ntpsec: Upgrade 1.2.1 -> 1.2.2

Drop backported patches, drop `wscript: Widen the search for tags` as
upstream has merged something similar which means devtool builds now
work.

Add BISONFLAGS support to fix build reproducbility issue.

Drop `--debug` which generates internal debug info.

License-Update: License files moved to separate directory
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

7 files changed, 42 insertions, 258 deletions

diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch
deleted file mode 100644
index 825f6c93c3..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-Update-to-OpenSSL-3.0.0-alpha15.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From ba368822d0a197cb84c46c911d40d0c52cf9c391 Mon Sep 17 00:00:00 2001
-From: Hal Murray <hmurray@megapathdsl.net>
-Date: Sun, 2 May 2021 22:24:26 -0700
-Subject: [PATCH] Update to OpenSSL 3.0.0-alpha15
-
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/ba368822d0a197cb84c46c911d40d0c52cf9c391]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
----
- attic/cmac-timing.c | 37 ++++++++++++++-----------------------
- 1 file changed, 14 insertions(+), 23 deletions(-)
-
-diff --git a/attic/cmac-timing.c b/attic/cmac-timing.c
-index c2088db63a4c..464daa76b9e6 100644
---- a/attic/cmac-timing.c
-+++ b/attic/cmac-timing.c
-@@ -225,28 +225,14 @@ static void DoPKEY(
- #if OPENSSL_VERSION_NUMBER > 0x20000000L
- static size_t One_EVP_MAC(
-   EVP_MAC_CTX *ctx,         /* context  */
--  char *cipher,
-   uint8_t *key,             /* key pointer */
-   int     keylength,        /* key length */
-   uint8_t *pkt,             /* packet pointer */
-   int     pktlength         /* packet length */
- ) {
--	OSSL_PARAM params[3];
- 	size_t len = EVP_MAX_MD_SIZE;
- 
--	params[0] =
--          OSSL_PARAM_construct_utf8_string("cipher", cipher, 0);
--	params[1] =
--          OSSL_PARAM_construct_octet_string("key", key, keylength);
--	params[2] = OSSL_PARAM_construct_end();
--	if (0 == EVP_MAC_CTX_set_params(ctx, params)) {
--		unsigned long err = ERR_get_error();
--		char * str = ERR_error_string(err, NULL);
--		printf("## Oops, EVP_MAC_CTX_set_params() failed: %s.\n", str);
--		return 0;
--	}
--
--	if (0 == EVP_MAC_init(ctx)) {
-+	if (0 == EVP_MAC_init(ctx, key, keylength, NULL)) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
- 		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-@@ -255,13 +241,13 @@ static size_t One_EVP_MAC(
- 	if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
--		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+		printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
- 		return 0;
- 	}
- 	if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
--		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+		printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
- 		return 0;
- 	}
- 	return len;
-@@ -290,7 +276,7 @@ static void Do_EVP_MAC(
- 
- 	clock_gettime(CLOCK_MONOTONIC, &start);
- 	for (int i = 0; i < SAMPLESIZE; i++) {
--		digestlength = One_EVP_MAC(evp, cbc, key, keylength, pkt, pktlength);
-+		digestlength = One_EVP_MAC(evp, key, keylength, pkt, pktlength);
- if (0 == digestlength) break;
- 	}
- 	clock_gettime(CLOCK_MONOTONIC, &stop);
-@@ -305,26 +291,31 @@ static size_t One_EVP_MAC2(
-   uint8_t *pkt,             /* packet pointer */
-   int     pktlength         /* packet length */
- ) {
-+	EVP_MAC_CTX *dup;
- 	size_t len = EVP_MAX_MD_SIZE;
- 
--	if (0 == EVP_MAC_init(ctx)) {
-+	// dup = ctx;
-+	dup = EVP_MAC_CTX_dup(ctx);
-+
-+	if (0 == EVP_MAC_init(dup, NULL, 0, NULL)) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
- 		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
- 		return 0;
- 	}
--	if (0 == EVP_MAC_update(ctx, pkt, pktlength)) {
