[ntp]: build ntp with various fixes (sonic-net#6037)

- NTP Bug 1970 (UNLINK_EXPR_SLIST empty list) Fix - ENOBUFS log message level set to WARN - Fix audit message seen on console apparmor - add force-confold option when install ntp Signed-off-by: Guohan Lu <[email protected]> Co-authored-by: Prabhu Sreenivasan <prabhu.sreenivasan@broadcom>
stephenxs · Dec 2, 2020 · 4812953 · 4812953
1 parent c59975c
commit 4812953
Show file tree

Hide file tree

Showing 12 changed files with 149 additions and 1 deletion.
diff --git a/build_debian.sh b/build_debian.sh
@@ -271,7 +271,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
     vim                     \
     tcpdump                 \
     dbus                    \
-    ntp                     \
     ntpstat                 \
     openssh-server          \
     python                  \
@@ -445,6 +444,7 @@ if [ -f files/image_config/ntp/ntp ]; then
 fi
 
 if [ -f files/image_config/ntp/ntp-systemd-wrapper ]; then
+    sudo mkdir -p $FILESYSTEM_ROOT/usr/lib/ntp/
     sudo cp ./files/image_config/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/lib/ntp/
 fi
 

diff --git a/files/build_templates/sonic_debian_extension.j2 b/files/build_templates/sonic_debian_extension.j2
@@ -90,6 +90,11 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/iptables_*.deb || \
     sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f
 
+# Install a more recent version of ntp  (and its dependencies via 'apt-get -y install -f')
+sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \
+    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \
+    -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -f
+
 # Install dependencies for SONiC config engine
 sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \
     python-dev     \

diff --git a/rules/ntp.dep b/rules/ntp.dep
@@ -0,0 +1,10 @@
+
+SPATH       := $($(NTP)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/ntp.mk rules/ntp.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(NTP)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(NTP)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(NTP)_DEP_FILES   := $(DEP_FILES)
+
diff --git a/rules/ntp.mk b/rules/ntp.mk
@@ -0,0 +1,11 @@
+# ntp package
+
+NTP_VERSION = 4.2.8p12+dfsg
+export NTP_VERSION
+
+NTP = ntp_$(NTP_VERSION)-4+deb10u2_amd64.deb
+$(NTP)_SRC_PATH = $(SRC_PATH)/ntp
+SONIC_MAKE_DEBS += $(NTP)
+SONIC_STRETCH_DEBS += $(NTP)
+
+export NTP
diff --git a/slave.mk b/slave.mk
@@ -813,6 +813,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                 $(PYTHON_CLICK) \
                 $(IFUPDOWN2) \
                 $(KDUMP_TOOLS) \
+                $(NTP) \
                 $(LIBPAM_TACPLUS) \
                 $(LIBNSS_TACPLUS) \
                 $(MONIT) \

diff --git a/sonic-slave-buster/Dockerfile.j2 b/sonic-slave-buster/Dockerfile.j2
@@ -275,6 +275,11 @@ RUN apt-get update && apt-get install -y \
         qemu-kvm \
         libvirt-clients \
 {%- endif %}
+# For ntp
+        autogen \
+        libopts25-dev \
+        pps-tools \
+        dh-apparmor \
 # For lm-sensors
         librrd8 \
         librrd-dev \

