More formatting of files

CHANGELOG.md

@@ -3,13 +3,15 @@ Version 0.3.7
 
 Major Changes
 -----
-- Reworked configuration options for peers (see [documentation](CONFIGURATION.md) for new instructions on how to configure peers).
+- Reworked configuration options for peers (see the documentation for new
+  instructions on how to configure peers).
 - Removed support for rfc5905 algorithm.
 
 Minor Changes
 -----
 - Send software timestamping is now enabled by default
-- Hardware timestamping can now only be configured if ntpd-rs is built with the `hardware-timestamping` feature (off by default).
+- Hardware timestamping can now only be configured if ntpd-rs is built with the
+  `hardware-timestamping` feature (off by default).
 - Upgraded dependencies.
 
 Bug fixes
@@ -32,24 +34,29 @@ Minor Changes
 
 Bug fixes
 -----
-- Fixed bug that caused ntp-ctl validate to not print warnings on the configuration, only parsing errors.
+- Fixed bug that caused ntp-ctl validate to not print warnings on the
+  configuration, only parsing errors.
 - Fixed bug in nts parsing that caused NTS to be entirely inoperable.
 
 Version 0.3.5
 ======
 
-No changes compared with 0.3.4, needed due to technical difficulties in release process.
+No changes compared with 0.3.4, needed due to technical difficulties in release
+process.
 
 Version 0.3.4
 ======
 
 Minor Changes
 -----
-- Fixed bug that caused nts-providing servers to fail after key rotation (which by default happens daily).
+- Fixed bug that caused nts-providing servers to fail after key rotation (which
+  by default happens daily).
 - Upgraded dependencies.
-- Fix bug in package installers that caused us to overwrite configuration on update.
+- Fix bug in package installers that caused us to overwrite configuration on
+  update.
 - Removed dependency on Axum in prometheus exporter.
-- Improved measurement code to deal better with external programs changing the clock.
+- Improved measurement code to deal better with external programs changing the
+  clock.
 - Removed some spurious warnings around server strata.
 
 Version 0.3.3
@@ -87,7 +94,8 @@ Major Changes
 - Implemented NTS Key Exchange
 - Implemented NTS client functionality and configuration
 - Implemented NTS server functionality and configuration
-- Changed format of timedata reported for peers to ensure compatibility with different algorithms.
+- Changed format of timedata reported for peers to ensure compatibility with
+  different algorithms.
 
 Minor Changes
 -----
@@ -123,10 +131,12 @@ Minor Changes
 -----
 - Made poll interval range and initial value configurable.
 - Minor improvements to timestamping of received and sent packets.
-- Minor improvements to log output, particularly around attribution of events to specific peers.
+- Minor improvements to log output, particularly around attribution of events to
+  specific peers.
 - Upgraded dependencies
 
 Bugfixes
 -----
 - Fixed a number of bugs around poll interval adjustment.
-- Fixed a bug in peer dispersion calculation which resulted in overly pessimistic dispersion estimates.
+- Fixed a bug in peer dispersion calculation which resulted in overly
+  pessimistic dispersion estimates.

README.md

@@ -1,105 +1,153 @@
-![checks](https://github.com/pendulum-project/ntpd-rs/actions/workflows/build.yaml/badge.svg?branch=main)[![codecov](https://codecov.io/gh/pendulum-project/ntpd-rs/branch/main/graph/badge.svg?token=WES1JIYUJH)](https://codecov.io/gh/pendulum-project/ntpd-rs)[![Crates.io](https://img.shields.io/crates/v/ntpd.svg)](https://crates.io/crates/ntpd)
+![checks](https://github.com/pendulum-project/ntpd-rs/actions/workflows/build.yaml/badge.svg?branch=main)
+[![codecov](https://codecov.io/gh/pendulum-project/ntpd-rs/branch/main/graph/badge.svg?token=WES1JIYUJH)](https://codecov.io/gh/pendulum-project/ntpd-rs)
+[![Crates.io](https://img.shields.io/crates/v/ntpd.svg)](https://crates.io/crates/ntpd)
 
 
 # ntpd-rs
 
-ntpd-rs is an NTP implementation written in Rust, with a focus on security and stability. It includes client and server functionality and supports NTS.
+ntpd-rs is an NTP implementation written in Rust, with a focus on security and
+stability. It includes client and server functionality and supports NTS.
 
