Fix bookworm and readme

.github/workflows/ci.yml

@@ -22,17 +22,15 @@ jobs:
     strategy:
       matrix:
         os:
-          - "amazonlinux-2"
           - "centos-7"
-          - "centos-8"
-          - "debian-9"
-          - "debian-10"
+          - "centos-stream-8"
+          - "debian-11"
+          - "debian-12"
           - "fedora-latest"
-          - "opensuse-leap-15"
-          - "oraclelinux-7"
           - "oraclelinux-8"
           - "ubuntu-1804"
           - "ubuntu-2004"
+          - "ubuntu-2204"
         suite:
           - "default"
       fail-fast: false

CHANGELOG.md

@@ -4,6 +4,23 @@ This file is used to list changes made in each version of the ntp cookbook.
 
 ## Unreleased
 
+## 5.0.18 - *2024-01-24*
+
+Updated readme this cookbook only support chef 15.5+
+
+Remove support for debian-8 / debian-9 / debian-10 / oraclelinux-7 / opensuse-leap-15
+Adds support for debian-11 / debian-12
+
+Redhat removed support for ntp in favor of chrony: (<https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/considerations_in_adopting_rhel_8/index#time-synchronization_infrastructure-services>)
+
+since debian bookworm the ntp user is ntpsec (i expect debian will continue to use this in all later versions)
+
+for debian / redhat based os'es there is a leap-second file, prefer to use this.
+
+updated changelog file, removed links to tickets.opscode.com as the markdown link check failed
+
+<https://chefcommunity.slack.com/archives/C2V7B88SF/p1706892623188809>
+
 ## 5.0.17 - *2024-02-02*
 
 ## 5.0.16 - *2024-02-02*
@@ -117,7 +134,7 @@ Standardise files with files in sous-chefs/repo-management
 
 ## 3.8.0 (2020-12-04)
 
-- Changed installing ntp.leapseconds file dynamicaly [from](https://www.ietf.org/timezones/data/leap-seconds.list) (or other). Use `node['ntp']['leapfile_url']` to override - [@mnosenko](https://github.com/mnosenko)
+- Changed installing ntp.leapseconds file dynamicaly [from](https://data.iana.org/time-zones/data/leap-seconds.list) (or other). Use `node['ntp']['leapfile_url']` to override - [@mnosenko](https://github.com/mnosenko)
 - Improve how we inject the helper libraries - [@tas50](https://github.com/tas50)
 - Require Chef 12.15+ - [@tas50](https://github.com/tas50)
 - Add testing in Github actions - [@tas50](https://github.com/tas50)
@@ -302,7 +319,7 @@ Standardise files with files in sous-chefs/repo-management
 
 ## v1.8.6 (2015-05-14)
 
-- **PR [#102](102)** - Update leapseconds file to 3660249600 (through C49)
+- **PR [#102]** - Update leapseconds file to 3660249600 (through C49)
 - Gemfile parity with ChefDK 0.5.1
 - .kitchen.yml platform updates to current bento boxes
 
@@ -359,8 +376,8 @@ Standardise files with files in sous-chefs/repo-management
 ## v1.6.4 (2014-07-02)
 
 - Leapseconds File Expired, update to 3626380800
-- **[COOK-3887](https://tickets.opscode.com/browse/COOK-3887)** - Trivial changes to achieve Gentoo support
-- **[COOK-1876](https://tickets.opscode.com/browse/COOK-1876)** - ntp leapfile assumes ntpd >= 4.2.6 syntax
+- **[COOK-3887]** - Trivial changes to achieve Gentoo support
+- **[COOK-1876]** - ntp leapfile assumes ntpd >= 4.2.6 syntax
 
