faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

doc: update installation document

Browse source
This commit is contained in:
Miroslav Lichvar 2018-03-26 13:21:54 +02:00
parent 5aae563277
commit e3f840aae9
1 changed files with 46 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
doc/installation.adoc
View file

@ -29,8 +29,8 @@ After unpacking the source code, change directory into it, and type
---- ----
This is a shell script that automatically determines the system type. There is This is a shell script that automatically determines the system type. There is
a single optional parameter, `--prefix` which indicates the directory tree an optional parameter `--prefix`, which indicates the directory tree where the
where the software should be installed. For example, software should be installed. For example,
---- ----
./configure --prefix=/opt/free ./configure --prefix=/opt/free
@ -40,11 +40,11 @@ will install the `chronyd` daemon into `/opt/free/sbin` and the `chronyc`
control program into `/opt/free/bin`. The default value for the prefix is control program into `/opt/free/bin`. The default value for the prefix is
`/usr/local`. `/usr/local`.
The configure script assumes you want to use gcc as your compiler. If you want The `configure` script assumes you want to use `gcc` as your compiler. If you
to use a different compiler, you can configure this way: want to use a different compiler, you can configure this way:
---- ----
CC=cc CFLAGS=-O ./configure --prefix=/opt/free CC=cc ./configure --prefix=/opt/free
---- ----
for Bourne-family shells, or for Bourne-family shells, or
@ -63,11 +63,26 @@ shown. Otherwise, `Makefile` will be generated.
On Linux, if development files for the libcap library are available, `chronyd` On Linux, if development files for the libcap library are available, `chronyd`
will be built with support for dropping root privileges. On other systems no will be built with support for dropping root privileges. On other systems no
extra library is needed. The default user which `chronyd` should run as can be extra library is needed. The default user which `chronyd` should run as can be
specified with the `--with-user` option of the configure script. specified with the `--with-user` option of the `configure` script.
If development files for the POSIX threads library are available, `chronyd`
will be built with support for asynchronous resolving of hostnames specified in
the `server`, `peer`, and `pool` directives. This allows `chronyd` operating as
a server to respond to client requests when resolving a hostname. If you don't
want to enable the support, specify the `--disable-asyncdns` flag to
`configure`.
If development files for the https://www.lysator.liu.se/~nisse/nettle/[Nettle],
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS[NSS], or
http://www.libtom.net/LibTomCrypt/[libtomcrypt] library are available,
`chronyd` will be built with support for other cryptographic hash functions
than MD5, which can be used for NTP authentication with a symmetric key. If you
don't want to enable the support, specify the `--disable-sechash` flag to
`configure`.
If development files for the editline or readline library are available, If development files for the editline or readline library are available,
`chronyc` will be built with line editing support. If you don't want this, `chronyc` will be built with line editing support. If you don't want this,
specify the `--disable-readline` flag to configure. specify the `--disable-readline` flag to `configure`.
If a `timepps.h` header is available (e.g. from the If a `timepps.h` header is available (e.g. from the
http://linuxpps.org[LinuxPPS project]), `chronyd` will be built with PPS API http://linuxpps.org[LinuxPPS project]), `chronyd` will be built with PPS API
@ -75,6 +90,9 @@ reference clock driver. If the header is installed in a location that isn't
normally searched by the compiler, you can add it to the searched locations by normally searched by the compiler, you can add it to the searched locations by
setting the `CPPFLAGS` variable to `-I/path/to/timepps`. setting the `CPPFLAGS` variable to `-I/path/to/timepps`.
The `--help` option can be specified to `configure` to print all options
supported by the script.
Now type Now type
---- ----
@ -122,6 +140,16 @@ unprivileged user for `chronyd` and specify it with the `-u` command-line
option or the `user` directive in the configuration file, or set the default option or the `user` directive in the configuration file, or set the default
user with the `--with-user` configure option before building. user with the `--with-user` configure option before building.
== Support for system call filtering
`chronyd` can be built with support for the Linux secure computing (seccomp)
facility. This requires development files for the
https://github.com/seccomp/libseccomp[libseccomp] library and the
`--enable-scfilter` option specified to `configure`. The `-F` option of
`chronyd` will enable a system call filter, which should significantly reduce
the kernel attack surface and possibly prevent kernel exploits from `chronyd`
if it is compromised.
== Support for line editing libraries == Support for line editing libraries
`chronyc` can be built with support for line editing, this allows you to use `chronyc` can be built with support for line editing, this allows you to use
@ -132,12 +160,12 @@ Please note that readline since version 6.0 is licensed under GPLv3+ which is
incompatible with chrony's license GPLv2. You should use editline instead if incompatible with chrony's license GPLv2. You should use editline instead if
you don't want to use older readline versions. you don't want to use older readline versions.
The configure script will automatically enable the line editing support if one The `configure` script will automatically enable the line editing support if
of the supported libraries is available. If they are both available, the one of the supported libraries is available. If they are both available, the
editline library will be used. editline library will be used.
If you don't want to use it (in which case chronyc will use a minimal command If you don't want to use it (in which case `chronyc` will use a minimal command
line interface), invoke configure like this: line interface), invoke `configure` like this:
---- ----
./configure --disable-readline other-options... ./configure --disable-readline other-options...
@ -161,12 +189,12 @@ normally searched by the compiler and linker, you need to use extra options:
== Extra options for package builders == Extra options for package builders
The configure and make procedures have some extra options that may be useful if The `configure` and `make` procedures have some extra options that may be
you are building a distribution package for chrony. useful if you are building a distribution package for `chrony`.
The `--mandir=DIR` option to configure specifies an install directory for the The `--mandir=DIR` option to `configure` specifies an installation directory
man pages. This overrides the `man` subdirectory of the argument to the for the man pages. This overrides the `man` subdirectory of the argument to the
--prefix option. `--prefix` option.
---- ----
./configure --prefix=/usr --mandir=/usr/share/man ./configure --prefix=/usr --mandir=/usr/share/man
@ -174,8 +202,8 @@ man pages. This overrides the `man` subdirectory of the argument to the
to set both options together. to set both options together.
The final option is the `DESTDIR` option to the make command. For example, you The final option is the `DESTDIR` option to the `make` command. For example,
could use the commands you could use the commands
---- ----
./configure --prefix=/usr --mandir=/usr/share/man ./configure --prefix=/usr --mandir=/usr/share/man