* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-09-02 15:51 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2020-09-02 15:51 UTC (permalink / raw
To: gentoo-commits
commit: f7179379b3d676aab1cd6eceafd28145bfed2ae1
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 2 15:50:50 2020 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed Sep 2 15:51:37 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f7179379
net-misc/chrony: Simplify setting systemd default options
Package-Manager: Portage-3.0.5, Repoman-3.0.1
Bug: https://bugs.gentoo.org/show_bug.cgi?id=739714
Fixes: 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/chrony-3.5.1-r1.ebuild | 14 +++++---------
net-misc/chrony/chrony-4.0_pre3.ebuild | 14 +++++---------
net-misc/chrony/chrony-9999.ebuild | 14 +++++---------
net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch | 2 +-
4 files changed, 16 insertions(+), 28 deletions(-)
diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
index 38d6c2500b7..38bd1ccc1f0 100644
--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild
@@ -68,24 +68,20 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- sed \
- -e 's/-F 1/-F 0/' \
- examples/chronyd.service > "${T}"/chronyd.service || die
-
cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
if ! use caps; then
sed -i \
- -e 's/-u ntp//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -u ntp//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
if ! use seccomp; then
sed -i \
- -e 's/-F 0//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -F 0//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
tc-export CC PKG_CONFIG
@@ -176,7 +172,7 @@ src_install() {
insinto /etc/logrotate.d
newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
- systemd_dounit "${T}"/chronyd.service
+ systemd_dounit examples/chronyd.service
systemd_dounit examples/chrony-wait.service
systemd_enable_ntpunit 50-chrony chronyd.service
}
diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild
index 8ff387f448e..25ae917e91e 100644
--- a/net-misc/chrony/chrony-4.0_pre3.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild
@@ -68,24 +68,20 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- sed \
- -e 's/-F 1/-F 0/' \
- examples/chronyd.service > "${T}"/chronyd.service || die
-
cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
if ! use caps; then
sed -i \
- -e 's/-u ntp//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -u ntp//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
if ! use seccomp; then
sed -i \
- -e 's/-F 0//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -F 0//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
tc-export CC PKG_CONFIG
@@ -176,7 +172,7 @@ src_install() {
insinto /etc/logrotate.d
newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
- systemd_dounit "${T}"/chronyd.service
+ systemd_dounit examples/chronyd.service
systemd_dounit examples/chrony-wait.service
systemd_enable_ntpunit 50-chrony chronyd.service
}
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index 8ff387f448e..25ae917e91e 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -68,24 +68,20 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- sed \
- -e 's/-F 1/-F 0/' \
- examples/chronyd.service > "${T}"/chronyd.service || die
-
cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
if ! use caps; then
sed -i \
- -e 's/-u ntp//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -u ntp//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
if ! use seccomp; then
sed -i \
- -e 's/-F 0//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
+ -e 's/ -F 0//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
fi
tc-export CC PKG_CONFIG
@@ -176,7 +172,7 @@ src_install() {
insinto /etc/logrotate.d
newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
- systemd_dounit "${T}"/chronyd.service
+ systemd_dounit examples/chronyd.service
systemd_dounit examples/chrony-wait.service
systemd_enable_ntpunit 50-chrony chronyd.service
}
diff --git a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
index 0ea3c921980..a3a2962ddd1 100644
--- a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
+++ b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
@@ -6,7 +6,7 @@
PIDFile=/run/chrony/chronyd.pid
-EnvironmentFile=-/etc/sysconfig/chronyd
-ExecStart=/usr/sbin/chronyd $OPTIONS
-+ExecStart=/usr/sbin/chronyd -u ntp -F 1
++ExecStart=/usr/sbin/chronyd -u ntp -F 0
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=full
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2023-11-25 6:36 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2023-11-25 6:36 UTC (permalink / raw
To: gentoo-commits
commit: f3f5035b6682ffc66d5c7b7cd3ca5642f8b0e7a3
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 25 06:34:09 2023 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Nov 25 06:34:09 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3f5035b
net-misc/chrony: drop 4.3-r5
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/chrony/Manifest | 2 -
net-misc/chrony/chrony-4.3-r5.ebuild | 264 ---------------------
.../chrony-4.3-strict-prototypes-clang16.patch | 71 ------
3 files changed, 337 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index da9d29c4ac09..74d76950aa23 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,4 +1,2 @@
-DIST chrony-4.3.tar.gz 593560 BLAKE2B 51ba6d19312fd52cd6d6d8ab9437c886a3779877170674db6dc37d657e849101e2669fd6c8723d24e43c895cd1924c3d8d2ff442baeef9abe8a6c313929edf5f SHA512 1394bac3ed684352fe89b7fef7da50e61f9f522abee807627ae1fc4c2dde891017bc8e5b13759fced028f3a1e875d5e4e5a4f85de65c63b5f83d0ca03bb4c5df
-DIST chrony-4.3.tar.gz.asc 833 BLAKE2B 12399205da4ee5c442207bfdf936ac88552a49b21b0db8c15b09118b579e2076f7cfec6ad916b08b41edc4f9f8e03b13d7758ed08e116bee54d0f0f9cd68a505 SHA512 300b06f253ac3727edb86a1b7c337f9529ee752bbb471b266217b6a8ac5183e827264177a3210d436425d746673bf11fbdc41da145673213e28165197c6c76b7
DIST chrony-4.4.tar.gz 612094 BLAKE2B 470c3d4ab9aa5949df1c10d0ecbd556fba3ce9b05e9dc4a5475795c174fca48a624975df68552f78927a19b72cb6b4f136ed4e5fa04a833dbd8139d0be144e4f SHA512 45e060eb0c5892552f28dc436429e5823409cc93533127af27b64d08ff9c769fdc72694272232114f5ca1884c2bc8b5e842fae7956dc457358e937bcd3dda4d7
DIST chrony-4.4.tar.gz.asc 833 BLAKE2B 07f863381d37e30435c3796c7ff4ac628dd81b248e76fe1b9ce6dff07f9f2bd9423a013c7d0a09f2bfe251a8e176b04731e1cb60829f1dc83a7321274d3f6992 SHA512 bb795b428567434937cbf3a12c559b549b89abe65010d04eed0fbdcfde35e7266771ea01c2c5581f3e5fae993f1782fff5a62c5ae09259d2b65dab9473d756a3
diff --git a/net-misc/chrony/chrony-4.3-r5.ebuild b/net-misc/chrony/chrony-4.3-r5.ebuild
deleted file mode 100644
index 4b78f2f22ba9..000000000000
--- a/net-misc/chrony/chrony-4.3-r5.ebuild
+++ /dev/null
@@ -1,264 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-inherit edo systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
-
-if [[ ${PV} == 9999 ]] ; then
- EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
- inherit git-r3
-else
- VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/mlichvar.asc
- inherit verify-sig
-
- SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )"
-
- if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv sparc x86"
- fi
-fi
-
-S="${WORKDIR}/${P/_/-}"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="+caps +cmdmon debug html libtomcrypt +nettle nss +ntp +nts +phc pps +readline +refclock +rtc samba +seccomp +sechash selinux"
-# nettle > nss > libtomcrypt in configure
-REQUIRED_USE="
- sechash? ( || ( nettle nss libtomcrypt ) )
- nettle? ( !nss )
- nss? ( !nettle )
- libtomcrypt? ( !nettle !nss )
- !sechash? ( !nss )
- !sechash? ( !nts? ( !nettle ) )
-"
-
-DEPEND="
- caps? (
- acct-group/ntp
- acct-user/ntp
- sys-libs/libcap
- )
- libtomcrypt? ( dev-libs/libtomcrypt:= )
- nettle? ( dev-libs/nettle:= )
- nss? ( dev-libs/nss:= )
- nts? ( net-libs/gnutls:= )
- pps? ( net-misc/pps-tools )
- readline? ( dev-libs/libedit )
- seccomp? ( sys-libs/libseccomp )
-"
-RDEPEND="
- ${DEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-# bison dep only for 4.3-r1 for ${P}-strict-prototypes-clang16.patch
-BDEPEND="
- sys-devel/bison
- html? ( dev-ruby/asciidoctor )
- nts? ( virtual/pkgconfig )
- sechash? (
- nettle? ( virtual/pkgconfig )
- nss? ( virtual/pkgconfig )
- )
-"
-
-if [[ ${PV} == 9999 ]] ; then
- # Needed for doc generation in 9999
- REQUIRED_USE+=" html"
- BDEPEND+="
- sys-devel/bison
- virtual/w3m
- "
-else
- BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )"
-fi
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-4.2-systemd-gentoo.patch
- "${FILESDIR}"/${P}-strict-prototypes-clang16.patch
-)
-
-src_prepare() {
- default
-
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die
-}
-
-src_configure() {
- if ! use caps ; then
- sed -i \
- -e 's/ -u ntp//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- if ! use seccomp ; then
- sed -i \
- -e 's/ -F 2//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- tc-export CC PKG_CONFIG
-
- # Update from time to time with output from "date +%s"
- # on a system that is time-synced.
- export SOURCE_DATE_EPOCH=1607976314
-
- # Not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
-
- $(usev !caps '--disable-linuxcaps')
- $(usev !cmdmon '--disable-cmdmon')
- $(usev debug '--enable-debug')
-
- # USE=readline here means "readline-like functionality"
- # chrony only supports libedit in terms of the library providing
- # it.
- $(usev !readline '--without-editline --disable-readline')
-
- $(usev !libtomcrypt '--without-tomcrypt')
- $(usev !nettle '--without-nettle')
- $(usev !nss '--without-nss')
- $(usev !ntp '--disable-ntp')
- $(usev !nts '--disable-nts')
- $(usev !nts '--without-gnutls')
- $(usev !phc '--disable-phc')
- $(usev !pps '--disable-pps')
- $(usev !refclock '--disable-refclock')
- $(usev !rtc '--disable-rtc')
- $(usev samba '--enable-ntp-signd')
- $(usev !sechash '--disable-sechash')
-
- --chronysockdir="${EPREFIX}/run/chrony"
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-hwclockfile="${EPREFIX}/etc/adjtime"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
-
- ${EXTRA_ECONF}
- )
-
- # Print the ./configure call
- edo ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- if [[ ${PV} == 9999 ]] ; then
- # Uses w3m
- emake -C doc man txt
- fi
-
- emake all docs $(usev !html 'ADOC=true')
-}
-
-src_install() {
- default
-
- # Compatibility with other distributions who install to /etc/chrony.conf (bug #835461)
- dosym -r /etc/chrony/chrony.conf /etc/chrony.conf
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html ; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps ; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- # bug #711058
- fowners -R ntp:ntp /var/{lib,log}/chrony
- fperms -R 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=0
- HAD_SECCOMP=0
- HAD_PRE_NEW_SECCOMP_LEVEL=0
-
- # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5
- # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand
- if has_version 'net-misc/chrony[caps]' ; then
- HAD_CAPS=1
- fi
-
- if has_version 'net-misc/chrony[seccomp]' ; then
- HAD_SECCOMP=1
- fi
-
- if has_version '>=net-misc/chrony-4.1[seccomp]' ; then
- # This version introduced a new filter level: -F 2
- # It's a limited set of seccomp filters designed to be 'bare minimum'
- HAD_PRE_NEW_SECCOMP_LEVEL=1
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n "${REPLACING_VERSIONS}" ]] ; then
- if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then
- # bug #719876
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
- fi
- fi
-
- # See bug #783915 for general discussion on enabling seccomp filtering
- # by default.
- local show_seccomp_enable_msg=0
-
- # Was seccomp disabled before and now enabled?
- if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then
- show_seccomp_enable_msg=1
- fi
-
- # Are we coming from an old version without the new 'minimal' filter?
- # (-F 2)
- if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then
- show_seccomp_enable_msg=1
- fi
-
- if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then
- elog "To enable seccomp in a stricter mode, please modify:"
- elog "- ${EROOT}/etc/conf.d/chronyd for OpenRC"
- elog "- systemctl edit chronyd for systemd"
- elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)"
- elog "By default, we now use -F 2 which is a baseline/minimal filter."
