From patchwork Thu Oct 28 21:01:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Seiderer X-Patchwork-Id: 1547680 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=hUHJdB+d; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=uclibc-ng.org (client-ip=89.238.66.15; helo=helium.openadk.org; envelope-from=devel-bounces@uclibc-ng.org; receiver=) Received: from helium.openadk.org (helium.openadk.org [89.238.66.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HgJ716bSLz9sRN for ; Fri, 29 Oct 2021 08:07:55 +1100 (AEDT) Received: from helium.openadk.org (localhost [IPv6:::1]) by helium.openadk.org (Postfix) with ESMTP id 539E131E0730; Thu, 28 Oct 2021 23:07:47 +0200 (CEST) X-Greylist: delayed 307 seconds by postgrey-1.36 at helium; Thu, 28 Oct 2021 23:06:42 CEST Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) by helium.openadk.org (Postfix) with ESMTPS id 6F2E931E054D for ; Thu, 28 Oct 2021 23:06:42 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1635455200; bh=huy2FYAfe1anjEzqbpcUcLvBGvGL667ejKqd3tVPmrM=; h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References; b=hUHJdB+dOe34iTIZ9tYn0B6pJgiF/MfQWTp4Hi3F5f3RqpbHnVXlqCecHUNfgEt1p f1lOCqLW7eMne3XxdMJU5oBi7tl6I1c8cNvTyaSNCnWrPYaJMcfkoV7zWPegjZcjoo 0v2wiQMLreOIcR0dS4ZSoNu+p7gvEOvKgKlBrwIo= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from localhost ([62.216.209.38]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1MKKUp-1mMjKc06gB-00LjU8; Thu, 28 Oct 2021 23:01:33 +0200 Date: Thu, 28 Oct 2021 23:01:31 +0200 From: Peter Seiderer To: buildroot@buildroot.org Message-ID: <20211028230131.5f50d6e7@gmx.net> In-Reply-To: <20211025212541.12280-1-ps.report@gmx.net> References: <20211025212541.12280-1-ps.report@gmx.net> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.30; x86_64-suse-linux-gnu) MIME-Version: 1.0 X-Provags-ID: V03:K1:X3l+iXb19VxuRKD5vFPGPkqMu1CmhWiLGsTLdgW0yQOcXJaEGTE bWsFoeNPYWxAkuzt9n5WxqcEW0TjLUxtpkXYWZz1Qb8jSJnE0C8pu+75qAf5nwQbIRMcHvt iCbOumelSFlUePrW1oV4iwjgCM6ueN/CR0GTri22gqhCrHlPGyOBq9jZEzRjVm01YXfqurw IE4Eesx9PWOF+M+gQNpdA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:lmLIdg13vik=:R5s+njVsY5NnGwFIy69ScJ cu+f9Py9Aq+uJ4SaiFMjiaoytavBQ/2xG3mGtza9KM6S2yRF2SGGW94rIqWTNMuNDl/Goi/fZ 6y2k7k5oKImJ19NnhXWuUOiMracefIe6NJrFLKoV9SDq5ZLWoGmowJhgGDsJN/iSqOzzC1Sar i2/qvJ42O8BrcvACohRbjzDmIIBJEKbjFYhJzlgRXbavOS7v/WSkVX5bRrCKfZ/+SWNYaYVw+ VyaNAZWhSSqXTqkRUHUfybWkU47DCkTMaGJv2zb+S6DXs8fb1OulRGaKVHnl2lPSAG1DRgSAd yYolx1kzZpMLFzgd3SWfzN7i0fNMwQA22SWFsHT8IKGwPp2OLMSp6E3JorMCjf/7H8STD/ic9 Za7U1JwaJ98djbe7VTVrbgkaFgvKyFDAOkOF/M5MPeBxtuaZIx9rc9fB0uZjnABYsRsf03kjd DjH+qqqTngGpGRcQ8sCpZC5tvRxBgx9qOj59FpcSASBqAN/BhdL0zORhRpD4sjjPxMSkQKM0N 9G/YvCAMtTyPGfGAMyhP1ARIfEHeC5oYR3rSwCaLJ096pJpjKKTgA+S42YHJPQt9DS3LiB6VH T8wuBmkr2cKJ8dxpKhDmk5UWwersE0t4o0InL0b23UVKqXr5z6YxHPcsoXZDOu5TW1Tilr1u2 TtAT7c4PsoIHW76OboocYw02g1pNRS2nO1yehN6JLNBxoQb0yFqEl+buEEPSIffDXVZB7hyql JXo76gXG9AcOs2mBrl2bIssQD4rtVocTZnEwHQQZjD9YmeXyM2TZUBviFcS1E3UnPPQEvD4ZE VmwBSGIxnV262UApIGxaM9+xRYOA+hyW3PrwhxuRmxSIV4BIEn3tjYgqz5PindxpCPZ1aPQov rXAA7+xTDc6ccC29ji33dk+sEdBLra8rQwzU+/gpR9IW4QXw34QuGjDDOj8M6BDl/7i4+kPz5 UfG3lJBUoYQpSlSn+pvJ+W2iUQhBLupr7kbk8RnR3+Fg6guDhBP62Pd0uZh/5Yl5wmYsJIxMu kLGDDdujUDFyngikSZJeKTfBgg5lUr8ogecPZ97M20XDIGQcc2qb3mgAdBhliMnUQtVf5X3co Joh+0t3QMUOkEk= Message-ID-Hash: ZGPBQPQW2FLVD2QSEJYEU7NDHV2F76J3 X-Message-ID-Hash: ZGPBQPQW2FLVD2QSEJYEU7NDHV2F76J3 X-MailFrom: ps.report@gmx.