 ## v1.6.2 (2014-03-19)
 
@@ -370,16 +387,16 @@ Standardise files with files in sous-chefs/repo-management
 
 ### Improvement
 
-- **[COOK-4346](https://tickets.opscode.com/browse/COOK-4346)** - Solaris 11 support for ntp
-- **[COOK-4339](https://tickets.opscode.com/browse/COOK-4339)** - Disable Monitoring by Default
-- **[COOK-3604](https://tickets.opscode.com/browse/COOK-3604)** - Enable listening on specific interfaces
+- **[COOK-4346]** - Solaris 11 support for ntp
+- **[COOK-4339]** - Disable Monitoring by Default
+- **[COOK-3604]** - Enable listening on specific interfaces
 
 ### Bug
 
-- **[COOK-4106](https://tickets.opscode.com/browse/COOK-4106)** - Check for default content in ntp.conf
-- **[COOK-4087](https://tickets.opscode.com/browse/COOK-4087)** - quote option in readme
-- **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Cookbook fails to upload due to 1.9.x syntax
-- **[COOK-3023](https://tickets.opscode.com/browse/COOK-3023)** - NTP leapseconds file denied by Ubuntu apparmor profile
+- **[COOK-4106]** - Check for default content in ntp.conf
+- **[COOK-4087]** - quote option in readme
+- **[COOK-3797]** - Cookbook fails to upload due to 1.9.x syntax
+- **[COOK-3023]** - NTP leapseconds file denied by Ubuntu apparmor profile
 
 ## v1.5.4 (2013-12-29)
 
@@ -389,31 +406,31 @@ Standardise files with files in sous-chefs/repo-management
 
 ### Bug
 
-- **[COOK-3797](https://tickets.opscode.com/browse/COOK-3797)** - Add /spec to Chefignore
+- **[COOK-3797]** - Add /spec to Chefignore
 
 ## v1.5.0
 
-### Improvement
+### Improvemen
 
-- **[COOK-3651](https://tickets.opscode.com/browse/COOK-3651)** - Refactor and clean up
-- **[COOK-3630](https://tickets.opscode.com/browse/COOK-3630)** - Switch NTP cookbook linting from Tailor to Rubocop
-- **[COOK-3273](https://tickets.opscode.com/browse/COOK-3273)** - Add tests
+- **[COOK-3651]** - Refactor and clean up
+- **[COOK-3630]** - Switch NTP cookbook linting from Tailor to Rubocop
+- **[COOK-3273]** - Add tests
 
-### New Feature
+### New Featur
 
-- **[COOK-3636](https://tickets.opscode.com/browse/COOK-3636)** - Allow ntp cookbook to update clock to ntp servers
+- **[COOK-3636]** - Allow ntp cookbook to update clock to ntp servers
 
 ### Bug
 
-- **[COOK-3410](https://tickets.opscode.com/browse/COOK-3410)** - Remove redundant ntpdate/disable recipes
-- **[COOK-1170](https://tickets.opscode.com/browse/COOK-1170)** - Allow redefining NTP servers in a role
+- **[COOK-3410]** - Remove redundant ntpdate/disable recipes
+- **[COOK-1170]** - Allow redefining NTP servers in a role
 
 ## v1.4.0
 
-### Improvement
+### Improvemen
 
-- **[COOK-3365](https://tickets.opscode.com/browse/COOK-3365)** - Update ntp leapseconds file to version 3597177600
-- **[COOK-1674](https://tickets.opscode.com/browse/COOK-1674)** - Add Windows support
+- **[COOK-3365]** - Update ntp leapseconds file to version 3597177600
+- **[COOK-1674]** - Add Windows support
 
 ## v1.3.2
 

README.md

@@ -20,14 +20,13 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of
 - RedHat-family Linux Distributions 5-7 (8 does not contain NTP client)
 - Fedora
 - Gentoo Linux
-- openSUSE / SLES 12+
 - FreeBSD
 - Windows 2008 R2+
 - macOS 10.11+
 
 ### Chef
 
-- Chef 12.1+
+- Chef 15.5+
 
 ### Cookbooks
 
@@ -215,10 +214,15 @@ These attributes are set based on platform / system information provided by Ohai
   - String, the owner and group of the /var/lib directory files, such as /var/lib/ntp.
   - Default, platform-specific ntp:ntp or root:wheel. Not applicable for Windows nodes
 
