More work on cross long long

[ntpsec.git] / ntpclients / ntpleapfetch

#! /bin/sh

# Copyright (C) 2014 Timothe Litt litt at acm dot org
# Modified 20180105 Sanjeev Gupta ghane0@gmail.com
#
# SPDX-License-Identifier: BSD-2-Clause
#
# Bugfixes and improvements would be appreciated by the author.

# leap-seconds file manager/updater

# Depends on:
#  wget sed, tr, shasum/sha1sum, logger
#
# This file needs to remain free of bash-isms.  Make sure it
# runs on plain POSIX shell.

# GNU sed has many extensions not on macOS and FreeBSD.  If
# you change near sed, test on FreeBSD.

# ########## Default configuration ##########
#
# Where to get the file
LEAPSRC="https://data.iana.org/time-zones/tzdb/leap-seconds.list"

# How many times to try to download new file
MAXTRIES=6
INTERVAL=10

# Where to find ntp config file
NTPCONF=/etc/ntp.conf

# How long before expiration to get updated file
PREFETCH="60 days"

# How to restart NTP - older NTP: service ntpd? try-restart | condrestart
# Recent NTP checks for new file daily, so there's nothing to do
RESTART=

# Where to put temporary copy before it's validated
TMPFILE="/tmp/leap-seconds.$$.tmp"

# Syslog facility
LOGFAC=daemon
# ###########################################

# Places to look for commands.  Allows for CRON having path to
# old utilities on embedded systems

PATHLIST="/opt/sbin:/opt/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"

REQUIREDCMDS=" wget logger tr sed"

SELF="`basename $0`"

displayHelp() {
            cat <<EOF
Usage: $SELF [options] [leapfile]

Verifies and if necessary, updates leap-second definition file

All arguments are optional:  Default (or current value) shown:
    -s    Specify the URL of the master copy to download
          $LEAPSRC
    -4    Use only IPv4
    -6    Use only IPv6
    -p 4|6
          Prefer IPv4 or IPv6 (as specified) addresses, but use either
    -e    Specify how long before expiration the file is to be refreshed
          Units are required, e.g. "-e 60 days"  Note that larger values
          imply more frequent refreshes.
          "$PREFETCH"
    -f    Specify location of ntp.conf (used to make sure leapfile directive is
          present and to default  leapfile)
          $NTPCONF
    -F    Force update even if current file is OK and not close to expiring.
    -c    Command to restart NTP after installing a new file
          <none> - ntpd checks file daily
    -r    Specify number of times to retry on get failure
          $MAXTRIES
    -i    Specify number of minutes between retries
          $INTERVAL
    -l    Use syslog for output (Implied if CRONJOB is set)
    -L    Don't use syslog for output
    -P    Specify the syslog facility for logging
          $LOGFAC
    -t    Name of temporary file used in validation
    -q    Only report errors to stdout
    -v    Verbose output
    -z    Specify path for utilities
          $PATHLIST
    -Z    Only use system path
    -V    Output version information and exit

$SELF will validate the file currently on the local system

Ordinarily, the file is found using the "leapfile" directive in $NTPCONF.
However, an alternate location can be specified on the command line.

If the file does not exist, is not valid, has expired, or is expiring soon,
a new copy will be downloaded.  If the new copy validates, it is installed and
NTP is (optionally) restarted.

If the current file is acceptable, no download or restart occurs.

-c can also be used to invoke another script to perform administrative
functions, e.g. to copy the file to other local systems.

This can be run as a cron job.  As the file is rarely updated, and leap
seconds are announced at least one month in advance (usually longer), it
need not be run more frequently than about once every three weeks.

For cron-friendly behavior, define CRONJOB=1 in the crontab.

This script depends on: sha1sum/shasum $REQUIREDCMDS

Version @NTPSEC_VERSION_EXTENDED@
EOF
   return 0
}

displayVersion() {
            cat <<EOF
ntpleapfetch ntpsec-@NTPSEC_VERSION_EXTENDED@
EOF
   return 0
}

# Default: Use syslog for logging if running under cron

SYSLOG="$CRONJOB"