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "Yann E . MORIN" , Waldemar Brodkorb , devel@uclibc-ng.org X-Mailman-Version: 3.3.3 Precedence: list Subject: [uclibc-ng-devel] Re: [Buildroot] [PATCH v1] package/ntpsec: new package List-Id: uClibc-ng Development List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Hello Waldemar, *, On Mon, 25 Oct 2021 23:25:41 +0200, Peter Seiderer wrote: > - set 'CC=gcc' to avoid cross-compile failure (see [1]): > > /bin/sh: line 1: .../build/ntpsec-1_2_0/build/host/ntpd/keyword-gen: cannot execute binary file: Exec format error > > Waf: Leaving directory `.../build/ntpsec-1_2_0/build/host' > Build failed > -> task in 'ntp_keyword.h' failed with exit status 126 (run with -v to display more information) > > - set '-std=gnu99"' to avoid compile failure with old compilers > > - explicit set PYTHON_CONFIG > > - add patch 001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch to > fix ntptime jfmt5/ofmt5 jfmt6/ofmt6 related compile failure > > - add SYSV init file (S49ntp) > > - add example ntpd.conf (with legacy option enabled and provide skeleton > for NTS configuration) > > - add config option for NTS support > > - depend on python3 (omit python2 to reduce test effort) > > - add ntp user/group and run ntpd as restricted user > > - add libcap dependency (compile time optional but needed for droproot > support) > > [1] https://gitlab.com/NTPsec/ntpsec/-/issues/694 > > Signed-off-by: Peter Seiderer > --- > DEVELOPERS | 1 + > package/Config.in | 1 + > ...5-ofmt5-jfmt6-ofmt6-related-compile-.patch | 61 ++++++++++++++++ > package/ntpsec/Config.in | 31 ++++++++ > package/ntpsec/S49ntp | 58 +++++++++++++++ > package/ntpsec/ntpd.etc.conf | 33 +++++++++ > package/ntpsec/ntpsec.hash | 4 ++ > package/ntpsec/ntpsec.mk | 71 +++++++++++++++++++ > 8 files changed, 260 insertions(+) > create mode 100644 package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch > create mode 100644 package/ntpsec/Config.in > create mode 100644 package/ntpsec/S49ntp > create mode 100644 package/ntpsec/ntpd.etc.conf > create mode 100644 package/ntpsec/ntpsec.hash > create mode 100644 package/ntpsec/ntpsec.mk > > diff --git a/DEVELOPERS b/DEVELOPERS > index 771519fd9b..593526e61f 100644 > --- a/DEVELOPERS > +++ b/DEVELOPERS > @@ -2167,6 +2167,7 @@ F: package/iwd/ > F: package/libevdev/ > F: package/libuev/ > F: package/log4cplus/ > +F: package/ntpsec/ > F: package/postgresql/ > F: package/python-colorzero/ > F: package/python-flask-wtf/ > diff --git a/package/Config.in b/package/Config.in > index d40eb9dabc..842e555342 100644 > --- a/package/Config.in > +++ b/package/Config.in > @@ -2256,6 +2256,7 @@ endif > source "package/nmap/Config.in" > source "package/noip/Config.in" > source "package/ntp/Config.in" > + source "package/ntpsec/Config.in" > source "package/nuttcp/Config.in" > source "package/odhcp6c/Config.in" > source "package/odhcploc/Config.in" > diff --git a/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch b/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch > new file mode 100644 > index 0000000000..c2838fe8e0 > --- /dev/null > +++ b/package/ntpsec/0001-ntptime-fix-jfmt5-ofmt5-jfmt6-ofmt6-related-compile-.patch > @@ -0,0 +1,61 @@ > +From 4015a1183d2f79dad6dd675ca5e0d329825f3fa3 Mon Sep 17 00:00:00 2001 > +From: Peter Seiderer > +Date: Mon, 4 Oct 2021 22:25:58 +0200 > +Subject: [PATCH] ntptime: fix jfmt5/ofmt5 jfmt6/ofmt6 related compile failure > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +Use same define guard for definiton as for usage ('HAVE_STRUCT_NTPTIMEVAL_TAI' > +instead of 'NTP_API && NTP_API > 3'). > + > +Fixes: > + > + ../../ntptime/ntptime.c: In function ‘main’: > + ../../ntptime/ntptime.c:349:17: error: ‘jfmt5’ undeclared (first use in this function); did you mean ‘jfmt6’? > + 349 | printf(json ? jfmt5 : ofmt5, (long)ntv.tai); > + | ^~~~~ > + | jfmt6 > + ../../ntptime/ntptime.c:349:17: note: each undeclared identifier is reported only once for each function it appears in > + ../../ntptime/ntptime.c:349:25: error: ‘ofmt5’ undeclared (first use in this function); did you mean ‘ofmt6’? > + 349 | printf(json ? jfmt5 : ofmt5, (long)ntv.tai); > + | ^~~~~ > + | ofmt6 > + ../../ntptime/ntptime.c:321:15: warning: unused variable ‘jfmt6’ [-Wunused-variable] > + 321 | const char *jfmt6 = ""; > + | ^~~~~ > + ../../ntptime/ntptime.c:311:15: warning: unused variable ‘ofmt6’ [-Wunused-variable] > + 311 | const char *ofmt6 = "\n"; > + | ^~~~~ > + > +[Upstream: https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1245] > +Signed-off-by: Peter Seiderer > +--- > + ntptime/ntptime.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/ntptime/ntptime.c b/ntptime/ntptime.c > +index ff861cb..5d58593 100644 > +--- a/ntptime/ntptime.c > ++++ b/ntptime/ntptime.c > +@@ -305,7 +305,7 @@ main( > + const char *ofmt2 = " time %s, (.%0*d),\n"; > + const char *ofmt3 = " maximum error %lu us, estimated error %lu us"; > + const char *ofmt4 = " ntptime=%x.%x unixtime=%x.%0*d %s"; > +-#if defined NTP_API && NTP_API > 3 > ++#if defined(HAVE_STRUCT_NTPTIMEVAL_TAI) > + const char *ofmt5 = ", TAI offset %ld\n"; > + #else > + const char *ofmt6 = "\n"; > +@@ -315,7 +315,7 @@ main( > + const char *jfmt2 = "\"time\":\"%s\",\"fractional-time\":\".%0*d\","; > + const char *jfmt3 = "\"maximum-error\":%lu,\"estimated-error\":%lu,"; > + const char *jfmt4 = "\"raw-ntp-time\":\"%x.%x\",\"raw-unix-time\":\"%x.%0*d %s\","; > +-#if defined NTP_API && NTP_API > 3 > ++#if defined(HAVE_STRUCT_NTPTIMEVAL_TAI) > + const char *jfmt5 = "\"TAI-offset\":%d,"; > + #else > + const char *jfmt6 = ""; > +-- > +2.33.0 > + > diff --git a/package/ntpsec/Config.in b/package/ntpsec/Config.in > new file mode 100644 > index 0000000000..7275533d26 > --- /dev/null > +++ b/package/ntpsec/Config.in > @@ -0,0 +1,31 @@ > +config BR2_PACKAGE_NTPSEC > + bool "ntpsec" > + depends on BR2_PACKAGE_PYTHON3 > + select BR2_PACKAGE_LIBCAP > + select BR2_PACKAGE_OPENSSL > + help > + NTPsec project - a secure, hardened, and improved > + implementation of Network Time Protocol derived > + from NTP Classic, Dave Mills’s original. > + > + Provides things like ntpd, ntpdate, ntpq, etc... > + > + https://www.ntpsec.org/ > + > +if BR2_PACKAGE_NTPSEC > + > +config BR2_PACKAGE_NTPSEC_CLASSIC_MODE > + bool "classic-mode" > + help > + Enable strict configuration and log-format compatibility > + with NTP Classic. > + > +config BR2_PACKAGE_NTPSEC_NTS > + bool "NTS support" > + help > + Enable Network Time Security (NTS) support. > + > +endif > + > +comment "ntpsec depens on Pyhton3" > + depends on !BR2_PACKAGE_PYTHON3 > diff --git a/package/ntpsec/S49ntp b/package/ntpsec/S49ntp > new file mode 100644 > index 0000000000..f3db51418e > --- /dev/null > +++ b/package/ntpsec/S49ntp > @@ -0,0 +1,58 @@ > +#!/bin/sh > +# > +# Starts Network Time Protocol daemon > +# > + > +DAEMON="ntpd" > +PIDFILE="/var/run/$DAEMON.pid" > + > +NTPD_ARGS="-g -u ntp:ntp -s /var/run/ntp" > + > +# shellcheck source=/dev/null > +[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON" > + > +mkdir -p /var/run/ntp && chown ntp:ntp /var/run/ntp > + > +start() { > + printf 'Starting %s: ' "$DAEMON" > + # shellcheck disable=SC2086 # we need the word splitting > + start-stop-daemon -S -q -p "$PIDFILE" -x "/usr/sbin/$DAEMON" \ > + -- $NTPD_ARGS -p "$PIDFILE" > + status=$? > + if [ "$status" -eq 0 ]; then > + echo "OK" > + else > + echo "FAIL" > + fi > + return "$status" > +} > + > +stop() { > + printf 'Stopping %s: ' "$DAEMON" > + start-stop-daemon -K -q -p "$PIDFILE" > + status=$? > + if [ "$status" -eq 0 ]; then > + rm -f "$PIDFILE" > + echo "OK" > + else > + echo "FAIL" > + fi > + return "$status" > +} > + > +restart() { > + stop > + sleep 1 > + start > +} > + > +case "$1" in > + start|stop|restart) > + "$1";; > + reload) > + # Restart, since there is no true "reload" feature. > + restart;; > + *) > + echo "Usage: $0 {start|stop|restart|reload}" > + exit 1 > +esac > diff --git a/package/ntpsec/ntpd.etc.conf b/package/ntpsec/ntpd.etc.conf > new file mode 100644 > index 0000000000..e0f45c1438 > --- /dev/null > +++ b/package/ntpsec/ntpd.etc.conf > @@ -0,0 +1,33 @@ > +# > +# legacy NTP configuration > +# > +pool 0.pool.ntp.org iburst > +pool 1.pool.ntp.org iburst > +pool 2.pool.ntp.org iburst > +pool 3.pool.ntp.org iburst > + > +# > +# NTS configuration > +# > +# Notes: > +# - uncomment the following lines to enable NTS support (but > +# make sure the initial clock is up-to-date (otherwise the > +# NTS certificate validation will fail with 'NTSc: certificate invalid: > +# 9=>certificate is not yet valid' as on boards without RTC support) > +# and/or keep at least one line from the legacy NTP lines > +# - enable BR2_PACKAGE_CA_CERTIFICATES to gain access to the certificate > +# files > +# > +# server time.cloudflare.com nts # Global, anycast > +# server nts.ntp.se:4443 nts # Sweden > +# server ntpmon.dcs1.biz nts # Singapore > +# server ntp1.glypnod.com nts # San Francisco > +# server ntp2.glypnod.com nts # London > +# > +# ca /usr/share/ca-certificates/mozilla > + > +# Allow only time queries, at a limited rate, sending KoD when in excess. > +# Allow all local queries (IPv4, IPv6) > +restrict default nomodify nopeer noquery limited kod > +restrict 127.0.0.1 > +restrict [::1] > diff --git a/package/ntpsec/ntpsec.hash b/package/ntpsec/ntpsec.hash > new file mode 100644 > index 