+- `['ntp']['leapfile_managed_by_os']`
+  - Boolean. Defaults to false. This uses leapfile provided by the cookbook, when combined with leapfile you can use the leapfile provided by your OS.
+
 - `ntp['leapfile']`
 
   - String, the path to the ntp leapfile.
-  - Default, /etc/ntp.leapseconds.
+  - Default: `/etc/ntp.leapseconds`
+  - Debian default: `/usr/share/zoneinfo/leap-seconds.list`,
+  - RedHat default: `/usr/share/zoneinfo/leapseconds`
 
 - `ntp['package_url']`
 

attributes/default.rb

@@ -42,8 +42,15 @@
 default['ntp']['statsdir'] = '/var/log/ntpstats/'
 default['ntp']['conf_owner'] = 'root'
 default['ntp']['conf_group'] = 'root'
-default['ntp']['var_owner'] = 'ntp'
-default['ntp']['var_group'] = 'ntp'
+
+if platform?('debian') && node['platform_version'].to_i >= 12
+  default['ntp']['var_owner'] = 'ntpsec'
+  default['ntp']['var_group'] = 'ntpsec'
+else
+  default['ntp']['var_owner'] = 'ntp'
+  default['ntp']['var_group'] = 'ntp'
+end
+
 default['ntp']['leapfile'] = '/etc/ntp.leapseconds'
 default['ntp']['sync_clock'] = false
 default['ntp']['sync_hw_clock'] = false
@@ -85,15 +92,20 @@
 
 # Set to true if using ntp < 4.2.8 or any unpatched ntp version to mitigate CVE-2014-9293 / CVE-2014-9294 / CVE-2014-9295
 default['ntp']['localhost']['noquery'] = false
+default['ntp']['leapfile_managed_by_os'] = false
 
 # overrides on a platform-by-platform basis
 case node['platform_family']
 when 'debian'
+  default['ntp']['leapfile_managed_by_os'] = true
   default['ntp']['service'] = 'ntp'
-  default['ntp']['apparmor_enabled'] = true if File.exist? '/etc/init.d/apparmor'
+  default['ntp']['apparmor_enabled'] = true if File.exist?('/etc/init.d/apparmor')
+  default['ntp']['leapfile'] = '/usr/share/zoneinfo/leap-seconds.list'
 when 'rhel', 'fedora', 'amazon'
+  default['ntp']['leapfile_managed_by_os'] = true
   default['ntp']['packages'] = %w(ntp ntpdate) if node['platform_version'].to_i >= 7
   default['ntp']['driftfile'] = "#{node['ntp']['varlibdir']}/drift"
+  default['ntp']['leapfile'] = '/usr/share/zoneinfo/leapseconds'
 when 'windows'
   default['ntp']['service'] = 'NTP'
   default['ntp']['driftfile'] = 'C:\\NTP\\ntp.drift'

kitchen.dokken.yml

@@ -106,6 +106,9 @@ platforms:
     driver:
       image: dokken/ubuntu-22.04
       pid_one_command: /bin/systemd
+    attributes:
+      ntp:
+        apparmor_enabled: false
 
   - name: ubuntu-23.04
     driver:

kitchen.global.yml

@@ -17,16 +17,12 @@ verifier:
 platforms:
   - name: almalinux-8
   - name: almalinux-9
-  - name: amazonlinux-2023
   - name: centos-7
   - name: centos-stream-8
   - name: centos-stream-9
-  - name: debian-9
-  - name: debian-10
   - name: debian-11
   - name: debian-12
   - name: fedora-latest
-  - name: opensuse-leap-15
   - name: oraclelinux-7
   - name: oraclelinux-8
   - name: oraclelinux-9

kitchen.yml

@@ -14,9 +14,10 @@ verifier:
 platforms:
   - name: amazonlinux-2
   - name: centos-7
-  - name: centos-8
-  - name: debian-9
-  - name: debian-10
+  - name: centos-stream-8
+  - name: centos-stream-9
+  - name: debian-11
+  - name: debian-12
   - name: fedora-latest
   - name: freebsd-12
   - name: opensuse-leap-15

