|
Packit Service |
623930 |
Installation
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The software is distributed as source code which has to be compiled. The source
|
|
Packit Service |
623930 |
code is supplied in the form of a gzipped tar file, which unpacks to a
|
|
Packit Service |
623930 |
subdirectory identifying the name and version of the program.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The following programs and libraries with their development files are needed to
|
|
Packit Service |
623930 |
build chrony:
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o C compiler (gcc or clang recommended)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o GNU Make
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o Nettle, NSS, or LibTomCrypt (optional)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o Editline (optional)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o libcap (Linux only, optional)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o libseccomp (Linux only, optional)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o timepps.h header (optional)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o Asciidoctor (for HTML documentation)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
o Bash (for testing)
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
After unpacking the source code, change directory into it, and type
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
./configure
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
This is a shell script that automatically determines the system type. There is
|
|
Packit Service |
623930 |
an optional parameter --prefix, which indicates the directory tree where the
|
|
Packit Service |
623930 |
software should be installed. For example,
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
./configure --prefix=/opt/free
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
will install the chronyd daemon into /opt/free/sbin and the chronyc control
|
|
Packit Service |
623930 |
program into /opt/free/bin. The default value for the prefix is /usr/local.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The configure script assumes you want to use gcc as your compiler. If you want
|
|
Packit Service |
623930 |
to use a different compiler, you can configure this way:
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
CC=cc ./configure --prefix=/opt/free
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
for Bourne-family shells, or
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
setenv CC cc
|
|
Packit Service |
623930 |
setenv CFLAGS -O
|
|
Packit Service |
623930 |
./configure --prefix=/opt/free
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
for C-family shells.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If the software cannot (yet) be built on your system, an error message will be
|
|
Packit Service |
623930 |
shown. Otherwise, Makefile will be generated.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
On Linux, if development files for the libcap library are available, chronyd
|
|
Packit Service |
623930 |
will be built with support for dropping root privileges. On other systems no
|
|
Packit Service |
623930 |
extra library is needed. The default user which chronyd should run as can be
|
|
Packit Service |
623930 |
specified with the --with-user option of the configure script.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If development files for the POSIX threads library are available, chronyd will
|
|
Packit Service |
623930 |
be built with support for asynchronous resolving of hostnames specified in the
|
|
Packit Service |
623930 |
server, peer, and pool directives. This allows chronyd operating as a server to
|
|
Packit Service |
623930 |
respond to client requests when resolving a hostname. If you don't want to
|
|
Packit Service |
623930 |
enable the support, specify the --disable-asyncdns flag to configure.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If development files for the Nettle, NSS, or libtomcrypt library are available,
|
|
Packit Service |
623930 |
chronyd will be built with support for other cryptographic hash functions than
|
|
Packit Service |
623930 |
MD5, which can be used for NTP authentication with a symmetric key. If you
|
|
Packit Service |
623930 |
don't want to enable the support, specify the --disable-sechash flag to
|
|
Packit Service |
623930 |
configure.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If development files for the editline or readline library are available,
|
|
Packit Service |
623930 |
chronyc will be built with line editing support. If you don't want this,
|
|
Packit Service |
623930 |
specify the --disable-readline flag to configure.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If a timepps.h header is available (e.g. from the LinuxPPS project), chronyd
|
|
Packit Service |
623930 |
will be built with PPS API reference clock driver. If the header is installed
|
|
Packit Service |
623930 |
in a location that isn't normally searched by the compiler, you can add it to
|
|
Packit Service |
623930 |
the searched locations by setting the CPPFLAGS variable to -I/path/to/timepps.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The --help option can be specified to configure to print all options supported
|
|
Packit Service |
623930 |
by the script.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Now type
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
make
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
to build the programs.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If you want to build the manual in HTML, type
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
make docs
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Once the programs have been successfully compiled, they need to be installed in
|
|
Packit Service |
623930 |
their target locations. This step normally needs to be performed by the
|
|
Packit Service |
623930 |
superuser, and requires the following command to be entered.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
make install
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
This will install the binaries and man pages.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
To install the HTML version of the manual, enter the command
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
make install-docs
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Now that the software is successfully installed, the next step is to set up a
|
|
Packit Service |
623930 |
configuration file. The default location of the file is /etc/chrony.conf.
