PSARC 2015/278 NTP allow_step_at_boot
18408859 NTP Management profile should have auths to edit /etc/inet/ntp.conf
20664660 NTP should have a restart_fmri tag on ntpd in the ntp.p5m file
20683411 ntpd and multiple default route constantly resets state and never sets sys.peer
20874200 NTP should use -preserve_argvalues=complete
21020160 html help files in ntp for RBAC profiles and authorizations must go
21020795 Add "RO" to res1 field of auth_attr.d files in ntp
21155469 NTP should update time at boot and shutdown
--- a/components/ntp/Makefile Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/Makefile Mon Jun 15 17:59:44 2015 -0700
@@ -51,6 +51,8 @@
include $(WS_MAKE_RULES)/ips.mk
CFLAGS += $(studio_C99_ENABLE) -D_XOPEN_SOURCE=600 -D__EXTENSIONS__
+CFLAGS.i386 = -preserve_argvalues=complete
+CFLAGS += $(CFLAGS.$(MACH))
CONFIGURE_ENV += CFLAGS="$(CFLAGS)"
CONFIGURE_OPTIONS += --bindir=/usr/sbin
--- a/components/ntp/Solaris/RtNTPMngmnt.html Mon Jun 15 23:00:30 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
--->
-<HEAD>
- <TITLE> </TITLE>
-
-
-</HEAD>
-<BODY>
-When NTP Management is in the Rights Included column, it grants the right to manage the NTP SMF service.
-<p>
-If NTP Management is grayed, then you are not entitled to Add or Remove this right.
-<p>
-</BODY>
-</HTML>
--- a/components/ntp/Solaris/SmfNTPStates.html Mon Jun 15 23:00:30 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,36 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
--->
-<!--
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
--->
-<BODY>
-When Manage NTP Service States is in the Authorizations Include
-column, it grants the authorization to enable, disable, or restart the
-ndmpd daemon.
-<p>
-If Manage NTP Service States is grayed, then you are not entitled to
-Add or Remove this authorization.
-<BR>
-</BODY>
-</HTML>
--- a/components/ntp/Solaris/SmfValueNTP.html Mon Jun 15 23:00:30 2015 -0700
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-<HTML>
-<!--
- CDDL HEADER START
-
- The contents of this file are subject to the terms of the
- Common Development and Distribution License (the "License").
- You may not use this file except in compliance with the License.
-
- You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- or http://www.opensolaris.org/os/licensing.
- See the License for the specific language governing permissions
- and limitations under the License.
-
- When distributing Covered Code, include this CDDL HEADER in each
- file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- If applicable, add the following below this CDDL HEADER, with the
- fields enclosed by brackets "[]" replaced with your own identifying
- information: Portions Copyright [yyyy] [name of copyright owner]
-
- CDDL HEADER END
-
- Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
--->
-<!--
- <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
--->
-<BODY>
-When <em>Value NTP Properties</em> is in the Authorizations Included
-column, it grants the authorization to change NTP service property values.
-<P>
-If <em>Value NTP Properties</em> is grayed, then you are not entitled to
-Add or Remove this authorization.
-<BR>
-</BODY>
-</HTML>
--- a/components/ntp/Solaris/auth_attr Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/Solaris/auth_attr Mon Jun 15 17:59:44 2015 -0700
@@ -1,2 +1,2 @@
-solaris.smf.manage.ntp:::Manage NTP service states::help=SmfNTPStates.html
-solaris.smf.value.ntp:::Change NTP value properties::help=SmfValueNTP.html
+solaris.smf.manage.ntp:RO::Manage NTP service states::
+solaris.smf.value.ntp:RO::Change NTP value properties::
--- a/components/ntp/Solaris/ntp.sh Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/Solaris/ntp.sh Mon Jun 15 17:59:44 2015 -0700
@@ -21,7 +21,7 @@
#
#
-# Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
#
# Standard prolog
@@ -52,7 +52,7 @@
shift $#
set -- -p /var/run/ntp.pid
# We allow a step larger than the panic value of 17 minutes only
-# once when ntpd starts up. If always_all_large_step is true,
+# once when ntpd starts up. If always_allow_large_step is true,
# then we allow this each time ntpd starts. Otherwise, we allow
# it only the very first time ntpd starts after a boot. We
# check that by making ntpd write its pid to a file in /var/run.
@@ -86,18 +86,31 @@
# We used to support the slewalways keyword, but that was a Sun thing
# and not in V4. Look for "slewalways yes" and set the new slew option.
-val=`svcprop -c -p config/slew_always $SMF_FMRI`
-if [ ! "$val" = "true" ]; then
- val=`/usr/bin/nawk '/^[ \t]*#/{next}
+slew_always=`svcprop -c -p config/slew_always $SMF_FMRI`
+if [ ! "$slew_always" = "true" ]; then
+ slew_always=`/usr/bin/nawk '/^[ \t]*#/{next}
/^[ \t]*slewalways[ \t]+yes/ {
printf("true", $2)
next } ' /etc/inet/ntp.conf`
fi
-[ "$val" = "true" ] && set -- "$@" --slew
+[ "$slew_always" = "true" ] && set -- "$@" --slew
# Set up debugging.
deb=`svcprop -c -p config/debuglevel $SMF_FMRI`
+# If slew_always is set to true, then the large offset after a reboot
+# might take a very long time to correct the clock. Optionally allow
+# a step once after a reboot if slew_always is set when allow_step_at_boot
+# is also set. Unfortunately ntpd in ntpdate mode is a little too
+# chatty, so direct the log to /dev/null. And since the offset might be
+# more than 17 minutes, allow larger steps with the "-g".
