Ubuntu Pastebin

Paste from paelzer at Mon, 8 Aug 2016 15:10:35 +0000

Download as text
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
name: ntpsec
version: daily
summary: a secure, hardened, and improved implementation of Network Time Protocol
description: |
        NTPsec, as its name implies, is a more secure NTP. Our goal is to
        deliver code that can be used with confidence in deployments with the
        most stringent security, availability, and assurance requirements.
        Towards that end we apply best practices and state-of-the art
        technology in code auditing, verification, and testing. We begin with
        the most important best practice: true open-source code review.
        The NTPsec code is available in a public git repository. One of our
        goals is to support broader community participation.
confinement: devmode

# TODO
# - ntpd as daemon with autostart
# - get proper access to conffiles (or snappy conf translator)
# - fixup isolation to get it running in strict mode (might need new interfaces)
# - leverage upstream ntp apparmor profile to stack on top of snappy isolation
# - leverage seccomp in ntp to be guarded on the snap level as well

apps:
  ntpdig:
    command: usr/local/bin/ntpdig
    plugs: [network]
  ntpfrob:
    command: usr/local/bin/ntpfrob
    plugs: [network]
  ntpkeygen:
    command: usr/local/bin/ntpkeygen
    plugs: [network]
  ntpq:
    command: usr/local/bin/ntpq
    plugs: [network]
  ntptime:
    command: usr/local/bin/ntptime
    plugs: [network]
  ntpd:
    command: usr/local/sbin/ntpd
    daemon: forking
    plugs: [network, network-bind]

parts:
  ntpsec:
    source: .
    plugin: waf
    configflags:
      - --check              # Run tests (as ยต-CI)
      - --refclock=all       # Build all Refclocks for Stratum 1 usage
      - --enable-leap-smear  # Enable Leap Smearing.
      - --enable-mssntp      # Enable Samba MSS NTP support.
      - --enable-crypto      # Enable OpenSSL.
      - --enable-seccomp     # Enable seccomp (restricts syscalls).
    build-packages:
      - asciidoc
      - bison
      - fonts-liberation
      - gcc
      - gnuplot
      - libevent-dev
      - libcap-dev
      - libseccomp-dev
      - libssl-dev
      - libreadline-dev
      - pps-tools
Download as text