From aa14b765decc90f1871cc10facf8f82754321396 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 3 Jan 2015 21:36:42 -0600 Subject: [PATCH] update install docs, fix outdated links - add OS X privsep user creation instructions from jasper@ - update install instructions to be the same everywhere - remove outdated compiler flags --- INSTALL | 32 ++++++++++++++++++++++++-------- Makefile.am | 9 +++++++-- README | 18 +++++++++++++----- configure.ac | 2 +- 4 files changed, 45 insertions(+), 16 deletions(-) diff --git a/INSTALL b/INSTALL index 08f0a0e..1c09601 100644 --- a/INSTALL +++ b/INSTALL @@ -54,12 +54,28 @@ are moving the built binaries to another system) then you will need to do something like the following (although the exact commands required for creating the user and group are system dependant): -# groupadd _ntp -# useradd -g _ntp -s /sbin/nologin -d /var/empty/ntp -c 'OpenNTP daemon' _ntp -# mkdir -p /var/empty/ntp -# chown 0 /var/empty/ntp -# chgrp 0 /var/empty/ntp -# chmod 0755 /var/empty/ntp +On most Linux and BSD systems, something like should work: + + groupadd _ntp + useradd -g _ntp -s /sbin/nologin -d /var/empty/ntp -c 'OpenNTP daemon' _ntp + mkdir -p /var/empty/ntp + chown 0 /var/empty/ntp + chgrp 0 /var/empty/ntp + chmod 0755 /var/empty/ntp + +As of OS X 10.10, something this this should work similarly +(thanks to jasper@ for suggesting) + + dscl . create /Users/_ntp + dscl . create /Users/_ntp UserShell /sbin/nologin +# Prevent user from showing up on the login screen + dscl . delete /Users/_ntp AuthenticationAuthority +# Arbitrarily chosen UID that was free + dscl . create /Users/_ntp UniqueID 400 + dscl . create /Users/_ntp PrimaryGroupID 400 + dscl . create /Users/_ntp RealName "OpenNTPD user" + dseditgroup -o create _ntp + dscl . append /Groups/_ntp GroupMembership _ntp There are a few options to the configure script in addition to the ones provided by autoconf itself: @@ -77,7 +93,7 @@ If you need to pass special options to the compiler or linker, you can specify these as environment variables before running ./configure. For example: -CFLAGS="-O -m486" LDFLAGS="-s" LIBS="-lrubbish" LD="/usr/foo/ld" ./configure +CFLAGS="-O2 " LDFLAGS="-s" ./configure 3. Configuration @@ -88,7 +104,7 @@ whatever you specified as your --sysconfdir (/usr/local/etc by default). If no configuration file exists, the default one is used. The default configuration file uses a selection of publicly accessible "pool" servers -(see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers). +(see http://support.ntp.org/bin/view/Servers/NTPPoolServers) 4. Problems? diff --git a/Makefile.am b/Makefile.am index 041429c..00f0938 100644 --- a/Makefile.am +++ b/Makefile.am @@ -70,26 +70,31 @@ install-exec-hook: @if [ ! -d "$(PRIVSEP_PATH)" ]; then \ echo; \ echo " Please created a privilege separation directory for ntpd." ; \ + echo " On Linux / BSD systems, this will probably work:"; \ echo " # mkdir -p \"$(PRIVSEP_PATH)\"" ; \ echo " # chown 0 \"$(PRIVSEP_PATH)\"" ; \ echo " # chgrp 0 \"$(PRIVSEP_PATH)\"" ; \ echo " # chmod 0755 "$(PRIVSEP_PATH)\""" ; \ + echo " For OS X, see README.OSX" ; \ fi @if egrep "^$(PRIVSEP_USER):" /etc/group >/dev/null; then \ : ; \ else \ echo; \ echo " Please create a dedicated group for ntpd." ; \ - echo " This is system-dependant, possibly:" ; \ + echo " On Linux / BSD systems, this will probably work:"; \ echo " # groupadd $(PRIVSEP_USER)" ; \ + echo " For OS X, see README.OSX" ; \ fi @if egrep "^$(PRIVSEP_USER):" /etc/passwd >/dev/null; then \ : ; \ else \ echo; \ echo " Please create a dedicated user for ntpd and ensure it can" ; \ - echo " not be used to log in. This is system-dependant, possibly:" ; \ + echo " not be used to log in." ; \ + echo " On Linux / BSD systems, this will probably work:" ; \ echo " # useradd -g $(PRIVSEP_USER) -s /sbin/nologin -d $(PRIVSEP_PATH) -c 'OpenNTP daemon' $(PRIVSEP_USER)" ; \ + echo " For OS X, see README.OSX" ; \ fi echo diff --git a/README b/README index 5e54d53..7fa1a2d 100644 --- a/README +++ b/README @@ -8,9 +8,11 @@ The current portable tree can be found at https://github.com/openntpd-portable Platform Requirements --------------------- -adjtime() and settimeofday() syscalls or equivalent. -a working arc4random implementation, OpenSSL or LibreSSL - (this project shares the same arc4random compatibility code from LibreSSL) + - adjtime(2) and settimeofday(2) syscalls or equivalent. + - adjfreq(2) or an equivalent compatibility function for best results + - daemon(3), setresgid(2), setresuid(2) or equivalent + - A working arc4random(2) implementation, OpenSSL or LibreSSL + (this project shares the same arc4random compatibility code from LibreSSL) At the time of writing the Portable version is known to build and work on: @@ -20,5 +22,11 @@ At the time of writing the Portable version is known to build and work on: - Solaris (10.x, 11.x) - Mac OS X (10.9) -It may work on others operating systems, newer and older, but it's still a work -in progress. Reports (success or otherwise) and/or diffs welcome. +OpenNTPD may work on other operating systems, newer and older, but the above +ones are tested regularly by the developer. + +Reports (success or otherwise) are welcome. You may report bugs or submit pull +requests at the GitHub project: https://github.com/openntpd-portable + +Thanks, + Brent Cook . diff --git a/configure.ac b/configure.ac index 76db913..67b2db0 100644 --- a/configure.ac +++ b/configure.ac @@ -190,7 +190,7 @@ AC_ARG_WITH(privsep-path, [ AC_DEFINE_UNQUOTED(NTPD_CHROOT_DIR, "$withval", [Privilege separation chroot path]) PRIVSEP_PATH=$withval ], - [ PRIVSEP_PATH=/var/empty ] + [ PRIVSEP_PATH=/var/empty/ntp ] ) AC_SUBST(PRIVSEP_PATH)