- fi
-}
diff --git a/net-misc/chrony/files/chrony-4.3-strict-prototypes-clang16.patch b/net-misc/chrony/files/chrony-4.3-strict-prototypes-clang16.patch
deleted file mode 100644
index fb89a1eb3fef..000000000000
--- a/net-misc/chrony/files/chrony-4.3-strict-prototypes-clang16.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-https://git.tuxfamily.org/chrony/chrony.git/commit/?id=7b97668319f9449b4adb1a978bb1fe9b0fb22e4d
-https://bugs.gentoo.org/880519
-
-From 7b97668319f9449b4adb1a978bb1fe9b0fb22e4d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Holger=20Hoffst=C3=A4tte?= <holger@applied-asynchrony.com>
-Date: Wed, 9 Nov 2022 09:17:14 +0100
-Subject: getdate: fix various warnings which will be errors with clang-16
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-These were found by Gentoo's QA while rebuilding the world with
-clang-16: https://bugs.gentoo.org/880519
-
-Signed-off-by: Holger Hoffstätte <holger@applied-asynchrony.com>
-
---- a/getdate.y
-+++ b/getdate.y
-@@ -448,9 +448,9 @@ o_merid : /* NULL */
- the same signature as the function definition does. */
- #include "getdate.h"
-
--extern struct tm *gmtime ();
--extern struct tm *localtime ();
--extern time_t mktime ();
-+extern struct tm *gmtime (const time_t *timep);
-+extern struct tm *localtime (const time_t *timep);
-+extern time_t mktime (struct tm *tm);
-
- /* Month and day table. */
- static TABLE const MonthDayTable[] = {
-@@ -641,16 +641,13 @@ static TABLE const MilitaryTable[] = {
-
- /* ARGSUSED */
- static int
--yyerror (s)
-- char *s ATTRIBUTE_UNUSED;
-+yyerror (char *s ATTRIBUTE_UNUSED)
- {
- return 0;
- }
-
- static int
--ToHour (Hours, Meridian)
-- int Hours;
-- MERIDIAN Meridian;
-+ToHour (int Hours, MERIDIAN Meridian)
- {
- switch (Meridian)
- {
-@@ -677,8 +674,7 @@ ToHour (Hours, Meridian)
- }
-
- static int
--ToYear (Year)
-- int Year;
-+ToYear (int Year)
- {
- if (Year < 0)
- Year = -Year;
-@@ -694,8 +690,7 @@ ToYear (Year)
- }
-
- static int
--LookupWord (buff)
-- char *buff;
-+LookupWord (char *buff)
- {
- register char *p;
- register char *q;
-cgit v0.10.2
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2022-04-17 16:44 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2022-04-17 16:44 UTC (permalink / raw
To: gentoo-commits
commit: f125e6af3e2eec2114c45a8ed3926e00f89d384f
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Apr 17 16:41:21 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Apr 17 16:41:21 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f125e6af
net-misc/chrony: drop 4.1-r2, 4.2
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/chrony/Manifest | 2 -
net-misc/chrony/chrony-4.1-r2.ebuild | 253 ---------------------
net-misc/chrony/chrony-4.2.ebuild | 252 --------------------
.../files/chrony-4.1-seccomp-glibc-2-3-4.patch | 30 ---
4 files changed, 537 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 6fc04ec3c097..bb1c6ba9cc2e 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,4 +1,2 @@
-DIST chrony-4.1.tar.gz 564648 BLAKE2B f9c4b44c521ee592c109b8a3d500b9cb3ea4fbf0d7dce9d8754498ad41ce2ac87c913cf72a38557ce5f28208672163b21b067307f723fd91cc91d71f69e739ef SHA512 5e283d6a56e6852606c681a7c29c5786b102d584178cbd7033ebbc95a8e95533605631363b850a3087cca438a5878db7a317f120aab2fd856487d02fccfbcb1f
-DIST chrony-4.1.tar.gz.asc 833 BLAKE2B 6d800ae436523f61cd713cdd12cf0246db53e732554433d5ef6cf1a437296ee9d0da3b2e9e72d1ccb0e3a6b1ee1227e5d1626bf031b0491670ee0712e17c57ff SHA512 82faf9171d782c18224d2d44b340994b0ddab141e88cc803dea83d0ffbb6468bc51e8b11c8dd9bd327220cae04f7d789b58ab23141a2bdf038ce628f9adeb57a
DIST chrony-4.2.tar.gz 578411 BLAKE2B 6eac4f144f5811d0f83a9827e2b5113dead1ff96952f6e6d32dcea9858e04512f635d70237fe6faced095991204b0f62bcb0e9d1a4b34e8778f205058afdfb45 SHA512 7f946b27de605b3ebea62cf23916dfad77c99e8b2338ba239ede6b8216ce436b3d4d87770f371c8d8e006507c51d5c831b51f067957abd2935adfdec3f5aa67d
DIST chrony-4.2.tar.gz.asc 833 BLAKE2B 41cb83f62dd58489313438672d209cc65fdbb5f8f595ea38f990d5e15194f91532d3f3221c6c38581467d62e95d23853a4fc438d32b99606def5f06db0031969 SHA512 d8ae4b540ce3529a5a72e10c14765a33ca6fc41529b6fdc9928fb171f25bd6fb87f930b7783638892f42f4cbcfaab4cb1064c930bae1d5204a71babad72b6e10
diff --git a/net-misc/chrony/chrony-4.1-r2.ebuild b/net-misc/chrony/chrony-4.1-r2.ebuild
deleted file mode 100644
index eefd2899e047..000000000000
--- a/net-misc/chrony/chrony-4.1-r2.ebuild
+++ /dev/null
@@ -1,253 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
-
-if [[ ${PV} == "9999" ]] ; then
- EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
- inherit git-r3
-else
- VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/mlichvar.asc
- inherit verify-sig
-
- SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )"
-
- if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 ~riscv sparc x86"
- fi
-fi
-
-S="${WORKDIR}/${P/_/-}"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux"
-# nettle > nss > libtomcrypt in configure
-REQUIRED_USE="
- sechash? ( || ( nettle nss libtomcrypt ) )
- nettle? ( !nss )
- nss? ( !nettle )
- libtomcrypt? ( !nettle !nss )
- !sechash? ( !nss )
- !sechash? ( !nts? ( !nettle ) )
-"
-
-DEPEND="
- caps? (
- acct-group/ntp
- acct-user/ntp
- sys-libs/libcap
- )
- libedit? ( dev-libs/libedit )
- !libedit? ( sys-libs/readline:= )
- nettle? ( dev-libs/nettle:= )
- nss? ( dev-libs/nss:= )
- nts? ( net-libs/gnutls:= )
- pps? ( net-misc/pps-tools )
- seccomp? ( sys-libs/libseccomp )
-"
-RDEPEND="
- ${DEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-BDEPEND="
- html? ( dev-ruby/asciidoctor )
- nts? ( virtual/pkgconfig )
- sechash? (
- nettle? ( virtual/pkgconfig )
- nss? ( virtual/pkgconfig )
- )
-"
-
-if [[ ${PV} == "9999" ]] ; then
- # Needed for doc generation in 9999
- REQUIRED_USE+=" html"
- BDEPEND+=" virtual/w3m"
-else
- BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )"
-fi
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-4.1-systemd-gentoo.patch
- "${FILESDIR}"/${P}-seccomp-glibc-2-3-4.patch
-)
-
-src_prepare() {
- default
-
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die
-}
-
-src_configure() {
- if ! use caps ; then
- sed -i \
- -e 's/ -u ntp//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- if ! use seccomp ; then
- sed -i \
- -e 's/ -F 2//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- tc-export CC PKG_CONFIG
-
- # Update from time to time with output from "date +%s"
- # on a system that is time-synced.
- export SOURCE_DATE_EPOCH=1607976314
-
- # Not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
-
- $(usex caps '' '--disable-linuxcaps')
- $(usex cmdmon '' '--disable-cmdmon')
- $(usex debug '--enable-debug' '')
- $(usex ipv6 '' '--disable-ipv6')
- $(usex libedit '' '--without-editline')
- $(usex libtomcrypt '' '--without-tomcrypt')
- $(usex nettle '' '--without-nettle')
- $(usex nss '' '--without-nss')
- $(usex ntp '' '--disable-ntp')
- $(usex nts '' '--disable-nts')
- $(usex nts '' '--without-gnutls')
- $(usex phc '' '--disable-phc')
- $(usex pps '' '--disable-pps')
- $(usex refclock '' '--disable-refclock')
- $(usex rtc '' '--disable-rtc')
- $(usex samba '--enable-ntp-signd' '')
- $(usex sechash '' '--disable-sechash')
-
- --chronysockdir="${EPREFIX}/run/chrony"
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-hwclockfile="${EPREFIX}/etc/adjtime"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
-
- ${EXTRA_ECONF}
- )
-
- # Print the ./configure call
- echo sh ./configure "${myconf[@]}" >&2
- sh ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- if [[ ${PV} == "9999" ]] ; then
- # Uses w3m
- emake -C doc man txt
- fi
-
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html ; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps ; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- # bug #711058
- fowners ntp:ntp /var/{lib,log}/chrony
- fperms 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=0
- HAD_SECCOMP=0
- HAD_PRE_NEW_SECCOMP_LEVEL=0
-
- # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5
- # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand
- if has_version 'net-misc/chrony[caps]' ; then
- HAD_CAPS=1
- fi
-
- if has_version 'net-misc/chrony[seccomp]' ; then
- HAD_SECCOMP=1
- fi
-
- if has_version '>=net-misc/chrony-4.1[seccomp]' ; then
- # This version introduced a new filter level: -F 2
- # It's a limited set of seccomp filters designed to be 'bare minimum'
- HAD_PRE_NEW_SECCOMP_LEVEL=1
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n "${REPLACING_VERSIONS}" ]] ; then
- if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then
- # bug #719876
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
- fi
- fi
-
- # See bug #783915 for general discussion on enabling seccomp filtering
- # by default.
- local show_seccomp_enable_msg=0
-
- # Was seccomp disabled before and now enabled?
- if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then
- show_seccomp_enable_msg=1
- fi
-
- # Are we coming from an old version without the new 'minimal' filter?
- # (-F 2)
- if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then
- show_seccomp_enable_msg=1
- fi
-
- if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then
- elog "To enable seccomp in a stricter mode, please modify:"
- elog "- /etc/conf.d/chronyd for OpenRC"
- elog "- systemctl edit chronyd for systemd"
- elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)"
- elog "By default, we now use -F 2 which is a baseline/minimal filter."
- fi
-}
diff --git a/net-misc/chrony/chrony-4.2.ebuild b/net-misc/chrony/chrony-4.2.ebuild
deleted file mode 100644
index 51af47377ea6..000000000000
--- a/net-misc/chrony/chrony-4.2.ebuild
+++ /dev/null
@@ -1,252 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
-
-if [[ ${PV} == "9999" ]] ; then
- EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
- inherit git-r3
-else
- VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/mlichvar.asc
- inherit verify-sig
-
- SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )"
-
- if [[ ${PV} != *_pre* ]] ; then
- KEYWORDS="~alpha amd64 arm arm64 hppa ~m68k ~mips ppc ppc64 ~riscv sparc x86"
- fi
-fi
-
-S="${WORKDIR}/${P/_/-}"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux"
-# nettle > nss > libtomcrypt in configure
-REQUIRED_USE="
- sechash? ( || ( nettle nss libtomcrypt ) )
- nettle? ( !nss )
- nss? ( !nettle )
- libtomcrypt? ( !nettle !nss )
- !sechash? ( !nss )
- !sechash? ( !nts? ( !nettle ) )
-"
-
-DEPEND="
- caps? (
- acct-group/ntp
- acct-user/ntp
- sys-libs/libcap
- )
- libedit? ( dev-libs/libedit )
- !libedit? ( sys-libs/readline:= )
- nettle? ( dev-libs/nettle:= )
- nss? ( dev-libs/nss:= )
- nts? ( net-libs/gnutls:= )
- pps? ( net-misc/pps-tools )
- seccomp? ( sys-libs/libseccomp )
-"
-RDEPEND="
- ${DEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-BDEPEND="
- html? ( dev-ruby/asciidoctor )
- nts? ( virtual/pkgconfig )
- sechash? (
- nettle? ( virtual/pkgconfig )
- nss? ( virtual/pkgconfig )
- )
-"
-
-if [[ ${PV} == "9999" ]] ; then
- # Needed for doc generation in 9999
- REQUIRED_USE+=" html"
- BDEPEND+=" virtual/w3m"
-else
- BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )"
-fi
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-4.2-systemd-gentoo.patch
-)
-
-src_prepare() {
- default
-
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die
-}
-
-src_configure() {
- if ! use caps ; then
- sed -i \
- -e 's/ -u ntp//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- if ! use seccomp ; then
- sed -i \
- -e 's/ -F 2//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- tc-export CC PKG_CONFIG
-
- # Update from time to time with output from "date +%s"
- # on a system that is time-synced.
- export SOURCE_DATE_EPOCH=1607976314
-
- # Not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
-
- $(usex caps '' '--disable-linuxcaps')
- $(usex cmdmon '' '--disable-cmdmon')
- $(usex debug '--enable-debug' '')
- $(usex ipv6 '' '--disable-ipv6')
- $(usex libedit '' '--without-editline')
- $(usex libtomcrypt '' '--without-tomcrypt')
- $(usex nettle '' '--without-nettle')
- $(usex nss '' '--without-nss')
- $(usex ntp '' '--disable-ntp')
- $(usex nts '' '--disable-nts')
- $(usex nts '' '--without-gnutls')
- $(usex phc '' '--disable-phc')
- $(usex pps '' '--disable-pps')
- $(usex refclock '' '--disable-refclock')
- $(usex rtc '' '--disable-rtc')
- $(usex samba '--enable-ntp-signd' '')
- $(usex sechash '' '--disable-sechash')
-
- --chronysockdir="${EPREFIX}/run/chrony"
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-hwclockfile="${EPREFIX}/etc/adjtime"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
-
- ${EXTRA_ECONF}
- )
-
- # Print the ./configure call
- echo sh ./configure "${myconf[@]}" >&2
- sh ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- if [[ ${PV} == "9999" ]] ; then
- # Uses w3m
- emake -C doc man txt
- fi
-
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html ; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps ; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- # bug #711058
- fowners ntp:ntp /var/{lib,log}/chrony
- fperms 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=0
- HAD_SECCOMP=0
- HAD_PRE_NEW_SECCOMP_LEVEL=0
-
- # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5
- # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand
- if has_version 'net-misc/chrony[caps]' ; then
- HAD_CAPS=1
- fi
-
- if has_version 'net-misc/chrony[seccomp]' ; then
- HAD_SECCOMP=1
- fi
-
- if has_version '>=net-misc/chrony-4.1[seccomp]' ; then
- # This version introduced a new filter level: -F 2
- # It's a limited set of seccomp filters designed to be 'bare minimum'
- HAD_PRE_NEW_SECCOMP_LEVEL=1
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n "${REPLACING_VERSIONS}" ]] ; then
- if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then
- # bug #719876
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
- fi
- fi
-
- # See bug #783915 for general discussion on enabling seccomp filtering
- # by default.
- local show_seccomp_enable_msg=0
-
- # Was seccomp disabled before and now enabled?
- if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then
- show_seccomp_enable_msg=1
- fi
-
- # Are we coming from an old version without the new 'minimal' filter?
- # (-F 2)
- if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then
- show_seccomp_enable_msg=1
- fi
-
- if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then
- elog "To enable seccomp in a stricter mode, please modify:"
- elog "- /etc/conf.d/chronyd for OpenRC"
- elog "- systemctl edit chronyd for systemd"
- elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)"
- elog "By default, we now use -F 2 which is a baseline/minimal filter."
- fi
-}
diff --git a/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch b/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
deleted file mode 100644
index 56dd89b3ffdc..000000000000
--- a/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-https://git.tuxfamily.org/chrony/chrony.git/patch/?id=bbbd80bf03223f181d4abf5c8e5fe6136ab6129a
-
-From bbbd80bf03223f181d4abf5c8e5fe6136ab6129a Mon Sep 17 00:00:00 2001
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Mon, 9 Aug 2021 11:48:21 +0200
-Subject: sys_linux: allow clone3 and pread64 in seccomp filter
-
-These seem to be needed with the latest glibc.
-
---- a/sys_linux.c
-+++ b/sys_linux.c
-@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
-
- /* Process */
- SCMP_SYS(clone),
-+#ifdef __NR_clone3
-+ SCMP_SYS(clone3),
-+#endif
- SCMP_SYS(exit),
- SCMP_SYS(exit_group),
- SCMP_SYS(getpid),
-@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
- #ifdef __NR_ppoll_time64
- SCMP_SYS(ppoll_time64),
- #endif
-+ SCMP_SYS(pread64),
- SCMP_SYS(pselect6),
- #ifdef __NR_pselect6_time64
- SCMP_SYS(pselect6_time64),
-cgit v0.10.2
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2022-02-18 0:47 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2022-02-18 0:47 UTC (permalink / raw
To: gentoo-commits
commit: fcb3491cce5f2b5980718eb67305e90b558658be
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 18 00:47:06 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Feb 18 00:47:06 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fcb3491c
net-misc/chrony: add glibc-2.35 seccomp patch
We also add a mawk test patch.
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/chrony/chrony-4.2-r1.ebuild | 255 +++++++++++++++++++++
.../chrony/files/chrony-4.2-seccomp-rseq.patch | 30 +++
net-misc/chrony/files/chrony-4.2-test-mawk.patch | 30 +++
3 files changed, 315 insertions(+)
diff --git a/net-misc/chrony/chrony-4.2-r1.ebuild b/net-misc/chrony/chrony-4.2-r1.ebuild
new file mode 100644
index 000000000000..9df110347a58
--- /dev/null
+++ b/net-misc/chrony/chrony-4.2-r1.ebuild
@@ -0,0 +1,255 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd tmpfiles toolchain-funcs
+
+DESCRIPTION="NTP client and server programs"
+HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
+
+if [[ ${PV} == "9999" ]] ; then
+ EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
+ inherit git-r3
+else
+ VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/mlichvar.asc
+ inherit verify-sig
+
+ SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
+ SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )"
+
+ if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
+ fi
+fi
+
+S="${WORKDIR}/${P/_/-}"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux"
+# nettle > nss > libtomcrypt in configure
+REQUIRED_USE="
+ sechash? ( || ( nettle nss libtomcrypt ) )
+ nettle? ( !nss )
+ nss? ( !nettle )
+ libtomcrypt? ( !nettle !nss )
+ !sechash? ( !nss )
+ !sechash? ( !nts? ( !nettle ) )
+"
+
+DEPEND="
+ caps? (
+ acct-group/ntp
+ acct-user/ntp
+ sys-libs/libcap
+ )
+ libedit? ( dev-libs/libedit )
+ !libedit? ( sys-libs/readline:= )
+ nettle? ( dev-libs/nettle:= )
+ nss? ( dev-libs/nss:= )
+ nts? ( net-libs/gnutls:= )
+ pps? ( net-misc/pps-tools )
+ seccomp? ( sys-libs/libseccomp )
+"
+RDEPEND="
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-chronyd )
+"
+BDEPEND="
+ html? ( dev-ruby/asciidoctor )
+ nts? ( virtual/pkgconfig )
+ sechash? (
+ nettle? ( virtual/pkgconfig )
+ nss? ( virtual/pkgconfig )
+ )
+"
+
+if [[ ${PV} == "9999" ]] ; then
+ # Needed for doc generation in 9999
+ REQUIRED_USE+=" html"
+ BDEPEND+=" virtual/w3m"
+else
+ BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )"
+fi
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
+ "${FILESDIR}"/${PN}-4.2-systemd-gentoo.patch
+
+ "${FILESDIR}"/${P}-test-mawk.patch
+ "${FILESDIR}"/${P}-seccomp-rseq.patch
+)
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
+ doc/* examples/* || die
+
+ cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die
+}
+
+src_configure() {
+ if ! use caps ; then
+ sed -i \
+ -e 's/ -u ntp//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
+ fi
+
+ if ! use seccomp ; then
+ sed -i \
+ -e 's/ -F 2//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
+ fi
+
+ tc-export CC PKG_CONFIG
+
+ # Update from time to time with output from "date +%s"
+ # on a system that is time-synced.
