with the current implementation, net-misc/clockspeed uses some files spread all over the filesystem: /etc/leapsecs.dat (binary file) /usr/adjust (fifo) /usr/etc/atto (text file) /usr/etc/atto.tmp (temporary file) this creates a headache when one is trying to make a good selinux policy for this software. and it's quite ugly. i think it would be great if all those files would reside in /var/lib/clockspeed. what do you think? i'm attaching clockspeed-0.62-r3.ebuild and clockspeed-0.62-r3-gentoo.diff that fixes the problem. i just hope it won't break things.
Created attachment 21472 [details] the ebuild
Created attachment 21473 [details] the patch
maybe hardened can comment on the selinux aspect of this.
The policy bug is dependant on this because there are two different policies: one if this gets accepted, one if it doesnt. Otherwise this has nothing to do with the hardened team, sorry.
Please do not assign this to me. I dont maintain clockspeed. I had never even heard of it until Petre sent me the SELinux policy. Sending back to bug wranglers.
Ooops, sorry for the commotion i created. this bug is about 2 things: - acording to fhs-2.3beta chapter 5.8.1, /var/lib/<name> is the place to use for state information. chapter 4.1 tels me that /usr contains shareable, read-only data, that is not specific to any given host. the /usr/adjust fifo is hardly the case. /etc/usr/atto and /usr/etc/atto.tmp are not used as read-only data. - version -r2 of clockspeed doesn't work as it should because the /usr/etc directory (where it looks for the atto file) doesn't even exist on my gentoo system. had to make it manualy. bye, peter
clockspeed is seriously braindamaged 00:17:56 [/usr/local/chroots/chroot001:6569.pty-s0.epoch] epoch ~ # ACCEPT_KEYWORDS="x86" emerge clockspeed Calculating dependencies ...done! >>> emerge (1 of 1) net-misc/clockspeed-0.62-r2 to / >>> md5 src_uri ;-) clockspeed-0.62.tar.gz >>> Unpacking source... >>> Unpacking clockspeed-0.62.tar.gz to /var/tmp/portage/clockspeed-0.62-r2/work >>> Source unpacked. * Applying clockspeed-0.62-r2-gentoo.diff... [ ok ] nroff -man sntpclock.1 > sntpclock.0 nroff -man taiclock.1 > taiclock.0 nroff -man taiclockd.1 > taiclockd.0 nroff -man clockspeed.1 > clockspeed.0 nroff -man clockadd.1 > clockadd.0 nroff -man clockview.1 > clockview.0 ( cat warn-auto.sh; \ echo CC=\'`head -1 conf-cc`\'; \ echo LD=\'`head -1 conf-ld`\' \ ) > auto-ccld.sh head: `-1' option is obsolete; use `-n 1' Try `head --help' for more information. head: `-1' option is obsolete; use `-n 1' Try `head --help' for more information. cat auto-ccld.sh make-load.sh > make-load chmod 755 make-load cat auto-ccld.sh find-systype.sh > find-systype chmod 755 find-systype cat auto-ccld.sh make-compile.sh > make-compile chmod 755 make-compile cat auto-ccld.sh make-makelib.sh > make-makelib ./find-systype > systype chmod 755 make-makelib ( cat warn-auto.sh; ./make-load "`cat systype`" ) > load ( cat warn-auto.sh; ./make-compile "`cat systype`" ) > \ compile chmod 755 compile ( cat warn-auto.sh; ./make-makelib "`cat systype`" ) > \ makelib chmod 755 load ./compile leapsecs_init.c ./compile: line 3: exec: leapsecs_init.c: not found make: *** [leapsecs_init.o] Error 127 make: *** Waiting for unfinished jobs.... chmod 755 makelib make: *** Waiting for unfinished jobs.... !!! ERROR: net-misc/clockspeed-0.62-r2 failed. !!! Function src_compile, Line 30, Exitcode 2 !!! (no error message) you have head -1 obsolete options and both ebuilds appear to not work just out of the box on my testing here please reply, Alex
Created attachment 21576 [details] new clockspeed-0.62-r3-gentoo.diff this patch fixes the head -1 problem. the 'compile' script is created using those 'head' commands that failed. compile should look something like: ---------------- #!/bin/sh # WARNING: This file was auto-generated. Do not edit! exec gcc -march=i686 -O3 -pipe -fomit-frame-pointer -c ${1+"$@"} ----------------
check it out with the new diff and please tell me if it works. thanks, peter
Works for me. Copied the -r2.ebuild to -r3.ebuild, created your new diff in net-misc/clockspeed/files and ran a simple `emerge clockspeed`. No complaints whatsoever.
Ulrich Plate: the new ebuild is also needed. it copies the leapsecs.dat file to /var/lib/clockspeed
spanky, this seems more in your area
-r3 is now in cvs, thanks for the bug report/patch :)
I don't know if the problem I'm having is completely relevant to this bug or whether I should start a new one, but I am unable to get clockspeed to work on my system. Specifically, I can't find or create the 'atto' file in /var/lib/clockspeed. sntpclock works fine, as do clockview and clockadd. So I can manually get my clock set correctly. I'm trying to start clockspeed by using DJB's daemontools and a very simple runscript I whipped up. Here it is: #!/bin/sh exec /usr/bin/clockspeed Not much to it really, but supervise tries to start clockspeed and it immediately fails and then supervise tries to restart it. Could the problem be because there is no 'atto' file in /var/lib/clockspeed? I've been trying to get an 'atto' file created by doing this twice: sntpclock 1.2.3.4 > /var/lib/clockspeed/adjust but no success. Any thoughts? I'd be happy to provide more information if I can. Thanks. J
if you just want to see the clock skew compared to a ntp server, try sntpclock ip.of.ntp.server | clockview to sync your clock, do sntpclock ip.of.ntp.server | clockadd if you want to use clockspeed to keep your clock sync-ed to an external ntp server emerge daemontools-scripts and check out the /service/clockspeed* scripts included there none of the above need special poking with the atto file and yes, you should have opened a new bug report :p