-+	if (0 == EVP_MAC_update(dup, pkt, pktlength)) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
--		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+		printf("## Oops, EVP_MAC_update() failed: %s.\n", str);
- 		return 0;
- 	}
--	if (0 == EVP_MAC_final(ctx, answer, &len, sizeof(answer))) {
-+	if (0 == EVP_MAC_final(dup, answer, &len, sizeof(answer))) {
- 		unsigned long err = ERR_get_error();
- 		char * str = ERR_error_string(err, NULL);
--		printf("## Oops, EVP_MAC_init() failed: %s.\n", str);
-+		printf("## Oops, EVP_MAC_final() failed: %s.\n", str);
- 		return 0;
- 	}
-+	EVP_MAC_CTX_free(dup);
- 	return len;
- }
- 
--- 
-2.33.0
-
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch
deleted file mode 100644
index 112aaa2a07..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From d474682bb30b93d04b7b01c2dd09832e483265ed Mon Sep 17 00:00:00 2001
-From: Sam James <sam@gentoo.org>
-Date: Sun, 14 Nov 2021 08:54:58 +0000
-Subject: [PATCH] ntpd/ntp_sandbox.c: allow clone3 for glibc-2.34 in seccomp
- filter
-
-Bug: https://bugs.gentoo.org/823692
-Fixes: https://gitlab.com/NTPsec/ntpsec/-/issues/713
-Signed-off-by: Sam James <sam@gentoo.org>
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/d474682bb30b93d04b7b01c2dd09832e483265ed]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
----
- ntpd/ntp_sandbox.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index e66faaa8cbb0..3d6bccdfcf77 100644
---- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -401,6 +401,7 @@ int scmp_sc[] = {
-  * rather than generate a trap.
-  */
- 	SCMP_SYS(clone),	/* threads */
-+	SCMP_SYS(clone3),
- 	SCMP_SYS(kill),		/* generate signal */
- 	SCMP_SYS(madvise),
- 	SCMP_SYS(mprotect),
--- 
-2.34.1
-
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch
deleted file mode 100644
index 3bec2cea77..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From a6c0847582305aaab122d54b635954829812922f Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alexk@zuma.ai>
-Date: Thu, 30 Dec 2021 09:32:26 +0000
-Subject: [PATCH 1/2] ntpd/ntp_sandbox.c: allow newfstatat on all archs for
- glibc-2.34 in seccomp filter
-
-On Yocto Poky, newfstatat is used on (at least) arm64, x86_64 and
-riscv64:
-
-  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS: got a trap.
-  2021-12-30T09:32:04 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 262/0xc000003e
-
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/a6c0847582305aaab122d54b635954829812922f]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
----
- ntpd/ntp_sandbox.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index 3d6bccdfcf77..1ae82a671344 100644
---- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -349,6 +349,7 @@ int scmp_sc[] = {
- 	SCMP_SYS(lseek),
- 	SCMP_SYS(membarrier),	/* Needed on Alpine 3.11.3 */
- 	SCMP_SYS(munmap),
-+	SCMP_SYS(newfstatat),
- 	SCMP_SYS(open),
- #ifdef __NR_openat
- 	SCMP_SYS(openat),	/* SUSE */
-@@ -452,7 +453,6 @@ int scmp_sc[] = {
- #endif
- #if defined(__aarch64__)
- 	SCMP_SYS(faccessat),
--	SCMP_SYS(newfstatat),
- 	SCMP_SYS(renameat),
- 	SCMP_SYS(linkat),
- 	SCMP_SYS(unlinkat),
--- 
-2.34.1
-
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch
new file mode 100644
index 0000000000..2e3730df47
--- /dev/null
+++ b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Add-BISONFLAGS-support.patch
@@ -0,0 +1,29 @@
+From 792cb4f9d13450251c6344eed2b35f382c98df0d Mon Sep 17 00:00:00 2001
+From: Alex Kiernan <alexk@zuma.ai>
+Date: Thu, 19 Jan 2023 13:00:45 +0000
+Subject: [PATCH] wscript: Add BISONFLAGS support
+
+---
+ wscript | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/wscript b/wscript
+index 7329d6e46889..de51f1e9cdd9 100644
+--- a/wscript
++++ b/wscript
