[Git][NTPsec/ntpsec][master] 3 commits: Expand required libs
Hal Murray
gitlab at mg.gitlab.com
Fri Jan 25 04:03:59 UTC 2019
Hal Murray pushed to branch master at NTPsec / ntpsec
Commits:
55a330c9 by Hal Murray at 2019-01-24T10:18:10Z
Expand required libs
- - - - -
bce60a1d by Hal Murray at 2019-01-24T10:18:48Z
Remove --disable-dns-lookup
- - - - -
024ea85e by Hal Murray at 2019-01-25T04:02:35Z
Minor cleanup on errno and %m in ntp_dns.c
- - - - -
12 changed files:
- INSTALL
- libntp/ntp_dns.c
- ntpd/ntp_config.c
- ntpd/ntp_io.c
- ntpd/ntp_proto.c
- ntpd/ntp_sandbox.c
- ntpd/ntpd.c
- tests/option-tester.sh
- tests/python3-tester.sh
- wafhelpers/check_pthread.py
- wafhelpers/options.py
- wscript
Changes:
=====================================
INSTALL
=====================================
@@ -16,6 +16,11 @@ https://docs.ntpsec.org/latest/ntpsec.html
There are some prerequisites. Libraries need the binary installed
to run and in addition, the development headers installed to build.
+We need pthreads (It's optional in POSIX)
+We need OpenSSL >= 1.1.1 ???
+We need libaes_siv - it's not in OpenSSL yet
+ https://github.com/dfoxfranke/libaes_siv
+
=== The short version ===
If you are on a Debian or Ubuntu distribution that uses apt-get, or on
=====================================
libntp/ntp_dns.c
=====================================
@@ -7,8 +7,6 @@
#include "config.h"
-#ifdef ENABLE_DNS_LOOKUP
-
#include <signal.h>
#include <pthread.h>
#include <sys/types.h>
@@ -73,9 +71,9 @@ bool dns_probe(struct peer* pp)
pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask);
rc = pthread_create(&worker, NULL, dns_lookup, pp);
if (rc) {
- errno = rc;
- msyslog(LOG_ERR, "DNS: dns_probe: error from pthread_create: %s, %m", pp->hostname);
- return true; /* don't try again */
+ msyslog(LOG_ERR, "DNS: dns_probe: error from pthread_create: %s, %s",
+ pp->hostname, strerror(rc));
+ return true; /* don't try again */
}
pthread_sigmask(SIG_SETMASK, &saved_sig_mask, NULL);
@@ -93,7 +91,7 @@ void dns_check(void)
rc = pthread_join(worker, NULL);
if (0 != rc) {
- msyslog(LOG_ERR, "DNS: dns_check: join failed %m");
+ msyslog(LOG_ERR, "DNS: dns_check: join failed %s", strerror(rc));
return; /* leaves active set */
}
if (0 != gai_rc) {
@@ -170,7 +168,3 @@ static void* dns_lookup(void* arg)
return (void *)NULL;
};
-
-
-#endif /* ENABLE_DNS_LOOKUP */
-
=====================================
ntpd/ntp_config.c
=====================================
@@ -2572,13 +2572,6 @@ peer_config(
uint8_t cast_flags;
uint8_t hmode;
-#ifndef ENABLE_DNS_LOOKUP
- if (NULL != hostname) {
- msyslog(LOG_ERR, "CONFIG: hostnames need DNS lookup: %s", hostname);
- return NULL;
- }
-#endif
-
/*
* We do a dirty little jig to figure the cast flags. This is
* probably not the best place to do this, at least until the
=====================================
ntpd/ntp_io.c
=====================================
@@ -1253,12 +1253,10 @@ interface_update(
if (!new_interface_found)
return;
-#ifdef ENABLE_DNS_LOOKUP
#ifdef DEBUG
msyslog(LOG_DEBUG, "IO: new interface(s) found: waking up resolver");
#endif
dns_new_interface();
-#endif
}
@@ -2257,11 +2255,7 @@ io_handler(void)
* time. select() will terminate on SIGALARM or on the
* reception of input.
