[ntp]: build ntp with various fixes (#6037)

- NTP Bug 1970 (UNLINK_EXPR_SLIST empty list) Fix - ENOBUFS log message level set to WARN - Fix audit message seen on console apparmor - add force-confold option when install ntp Signed-off-by: Guohan Lu <lguohan@gmail.com> Co-authored-by: Prabhu Sreenivasan <prabhu.sreenivasan@broadcom>
2020-12-02 15:02:50 -08:00 · 2020-12-02 15:02:50 -08:00 · 4812953468
commit 4812953468
parent c59975c7da
12 changed files with 149 additions and 1 deletions
--- a/build_debian.sh
+++ b/build_debian.sh
@ -271,7 +271,6 @@ sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y in
    vim                     \
    tcpdump                 \
    dbus                    \
-    ntp                     \
    ntpstat                 \
    openssh-server          \
    python                  \
@ -445,6 +444,7 @@ if [ -f files/image_config/ntp/ntp ]; then
 fi

 if [ -f files/image_config/ntp/ntp-systemd-wrapper ]; then
+    sudo mkdir -p $FILESYSTEM_ROOT/usr/lib/ntp/
    sudo cp ./files/image_config/ntp/ntp-systemd-wrapper $FILESYSTEM_ROOT/usr/lib/ntp/
 fi

--- a/files/build_templates/sonic_debian_extension.j2
+++ b/files/build_templates/sonic_debian_extension.j2
@ -90,6 +90,11 @@ sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/ifupdown2_*.deb || \
 sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/iptables_*.deb || \
    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install -f