+@@ -140,6 +140,7 @@ def configure(ctx):
+     # Ensure m4 is present, or bison will fail with SIGPIPE
+     ctx.find_program('m4')
+     ctx.load('bison')
++    ctx.add_os_flags('BISONFLAGS')
+ 
+     for opt in opt_map:
+         ctx.env[opt] = opt_map[opt]
+@@ -911,6 +912,7 @@ int main(int argc, char **argv) {
+     msg_setting("CFLAGS", " ".join(ctx.env.CFLAGS))
+     msg_setting("LDFLAGS", " ".join(ctx.env.LDFLAGS))
+     msg_setting("LINKFLAGS_NTPD", " ".join(ctx.env.LINKFLAGS_NTPD))
++    msg_setting("BISONFLAGS", ctx.env.BISONFLAGS)
+     msg_setting("PREFIX", ctx.env.PREFIX)
+     msg_setting("LIBDIR", ctx.env.LIBDIR)
+     msg_setting("Droproot Support", droproot_type)
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
deleted file mode 100644
index 98c62eed49..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0001-wscript-Widen-the-search-for-tags.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9a7dead72f41e79979625c9bdef2fb638427d3d6 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Mon, 22 Aug 2022 20:54:17 -0700
-Subject: [PATCH] wscript: Widen the search for tags
-
-Default is to look for annotated tags, howveer when using devtool we
-create our own git tree from release tarballs which will have tags but
-they are not annotated, therefore broaden the search to include all tags
-
-Upstream-Status: Inappropriate [OE-specific]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- wscript | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/wscript b/wscript
-index 879ded1..dff835d 100644
---- a/wscript
-+++ b/wscript
-@@ -177,7 +177,7 @@ def configure(ctx):
-     if build_desc:
-         build_desc = ' ' + build_desc
-     if ctx.env.BIN_GIT:
--        cmd = ctx.env.BIN_GIT + shlex.split("describe --dirty")
-+        cmd = ctx.env.BIN_GIT + shlex.split("describe --tags --dirty")
-         git_short_hash = ctx.cmd_and_log(cmd).strip()
-         git_short_hash = '-'.join(git_short_hash.split('-')[1:])
- 
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch b/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch
deleted file mode 100644
index 705a87bdfa..0000000000
--- a/meta-networking/recipes-support/ntpsec/ntpsec/0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 0f94870b84e68448f16b1304058bde4628dafde5 Mon Sep 17 00:00:00 2001
-From: Alex Kiernan <alexk@zuma.ai>
-Date: Thu, 30 Dec 2021 10:41:20 +0000
-Subject: [PATCH 2/2] ntpd/ntp_sandbox.c: match riscv to aarch in seccomp
- filter
-
-On Yocto Poky, faccessat (et al) are also used on riscv64:
-
-  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS: got a trap.
-  2018-03-09T12:35:32 ntpd[341]: ERR: SIGSYS/seccomp bad syscall 48/0xc00000f3
-
-Upstream-Status: Backport [https://gitlab.com/NTPsec/ntpsec/-/commit/0f94870b84e68448f16b1304058bde4628dafde5]
-Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
-Signed-off-by: Alex Kiernan <alexk@zuma.ai>
----
- ntpd/ntp_sandbox.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ntpd/ntp_sandbox.c b/ntpd/ntp_sandbox.c
-index 1ae82a671344..4a14ae224dc6 100644
---- a/ntpd/ntp_sandbox.c
-+++ b/ntpd/ntp_sandbox.c
-@@ -451,7 +451,7 @@ int scmp_sc[] = {
- 	/* gentoo 64-bit and 32-bit, Intel and Arm use mmap */
- 	SCMP_SYS(mmap),
- #endif
--#if defined(__aarch64__)
-+#if defined(__aarch64__) || defined(__riscv)
- 	SCMP_SYS(faccessat),
- 	SCMP_SYS(renameat),
- 	SCMP_SYS(linkat),
--- 
-2.34.1
-
diff --git a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
index e975f903f9..d11ada67ee 100644
--- a/meta-networking/recipes-support/ntpsec/ntpsec_1.2.1.bb
+++ b/meta-networking/recipes-support/ntpsec/ntpsec_1.2.2.bb
@@ -2,25 +2,22 @@ SUMMARY = "The Network Time Protocol suite, refactored"
 HOMEPAGE = "https://www.ntpsec.org/"
 