*/
-#ifdef ENABLE_DNS_LOOKUP
pthread_sigmask(SIG_BLOCK, &blockMask, &runMask);
-#else
- sigprocmask(SIG_BLOCK, &blockMask, &runMask);
-#endif
flag = sig_flags.sawALRM || sig_flags.sawQuit || sig_flags.sawHUP || \
sig_flags.sawDNS;
if (!flag) {
@@ -2271,11 +2265,8 @@ io_handler(void)
nfound = -1;
errno = EINTR;
}
-#ifdef ENABLE_DNS_LOOKUP
pthread_sigmask(SIG_SETMASK, &runMask, NULL);
-#else
sigprocmask(SIG_SETMASK, &runMask, NULL);
-#endif
if (nfound > 0) {
input_handler(&rdfdes);
=====================================
ntpd/ntp_proto.c
=====================================
@@ -805,7 +805,6 @@ transmit(
* This was observed testing with pool, where sys_maxclock == 12
* resulted in 60 associations without the hard limit.
*/
-#ifdef ENABLE_DNS_LOOKUP
if (peer->cast_flags & MDF_POOL) {
peer->outdate = current_time;
if ((peer_associations <= 2 * sys_maxclock) &&
@@ -823,7 +822,6 @@ transmit(
poll_update(peer, hpoll);
return;
}
-#endif
/*
* In unicast modes the dance is much more intricate. It is
@@ -2297,7 +2295,6 @@ fast_xmit(
}
-#ifdef ENABLE_DNS_LOOKUP
/*
* dns_take_server - process DNS query for server.
*/
@@ -2458,8 +2455,6 @@ void dns_new_interface(void) {
}
}
-#endif /* ENABLE_DNS_LOOKUP */
-
/*
=====================================
ntpd/ntp_sandbox.c
=====================================
@@ -290,12 +290,6 @@ int scmp_sc[] = {
* these from the list.
*/
-#ifndef ENABLE_DNS_LOOKUP
- /* libcrypto uses pthread_once() */
- /* We could avoid this by calling ssl_init() first. */
- SCMP_SYS(futex), /* sem_xxx, used by threads */
-#endif
-
SCMP_SYS(getdents), /* Scanning /etc/ntp.d/ */
SCMP_SYS(getdents64),
#ifdef __NR_prlimit64
@@ -317,6 +311,7 @@ int scmp_sc[] = {
SCMP_SYS(fcntl),
SCMP_SYS(fstat),
SCMP_SYS(fsync),
+ SCMP_SYS(futex), /* sem_xxx, used by threads */
#ifdef __NR_getrandom
@@ -382,7 +377,6 @@ int scmp_sc[] = {
SCMP_SYS(write),
SCMP_SYS(unlink),
-#ifdef ENABLE_DNS_LOOKUP
/* Don't comment out this block for testing.
* pthread_create blocks signals so it will crash
* rather than generate a trap.
@@ -396,11 +390,6 @@ int scmp_sc[] = {
SCMP_SYS(socketpair),
SCMP_SYS(statfs),
SCMP_SYS(uname),
-#endif
-/* This shouldn't be needed if we don't use DNS, but
- * several libraries call pthread_once, just in case.
- */
- SCMP_SYS(futex), /* sem_xxx, used by threads */
#ifdef REFCLOCK
=====================================
ntpd/ntpd.c
=====================================
@@ -13,9 +13,7 @@
#include "ntp_syslog.h"
#include "ntp_assert.h"
#include "ntp_auth.h"
-#ifdef ENABLE_DNS_LOOKUP
#include "ntp_dns.h"
-#endif
#include "isc_error.h"
#include <unistd.h>
@@ -92,9 +90,7 @@ static int wait_child_sync_if (int, long);
#endif
static void catchHUP (int);
-#ifdef ENABLE_DNS_LOOKUP
static void catchDNS (int);
-#endif
# ifdef DEBUG
static void moredebug (int);
@@ -641,9 +637,7 @@ ntpdmain(
signal_no_reset(SIGTERM, catchQuit);
signal_no_reset(SIGHUP, catchHUP);
signal_no_reset(SIGBUS, catchQuit); /* FIXME: It's broken, can't continue. */
-#ifdef ENABLE_DNS_LOOKUP
signal_no_reset(SIGDNS, catchDNS);
-#endif
# ifdef DEBUG
signal_no_reset(MOREDEBUGSIG, moredebug);
@@ -940,12 +934,10 @@ static void mainloop(void)
timer();
}
-#ifdef ENABLE_DNS_LOOKUP
if (sig_flags.sawDNS) {
sig_flags.sawDNS = false;
dns_check();
}
-#endif
/*
* Check files
@@ -1031,16 +1023,14 @@ static void catchHUP(int sig)
sig_flags.sawHUP = true;
}
-#ifdef ENABLE_DNS_LOOKUP
/*
- * catchDNS - set flag to process answer DNS lookup
+ * catchDNS - set flag to process answer from DNS lookup
*/
static void catchDNS(int sig)
{
UNUSED_ARG(sig);
sig_flags.sawDNS = true;
}
-#endif
/*
* wait_child_sync_if - implements parent side of -w/--wait-sync
=====================================
tests/option-tester.sh
=====================================
@@ -54,7 +54,7 @@ doit ()
# no --disable-manpage on default and all
doit default ""
-doit minimal "--disable-droproot --disable-dns-lookup --disable-mdns-registration --disable-manpage"
+doit minimal "--disable-droproot --disable-mdns-registration --disable-manpage"
# This also tests refclocks without DEBUG
doit classic "--enable-classic-mode --refclock=all --disable-manpage"
=====================================
tests/python3-tester.sh
=====================================
@@ -51,7 +51,7 @@ doit ()
