NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6e0826d067
kumquat-buildroot/package/ntpsec/ntpd.etc.conf
Peter Seiderer 27b8d0ba8c package/ntpsec: new package 
- set 'CC="$(HOSTCC)"' to avoid cross-compile failure (see [1]):

  /bin/sh: line 1: .../build/ntpsec-1_2_0/build/host/ntpd/keyword-gen: cannot execute binary file: Exec format error

  Waf: Leaving directory `.../build/ntpsec-1_2_0/build/host'
  Build failed
   -> task in 'ntp_keyword.h' failed with exit status 126 (run with -v to display more information)

- set '-std=gnu99"' to avoid compile failure with old compilers

- explicitly set PYTHON_CONFIG

- add patch 001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch to
  fix ntptime jfmt5/ofmt5 jfmt6/ofmt6 related compile failure

- add patch 0002-wscript-remove-checks-for-bsd-string.h-fixes-host-co.patch to
  fix host-compile failure in case target libbsd is detected

- add SYSV init file (S49ntp)

- add example ntpd.conf (with legacy option enabled and provide skeleton
  for NTS configuration)

- add config option for NTS support

- add ntp user/group and run ntpd as restricted user

- add libcap dependency (compile time optional but needed for droproot
  support)

[1] https://gitlab.com/NTPsec/ntpsec/-/issues/694

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
[Thomas: S49ntp -> S49ntpd]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2022-07-23 11:06:56 +02:00

34 lines
1.0 KiB
Plaintext
Raw Blame History

#
# legacy NTP configuration
#
pool 0.pool.ntp.org iburst
pool 1.pool.ntp.org iburst
pool 2.pool.ntp.org iburst
pool 3.pool.ntp.org iburst
#
# NTS configuration
#
# Notes:
# - uncomment the following lines to enable NTS support (but
# make sure the initial clock is up-to-date (otherwise the
# NTS certificate validation will fail with 'NTSc: certificate invalid:
# 9=>certificate is not yet valid' as on boards without RTC support)
# and/or keep at least one line from the legacy NTP lines
# - enable BR2_PACKAGE_CA_CERTIFICATES to gain access to the certificate
# files
#
# server time.cloudflare.com nts # Global, anycast
# server nts.ntp.se:4443 nts # Sweden
# server ntpmon.dcs1.biz nts # Singapore
# server ntp1.glypnod.com nts # San Francisco
# server ntp2.glypnod.com nts # London
#
# ca /usr/share/ca-certificates/mozilla
# Allow only time queries, at a limited rate, sending KoD when in excess.
# Allow all local queries (IPv4, IPv6)
restrict default nomodify nopeer noquery limited kod
restrict 127.0.0.1
restrict [::1]
Reference in New Issue View Git Blame Copy Permalink