|
|
Packit Service |
623930 |
Several examples of configuration with comments are included in the examples
|
|
Packit Service |
623930 |
directory. Suppose you want to use public NTP servers from the pool.ntp.org
|
|
Packit Service |
623930 |
project as your time reference. A minimal useful configuration file could be
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
pool pool.ntp.org iburst
|
|
Packit Service |
623930 |
makestep 1.0 3
|
|
Packit Service |
623930 |
rtcsync
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Then, chronyd can be run. For security reasons, it's recommended to create an
|
|
Packit Service |
623930 |
unprivileged user for chronyd and specify it with the -u command-line option or
|
|
Packit Service |
623930 |
the user directive in the configuration file, or set the default user with the
|
|
Packit Service |
623930 |
--with-user configure option before building.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Support for system call filtering
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
chronyd can be built with support for the Linux secure computing (seccomp)
|
|
Packit Service |
623930 |
facility. This requires development files for the libseccomp library and the
|
|
Packit Service |
623930 |
--enable-scfilter option specified to configure. The -F option of chronyd will
|
|
Packit Service |
623930 |
enable a system call filter, which should significantly reduce the kernel
|
|
Packit Service |
623930 |
attack surface and possibly prevent kernel exploits from chronyd if it is
|
|
Packit Service |
623930 |
compromised.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Support for line editing libraries
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
chronyc can be built with support for line editing, this allows you to use the
|
|
Packit Service |
623930 |
cursor keys to replay and edit old commands. Two libraries are supported which
|
|
Packit Service |
623930 |
provide such functionality, editline and GNU readline.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Please note that readline since version 6.0 is licensed under GPLv3+ which is
|
|
Packit Service |
623930 |
incompatible with chrony's license GPLv2. You should use editline instead if
|
|
Packit Service |
623930 |
you don't want to use older readline versions.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The configure script will automatically enable the line editing support if one
|
|
Packit Service |
623930 |
of the supported libraries is available. If they are both available, the
|
|
Packit Service |
623930 |
editline library will be used.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If you don't want to use it (in which case chronyc will use a minimal command
|
|
Packit Service |
623930 |
line interface), invoke configure like this:
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
./configure --disable-readline other-options...
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
If you have editline, readline or ncurses installed in locations that aren't
|
|
Packit Service |
623930 |
normally searched by the compiler and linker, you need to use extra options:
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
--with-readline-includes=directory_name
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
This defines the name of the directory above the one where readline.h is.
|
|
Packit Service |
623930 |
readline.h is assumed to be in editline or readline subdirectory of the
|
|
Packit Service |
623930 |
named directory.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
--with-readline-library=directory_name
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
This defines the directory containing the libedit.a or libedit.so file, or
|
|
Packit Service |
623930 |
libreadline.a or libreadline.so file.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
--with-ncurses-library=directory_name
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
This defines the directory containing the libncurses.a or libncurses.so
|
|
Packit Service |
623930 |
file.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Extra options for package builders
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The configure and make procedures have some extra options that may be useful if
|
|
Packit Service |
623930 |
you are building a distribution package for chrony.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The --mandir=DIR option to configure specifies an installation directory for
|
|
Packit Service |
623930 |
the man pages. This overrides the man subdirectory of the argument to the
|
|
Packit Service |
623930 |
--prefix option.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
./configure --prefix=/usr --mandir=/usr/share/man
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
to set both options together.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
The final option is the DESTDIR option to the make command. For example, you
|
|
Packit Service |
623930 |
could use the commands
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
./configure --prefix=/usr --mandir=/usr/share/man
|
|
Packit Service |
623930 |
make all docs
|
|
Packit Service |
623930 |
make install DESTDIR=./tmp
|
|
Packit Service |
623930 |
cd tmp
|
|
Packit Service |
623930 |
tar cvf - . | gzip -9 > chrony.tar.gz
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
to build a package. When untarred within the root directory, this will install
|
|
Packit Service |
623930 |
the files to the intended final locations.
|
|
Packit Service |
623930 |
|
|
Packit Service |
623930 |
Last updated 2019-05-10 12:22:57 CEST
|