# Build with only one set of options. The options don't change
# the Python side of things.
-doit python3 "--disable-droproot --disable-dns-lookup --disable-mdns-registration --disable-manpage"
+doit python3 "--disable-droproot --disable-mdns-registration --disable-manpage"
grep warning: test*/test.log
=====================================
wafhelpers/check_pthread.py
=====================================
@@ -13,15 +13,13 @@ int main(void) {
def check_pthread_header_lib(ctx):
- if ctx.options.disable_dns_lookup:
- # threads only used by DNS lookup
- # libcrypto uses pthread_once, but that's not our problem
- return
ctx.check(header_name="pthread.h", includes=ctx.env.PLATFORM_INCLUDES,
mandatory=False, comment="pthread header")
ctx.check(feature="c cshlib", lib="pthread",
libpath=ctx.env.PLATFORM_LIBPATH, mandatory=False,
comment="pthread library")
+ # FreeBSD uses libthr rather than libpthread
+ # There may be some magic to translate
ctx.check_cc(lib="thr", mandatory=False,
comment="thr library, required by some operating systems.")
=====================================
wafhelpers/options.py
=====================================
@@ -19,8 +19,6 @@ def options_cmd(ctx, config):
help="Droproot earlier (breaks SHM and NetBSD).")
grp.add_option('--enable-seccomp', action='store_true',
default=False, help="Enable seccomp (restricts syscalls).")
- grp.add_option('--disable-dns-lookup', action='store_true',
- default=False, help="Disable DNS lookups.")
grp.add_option('--disable-mdns-registration', action='store_true',
default=False, help="Disable MDNS registration.")
grp.add_option(
=====================================
wscript
=====================================
@@ -748,10 +748,6 @@ int main(int argc, char **argv) {
ctx.define("ENABLE_EARLY_DROPROOT", 1,
comment="Enable early drop root")
- if not ctx.options.disable_dns_lookup:
- ctx.define("ENABLE_DNS_LOOKUP", 1,
- comment="Enable DNS lookup of hostnames")
-
# This is true under every Unix-like OS.
ctx.define("HAVE_WORKING_FORK", 1,
comment="Whether a working fork() exists")
@@ -813,9 +809,8 @@ int main(int argc, char **argv) {
ctx.check_cc(header_name="dns_sd.h", lib="dns_sd", mandatory=False,
uselib_store="DNS_SD")
- if not ctx.options.disable_dns_lookup:
- from wafhelpers.check_pthread import check_pthread_run
- check_pthread_run(ctx)
+ from wafhelpers.check_pthread import check_pthread_run
+ check_pthread_run(ctx)
# Solaris needs -lsocket and -lnsl for socket code
if ctx.env.DEST_OS == "sunos":
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/0b6fcc735b68bb8603d8a3d47d6e93c49d908ff4...024ea85ecdc91d5c630c4062a5117218455d6bff
--
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/compare/0b6fcc735b68bb8603d8a3d47d6e93c49d908ff4...024ea85ecdc91d5c630c4062a5117218455d6bff
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20190125/9660883b/attachment-0001.html>
More information about the vc
mailing list