Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-9]: src/external/bsd/ntp Pull up following revision(s) (requested...
details: https://anonhg.NetBSD.org/src/rev/27a7bf0047cc
branches: netbsd-9
changeset: 940627:27a7bf0047cc
user: martin <martin%NetBSD.org@localhost>
date: Mon Oct 12 10:17:33 2020 +0000
description:
Pull up following revision(s) (requested by kim in ticket #1109):
external/bsd/ntp/bin/ntpq/ntpq.8: file removal
external/bsd/ntp/bin/Makefile.inc: revision 1.4
external/bsd/ntp/bin/ntpd/ntpd.8: file removal
external/bsd/ntp/bin/ntpq/Makefile: revision 1.9 (patch)
external/bsd/ntp/bin/ntpd/Makefile: revision 1.28 (patch)
external/bsd/ntp/bin/sntp/sntp.1: file removal
external/bsd/ntp/bin/ntpd/ntp.keys.5: file removal
external/bsd/ntp/bin/ntpd/ntp.conf.5: file removal
external/bsd/ntp/Makefile.inc: revision 1.20
external/bsd/ntp/Makefile.inc: revision 1.21
external/bsd/ntp/bin/sntp/Makefile: revision 1.8
external/bsd/ntp/bin/ntp-keygen/Makefile: revision 1.7 (patch)
external/bsd/ntp/bin/sntp/Makefile: revision 1.9 (patch)
external/bsd/ntp/bin/ntp-keygen/ntp-keygen.8: file removal
external/bsd/ntp/bin/ntpdc/ntpdc.8: file removal
external/bsd/ntp/bin/ntpdc/Makefile: revision 1.7 (patch)
Fix build; clean manpages only if they are generated automatically.
include bsd.own.mk so that ../../Makefile.inc does not do it...
Add rules for manual pages builds, remove including Makefile.inc
Use .PARSEDIR
PR/55710: Kimmo Suominen: Delete manual pages so that they get copy from the
imported, already generated ones.
diffstat:
external/bsd/ntp/Makefile.inc | 25 +-
external/bsd/ntp/bin/Makefile.inc | 4 +-
external/bsd/ntp/bin/ntp-keygen/Makefile | 4 +-
external/bsd/ntp/bin/ntp-keygen/ntp-keygen.8 | 1084 ----------
external/bsd/ntp/bin/ntpd/Makefile | 4 +-
external/bsd/ntp/bin/ntpd/ntp.conf.5 | 2814 --------------------------
external/bsd/ntp/bin/ntpd/ntp.keys.5 | 170 -
external/bsd/ntp/bin/ntpd/ntpd.8 | 902 --------
external/bsd/ntp/bin/ntpdc/Makefile | 4 +-
external/bsd/ntp/bin/ntpdc/ntpdc.8 | 821 -------
external/bsd/ntp/bin/ntpq/Makefile | 4 +-
external/bsd/ntp/bin/ntpq/ntpq.8 | 404 ---
external/bsd/ntp/bin/sntp/Makefile | 6 +-
external/bsd/ntp/bin/sntp/sntp.1 | 317 --
14 files changed, 40 insertions(+), 6523 deletions(-)
diffs (truncated from 6678 to 300 lines):
diff -r 31b3dc696103 -r 27a7bf0047cc external/bsd/ntp/Makefile.inc
--- a/external/bsd/ntp/Makefile.inc Sun Oct 11 12:36:14 2020 +0000
+++ b/external/bsd/ntp/Makefile.inc Mon Oct 12 10:17:33 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.inc,v 1.18 2019/02/04 04:05:16 mrg Exp $
+# $NetBSD: Makefile.inc,v 1.18.2.1 2020/10/12 10:17:33 martin Exp $
.if !defined(NTP_MAKEFILE_INC)
NTP_MAKEFILE_INC=yes
@@ -12,9 +12,6 @@
WARNS?= 4
-
-.include <bsd.own.mk>
-
IDIST= ${NETBSDSRCDIR}/external/bsd/ntp/dist
NTP_SRCDIR= ${NETBSDSRCDIR}/external/bsd/ntp
NTP_HTMLDIR= /usr/share/doc/reference/ref8
@@ -74,4 +71,24 @@
COPTS.refclock_ulink.c+= -Wno-error=implicit-fallthrough
.endif
+.SUFFIXES: .1 .5 .8 .1ntpdmdoc .5mdoc .1ntp-keygenmdoc .1ntpdcmdoc .1ntpqmdoc .1sntpmdoc
+
+.5mdoc.5:
+ ${TOOL_SED} -e 's/5mdoc/5/g' < ${.IMPSRC} > ${.TARGET}
+
+.1ntpdmdoc.8:
+ ${TOOL_SED} -e 's/1ntpdmdoc/8/g' < ${.IMPSRC} > ${.TARGET}
+
+.1ntp-keygenmdoc.8:
+ ${TOOL_SED} -e 's/1ntp-keygenmdoc/8/g' < ${.IMPSRC} > ${.TARGET}
+
+.1ntpdcmdoc.8:
+ ${TOOL_SED} -e 's/1ntpdcmdoc/8/g' < ${.IMPSRC} > ${.TARGET}
+
+.1ntpqmdoc.8:
+ ${TOOL_SED} -e 's/1ntpqmdoc/8/g' < ${.IMPSRC} > ${.TARGET}
+
+.1sntpmdoc.1:
+ ${TOOL_SED} -e 's/1sntpmdoc/1/g' < ${.IMPSRC} > ${.TARGET}
+
.endif
diff -r 31b3dc696103 -r 27a7bf0047cc external/bsd/ntp/bin/Makefile.inc
--- a/external/bsd/ntp/bin/Makefile.inc Sun Oct 11 12:36:14 2020 +0000
+++ b/external/bsd/ntp/bin/Makefile.inc Mon Oct 12 10:17:33 2020 +0000
