commit e306d780504ae3ddfad3eb852c7adc5ec9757d89
author Lorenz Brun <lorenz@monogon.tech> Wed Sep 01 13:01:06 2021 +0200
committer Lorenz Brun <lorenz@monogon.tech> Mon Sep 06 09:05:40 2021 +0000
tree 3e8e2c7a21430777db525c9ed4717a2cab1c114a
parent d7d6e0284de38cbeeb185ca17c0853b4b2c10ee9

m/n/time: add time service

This adds a bare-minimum time service based on chrony/NTP for keeping
the system clock and RTC on Metropolis nodes accurate.

It also introduces a UID/GID registry in the Metropolis node code
as this is the first unprivileged service to run on the node itself.

It does not yet use a secure time source, this is tracked as #73.

Change-Id: I873971e6d3825709bc8c696e227bece4cfbda93a
Reviewed-on: https://review.monogon.dev/c/monogon/+/319
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

third_party/chrony/patches/support_fixed_uids.patch

diff --git a/third_party/chrony/patches/support_fixed_uids.patch b/third_party/chrony/patches/support_fixed_uids.patch
new file mode 100644
index 0000000..f9aecb7
--- /dev/null
+++ b/third_party/chrony/patches/support_fixed_uids.patch
@@ -0,0 +1,52 @@
+--- a/main.c
++++ b/main.c
+@@ -439,6 +439,7 @@ int main
+   int scfilter_level = 0, lock_memory = 0, sched_priority = 0;
+   int clock_control = 1, system_log = 1, log_severity = LOGS_INFO;
+   int user_check = 1, config_args = 0, print_config = 0;
++  int uid = -1, gid = -1;
+ 
+   do_platform_checks();
+ 
+@@ -458,7 +459,7 @@ int main
+   optind = 1;
+ 
+   /* Parse short command-line options */
+-  while ((opt = getopt(argc, argv, "46df:F:hl:L:mnpP:qQrRst:u:Uvx")) != -1) {
++  while ((opt = getopt(argc, argv, "46df:F:g:hi:l:L:mnpP:qQrRst:u:Uvx")) != -1) {
+     switch (opt) {
+       case '4':
+       case '6':
+@@ -475,6 +476,12 @@ int main
+       case 'F':
+         scfilter_level = parse_int_arg(optarg);
+         break;
++      case 'g':
++        gid = parse_int_arg(optarg);
++        break;
++      case 'i': // u and U were alredy used, so i for id
++        uid = parse_int_arg(optarg);
++        break;
+       case 'l':
+         log_file = optarg;
+         break;
+@@ -583,9 +590,13 @@ int main
+   if (!user)
+     user = CNF_GetUser();
+ 
+-  pw = getpwnam(user);
+-  if (!pw)
+-    LOG_FATAL("Could not get user/group ID of %s", user);
++  if (uid != -1 && gid != -1) {
++    pw = &(struct passwd) { .pw_uid = uid, .pw_gid = gid };
++  } else {
++    pw = getpwnam(user);
++    if (!pw)
++      LOG_FATAL("Could not get user/group ID of %s", user);
++  }
+ 
+   /* Create directories for sockets, log files, and dump files */
+   CNF_CreateDirs(pw->pw_uid, pw->pw_gid);
+-- 
+2.25.1
+