diff --git a/src/ntp/.gitignore b/src/ntp/.gitignore
@@ -0,0 +1,5 @@
+*+dfsg
+*.buildinfo
+*.changes
+*.xz
+*.deb
diff --git a/src/ntp/Makefile b/src/ntp/Makefile
@@ -0,0 +1,48 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = $(NTP)
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Remove any stale files
+	rm -rf ./ntp-$(NTP_VERSION) ./ntp_$(NTP_VERSION).orig.tar.xz ./ntp_$(NTP_VERSION)-4.debian.tar.xz
+
+	# Get ntp release, debian files
+	wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION).orig.tar.xz
+	wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION)-4.debian.tar.xz
+
+	# UnTar ntp release
+	xzcat ntp_$(NTP_VERSION).orig.tar.xz | tar -xvf -
+
+	pushd ./ntp-4.2.8p12
+
+	# UnTar debian files
+	xzcat ../ntp_$(NTP_VERSION)-4.debian.tar.xz | tar -xvf -
+
+	# Add the additional patch
+	cp ../patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch debian/patches/
+	cp ../patch/update_ENOBUFS_log_level.patch debian/patches/
+	cat ../patch/series  >> debian/patches/series
+
+	# Update the changelog
+	cat ../patch/changelog debian/changelog > debian/changelog.new
+	rm debian/changelog ;  mv debian/changelog.new debian/changelog
+
+	# The debian mirror build likely took place on a system without
+	# libevent installed, thus adding the below for SONiC
+	sed -i 's/--with-locfile=legacy/--with-locfile=legacy --enable-local-libevent/' debian/rules
+
+	# Fix the apparmor profile to avoid the following message
+	# "Failed name lookup - disconnected path"
+	# and go into learning mode.
+	sed -i 's/\/usr\/sbin\/ntpd {/\/usr\/sbin\/ntpd flags=(attach_disconnected complain) {/' debian/apparmor-profile
+
+	# Build source and Debian packages with the symbols
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+
+	popd
+
+	# Move the newly-built .deb packages to the destination directory
+	mv $* $(DEST)/
+
diff --git a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch b/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch
@@ -0,0 +1,26 @@
+Bug 1970 UNLINK_EXPR_SLIST() causes crash if list is empty
+
+From: Arun Barboza <[email protected]>
+
+
+---
+ include/ntp_lists.h |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/include/ntp_lists.h b/include/ntp_lists.h
+index d741974..f90bf23 100644
+--- a/include/ntp_lists.h
++++ b/include/ntp_lists.h
+@@ -184,7 +184,11 @@ do {								\
+ do {								\
+ 	entrytype **ppentry;					\
+ 								\
+-	ppentry = &(listhead);					\
++	if (!listhead) {					\
++		(punlinked) = NULL;				\
++		break;						\
++	}							\
++	else ppentry = &(listhead);				\
+ 								\
+ 	while (!(expr))						\
+ 		if (*ppentry != NULL &&				\
diff --git a/src/ntp/patch/changelog b/src/ntp/patch/changelog
@@ -0,0 +1,12 @@
+ntp (1:4.2.8p12+dfsg-4+deb10u2) stretch; urgency=medium
+
+  * Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING.
+
+ -- Arun Barboza <[email protected]>  Mon, 09 Sep 2019 10:15:35 -0700
+
+ntp (1:4.2.8p12+dfsg-4+deb10u1) stretch; urgency=medium
+
+  * Apply Bug1970 fix for UNLINK_EXPR_SLIST_empty_list from dev branch.
+
+ -- Arun Barboza <[email protected]>  Tue, 25 Jun 2019 14:35:24 -0700
+
diff --git a/src/ntp/patch/series b/src/ntp/patch/series
@@ -0,0 +1,3 @@
+# This series applies on GIT commit d09f041a49c61971f59fc29f505446c63aea51b1
+bug1970-UNLINK_EXPR_SLIST_empty_list.patch
+update_ENOBUFS_log_level.patch
diff --git a/src/ntp/patch/update_ENOBUFS_log_level.patch b/src/ntp/patch/update_ENOBUFS_log_level.patch
@@ -0,0 +1,22 @@
+Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING.
+
+From: Arun Barboza <[email protected]>
+
+
+---
+ ntpd/ntp_io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: b/ntpd/ntp_io.c
+===================================================================
+--- a/ntpd/ntp_io.c
++++ b/ntpd/ntp_io.c
+@@ -4709,7 +4709,7 @@ process_routing_msgs(struct asyncio_read
+
+ 	if (cnt < 0) {
+ 		if (errno == ENOBUFS) {
+-			msyslog(LOG_ERR,
++			msyslog(LOG_WARNING,
+ 				"routing socket reports: %m");
+ 		} else {
+ 			msyslog(LOG_ERR,