Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/files/, net-misc/chrony/
Date: Mon, 30 Mar 2020 18:36:58
Message-Id: 1585593403.5eefb61d11a77c123475fec73db819fa6121b7f2.whissi@gentoo
1 commit: 5eefb61d11a77c123475fec73db819fa6121b7f2
2 Author: Sam James (sam_c) <sam <AT> cmpct <DOT> info>
3 AuthorDate: Wed Mar 4 04:49:58 2020 +0000
4 Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5 CommitDate: Mon Mar 30 18:36:43 2020 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5eefb61d
7
8 net-misc/chrony: Run as non-root when USE=caps, revbump
9
10 When caps is enabled, drop to the user ntp (acct-user/ntp),
11 as opposed to remaining root.
12
13 Adds a tmpfile.d entry for /run/chrony to ensure correct permissions.
14
15 Closes: https://bugs.gentoo.org/711058
16 Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
17 Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
18
19 .../{chrony-9999.ebuild => chrony-3.5-r3.ebuild} | 45 +++++++++++++++++-----
20 net-misc/chrony/chrony-9999.ebuild | 29 ++++++++++++--
21 net-misc/chrony/files/chronyd.conf | 2 +-
22 3 files changed, 63 insertions(+), 13 deletions(-)
23
24 diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-3.5-r3.ebuild
25 similarity index 70%
26 copy from net-misc/chrony/chrony-9999.ebuild
27 copy to net-misc/chrony/chrony-3.5-r3.ebuild
28 index e939129a01a..3f11f8dd951 100644
29 --- a/net-misc/chrony/chrony-9999.ebuild
30 +++ b/net-misc/chrony/chrony-3.5-r3.ebuild
31 @@ -1,16 +1,16 @@
32 -# Copyright 1999-2019 Gentoo Authors
33 +# Copyright 1999-2020 Gentoo Authors
34 # Distributed under the terms of the GNU General Public License v2
35
36 EAPI=7
37 -inherit git-r3 systemd toolchain-funcs
38 +inherit systemd tmpfiles toolchain-funcs
39
40 DESCRIPTION="NTP client and server programs"
41 HOMEPAGE="https://chrony.tuxfamily.org/"
42 -EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git/"
43 +SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"
44 LICENSE="GPL-2"
45 SLOT="0"
46
47 -KEYWORDS=""
48 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
49 IUSE="
50 +adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
51 seccomp selinux
52 @@ -27,14 +27,17 @@ CDEPEND="
53 "
54 DEPEND="
55 ${CDEPEND}
56 - dev-ruby/asciidoctor
57 + caps? ( acct-group/ntp acct-user/ntp )
58 + html? ( dev-ruby/asciidoctor )
59 pps? ( net-misc/pps-tools )
60 "
61 RDEPEND="
62 ${CDEPEND}
63 selinux? ( sec-policy/selinux-chronyd )
64 "
65 +
66 RESTRICT=test
67 +
68 S="${WORKDIR}/${P/_/-}"
69
70 PATCHES=(
71 @@ -47,6 +50,16 @@ src_prepare() {
72 sed -i \
73 -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
74 doc/* examples/* || die
75 +
76 + # Copy for potential user fixup
77 + cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
78 +
79 + # Set config for privdrop
80 + if ! use caps; then
81 + sed -i \
82 + -e 's/-u ntp//' \
83 + "${T}"/chronyd.conf || die
84 + fi
85 }
86
87 src_configure() {
88 @@ -95,14 +108,14 @@ src_configure() {
89 }
90
91 src_compile() {
92 - emake all docs
93 + emake all docs $(usex html '' 'ADOC=true')
94 }
95
96 src_install() {
97 default
98
99 newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
100 - newconfd "${FILESDIR}"/chronyd.conf chronyd
101 + newconfd "${T}"/chronyd.conf chronyd
102
103 insinto /etc/${PN}
104 newins examples/chrony.conf.example1 chrony.conf
105 @@ -110,8 +123,12 @@ src_install() {
106 docinto examples
107 dodoc examples/*.example*
108
109 - docinto html
110 - dodoc doc/*.html
111 + newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
112 +
113 + if use html; then
114 + docinto html
115 + dodoc doc/*.html
116 + fi
117
118 keepdir /var/{lib,log}/chrony
119
120 @@ -121,3 +138,13 @@ src_install() {
121 systemd_dounit examples/{chronyd,chrony-wait}.service
122 systemd_enable_ntpunit 50-chrony chronyd.service
123 }
124 +
125 +pkg_preinst() {
126 + if use caps && has_version net-misc/chrony[-caps]; then
127 + elog "/run/chronyd needs ntp:ntp permissions; please check."