if [ "$1" = "--help" ]; then
    displayHelp
    exit 0
fi

if [ "$1" = "--version" ]; then
    displayVersion
    exit 0
fi

# Parse options

while getopts 46p:P:s:e:f:Fc:r:i:lLt:hqvz:ZV opt; do
    case $opt in
        4)
            PROTO="-4"
            ;;
        6)
            PROTO="-6"
            ;;
        p)
            if [ "$OPTARG" = '4' -o "$OPTARG" = '6' ]; then
                PREFER="--prefer-family=IPv$OPTARG"
            else
                echo "Invalid -p $OPTARG" >&2
                exit 1;
            fi
            ;;
        P)
            LOGFAC="$OPTARG"
            ;;
        s)
            LEAPSRC="$OPTARG"
            ;;
        e)
            PREFETCH="$OPTARG"
            ;;
        f)
            NTPCONF="$OPTARG"
            ;;
        F)
            FORCE="Y"
            ;;
        c)
            RESTART="$OPTARG"
            ;;
        r)
            MAXTRIES="$OPTARG"
            ;;
        i)
            INTERVAL="$OPTARG"
            ;;
        t)
            TMPFILE="$OPTARG"
            ;;
        l)
            SYSLOG="y"
            ;;
        L)
            SYSLOG=
            ;;
        h)
            displayHelp
            exit 0
            ;;
        V)
            displayVersion
            exit 0
            ;;
        q)
            QUIET="Y"
            ;;
        v)
            VERBOSE="Y"
            ;;
        z)
            PATHLIST="$OPTARG:"
            ;;
        Z)
            PATHLIST=
            ;;
        *)
            echo "$SELF -h for usage" >&2
            exit 1
            ;;
    esac
done
shift $((OPTIND-1))

export PATH="$PATHLIST$PATH"

# Add to path to deal with embedded systems
#
for P in $REQUIREDCMDS ; do
    if >/dev/null 2>&1 command -v "$P" ; then
        continue
    fi
    [ "$P" = "logger" ] && continue
    echo "FATAL: missing $P command, please install"
    exit 1
done

# find sha1sum or shasum
if >/dev/null 2>&1 command -v "sha1sum" ; then
    SHASUM="sha1sum"
elif >/dev/null 2>&1 command -v "shasum" ; then
    SHASUM="shasum"
else
    echo "FATAL: Can not find sha1sum or shasum command, please install"
    exit 1
fi

# Handle logging

if ! LOGGER="`2>/dev/null command -v logger`" ; then
    LOGGER=
fi

log() {
    # "priority" "message"
    #
    # Stdout unless syslog specified or logger isn't available
    #
    if [ -z "$SYSLOG" -o -z "$LOGGER" ]; then
        if [ -n "$QUIET" -a \( "$1" = "info" -o "$1" = "notice" -o "$1" = "debug" \) ]; then
            return 0
        fi
        echo "`echo \"$1\" | tr a-z A-Z`: $2"
        return 0
    fi

    # Also log to stdout if cron job && notice or higher
    local S
    if [ -n "$CRONJOB" -a \( "$1" != "info" \) -a \( "$1" != "debug" \) ] || [ -n "$VERBOSE" ]; then
        S="-s"
    fi
    $LOGGER $S -t "$SELF[$$]" -p "$LOGFAC.$1" "$2"
}

# Verify interval
INTERVAL=$(( $INTERVAL *1 ))

# Validate a leap-seconds file checksum
#
# File format: (full description in files)
# # marks comments, except:
# #$ number : the NTP date of the last update
# #@ number : the NTP date that the file expires
# Date (seconds since 1900) leaps : leaps is the # of seconds to add for times >= Date
# Date lines have comments.
# #h hex hex hex hex hex is the SHA-1 checksum of the data & dates, excluding whitespace w/o leading zeroes

verifySHA1() {

    if [ ! -f "$1" ]; then
        return 1
    fi

    # Remove comments, except those that are markers for last update, expires and hash

    local RAW="`sed -ne'/^#[\$@h]/p;/^[^#]/s/.#.*$//p' $1 `"

    # Extract just the data, removing all whitespace

    local DATA="`echo \"$RAW\" | sed -e'/^#h/d' -e's/^#[\$@]//g' | tr -d '[:space:]'`"

    # Compute the SHA-1 hash of the data, removing the marker and filename
    # Computed in binary mode, which shouldn't matter since whitespace
    # has been removed
    # shasum/sha1sum comes in several flavors;
    # a portable one is available in Perl (with Digest::SHA)

    local DSHA1="`printf \"$DATA\" | $SHASUM | sed -e's/[? *].*$//'`"

    # Extract the file's hash. Restore any leading zeroes in hash segments.

    # The sed [] includes a tab (\t) and space; #h is followed by a tab and space
    # or maybe a space and a tab.  remove the tab, wherever it may be.  Add some 0x
    # so it can be run through printf to restore missing leading zeros.
    #
    local FSHA1="`grep '^#h' $1 | tr -d '[:cntrl:]' | sed -e's/^#h[ \t]*/0x/' -e's/ / 0x/g'`"
    FSHA1=`printf '%08x%08x%08x%08x%08x' $FSHA1`

    if [ -n "$FSHA1" -a \( "$FSHA1" = "$DSHA1" \) ]; then
        if [ -n "$2" ]; then
            log "info" "Checksum of $1 validated"
        fi
    else
        log "error" "Checksum of $1 is invalid:"
        [ -z "$FSHA1" ] && FSHA1="(no checksum record found in file)"
        log "error" "EXPECTED: $FSHA1"
        log "error" "COMPUTED: $DSHA1"
        return 1
    fi

    # Check the expiration date, converting NTP epoch to Unix epoch used by date

    EXPIRES="`echo \"$RAW\" | sed -e'/^#@/!d' -e's/^#@//' | tr -d '[:space:]'`"
    EXPIRES="$(($EXPIRES - 2208988800 ))"

    if [ $EXPIRES -lt `date -u +%s` ]; then
        log "notice" "File expired on `date -u -d \"Jan 1, 1970 00:00:00 +0000 + $EXPIRES seconds\"`"
        return 2
    fi