@@ -1,3 +1,3 @@
-# $NetBSD: Makefile.inc,v 1.3 2010/12/04 23:08:33 christos Exp $
+# $NetBSD: Makefile.inc,v 1.3.56.1 2020/10/12 10:17:33 martin Exp $
-.include "../Makefile.inc"
+.include "${.PARSEDIR}/../Makefile.inc"
diff -r 31b3dc696103 -r 27a7bf0047cc external/bsd/ntp/bin/ntp-keygen/Makefile
--- a/external/bsd/ntp/bin/ntp-keygen/Makefile Sun Oct 11 12:36:14 2020 +0000
+++ b/external/bsd/ntp/bin/ntp-keygen/Makefile Mon Oct 12 10:17:33 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.5 2013/12/28 03:19:43 christos Exp $
+# $NetBSD: Makefile,v 1.5.34.1 2020/10/12 10:17:33 martin Exp $
.include <bsd.own.mk>
@@ -20,4 +20,6 @@
.PATH: ${DIST}
+CLEANFILES+=${MAN}
+
.include <bsd.prog.mk>
diff -r 31b3dc696103 -r 27a7bf0047cc external/bsd/ntp/bin/ntp-keygen/ntp-keygen.8
--- a/external/bsd/ntp/bin/ntp-keygen/ntp-keygen.8 Sun Oct 11 12:36:14 2020 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1084 +0,0 @@
-.Dd December 24 2013
-.Dt NTP_KEYGEN 8 User Commands
-.Os SunOS 5.10
-.\" EDIT THIS FILE WITH CAUTION (ntp-keygen-opts.mdoc)
-.\"
-.\" It has been AutoGen-ed December 24, 2013 at 11:39:38 AM by AutoGen 5.18.3pre5
-.\" From the definitions ntp-keygen-opts.def
-.\" and the template file agmdoc-cmd.tpl
-.Sh NAME
-.Nm ntp-keygen
-.Nd Create a NTP host key
-.Sh SYNOPSIS
-.Nm
-.\" Mixture of short (flag) options and long options
-.Op Fl flags
-.Op Fl flag Op Ar value
-.Op Fl \-option\-name Ns Oo Oo Ns "=| " Oc Ns Ar value Oc
-.Pp
-All arguments must be options.
-.Pp
-.Sh DESCRIPTION
-This program generates cryptographic data files used by the NTPv4
-authentication and identification schemes.
-It generates MD5 key files used in symmetric key cryptography.
-In addition, if the OpenSSL software library has been installed,
-it generates keys, certificate and identity files used in public key
-cryptography.
-These files are used for cookie encryption,
-digital signature and challenge/response identification algorithms
-compatible with the Internet standard security infrastructure.
-.Pp
-All files are in PEM\-encoded printable ASCII format,
-so they can be embedded as MIME attachments in mail to other sites
-and certificate authorities.
-By default, files are not encrypted.
-.Pp
-When used to generate message digest keys, the program produces a file
-containing ten pseudo\-random printable ASCII strings suitable for the
-MD5 message digest algorithm included in the distribution.
-If the OpenSSL library is installed, it produces an additional ten
-hex\-encoded random bit strings suitable for the SHA1 and other message
-digest algorithms.
-The message digest keys file must be distributed and stored
-using secure means beyond the scope of NTP itself.
-Besides the keys used for ordinary NTP associations, additional keys
-can be defined as passwords for the
-.Xr ntpq 8
-and
-.Xr ntpdc 8
-utility programs.
-.Pp
-The remaining generated files are compatible with other OpenSSL
-applications and other Public Key Infrastructure (PKI) resources.
-Certificates generated by this program are compatible with extant
-industry practice, although some users might find the interpretation of
-X509v3 extension fields somewhat liberal.
-However, the identity keys are probably not compatible with anything
-other than Autokey.
-.Pp
-Some files used by this program are encrypted using a private password.
-The
-.Fl p
-option specifies the password for local encrypted files and the
-.Fl q
-option the password for encrypted files sent to remote sites.
-If no password is specified, the host name returned by the Unix
-.Fn gethostname
-function, normally the DNS name of the host is used.
-.Pp
-The
-.Ar pw
-option of the
-.Ar crypto
-configuration command specifies the read
-password for previously encrypted local files.
