ntpsec: Add recipe

NTPsec, "a secure, hardened, and improved implementation of Network Time Protocol derived from NTP Classic, Dave Mills’s original." Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Alex Kiernan <alexk@zuma.ai> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2026-06-05 14:59:55 +00:00 · 2021-11-03 12:10:16 +00:00
parent 611700b6a0
commit 57776d013a
3 changed files with 227 additions and 0 deletions
@@ -0,0 +1,111 @@
+From ba368822d0a197cb84c46c911d40d0c52cf9c391 Mon Sep 17 00:00:00 2001
+From: Hal Murray <hmurray@megapathdsl.net>
+Date: Sun, 2 May 2021 22:24:26 -0700
+Subject: [PATCH] Update to OpenSSL 3.0.0-alpha15
+
+Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/ba368822d0a197cb84c46c911d40d0c52cf9c391]
+Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
+Signed-off-by: Alex Kiernan <alexk@zuma.ai>
+---
+ attic/cmac-timing.c | 37 ++++++++++++++-----------------------
+ 1 file changed, 14 insertions(+), 23 deletions(-)
+
+diff --git a/attic/cmac-timing.c b/attic/cmac-timing.c
+index c2088db63a4c..464daa76b9e6 100644
+--- a/attic/cmac-timing.c
+++ b/attic/cmac-timing.c
+@@ -225,28 +225,14 @@ static void DoPKEY(
+ #if OPENSSL_VERSION_NUMBER > 0x20000000L
+ static size_t One_EVP_MAC(
+   EVP_MAC_CTX *ctx,         /* context  */
+-  char *cipher,
+   uint8_t *key,             /* key pointer */
+   int     keylength,        /* key length */
+   uint8_t *pkt,             /* packet pointer */
+   int     pktlength         /* packet length */
+ ) {
+-	OSSL_PARAM params[3];
+ 	size_t len = EVP_MAX_MD_SIZE;
+ 
+-	params[0] =
+-          OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
+-	params[1] =
+-          OSSL_PARAM_construct_octet_string("key", key, keylength);
+-	params[2] = OSSL_PARAM_construct_end();
+-	if (0 == EVP_MAC_CTX_set_params(ctx, params)) {
+-		unsigned long err = ERR_get_error();
+-		char * str = ERR_error_string(err, NULL);
+-		printf("## Oops, EVP_MAC_CTX_set_params() failed: %s.\n", str);
+-		return 0;
+-	}
+-
+-	if (0 == EVP_MAC_init(ctx)) {
+	if (0 == EVP_MAC_init(ctx, key, keylength, NULL)) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+ 		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+@@ -255,13 +241,13 @@ static size_t One_EVP_MAC(
+ 	if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+-		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+		printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
+ 		return 0;
+ 	}
+ 	if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+-		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+		printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
+ 		return 0;
+ 	}
+ 	return len;
+@@ -290,7 +276,7 @@ static void Do_EVP_MAC(
+ 
+ 	clock_gettime(CLOCK_MONOTONIC, &start);
+ 	for (int i = 0; i < SAMPLESIZE; i++) {
+-		digestlength = One_EVP_MAC(evp, cbc, key, keylength, pkt, pktlength);
+		digestlength = One_EVP_MAC(evp, key, keylength, pkt, pktlength);
+ if (0 == digestlength) break;
+ 	}
+ 	clock_gettime(CLOCK_MONOTONIC, &stop);
+@@ -305,26 +291,31 @@ static size_t One_EVP_MAC2(
+   uint8_t *pkt,             /* packet pointer */
+   int     pktlength         /* packet length */
+ ) {
+	EVP_MAC_CTX *dup;
+ 	size_t len = EVP_MAX_MD_SIZE;
+ 
+-	if (0 == EVP_MAC_init(ctx)) {
+	// dup = ctx;
+	dup = EVP_MAC_CTX_dup(ctx);
+
+	if (0 == EVP_MAC_init(dup, NULL, 0, NULL)) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+ 		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+ 		return 0;
+ 	}
+-	if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
+	if (0 == EVP_MAC_update(dup, pkt, pktlength)) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+-		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+		printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
+ 		return 0;
+ 	}
+-	if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
+	if (0 == EVP_MAC_final(dup, answer, &len, sizeof(answer))) {
+ 		unsigned long err = ERR_get_error();
+ 		char * str = ERR_error_string(err, NULL);
+-		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
+		printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
+ 		return 0;
+ 	}
+	EVP_MAC_CTX_free(dup);
+ 	return len;
+ }
+ 
+-- 
+2.33.0
+
@@ -0,0 +1,3 @@
+d ntp ntp 0755 @NTP_USER_HOME@ none
+d ntp ntp 0755 /var/log/ntpstats none
+f ntp ntp 0644 /var/log/ntpd.log none
@@ -0,0 +1,113 @@
+SUMMARY = "The Network Time Protocol suite, refactored"
+HOMEPAGE = "https://www.ntpsec.org/"
+
+LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=0520591566b6ed3a9ced8b15b4d4abf9 \
+                    file://libjsmn/LICENSE;md5=38118982429881235de8adf478a8e75d \
+                    file://docs/copyright.adoc;md5=9a1e3fce4b630078cb67ba2b619d2b13 \
+                    file://libaes_siv/COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+DEPENDS += "bison-native \
+            openssl \
+            python3"
+
+SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
+           file://0001-Update-to-OpenSSL-3.0.0-alpha15.patch \
+           file://volatiles.ntpsec"
+
+SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
+
+inherit pkgconfig python3-dir python3targetconfig systemd update-alternatives update-rc.d useradd waf
+
+PACKAGECONFIG = "${@bb.utils.filter('DISTRO_FEATURES', 'seccomp systemd', d)} \
+                 cap \
+                 leap-smear \
+                 mdns \
+                 mssntp \
+                 nts \
+                 refclocks"
+PACKAGECONFIG[cap] = ",,libcap"
+PACKAGECONFIG[leap-smear] = "--enable-leap-smear"
+PACKAGECONFIG[mdns] = ",,mdns"
+PACKAGECONFIG[mssntp] = "--enable-mssntp"
+PACKAGECONFIG[nts] = ",--disable-nts"
+PACKAGECONFIG[refclocks] = "--refclock=all,,pps-tools"
+PACKAGECONFIG[seccomp] = "--enable-seccomp,,libseccomp"
+PACKAGECONFIG[systemd] = ",,systemd"
+
+CC[unexport] = "1"
+CFLAGS[unexport] = "1"
+LDFLAGS[unexport] = "1"
+
+export PYTHON_VERSION = "${PYTHON_BASEVERSION}"
+export PYTAG = "cpython${@ d.getVar('PYTHON_BASEVERSION').replace('.', '')}"
+export pyext_PATTERN = "%s.so"
+export PYTHON_LDFLAGS = "-lpthread -ldl"
+
+CFLAGS:append = " -I${PYTHON_INCLUDE_DIR}"
+
+EXTRA_OECONF = "--cross-compiler='${CC}' \
+                --cross-cflags='${CFLAGS}' \
+                --cross-ldflags='${LDFLAGS}' \
+                --pyshebang=${bindir}/python3 \
+                --pythondir=${PYTHON_SITEPACKAGES_DIR} \
+                --pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \
+                --enable-debug \
+                --enable-debug-gdb \
+                --enable-early-droproot"
+
+EXTRA_OEWAF_BUILD ?= "-v"
+
+NTP_USER_HOME ?= "/var/lib/ntp"
+
+do_install:append() {
+	install -d ${D}${sysconfdir}/init.d
+	install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d
+	cp -r ${S}/etc/ntp.d ${D}${sysconfdir}
+
+	sed -e 's:@NTP_USER_HOME@:${NTP_USER_HOME}:g' ${WORKDIR}/volatiles.ntpsec >${T}/volatiles.ntpsec
+	if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then
+		cp ${B}/main/etc/* ${D}${systemd_system_unitdir}
+		awk '{print $1, $5, $4, $2, $3, "-"}' ${T}/volatiles.ntpsec >${T}/tmpfiles.ntpsec
+		install -D -m 0644 ${T}/tmpfiles.ntpsec ${D}${nonarch_libdir}/tmpfiles.d/${BPN}.conf
+	else
+		install -D -m 0644 ${T}/volatiles.ntpsec ${D}${sysconfdir}/default/volatiles/99_${BPN}
+	fi
+}
+
+PACKAGE_BEFORE_PN = "${PN}-python ${PN}-utils ${PN}-viz"
+
+FILES:${PN} += "${nonarch_libdir}/tmpfiles.d/ntpsec.conf"
+FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR} \
+                      ${libdir}/libntpc.so.*"
+FILES:${PN}-utils = "${bindir}/ntpdig \
+                     ${bindir}/ntpkeygen \
+                     ${bindir}/ntpleapfetch \
+                     ${bindir}/ntpmon \
+                     ${bindir}/ntpq \
+                     ${bindir}/ntpsnmpd \
+                     ${bindir}/ntpsweep \
+                     ${bindir}/ntptrace \
+                     ${bindir}/ntpwait"
+FILES:${PN}-viz = "${bindir}/ntplogtemp \
+                   ${bindir}/ntpviz"
+
+RDEPENDS:${PN} += "libgcc"
+RDEPENDS:${PN}-utils += "${PN}-python python3-core"
+RDEPENDS:${PN}-viz += "gnuplot ${PN}-python python3-core python3-compression python3-ctypes python3-logging python3-shell"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM:${PN} = "--system --home-dir ${NTP_USER_HOME} \
+                       --no-create-home \
+                       --shell /bin/false --user-group ntp"
+
+INITSCRIPT_NAME = "ntpd"
+
+SYSTEMD_PACKAGES = "${PN} ${PN}-viz"
+SYSTEMD_SERVICE:${PN} = "ntpd.service ntp-wait.service"
+SYSTEMD_SERVICE:${PN}-viz = "ntplogtemp.service ntpviz-weekly.timer ntpviz-weekly.service ntpviz-daily.timer ntpviz-daily.service ntplogtemp.timer"
+
+ALTERNATIVE_PRIORITY = "80"
+
+ALTERNATIVE:${PN} = "ntpd"
+ALTERNATIVE_LINK_NAME[ntpd] = "${sbindir}/ntpd"