From owner-svn-src-stable@freebsd.org  Sat Aug 27 02:53:22 2016
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3063B76D11;
 Sat, 27 Aug 2016 02:53:22 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id B779118D;
 Sat, 27 Aug 2016 02:53:22 +0000 (UTC) (envelope-from cy@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7R2rLQI026557;
 Sat, 27 Aug 2016 02:53:21 GMT (envelope-from cy@FreeBSD.org)
Received: (from cy@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7R2rLvg026555;
 Sat, 27 Aug 2016 02:53:21 GMT (envelope-from cy@FreeBSD.org)
Message-Id: <201608270253.u7R2rLvg026555@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cy set sender to cy@FreeBSD.org
 using -f
From: Cy Schubert <cy@FreeBSD.org>
Date: Sat, 27 Aug 2016 02:53:21 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject: svn commit: r304879 - in stable: 10/etc/ntp 10/etc/rc.d 11/etc/ntp
 11/etc/rc.d 9/etc/ntp 9/etc/rc.d
X-SVN-Group: stable-9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Aug 2016 02:53:23 -0000

Author: cy
Date: Sat Aug 27 02:53:21 2016
New Revision: 304879
URL: https://svnweb.freebsd.org/changeset/base/304879

Log:
  MFC r304779, r304780, r304781, r304782, r304802
  
  r304779:
  
    Revert r298887 (spelling fix) and remove $FreeBSD$ because text changes
    to leap-seconds invaldidates validation hash at the end of the file.
  
    Remove svn:keywords and replace with fbsd:nokeywords=yes to
    support this change.
  
  r304780:
  
    Change the algorithm by which /var/db/leap-seconds is updated.
  
    1. Use the leap-seconds version number (update time) to determine
       whether to update the file or not.
  
    2. If the version numbers of the files is the same, use the later
       expiry date to determine which file to use.
  
    Suggested by:	ian@
  
  r304781:
  
    Add logic to replace the working ntp leap-seconds file in /var/db
    if it contains a $FreeBSD$ header. The header will cause the file
    to fail checksum of the hash causing ntpd to ignore the file.
  
  r304782:
  
    Make validation of the leap-seconds file unconditional.
  
  r304802:
  
    Remove the gratuitous check for $FreeBSD$ and rename the function
    to ntpd_init_leapfile, to ensure a copy exists in /var/db if a copy
    isn't already there.
  
    Reported by:	ache@

Modified:
  stable/9/etc/ntp/leap-seconds   (contents, props changed)
  stable/9/etc/rc.d/ntpd
Directory Properties:
  stable/9/etc/   (props changed)
  stable/9/etc/rc.d/   (props changed)

Changes in other areas also in this revision:
Modified:
  stable/10/etc/ntp/leap-seconds   (contents, props changed)
  stable/10/etc/rc.d/ntpd
  stable/11/etc/ntp/leap-seconds   (contents, props changed)
  stable/11/etc/rc.d/ntpd
Directory Properties:
  stable/10/   (props changed)
  stable/11/   (props changed)

Modified: stable/9/etc/ntp/leap-seconds
==============================================================================
--- stable/9/etc/ntp/leap-seconds	Sat Aug 27 02:27:29 2016	(r304878)
+++ stable/9/etc/ntp/leap-seconds	Sat Aug 27 02:53:21 2016	(r304879)
@@ -1,6 +1,4 @@
 #
-# $FreeBSD$
-#
 #	In the following text, the symbol '#' introduces
 #	a comment, which continues from that symbol until 
 #	the end of the line. A plain comment line has a

Modified: stable/9/etc/rc.d/ntpd
==============================================================================
--- stable/9/etc/rc.d/ntpd	Sat Aug 27 02:27:29 2016	(r304878)
+++ stable/9/etc/rc.d/ntpd	Sat Aug 27 02:53:21 2016	(r304879)
@@ -28,6 +28,8 @@ ntpd_precmd()
 		rc_flags="-g $rc_flags"
 	fi
 