0000000000..9c30605cbd > --- /dev/null > +++ b/package/ntpsec/ntpsec.hash > @@ -0,0 +1,4 @@ > +# Locally calculated > +sha256 80e5b4c07dc1f8f7dc90851662c72a80a4111477c48040ae9e1f2e56f893251d ntpsec-NTPsec_1_2_0.tar.bz2 > +sha256 b4db4de3317c3b0554ed91eb692968800bdfd6ad2c16ffbeee8ce4895ed91da4 LICENSE.adoc > +sha256 d3b21470adadd9abd9c6d675378f8c371ac5a4ea6dbec91859e02fadca3c0856 docs/copyright.adoc > diff --git a/package/ntpsec/ntpsec.mk b/package/ntpsec/ntpsec.mk > new file mode 100644 > index 0000000000..c62077dce6 > --- /dev/null > +++ b/package/ntpsec/ntpsec.mk > @@ -0,0 +1,71 @@ > +################################################################################ > +# > +# ntpsec > +# > +################################################################################ > + > +NTPSEC_VERSION_MAJOR = 1 > +NTPSEC_VERSION_MINOR = 2 > +NTPSEC_VERSION_POINT = 0 > +NTPSEC_VERSION = $(NTPSEC_VERSION_MAJOR)_$(NTPSEC_VERSION_MINOR)_$(NTPSEC_VERSION_POINT) > +NTPSEC_SOURCE = ntpsec-NTPsec_$(NTPSEC_VERSION).tar.bz2 > +NTPSEC_SITE = https://gitlab.com/NTPsec/ntpsec/-/archive/NTPsec_$(NTPSEC_VERSION) > +NTPSEC_LICENSE = BSD-2-Clause NTP BSD-3-Clause MIT > +NTPSEC_LICENSE_FILES = LICENSE.adoc docs/copyright.adoc > + > +NTPSEC_CPE_ID_VENDOR = ntpsec > +NTPSEC_CPE_ID_VERSION = $(NTPSEC_VERSION_MAJOR).$(NTPSEC_VERSION_MINOR) > +NTPSEC_CPE_ID_UPDATE = $(NTPSEC_VERSION_POINT) > + > +NTPSEC_DEPENDENCIES = \ > + host-pkgconf \ > + $(if $(BR2_PACKAGE_PYTHON),python,python3) \ > + libcap \ > + openssl > + > +NTPSEC_CONF_OPTS = \ > + CC=gcc \ > + PYTHON_CONFIG="$(STAGING_DIR)/usr/bin/$(if $(BR2_PACKAGE_PYTHON),python,python3)-config" \ > + --cross-compiler="$(TARGET_CC)" \ > + --cross-cflags="$(TARGET_CFLAGS) -std=gnu99" \ > + --cross-ldflags="$(TARGET_LDFLAGS)" \ > + --notests \ > + --enable-early-droproot \ > + --disable-mdns-registration \ > + --enable-pylib=ffi \ > + --nopyc \ > + --nopyo \ > + --nopycache \ > + --disable-doc \ > + --disable-manpage > + > +ifeq ($(BR2_PACKAGE_NTPSEC_CLASSIC_MODE),y) > +NTPSEC_CONF_OPTS += --enable-classic-mode > +endif > + > +ifeq ($(BR2_PACKAGE_NTPSEC_NTS),y) > +#NTPSEC_CONF_OPTS += --enable-nts > +else > +NTPSEC_CONF_OPTS += --disable-nts > +endif > + > +# add a link to libntpc.so where python searches for it > +define NTPSEC_LIBNTPC_LINK > + ln -sf /usr/lib/ntp/libntpc.so $(TARGET_DIR)/usr/lib/libntpc.so > +endef > +NTPSEC_POST_INSTALL_TARGET_HOOKS += NTPSEC_LIBNTPC_LINK > + > +define NTPSEC_INSTALL_NTPSEC_CONF > + $(INSTALL) -m 644 package/ntpsec/ntpd.etc.conf $(TARGET_DIR)/etc/ntp.conf > +endef > +NTPSEC_POST_INSTALL_TARGET_HOOKS += NTPSEC_INSTALL_NTPSEC_CONF > + > +define NTPSEC_INSTALL_INIT_SYSV > + $(INSTALL) -D -m 755 package/ntpsec/S49ntp $(TARGET_DIR)/etc/init.d/S49ntp > +endef > + > +define NTPSEC_USERS > + ntp -1 ntp -1 * - - - ntpd user > +endef > + > +$(eval $(waf-package)) The resulting ntpd runs fine with the raspberrypi3_defconfig, but segfaults when compiled/used with raspberrypi3_64_defconfig (uclibc, -Os): $ /usr/sbin/ntpd -n -d -g 1970-01-01T00:04:18 ntpd[263]: INIT: ntpd ntpsec-1.2.0 2021-10-24T13:39:21Z: Starting 1970-01-01T00:04:18 ntpd[263]: INIT: Command line: /usr/sbin/ntpd -n -d 1970-01-01T00:04:18 