我正在尝试为嵌入式linux系统构建chorny。我目前能够编译、运行和同步时间。我还可以使用MD5启用身份验证,这也同样有效。
我不知道如何启用SHA哈希。在构建包时会使用它,但在配置中没有此选项。以前有人这样做过吗?
感谢
如果我将chrony.keys文件中的哈希类型设置为SHA1:,这就是输出
root@gsdm:~# chronyd -d
2000-01-08T00:54:56Z chronyd version 2.2 starting (+CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SECHASH +ASYNCDNS +IPV6 -DEBUG)
2000-01-08T00:54:56Z Unknown hash function in key 12
2000-01-08T00:54:56Z Initial frequency 1.355 ppm
当我跑步的时候/configure-h我得到这个:
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]...
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=/home/user'.
For better control, use the options below.
--disable-readline Disable line editing support
--without-readline Don't use GNU readline even if it is available
--without-editline Don't use editline even if it is available
--readline-dir=DIR Specify parent of readline include and lib directories
--readline-inc-dir=DIR Specify where readline include directory is
--readline-lib-dir=DIR Specify where readline lib directory is
--with-ncurses-library=DIR Specify where ncurses lib directory is
--disable-sechash Disable support for hashes other than MD5
--without-nss Don't use NSS even if it is available
--without-tomcrypt Don't use libtomcrypt even if it is available
--disable-cmdmon Disable command and monitoring support
--disable-ntp Disable NTP support
--disable-refclock Disable reference clock support
--disable-phc Disable PHC refclock driver
--disable-pps Disable PPS refclock driver
--disable-ipv6 Disable IPv6 support
--disable-rtc Don't include RTC even on Linux
--disable-privdrop Disable support for dropping root privileges
--without-libcap Don't use libcap even if it is available
--enable-scfilter Enable support for system call filtering
--without-seccomp Don't use seccomp even if it is available
--disable-asyncdns Disable asynchronous name resolving
--disable-forcednsretry Don't retry on permanent DNS error
--with-ntp-era=SECONDS Specify earliest assumed NTP time in seconds
since 1970-01-01 [50*365 days ago]
--with-user=USER Specify default chronyd user [root]
--with-hwclockfile=PATH Specify default path to hwclock(8) adjtime file
--with-sendmail=PATH Path to sendmail binary [/usr/lib/sendmail]
--enable-debug Enable debugging support
Fine tuning of the installation directories:
--sysconfdir=DIR chrony.conf location [/etc]
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--datarootdir=DIR data root [PREFIX/share]
--infodir=DIR info documentation [DATAROOTDIR/info]
--mandir=DIR man documentation [DATAROOTDIR/man]
--docdir=DIR documentation root [DATAROOTDIR/doc/chrony]
--localstatedir=DIR modifiable single-machine data [/var]
--chronysockdir=DIR location for chrony sockets [LOCALSTATEDIR/run/chrony]
--chronyvardir=DIR location for chrony data [LOCALSTATEDIR/lib/chrony]
Overriding system detection when cross-compiling:
--host-system=OS Specify system name (uname -s)
--host-release=REL Specify system release (uname -r)
--host-machine=CPU Specify machine (uname -m)
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
CPPFLAGS C preprocessor flags, e.g. -I<include dir> if you have
headers in a nonstandard directory <include dir>
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
安全哈希需要tomcrypt
或NSS
,如果系统中存在这两个库,则默认情况下会在配置时启用。
没有configure
选项可以启用它们,但有一些选项可以禁用它们:
--disable-sechash Disable support for hashes other than MD5
--without-nss Don't use NSS even if it is available
--without-tomcrypt Don't use libtomcrypt even if it is available
chrony输出的第一行中的-SECHASH
表示安全哈希选项在配置时被禁用,或者(更有可能)您没有安装必要的库。
https://chrony.tuxfamily.org/doc/3.5/installation.html
If development files for the Nettle, NSS, or libtomcrypt library are available, chronyd will be built with support for other cryptographic hash functions than MD5, which can be used for NTP authentication with a symmetric key.
-SECHASH
表示在没有Nettle、NSS或libtomcrypt的情况下编译的chrony版本,因此如果您想使用SHA密钥,可以通过源代码安装它
在Alpine 3.8中,我安装了nettle-dev
库:
apk add nettle-dev
./configure
... ...
Checking for nettle : Yes
Features : +CMDMON +NTP +REFCLOCK +RTC -PRIVDROP -SCFILTER -SIGND +ASYNCDNS -READLINE +SECHASH +IPV6 -DEBUG
Creating Makefile
Creating doc/Makefile
Creating test/unit/Makefile
make install
功能显示SECHASH已启用。因此,此版本确实支持SHA1