NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15
was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
genLocInfo
The genLocInfo
script
The top-level
configure
program will run
scripts/genLocInfo
in order to choose, based on (the version of) the target operating system:
- where various NTP programs are installed (
bin
or sbin
)
- which manual macros should be installed (
man
or mdoc
)
- which section the manual pages should be installed under (
1
, 1m
, or 8
)
Since we do not want to require the average "installer" to have GNU AutoGen installed, we must pre-generate our documentation.
This means we need to generate two sets of (unformatted) manual pages, one using
man
macros, and another using
mdoc
macros.
When we produce the files for installation, the generated
Makefile
must therefore know:
- if a program belongs in
bin_PROGRAMS
or sbin_PROGRAMS
- which of
foo.man
or foo.mdoc
should be installed in which "section", for the man_MANS
variable
The
Makefile
will know the local policy choices for this because of the
autoconf
macro
NTP_LOCINFO
, which is defined in
sntp/m4/ntp_locs.m4
.
After a successful run of
configure
,
NTP_LOCINFO
will produce a list of substitution variables, like:
-
NTP_KEYGEN_DB
- Destination
bin
- either empty, or the name of the program to install in bin/
.
-
NTP_KEYGEN_DS
- Destination
sbin
- either empty, or the name of the program to install in sbin/
.
-
NTP_KEYGEN_MS
- Manual Section - one of
1
, 1m
, or 8
, specifying where ntp-keygen
should have its manual page installed.
Cross-references in NTP's manual pages
The NTP Distribution supports a wide variety of "policy choices" for the manual section that will be preferred by any given system.
If the author of an "outside" manual document knows that the local policy choice for, say
ntpd
is for it to be in section
8
of the manual pages, the author would code that using
.Xr ntpd 8
(to use the
mdoc
cross-reference macro).
However, NTP documentation authors must use a more general mechanism to allow for the customization of these local policy choices.
Therefore, when writing man page documentation using
mdoc
tags, the author would write
.Xr ntpd 1ntpdmdoc
or
.Xr ntpd 1ntpdman
(the choice of
...mdoc
or
...man
does not matter).
The complete list of cross-reference "names" can be found by looking at
sntp/m4/mansec.sed
.
Now to describe how all of this works...
Producing manual pages in a Makefile.am
The
EXTRA_DIST
target in, for example,
sntp/Makefile.am
includes:
-
sntp.1smtpman
-
sntp.1smtpmdoc
-
sntp.man.in
-
sntp.mdoc.in
This specification means the 4 mentioned files will be included in the tarball distribution.
The
noinst_DATA
target in that same file includes:
-
$(srcdir)/sntp.man.in
-
$(srcdir)/sntp.mdoc.in
This specification means that the 2 mentioned files should be built.
If you are interested in this, it will probably be best if you look at a working example.
Anyway, GNU AutoGen uses
-DMAN_SECTION=1smtpman -Tagman-cmd.tpl
to produce
sntp.1smtpman
using
man
macros (the suffix is chosen based on the value of
-DMAN_SECTION
and
-Tagman-cmd.tpl
says that we're producing an autogen command page using =man=macros.
You can probably guess (or see) how a similar line would produce
mdoc
pages.
We then have to post-process these generated pages to properly handle cross-references, and that is the job of the rule (again, to continue the example) in
sntp/Makefile.am
that takes
sntp.1.smtpman
and turns it in to
sntp.man.in
.
We produce a
.in
file here, because when the builder runs
configure
we choose the target manual sections, and at the end of
configure
the
config.status
script is run, and that will convert the selected
sntp.man.in
or
sntp.mdoc.in
into
sntp.X
, where
X
is the value in
SNTP_MS
(so it will be
1
,
1m
, or
8
), and add this filename to the
man_MANS
target.
This conversion process uses
mansec.sed
, which is described next.
mansec.sed
Any given NTP-related manual page will likely have many cross-references to other NTP programs, and since the manual section is a local policy choice, we must produce the desired manual pages containing the desired manual macros that include proper manual sections for the other programs.
Since we must
build the pages in a way that gives us the ability to later emit them with local policy choices, the final step in the creation of the
.man.in
or
.mdoc.in
pages is to translate the occurrences of
1smtpman
or
1smtpmdoc
in the files produced by
autogen
into "value substitution strings" (in the
.man.in
and
.mdoc.in
files).
This task is handled by the
Makefile.am
rules that call
sed -f m4/mansec.sed
(or similar, depending on the
Makefile.am
).
--
HarlanStenn - 2011-06-21