[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/ - gentoo-commits

From:	Jeroen Roovers <jer@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
Date:	Mon, 31 Aug 2020 08:40:04
Message-Id:	`1598863198.6fbce4846282a2d77a9a8094e3d2fcd7176afcd6.jer@gentoo`

1

commit:     6fbce4846282a2d77a9a8094e3d2fcd7176afcd6

2

Author:     Jeroen Roovers <jer <AT> gentoo <DOT> org>

3

AuthorDate: Mon Aug 31 08:35:47 2020 +0000

4

Commit:     Jeroen Roovers <jer <AT> gentoo <DOT> org>

5

CommitDate: Mon Aug 31 08:39:58 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fbce484

7

8

net-misc/chrony: Disable non-default seccomp filter option

9

10

With `-F 1' chronyd sets up a syscall filter and has itself killed when

11

a "forbidden" syscall is made. Since we cannot control that (as

12

explained in the chronyd(8) manual) we should disable the filter by

13

default.

14

15

Package-Manager: Portage-3.0.4, Repoman-3.0.1

16

Bug: https://bugs.gentoo.org/739714

17

Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>

18

19

 net-misc/chrony/chrony-3.5.1-r1.ebuild | 11 ++++++-----

20

 net-misc/chrony/chrony-4.0_pre3.ebuild | 11 ++++++-----

21

 net-misc/chrony/chrony-9999.ebuild     | 11 ++++++-----

22

 net-misc/chrony/files/chronyd.conf-r1  |  2 +-

23

 4 files changed, 19 insertions(+), 16 deletions(-)

24

25

diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild

26

index f112b330706..f0c66705c22 100644

27

--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild

28

+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild

29

@@ -67,13 +67,14 @@ src_prepare() {

30

 		-e 's|pkg-config|${PKG_CONFIG}|g' \

31

 		configure || die

32

33

-	# Copy for potential user fixup

34

-	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf

35

-	cp examples/chronyd.service "${T}"/chronyd.service

36

+	sed \

37

+		-e 's/-F 1/-F 0/' \

38

+		examples/chronyd.service > "${T}"/chronyd.service || die

39

+

40

+	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die

41

}

42

43

 src_configure() {

44

-	# Set config for privdrop

45

 	if ! use caps; then

46

 		sed -i \

47

 			-e 's/-u ntp//' \

48

@@ -82,7 +83,7 @@ src_configure() {

49

50

 	if ! use seccomp; then

51

 		sed -i \

52

-			-e 's/-F 1//' \

53

+			-e 's/-F 0//' \

54

 			"${T}"/chronyd.conf "${T}"/chronyd.service || die

55

fi

56

57

58

diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild

59

index f08fcf89f2e..e8f5a46d753 100644

60

--- a/net-misc/chrony/chrony-4.0_pre3.ebuild

61

+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild

62

@@ -67,13 +67,14 @@ src_prepare() {

63

 		-e 's|pkg-config|${PKG_CONFIG}|g' \

64

 		configure || die

65

66

-	# Copy for potential user fixup

67

-	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf

68

-	cp examples/chronyd.service "${T}"/chronyd.service

69

+	sed \

70

+		-e 's/-F 1/-F 0/' \

71

+		examples/chronyd.service > "${T}"/chronyd.service || die

72

+

73

+	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die

74

}

75

76

 src_configure() {

77

-	# Set config for privdrop

78

 	if ! use caps; then

79

 		sed -i \

80

 			-e 's/-u ntp//' \

81

@@ -82,7 +83,7 @@ src_configure() {

82

83

 	if ! use seccomp; then

84

 		sed -i \

85

-			-e 's/-F 1//' \

86

+			-e 's/-F 0//' \

87

 			"${T}"/chronyd.conf "${T}"/chronyd.service || die

88

fi

89

90

91

diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild

92

index f08fcf89f2e..e8f5a46d753 100644

93

--- a/net-misc/chrony/chrony-9999.ebuild

94

+++ b/net-misc/chrony/chrony-9999.ebuild

95

@@ -67,13 +67,14 @@ src_prepare() {

96

 		-e 's|pkg-config|${PKG_CONFIG}|g' \

97

 		configure || die

98

99

-	# Copy for potential user fixup

100

-	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf

101

-	cp examples/chronyd.service "${T}"/chronyd.service

102

+	sed \

103

+		-e 's/-F 1/-F 0/' \

104

+		examples/chronyd.service > "${T}"/chronyd.service || die

105

+

106

+	cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf || die

107

}

108

109

 src_configure() {

110

-	# Set config for privdrop

111

 	if ! use caps; then

112

 		sed -i \

113

 			-e 's/-u ntp//' \

114

@@ -82,7 +83,7 @@ src_configure() {

115

116

 	if ! use seccomp; then

117

 		sed -i \

118

-			-e 's/-F 1//' \

119

+			-e 's/-F 0//' \

120

 			"${T}"/chronyd.conf "${T}"/chronyd.service || die

121

fi

122

123

124

diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1

125

index c04f3525f0b..2783f29e684 100644

126

--- a/net-misc/chrony/files/chronyd.conf-r1

127

+++ b/net-misc/chrony/files/chronyd.conf-r1

128

@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"

129

 # The combination of "-s -r" allows chronyd to perform long term averaging of

130

 # the gain or loss rate across system reboots and shutdowns.

131

132

-ARGS="-u ntp -F 1"

133

+ARGS="-u ntp -F 0"