+ export SOURCE_DATE_EPOCH=1607976314
+
+ # Not an autotools generated script
+ local myconf=(
+ $(use_enable seccomp scfilter)
+
+ $(usex caps '' '--disable-linuxcaps')
+ $(usex cmdmon '' '--disable-cmdmon')
+ $(usex debug '--enable-debug' '')
+ $(usex ipv6 '' '--disable-ipv6')
+ $(usex libedit '' '--without-editline')
+ $(usex libtomcrypt '' '--without-tomcrypt')
+ $(usex nettle '' '--without-nettle')
+ $(usex nss '' '--without-nss')
+ $(usex ntp '' '--disable-ntp')
+ $(usex nts '' '--disable-nts')
+ $(usex nts '' '--without-gnutls')
+ $(usex phc '' '--disable-phc')
+ $(usex pps '' '--disable-pps')
+ $(usex refclock '' '--disable-refclock')
+ $(usex rtc '' '--disable-rtc')
+ $(usex samba '--enable-ntp-signd' '')
+ $(usex sechash '' '--disable-sechash')
+
+ --chronysockdir="${EPREFIX}/run/chrony"
+ --docdir="${EPREFIX}/usr/share/doc/${PF}"
+ --mandir="${EPREFIX}/usr/share/man"
+ --prefix="${EPREFIX}/usr"
+ --sysconfdir="${EPREFIX}/etc/chrony"
+ --with-hwclockfile="${EPREFIX}/etc/adjtime"
+ --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
+
+ ${EXTRA_ECONF}
+ )
+
+ # Print the ./configure call
+ echo sh ./configure "${myconf[@]}" >&2
+ sh ./configure "${myconf[@]}" || die
+}
+
+src_compile() {
+ if [[ ${PV} == "9999" ]] ; then
+ # Uses w3m
+ emake -C doc man txt
+ fi
+
+ emake all docs $(usex html '' 'ADOC=true')
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
+ newconfd "${T}"/chronyd.conf chronyd
+
+ insinto /etc/${PN}
+ newins examples/chrony.conf.example1 chrony.conf
+
+ docinto examples
+ dodoc examples/*.example*
+
+ newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
+
+ if use html ; then
+ docinto html
+ dodoc doc/*.html
+ fi
+
+ keepdir /var/{lib,log}/chrony
+
+ if use caps ; then
+ # Prepare a directory for the chrony.drift file (a la ntpsec)
+ # Ensures the environment is sane on new installs
+ # bug #711058
+ fowners ntp:ntp /var/{lib,log}/chrony
+ fperms 770 /var/lib/chrony
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
+
+ systemd_dounit examples/chronyd.service
+ systemd_dounit examples/chrony-wait.service
+ systemd_enable_ntpunit 50-chrony chronyd.service
+}
+
+pkg_preinst() {
+ HAD_CAPS=0
+ HAD_SECCOMP=0
+ HAD_PRE_NEW_SECCOMP_LEVEL=0
+
+ # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5
+ # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand
+ if has_version 'net-misc/chrony[caps]' ; then
+ HAD_CAPS=1
+ fi
+
+ if has_version 'net-misc/chrony[seccomp]' ; then
+ HAD_SECCOMP=1
+ fi
+
+ if has_version '>=net-misc/chrony-4.1[seccomp]' ; then
+ # This version introduced a new filter level: -F 2
+ # It's a limited set of seccomp filters designed to be 'bare minimum'
+ HAD_PRE_NEW_SECCOMP_LEVEL=1
+ fi
+}
+
+pkg_postinst() {
+ tmpfiles_process chronyd.conf
+
+ if [[ -n "${REPLACING_VERSIONS}" ]] ; then
+ if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then
+ # bug #719876
+ ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
+ ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
+ ewarn "This is necessary for chrony to drop privileges"
+ elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then
+ ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
+ fi
+ fi
+
+ # See bug #783915 for general discussion on enabling seccomp filtering
+ # by default.
+ local show_seccomp_enable_msg=0
+
+ # Was seccomp disabled before and now enabled?
+ if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then
+ show_seccomp_enable_msg=1
+ fi
+
+ # Are we coming from an old version without the new 'minimal' filter?
+ # (-F 2)
+ if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then
+ show_seccomp_enable_msg=1
+ fi
+
+ if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then
+ elog "To enable seccomp in a stricter mode, please modify:"
+ elog "- /etc/conf.d/chronyd for OpenRC"
+ elog "- systemctl edit chronyd for systemd"
+ elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)"
+ elog "By default, we now use -F 2 which is a baseline/minimal filter."
+ fi
+}
diff --git a/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch b/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch
new file mode 100644
index 000000000000..e36a7b33186a
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.2-seccomp-rseq.patch
@@ -0,0 +1,30 @@
+https://git.tuxfamily.org/chrony/chrony.git/patch/?id=8bb8f15a7d049ed26c69d95087065b381f76ec4d
+
+From: Michael Hudson-Doyle <michael.hudson@canonical.com>
+Date: Wed, 9 Feb 2022 09:06:13 +0100
+Subject: sys_linux: allow rseq in seccomp filter
+
+Libc 2.35 will use rseq syscalls [1][2] by default and thereby
+break chrony in seccomp isolation.
+
+[1]: https://www.efficios.com/blog/2019/02/08/linux-restartable-sequences/
+[2]: https://sourceware.org/pipermail/libc-alpha/2022-February/136040.html
+
+Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Signed-off-by: Michael Hudson-Doyle <michael.hudson@canonical.com>
+Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -497,6 +497,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ SCMP_SYS(getrlimit),
+ SCMP_SYS(getuid),
+ SCMP_SYS(getuid32),
++#ifdef __NR_rseq
++ SCMP_SYS(rseq),
++#endif
+ SCMP_SYS(rt_sigaction),
+ SCMP_SYS(rt_sigreturn),
+ SCMP_SYS(rt_sigprocmask),
+cgit v0.10.2
diff --git a/net-misc/chrony/files/chrony-4.2-test-mawk.patch b/net-misc/chrony/files/chrony-4.2-test-mawk.patch
new file mode 100644
index 000000000000..3e9e2eeb422d
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.2-test-mawk.patch
@@ -0,0 +1,30 @@
+https://git.tuxfamily.org/chrony/chrony.git/patch/?id=b61cbed6895fcd3eae4c8458a69995870a22a5e0
+
+From: Vincent Blut <vincent.debian@free.fr>
+Date: Wed, 12 Jan 2022 18:08:34 +0100
+Subject: test: ensure awk commands in 008-ntpera return an integer
+
+Some awk interpreters (e.g. mawk) print long integers in exponential
+notation skewing the test result.
+
+--- a/test/simulation/008-ntpera
++++ b/test/simulation/008-ntpera
+@@ -29,7 +29,7 @@ echo "$ntp_start" | grep -q '-' && test_skip
+
+ for time_offset in -1e-1 1e-1; do
+ for start_offset in 0 "2^32 - $limit"; do
+- export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}")
++ export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}")
+ run_test || test_fail
+ check_chronyd_exit || test_fail
+ check_source_selection || test_fail
+@@ -38,7 +38,7 @@ for time_offset in -1e-1 1e-1; do
+ done
+
+ for start_offset in -$limit "2^32"; do
+- export CLKNETSIM_START_DATE=$(awk "BEGIN {print $ntp_start + $start_offset}")
++ export CLKNETSIM_START_DATE=$(awk "BEGIN {printf \"%.0f\", $ntp_start + $start_offset}")
+ run_test || test_fail
+ check_chronyd_exit || test_fail
+ check_source_selection || test_fail
+cgit v0.10.2
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2021-11-14 8:49 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2021-11-14 8:49 UTC (permalink / raw
To: gentoo-commits
commit: 0b5494d3110ca3afbb2f9981df68a9f477850134
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 14 08:48:36 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Nov 14 08:48:53 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b5494d3
net-misc/chrony: allow clone3 for glibc-2.34 (seccomp filter fix)
Bug: https://bugs.gentoo.org/823692
Signed-off-by: Sam James <sam <AT> gentoo.org>
.../{chrony-4.1-r1.ebuild => chrony-4.1-r2.ebuild} | 1 +
.../files/chrony-4.1-seccomp-glibc-2-3-4.patch | 30 ++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git a/net-misc/chrony/chrony-4.1-r1.ebuild b/net-misc/chrony/chrony-4.1-r2.ebuild
similarity index 99%
rename from net-misc/chrony/chrony-4.1-r1.ebuild
rename to net-misc/chrony/chrony-4.1-r2.ebuild
index 600250a5169f..1f5c3e41f685 100644
--- a/net-misc/chrony/chrony-4.1-r1.ebuild
+++ b/net-misc/chrony/chrony-4.1-r2.ebuild
@@ -76,6 +76,7 @@ fi
PATCHES=(
"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
"${FILESDIR}"/${PN}-4.1-systemd-gentoo.patch
+ "${FILESDIR}"/${P}-seccomp-glibc-2-3-4.patch
)
src_prepare() {
diff --git a/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch b/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
new file mode 100644
index 000000000000..56dd89b3ffdc
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.1-seccomp-glibc-2-3-4.patch
@@ -0,0 +1,30 @@
+https://git.tuxfamily.org/chrony/chrony.git/patch/?id=bbbd80bf03223f181d4abf5c8e5fe6136ab6129a
+
+From bbbd80bf03223f181d4abf5c8e5fe6136ab6129a Mon Sep 17 00:00:00 2001
+From: Miroslav Lichvar <mlichvar@redhat.com>
+Date: Mon, 9 Aug 2021 11:48:21 +0200
+Subject: sys_linux: allow clone3 and pread64 in seccomp filter
+
+These seem to be needed with the latest glibc.
+
+--- a/sys_linux.c
++++ b/sys_linux.c
+@@ -503,6 +503,9 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+
+ /* Process */
+ SCMP_SYS(clone),
++#ifdef __NR_clone3
++ SCMP_SYS(clone3),
++#endif
+ SCMP_SYS(exit),
+ SCMP_SYS(exit_group),
+ SCMP_SYS(getpid),
+@@ -595,6 +598,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context)
+ #ifdef __NR_ppoll_time64
+ SCMP_SYS(ppoll_time64),
+ #endif
++ SCMP_SYS(pread64),
+ SCMP_SYS(pselect6),
+ #ifdef __NR_pselect6_time64
+ SCMP_SYS(pselect6_time64),
+cgit v0.10.2
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2021-09-04 17:35 David Seifert
0 siblings, 0 replies; 19+ messages in thread
From: David Seifert @ 2021-09-04 17:35 UTC (permalink / raw
To: gentoo-commits
commit: c1451383d43e7a3cec646dd097309dd595601726
Author: David Seifert <soap <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 4 17:34:00 2021 +0000
Commit: David Seifert <soap <AT> gentoo <DOT> org>
CommitDate: Sat Sep 4 17:34:00 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1451383
net-misc/chrony: drop 4.0-r2
Signed-off-by: David Seifert <soap <AT> gentoo.org>
net-misc/chrony/Manifest | 2 -
net-misc/chrony/chrony-4.0-r2.ebuild | 217 ---------------------
.../files/chrony-3.5-r3-systemd-gentoo.patch | 12 --
net-misc/chrony/files/chronyd.conf | 12 --
4 files changed, 243 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 74b5ad8efb9..ee8a90b57aa 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,4 +1,2 @@
-DIST chrony-4.0.tar.gz 546939 BLAKE2B 1d4035977be3603b34024c5c1c2aa5f2b4aca03fe7dc1eb41be2e9aeefa06e20a5f74776c50bdadaffba10ae25e7980bcbd9cf2b999bd73087728afe7a80253e SHA512 a1c11a386c43f495910f7f2e9b5fbb1652c3631471d182b9b8203dfef98611d11535ad547a879856551263aed0ae2e30e4135b8ed89553684706166bc1c725c9
-DIST chrony-4.0.tar.gz.asc 195 BLAKE2B 1947a73f35eb5c58f91775d76473210a7b5edff5b808e360eb0c3724351c54ac4f187a2aa4450830130da718c6a0c488baa170ca87e7e6eac781d85c67b3773f SHA512 c3156d91f4fdb6f9e2fdbc83b1399afb0ecdfa9b7bc92648c5bce477c3f0f921d2a13aa21ac6c281f18b008c60f08e3db6d82b642b646f064aea1dbe19295c4c
DIST chrony-4.1.tar.gz 564648 BLAKE2B f9c4b44c521ee592c109b8a3d500b9cb3ea4fbf0d7dce9d8754498ad41ce2ac87c913cf72a38557ce5f28208672163b21b067307f723fd91cc91d71f69e739ef SHA512 5e283d6a56e6852606c681a7c29c5786b102d584178cbd7033ebbc95a8e95533605631363b850a3087cca438a5878db7a317f120aab2fd856487d02fccfbcb1f
DIST chrony-4.1.tar.gz.asc 833 BLAKE2B 6d800ae436523f61cd713cdd12cf0246db53e732554433d5ef6cf1a437296ee9d0da3b2e9e72d1ccb0e3a6b1ee1227e5d1626bf031b0491670ee0712e17c57ff SHA512 82faf9171d782c18224d2d44b340994b0ddab141e88cc803dea83d0ffbb6468bc51e8b11c8dd9bd327220cae04f7d789b58ab23141a2bdf038ce628f9adeb57a
diff --git a/net-misc/chrony/chrony-4.0-r2.ebuild b/net-misc/chrony/chrony-4.0-r2.ebuild
deleted file mode 100644
index 693ea18334e..00000000000
--- a/net-misc/chrony/chrony-4.0-r2.ebuild
+++ /dev/null
@@ -1,217 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
-
-if [[ ${PV} == "9999" ]]; then
- EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
- inherit git-r3
-else
- VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/mlichvar.asc
- inherit verify-sig
-
- SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P}-tar-gz-asc.txt -> ${P}.tar.gz.asc )"
- KEYWORDS="~alpha amd64 arm arm64 ~hppa ~mips ppc ppc64 sparc x86"
-fi
-
-S="${WORKDIR}/${P/_/-}"
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="+caps +cmdmon debug html ipv6 libedit +nettle nss +ntp +phc +nts pps +refclock +rtc samba +seccomp +sechash selinux libtomcrypt"
-# nettle > nss > libtomcrypt in configure
-REQUIRED_USE="
- sechash? ( || ( nettle nss libtomcrypt ) )
- nettle? ( !nss )
- nss? ( !nettle )
- libtomcrypt? ( !nettle !nss )
- !sechash? ( !nss )
- !sechash? ( !nts? ( !nettle ) )
- nts? ( nettle )
-"
-
-BDEPEND="
- nettle? ( virtual/pkgconfig )
-"
-
-if [[ ${PV} == "9999" ]]; then
- # Needed for doc generation in 9999
- REQUIRED_USE+=" html"
- BDEPEND+=" virtual/w3m"
-else
- BDEPEND+=" verify-sig? ( <=app-crypt/openpgp-keys-mlichvar-20210416 )"
-fi
-
-DEPEND="
- caps? (
- acct-group/ntp
- acct-user/ntp
- sys-libs/libcap
- )
- nts? ( net-libs/gnutls:= )
- libedit? ( dev-libs/libedit )
- nettle? ( dev-libs/nettle:= )
- nss? ( dev-libs/nss:= )
- seccomp? ( sys-libs/libseccomp )
- html? ( dev-ruby/asciidoctor )
- pps? ( net-misc/pps-tools )
-"
-RDEPEND="
- ${DEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
-)
-
-src_prepare() {
- default
-
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf || die
-}
-
-src_configure() {
- if ! use caps; then
- sed -i \
- -e 's/ -u ntp//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- if ! use seccomp; then
- sed -i \
- -e 's/ -F 0//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- tc-export CC PKG_CONFIG
-
- # Update from time to time with output from "date +%s"
- # on a system that is time-synced.
