enable ntpd by default at install time. We use pools and a reliable

constraint to keep them in check.  in the worst case of being on a
dark net, nothing changes.

this is being enabled by default to allow gathering of more operational
information from users.  and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future.  if not, ntpd
will become even more awesome along the way.

with reyk rpe

diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub
index 9a0fde9..4d3e770 100644 (file)
--- a/distrib/miniroot/install.sub
+++ b/distrib/miniroot/install.sub
@@ -1,4 +1,4 @@
-#      $OpenBSD: install.sub,v 1.838 2015/05/15 07:41:30 rpe Exp $
+#      $OpenBSD: install.sub,v 1.839 2015/05/18 13:48:37 deraadt Exp $
 #
 # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
 # Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org>
@@ -1506,13 +1506,6 @@ questions() {
        ask_yn "Start sshd(8) by default?" yes
        sshd=$resp
 
-       ask_yn "Start ntpd(8) by default?"
-       ntpd=$resp
-       if [[ $resp == y ]]; then
-               ask "NTP server? (hostname or 'default')" default
-               ntpd_server=$resp
-       fi
-
        aperture=
        resp=
        xdm=
@@ -2044,12 +2037,6 @@ apply() {
                cp /tmp/sshd_config /mnt/etc/ssh/sshd_config
        fi
 
-       if [[ $ntpd == y ]]; then
-               echo "ntpd_flags=" >>/mnt/etc/rc.conf.local
-               [[ $ntpd_server == default ]] && ntpd_server=pool.ntp.org
-               echo "servers ${ntpd_server%% *}" >>/mnt/etc/ntpd.conf
-       fi
-
        [[ -n $aperture ]] &&
                echo "machdep.allowaperture=$aperture # See xf86(4)" \
                        >>/mnt/etc/sysctl.conf

diff --git a/distrib/sets/lists/etc/mi b/distrib/sets/lists/etc/mi
index 6ffa7cc..c50034f 100644 (file)
--- a/distrib/sets/lists/etc/mi
+++ b/distrib/sets/lists/etc/mi
@@ -24,6 +24,7 @@
 ./etc/newsyslog.conf
 ./etc/npppd/npppd-users
 ./etc/npppd/npppd.conf
+./etc/ntpd.conf
 ./etc/passwd
 ./etc/pf.conf
 ./etc/ppp/chap-secrets

diff --git a/etc/Makefile b/etc/Makefile
index f8b3769..afa7130 100644 (file)
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-#      $OpenBSD: Makefile,v 1.401 2015/03/27 18:49:50 schwarze Exp $
+#      $OpenBSD: Makefile,v 1.402 2015/05/18 13:48:38 deraadt Exp $
 
 TZDIR=         /usr/share/zoneinfo
 LOCALTIME=     Canada/Mountain
@@ -97,6 +97,7 @@ distribution-etc-root-var: distrib-dirs
        ${INSTALL} -c -o root -g wheel -m 600 master.passwd ${DESTDIR}/etc
        pwd_mkdb -p -d ${DESTDIR}/etc /etc/master.passwd
        ${INSTALL} -c -o root -g wheel -m 600 pf.conf ${DESTDIR}/etc
+       ${INSTALL} -c -o root -g wheel -m 640 ntpd.conf ${DESTDIR}/etc
        ${INSTALL} -c -o root -g _nsd -m 640 nsd.conf ${DESTDIR}/var/nsd/etc
        ${INSTALL} -c -o root -g wheel -m 644 unbound.conf ${DESTDIR}/var/unbound/etc
        ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \

diff --git a/etc/ntpd.conf b/etc/ntpd.conf
new file mode 100644 (file)
index 0000000..ec5a86e
--- /dev/null
+++ b/etc/ntpd.conf
@@ -0,0 +1,14 @@
+# $OpenBSD: ntpd.conf,v 1.13 2015/05/18 13:48:38 deraadt Exp $
+
+# Addresses to listen on (ntpd does not listen by default)
+#listen on *
+
+# use a random selection of NTP Pool Time Servers
+# see http://support.ntp.org/bin/view/Servers/NTPPoolServers
+servers pool.ntp.org
+
+# use all detected timedelta sensors
+sensor *
+
+# get the time constraint from a well-known HTTPS site
+constraints from "https://www.google.com"

diff --git a/etc/rc.conf b/etc/rc.conf
index 66c687a..c4c7ca4 100644 (file)
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -1,4 +1,4 @@
-#      $OpenBSD: rc.conf,v 1.202 2015/05/04 22:25:17 schwarze Exp $
+#      $OpenBSD: rc.conf,v 1.203 2015/05/18 13:48:38 deraadt Exp $
 
 # DO NOT EDIT THIS FILE!!
 #
@@ -40,7 +40,7 @@ mopd_flags=NO
 mrouted_flags=NO       # be sure to enable multicast_router below
 npppd_flags=NO
 nsd_flags=NO
-ntpd_flags=NO
+ntpd_flags=
 ospfd_flags=NO
 ospf6d_flags=NO
 pflogd_flags=          # add more flags, e.g. "-s 256"