[gentoo-commits] repo/gentoo:master commit in: net-misc/ntpsec/files/, net-misc/ntpsec/

["Sam James" <sam@gentoo.org>]

commit:     11ceb07fe0233dc7dd3c9596a6b256aa6c81acb9
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jun 12 11:59:14 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jun 12 11:59:14 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11ceb07f

net-misc/ntpsec: backport glibc[nsd] seccomp patch

Closes: https://bugs.gentoo.org/851531
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch    |  34 ++++
 net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild             | 178 +++++++++++++++++++++
 2 files changed, 212 insertions(+)

diff --git a/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch
new file mode 100644
index 000000000000..5b7a4e51374c
--- /dev/null
+++ b/net-misc/ntpsec/files/ntpsec-1.2.1-seccomp-nsd.patch
@@ -0,0 +1,34 @@
+https://gitlab.com/NTPsec/ntpsec/-/commit/a49d53b7fe1d
+https://bugs.gentoo.org/851531
+
+From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
+Date: Sat, 11 Jun 2022 15:16:15 +0200
+Subject: [PATCH] ntpd/ntp_sandbox.c: allow readv() for glibc nscd
+ getaddrinfo() provider
+
+Otherwise, ntpd crashes from time to time with the following stack trace:
+#0  0x00007f5763bfac4d in readv () from /lib64/libc.so.6
+#1  0x00007f5763c48b4c in __readvall () from /lib64/libc.so.6
+#2  0x00007f5763c467ed in nscd_gethst_r () from /lib64/libc.so.6
+#3  0x00007f5763c46c0d in __nscd_gethostbyname2_r () from /lib64/libc.so.6
+#4  0x00007f5763c15a2a in gethostbyname2_r () from /lib64/libc.so.6
+#5  0x00007f5763bed3ca in gaih_inet.constprop () from /lib64/libc.so.6
+#6  0x00007f5763bee225 in getaddrinfo () from /lib64/libc.so.6
+#7  0x000055fcf0ad6544 in open_TCP_socket ()
+#8  0x000055fcf0ad79b4 in nts_probe ()
+#9  0x000055fcf0ac37c4 in dns_lookup ()
+#10 0x00007f5763b8205a in start_thread () from /lib64/libc.so.6
+#11 0x00007f5763c05d1c in clone3 () from /lib64/libc.so.6
+
+Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
+--- a/ntpd/ntp_sandbox.c
++++ b/ntpd/ntp_sandbox.c
+@@ -357,6 +357,7 @@ int scmp_sc[] = {
+ 	SCMP_SYS(poll),
+ 	SCMP_SYS(pselect6),
+ 	SCMP_SYS(read),
++	SCMP_SYS(readv),	/* nscd getaddrinfo() provider */
+ 	SCMP_SYS(recvfrom),    /* Comment this out for testing.
+ 				* It will die on the first reply.
+ 				* (Or maybe sooner if a request arrives.)
+GitLab

