Time Protocol (NTP) daemon, as impleme= nted diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 13a5c6c98d..752a165941 100644 =2D-- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -51,6 +51,7 @@ #:use-module (guix records) #:use-module (guix modules) #:use-module (guix deprecation) + #:use-module (rnrs enums) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-26) @@ -72,10 +73,18 @@ dhcpd-configuration-pid-file dhcpd-configuration-interfaces =20 =2D %ntp-servers =2D ntp-configuration ntp-configuration? + ntp-configuration-ntp + ntp-configuration-servers + ntp-allow-large-adjustment? + + %ntp-servers + ntp-server + ntp-server-type + ntp-server-address + ntp-server-options + ntp-service ntp-service-type =20 @@ -292,31 +301,87 @@ Protocol (DHCP) client, on all the non-loopback netwo= rk interfaces." (list (service-extension shepherd-root-service-type dhcpd-shepherd-ser= vice) (service-extension activation-service-type dhcpd-activation))))) =20 =2D(define %ntp-servers =2D ;; Default set of NTP servers. These URLs are managed by the NTP Pool = project. =2D ;; Within Guix, Leo Famulari is the administrative= contact =2D ;; for this NTP pool "zone". =2D '("0.guix.pool.ntp.org" =2D "1.guix.pool.ntp.org" =2D "2.guix.pool.ntp.org" =2D "3.guix.pool.ntp.org")) =2D ;;; ;;; NTP. ;;; =20 =2D;; TODO: Export. +(define ntp-server-types (make-enumeration + '(pool + server + peer + broadcast + manycastclient))) + +(define-record-type* + ntp-server make-ntp-server + ntp-server? + ;; The type can be one of the symbols of the NTP-SERVER-TYPE? enumeratio= n. + (type ntp-server-type + (default 'server)) + (address ntp-server-address) ; a string + ;; The list of options can contain single option names or tuples in the = form + ;; '(name value). + (options ntp-server-options + (default '()))) + +(define (ntp-server->string ntp-server) + ;; Serialize the NTP server object as a string, ready to use in the NTP + ;; configuration file. + (define (flatten lst) + (reverse + (let loop ((x lst) + (res '())) + (if (list? x) + (fold loop res x) + (cons (format #f "~s" x) res))))) + + (match ntp-server + (($ type address options) + ;; XXX: It'd be neater if fields were validated at the syntax level (= for + ;; static ones at least). Perhaps the Guix record type could support= a + ;; predicate property on a field? + (unless (enum-set-member? type ntp-server-types) + (error "Invalid NTP server type" type)) + (string-join (cons* (symbol->string type) + address + (flatten options)))))) + +(define %ntp-servers + ;; Default set of NTP servers. These URLs are managed by the NTP Pool pr= oject. + ;; Within Guix, Leo Famulari is the administrative c= ontact + ;; for this NTP pool "zone". + (list + (ntp-server + (type 'pool) + (address "0.guix.pool.ntp.org") + (options '("iburst"))))) ;as recommended in the ntpd man= ual + (define-record-type* ntp-configuration make-ntp-configuration ntp-configuration? (ntp ntp-configuration-ntp (default ntp)) =2D (servers ntp-configuration-servers + (servers %ntp-configuration-servers ;list of objects (default %ntp-servers)) (allow-large-adjustment? ntp-allow-large-adjustment? (default #t))) ;as recommended in the ntpd manu= al =20 +(define (ntp-configuration-servers ntp-configuration) + ;; A wrapper to support the deprecated form of this field. + (let ((ntp-servers (%ntp-configuration-servers ntp-configuration))) + (match ntp-servers + (((? string?) (? string?) ...) + (format (current-error-port) "warning: Defining NTP servers as stri= ngs is \ +deprecated. Please use records instead.