NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.
ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.
Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.
program will run
in order to choose, based on (the version of) the target operating system:
- where various NTP programs are installed (
sbin or, as of 4.2.7p194,
- which manual macros should be installed (
- which section the manual pages should be installed under (
Since we do not want to require the average "installer" to have GNU AutoGen installed, we must pre-generate our documentation.
This means we need to generate two sets of (unformatted) manual pages, one using
macros, and another using
When we produce the files for installation, the generated
must therefore know:
- if a program belongs in
sbin_PROGRAMS or, as of 4.2.7p194,
- which of
foo.mdoc should be installed in which "section", for the
will know the local policy choices for this because of the
, which is defined in
After a successful run of
will produce a list of substitution variables, like:
bin - either empty, or the name of the program to install in
libexec - either empty, or the name of the program to install in
sbin - either empty, or the name of the program to install in
- Manual Section - one of
8, specifying where
ntp-keygen should have its manual page installed.
Cross-references in NTP's manual pages
The NTP Distribution supports a wide variety of "policy choices" for the manual section that will be preferred by any given system.
If the author of an "outside" manual document knows that the local policy choice for, say
is for it to be in section
of the manual pages, the author would code that using
.Xr ntpd 8
(to use the
However, NTP documentation authors must use a more general mechanism to allow for the customization of these local policy choices.
Therefore, when writing man page documentation using
tags, the author would write
.Xr ntpd 1ntpdmdoc
.Xr ntpd 1ntpdman
(the choice of
does not matter). This is still a bit unclear - for an example, see
and the rules for producing
The complete list of cross-reference "names" can be found by looking at
Now to describe how all of this works...
Producing manual pages in a
target in, for example,
This specification means the 4 mentioned files will be included in the tarball distribution.
target in that same file includes:
This specification means that the 2 mentioned files should be built.
If you are interested in this, it will probably be best if you look at a working example.
Anyway, GNU AutoGen uses
macros (the suffix is chosen based on the value of
says that we're producing an autogen command page using =man=macros.
You can probably guess (or see) how a similar line would produce
We then have to post-process these generated pages to properly handle cross-references, and that is the job of the rule (again, to continue the example) in
and turns it in to
We produce a
file here, because when the builder runs
we choose the target manual sections, and at the end of
script is run, and that will convert the selected
is the value in
(so it will be
), and add this filename to the
This conversion process uses
, which is described next.
Any given NTP-related manual page will likely have many cross-references to other NTP programs, and since the manual section is a local policy choice, we must produce the desired manual pages containing the desired manual macros that include proper manual sections for the other programs.
Since we must build
the pages in a way that gives us the ability to later emit them with local policy choices, the final step in the creation of the
pages is to translate the occurrences of
in the files produced by
into "value substitution strings" (in the
This task is handled by the
rules that call
sed -f include/mansec2subst.sed
(or similar, depending on the