- export SOURCE_DATE_EPOCH=1607976314
-
- # not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
- $(usex caps '' --disable-linuxcaps)
- $(usex cmdmon '' --disable-cmdmon)
- $(usex debug '--enable-debug' '')
- $(usex ipv6 '' --disable-ipv6)
- $(usex libedit '' --without-editline)
- $(usex nettle '' --without-nettle)
- $(usex nss '' --without-nss)
- $(usex ntp '' --disable-ntp)
- $(usex nts '' --disable-nts)
- $(usex nts '' --without-gnutls)
- $(usex phc '' --disable-phc)
- $(usex pps '' --disable-pps)
- $(usex refclock '' --disable-refclock)
- $(usex rtc '' --disable-rtc)
- $(usex samba --enable-ntp-signd '')
- $(usex sechash '' --disable-sechash)
- $(usex libtomcrypt '' --without-tomcrypt)
- --chronysockdir="${EPREFIX}/run/chrony"
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-hwclockfile="${EPREFIX}/etc/adjtime"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
- ${EXTRA_ECONF}
- )
-
- # print the ./configure call
- echo sh ./configure "${myconf[@]}" >&2
- sh ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- if [[ ${PV} == "9999" ]]; then
- # uses w3m
- emake -C doc man txt
- fi
-
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- fowners ntp:ntp /var/{lib,log}/chrony
- fperms 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=false
- HAD_SECCOMP=false
-
- if has_version 'net-misc/chrony[caps]' ; then
- HAD_CAPS=true
- fi
-
- if has_version 'net-misc/chrony[seccomp]' ; then
- HAD_SECCOMP=true
- fi
-
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n "${REPLACING_VERSIONS}" ]] ; then
- if use caps && ! ${HAD_CAPS} ; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- elif ! use caps && ! ${HAD_CAPS} ; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
- fi
- fi
-
- if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then
- elog "To enable seccomp in enforcing mode, please modify:"
- elog "- /etc/conf.d/chronyd for OpenRC"
- elog "- systemctl edit chronyd for systemd"
- elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)"
- fi
-}
diff --git a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
deleted file mode 100644
index a3a2962ddd1..00000000000
--- a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/examples/chronyd.service
-+++ b/examples/chronyd.service
-@@ -8,8 +8,7 @@
- [Service]
- Type=forking
- PIDFile=/run/chrony/chronyd.pid
--EnvironmentFile=-/etc/sysconfig/chronyd
--ExecStart=/usr/sbin/chronyd $OPTIONS
-+ExecStart=/usr/sbin/chronyd -u ntp -F 0
- PrivateTmp=yes
- ProtectHome=yes
- ProtectSystem=full
diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf
deleted file mode 100644
index d017660d599..00000000000
--- a/net-misc/chrony/files/chronyd.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# /etc/conf.d/chronyd
-
-CFGFILE="/etc/chrony/chrony.conf"
-
-# Configuration dependant options :
-# -s - Set system time from RTC if rtcfile directive present
-# -r - Reload sample histories if dumponexit directive present
-#
-# The combination of "-s -r" allows chronyd to perform long term averaging of
-# the gain or loss rate across system reboots and shutdowns.
-
-ARGS=" -u ntp -F 0"
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2021-05-13 16:15 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2021-05-13 16:15 UTC (permalink / raw
To: gentoo-commits
commit: 8aa0d8a92ee4568de9d6c431b5fa8c2263f750ee
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May 13 14:24:34 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May 13 16:14:07 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8aa0d8a9
net-misc/chrony: add 4.1
Enables seccomp by default with the new upstream limited
filter range (-F 2). Please use -F 1 if you can test it and
it works on your system.
Bug: https://bugs.gentoo.org/783915
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/chrony/Manifest | 2 +
net-misc/chrony/chrony-4.1.ebuild | 252 +++++++++++++++++++++
.../chrony/files/chrony-4.1-systemd-gentoo.patch | 12 +
net-misc/chrony/files/chronyd.conf-r3 | 12 +
4 files changed, 278 insertions(+)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index d898b8aa015..ca17156141a 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -2,3 +2,5 @@ DIST chrony-4.0.tar.gz 546939 BLAKE2B 1d4035977be3603b34024c5c1c2aa5f2b4aca03fe7
DIST chrony-4.0.tar.gz.asc 195 BLAKE2B 1947a73f35eb5c58f91775d76473210a7b5edff5b808e360eb0c3724351c54ac4f187a2aa4450830130da718c6a0c488baa170ca87e7e6eac781d85c67b3773f SHA512 c3156d91f4fdb6f9e2fdbc83b1399afb0ecdfa9b7bc92648c5bce477c3f0f921d2a13aa21ac6c281f18b008c60f08e3db6d82b642b646f064aea1dbe19295c4c
DIST chrony-4.1-pre1.tar.gz 563277 BLAKE2B 474d27d0e402d83bda52125940b8205119519b93571e6b8df3fea5eeb5f1f3babbcc40bc81db77bc345830d5e9528ad087ff539026a1a585ce220feeb851e978 SHA512 03e28e6651d6aa3c99333b94ee503843c3a69b8c8366bf647c41a3a9e34e987c440e289ec16e5c62c2a7405271bddc533efbd59d6c6ab43712c8908dfb86322e
DIST chrony-4.1-pre1.tar.gz.asc 195 BLAKE2B 4a06b35be3257a52cc824e2acfdff32b6598d1744bc23418e89291d71d6d9a86c35559eab26034ce2e05c4152ffb691b5ec4104dc339821e93523c33c8cbdd72 SHA512 8eb695c3f85f90d02b22b1202c8766347289a6da1d0658a3d89eed90202799bcfc647b96e5f931fb862011e85feed5f4914b39e45a3e20f01827509fe271a2d7
+DIST chrony-4.1.tar.gz 564648 BLAKE2B f9c4b44c521ee592c109b8a3d500b9cb3ea4fbf0d7dce9d8754498ad41ce2ac87c913cf72a38557ce5f28208672163b21b067307f723fd91cc91d71f69e739ef SHA512 5e283d6a56e6852606c681a7c29c5786b102d584178cbd7033ebbc95a8e95533605631363b850a3087cca438a5878db7a317f120aab2fd856487d02fccfbcb1f
+DIST chrony-4.1.tar.gz.asc 833 BLAKE2B 6d800ae436523f61cd713cdd12cf0246db53e732554433d5ef6cf1a437296ee9d0da3b2e9e72d1ccb0e3a6b1ee1227e5d1626bf031b0491670ee0712e17c57ff SHA512 82faf9171d782c18224d2d44b340994b0ddab141e88cc803dea83d0ffbb6468bc51e8b11c8dd9bd327220cae04f7d789b58ab23141a2bdf038ce628f9adeb57a
diff --git a/net-misc/chrony/chrony-4.1.ebuild b/net-misc/chrony/chrony-4.1.ebuild
new file mode 100644
index 00000000000..0870f5908e7
--- /dev/null
+++ b/net-misc/chrony/chrony-4.1.ebuild
@@ -0,0 +1,252 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd tmpfiles toolchain-funcs
+
+DESCRIPTION="NTP client and server programs"
+HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"
+
+if [[ ${PV} == "9999" ]] ; then
+ EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
+ inherit git-r3
+else
+ VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/mlichvar.asc
+ inherit verify-sig
+
+ SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
+ SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )"
+
+ if [[ ${PV} != *_pre* ]] ; then
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86"
+ fi
+fi
+
+S="${WORKDIR}/${P/_/-}"
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux"
+# nettle > nss > libtomcrypt in configure
+REQUIRED_USE="
+ sechash? ( || ( nettle nss libtomcrypt ) )
+ nettle? ( !nss )
+ nss? ( !nettle )
+ libtomcrypt? ( !nettle !nss )
+ !sechash? ( !nss )
+ !sechash? ( !nts? ( !nettle ) )
+"
+
+DEPEND="
+ caps? (
+ acct-group/ntp
+ acct-user/ntp
+ sys-libs/libcap
+ )
+ libedit? ( dev-libs/libedit )
+ !libedit? ( sys-libs/readline:= )
+ nettle? ( dev-libs/nettle:= )
+ nss? ( dev-libs/nss:= )
+ nts? ( net-libs/gnutls:= )
+ pps? ( net-misc/pps-tools )
+ seccomp? ( sys-libs/libseccomp )
+"
+RDEPEND="
+ ${DEPEND}
+ selinux? ( sec-policy/selinux-chronyd )
+"
+BDEPEND="
+ html? ( dev-ruby/asciidoctor )
+ nts? ( virtual/pkgconfig )
+ sechash? (
+ nettle? ( virtual/pkgconfig )
+ nss? ( virtual/pkgconfig )
+ )
+"
+
+if [[ ${PV} == "9999" ]] ; then
+ # Needed for doc generation in 9999
+ REQUIRED_USE+=" html"
+ BDEPEND+=" virtual/w3m"
+else
+ BDEPEND+=" verify-sig? ( >=app-crypt/openpgp-keys-mlichvar-20210513 )"
+fi
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
+ "${FILESDIR}"/${PN}-4.1-systemd-gentoo.patch
+)
+
+src_prepare() {
+ default
+
+ sed -i \
+ -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
+ doc/* examples/* || die
+
+ cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die
+}
+
+src_configure() {
+ if ! use caps ; then
+ sed -i \
+ -e 's/ -u ntp//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
+ fi
+
+ if ! use seccomp ; then
+ sed -i \
+ -e 's/ -F 0//' \
+ "${T}"/chronyd.conf examples/chronyd.service || die
+ fi
+
+ tc-export CC PKG_CONFIG
+
+ # Update from time to time with output from "date +%s"
+ # on a system that is time-synced.
+ export SOURCE_DATE_EPOCH=1607976314
+
+ # Not an autotools generated script
+ local myconf=(
+ $(use_enable seccomp scfilter)
+
+ $(usex caps '' '--disable-linuxcaps')
+ $(usex cmdmon '' '--disable-cmdmon')
+ $(usex debug '--enable-debug' '')
+ $(usex ipv6 '' '--disable-ipv6')
+ $(usex libedit '' '--without-editline')
+ $(usex libtomcrypt '' '--without-tomcrypt')
+ $(usex nettle '' '--without-nettle')
+ $(usex nss '' '--without-nss')
+ $(usex ntp '' '--disable-ntp')
+ $(usex nts '' '--disable-nts')
+ $(usex nts '' '--without-gnutls')
+ $(usex phc '' '--disable-phc')
+ $(usex pps '' '--disable-pps')
+ $(usex refclock '' '--disable-refclock')
+ $(usex rtc '' '--disable-rtc')
+ $(usex samba '--enable-ntp-signd' '')
+ $(usex sechash '' '--disable-sechash')
+
+ --chronysockdir="${EPREFIX}/run/chrony"
+ --docdir="${EPREFIX}/usr/share/doc/${PF}"
+ --mandir="${EPREFIX}/usr/share/man"
+ --prefix="${EPREFIX}/usr"
+ --sysconfdir="${EPREFIX}/etc/chrony"
+ --with-hwclockfile="${EPREFIX}/etc/adjtime"
+ --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
+
+ ${EXTRA_ECONF}
+ )
+
+ # Print the ./configure call
+ echo sh ./configure "${myconf[@]}" >&2
+ sh ./configure "${myconf[@]}" || die
+}
+
+src_compile() {
+ if [[ ${PV} == "9999" ]] ; then
+ # Uses w3m
+ emake -C doc man txt
+ fi
+
+ emake all docs $(usex html '' 'ADOC=true')
+}
+
+src_install() {
+ default
+
+ newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
+ newconfd "${T}"/chronyd.conf chronyd
+
+ insinto /etc/${PN}
+ newins examples/chrony.conf.example1 chrony.conf
+
+ docinto examples
+ dodoc examples/*.example*
+
+ newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
+
+ if use html ; then
+ docinto html
+ dodoc doc/*.html
+ fi
+
+ keepdir /var/{lib,log}/chrony
+
+ if use caps ; then
+ # Prepare a directory for the chrony.drift file (a la ntpsec)
+ # Ensures the environment is sane on new installs
+ # bug #711058
+ fowners ntp:ntp /var/{lib,log}/chrony
+ fperms 770 /var/lib/chrony
+ fi
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
+
+ systemd_dounit examples/chronyd.service
+ systemd_dounit examples/chrony-wait.service
+ systemd_enable_ntpunit 50-chrony chronyd.service
+}
+
+pkg_preinst() {
+ HAD_CAPS=0
+ HAD_SECCOMP=0
+ HAD_PRE_NEW_SECCOMP_LEVEL=0
+
+ # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5
+ # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand
+ if has_version 'net-misc/chrony[caps]' ; then
+ HAD_CAPS=1
+ fi
+
+ if has_version 'net-misc/chrony[seccomp]' ; then
+ HAD_SECCOMP=1
+ fi
+
+ if has_version '>=net-misc/chrony-4.1[seccomp]' ; then
+ # This version introduced a new filter level: -F 2
+ # It's a limited set of seccomp filters designed to be 'bare minimum'
+ HAD_PRE_NEW_SECCOMP_LEVEL=1
+ fi
+}
+
+pkg_postinst() {
+ tmpfiles_process chronyd.conf
+
+ if [[ -n "${REPLACING_VERSIONS}" ]] ; then
+ if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then
+ # bug #719876
+ ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
+ ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
+ ewarn "This is necessary for chrony to drop privileges"
+ elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then
+ ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root"
+ fi
+ fi
+
+ # See bug #783915 for general discussion on enabling seccomp filtering
+ # by default.
+ local show_seccomp_enable_msg=0
+
+ # Was seccomp disabled before and now enabled?
+ if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then
+ show_seccomp_enable_msg=1
+ fi
+
+ # Are we coming from an old version without the new 'minimal' filter?
+ # (-F 2)
+ if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then
+ show_seccomp_enable_msg=1
+ fi
+
+ if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then
+ elog "To enable seccomp in a stricter mode, please modify:"
+ elog "- /etc/conf.d/chronyd for OpenRC"
+ elog "- systemctl edit chronyd for systemd"
+ elog "By default, we now use -F 2 which is a baseline/minimal filter."
+ elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)"
+ fi
+}
diff --git a/net-misc/chrony/files/chrony-4.1-systemd-gentoo.patch b/net-misc/chrony/files/chrony-4.1-systemd-gentoo.patch
new file mode 100644
index 00000000000..ff3b320d1e4
--- /dev/null
+++ b/net-misc/chrony/files/chrony-4.1-systemd-gentoo.patch
@@ -0,0 +1,12 @@
+--- a/examples/chronyd.service
++++ b/examples/chronyd.service
+@@ -8,8 +8,7 @@
+ [Service]
+ Type=forking
+ PIDFile=/run/chrony/chronyd.pid
+-EnvironmentFile=-/etc/sysconfig/chronyd
+-ExecStart=/usr/sbin/chronyd $OPTIONS
++ExecStart=/usr/sbin/chronyd -u ntp -F 2
+ PrivateTmp=yes
+ ProtectHome=yes
+ ProtectSystem=full
diff --git a/net-misc/chrony/files/chronyd.conf-r3 b/net-misc/chrony/files/chronyd.conf-r3
new file mode 100644
index 00000000000..25a4758954e
--- /dev/null
+++ b/net-misc/chrony/files/chronyd.conf-r3
@@ -0,0 +1,12 @@
+# /etc/conf.d/chronyd
+
+CFGFILE="/etc/chrony/chrony.conf"
+
+# Configuration dependant options :
+# -s - Set system time from RTC if rtcfile directive present
+# -r - Reload sample histories if dumponexit directive present
+#
+# The combination of "-s -r" allows chronyd to perform long term averaging of
+# the gain or loss rate across system reboots and shutdowns.
+
+ARGS=" -u ntp -F 2"
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-12-20 6:29 Sam James
0 siblings, 0 replies; 19+ messages in thread
From: Sam James @ 2020-12-20 6:29 UTC (permalink / raw
To: gentoo-commits
commit: b4b89d0fd4d27f5e7798a79a38bee223f549dbfc
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 20 06:27:31 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Dec 20 06:27:31 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4b89d0f
net-misc/chrony: cleanup old
Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>
net-misc/chrony/Manifest | 1 -
net-misc/chrony/chrony-3.5.1-r1.ebuild | 196 ---------------------------------
net-misc/chrony/files/chronyd.init | 65 -----------
3 files changed, 262 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index f52b2b3f5f6..d338cb37157 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,2 +1 @@
-DIST chrony-3.5.1.tar.gz 459902 BLAKE2B 503402c0dd68a340eb5ecd8b57dcb83d90124f31e8deb6e20bd1e9ed19b5dc952fa7f40a697d0d0cb77c349c9f3297dcd32265d77670a71836ba8709dcc83053 SHA512 489cf614bfb2c1e024343af1316c339b287ed5c7b6cec15b44ef3d90512036fb1da3fd627d291a193c59d9c5c095afa66c529eeb6fd0c1bbc8256ed8873b7984
DIST chrony-4.0.tar.gz 546939 BLAKE2B 1d4035977be3603b34024c5c1c2aa5f2b4aca03fe7dc1eb41be2e9aeefa06e20a5f74776c50bdadaffba10ae25e7980bcbd9cf2b999bd73087728afe7a80253e SHA512 a1c11a386c43f495910f7f2e9b5fbb1652c3631471d182b9b8203dfef98611d11535ad547a879856551263aed0ae2e30e4135b8ed89553684706166bc1c725c9
diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
deleted file mode 100644
index ca404b746fd..00000000000
--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
+++ /dev/null
@@ -1,196 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/"
-
-if [[ ${PV} == "9999" ]]; then
- EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"
-
- inherit git-r3
-else
- SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
- KEYWORDS="~alpha amd64 arm arm64 hppa ppc ppc64 sparc x86"
-fi
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="
- +caps +cmdmon html ipv6 libedit +nettle +ntp +phc pps readline +refclock
- +rtc samba +seccomp +sechash selinux
-"
-REQUIRED_USE="
- ?? ( libedit readline )
- sechash? ( nettle )
-"
-RESTRICT=test
-CDEPEND="
- caps? ( acct-group/ntp acct-user/ntp sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- nettle? ( dev-libs/nettle:= )
- readline? ( >=sys-libs/readline-4.1-r4:= )
- seccomp? ( sys-libs/libseccomp )
-"
-DEPEND="
- ${CDEPEND}
- html? ( dev-ruby/asciidoctor )
- pps? ( net-misc/pps-tools )
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-BDEPEND="
- nettle? ( virtual/pkgconfig )
-"
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
-)
-S="${WORKDIR}/${P/_/-}"
-
-if [[ ${PV} == "9999" ]]; then
- BDEPEND+=" virtual/w3m"
-fi
-
-src_prepare() {
- default
-
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- sed -i \
- -e 's|RELOADDNS||g' \
- -e 's|pkg-config|${PKG_CONFIG}|g' \
- configure || die
-
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf || die
-}
-
-src_configure() {
- if ! use caps; then
- sed -i \
- -e 's/ -u ntp//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- if ! use seccomp; then
- sed -i \
- -e 's/ -F 0//' \
- "${T}"/chronyd.conf examples/chronyd.service || die
- fi
-
- tc-export CC PKG_CONFIG
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # Note: ncurses and nss switches are mentioned in the configure script but
- # do nothing
- # not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
- $(usex caps '' --disable-linuxcaps)
- $(usex cmdmon '' --disable-cmdmon)
- $(usex ipv6 '' --disable-ipv6)
- $(usex nettle '' --without-nettle)
- $(usex ntp '' --disable-ntp)
- $(usex phc '' --disable-phc)
- $(usex pps '' --disable-pps)
- $(usex refclock '' --disable-refclock)
- $(usex rtc '' --disable-rtc)
- $(usex samba --enable-ntp-signd '')
- $(usex sechash '' --disable-sechash)
- ${CHRONY_EDITLINE}
- ${EXTRA_ECONF}
- --chronysockdir="${EPREFIX}/run/chrony"
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-hwclockfile="${EPREFIX}/etc/adjtime"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
- --without-nss
- --without-tomcrypt
- )
-
- # print the ./configure call
- echo sh ./configure "${myconf[@]}" >&2
- sh ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- if [[ ${PV} == "9999" ]]; then
- # uses w3m
- emake -C doc man txt
- fi
-
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- fowners ntp:ntp /var/{lib,log}/chrony
- fperms 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=false
-
- if has_version 'net-misc/chrony[caps]'; then
- HAD_CAPS=true
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n ${REPLACING_VERSIONS} ]] && use caps && ! ${HAD_CAPS}; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- fi
-}
diff --git a/net-misc/chrony/files/chronyd.init b/net-misc/chrony/files/chronyd.init
deleted file mode 100644
index 3a71fe748fd..00000000000
--- a/net-misc/chrony/files/chronyd.init
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- use dns
-}
-
-checkconfig() {
- # Note that /etc/chrony/chrony.keys is *NOT* checked. This
- # is because the user may have specified another key
- # file, and we don't want to force the user to use that
- # exact name for the key file.
- if [ ! -f "${CFGFILE}" ] ; then
- eerror "Please create ${CFGFILE} and the"
- eerror "chrony key file (usually /etc/chrony/chrony.keys)"
- eerror "by using the"
- eerror ""
- eerror " chrony.conf.example"
- eerror " chrony.keys.example"
- eerror ""
- eerror "files (from the documentation directory)"
- eerror "as templates."
- return 1
- else
- # Actually, I tried it, and chrony seems to ignore the pidfile
- # option. I'm going to leave it here anyway, since you never
- # know if it might be handy
- PIDFILE=`awk '/^ *pidfile/{print $2}' "${CFGFILE}"`
- fi
- return 0
-}
-
-setxtrarg() {
- if [ -c /dev/rtc ]; then
- grep -q '^rtcfile' "${CFGFILE}" && ARGS="${ARGS} -s"
- fi
- grep -q '^dumponexit$' "${CFGFILE}" && ARGS="${ARGS} -r"
- return 0
-}
-
-start() {
- checkconfig || return $?
- setxtrarg
-
- [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid
-
- ebegin "Starting chronyd"
- start-stop-daemon --start --background --quiet \
- --exec /usr/sbin/chronyd \
- --pidfile "${PIDFILE}" \
- -- -f "${CFGFILE}" ${ARGS}
- eend $? "Failed to start chronyd"
-}
-
-stop() {
- checkconfig || return $?
-
- [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid
-
- ebegin "Stopping chronyd"
- start-stop-daemon --stop --quiet \
- --pidfile "${PIDFILE}"
- eend $? "Failed to stop chronyd"
-}
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-09-02 15:51 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2020-09-02 15:51 UTC (permalink / raw
To: gentoo-commits
commit: 0e1caaf3bc2225e4703cd9c66adf90ba3882836e
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed Sep 2 15:30:10 2020 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed Sep 2 15:51:37 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e1caaf3
net-misc/chrony: Old
Package-Manager: Portage-3.0.5, Repoman-3.0.1
Bug: https://bugs.gentoo.org/738154
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/Manifest | 1 -
net-misc/chrony/chrony-3.5-r2.ebuild | 127 ---------------
net-misc/chrony/chrony-3.5-r4.ebuild | 172 ---------------------
.../chrony/files/chrony-3.5-systemd-gentoo.patch | 12 --
net-misc/chrony/metadata.xml | 1 -
5 files changed, 313 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 9f6cb8529de..3f68dddc784 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,3 +1,2 @@
DIST chrony-3.5.1.tar.gz 459902 BLAKE2B 503402c0dd68a340eb5ecd8b57dcb83d90124f31e8deb6e20bd1e9ed19b5dc952fa7f40a697d0d0cb77c349c9f3297dcd32265d77670a71836ba8709dcc83053 SHA512 489cf614bfb2c1e024343af1316c339b287ed5c7b6cec15b44ef3d90512036fb1da3fd627d291a193c59d9c5c095afa66c529eeb6fd0c1bbc8256ed8873b7984
-DIST chrony-3.5.tar.gz 458226 BLAKE2B 611f21e36c6e745208e00eba988519fcd912c6c0c3518c953591f43224dc3da79f627027a6cd4bf9c4227e9f8659a69adbdb634252ff3920d2ef677e32012456 SHA512 c4f6376a44d71b6ac2b6d86e3d6fb4348642faeef7f3f3a4d6431627b5645efcc868b005cc398c8292bc3b63a1161fbd1a042c6ac2a0595843f908fe32eed90c
DIST chrony-4.0-pre3.tar.gz 539117 BLAKE2B f26fcac8e29322151251e60b385a815c53155f163d7ed1e1269f90f3418c59ec8f4952b1bba1203549607c63bb373cbaab17af933e02e659eced91827519bc6b SHA512 e52f2454b0cbe60ab7c8975deba499f1ff2e84cd1c3d0a0fb208f11f12ca762f2d0cd74af7aacc8022e628cdeaa4ac388fdd134715cc3e274b3818d5c12da460
diff --git a/net-misc/chrony/chrony-3.5-r2.ebuild b/net-misc/chrony/chrony-3.5-r2.ebuild
deleted file mode 100644
index 3bc2bacb283..00000000000
--- a/net-misc/chrony/chrony-3.5-r2.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit systemd toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/"
-SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~alpha amd64 arm hppa ppc ppc64 sparc x86"
-IUSE="
- +adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
- seccomp selinux
-"
-REQUIRED_USE="
- ?? ( libedit readline )
-"
-
-CDEPEND="
- caps? ( sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- readline? ( >=sys-libs/readline-4.1-r4:= )
- seccomp? ( sys-libs/libseccomp )
-"
-DEPEND="
- ${CDEPEND}
- html? ( dev-ruby/asciidoctor )
- pps? ( net-misc/pps-tools )
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-RESTRICT=test
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
-)
-
-src_prepare() {
- default
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-}
-
-src_configure() {
- tc-export CC
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
- $(usex adns '' --disable-asyncdns)
- $(usex caps '' --disable-linuxcaps)
- $(usex cmdmon '' --disable-cmdmon)
- $(usex ipv6 '' --disable-ipv6)
- $(usex ntp '' --disable-ntp)
- $(usex phc '' --disable-phc)
- $(usex pps '' --disable-pps)
- $(usex refclock '' --disable-refclock)
- $(usex rtc '' --disable-rtc)
- ${CHRONY_EDITLINE}
- ${EXTRA_ECONF}
- --chronysockdir="${EPREFIX}/run/chrony"
- --disable-sechash
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
- --without-nss
- --without-tomcrypt
- )
-
- # print the ./configure call to aid in future debugging
- echo bash ./configure "${myconf[@]}" >&2
- bash ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- if use html; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit examples/{chronyd,chrony-wait}.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
diff --git a/net-misc/chrony/chrony-3.5-r4.ebuild b/net-misc/chrony/chrony-3.5-r4.ebuild
deleted file mode 100644
index fa28cf69009..00000000000
--- a/net-misc/chrony/chrony-3.5-r4.ebuild
+++ /dev/null
@@ -1,172 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit systemd tmpfiles toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="https://chrony.tuxfamily.org/"
-SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
-IUSE="
- +adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
- +seccomp selinux
-"
-REQUIRED_USE="
- ?? ( libedit readline )
-"
-
-CDEPEND="
- caps? ( acct-group/ntp acct-user/ntp sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- readline? ( >=sys-libs/readline-4.1-r4:= )
- seccomp? ( sys-libs/libseccomp )
-"
-DEPEND="
- ${CDEPEND}
- html? ( dev-ruby/asciidoctor )
- pps? ( net-misc/pps-tools )
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-RESTRICT=test
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
- "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
-)
-
-src_prepare() {
- default
- sed -i \
- -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
- doc/* examples/* || die
-
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
-
- # Set config for privdrop
- if ! use caps; then
- sed -i \
- -e 's/-u ntp//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
- fi
-
- if ! use seccomp; then
- sed -i \
- -e 's/-F 1//' \
- "${T}"/chronyd.conf "${T}"/chronyd.service || die
- fi
-}
-
-src_configure() {
- tc-export CC
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # not an autotools generated script
- local myconf=(
- $(use_enable seccomp scfilter)
- $(usex adns '' --disable-asyncdns)
- $(usex caps '' --disable-linuxcaps)
- $(usex cmdmon '' --disable-cmdmon)
- $(usex ipv6 '' --disable-ipv6)
- $(usex ntp '' --disable-ntp)
- $(usex phc '' --disable-phc)
- $(usex pps '' --disable-pps)
- $(usex refclock '' --disable-refclock)
- $(usex rtc '' --disable-rtc)
- ${CHRONY_EDITLINE}
- ${EXTRA_ECONF}
- --chronysockdir="${EPREFIX}/run/chrony"
- --disable-sechash
- --docdir="${EPREFIX}/usr/share/doc/${PF}"
- --mandir="${EPREFIX}/usr/share/man"
- --prefix="${EPREFIX}/usr"
- --sysconfdir="${EPREFIX}/etc/chrony"
- --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
- --without-nss
- --without-tomcrypt
- )
-
- # print the ./configure call to aid in future debugging
- echo bash ./configure "${myconf[@]}" >&2
- bash ./configure "${myconf[@]}" || die
-}
-
-src_compile() {
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${T}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
-
- if use html; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- if use caps; then
- # Prepare a directory for the chrony.drift file (a la ntpsec)
- # Ensures the environment is sane on new installs
- fowners ntp:ntp /var/{lib,log}/chrony
- fperms 770 /var/lib/chrony
- fi
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_dounit "${T}"/chronyd.service
- systemd_dounit examples/chrony-wait.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
-
-pkg_preinst() {
- HAD_CAPS=false
-
- if has_version 'net-misc/chrony[caps]'; then
- HAD_CAPS=true
- fi
-}
-
-pkg_postinst() {
- tmpfiles_process chronyd.conf
-
- if [[ -n ${REPLACING_VERSIONS} ]] && use caps && ! ${HAD_CAPS}; then
- ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
- ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
- ewarn "This is necessary for chrony to drop privileges"
- fi
-}
diff --git a/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch
deleted file mode 100644
index addba4ca1a9..00000000000
--- a/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/examples/chronyd.service
-+++ b/examples/chronyd.service
-@@ -8,8 +8,7 @@
- [Service]
- Type=forking
- PIDFile=/run/chrony/chronyd.pid
--EnvironmentFile=-/etc/sysconfig/chronyd
--ExecStart=/usr/sbin/chronyd $OPTIONS
-+ExecStart=/usr/sbin/chronyd
- PrivateTmp=yes
- ProtectHome=yes
- ProtectSystem=full
diff --git a/net-misc/chrony/metadata.xml b/net-misc/chrony/metadata.xml
index d13933dc6d5..9b7e225c3ad 100644
--- a/net-misc/chrony/metadata.xml
+++ b/net-misc/chrony/metadata.xml
@@ -18,7 +18,6 @@ Chrony はコンピュータのシステム・クロックの精度を保つた
な接続でも機能します。
</longdescription>
<use>
-<flag name="adns">Support for asynchronous DNS</flag>
<flag name="cmdmon">Support for command and monitoring</flag>
<flag name="html">Install HTML documentation</flag>
<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> for hash functions</flag>
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-08-31 8:40 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2020-08-31 8:40 UTC (permalink / raw
To: gentoo-commits
commit: 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 31 08:35:47 2020 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Mon Aug 31 08:39:58 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fbce484
net-misc/chrony: Disable non-default seccomp filter option
With `-F 1' chronyd sets up a syscall filter and has itself killed when
a "forbidden" syscall is made. Since we cannot control that (as
explained in the chronyd(8) manual) we should disable the filter by
default.