 LICENSE = "CC-BY-4.0 & BSD-2-Clause & NTP & BSD-3-Clause & MIT"
-LIC_FILES_CHKSUM = "file://LICENSE.adoc;md5=0520591566b6ed3a9ced8b15b4d4abf9 \
-                    file://libjsmn/LICENSE;md5=38118982429881235de8adf478a8e75d \
-                    file://docs/copyright.adoc;md5=9a1e3fce4b630078cb67ba2b619d2b13 \
-                    file://libaes_siv/COPYING;md5=3b83ef96387f14655fc854ddc3c6bd57"
+LIC_FILES_CHKSUM = "file://LICENSES/BSD-2;md5=653830da7b770a32f6f50f6107e0b186 \
+                    file://LICENSES/BSD-3;md5=55e9dcf6a625a2dcfcda4ef6a647fbfd \
+                    file://LICENSES/CC-BY-4.0;md5=2ab724713fdaf49e4523c4503bfd068d \
+                    file://LICENSES/MIT;md5=5a9dfc801af3eb49df2055c9b07918b2 \
+                    file://LICENSES/NTP;md5=cb56b7747f86157c78ca81f224806694"
 
 DEPENDS += "bison-native \
             openssl \
             python3"
 
 SRC_URI = "https://ftp.ntpsec.org/pub/releases/ntpsec-${PV}.tar.gz \
-           file://0001-Update-to-OpenSSL-3.0.0-alpha15.patch \
-           file://0001-ntpd-ntp_sandbox.c-allow-clone3-for-glibc-2.34-in-se.patch \
-           file://0001-ntpd-ntp_sandbox.c-allow-newfstatat-on-all-archs-for.patch \
-           file://0002-ntpd-ntp_sandbox.c-match-riscv-to-aarch-in-seccomp-f.patch \
            file://volatiles.ntpsec \
-           file://0001-wscript-Widen-the-search-for-tags.patch \
+           file://0001-wscript-Add-BISONFLAGS-support.patch \
            "
 
-SRC_URI[sha256sum] = "f2684835116c80b8f21782a5959a805ba3c44e3a681dd6c17c7cb00cc242c27a"
+SRC_URI[sha256sum] = "2f2848760b915dfe185b9217f777738b36ceeb78a7fc208b7e74e039dec22df5"
 
 UPSTREAM_CHECK_URI = "ftp://ftp.ntpsec.org/pub/releases/"
 
@@ -66,7 +63,6 @@ EXTRA_OECONF = "--cross-compiler='${CC}' \
                 --pyshebang=${bindir}/python3 \
                 --pythondir=${PYTHON_SITEPACKAGES_DIR} \
                 --pythonarchdir=${PYTHON_SITEPACKAGES_DIR} \
-                --enable-debug \
                 --enable-debug-gdb \
                 --enable-early-droproot"
 
@@ -74,6 +70,12 @@ EXTRA_OEWAF_BUILD ?= "-v"
 
 NTP_USER_HOME ?= "/var/lib/ntp"
 
+BISONFLAGS = "--file-prefix-map=${WORKDIR}=/usr/src/debug/${PN}/${EXTENDPE}${PV}-${PR}"
+
+do_configure:prepend() {
+	export BISONFLAGS="${BISONFLAGS}"
+}
+
 do_install:append() {
 	install -d ${D}${sysconfdir}/init.d
 	install -m 755 ${S}/etc/rc/ntpd ${D}${sysconfdir}/init.d