1 |
commit: 8378a79d9aa538e3df9df159d45b4e80a4d19f5d |
2 |
Author: layman <layman <AT> localhost> |
3 |
AuthorDate: Sat May 23 21:22:06 2020 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu May 28 12:43:05 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/musl.git/commit/?id=8378a79d |
7 |
|
8 |
Adding ebuild for a current stable version of chrony (based on ebuild from gentoo/main repository). Successfully tested at a couple of different arm64-musl-hardened installations. |
9 |
|
10 |
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org> |
11 |
|
12 |
net-misc/chrony/Manifest | 1 + |
13 |
net-misc/chrony/chrony-3.5-r4.ebuild | 167 +++++++++++++++++++++ |
14 |
.../files/chrony-3.5-pool-vendor-gentoo.patch | 16 ++ |
15 |
.../files/chrony-3.5-r3-systemd-gentoo.patch | 12 ++ |
16 |
net-misc/chrony/files/chronyd.conf-r1 | 12 ++ |
17 |
net-misc/chrony/files/chronyd.init-r2 | 70 +++++++++ |
18 |
6 files changed, 278 insertions(+) |
19 |
|
20 |
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest |
21 |
index f4828b8..32e4543 100644 |
22 |
--- a/net-misc/chrony/Manifest |
23 |
+++ b/net-misc/chrony/Manifest |
24 |
@@ -1 +1,2 @@ |
25 |
DIST chrony-3.2.tar.gz 433882 SHA256 329f6718dd8c3ece3eee78be1f4821cbbeb62608e7d23f25da293cfa433c4116 SHA512 496af5bed91600f268c1a0fa577bb8c7785e485f78598b666829c674e94770c16548cec4289a2ae9d0a51191d2705eda00886cb6cccae3828aa201a49d4783a4 WHIRLPOOL b8a9045c81970653393c2afadece1e3a5e093c893b7ac3bae061bbd40bc043439e426df8da6598e36ef9589b4dd402419199307a9bfa48df526206952814667e |
26 |
+DIST chrony-3.5.tar.gz 458226 BLAKE2B 611f21e36c6e745208e00eba988519fcd912c6c0c3518c953591f43224dc3da79f627027a6cd4bf9c4227e9f8659a69adbdb634252ff3920d2ef677e32012456 SHA512 c4f6376a44d71b6ac2b6d86e3d6fb4348642faeef7f3f3a4d6431627b5645efcc868b005cc398c8292bc3b63a1161fbd1a042c6ac2a0595843f908fe32eed90c |
27 |
|
28 |
diff --git a/net-misc/chrony/chrony-3.5-r4.ebuild b/net-misc/chrony/chrony-3.5-r4.ebuild |
29 |
new file mode 100644 |
30 |
index 0000000..0ee9240 |
31 |
--- /dev/null |
32 |
+++ b/net-misc/chrony/chrony-3.5-r4.ebuild |
33 |
@@ -0,0 +1,167 @@ |
34 |
+# Copyright 1999-2020 Gentoo Authors |
35 |
+# Distributed under the terms of the GNU General Public License v2 |
36 |
+ |
37 |
+EAPI=7 |
38 |
+inherit systemd tmpfiles toolchain-funcs |
39 |
+ |
40 |
+DESCRIPTION="NTP client and server programs" |
41 |
+HOMEPAGE="https://chrony.tuxfamily.org/" |
42 |
+SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz" |
43 |
+LICENSE="GPL-2" |
44 |
+SLOT="0" |
45 |
+ |
46 |
+KEYWORDS="~alpha ~amd64 ~arm arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86" |
47 |
+IUSE=" |
48 |
+ +adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc |
49 |
+ +seccomp selinux |
50 |
+" |
51 |
+REQUIRED_USE=" |
52 |
+ ?? ( libedit readline ) |
53 |
+" |
54 |
+ |
55 |
+CDEPEND=" |
56 |
+ caps? ( acct-group/ntp acct-user/ntp sys-libs/libcap ) |
57 |
+ libedit? ( dev-libs/libedit ) |
58 |
+ readline? ( >=sys-libs/readline-4.1-r4:= ) |
59 |
+ seccomp? ( sys-libs/libseccomp ) |
60 |
+" |
61 |
+DEPEND=" |
62 |
+ ${CDEPEND} |
63 |
+ html? ( dev-ruby/asciidoctor ) |
64 |
+ pps? ( net-misc/pps-tools ) |