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Bug: https://bugs.gentoo.org/739714
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/chrony-3.5.1-r1.ebuild | 11 ++++++-----
net-misc/chrony/chrony-4.0_pre3.ebuild | 11 ++++++-----
net-misc/chrony/chrony-9999.ebuild | 11 ++++++-----
net-misc/chrony/files/chronyd.conf-r1 | 2 +-
4 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
index f112b330706..f0c66705c22 100644
--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild
index f08fcf89f2e..e8f5a46d753 100644
--- a/net-misc/chrony/chrony-4.0_pre3.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index f08fcf89f2e..e8f5a46d753 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -67,13 +67,14 @@ src_prepare() {
-e 's|pkg-config|${PKG_CONFIG}|g' \
configure || die
- # Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
- cp examples/chronyd.service "${T}"/chronyd.service
+ sed \
+ -e 's/-F 1/-F 0/' \
+ examples/chronyd.service > "${T}"/chronyd.service || die
+
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die
}
src_configure() {
- # Set config for privdrop
if ! use caps; then
sed -i \
-e 's/-u ntp//' \
@@ -82,7 +83,7 @@ src_configure() {
if ! use seccomp; then
sed -i \
- -e 's/-F 1//' \
+ -e 's/-F 0//' \
"${T}"/chronyd.conf "${T}"/chronyd.service || die
fi
diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1
index c04f3525f0b..2783f29e684 100644
--- a/net-misc/chrony/files/chronyd.conf-r1
+++ b/net-misc/chrony/files/chronyd.conf-r1
@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
# The combination of "-s -r" allows chronyd to perform long term averaging of
# the gain or loss rate across system reboots and shutdowns.
-ARGS="-u ntp -F 1"
+ARGS="-u ntp -F 0"
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-05-02 10:43 Thomas Deutschmann
0 siblings, 0 replies; 19+ messages in thread
From: Thomas Deutschmann @ 2020-05-02 10:43 UTC (permalink / raw
To: gentoo-commits
commit: c3d88f854528be87d8bb689c5dc456a3aab2d64f
Author: Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Sun Apr 19 20:54:06 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat May 2 10:43:27 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c3d88f85
net-misc/chrony: Fix paths to config file
OpenRC only; systemd unaffected by issue.
New "capsified" versions will use new config file, current stable
chrony now has a fixed file.
Revbump is complicated here given -r3, ..., already exists.
This should not have affected many users so this seems like
the simplest solution.
Closes: https://bugs.gentoo.org/719876
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
net-misc/chrony/chrony-3.5-r4.ebuild | 2 +-
net-misc/chrony/chrony-4.0_pre1-r2.ebuild | 2 +-
net-misc/chrony/chrony-4.0_pre2-r1.ebuild | 2 +-
net-misc/chrony/chrony-9999.ebuild | 2 +-
net-misc/chrony/files/chronyd.conf | 2 +-
net-misc/chrony/files/{chronyd.conf => chronyd.conf-r1} | 0
6 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/net-misc/chrony/chrony-3.5-r4.ebuild b/net-misc/chrony/chrony-3.5-r4.ebuild
index ae752af2fb5..a7a99b957db 100644
--- a/net-misc/chrony/chrony-3.5-r4.ebuild
+++ b/net-misc/chrony/chrony-3.5-r4.ebuild
@@ -51,7 +51,7 @@ src_prepare() {
doc/* examples/* || die
# Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
cp examples/chronyd.service "${T}"/chronyd.service
# Set config for privdrop
diff --git a/net-misc/chrony/chrony-4.0_pre1-r2.ebuild b/net-misc/chrony/chrony-4.0_pre1-r2.ebuild
index c4c8a13c29a..7cc61849d3d 100644
--- a/net-misc/chrony/chrony-4.0_pre1-r2.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre1-r2.ebuild
@@ -53,7 +53,7 @@ src_prepare() {
doc/* examples/* || die
# Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
cp examples/chronyd.service "${T}"/chronyd.service
# Set config for privdrop
diff --git a/net-misc/chrony/chrony-4.0_pre2-r1.ebuild b/net-misc/chrony/chrony-4.0_pre2-r1.ebuild
index 07017bb6772..503840b2754 100644
--- a/net-misc/chrony/chrony-4.0_pre2-r1.ebuild
+++ b/net-misc/chrony/chrony-4.0_pre2-r1.ebuild
@@ -53,7 +53,7 @@ src_prepare() {
doc/* examples/* || die
# Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
cp examples/chronyd.service "${T}"/chronyd.service
# Set config for privdrop
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index 543cabf61d5..8d8758fa5c6 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -50,7 +50,7 @@ src_prepare() {
doc/* examples/* || die
# Copy for potential user fixup
- cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
cp examples/chronyd.service "${T}"/chronyd.service
# Set config for privdrop
diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf
index c04f3525f0b..fc43a95c40f 100644
--- a/net-misc/chrony/files/chronyd.conf
+++ b/net-misc/chrony/files/chronyd.conf
@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
# The combination of "-s -r" allows chronyd to perform long term averaging of
# the gain or loss rate across system reboots and shutdowns.
-ARGS="-u ntp -F 1"
+ARGS=""
diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf-r1
similarity index 100%
copy from net-misc/chrony/files/chronyd.conf
copy to net-misc/chrony/files/chronyd.conf-r1
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2020-03-30 18:36 Thomas Deutschmann
0 siblings, 0 replies; 19+ messages in thread
From: Thomas Deutschmann @ 2020-03-30 18:36 UTC (permalink / raw
To: gentoo-commits
commit: 5eefb61d11a77c123475fec73db819fa6121b7f2
Author: Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Wed Mar 4 04:49:58 2020 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Mon Mar 30 18:36:43 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eefb61d
net-misc/chrony: Run as non-root when USE=caps, revbump
When caps is enabled, drop to the user ntp (acct-user/ntp),
as opposed to remaining root.
Adds a tmpfile.d entry for /run/chrony to ensure correct permissions.
Closes: https://bugs.gentoo.org/711058
Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
.../{chrony-9999.ebuild => chrony-3.5-r3.ebuild} | 45 +++++++++++++++++-----
net-misc/chrony/chrony-9999.ebuild | 29 ++++++++++++--
net-misc/chrony/files/chronyd.conf | 2 +-
3 files changed, 63 insertions(+), 13 deletions(-)
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-3.5-r3.ebuild
similarity index 70%
copy from net-misc/chrony/chrony-9999.ebuild
copy to net-misc/chrony/chrony-3.5-r3.ebuild
index e939129a01a..3f11f8dd951 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-3.5-r3.ebuild
@@ -1,16 +1,16 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-inherit git-r3 systemd toolchain-funcs
+inherit systemd tmpfiles toolchain-funcs
DESCRIPTION="NTP client and server programs"
HOMEPAGE="https://chrony.tuxfamily.org/"
-EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git/"
+SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS=""
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
IUSE="
+adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
seccomp selinux
@@ -27,14 +27,17 @@ CDEPEND="
"
DEPEND="
${CDEPEND}
- dev-ruby/asciidoctor
+ caps? ( acct-group/ntp acct-user/ntp )
+ html? ( dev-ruby/asciidoctor )
pps? ( net-misc/pps-tools )
"
RDEPEND="
${CDEPEND}
selinux? ( sec-policy/selinux-chronyd )
"
+
RESTRICT=test
+
S="${WORKDIR}/${P/_/-}"
PATCHES=(
@@ -47,6 +50,16 @@ src_prepare() {
sed -i \
-e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
doc/* examples/* || die
+
+ # Copy for potential user fixup
+ cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
+
+ # Set config for privdrop
+ if ! use caps; then
+ sed -i \
+ -e 's/-u ntp//' \
+ "${T}"/chronyd.conf || die
+ fi
}
src_configure() {
@@ -95,14 +108,14 @@ src_configure() {
}
src_compile() {
- emake all docs
+ emake all docs $(usex html '' 'ADOC=true')
}
src_install() {
default
newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
+ newconfd "${T}"/chronyd.conf chronyd
insinto /etc/${PN}
newins examples/chrony.conf.example1 chrony.conf
@@ -110,8 +123,12 @@ src_install() {
docinto examples
dodoc examples/*.example*
- docinto html
- dodoc doc/*.html
+ newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
+
+ if use html; then
+ docinto html
+ dodoc doc/*.html
+ fi
keepdir /var/{lib,log}/chrony
@@ -121,3 +138,13 @@ src_install() {
systemd_dounit examples/{chronyd,chrony-wait}.service
systemd_enable_ntpunit 50-chrony chronyd.service
}
+
+pkg_preinst() {
+ if use caps && has_version net-misc/chrony[-caps]; then
+ elog "/run/chronyd needs ntp:ntp permissions; please check."
+ elog "The safest option is reboot, but you may chown manually."
+ elif ! use caps && has_version net-misc/chrony[caps]; then
+ elog "/run/chronyd needs root:root permissions; please check."
+ elog "The safest option is reboot, but you may chown manually."
+ fi
+}
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index e939129a01a..5b03ec4fe42 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
-inherit git-r3 systemd toolchain-funcs
+inherit git-r3 tmpfiles systemd toolchain-funcs
DESCRIPTION="NTP client and server programs"
HOMEPAGE="https://chrony.tuxfamily.org/"
@@ -27,6 +27,7 @@ CDEPEND="
"
DEPEND="
${CDEPEND}
+ caps? ( acct-group/ntp acct-user/ntp )
dev-ruby/asciidoctor
pps? ( net-misc/pps-tools )
"
@@ -47,6 +48,16 @@ src_prepare() {
sed -i \
-e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
doc/* examples/* || die
+
+ # Copy for potential user fixup
+ cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
+
+ # Set config for privdrop
+ if ! use caps; then
+ sed -i \
+ -e 's/-u ntp//' \
+ "${T}"/chronyd.conf || die
+ fi
}
src_configure() {
@@ -102,7 +113,7 @@ src_install() {
default
newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
+ newconfd "${T}"/chronyd.conf chronyd
insinto /etc/${PN}
newins examples/chrony.conf.example1 chrony.conf
@@ -110,6 +121,8 @@ src_install() {
docinto examples
dodoc examples/*.example*
+ newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
+
docinto html
dodoc doc/*.html
@@ -121,3 +134,13 @@ src_install() {
systemd_dounit examples/{chronyd,chrony-wait}.service
systemd_enable_ntpunit 50-chrony chronyd.service
}
+
+pkg_preinst() {
+ if use caps && has_version net-misc/chrony[-caps]; then
+ elog "/run/chronyd needs ntp:ntp permissions; please check."
+ elog "The safest option is reboot, but you may chown manually."
+ elif ! use caps && has_version net-misc/chrony[caps]; then
+ elog "/run/chronyd needs root:root permissions; please check."
+ elog "The safest option is reboot, but you may chown manually."