diff --git a/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild b/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild
new file mode 100644
index 000000000000..faba59c221e6
--- /dev/null
+++ b/net-misc/ntpsec/ntpsec-1.2.1-r5.ebuild
@@ -0,0 +1,178 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{8..10} )
+PYTHON_REQ_USE='threads(+)'
+DISTUTILS_USE_SETUPTOOLS=no
+
+inherit distutils-r1 flag-o-matic waf-utils systemd
+
+if [[ ${PV} == *9999* ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://gitlab.com/NTPsec/ntpsec.git"
+else
+	SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~riscv ~x86"
+fi
+
+DESCRIPTION="The NTP reference implementation, refactored"
+HOMEPAGE="https://www.ntpsec.org/"
+
+NTPSEC_REFCLOCK=(
+	oncore trimble truetime gpsd jjy generic spectracom
+	shm pps hpgps zyfer arbiter nmea modem local
+)
+
+IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_}
+
+LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0"
+SLOT="0"
+IUSE="${IUSE_NTPSEC_REFCLOCK} debug doc early gdb heat libbsd nist ntpviz samba seccomp smear" #ionice
+REQUIRED_USE="${PYTHON_REQUIRED_USE} nist? ( rclock_local )"
+
+# net-misc/pps-tools oncore,pps
+DEPEND="${PYTHON_DEPS}
+	dev-libs/openssl:=
+	dev-python/psutil[${PYTHON_USEDEP}]
+	sys-libs/libcap
+	libbsd? ( dev-libs/libbsd:0= )
+	seccomp? ( sys-libs/libseccomp )
+	rclock_oncore? ( net-misc/pps-tools )
+	rclock_pps? ( net-misc/pps-tools )"
+RDEPEND="${DEPEND}
+	!net-misc/ntp
+	!net-misc/openntpd
+	acct-group/ntp
+	acct-user/ntp
+	ntpviz? ( sci-visualization/gnuplot media-fonts/liberation-fonts )"
+BDEPEND=">=app-text/asciidoc-8.6.8
+	dev-libs/libxslt
+	app-text/docbook-xsl-stylesheets
+	sys-devel/bison"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch"
+	"${FILESDIR}/${PN}-1.2.1-seccomp-rollup.patch"
+	"${FILESDIR}/${PN}-1.2.1-seccomp-rseq-glibc-2.35.patch"
+	"${FILESDIR}/${PN}-1.2.1-build-notests.patch"
+	"${FILESDIR}/${PN}-py3-test-clarify.patch"
+	"${FILESDIR}/${PN}-1.2.1-seccomp-nsd.patch"
+)
+
+WAF_BINARY="${S}/waf"
+
+src_prepare() {
+	default
+
+	# Remove autostripping of binaries
+	sed -i -e '/Strip binaries/d' wscript || die
+	if ! use libbsd ; then
+		eapply "${FILESDIR}/${PN}-no-bsd.patch"
+	fi
+	# remove extra default pool servers
+	sed -i '/use-pool/s/^/#/' "${S}"/etc/ntp.d/default.conf || die
+
+	python_copy_sources
+}
+
+src_configure() {
+	is-flagq -flto* && filter-flags -flto* -fuse-linker-plugin
+
+	local string_127=""
+	local rclocks="";
+	local CLOCKSTRING=""
+
+	for refclock in ${NTPSEC_REFCLOCK[@]} ; do
+		if use rclock_${refclock} ; then
+			string_127+="$refclock,"
+		fi
+	done
+	CLOCKSTRING="`echo ${string_127}|sed 's|,$||'`"
+
+	local myconf=(
+		--notests
+		--nopyc
+		--nopyo
+		--enable-pylib ext
+		--refclock="${CLOCKSTRING}"
+		#--build-epoch="$(date +%s)"
+		$(use doc	|| echo "--disable-doc")
+		$(use early	&& echo "--enable-early-droproot")
+		$(use gdb	&& echo "--enable-debug-gdb")
+		$(use samba	&& echo "--enable-mssntp")
+		$(use seccomp	&& echo "--enable-seccomp")
+		$(use smear	&& echo "--enable-leap-smear")
+		$(use debug	&& echo "--enable-debug")
+	)
+
+	python_configure() {
+		waf-utils_src_configure "${myconf[@]}"
+	}
+	python_foreach_impl run_in_build_dir python_configure
+}
+
+src_compile() {
+	unset MAKEOPTS
+	python_compile() {
+		waf-utils_src_compile --notests
+	}
+	python_foreach_impl run_in_build_dir python_compile
+}
+
+src_test() {
+	python_compile() {
+		waf-utils_src_compile check
+	}
+	python_foreach_impl run_in_build_dir python_compile
+}
+
+python_test() {
+	# Silence QA warning as we're running tests via src_test anyway.
+	:;
+}
+
+src_install() {
+	python_install() {
+		waf-utils_src_install --notests
+		python_fix_shebang "${ED}"
+	}
+	python_foreach_impl run_in_build_dir python_install
+	python_foreach_impl python_optimize
+
+	# Install heat generating scripts
+	use heat && dosbin "${S}"/contrib/ntpheat{,usb}
+
+	# Install the openrc files
+	newinitd "${FILESDIR}"/ntpd.rc-r3 ntp
+	newconfd "${FILESDIR}"/ntpd.confd ntp
+
+	# Install the systemd unit file
+	systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service
+
+	# Prepare a directory for the ntp.drift file
+	mkdir -pv "${ED}"/var/lib/ntp
+	chown ntp:ntp "${ED}"/var/lib/ntp
+	chmod 770 "${ED}"/var/lib/ntp
+	keepdir /var/lib/ntp
+
+	# Install a log rotate script
+	mkdir -pv "${ED}"/etc/logrotate.d
+	cp -v "${S}"/etc/logrotate-config.ntpd "${ED}"/etc/logrotate.d/ntpd
+
+	# Install the configuration file and sample configuration
+	cp -v "${FILESDIR}"/ntp.conf "${ED}"/etc/ntp.conf
+	cp -Rv "${S}"/etc/ntp.d/ "${ED}"/etc/
+
+	# move doc files to /usr/share/doc/"${P}"
+	use doc && mv -v "${ED}"/usr/share/doc/"${PN}" "${ED}"/usr/share/doc/"${P}"/html
+}
+
+pkg_postinst() {
+	einfo "If you want to serve time on your local network, then"
+	einfo "you should disable all the ref_clocks unless you have"
+	einfo "one and can get stable time from it.  Feel free to try"
+	einfo "it but PPS probably won't work unless you have a UART"
+	einfo "GPS that actually provides PPS messages."
+}