ntpd[263]: INIT: precision = 7.291 usec (-17) 1970-01-01T00:04:18 ntpd[263]: INIT: successfully locked into RAM 1970-01-01T00:04:18 ntpd[263]: CONFIG: readconfig: parsing file: /etc/ntp.conf 1970-01-01T00:04:18 ntpd[263]: CONFIG: restrict nopeer ignored 1970-01-01T00:04:18 ntpd[263]: INIT: Using SO_TIMESTAMPNS 1970-01-01T00:04:18 ntpd[263]: IO: Listen and drop on 0 v6wildcard [::]:123 1970-01-01T00:04:18 ntpd[263]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 1970-01-01T00:04:18 ntpd[263]: IO: Listen normally on 2 lo 127.0.0.1:123 1970-01-01T00:04:18 ntpd[263]: IO: Listen normally on 3 eth0 172.16.0.30:123 1970-01-01T00:04:18 ntpd[263]: IO: Listen normally on 4 lo [::1]:123 1970-01-01T00:04:18 ntpd[263]: IO: Listen normally on 5 eth0 [fe80::ba27:ebff:fea6:340%2]:123 1970-01-01T00:04:18 ntpd[263]: IO: Listening on routing socket on fd #22 for interface updates 1970-01-01T00:04:19 ntpd[263]: SYNC: Found 10 servers, suggest minsane at least 3 1970-01-01T00:04:19 ntpd[263]: INIT: MRU 10922 entries, 13 hash bits, 65536 bytes 1970-01-01T00:04:20 ntpd[263]: DNS: dns_probe: 0.pool.ntp.org, cast_flags:8, flags:101 Segmentation fault (core dumped) With the following stacktrace: $ ./host/bin/aarch64-buildroot-linux-uclibc-gdb build/ntpsec-1_2_0/build/main/ntpd/ntpd core Program terminated with signal SIGSEGV, Segmentation fault. (gdb) where #0 0x0000007fbbfa4150 in res_sync_func () at libc/inet/resolv.c:3356 #1 0x0000007fbbfa1468 in __open_nameservers () at libc/inet/resolv.c:949 #2 0x0000007fbbfa0498 in __dns_lookup (name=0x55a464a7f0 "0.pool.ntp.org", type=1, outpacket=0x7fbbf16c48, a=0x7fbbf16c08) at libc/inet/resolv.c:1134 #3 0x0000007fbbfa2744 in __GI_gethostbyname_r ( name=0x55a464a7f0 "0.pool.ntp.org", result_buf=0x7fbbf17628, buf=0x7fbbf16d90 "", buflen=992, result=0x7fbbf17670, h_errnop=0x7fbbf17668) at libc/inet/resolv.c:1966 #4 0x0000007fbbfa29a0 in __GI_gethostbyname2_r ( name=0x55a464a7f0 "0.pool.ntp.org", family=2, result_buf=0x7fbbf17628, buf=0x7fbbf16d70 "0.pool.ntp.org", buflen=1024, result=0x7fbbf17670, h_errnop=0x7fbbf17668) at libc/inet/resolv.c:2065 #5 0x0000007fbbf9b924 in gaih_inet (name=0x55a464a7f0 "0.pool.ntp.org", service=0x7fbbf17828, req=0x7fbbf17890, pai=0x7fbbf17838) at libc/inet/getaddrinfo.c:596 #6 0x0000007fbbf9c624 in __GI_getaddrinfo ( name=0x55a464a7f0 "0.pool.ntp.org", service=0x5576ad807d "\277\261\377\377A\215E\001I9\334r\263f\017\037D", hints=0x7fbbf17890, pai=0x5576b00bd8) at libc/inet/getaddrinfo.c:957 #7 0x0000005576ac5698 in _start () (gdb) p _res $1 = {options = 0, nsaddr_list = {{sin_family = 0, sin_port = 0, sin_addr = { s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, { sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}, {sin_family = 0, sin_port = 0, sin_addr = {s_addr = 0}, sin_zero = "\000\000\000\000\000\000\000"}}, dnsrch = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, nscount = 0 '\000', ndots = 0 '\000', retrans = 0 '\000', retry = 0 '\000', defdname = '\000' , nsort = 0 '\000', pfcode = 0, id = 0, res_h_errno = 0, sort_list = {{addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}, {addr = { s_addr = 0}, mask = 0}, {addr = {s_addr = 0}, mask = 0}}, _u = { _ext = {nsaddrs = {0x0, 0x0, 0x0}, nscount = 0 '\000', nstimes = {0, 0, 0}, nssocks = {0, 0, 0}, nscount6 = 0, nsinit = 0}}} (gdb) p &_res $2 = (struct __res_state *) 0x7fbc014d98 <_res> (gdb) p rp $3 = (struct __res_state *) 0x7fffffffff And the following uclibc code at libc/inet/resolv.c:3356: 3345 static void res_sync_func(void) 3346 { 3347 struct __res_state *rp = &(_res); 3348 int n; 3349 3350 /* If we didn't get malloc failure earlier... */ 3351 if (__nameserver != (void*) &__local_nameserver) { 3352 /* TODO: 3353 * if (__nameservers < rp->nscount) - try to grow __nameserver[]? 3354 */ 3355 #ifdef __UCLIBC_HAS_IPV6__ 3356 if (__nameservers > rp->_u._ext.nscount) 3357 __nameservers = rp->_u._ext.nscount; 3358 n = __nameservers; The special thing about ntpsec is the DNS lookup in an extra thread and/or the call to res_init(), see ntpsec-1_2_0/ntpd/ntp_dns.c: 69 msyslog(LOG_INFO, "DNS: dns_probe: %s, cast_flags:%x, flags:%x%s", 70 hostname, pp->cast_flags, pp->cfg.flags, busy); 71 if (NULL != active) /* normally redundant */ 72 return false; 73 74 active = pp; 75 76 sigfillset(&block_mask); 77 pthread_sigmask(SIG_BLOCK, &block_mask, &saved_sig_mask); 78 rc = pthread_create(&worker, NULL, dns_lookup, pp); and 165 static void* dns_lookup(void* arg) 166 { 167 struct peer *pp = (struct peer *) arg; 168 struct addrinfo hints; 169 170 #ifdef HAVE_SECCOMP_H 171 setup_SIGSYS_trap(); /* enable trap for this thread */ 172 #endif 173 174 #ifdef HAVE_RES_INIT 175 /* Reload DNS servers from /etc/resolv.conf in case DHCP has updated it. 176 * We only need to do this occasionally, but it's not expensive 177 * and simpler to do it every time than it is to figure out when 178 * to do it. 179 * This res_init() covers NTS too. 180 */ 181 res_init(); 182 #endif 183 184 if (pp->cfg.flags & FLAG_NTS) { 185 #ifndef DISABLE_NTS 186 nts_probe(pp); 187 #endif 188 } else { 189 ZERO(hints); 190 hints.ai_protocol = IPPROTO_UDP; 191 hints.ai_socktype = SOCK_DGRAM; 192 hints.ai_family = AF(&pp->srcadr); 193 gai_rc = getaddrinfo(pp->hostname, NTP_PORTA, &hints, &answer); 194 } The failure can be fixed/work-around with the following uClibc-ng-1.0.39 patch: The first change is using the provided __res_state() method instead of direct access, the second one changes the __res_state() implementation to the one where the comment 'When threaded, _res may be a per-thread variable.' indicates this should be used with threads/TLS enabled... Not sure if this is the right fix and/or I figrue out enough of the uclibc logic about the _res access vs. res_init() vs. thread/TLS logic... Regards, Peter diff --git a/libc/inet/resolv.c b/libc/inet/resolv.c index 8bbd7c7..cf170fb 100644 --- a/libc/inet/resolv.c +++ b/libc/inet/resolv.c @@ -3344,7 +3344,7 @@ libc_hidden_def(dn_skipname) /* Will be called under __resolv_lock. */ static void res_sync_func(void) { - struct __res_state *rp = &(_res); + struct __res_state *rp = __res_state(); int n; /* If we didn't get malloc failure earlier... */ @@ -3896,7 +3896,7 @@ res_ninit(res_state statp) #endif /* L_res_init */ #ifdef L_res_state -# if defined __UCLIBC_HAS_TLS__ +# if !defined __UCLIBC_HAS_TLS__ struct __res_state * __res_state (void) {