-This must match the local password used by this program.
-If not specified, the host name is used.
-Thus, if files are generated by this program without password,
-they can be read back by
-.Ar ntpd
-without password but only on the same host.
-.Pp
-Normally, encrypted files for each host are generated by that host and
-used only by that host, although exceptions exist as noted later on
-this page.
-The symmetric keys file, normally called
-.Ar ntp.keys ,
-is usually installed in
-.Pa /etc .
-Other files and links are usually installed in
-.Pa /usr/local/etc ,
-which is normally in a shared filesystem in
-NFS\-mounted networks and cannot be changed by shared clients.
-The location of the keys directory can be changed by the
-.Ar keysdir
-configuration command in such cases.
-Normally, this is in
-.Pa /etc .
-.Pp
-This program directs commentary and error messages to the standard
-error stream
-.Ar stderr
-and remote files to the standard output stream
-.Ar stdout
-where they can be piped to other applications or redirected to files.
-The names used for generated files and links all begin with the
-string
-.Ar ntpkey
-and include the file type, generating host and filestamp,
-as described in the
-.Dq Cryptographic Data Files
-section below.
-.Ss Running the Program
-To test and gain experience with Autokey concepts, log in as root and
-change to the keys directory, usually
-.Pa /usr/local/etc
-When run for the first time, or if all files with names beginning with
-.Ar ntpkey
-have been removed, use the
-.Nm
-command without arguments to generate a
-default RSA host key and matching RSA\-MD5 certificate with expiration
-date one year hence.
-If run again without options, the program uses the
-existing keys and parameters and generates only a new certificate with
-new expiration date one year hence.
-.Pp
-Run the command on as many hosts as necessary.
-Designate one of them as the trusted host (TH) using
-.Nm
-with the
-.Fl T
-option and configure it to synchronize from reliable Internet servers.
-Then configure the other hosts to synchronize to the TH directly or
-indirectly.
-A certificate trail is created when Autokey asks the immediately
-ascendant host towards the TH to sign its certificate, which is then
-provided to the immediately descendant host on request.
-All group hosts should have acyclic certificate trails ending on the TH.
-.Pp
-The host key is used to encrypt the cookie when required and so must be
-RSA type.
-By default, the host key is also the sign key used to encrypt
-signatures.
-A different sign key can be assigned using the
-.Fl S
-option and this can be either RSA or DSA type.
-By default, the signature
-message digest type is MD5, but any combination of sign key type and
-message digest type supported by the OpenSSL library can be specified
-using the
-.Fl c
-option.
-The rules say cryptographic media should be generated with proventic
-filestamps, which means the host should already be synchronized before
-this program is run.
-This of course creates a chicken\-and\-egg problem
-when the host is started for the first time.
-Accordingly, the host time
-should be set by some other means, such as eyeball\-and\-wristwatch, at
-least so that the certificate lifetime is within the current year.
-After that and when the host is synchronized to a proventic source, the
-certificate should be re\-generated.
-.Pp
-Additional information on trusted groups and identity schemes is on the
-.Dq Autokey Public\-Key Authentication
-page.
-.Pp
-The
-.Xr ntpd 8
-configuration command
-.Ic crypto pw Ar password
-specifies the read password for previously encrypted files.
-The daemon expires on the spot if the password is missing
-or incorrect.
-For convenience, if a file has been previously encrypted,
-the default read password is the name of the host running
-the program.
-If the previous write password is specified as the host name,
-these files can be read by that host with no explicit password.
-.Pp
-File names begin with the prefix
-.Cm ntpkey_
-and end with the postfix
-.Ar _hostname.filestamp ,
-where
-.Ar hostname
-is the owner name, usually the string returned
-by the Unix gethostname() routine, and
-.Ar filestamp
-is the NTP seconds when the file was generated, in decimal digits.
-This both guarantees uniqueness and simplifies maintenance
-procedures, since all files can be quickly removed
-by a
-.Ic rm ntpkey\&*
-command or all files generated
-at a specific time can be removed by a
-.Ic rm
-.Ar \&*filestamp
-command.
-To further reduce the risk of misconfiguration,
-the first two lines of a file contain the file name
-and generation date and time as comments.
-.Pp
-All files are installed by default in the keys directory
-.Pa /usr/local/etc ,
-which is normally in a shared filesystem
-in NFS\-mounted networks.
-The actual location of the keys directory
-and each file can be overridden by configuration commands,
-but this is not recommended.
-Normally, the files for each host are generated by that host
-and used only by that host, although exceptions exist
-as noted later on this page.
-.Pp
-Normally, files containing private values,
-including the host key, sign key and identification parameters,
-are permitted root read/write\-only;
-while others containing public values are permitted world readable.
-Alternatively, files containing private values can be encrypted
-and these files permitted world readable,
-which simplifies maintenance in shared file systems.
-Since uniqueness is insured by the hostname and
-file name extensions, the files for a NFS server and
-dependent clients can all be installed in the same shared directory.
-.Pp
-The recommended practice is to keep the file name extensions
Home |
Main Index |
Thread Index |
Old Index