1	commit: 6fbce4846282a2d77a9a8094e3d2fcd7176afcd6
2	Author: Jeroen Roovers <jer <AT> gentoo <DOT> org>
3	AuthorDate: Mon Aug 31 08:35:47 2020 +0000
4	Commit: Jeroen Roovers <jer <AT> gentoo <DOT> org>
5	CommitDate: Mon Aug 31 08:39:58 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fbce484
7
8	net-misc/chrony: Disable non-default seccomp filter option
9
10	With `-F 1' chronyd sets up a syscall filter and has itself killed when
11	a "forbidden" syscall is made. Since we cannot control that (as
12	explained in the chronyd(8) manual) we should disable the filter by
13	default.
14
15	Package-Manager: Portage-3.0.4, Repoman-3.0.1
16	Bug: https://bugs.gentoo.org/739714
17	Signed-off-by: Jeroen Roovers <jer <AT> gentoo.org>
18
19	net-misc/chrony/chrony-3.5.1-r1.ebuild \| 11 ++++++-----
20	net-misc/chrony/chrony-4.0_pre3.ebuild \| 11 ++++++-----
21	net-misc/chrony/chrony-9999.ebuild \| 11 ++++++-----
22	net-misc/chrony/files/chronyd.conf-r1 \| 2 +-
23	4 files changed, 19 insertions(+), 16 deletions(-)
24
25	diff --git a/net-misc/chrony/chrony-3.5.1-r1.ebuild b/net-misc/chrony/chrony-3.5.1-r1.ebuild
26	index f112b330706..f0c66705c22 100644
27	--- a/net-misc/chrony/chrony-3.5.1-r1.ebuild
28	+++ b/net-misc/chrony/chrony-3.5.1-r1.ebuild
29	@@ -67,13 +67,14 @@ src_prepare() {
30	-e 's\|pkg-config\|${PKG_CONFIG}\|g' \
31	configure \|\| die
32
33	- # Copy for potential user fixup
34	- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
35	- cp examples/chronyd.service "${T}"/chronyd.service
36	+ sed \
37	+ -e 's/-F 1/-F 0/' \
38	+ examples/chronyd.service > "${T}"/chronyd.service \|\| die
39	+
40	+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf \|\| die
41	}
42
43	src_configure() {
44	- # Set config for privdrop
45	if ! use caps; then
46	sed -i \
47	-e 's/-u ntp//' \
48	@@ -82,7 +83,7 @@ src_configure() {
49
50	if ! use seccomp; then
51	sed -i \
52	- -e 's/-F 1//' \
53	+ -e 's/-F 0//' \
54	"${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
55	fi
56
57
58	diff --git a/net-misc/chrony/chrony-4.0_pre3.ebuild b/net-misc/chrony/chrony-4.0_pre3.ebuild
59	index f08fcf89f2e..e8f5a46d753 100644
60	--- a/net-misc/chrony/chrony-4.0_pre3.ebuild
61	+++ b/net-misc/chrony/chrony-4.0_pre3.ebuild
62	@@ -67,13 +67,14 @@ src_prepare() {
63	-e 's\|pkg-config\|${PKG_CONFIG}\|g' \
64	configure \|\| die
65
66	- # Copy for potential user fixup
67	- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
68	- cp examples/chronyd.service "${T}"/chronyd.service
69	+ sed \
70	+ -e 's/-F 1/-F 0/' \
71	+ examples/chronyd.service > "${T}"/chronyd.service \|\| die
72	+
73	+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf \|\| die
74	}
75
76	src_configure() {
77	- # Set config for privdrop
78	if ! use caps; then
79	sed -i \
80	-e 's/-u ntp//' \
81	@@ -82,7 +83,7 @@ src_configure() {
82
83	if ! use seccomp; then
84	sed -i \
85	- -e 's/-F 1//' \
86	+ -e 's/-F 0//' \
87	"${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
88	fi
89
90
91	diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
92	index f08fcf89f2e..e8f5a46d753 100644
93	--- a/net-misc/chrony/chrony-9999.ebuild
94	+++ b/net-misc/chrony/chrony-9999.ebuild
95	@@ -67,13 +67,14 @@ src_prepare() {
96	-e 's\|pkg-config\|${PKG_CONFIG}\|g' \
97	configure \|\| die
98
99	- # Copy for potential user fixup
100	- cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf
101	- cp examples/chronyd.service "${T}"/chronyd.service
102	+ sed \
103	+ -e 's/-F 1/-F 0/' \
104	+ examples/chronyd.service > "${T}"/chronyd.service \|\| die
105	+
106	+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf \|\| die
107	}
108
109	src_configure() {
110	- # Set config for privdrop
111	if ! use caps; then
112	sed -i \
113	-e 's/-u ntp//' \
114	@@ -82,7 +83,7 @@ src_configure() {
115
116	if ! use seccomp; then
117	sed -i \
118	- -e 's/-F 1//' \
119	+ -e 's/-F 0//' \
120	"${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
121	fi
122
123
124	diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1
125	index c04f3525f0b..2783f29e684 100644
126	--- a/net-misc/chrony/files/chronyd.conf-r1
127	+++ b/net-misc/chrony/files/chronyd.conf-r1
128	@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
129	# The combination of "-s -r" allows chronyd to perform long term averaging of
130	# the gain or loss rate across system reboots and shutdowns.
131
132	-ARGS="-u ntp -F 1"
133	+ARGS="-u ntp -F 0"

Gentoo Archives: gentoo-commits