}

# Verify ntp.conf

if ! [ -f "$NTPCONF" ]; then
    log "critical" "Missing ntp configuration $NTPCONF"
    exit 1
fi

# Parse ntp.conf for leapfile directive
LEAPFILE="`grep -x 'leapfile *.*' $NTPCONF | grep -o ' [^ ]*.*'`"
if [ -z "$LEAPFILE" ]; then
    log "warning" "$NTPCONF does not specify a leapfile"
fi

# Allow placing the file someplace else - testing

if [ -n "$1" ]; then
    if [ "$1" != "$LEAPFILE" ]; then
        log "notice" "Requested install to $1, but $NTPCONF specifies $LEAPFILE"
    fi
    LEAPFILE="$1"
fi
if [ -z "$LEAPFILE" ]; then
    log "error" "No leapfile in ntp.conf or on the command line."
    exit 1
fi

# Verify the current file
# If it is missing, doesn't validate or expired
# Or is expiring soon
#  Download a new one

if [ -n "$FORCE" ] || ! verifySHA1 $LEAPFILE "$VERBOSE" || [ $EXPIRES -lt `date -d "NOW + $PREFETCH" +%s` ] ; then
    TRY=0
    while true; do
        TRY=$(( $TRY + 1 ))
        if [ -n "$VERBOSE" ]; then
            log "info" "Attempting download from $LEAPSRC, try $TRY.."
        fi
        if wget -T 10 $PROTO $PREFER -o ${TMPFILE}.log $LEAPSRC -O $TMPFILE ; then
            log "info" "Download of $LEAPSRC succeeded"
            if [ -n "$VERBOSE" ]; then
                cat ${TMPFILE}.log
            fi

            if ! verifySHA1 $TMPFILE "$VERBOSE" ; then
                # There is no point in retrying, as the file on the server is almost
                # certainly corrupt.

                log "warning" "Downloaded file $TMPFILE rejected -- saved for diagnosis"
                cat ${TMPFILE}.log
                rm -f ${TMPFILE}.log
                exit 1
            fi
            rm -f ${TMPFILE}.log

            # Set correct permissions on temporary file

            REFFILE="$LEAPFILE"
            if [ ! -f $LEAPFILE ]; then
                log "notice" "$LEAPFILE was missing, creating new copy - check permissions"
                touch $LEAPFILE
                # Can't copy permissions from old file,
                # copy from NTPCONF instead
                REFFILE="$NTPCONF"
            fi
            chmod --reference=$REFFILE $TMPFILE > /dev/null 2>&1
            if  [ $? -ne 0 ] ; then
                # the above chmod fails on macOS and BSD, just force it
                chmod 644 $TMPFILE
            fi
            chown --reference=$REFFILE $TMPFILE > /dev/null 2>&1
            if  [ $? -ne 0 ] ; then
                # the above chown fails on macOS and BSD, just force it
                chown root:wheel $TMPFILE
            fi
            ( command -v selinuxenabled && selinuxenabled && command -v chcon ) >/dev/null 2>&1
            if  [ $? -eq 0 ] ; then
                chcon --reference $REFFILE $TMPFILE
            fi

            # Replace current file with validated new one

            if mv -f $TMPFILE $LEAPFILE ; then
                log "notice" "Installed new $LEAPFILE from $LEAPSRC"
            else
                log "error" "Install $TMPFILE => $LEAPFILE failed -- saved for diagnosis"
                exit 1
            fi

            # Restart NTP (or whatever else is specified)

            if [ -n "$RESTART" ]; then
                if [ -n "$VERBOSE" ]; then
                    log "info" "Attempting restart action: $RESTART"
                fi
                R="$( 2>&1 $RESTART )"
                if [ $? -eq 0 ]; then
                    log "notice" "Restart action succeeded"
                    if [ -n "$VERBOSE" -a -n "$R" ]; then
                        log "info" "$R"
                    fi
                else
                    log "error" "Restart action failed"
                    if [ -n "$R" ]; then
                        log "error" "$R"
                    fi
                    exit 2
                fi
            fi
            exit 0
        fi

        # Failed to download.  See about trying again

        rm -f $TMPFILE
        if [ $TRY -ge $MAXTRIES ]; then
            break;
        fi
        if [ -n "$VERBOSE" ]; then
            cat ${TMPFILE}.log
            log "info" "Waiting $INTERVAL minutes before retrying..."
        fi
        sleep $(( $INTERVAL * 60))
    done

    # Failed and out of retries

    log "warning" "Download from $LEAPSRC failed after $TRY attempts"
    if [ -f ${TMPFILE}.log ]; then
        cat ${TMPFILE}.log
        rm -f ${TMPFILE}.log $TMPFILE
    fi
    exit 1
fi
log "info" "Not time to replace $LEAPFILE"

exit 0

# EOF