+#
+val=`svcprop -c -p config/allow_step_at_boot $SMF_FMRI`
+if [ "$val" = "true" ] && [ "$slew_always" = "true" ] && \
+ [ ! -f /var/run/ntp.pid ]; then
+ /usr/lib/inet/ntpd -q -l /dev/null -g
+fi
+
# Start the daemon. If debugging is requested, put it in the background,
# since it won't do it on it's own.
if [ "$deb" -gt 0 ]; then
--- a/components/ntp/Solaris/ntp.xml Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/Solaris/ntp.xml Mon Jun 15 17:59:44 2015 -0700
@@ -20,7 +20,7 @@
CDDL HEADER END
- Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
NOTE: This service manifest is not editable; its contents will
be overwritten by package or patch operations, including
@@ -35,7 +35,7 @@
type='service'
version='1'>
<single_instance />
- <dependency
+ <dependency
name='network'
grouping='require_any'
restart_on='error'
@@ -112,53 +112,58 @@
<instance name="default" enabled="false">
<property_group name='config' type='application' >
<!-- default property settings for ntpd(1M). -->
-
+
<propval
name='wait_for_sync'
type='boolean'
value='false' />
-
+
<propval
name='no_auth_required'
type='boolean'
value='false' />
-
+
<propval
name='verbose_logging'
type='boolean'
value='false' />
-
+
<propval
name='slew_always'
type='boolean'
value='false' />
-
+
+ <propval
+ name='allow_step_at_boot'
+ type='boolean'
+ value='true' />
+
<propval
name='always_allow_large_step'
type='boolean'
value='true' />
-
+
<propval
name='logfile'
type='astring'
value='/var/ntp/ntp.log' />
-
+
<propval
name='debuglevel'
type='integer'
value='0' />
-
+
<propval
name='mdnsregister'
type='boolean'
value='false' />
-
+
<!-- to change properties -->
<propval
name='value_authorization'
type='astring'
value='solaris.smf.value.ntp' />
-
+
</property_group>
</instance>
<stability value='Unstable' />
--- a/components/ntp/Solaris/prof_attr Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/Solaris/prof_attr Mon Jun 15 17:59:44 2015 -0700
@@ -1,1 +1,1 @@
-NTP Management:RO::Manage the NTP service:auths=solaris.smf.manage.ntp,solaris.smf.value.ntp
+NTP Management:RO::Manage the NTP service:auths=solaris.smf.manage.ntp,solaris.smf.value.ntp,solaris.admin.edit/etc/inet/ntp.conf
--- a/components/ntp/manpages/ntpd.1m Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/manpages/ntpd.1m Mon Jun 15 17:59:44 2015 -0700
@@ -18,7 +18,7 @@
.\"
.\" CDDL HEADER END
.\"
-.\" Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
+.\" Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
.\"
.TH "ntpd" "1M" "" "" "System Administration Commands"
.SH NAME
@@ -283,6 +283,13 @@
does not prevent all stepping, but increases the threshold above which stepping is used. It also disables the use
of the kernel \fBNTP\fP facility, which is incompatible with long slew times. The default is false.
.TP
+.BR config/allow_step_at_boot
+A boolean which when true, allows ntpd to step the clock once at boot, even if slew_always is true. Normally
+when slew_always is true ntpd will not step the clock except for very large offsets. Since the intial offset
+when the system is booted could be large and no applications will be running yet, this option allows one step
+as soon as the offset is determined. If slew_always is false or if the \fBNTP\fP service is being restarted, then
+this option has no effect. The default is true.
+.TP
.BR config/wait_for_sync
A boolean which when true, causes the \fBNTP\fP service to delay coming completely on-line until after the first
time the system clock is synchronized. This can potetially delay the system start up by a significant amount. The
--- a/components/ntp/ntp.p5m Mon Jun 15 23:00:30 2015 -0700
+++ b/components/ntp/ntp.p5m Mon Jun 15 17:59:44 2015 -0700
@@ -42,12 +42,8 @@
file Solaris/prof_attr path=etc/security/prof_attr.d/ntp
file Solaris/ntp.xml path=lib/svc/manifest/network/ntp.xml
file Solaris/ntp.sh path=lib/svc/method/ntp
-file Solaris/RtNTPMngmnt.html path=usr/lib/help/auths/locale/C/RtNTPMngmnt.html
-file Solaris/SmfNTPStates.html \
- path=usr/lib/help/auths/locale/C/SmfNTPStates.html
-file Solaris/SmfValueNTP.html path=usr/lib/help/auths/locale/C/SmfValueNTP.html
file path=usr/lib/inet/ntp-wait
-file path=usr/lib/inet/ntpd
+file path=usr/lib/inet/ntpd restart_fmri=svc:/network/ntp:default
file path=usr/sbin/ntp-keygen
file path=usr/sbin/ntpdate
file path=usr/sbin/ntpdc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/ntp/patches/40-norefresh.patch Mon Jun 15 17:59:44 2015 -0700
@@ -0,0 +1,22 @@
+Don't change interfaces unless there is something wrong with the old one.
+This is NTP bug [2043] and this patch should be removed after upgrading to
+a version of NTP with a fix for that bug.
+
+--- ntpd/ntp_peer.c
++++ ntpd/ntp_peer.c
+@@ -718,9 +718,13 @@
+ /*
+ * this is called when the interface list has changed
+ * give all peers a chance to find a better interface
++ * but only if either they don't have an address already
++ * or if the one they have hasn't worked for a while.
+ */
+- for (p = peer_list; p != NULL; p = p->p_link)
+- peer_refresh_interface(p);
++ for (p = peer_list; p != NULL; p = p->p_link) {
++ if (!(p->dstadr && (p->reach & 0x3)))
++ peer_refresh_interface(p);
++ }
+ }
+
+