metadata.rb

@@ -15,7 +15,6 @@
 supports 'freebsd'
 supports 'gentoo'
 supports 'mac_os_x'
-supports 'opensuseleap'
 supports 'oracle'
 supports 'redhat'
 supports 'scientific'

recipes/default.rb

@@ -83,7 +83,7 @@
       source node['ntp']['leapfile_url']
       notifies :restart, "service[#{node['ntp']['service']}]"
     end
-  else
+  elsif !node['ntp']['leapfile_managed_by_os']
     cookbook_file node['ntp']['leapfile'] do
       owner node['ntp']['conf_owner']
       group node['ntp']['conf_group']

spec/unit/attributes_spec.rb

@@ -69,11 +69,11 @@
       expect(ntp['conf_group']).to eq('root')
     end
 
-    it 'sets the var_owner to root' do
+    it 'sets the var_owner to ntp' do
       expect(ntp['var_owner']).to eq('ntp')
     end
 
-    it 'sets the var_group to root' do
+    it 'sets the var_group to ntp' do
       expect(ntp['var_group']).to eq('ntp')
     end
 
@@ -173,12 +173,20 @@
   end
 
   describe 'on Debian-family platforms' do
-    cached(:chef_run) { ChefSpec::SoloRunner.new(platform: 'debian', version: '10').converge('ntp::default') }
+    cached(:chef_run) { ChefSpec::SoloRunner.new(platform: 'debian', version: '12').converge('ntp::default') }
 
     it 'sets the package list to ntp & ntpdate' do
       expect(ntp['packages']).to include('ntp')
       expect(ntp['packages']).to_not include('ntpdate')
     end
+
+    it 'sets the var_owner to ntpsec' do
+      expect(ntp['var_owner']).to eq('ntpsec')
+    end
+
+    it 'sets the var_group to ntpsec' do
+      expect(ntp['var_group']).to eq('ntpsec')
+    end
   end
 
   describe 'on Ubuntu' do

spec/unit/recipes/default_spec.rb

@@ -59,29 +59,6 @@
     end
   end
 
-  context 'the leapfile' do
-    cached(:cookbook_file) { chef_run.cookbook_file('/etc/ntp.leapseconds') }
-
-    it 'creates the cookbook_file' do
-      expect(chef_run).to create_cookbook_file('/etc/ntp.leapseconds')
-    end
-
-    it 'is owned by ntp:ntp' do
-      expect(cookbook_file.owner).to eq('root')
-      expect(cookbook_file.group).to eq('root')
-    end
-
-    it 'has 0644 permissions' do
-      expect(cookbook_file.mode).to eq('0644')
-    end
-
-    it 'notifies ntp service to restart' do
-      resource = chef_run.cookbook_file(chef_run.node['ntp']['leapfile'])
-      service = "service[#{chef_run.node['ntp']['service']}]"
-      expect(resource).to notify(service).to(:restart).delayed
-    end
-  end
-
   context 'ntp["pools"] is used' do
     cached(:chef_run) do
       runner = ChefSpec::SoloRunner.new(platform: 'ubuntu', version: '16.04')

test/integration/default/default_spec.rb

@@ -19,6 +19,28 @@
     it { should_not be_enabled }
     it { should_not be_running }
   end
+elsif os.family == 'redhat' && os.release.to_i < 8
+  describe file '/usr/share/zoneinfo/leapseconds' do
+    it { should be_file }
+  end
+elsif os.family == 'debian'
+  describe file '/etc/ntp.conf' do
+    it { should be_file }
+  end
+
+  describe ntp_conf do
+    its('tos') { should eq 'maxdist 1' }
+  end
+
+  describe file '/usr/share/zoneinfo/leap-seconds.list' do
+    it { should be_file }
+  end
+
+  describe service service_name do
+    it { should be_enabled }
+    it { should be_running }
+  end
+
 elsif os.windows?
   describe file 'C:\NTP\etc\ntp.conf' do
     it { should be_file }