128 + elog "The safest option is reboot, but you may chown manually."
129 + elif ! use caps && has_version net-misc/chrony[caps]; then
130 + elog "/run/chronyd needs root:root permissions; please check."
131 + elog "The safest option is reboot, but you may chown manually."
132 + fi
133 +}
134
135 diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
136 index e939129a01a..5b03ec4fe42 100644
137 --- a/net-misc/chrony/chrony-9999.ebuild
138 +++ b/net-misc/chrony/chrony-9999.ebuild
139 @@ -1,8 +1,8 @@
140 -# Copyright 1999-2019 Gentoo Authors
141 +# Copyright 1999-2020 Gentoo Authors
142 # Distributed under the terms of the GNU General Public License v2
143
144 EAPI=7
145 -inherit git-r3 systemd toolchain-funcs
146 +inherit git-r3 tmpfiles systemd toolchain-funcs
147
148 DESCRIPTION="NTP client and server programs"
149 HOMEPAGE="https://chrony.tuxfamily.org/"
150 @@ -27,6 +27,7 @@ CDEPEND="
151 "
152 DEPEND="
153 ${CDEPEND}
154 + caps? ( acct-group/ntp acct-user/ntp )
155 dev-ruby/asciidoctor
156 pps? ( net-misc/pps-tools )
157 "
158 @@ -47,6 +48,16 @@ src_prepare() {
159 sed -i \
160 -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \
161 doc/* examples/* || die
162 +
163 + # Copy for potential user fixup
164 + cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
165 +
166 + # Set config for privdrop
167 + if ! use caps; then
168 + sed -i \
169 + -e 's/-u ntp//' \
170 + "${T}"/chronyd.conf || die
171 + fi
172 }
173
174 src_configure() {
175 @@ -102,7 +113,7 @@ src_install() {
176 default
177
178 newinitd "${FILESDIR}"/chronyd.init-r2 chronyd
179 - newconfd "${FILESDIR}"/chronyd.conf chronyd
180 + newconfd "${T}"/chronyd.conf chronyd
181
182 insinto /etc/${PN}
183 newins examples/chrony.conf.example1 chrony.conf
184 @@ -110,6 +121,8 @@ src_install() {
185 docinto examples
186 dodoc examples/*.example*
187
188 + newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')"
189 +
190 docinto html
191 dodoc doc/*.html
192
193 @@ -121,3 +134,13 @@ src_install() {
194 systemd_dounit examples/{chronyd,chrony-wait}.service
195 systemd_enable_ntpunit 50-chrony chronyd.service
196 }
197 +
198 +pkg_preinst() {
199 + if use caps && has_version net-misc/chrony[-caps]; then
200 + elog "/run/chronyd needs ntp:ntp permissions; please check."
201 + elog "The safest option is reboot, but you may chown manually."
202 + elif ! use caps && has_version net-misc/chrony[caps]; then
203 + elog "/run/chronyd needs root:root permissions; please check."
204 + elog "The safest option is reboot, but you may chown manually."
205 + fi
206 +}
207
208 diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf
209 index fc43a95c40f..c641d985e56 100644
210 --- a/net-misc/chrony/files/chronyd.conf
211 +++ b/net-misc/chrony/files/chronyd.conf
212 @@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
213 # The combination of "-s -r" allows chronyd to perform long term averaging of
214 # the gain or loss rate across system reboots and shutdowns.
215
216 -ARGS=""
217 +ARGS="-u ntp"
Report Message
Find on MARC Find on Google Groups