 If a feature you need is missing please let us know by opening an issue.
 
 ## Installation
 
-The recommended way of installing ntpd-rs is with the pre-built packages from the [releases](https://github.com/pendulum-project/ntpd-rs/releases) page. The installers automatically handle setting up users, permissions and configuration.
-
-Alternatively, you can use `cargo install ntpd` or build from source.
+The recommended way of installing ntpd-rs is with the pre-built packages from
+the [releases page]. The installers automatically handle setting up users,
+permissions and configuration. Alternatively, you can use `cargo install ntpd`
+or build from source by cloning the repository yourself.
 
 ### Build from source
 
-Currently, ntpd-rs only supports Linux-based operating systems. Our current testing only targets Linux kernels after version 5.0.0, older kernels may work but this is not guaranteed.
+Currently, ntpd-rs only supports Linux-based operating systems. Our current
+testing only targets Linux kernels after version 5.0.0, older kernels may work
+but this is not guaranteed.
 
-ntpd-rs is written in rust. We strongly recommend using [rustup](https://rustup.rs) to install a rust toolchain, because the version provided by system package managers tends to be out of date. Be sure to use a recent version of the rust compiler.
+ntpd-rs is written in rust. We strongly recommend using [rustup] to install a
+rust toolchain, because the version provided by system package managers tends to
+be out of date. Be sure to use a recent version of the rust compiler. To build
+ntpd-rs run
 
-To build ntpd-rs run
 ```sh
 cargo build --release
 ```
-This produces a `ntp-daemon` binary at `target/release/ntp-daemon`, which is the main NTP daemon.
 
-Before running the ntpd-rs daemon, make sure that no other NTP daemons are running. E.g. when chrony is running
+This produces a `ntp-daemon` binary at `target/release/ntp-daemon`, which is the
+main NTP daemon. Before running the ntpd-rs daemon, make sure that no other NTP
+daemons are running. E.g. when chrony is running
+
 ```sh
 systemctl stop chronyd
 ```
 
-The ntpd-rs daemon requires elevated permissions to change the system clock. It can be tested against servers in the [NTP pool](https://ntppool.org):
+The ntpd-rs daemon requires elevated permissions to change the system clock.
+
 ```sh
-sudo ./target/release/ntp-daemon -p pool.ntp.org -p pool.ntp.org -p pool.ntp.org -p pool.ntp.org
+sudo ./target/release/ntp-daemon
 ```
 
-By default, at least 3 peer servers are needed for the algorithm to change the time. After a few minutes you should start to see messages indicating the offset of your machine from the server.
+By default, at least 3 peer servers are needed for the algorithm to change the
+time. After a few minutes you should start to see messages indicating the offset
+of your machine from the server.
 
 ```
 2023-04-11T10:06:24.847375Z  INFO ntp_proto::algorithm::kalman: Offset: 1.7506740305607742+-12.951528666965439ms, frequency: 8.525844072881435+-5.089483351832892ppm
 2023-04-11T10:06:25.443852Z  INFO ntp_proto::algorithm::kalman: Offset: 1.8947020578044949+-12.981792974220694ms, frequency: 7.654657944152439+-3.3911904299378386ppm
 2023-04-11T10:06:25.443979Z  INFO ntp_proto::algorithm::kalman: Changed frequency, current steer 4.26346751414286ppm, desired freq 0ppm
 ```
 
-A complete description of how the daemon can be configured can be found in the [configuration documentation](CONFIGURATION.md)
+A complete description of how the daemon can be configured can be found in the
+documentation found in the [documentation](./docs/).
 
 ## Minimum supported rust version
 
-We make no guarantees about supporting older versions of rust. When building from source (either manually or with `cargo install`) use the latest rust version to prevent issues.
+We make no guarantees about supporting older versions of rust. When building
+from source (either manually or with `cargo install`) use the latest rust
+version to prevent issues.
 