+ fi
+}
diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf
index fc43a95c40f..c641d985e56 100644
--- a/net-misc/chrony/files/chronyd.conf
+++ b/net-misc/chrony/files/chronyd.conf
@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
# The combination of "-s -r" allows chronyd to perform long term averaging of
# the gain or loss rate across system reboots and shutdowns.
-ARGS=""
+ARGS="-u ntp"
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2019-05-15 10:07 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2019-05-15 10:07 UTC (permalink / raw
To: gentoo-commits
commit: 35ed7204c7e08cc8ed2aaee87bb045701827beba
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed May 15 10:00:19 2019 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed May 15 10:07:43 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=35ed7204
net-misc/chrony: Fix patch filename
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/chrony-3.4.ebuild | 4 ++--
net-misc/chrony/chrony-3.5_pre1.ebuild | 2 +-
net-misc/chrony/chrony-9999.ebuild | 2 +-
.../{chronyd-systemd-gentoo.patch => chrony-3.4-systemd-gentoo.patch} | 0
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/net-misc/chrony/chrony-3.4.ebuild b/net-misc/chrony/chrony-3.4.ebuild
index 2b17b91c999..749bf8e23ef 100644
--- a/net-misc/chrony/chrony-3.4.ebuild
+++ b/net-misc/chrony/chrony-3.4.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=6
@@ -37,7 +37,7 @@ RESTRICT=test
S="${WORKDIR}/${P/_/-}"
PATCHES=(
- "${FILESDIR}"/chronyd-systemd-gentoo.patch
+ "${FILESDIR}"/${PN}-3.4-systemd-gentoo.patch
)
src_prepare() {
diff --git a/net-misc/chrony/chrony-3.5_pre1.ebuild b/net-misc/chrony/chrony-3.5_pre1.ebuild
index d32f046f9da..72eeaef1fb9 100644
--- a/net-misc/chrony/chrony-3.5_pre1.ebuild
+++ b/net-misc/chrony/chrony-3.5_pre1.ebuild
@@ -37,7 +37,7 @@ RESTRICT=test
S="${WORKDIR}/${P/_/-}"
PATCHES=(
- "${FILESDIR}"/chronyd-systemd-gentoo.patch
+ "${FILESDIR}"/${PN}-3.4-systemd-gentoo.patch
)
src_prepare() {
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index 188564043dd..dfe5253524d 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -35,7 +35,7 @@ RESTRICT=test
S="${WORKDIR}/${P/_/-}"
PATCHES=(
- "${FILESDIR}"/chronyd-systemd-gentoo.patch
+ "${FILESDIR}"/${PN}-3.4-systemd-gentoo.patch
)
src_prepare() {
diff --git a/net-misc/chrony/files/chronyd-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.4-systemd-gentoo.patch
similarity index 100%
rename from net-misc/chrony/files/chronyd-systemd-gentoo.patch
rename to net-misc/chrony/files/chrony-3.4-systemd-gentoo.patch
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2019-05-15 10:07 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2019-05-15 10:07 UTC (permalink / raw
To: gentoo-commits
commit: 29500f59287b983f27b842d72d183ed757069ba0
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Wed May 15 10:03:57 2019 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Wed May 15 10:07:44 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29500f59
net-misc/chrony: Version 3.5
Package-Manager: Portage-2.3.66, Repoman-2.3.12
Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
net-misc/chrony/Manifest | 2 +-
.../chrony/{chrony-3.5_pre1.ebuild => chrony-3.5.ebuild} | 2 +-
net-misc/chrony/chrony-9999.ebuild | 2 +-
net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch | 12 ++++++++++++
4 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 3a12680dcc7..868a62967f5 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,4 +1,4 @@
DIST chrony-3.1.tar.gz 424109 BLAKE2B eb6bc13905a05eab15b00919577cceb4c8c881b4881fbd0e19d966dca86ed6973c31618b1ae56b59cad989144bf59a0206328d50d9eb436fdb058684e74a1661 SHA512 4ba3a75c3634050bb63ba9ee80d9be7a295f44ce4d195a050e4be4738bd7dd807fe37f2289d7ead4a75272bd5ebadbd03c233c67f859e9b68871fca5a6671427
DIST chrony-3.3.tar.gz 443571 BLAKE2B cc35f55b8d63eed85495f88b71c9285c68867a28b27c6c5e7d4475a77857ce4a09fbe561906757d66fee13b19d9ee750d41518050048776b2c0ef600407632e9 SHA512 36975d863599141e8e5b071d35cf67326b27f5b0da7ec942dbb4530377d10472b0729eea632e0702718b515cb2d5fd41a7eba158e6dade7f05adfb1bdffa5df0
DIST chrony-3.4.tar.gz 453056 BLAKE2B 088eb18bfc9ae4a7a3d656dfabddc565bc4a0da995c172183bed12bc5df59e87ab7363ba64e3579cdb414da77bd7f1fe05b66e33474282df57daf1fd8a55e182 SHA512 4fbb0311c8d363a87edd6f5d1be3d8554da169f260ba23c1ad9e8c567808258c6fd7513ba630d6fa27453ecfd81f0ece0e26d5ee2f98ca47fbc9887181a36918
-DIST chrony-3.5-pre1.tar.gz 457961 BLAKE2B a43e36df7d3b2a2865efb784240e399c2a16748064cedf96b0da849f0cdf8b4d91e7fc616995277f29d2c55176e08526dbedbc8b866238994f8a4187b822aa20 SHA512 ccca35e17f18ed80e0db984c321f5fefabb1056feaae3aed08bf9e1ae732b22af05f87bafe812154af7e5adced91d90618e3833bc266be06ba2fa095685b07da
+DIST chrony-3.5.tar.gz 458226 BLAKE2B 611f21e36c6e745208e00eba988519fcd912c6c0c3518c953591f43224dc3da79f627027a6cd4bf9c4227e9f8659a69adbdb634252ff3920d2ef677e32012456 SHA512 c4f6376a44d71b6ac2b6d86e3d6fb4348642faeef7f3f3a4d6431627b5645efcc868b005cc398c8292bc3b63a1161fbd1a042c6ac2a0595843f908fe32eed90c
diff --git a/net-misc/chrony/chrony-3.5_pre1.ebuild b/net-misc/chrony/chrony-3.5.ebuild
similarity index 98%
rename from net-misc/chrony/chrony-3.5_pre1.ebuild
rename to net-misc/chrony/chrony-3.5.ebuild
index 72eeaef1fb9..ec8018cd297 100644
--- a/net-misc/chrony/chrony-3.5_pre1.ebuild
+++ b/net-misc/chrony/chrony-3.5.ebuild
@@ -37,7 +37,7 @@ RESTRICT=test
S="${WORKDIR}/${P/_/-}"
PATCHES=(
- "${FILESDIR}"/${PN}-3.4-systemd-gentoo.patch
+ "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
)
src_prepare() {
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index dfe5253524d..2fadb9f5fdb 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -35,7 +35,7 @@ RESTRICT=test
S="${WORKDIR}/${P/_/-}"
PATCHES=(
- "${FILESDIR}"/${PN}-3.4-systemd-gentoo.patch
+ "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
)
src_prepare() {
diff --git a/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch
new file mode 100644
index 00000000000..addba4ca1a9
--- /dev/null
+++ b/net-misc/chrony/files/chrony-3.5-systemd-gentoo.patch
@@ -0,0 +1,12 @@
+--- a/examples/chronyd.service
++++ b/examples/chronyd.service
+@@ -8,8 +8,7 @@
+ [Service]
+ Type=forking
+ PIDFile=/run/chrony/chronyd.pid
+-EnvironmentFile=-/etc/sysconfig/chronyd
+-ExecStart=/usr/sbin/chronyd $OPTIONS
++ExecStart=/usr/sbin/chronyd
+ PrivateTmp=yes
+ ProtectHome=yes
+ ProtectSystem=full
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2018-09-04 9:32 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2018-09-04 9:32 UTC (permalink / raw
To: gentoo-commits
commit: 6e9478074f14ff36bd4beb516f8ba144bef45201
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 4 09:31:04 2018 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Tue Sep 4 09:32:19 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e947807
net-misc/chrony: Set default PID file and check for it
Fixes: https://bugs.gentoo.org/665212
Package-Manager: Portage-2.3.49, Repoman-2.3.10
...y-3.4_pre1.ebuild => chrony-3.4_pre1-r1.ebuild} | 12 ++--
net-misc/chrony/files/chronyd.init-r2 | 70 ++++++++++++++++++++++
2 files changed, 76 insertions(+), 6 deletions(-)
diff --git a/net-misc/chrony/chrony-3.4_pre1.ebuild b/net-misc/chrony/chrony-3.4_pre1-r1.ebuild
similarity index 93%
rename from net-misc/chrony/chrony-3.4_pre1.ebuild
rename to net-misc/chrony/chrony-3.4_pre1-r1.ebuild
index c3aed38aa99..a39dc7b24dc 100644
--- a/net-misc/chrony/chrony-3.4_pre1.ebuild
+++ b/net-misc/chrony/chrony-3.4_pre1-r1.ebuild
@@ -38,9 +38,8 @@ S="${WORKDIR}/${P/_/-}"
src_prepare() {
sed -i \
- -e 's:/etc/chrony\.:/etc/chrony/chrony.:g' \
- -e 's:/var/run:/run:g' \
- conf.c doc/*.man.in examples/* || die
+ -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
+ doc/* examples/* || die
default
}
@@ -75,12 +74,13 @@ src_configure() {
$(usex rtc '' --disable-rtc) \
${CHRONY_EDITLINE} \
${EXTRA_ECONF} \
- --docdir=/usr/share/doc/${PF} \
--chronysockdir=/run/chrony \
+ --disable-sechash \
+ --docdir=/usr/share/doc/${PF} \
--mandir=/usr/share/man \
--prefix=/usr \
--sysconfdir=/etc/chrony \
- --disable-sechash \
+ --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid"
--without-nss \
--without-tomcrypt
"
@@ -97,7 +97,7 @@ src_compile() {
src_install() {
default
- newinitd "${FILESDIR}"/chronyd.init-r1 chronyd
+ newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
newconfd "${FILESDIR}"/chronyd.conf chronyd
insinto /etc/${PN}
diff --git a/net-misc/chrony/files/chronyd.init-r2 b/net-misc/chrony/files/chronyd.init-r2
new file mode 100644
index 00000000000..4892a57b163
--- /dev/null
+++ b/net-misc/chrony/files/chronyd.init-r2
@@ -0,0 +1,70 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ use dns
+}
+
+checkconfig() {
+ # Note that /etc/chrony/chrony.keys is *NOT* checked. This
+ # is because the user may have specified another key
+ # file, and we don't want to force the user to use that
+ # exact name for the key file.
+ if [ ! -f "${CFGFILE}" ] ; then
+ eerror "Please create ${CFGFILE} and the"
+ eerror "chrony key file (usually /etc/chrony/chrony.keys)"
+ eerror "by using the"
+ eerror ""
+ eerror " chrony.conf.example"
+ eerror " chrony.keys.example"
+ eerror ""
+ eerror "files (from the documentation directory)"
+ eerror "as templates."
+ return 1
+ else
+ # Actually, I tried it, and chrony seems to ignore the pidfile
+ # option. I'm going to leave it here anyway, since you never
+ # know if it might be handy
+ PIDFILE=`awk '/^ *pidfile/{print $2}' "${CFGFILE}"`
+ [ -z "${PIDFILE}" ] && PIDFILE=/run/chrony/chronyd.pid
+ fi
+ return 0
+}
+
+setxtrarg() {
+ if [ -c /dev/rtc ]; then
+ grep -q '^rtcfile' "${CFGFILE}" && ARGS="${ARGS} -s"
+ fi
+ grep -q '^dumponexit$' "${CFGFILE}" && ARGS="${ARGS} -r"
+ return 0
+}
+
+start() {
+ checkconfig || return $?
+ setxtrarg
+
+ [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid
+
+ ebegin "Starting chronyd"
+ start-stop-daemon \
+ --start \
+ --quiet \
+ --exec /usr/sbin/chronyd \
+ --pidfile "${PIDFILE}" \
+ -- -f "${CFGFILE}" ${ARGS}
+ eend $? "Failed to start chronyd"
+}
+
+stop() {
+ checkconfig || return $?
+
+ [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid
+
+ ebegin "Stopping chronyd"
+ start-stop-daemon \
+ --stop \
+ --quiet \
+ --pidfile "${PIDFILE}"
+ eend $? "Failed to stop chronyd"
+}
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2018-03-31 10:55 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2018-03-31 10:55 UTC (permalink / raw
To: gentoo-commits
commit: b85e7a2cccff1773bf8223003d3dfb9529f7024c
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Sat Mar 31 10:49:48 2018 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Sat Mar 31 10:49:48 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b85e7a2c
net-misc/chrony: Old.
Package-Manager: Portage-2.3.27, Repoman-2.3.9
net-misc/chrony/Manifest | 2 -
net-misc/chrony/chrony-2.3.ebuild | 113 ---------------------------
net-misc/chrony/chrony-2.4.1.ebuild | 119 -----------------------------
net-misc/chrony/files/chrony-2.2.logrotate | 7 --
4 files changed, 241 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 18ce30caecf..2eafb411211 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,5 +1,3 @@
-DIST chrony-2.3.tar.gz 355113 BLAKE2B 238269a79288186e93bd978bca1fb3258d35cfd72c0a90f888cdb35d0c5c01abbb80002e476478fd0fbc6fd1a080f68e0b6d2d11f13d9a37dff1c1068c13bd13 SHA512 2a9cda6c2bc931438b798bd037614196bdb1533d12432467a690d57095c74013c80c92fcaadbd43fd5b0c816872822527a1ade3014add458d669d7813d5fa080
-DIST chrony-2.4.1.tar.gz 390641 BLAKE2B 7faac0c71f27bd3459f8a25b338e247744850128b32330fef324e37fd2e7cbd66156311e5a48140288580fc78f1948f8cf02fd2f64fc2ed3cabdaee28af5a67c SHA512 7772065103ad95706f80374d88ba452b76cf8e29689abf22b38e7eb5ad2fcc491593e11702400daa8bf908218614df21b08ff15ab2d3d2347876119cd80abc4d
DIST chrony-3.1.tar.gz 424109 BLAKE2B eb6bc13905a05eab15b00919577cceb4c8c881b4881fbd0e19d966dca86ed6973c31618b1ae56b59cad989144bf59a0206328d50d9eb436fdb058684e74a1661 SHA512 4ba3a75c3634050bb63ba9ee80d9be7a295f44ce4d195a050e4be4738bd7dd807fe37f2289d7ead4a75272bd5ebadbd03c233c67f859e9b68871fca5a6671427
DIST chrony-3.2.tar.gz 433882 BLAKE2B 4351cd22efbb2c819f09a562b2e0c1851336f8973b37b3015ec6acc04b925e13c1207262d4561318c187809bf989710d9a8fdf54e93b3d3dac56d0d6df8782df SHA512 496af5bed91600f268c1a0fa577bb8c7785e485f78598b666829c674e94770c16548cec4289a2ae9d0a51191d2705eda00886cb6cccae3828aa201a49d4783a4
DIST chrony-3.3-pre1.tar.gz 442045 BLAKE2B 122a36e46b5d5a3eb3e2d5e20ad2a5b4f419e496b9cd341e4895e6a4121f0c613860dba0375592ad169e3dbfdbdaf812f07124e6f3b005eba6b3296a663f601d SHA512 39bb4788d362d9aaf30b84c59eaf3421110c3776d57eb955f12d8fdd6013f8ffa91a6ff1e8b0018113f63d660570b1aa70d96f7c31faca29d5b720c2f3f1d625
diff --git a/net-misc/chrony/chrony-2.3.ebuild b/net-misc/chrony/chrony-2.3.ebuild
deleted file mode 100644
index f37a8f2cac7..00000000000
--- a/net-misc/chrony/chrony-2.3.ebuild
+++ /dev/null
@@ -1,113 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit eutils systemd toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="http://chrony.tuxfamily.org/"
-SRC_URI="http://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="~alpha amd64 ~arm hppa ~mips ppc ppc64 ~sparc x86"
-IUSE="caps +cmdmon ipv6 libedit +ntp +phc +pps readline +refclock +rtc selinux +adns"
-REQUIRED_USE="
- ?? ( libedit readline )
-"
-
-CDEPEND="
- caps? ( sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- readline? ( >=sys-libs/readline-4.1-r4:= )
-"
-DEPEND="
- ${CDEPEND}
- sys-apps/texinfo
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-RESTRICT=test
-
-S="${WORKDIR}/${P/_/-}"
-
-src_prepare() {
- sed -i \
- -e 's:/etc/chrony\.:/etc/chrony/chrony.:g' \
- -e 's:/var/run:/run:g' \
- conf.c chrony.texi.in examples/* || die
-}
-
-src_configure() {
- tc-export CC
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # not an autotools generated script
- local CHRONY_CONFIGURE="
- ./configure \
- $(usex caps '' --disable-linuxcaps) \
- $(usex cmdmon '' --disable-cmdmon) \
- $(usex ipv6 '' --disable-ipv6) \
- $(usex ntp '' --disable-ntp) \
- $(usex phc '' --disable-phc) \
- $(usex pps '' --disable-pps) \
- $(usex rtc '' --disable-rtc) \
- $(usex refclock '' --disable-refclock) \
- $(usex adns '' --disable-asyncdns) \
- ${CHRONY_EDITLINE} \
- ${EXTRA_ECONF} \
- --docdir=/usr/share/doc/${PF} \
- --chronysockdir=/run/chrony \
- --infodir=/usr/share/info \
- --mandir=/usr/share/man \
- --prefix=/usr \
- --sysconfdir=/etc/chrony \
- --disable-sechash \
- --without-nss \
- --without-tomcrypt
- "
-
- # print the ./configure call to aid in future debugging
- einfo ${CHRONY_CONFIGURE}
- bash ${CHRONY_CONFIGURE} || die
-}
-
-src_compile() {
- emake all docs
-}
-
-src_install() {
- default
-
- doinfo chrony.info*
-
- newinitd "${FILESDIR}"/chronyd.init-r1 chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- dodoc examples/*.example*
-
- keepdir /var/{lib,log}/chrony
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.2.logrotate chrony
-
- systemd_newunit "${FILESDIR}"/chronyd.service-r2 chronyd.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
diff --git a/net-misc/chrony/chrony-2.4.1.ebuild b/net-misc/chrony/chrony-2.4.1.ebuild
deleted file mode 100644
index 6c4e5e3675f..00000000000
--- a/net-misc/chrony/chrony-2.4.1.ebuild
+++ /dev/null
@@ -1,119 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit eutils systemd toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="http://chrony.tuxfamily.org/"
-SRC_URI="http://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="alpha ~amd64 ~arm hppa ppc ppc64"
-IUSE="caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc selinux +adns"
-REQUIRED_USE="
- ?? ( libedit readline )
-"
-
-CDEPEND="
- caps? ( sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- readline? ( >=sys-libs/readline-4.1-r4:= )
-"
-DEPEND="
- ${CDEPEND}
- html? ( dev-ruby/asciidoctor )
- pps? ( net-misc/pps-tools )
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-RESTRICT=test
-
-S="${WORKDIR}/${P/_/-}"
-
-src_prepare() {
- sed -i \
- -e 's:/etc/chrony\.:/etc/chrony/chrony.:g' \
- -e 's:/var/run:/run:g' \
- conf.c doc/*.man.in examples/* || die
-
- default
-}
-
-src_configure() {
- tc-export CC
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # not an autotools generated script
- local CHRONY_CONFIGURE="
- ./configure \
- $(usex caps '' --disable-linuxcaps) \
- $(usex cmdmon '' --disable-cmdmon) \
- $(usex ipv6 '' --disable-ipv6) \
- $(usex ntp '' --disable-ntp) \
- $(usex phc '' --disable-phc) \
- $(usex pps '' --disable-pps) \
- $(usex rtc '' --disable-rtc) \
- $(usex refclock '' --disable-refclock) \
- $(usex adns '' --disable-asyncdns) \
- ${CHRONY_EDITLINE} \
- ${EXTRA_ECONF} \
- --docdir=/usr/share/doc/${PF} \
- --chronysockdir=/run/chrony \
- --mandir=/usr/share/man \
- --prefix=/usr \
- --sysconfdir=/etc/chrony \
- --disable-sechash \
- --without-nss \
- --without-tomcrypt
- "
-
- # print the ./configure call to aid in future debugging
- einfo ${CHRONY_CONFIGURE}
- bash ${CHRONY_CONFIGURE} || die
-}
-
-src_compile() {
- emake all docs $(usex html '' 'ADOC=true')
-}
-
-src_install() {
- default
-
- newinitd "${FILESDIR}"/chronyd.init-r1 chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example1 chrony.conf
-
- docinto examples
- dodoc examples/*.example*
-
- if use html; then
- docinto html
- dodoc doc/*.html
- fi
-
- keepdir /var/{lib,log}/chrony
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
-
- systemd_newunit "${FILESDIR}"/chronyd.service-r2 chronyd.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
diff --git a/net-misc/chrony/files/chrony-2.2.logrotate b/net-misc/chrony/files/chrony-2.2.logrotate
deleted file mode 100644
index ae76c8de6af..00000000000
--- a/net-misc/chrony/files/chrony-2.2.logrotate
+++ /dev/null
@@ -1,7 +0,0 @@
-/var/log/chrony/*.log {
- missingok
- sharedscripts
- postrotate
- /usr/bin/chronyc cyclelogs
- endscript
-}
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2016-06-06 7:25 Tobias Klausmann
0 siblings, 0 replies; 19+ messages in thread
From: Tobias Klausmann @ 2016-06-06 7:25 UTC (permalink / raw
To: gentoo-commits
commit: eae6c748da04fe37c47f5e9a6c245d11fffe5810
Author: Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 6 07:25:28 2016 +0000
Commit: Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Mon Jun 6 07:25:28 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eae6c748
net-misc/chrony: Fix the logrotate script for good.