\n") + (map (lambda (addr) + (ntp-server + (type 'server) + (address addr) + (options '()))) ntp-servers)) + ((($ ) ($ ) ...) + ntp-servers)))) + (define ntp-shepherd-service (match-lambda (($ ntp servers allow-large-adjustment?) @@ -324,8 +389,7 @@ Protocol (DHCP) client, on all the non-loopback network= interfaces." ;; TODO: Add authentication support. (define config (string-append "driftfile /var/run/ntpd/ntp.drift\n" =2D (string-join (map (cut string-append "server " <= >) =2D servers) + (string-join (map ntp-server->string servers) "\n") " # Disable status queries as a workaround for CVE-2013-5211: @@ -335,7 +399,11 @@ restrict -6 default kod nomodify notrap nopeer noquery= limited =20 # Yet, allow use of the local 'ntpq'. restrict 127.0.0.1 =2Drestrict -6 ::1\n")) +restrict -6 ::1 + +# This is required to use servers from a pool directive when using the 'no= peer' +# option by default, as documented in the 'ntp.conf' manual. +restrict source notrap nomodify noquery\n")) =20 (define ntpd.conf (plain-file "ntpd.conf" config)) diff --git a/tests/networking.scm b/tests/networking.scm new file mode 100644 index 0000000000..001d7df74d =2D-- /dev/null +++ b/tests/networking.scm @@ -0,0 +1,50 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright =C2=A9 2019 Maxim Cournoyer +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests networking) + #:use-module (gnu services networking) + #:use-module (srfi srfi-64)) + +;;; Tests for the (gnu services networking) module. + +(define ntp-server->string (@@ (gnu services networking) ntp-server->strin= g)) + +(define %ntp-server-sample + (ntp-server + (type 'server) + (address "some.ntp.server.org") + (options `(iburst (version 3) (maxpoll 16) prefer)))) + +(test-begin "networking") + +(test-equal "ntp-server->string" + (ntp-server->string %ntp-server-sample) + "server some.ntp.server.org iburst version 3 maxpoll 16 prefer") + +(test-equal "ntp configuration servers deprecated form" + (ntp-configuration-servers + (ntp-configuration + (servers (list (ntp-server + (type 'server) + (address "example.pool.ntp.org") + (options '())))))) + (ntp-configuration-servers + (ntp-configuration + (servers (list "example.pool.ntp.org"))))) + +(test-end "networking") =2D-=20 2.23.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl1uWtgACgkQEmDkZILm NWLyug/9EzW5jH7Otyc2P/jk/4+Dmeg0Eqb+rtxVDD43H+gVOt2XWL9xH0Gdh2wa Fjh7LB75xSOAwKC38aNhb/lZ6YhisqAE0fnZ84XrCyPon6s/sgsml4hhpUoMLYUz S1Ce0He3LcxULTZQA7loaRTxcRvaqe/8CpB4/fliQZ5O+B+W/1yId+/psAHLpyM+ Fjt/oY6uwnL4He9ZH1MG+W8novH6oEh34KspdgdmtIXLcZzzX7vWkFdosWATMIPL 7+9z+hzlRVrcqsBirWVwjmfhMh/w6u1C68XHZ4RZpl0M639XgX9GSh+G9Wx5jIc2 A2n6WZNmRQKYaSVDj3NhsxTJDgG+1TfHwd117BAqu17qTvJJWhx2ptW+6bs45sxZ EBAr6+1H6BUeUKLRuE8T7efxRnkAbbD0HeRwUQpRLsfZgByzx8Zeqrfpvo+djiQO YGoRM8hqDjzkFa8y8wemJCm8w3/hoW3a4KwhihIcbtQvh5Il/55ZOkdjLgBLNPJb 3eXZvCjX6onF7CGpCclIZM+n4hL2N/EN7sVumFXHszFLhh0CKyjoTzzdEzHQZ96i QWLZ3TwRh+m/P647PRf+hr33p2txlIhEKuvX6MTDklyr31sDvIrrURgWUZMjI123 u7OQr/sE95kmnkWXOQohKI15i3OB8tH0QfgEwH1YuQLRTvRNgm0= =sGdI -----END PGP SIGNATURE----- --==-=-=-- ------------=_1567952402-31432-1--