-We are committed to keep ntpd-rs working on at least the latest stable, beta and nightly rust compiler. Beyond this, we keep track of the current minimum rust version needed to compile our code for purposes of documentation. However, right now we do not have a policy guaranteeing a minimum amount of time we will support a stable rust release beyond the 6 weeks during which it is the latest stable version.
+We are committed to keep ntpd-rs working on at least the latest stable and beta
+compilers. Beyond this, we keep track of the current minimum rust version needed
+to compile our code for purposes of documentation. However, right now we do not
+have a policy guaranteeing a minimum amount of time we will support a stable
+rust release beyond the 6 weeks during which it is the latest stable version.
 
-Please note that the Rust project only supports the latest stable rust release. As this is the only release that will receive any security updates, we STRONGLY recommend using the latest stable rust version for compiling ntpd-rs for daily use.
+Please note that the Rust project only supports the latest stable rust release.
+As this is the only release that will receive any security updates, we STRONGLY
+recommend using the latest stable rust version for compiling ntpd-rs for daily
+use.
 
 ## Package substructure
 
 Currently, the code is split up into several separate crates:
- - `ntp-proto` contains the packet parsing and the algorithms needed for clock selection, filtering and steering.
- - `ntp-daemon` contains the main NTP daemon, and deals with orchestrating the networking and configuration.
- - `ntp-ctl` contains a control interface for the NTP daemon, allowing readout of current synchronisation state and dynamic configuration changes.
- - `ntp-metrics-exporter` contains a HTTP interface for exporting the prometheus metrics.
- - `test-binaries` contains a number of simple NTP servers that can be used for testing (see below).
- - `ntp-os-clock` contains the unsafe code needed to interface with system clocks.
- - `ntp-udp` contains the unsafe code needed to deal with timestamping on the network layer.
- - `ntpd` contains the entrypoints for all our binaries
 
-All unsafe code is contained within the `ntp-os-clock` and `ntp-udp` packages, which are kept as small as possible. All interfaces exposed by these crates should be safe. For a more detailed description of how ntpd-rs is structured, see the [development documentation](DEVELOPMENT.md).
+* `ntp-proto` contains the packet parsing and the algorithms needed for clock
+  selection, filtering and steering.
+* `test-binaries` contains a number of simple NTP servers that can be used for
+  testing (see below).
+* `ntp-os-clock` contains the unsafe code needed to interface with system
+  clocks.
+* `ntp-udp` contains the unsafe code needed to deal with timestamping on the
+  network layer.
+* `ntpd` contains the entrypoints for all our binaries and the code for the
+  daemon (`ntp-daemon`), control client (`ntp-ctl`) and OpenMetrics/prometheus
+  exporter (`ntp-metrics-exporter`).
+
+
+All unsafe code is contained within the `ntp-os-clock` and `ntp-udp` packages,
+which are kept as small as possible. All interfaces exposed by these crates
+should be safe. For a more detailed description of how ntpd-rs is structured,
+see the [development documentation](./docs/development/).
 
 ## Test Binaries
 
 This crate contains extremely limited NTP servers for testing purposes
 
-* `demobilize-server` always sends the DENY kiss code, the client must demobilize this association
+* `demobilize-server` always sends the DENY kiss code, the client must
+  demobilize this association
 * `rate-limit-server` forces an increase of the poll interval to 32 seconds
 
 ## Roadmap
 
-In Q1 2023 we completed our work on NTS. Our implementation is now full-featured, it supports NTP client and server with NTS.
+In Q1 2023 we completed our work on NTS. Our implementation is now
+full-featured, it supports NTP client and server with NTS.
 
 Our roadmap for 2023:
 
-- Q2 2023: Adoption work, improved packaging, FreeBSD support
-- Q3 2023: Stable release (pending funding)
-- Q4 2023: Development work on experimental features, NTS pool, NTPv5 (pending funding)
+* Q2 2023: Adoption work, improved packaging, FreeBSD support
+* Q3 2023: Stable release (pending funding)
+* Q4 2023: Development work on experimental features, NTS pool, NTPv5 (pending
+  funding)
 
-We seek sponsorship for features and maintenance to continue our work. Contact us via [email protected] if you are interested!
+We seek sponsorship for features and maintenance to continue our work. Contact
+us via [email protected] if you are interested!
 