+# Install a more recent version of ntp  (and its dependencies via 'apt-get -y install -f')
+sudo dpkg --root=$FILESYSTEM_ROOT --force-confdef --force-confold -i $debs_path/ntp_*.deb || \
+    sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y \
+    -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -f
+
 # Install dependencies for SONiC config engine
 sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install \
    python-dev     \
--- a/rules/ntp.dep
+++ b/rules/ntp.dep
@ -0,0 +1,10 @@
+
+SPATH       := $($(NTP)_SRC_PATH)
+DEP_FILES   := $(SONIC_COMMON_FILES_LIST) rules/ntp.mk rules/ntp.dep   
+DEP_FILES   += $(SONIC_COMMON_BASE_FILES_LIST)
+DEP_FILES   += $(shell git ls-files $(SPATH))
+
+$(NTP)_CACHE_MODE  := GIT_CONTENT_SHA 
+$(NTP)_DEP_FLAGS   := $(SONIC_COMMON_FLAGS_LIST)
+$(NTP)_DEP_FILES   := $(DEP_FILES)
+
--- a/rules/ntp.mk
+++ b/rules/ntp.mk
@ -0,0 +1,11 @@
+# ntp package
+
+NTP_VERSION = 4.2.8p12+dfsg
+export NTP_VERSION
+
+NTP = ntp_$(NTP_VERSION)-4+deb10u2_amd64.deb
+$(NTP)_SRC_PATH = $(SRC_PATH)/ntp
+SONIC_MAKE_DEBS += $(NTP)
+SONIC_STRETCH_DEBS += $(NTP)
+
+export NTP
--- a/slave.mk
+++ b/slave.mk
@ -813,6 +813,7 @@ $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
                $(PYTHON_CLICK) \
                $(IFUPDOWN2) \
                $(KDUMP_TOOLS) \
+                $(NTP) \
                $(LIBPAM_TACPLUS) \
                $(LIBNSS_TACPLUS) \
                $(MONIT) \
--- a/sonic-slave-buster/Dockerfile.j2
+++ b/sonic-slave-buster/Dockerfile.j2
@ -275,6 +275,11 @@ RUN apt-get update && apt-get install -y \
        qemu-kvm \
        libvirt-clients \
 {%- endif %}
+# For ntp
+        autogen \
+        libopts25-dev \
+        pps-tools \
+        dh-apparmor \
 # For lm-sensors
        librrd8 \
        librrd-dev \
--- a/src/ntp/.gitignore
+++ b/src/ntp/.gitignore
@ -0,0 +1,5 @@
+*+dfsg
+*.buildinfo
+*.changes
+*.xz
+*.deb
--- a/src/ntp/Makefile
+++ b/src/ntp/Makefile
@ -0,0 +1,48 @@
+.ONESHELL:
+SHELL = /bin/bash
+.SHELLFLAGS += -e
+
+MAIN_TARGET = $(NTP)
+
+$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
+	# Remove any stale files
+	rm -rf ./ntp-$(NTP_VERSION) ./ntp_$(NTP_VERSION).orig.tar.xz ./ntp_$(NTP_VERSION)-4.debian.tar.xz
+
+	# Get ntp release, debian files
+	wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION).orig.tar.xz
+	wget http://deb.debian.org/debian/pool/main/n/ntp/ntp_$(NTP_VERSION)-4.debian.tar.xz
+
+	# UnTar ntp release
+	xzcat ntp_$(NTP_VERSION).orig.tar.xz | tar -xvf -
+
+	pushd ./ntp-4.2.8p12
+
+	# UnTar debian files
+	xzcat ../ntp_$(NTP_VERSION)-4.debian.tar.xz | tar -xvf -
+
+	# Add the additional patch
+	cp ../patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch debian/patches/
+	cp ../patch/update_ENOBUFS_log_level.patch debian/patches/
+	cat ../patch/series  >> debian/patches/series
+
+	# Update the changelog
+	cat ../patch/changelog debian/changelog > debian/changelog.new
+	rm debian/changelog ;  mv debian/changelog.new debian/changelog
+
+	# The debian mirror build likely took place on a system without
+	# libevent installed, thus adding the below for SONiC
+	sed -i 's/--with-locfile=legacy/--with-locfile=legacy --enable-local-libevent/' debian/rules
+
+	# Fix the apparmor profile to avoid the following message
+	# "Failed name lookup - disconnected path"
+	# and go into learning mode.
+	sed -i 's/\/usr\/sbin\/ntpd {/\/usr\/sbin\/ntpd flags=(attach_disconnected complain) {/' debian/apparmor-profile
+
+	# Build source and Debian packages with the symbols
+	dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS)
+
+	popd
+
+	# Move the newly-built .deb packages to the destination directory
+	mv $* $(DEST)/
+
--- a/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch
+++ b/src/ntp/patch/bug1970-UNLINK_EXPR_SLIST_empty_list.patch
@ -0,0 +1,26 @@
+Bug 1970 UNLINK_EXPR_SLIST() causes crash if list is empty
+
+From: Arun Barboza <arun.barboza@broadcom.com>
+
+
+---
+ include/ntp_lists.h |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/include/ntp_lists.h b/include/ntp_lists.h
+index d741974..f90bf23 100644
+--- a/include/ntp_lists.h
+++ b/include/ntp_lists.h
+@@ -184,7 +184,11 @@ do {								\
+ do {								\
+ 	entrytype **ppentry;					\
+ 								\
+-	ppentry = &(listhead);					\
+	if (!listhead) {					\
+		(punlinked) = NULL;				\
+		break;						\
+	}							\
+	else ppentry = &(listhead);				\
+ 								\
+ 	while (!(expr))						\
+ 		if (*ppentry != NULL &&				\
--- a/src/ntp/patch/changelog
+++ b/src/ntp/patch/changelog
@ -0,0 +1,12 @@
+ntp (1:4.2.8p12+dfsg-4+deb10u2) stretch; urgency=medium
+
+  * Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING.
+
+ -- Arun Barboza <arun.barboza@broadcom.com>  Mon, 09 Sep 2019 10:15:35 -0700
+
+ntp (1:4.2.8p12+dfsg-4+deb10u1) stretch; urgency=medium
+
+  * Apply Bug1970 fix for UNLINK_EXPR_SLIST_empty_list from dev branch.
+
+ -- Arun Barboza <arun.barboza@broadcom.com>  Tue, 25 Jun 2019 14:35:24 -0700
+
--- a/src/ntp/patch/series
+++ b/src/ntp/patch/series
@ -0,0 +1,3 @@
+# This series applies on GIT commit d09f041a49c61971f59fc29f505446c63aea51b1
+bug1970-UNLINK_EXPR_SLIST_empty_list.patch
+update_ENOBUFS_log_level.patch
--- a/src/ntp/patch/update_ENOBUFS_log_level.patch
+++ b/src/ntp/patch/update_ENOBUFS_log_level.patch
@ -0,0 +1,22 @@
+Adjust the ENOBUFS syslog level on the Netlink routing to LOG_WARNING.
+
+From: Arun Barboza <arun.barboza@broadcom.com>
+
+
+---
+ ntpd/ntp_io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: b/ntpd/ntp_io.c
+===================================================================
+--- a/ntpd/ntp_io.c
+++ b/ntpd/ntp_io.c
+@@ -4709,7 +4709,7 @@ process_routing_msgs(struct asyncio_read
+ 
+ 	if (cnt < 0) {
+ 		if (errno == ENOBUFS) {
+-			msyslog(LOG_ERR,
+			msyslog(LOG_WARNING,
+ 				"routing socket reports: %m");
+ 		} else {
+ 			msyslog(LOG_ERR,