+	ntpd_init_leapfile
+
 	if [ ! -f $ntp_db_leapfile ]; then
 		ntpd_fetch_leapfile
 	fi
@@ -66,15 +68,27 @@ current_ntp_ts() {
 }
 	
 get_ntp_leapfile_ver() {
+	# Leapfile update date (version number).
 	expr "$(awk '$1 == "#$" { print $2 }' "$1" 2>/dev/null)" : \
 		'^\([1-9][0-9]*\)$' \| 0
 }
 
 get_ntp_leapfile_expiry() {
+	# Leapfile expiry date.
 	expr "$(awk '$1 == "#@" { print $2 }' "$1" 2>/dev/null)" : \
 		'^\([1-9][0-9]*\)$' \| 0
 }
 
+ntpd_init_leapfile() {
+	# Refresh working leapfile with an invalid hash due to
+	# FreeBSD id header. Ntpd will ignore leapfiles with a
+	# mismatch hash. The file must be the virgin file from
+	# the source.
+	if [ ! -f $ntp_db_leapfile ]; then
+		cp -p $ntp_src_leapfile $ntp_db_leapfile
+	fi
+}
+
 ntpd_fetch_leapfile() {
 	local ntp_tmp_leapfile rc verbose
 	
@@ -87,19 +101,23 @@ ntpd_fetch_leapfile() {
 	ntp_tmp_leapfile="/var/run/ntpd.leap-seconds.list"
 
 	ntp_ver_no_src=$(get_ntp_leapfile_ver $ntp_src_leapfile)
+	ntp_expiry_src=$(get_ntp_leapfile_expiry $ntp_src_leapfile)
 	ntp_ver_no_db=$(get_ntp_leapfile_ver $ntp_db_leapfile)
+	ntp_expiry_db=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	$verbose ntp_src_leapfile version is $ntp_ver_no_src
 	$verbose ntp_db_leapfile version is $ntp_ver_no_db
 
-	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" ]; then
+	if [ "$ntp_ver_no_src" -gt "$ntp_ver_no_db" -o \
+	     "$ntp_ver_no_src" -eq "$ntp_ver_no_db" -a \
+	     "$ntp_expiry_src" -gt "$ntp_expiry_db" ]; then
 		$verbose replacing $ntp_db_leapfile with $ntp_src_leapfile 
 		cp -p $ntp_src_leapfile $ntp_db_leapfile
 		ntp_ver_no_db=$ntp_ver_no_src
 	else
 		$verbose not replacing $ntp_db_leapfile with $ntp_src_leapfile 
 	fi
-	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	ntp_leapfile_expiry_seconds=$((ntp_leapfile_expiry_days*86400))
+	ntp_leap_expiry=$(get_ntp_leapfile_expiry $ntp_db_leapfile)
 	ntp_leap_fetch_date=$((ntp_leap_expiry-ntp_leapfile_expiry_seconds))
 	if [ $(current_ntp_ts) -ge $ntp_leap_fetch_date ]; then
 		$verbose Within ntp leapfile expiry limit, initiating fetch
@@ -107,8 +125,11 @@ ntpd_fetch_leapfile() {
 			$verbose fetching $url
 			fetch $ntp_leapfile_fetch_opts -o $ntp_tmp_leapfile $url && break
 		done
+		ntp_ver_no_tmp=$(get_ntp_leapfile_ver $ntp_tmp_leapfile)
 		ntp_expiry_tmp=$(get_ntp_leapfile_expiry $ntp_tmp_leapfile)
-		if [ "$ntp_expiry_tmp" -gt "$ntp_leap_expiry" ]; then
+		if [ "$ntp_ver_no_tmp" -gt "$ntp_ver_no_db" -o \
+		     "$ntp_ver_no_tmp" -eq "$ntp_ver_no_db" -a \
+		     "$ntp_expiry_tmp" -gt "$ntp_expiry_db" ]; then
 			$verbose using $url as $ntp_db_leapfile
 			mv $ntp_tmp_leapfile $ntp_db_leapfile
 		else