 ## History
 
 ### 2022
 
-The project originates from ISRG's project [Prossimo](https://www.memorysafety.org), as part of their mission to achieve memory safety for the Internet's most critical infrastructure.
+The project originates from ISRG's project [Prossimo], as part of their mission
+to achieve memory safety for the Internet's most critical infrastructure.
 
 <img alt="Prossimo" src="https://www.memorysafety.org/images/Prossimo%20Brand%20Assets/Prossimo%20Horizontal%20Full%20Color.svg" width="250px"/>
 
-Prossimo funded the initial development of the NTP client and server, and NTS support. The [NTP initiative page](https://www.memorysafety.org/initiative/ntp) on Prossimo's website tells the story.
+Prossimo funded the initial development of the NTP client and server, and NTS
+support. The [NTP initiative page] on Prossimo's website tells the story.
 
 ### 2023
 
-After completion of the initial development, the project's ownership moved from Prossimo to Tweede golf in April 2023. See the announcement [here](https://www.memorysafety.org/blog/ntp-and-nts-have-arrived/).
+After completion of the initial development, the project's ownership moved from
+Prossimo to Tweede golf in April 2023. See the [NTP announcement] for more
+information.
 
-Tweede golf is the long-term maintainer of ntpd-rs, that is now part of Tweede golf's [Project Pendulum](https://github.com/pendulum-project). Pendulum is building modern, open-source implementations of the Network Time Protocol and the Precision Time Protocol. In August of 2023, Sovereign Tech Fund invested in Pendulum. Read more on [their website](https://sovereigntechfund.de/en/projects/pendulum/).
+Tweede golf is the long-term maintainer of ntpd-rs, that is now part of Tweede
+golf's [Project Pendulum]. Pendulum is building modern, open-source
+implementations of the Network Time Protocol and the Precision Time Protocol.
 
 ![STF](https://tweedegolf.nl/images/logo-stf-blank.png)
+
+[releases page]: https://github.com/pendulum-project/ntpd-rs/releases
+[rustup]: https://rustup.rs
+[Prossimo]: https://www.memorysafety.org
+[NTP initiative page]: https://www.memorysafety.org/initiative/ntp
+[NTP announcement]: https://www.memorysafety.org/blog/ntp-and-nts-have-arrived/
+[Project Pendulum]: https://github.com/pendulum-project

SECURITY.md

@@ -2,7 +2,7 @@ Security policy
 ===============
 
 **Do not report security vulnerabilities through public GitHub issues.**
-Instead, you can report security vulnerabilities using [our security page](https://github.com/pendulum-project/ntpd-rs/security),
+Instead, you can report security vulnerabilities using [our security page],
 or send them by email to [email protected].
 
 Please include as much of the following information as possible:
@@ -20,9 +20,13 @@ We prefer to receive reports in English. If necessary, we also understand Dutch.
 
 ## Disclosure Policy
 
-We adhere to the principle of [responsible disclosure](https://vuls.cert.org/confluence/display/CVD/Executive+Summary).
+We adhere to the principle of [coordinated vulnerability disclosure].
 
 Security Advisories
 ===================
-Security advisories will be published [on GitHub](https://github.com/pendulum-project/ntpd-rs/security/advisories)
-and possibly through other channels.
+Security advisories will be published on our [github advisories page] and
+possibly through other channels.
+
+[our security page]: https://github.com/pendulum-project/ntpd-rs/security
+[coordinated vulnerability disclosure]: https://vuls.cert.org/confluence/display/CVD/Executive+Summary
+[github advisories page]: https://github.com/pendulum-project/ntpd-rs/security/advisories

docs/development/audits.md

@@ -0,0 +1,6 @@
+# Audits
+
+## NLnet NGI Review Security Evaluation by Radically Open Security
+
+Date: 2023-04 \
+Report: [download](../audits/report-ntpd-rs-v11-final.pdf)