Also bump latest version so people get the new logrotate file.
Package-Manager: portage-2.3.0_rc1
.../chrony/{chrony-2.4_pre1-r2.ebuild => chrony-2.4_pre1-r3.ebuild} | 0
net-misc/chrony/files/chrony-2.4-r1.logrotate | 2 +-
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/net-misc/chrony/chrony-2.4_pre1-r2.ebuild b/net-misc/chrony/chrony-2.4_pre1-r3.ebuild
similarity index 100%
rename from net-misc/chrony/chrony-2.4_pre1-r2.ebuild
rename to net-misc/chrony/chrony-2.4_pre1-r3.ebuild
diff --git a/net-misc/chrony/files/chrony-2.4-r1.logrotate b/net-misc/chrony/files/chrony-2.4-r1.logrotate
index 4140bc2..a2cf8fe 100644
--- a/net-misc/chrony/files/chrony-2.4-r1.logrotate
+++ b/net-misc/chrony/files/chrony-2.4-r1.logrotate
@@ -2,6 +2,6 @@
missingok
sharedscripts
postrotate
- /usr/bin/chronyc cyclelogs |grep -v '^200 OK'; return 0
+ /usr/bin/chronyc cyclelogs |grep -v '^200 OK'; exit 0
endscript
}
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2016-05-29 16:25 Tobias Klausmann
0 siblings, 0 replies; 19+ messages in thread
From: Tobias Klausmann @ 2016-05-29 16:25 UTC (permalink / raw
To: gentoo-commits
commit: 420ee41fe4a94b6d6bc1c73305a1cf657a483804
Author: Tobias Klausmann <klausman <AT> gentoo <DOT> org>
AuthorDate: Sun May 29 16:25:16 2016 +0000
Commit: Tobias Klausmann <klausman <AT> gentoo <DOT> org>
CommitDate: Sun May 29 16:25:16 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=420ee41f
net-misc/chrony: Fix logrotate script
Since grep -v may return a non-zero exit status even in the benign case, we
need to just return 0 manually. Actual errors will still be reported normally
since any output will trigger mail sending.
Package-Manager: portage-2.3.0_rc1
.../chrony/{chrony-2.4_pre1-r1.ebuild => chrony-2.4_pre1-r2.ebuild} | 2 +-
net-misc/chrony/files/{chrony-2.4.logrotate => chrony-2.4-r1.logrotate} | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net-misc/chrony/chrony-2.4_pre1-r1.ebuild b/net-misc/chrony/chrony-2.4_pre1-r2.ebuild
similarity index 98%
rename from net-misc/chrony/chrony-2.4_pre1-r1.ebuild
rename to net-misc/chrony/chrony-2.4_pre1-r2.ebuild
index 7d20e20..4f9b613 100644
--- a/net-misc/chrony/chrony-2.4_pre1-r1.ebuild
+++ b/net-misc/chrony/chrony-2.4_pre1-r2.ebuild
@@ -111,7 +111,7 @@ src_install() {
keepdir /var/{lib,log}/chrony
insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony-2.4.logrotate chrony
+ newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
systemd_newunit "${FILESDIR}"/chronyd.service-r2 chronyd.service
systemd_enable_ntpunit 50-chrony chronyd.service
diff --git a/net-misc/chrony/files/chrony-2.4.logrotate b/net-misc/chrony/files/chrony-2.4-r1.logrotate
similarity index 56%
rename from net-misc/chrony/files/chrony-2.4.logrotate
rename to net-misc/chrony/files/chrony-2.4-r1.logrotate
index d1ae72b..4140bc2 100644
--- a/net-misc/chrony/files/chrony-2.4.logrotate
+++ b/net-misc/chrony/files/chrony-2.4-r1.logrotate
@@ -2,6 +2,6 @@
missingok
sharedscripts
postrotate
- /usr/bin/chronyc cyclelogs |grep -v '^200 OK'
+ /usr/bin/chronyc cyclelogs |grep -v '^200 OK'; return 0
endscript
}
^ permalink raw reply related [flat|nested] 19+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
@ 2016-01-22 4:44 Jeroen Roovers
0 siblings, 0 replies; 19+ messages in thread
From: Jeroen Roovers @ 2016-01-22 4:44 UTC (permalink / raw
To: gentoo-commits
commit: a306eddeea640e2ea230838a0248d9c8a3cd77e6
Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 22 04:44:20 2016 +0000
Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
CommitDate: Fri Jan 22 04:44:20 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a306edde
net-misc/chrony: Old.
Package-Manager: portage-2.2.27
net-misc/chrony/Manifest | 1 -
net-misc/chrony/chrony-2.1.1.ebuild | 114 ---------------------------------
net-misc/chrony/files/chrony.logrotate | 11 ----
3 files changed, 126 deletions(-)
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest
index 930d5cb..cd0cc0c 100644
--- a/net-misc/chrony/Manifest
+++ b/net-misc/chrony/Manifest
@@ -1,3 +1,2 @@
-DIST chrony-2.1.1.tar.gz 391037 SHA256 b0565148eaa38e971291281d76556c32f0138ec22e9784f8bceab9c65f7ad7d4 SHA512 bbb6d4b3436b7c3c7d45628500678ce31291aaa7f59df0f616268fcdb9285f21a79b085d232773ce732eea82f28fa87f4c56ac5b6a7388275c67889daf641499 WHIRLPOOL a431253f173fb8c52f417c0a074c66e3125bb46247b3a177d6ad4c96d953a4557fb159e5940f03d39a83ad1b5a92dd73f84333e3d2274a42a5e93337ca2f6d7e
DIST chrony-2.2.1.tar.gz 340514 SHA256 4776fa8e80d698723e9a88eb882170951f6c45860545d84ae9f9d8b9bbd73796 SHA512 caa18a22e7e64186f24f474e02862296bfa74c99671bc98e926caf27b88ce3580282543594602e76ad4be9b7f9623350888def893a7c1d96a7370d13a636442f WHIRLPOOL 77500bc25496dc15f17bce60023b86330205945999011b243272db26a924ac67193da70089c59e19bea7666c05059c8c4c1975ca19057775ec2dd8e468ab8dce
DIST chrony-2.2.tar.gz 340285 SHA256 d3fd820fa63badf54ee0e48a649b94ea739df3aac5efa104bd90f89795aa2485 SHA512 40e5f3b803016a8ce2a3450f24e07e02b54c8b0134c005342e52e1f122592af646186ca231644801bdb7bbb00c576347da34e162d33920ef71f4018204e8a866 WHIRLPOOL 0f517914935b150bce9a42507f1c4b04ec50d9406d1ac504b396abbe0646a3bce21299cb6b946159e7369800bbcd106257bf2c02e544fffd19d8211f232ed469
diff --git a/net-misc/chrony/chrony-2.1.1.ebuild b/net-misc/chrony/chrony-2.1.1.ebuild
deleted file mode 100644
index ac2cc6a..0000000
--- a/net-misc/chrony/chrony-2.1.1.ebuild
+++ /dev/null
@@ -1,114 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-inherit eutils systemd toolchain-funcs
-
-DESCRIPTION="NTP client and server programs"
-HOMEPAGE="http://chrony.tuxfamily.org/"
-SRC_URI="http://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
-LICENSE="GPL-2"
-SLOT="0"
-
-KEYWORDS="amd64 ~arm hppa ~mips ppc ppc64 sparc x86"
-IUSE="caps +cmdmon ipv6 libedit +ntp +phc +pps readline +refclock +rtc selinux +adns"
-REQUIRED_USE="
- ?? ( libedit readline )
-"
-
-CDEPEND="
- caps? ( sys-libs/libcap )
- libedit? ( dev-libs/libedit )
- readline? ( >=sys-libs/readline-4.1-r4:= )
-"
-DEPEND="
- ${CDEPEND}
- sys-apps/texinfo
-"
-RDEPEND="
- ${CDEPEND}
- selinux? ( sec-policy/selinux-chronyd )
-"
-
-RESTRICT=test
-
-S="${WORKDIR}/${P/_/-}"
-
-src_prepare() {
- sed -i \
- -e 's:/etc/chrony\.:/etc/chrony/chrony.:g' \
- -e 's:/var/run:/run:g' \
- conf.c chrony.texi.in chrony.txt examples/* FAQ || die
-}
-
-src_configure() {
- tc-export CC
-
- local CHRONY_EDITLINE
- # ./configure legend:
- # --disable-readline : disable line editing entirely
- # --without-readline : do not use sys-libs/readline (enabled by default)
- # --without-editline : do not use dev-libs/libedit (enabled by default)
- if ! use readline && ! use libedit; then
- CHRONY_EDITLINE='--disable-readline'
- else
- CHRONY_EDITLINE+=" $(usex readline '' --without-readline)"
- CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)"
- fi
-
- # not an autotools generated script
- local CHRONY_CONFIGURE="
- ./configure \
- $(usex caps '' --disable-linuxcaps) \
- $(usex cmdmon '' --disable-cmdmon) \
- $(usex ipv6 '' --disable-ipv6) \
- $(usex ntp '' --disable-ntp) \
- $(usex phc '' --disable-phc) \
- $(usex pps '' --disable-pps) \
- $(usex rtc '' --disable-rtc) \
- $(usex refclock '' --disable-refclock) \
- $(usex adns '' --disable-asyncdns) \
- ${CHRONY_EDITLINE} \
- ${EXTRA_ECONF} \
- --docdir=/usr/share/doc/${PF} \
- --infodir=/usr/share/info \
- --mandir=/usr/share/man \
- --prefix=/usr \
- --sysconfdir=/etc/chrony \
- --disable-sechash \
- --without-nss \
- --without-tomcrypt
- "
-
- # print the ./configure call to aid in future debugging
- einfo ${CHRONY_CONFIGURE}
- bash ${CHRONY_CONFIGURE} || die
-}
-
-src_compile() {
- emake all docs
-}
-
-src_install() {
- default
- rm "${D}"/usr/share/doc/${PF}/COPYING || die
- doinfo chrony.info*
-
- newinitd "${FILESDIR}"/chronyd.init chronyd
- newconfd "${FILESDIR}"/chronyd.conf chronyd
-
- insinto /etc/${PN}
- newins examples/chrony.conf.example3 chrony.conf
- newins examples/chrony.keys.example chrony.keys
-
- dodoc examples/*.example*
-
- keepdir /var/{lib,log}/chrony
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/chrony.logrotate chrony
-
- systemd_newunit "${FILESDIR}"/chronyd.service-r2 chronyd.service
- systemd_enable_ntpunit 50-chrony chronyd.service
-}
diff --git a/net-misc/chrony/files/chrony.logrotate b/net-misc/chrony/files/chrony.logrotate
deleted file mode 100644
index b788874..0000000
--- a/net-misc/chrony/files/chrony.logrotate
+++ /dev/null
@@ -1,11 +0,0 @@
-/var/log/chrony/*.log {
- missingok
- sharedscripts
- postrotate
- PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}' /etc/chrony/chrony.keys`
- cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
- password $PASSWORD
- cyclelogs
-EOF
- endscript
-}
^ permalink raw reply related [flat|nested] 19+ messages in thread
end of thread, other threads:[~2023-11-25 6:36 UTC | newest]
Thread overview: 19+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-02 15:51 [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/ Jeroen Roovers
-- strict thread matches above, loose matches on Subject: below --
2023-11-25 6:36 Sam James
2022-04-17 16:44 Sam James
2022-02-18 0:47 Sam James
2021-11-14 8:49 Sam James
2021-09-04 17:35 David Seifert
2021-05-13 16:15 Sam James
2020-12-20 6:29 Sam James
2020-09-02 15:51 Jeroen Roovers
2020-08-31 8:40 Jeroen Roovers
2020-05-02 10:43 Thomas Deutschmann
2020-03-30 18:36 Thomas Deutschmann
2019-05-15 10:07 Jeroen Roovers
2019-05-15 10:07 Jeroen Roovers
2018-09-04 9:32 Jeroen Roovers
2018-03-31 10:55 Jeroen Roovers
2016-06-06 7:25 Tobias Klausmann
2016-05-29 16:25 Tobias Klausmann
2016-01-22 4:44 Jeroen Roovers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox