From: Peter Wagner <​tripolar@gmx.at>
Date: Mon, 14 Nov 2011 18:30:05 +0000 (+0000)
Subject: [packages] ntpd: * use libcap to drop roots privileges
X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=21ce951e4b5f0b6d44dc5b2480de84cf5c59df09

[packages] ntpd: * use libcap to drop roots privileges
                 * add ntp-key and ntp-key-ssl (linked against OpenSSL)
                 * update init file
                    - add ntp group and user
                 * compile with --without-lineeditlibs
                 * add ntptime to the ntp-utils package


SVN-Revision: 29127
---

diff --git a/net/ntpd/Makefile b/net/ntpd/Makefile
index 311c9d291f..9e034a2df0 100644
--- a/net/ntpd/Makefile
+++ b/net/ntpd/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ntp
 PKG_VERSION:=4.2.6p4
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/
@@ -30,6 +30,7 @@ define Package/ntpd/Default
   TITLE:=ISC ntp
   MAINTAINER:=Peter Wagner <tripolar@gmx.at>
   URL:=http://www.ntp.org/
+  DEPENDS:=+libcap
 endef
 
 define Package/ntpd/Default/description
@@ -54,7 +55,7 @@ define Package/ntpd-ssl
 $(call Package/ntpd/Default)
   TITLE+= server (with OpenSSL support)
   VARIANT:=ssl
-  DEPENDS:=+libopenssl
+  DEPENDS+= +libopenssl
 endef
 
 define Package/ntpd-ssl/description
@@ -79,13 +80,37 @@ define Package/ntp-utils
 $(call Package/ntpd/Default)
   TITLE+= utilities
   VARIANT:=nossl
-  DEPENDS:=+libncurses
 endef
 
 define Package/ntp-utils/description
 $(call Package/ntpd/Default/description)
  .
- This package contains ntpdc and ntpq.
+ This package contains ntpdc, ntpq and ntptime.
+endef
+
+define Package/ntp-keygen
+$(call Package/ntpd/Default)
+  TITLE+=keygen
+  VARIANT:=nossl
+endef
+
+define Package/ntp-keygen/description
+$(call Package/ntpd/Default/description)
+ .
+ This package contains the ntp-keygen.
+endef
+
+define Package/ntp-keygen-ssl
+$(call Package/ntpd/Default)
+  TITLE+=keygen (with OpenSSL support)
+  VARIANT:=ssl
+  DEPENDS+= +libopenssl
+endef
+
+define Package/ntp-keygen-ssl/description
+$(call Package/ntpd/Default/description)
+ .
+ This package contains the ntp-keygen with OpenSSL support.
 endef
 
 define Package/ntpd/conffiles
@@ -103,11 +128,12 @@ CONFIGURE_VARS += \
 CONFIGURE_ARGS += \
 	--disable-all-clocks \
 	--disable-parse-clocks \
+	--without-ntpsnmpd \
+	--without-lineeditlibs \
 	--enable-NMEA \
 	--enable-LOCAL-CLOCK \
 	--enable-SHM \
-	--disable-linuxcaps \
-	--without-ntpsnmpd \
+	--enable-linuxcaps
 
 ifeq ($(BUILD_VARIANT),ssl)
   CONFIGURE_ARGS += \
@@ -153,9 +179,19 @@ define Package/ntp-utils/install
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ntpdc/ntpdc $(1)/usr/sbin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ntpq/ntpq $(1)/usr/sbin/
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/util/ntptime $(1)/usr/sbin/
 endef
 
+define Package/ntp-keygen/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/util/ntp-keygen $(1)/usr/sbin/
+endef
+
+Package/ntp-keygen-ssl/install = $(Package/ntp-keygen/install)
+
 $(eval $(call BuildPackage,ntpd))
 $(eval $(call BuildPackage,ntpd-ssl))
 $(eval $(call BuildPackage,ntpdate))
 $(eval $(call BuildPackage,ntp-utils))
+$(eval $(call BuildPackage,ntp-keygen))
+$(eval $(call BuildPackage,ntp-keygen-ssl))
diff --git a/net/ntpd/files/ntp.conf b/net/ntpd/files/ntp.conf
index b810305027..8bfb8e3d50 100644
--- a/net/ntpd/files/ntp.conf
+++ b/net/ntpd/files/ntp.conf
@@ -1,13 +1,12 @@
-# use a random selection of 8 public stratum 2 servers
+# use a random selection of 4 public stratum 2 servers
 # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
 
 #restrict default nomodify notrap noquery
 #restrict default noquery
 
-
 restrict 127.0.0.1
 
-driftfile  /tmp/ntp.drift
+driftfile  /var/lib/ntp/ntp.drift
 
 server 0.openwrt.pool.ntp.org iburst
 server 1.openwrt.pool.ntp.org iburst
diff --git a/net/ntpd/files/ntpd.init b/net/ntpd/files/ntpd.init
index 978d92c2ec..5eb75f6461 100644
--- a/net/ntpd/files/ntpd.init
+++ b/net/ntpd/files/ntpd.init
@@ -2,13 +2,18 @@
 # Copyright (C) 2006-2011 OpenWrt.org
 
 START=65
+STOP=65
 
 SERVICE_USE_PID=1
 
 start() {
 #	ln -sf /dev/ttyS0 /dev/gps0
 #	/usr/sbin/setgarmin -d /dev/gps -c /etc/setgarmin.conf
-	service_start /sbin/ntpd -g -p /var/run/ntpd.pid
+	user_exists ntp 123 || user_add ntp 123 123 ntp /var/lib/ntp
+	group_exists ntp 123 || group_add ntp 123
+	mkdir -p /var/lib/ntp
+	chown -R ntp:ntp /var/lib/ntp
+	service_start /sbin/ntpd -g -u ntp:ntp -p /var/run/ntpd.pid
 }
 
 stop() {