65 |
+" |
66 |
+RDEPEND=" |
67 |
+ ${CDEPEND} |
68 |
+ selinux? ( sec-policy/selinux-chronyd ) |
69 |
+" |
70 |
+ |
71 |
+RESTRICT=test |
72 |
+ |
73 |
+S="${WORKDIR}/${P/_/-}" |
74 |
+ |
75 |
+PATCHES=( |
76 |
+ "${FILESDIR}"/${PN}-3.2-no-glob_magic.patch |
77 |
+ "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch |
78 |
+ "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch |
79 |
+) |
80 |
+ |
81 |
+src_prepare() { |
82 |
+ default |
83 |
+ sed -i \ |
84 |
+ -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \ |
85 |
+ doc/* examples/* || die |
86 |
+ |
87 |
+ # Copy for potential user fixup |
88 |
+ cp "${FILESDIR}"/chronyd.conf-r1 "${T}"/chronyd.conf |
89 |
+ cp examples/chronyd.service "${T}"/chronyd.service |
90 |
+ |
91 |
+ # Set config for privdrop |
92 |
+ if ! use caps; then |
93 |
+ sed -i \ |
94 |
+ -e 's/-u ntp//' \ |
95 |
+ "${T}"/chronyd.conf "${T}"/chronyd.service || die |
96 |
+ fi |
97 |
+} |
98 |
+ |
99 |
+src_configure() { |
100 |
+ tc-export CC |
101 |
+ |
102 |
+ local CHRONY_EDITLINE |
103 |
+ # ./configure legend: |
104 |
+ # --disable-readline : disable line editing entirely |
105 |
+ # --without-readline : do not use sys-libs/readline (enabled by default) |
106 |
+ # --without-editline : do not use dev-libs/libedit (enabled by default) |
107 |
+ if ! use readline && ! use libedit; then |
108 |
+ CHRONY_EDITLINE='--disable-readline' |
109 |
+ else |
110 |
+ CHRONY_EDITLINE+=" $(usex readline '' --without-readline)" |
111 |
+ CHRONY_EDITLINE+=" $(usex libedit '' --without-editline)" |
112 |
+ fi |
113 |
+ |
114 |
+ # not an autotools generated script |
115 |
+ local myconf=( |
116 |
+ $(use_enable seccomp scfilter) |
117 |
+ $(usex adns '' --disable-asyncdns) |
118 |
+ $(usex caps '' --disable-linuxcaps) |
119 |
+ $(usex cmdmon '' --disable-cmdmon) |
120 |
+ $(usex ipv6 '' --disable-ipv6) |
121 |
+ $(usex ntp '' --disable-ntp) |
122 |
+ $(usex phc '' --disable-phc) |
123 |
+ $(usex pps '' --disable-pps) |
124 |
+ $(usex refclock '' --disable-refclock) |
125 |
+ $(usex rtc '' --disable-rtc) |
126 |
+ ${CHRONY_EDITLINE} |
127 |
+ ${EXTRA_ECONF} |
128 |
+ --chronysockdir="${EPREFIX}/run/chrony" |
129 |
+ --disable-sechash |
130 |
+ --docdir="${EPREFIX}/usr/share/doc/${PF}" |
131 |
+ --mandir="${EPREFIX}/usr/share/man" |
132 |
+ --prefix="${EPREFIX}/usr" |
133 |
+ --sysconfdir="${EPREFIX}/etc/chrony" |
134 |
+ --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" |
135 |
+ --without-nss |
136 |
+ --without-tomcrypt |
137 |
+ ) |
138 |
+ |
139 |
+ # print the ./configure call to aid in future debugging |
140 |
+ echo bash ./configure "${myconf[@]}" >&2 |
141 |
+ bash ./configure "${myconf[@]}" || die |
142 |
+} |
143 |
+ |
144 |
+src_compile() { |
145 |
+ emake all docs $(usex html '' 'ADOC=true') |
146 |
+} |
147 |
+ |
148 |
+src_install() { |
149 |
+ default |
150 |
+ |
151 |
+ newinitd "${FILESDIR}"/chronyd.init-r2 chronyd |
152 |
+ newconfd "${T}"/chronyd.conf chronyd |
153 |
+ |
154 |
+ insinto /etc/${PN} |
155 |
+ newins examples/chrony.conf.example1 chrony.conf |
156 |
+ |
157 |
+ docinto examples |
158 |
+ dodoc examples/*.example* |
159 |
+ |
160 |
+ newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" |
161 |
+ |
162 |
+ if use html; then |
163 |
+ docinto html |
164 |
+ dodoc doc/*.html |
165 |
+ fi |
166 |
+ |
167 |
+ keepdir /var/{lib,log}/chrony |
168 |
+ |
169 |
+ if use caps; then |
170 |
+ # Prepare a directory for the chrony.drift file (a la ntpsec) |
171 |
+ # Ensures the environment is sane on new installs |
172 |
+ fowners ntp:ntp /var/{lib,log}/chrony |
173 |
+ fperms 770 /var/lib/chrony |
174 |
+ fi |
175 |
+ |
176 |
+ insinto /etc/logrotate.d |
177 |
+ newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony |
178 |
+ |
179 |
+ systemd_dounit "${T}"/chronyd.service |
180 |
+ systemd_dounit examples/chrony-wait.service |
181 |
+ systemd_enable_ntpunit 50-chrony chronyd.service |
182 |
+} |
183 |
+ |
184 |
+pkg_preinst() { |
185 |
+ HAD_CAPS=false |
186 |
+ |
187 |
+ if has_version 'net-misc/chrony[caps]'; then |
188 |
+ HAD_CAPS=true |
189 |
+ fi |
190 |
+} |
191 |
+ |
192 |
+pkg_postinst() { |
193 |
+ tmpfiles_process chronyd.conf |
194 |
+ |
195 |
+ if [[ -n ${REPLACING_VERSIONS} ]] && use caps && ! ${HAD_CAPS}; then |
196 |
+ ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" |
197 |
+ ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" |
198 |
+ ewarn "This is necessary for chrony to drop privileges" |
199 |
+ fi |
200 |
+} |
201 |
|
202 |
diff --git a/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch b/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch |
203 |
new file mode 100644 |
204 |
index 0000000..817a410 |
205 |
--- /dev/null |
206 |
+++ b/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch |
207 |
@@ -0,0 +1,16 @@ |
208 |
+- Use the Gentoo pool |
209 |
+- Use the server directive instead of the pool directive so we get four time |
210 |
+ sources and not twelve. |
211 |
+ |
212 |
+--- a/examples/chrony.conf.example1 |
213 |
++++ b/examples/chrony.conf.example1 |
214 |
+@@ -1,5 +1,8 @@ |
215 |
+ # Use public NTP servers from the pool.ntp.org project. |
216 |
+-pool pool.ntp.org iburst |
217 |
++server 0.gentoo.pool.ntp.org iburst |
218 |
++server 1.gentoo.pool.ntp.org iburst |
219 |
++server 2.gentoo.pool.ntp.org iburst |
220 |
++server 3.gentoo.pool.ntp.org iburst |
221 |
+ |
222 |
+ # Record the rate at which the system clock gains/losses time. |
223 |
+ driftfile /var/lib/chrony/drift |
224 |
|
225 |
diff --git a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch |
226 |
new file mode 100644 |
227 |
index 0000000..7c46b6d |
228 |
--- /dev/null |
229 |
+++ b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch |
230 |
@@ -0,0 +1,12 @@ |
231 |
+--- a/examples/chronyd.service |
232 |
++++ b/examples/chronyd.service |
233 |
+@@ -8,8 +8,7 @@ |
234 |
+ [Service] |
235 |
+ Type=forking |
236 |
+ PIDFile=/run/chrony/chronyd.pid |
237 |
+-EnvironmentFile=-/etc/sysconfig/chronyd |
238 |
+-ExecStart=/usr/sbin/chronyd $OPTIONS |
239 |
++ExecStart=/usr/sbin/chronyd -u ntp |
240 |
+ PrivateTmp=yes |
241 |
+ ProtectHome=yes |
242 |
+ ProtectSystem=full |
243 |
|
244 |
diff --git a/net-misc/chrony/files/chronyd.conf-r1 b/net-misc/chrony/files/chronyd.conf-r1 |
245 |
new file mode 100644 |
246 |
index 0000000..c641d98 |
247 |
--- /dev/null |
248 |
+++ b/net-misc/chrony/files/chronyd.conf-r1 |
249 |
@@ -0,0 +1,12 @@ |
250 |
+# /etc/conf.d/chronyd |
251 |
+ |
252 |
+CFGFILE="/etc/chrony/chrony.conf" |
253 |
+ |
254 |
+# Configuration dependant options : |
255 |
+# -s - Set system time from RTC if rtcfile directive present |
256 |
+# -r - Reload sample histories if dumponexit directive present |
257 |
+# |
258 |
+# The combination of "-s -r" allows chronyd to perform long term averaging of |
259 |
+# the gain or loss rate across system reboots and shutdowns. |
260 |
+ |
261 |
+ARGS="-u ntp" |
262 |
|
263 |
diff --git a/net-misc/chrony/files/chronyd.init-r2 b/net-misc/chrony/files/chronyd.init-r2 |
264 |
new file mode 100644 |
265 |
index 0000000..4892a57 |
266 |
--- /dev/null |
267 |
+++ b/net-misc/chrony/files/chronyd.init-r2 |
268 |
@@ -0,0 +1,70 @@ |
269 |
+#!/sbin/openrc-run |
270 |
+# Copyright 1999-2018 Gentoo Foundation |
271 |
+# Distributed under the terms of the GNU General Public License v2 |
272 |
+ |
273 |
+depend() { |
274 |
+ use dns |
275 |
+} |
276 |
+ |
277 |
+checkconfig() { |
278 |
+ # Note that /etc/chrony/chrony.keys is *NOT* checked. This |
279 |
+ # is because the user may have specified another key |
280 |
+ # file, and we don't want to force the user to use that |
281 |
+ # exact name for the key file. |
282 |
+ if [ ! -f "${CFGFILE}" ] ; then |
283 |
+ eerror "Please create ${CFGFILE} and the" |
284 |
+ eerror "chrony key file (usually /etc/chrony/chrony.keys)" |
285 |
+ eerror "by using the" |
286 |
+ eerror "" |
287 |
+ eerror " chrony.conf.example" |
288 |
+ eerror " chrony.keys.example" |
289 |
+ eerror "" |
290 |
+ eerror "files (from the documentation directory)" |
291 |
+ eerror "as templates." |
292 |
+ return 1 |
293 |
+ else |
294 |
+ # Actually, I tried it, and chrony seems to ignore the pidfile |
295 |
+ # option. I'm going to leave it here anyway, since you never |
296 |
+ # know if it might be handy |
297 |
+ PIDFILE=`awk '/^ *pidfile/{print $2}' "${CFGFILE}"` |
298 |
+ [ -z "${PIDFILE}" ] && PIDFILE=/run/chrony/chronyd.pid |
299 |
+ fi |
300 |
+ return 0 |
301 |
+} |
302 |
+ |
303 |
+setxtrarg() { |
304 |
+ if [ -c /dev/rtc ]; then |
305 |
+ grep -q '^rtcfile' "${CFGFILE}" && ARGS="${ARGS} -s" |
306 |
+ fi |
307 |
+ grep -q '^dumponexit$' "${CFGFILE}" && ARGS="${ARGS} -r" |
308 |
+ return 0 |
309 |
+} |
310 |
+ |
311 |
+start() { |
312 |
+ checkconfig || return $? |
313 |
+ setxtrarg |
314 |
+ |
315 |
+ [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid |
316 |
+ |
317 |
+ ebegin "Starting chronyd" |
318 |
+ start-stop-daemon \ |
319 |
+ --start \ |
320 |
+ --quiet \ |
321 |
+ --exec /usr/sbin/chronyd \ |
322 |
+ --pidfile "${PIDFILE}" \ |
323 |
+ -- -f "${CFGFILE}" ${ARGS} |
324 |
+ eend $? "Failed to start chronyd" |
325 |
+} |
326 |
+ |
327 |
+stop() { |
328 |
+ checkconfig || return $? |
329 |
+ |
330 |
+ [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid |
331 |
+ |
332 |
+ ebegin "Stopping chronyd" |
333 |
+ start-stop-daemon \ |
334 |
+ --stop \ |
335 |
+ --quiet \ |
336 |
+ --pidfile "${PIDFILE}" |
337 |
+ eend $? "Failed to stop chronyd" |
338 |
+} |