[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/, net-misc/chrony/files/ - gentoo-commits

From:	Thomas Deutschmann <whissi@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/, net-misc/chrony/files/
Date:	Mon, 30 Mar 2020 18:36:58
Message-Id:	`1585593404.a2c99543bfd3245724e21089a617f28d828c5548.whissi@gentoo`

1

commit:     a2c99543bfd3245724e21089a617f28d828c5548

2

Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>

3

AuthorDate: Sun Mar 15 20:53:29 2020 +0000

4

Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>

5

CommitDate: Mon Mar 30 18:36:44 2020 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2c99543

7

8

net-misc/chrony: Enable seccomp filtering when USE=seccomp

9

10

We already have USE=seccomp but chronyd won't do anything unless

11

-F is set to 1. We could also set -F -1 which will log any syscalls

12

which would've been blocked but won't deny them.

13

14

Also fixes systemd for previous commit.

15

16

Bug: https://bugs.gentoo.org/711058

17

Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>

18

Closes: https://github.com/gentoo/gentoo/pull/14973

19

Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

20

21

 net-misc/chrony/chrony-3.5-r3.ebuild               | 30 ++++++++++---------

22

 ...ony-3.5-r3.ebuild => chrony-4.0_pre1-r1.ebuild} | 35 ++++++++++++----------

23

 net-misc/chrony/chrony-9999.ebuild                 | 30 ++++++++++---------

24

 .../files/chrony-3.5-r3-systemd-gentoo.patch       | 12 ++++++++

25

 net-misc/chrony/files/chronyd.conf                 |  2 +-

26

 5 files changed, 65 insertions(+), 44 deletions(-)

27

28

diff --git a/net-misc/chrony/chrony-3.5-r3.ebuild b/net-misc/chrony/chrony-3.5-r3.ebuild

29

index 3f11f8dd951..229f5b27506 100644

30

--- a/net-misc/chrony/chrony-3.5-r3.ebuild

31

+++ b/net-misc/chrony/chrony-3.5-r3.ebuild

32

@@ -12,8 +12,8 @@ SLOT="0"

33

34

 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"

35

 IUSE="

36

-	+adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc

37

-	seccomp selinux

38

+	+adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc

39

+	+seccomp selinux

40

"

41

 REQUIRED_USE="

42

 	?? ( libedit readline )

43

@@ -42,7 +42,7 @@ S="${WORKDIR}/${P/_/-}"

44

45

 PATCHES=(

46

 	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch

47

-	"${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch

48

+	"${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch

49

)

50

51

 src_prepare() {

52

@@ -52,13 +52,20 @@ src_prepare() {

53

 		doc/* examples/* || die

54

55

 	# Copy for potential user fixup

56

-	cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf

57

+	cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf

58

+	cp examples/chronyd.service "${T}"/chronyd.service

59

60

 	# Set config for privdrop

61

 	if ! use caps; then

62

 		sed -i \

63

 			-e 's/-u ntp//' \

64

-			"${T}"/chronyd.conf || die

65

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

66

+	fi

67

+

68

+	if ! use seccomp; then

69

+		sed -i \

70

+			-e 's/-F 1//' \

71

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

72

fi

73

}

74

75

@@ -135,16 +142,11 @@ src_install() {

76

 	insinto /etc/logrotate.d

77

 	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony

78

79

-	systemd_dounit examples/{chronyd,chrony-wait}.service

80

+	systemd_dounit "${T}"/chronyd.service

81

+	systemd_dounit examples/chrony-wait.service

82

 	systemd_enable_ntpunit 50-chrony chronyd.service

83

}

84

85

-pkg_preinst() {

86

-	if use caps && has_version net-misc/chrony[-caps]; then

87

-		elog "/run/chronyd needs ntp:ntp permissions; please check."

88

-		elog "The safest option is reboot, but you may chown manually."

89

-	elif ! use caps && has_version net-misc/chrony[caps]; then

90

-		elog "/run/chronyd needs root:root permissions; please check."

91

-		elog "The safest option is reboot, but you may chown manually."

92

-	fi

93

+pkg_postinst() {

94

+	tmpfiles_process chronyd.conf

95

}

96

97

diff --git a/net-misc/chrony/chrony-3.5-r3.ebuild b/net-misc/chrony/chrony-4.0_pre1-r1.ebuild

98

similarity index 81%

99

copy from net-misc/chrony/chrony-3.5-r3.ebuild

100

copy to net-misc/chrony/chrony-4.0_pre1-r1.ebuild

101

index 3f11f8dd951..af44e004523 100644

102

--- a/net-misc/chrony/chrony-3.5-r3.ebuild

103

+++ b/net-misc/chrony/chrony-4.0_pre1-r1.ebuild

104

@@ -12,16 +12,18 @@ SLOT="0"

105

106

 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"

107

 IUSE="

108

-	+adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc

109

-	seccomp selinux

110

+	+adns +caps +cmdmon html ipv6 libedit +nettle +ntp +phc pps readline +refclock +rtc

111

+	+seccomp +sechash selinux

112

"

113

 REQUIRED_USE="

114

 	?? ( libedit readline )

115

+	sechash? ( nettle )

116

"

117

118

 CDEPEND="

119

 	caps? ( sys-libs/libcap )

120

 	libedit? ( dev-libs/libedit )

121

+	nettle? ( dev-libs/nettle )

122

 	readline? ( >=sys-libs/readline-4.1-r4:= )

123

 	seccomp? ( sys-libs/libseccomp )

124

"

125

@@ -42,7 +44,7 @@ S="${WORKDIR}/${P/_/-}"

126

127

 PATCHES=(

128

 	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch

129

-	"${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch

130

+	"${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch

131

)

132

133

 src_prepare() {

134

@@ -52,13 +54,20 @@ src_prepare() {

135

 		doc/* examples/* || die

136

137

 	# Copy for potential user fixup

138

-	cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf

139

+	cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf

140

+	cp examples/chronyd.service "${T}"/chronyd.service

141

142

 	# Set config for privdrop

143

 	if ! use caps; then

144

 		sed -i \

145

 			-e 's/-u ntp//' \

146

-			"${T}"/chronyd.conf || die

147

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

148

+	fi

149

+

150

+	if ! use seccomp; then

151

+		sed -i \

152

+			-e 's/-F 1//' \

153

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

154

fi

155

}

156

157

@@ -84,15 +93,16 @@ src_configure() {

158

 		$(usex caps '' --disable-linuxcaps)

159

 		$(usex cmdmon '' --disable-cmdmon)

160

 		$(usex ipv6 '' --disable-ipv6)

161

+		$(usex nettle '' --without-nettle)

162

 		$(usex ntp '' --disable-ntp)

163

 		$(usex phc '' --disable-phc)

164

 		$(usex pps '' --disable-pps)

165

 		$(usex refclock '' --disable-refclock)

166

 		$(usex rtc '' --disable-rtc)

167

+		$(usex sechash '' --disable-sechash)

168

 		${CHRONY_EDITLINE}

169

 		${EXTRA_ECONF}

170

 		--chronysockdir="${EPREFIX}/run/chrony"

171

-		--disable-sechash

172

 		--docdir="${EPREFIX}/usr/share/doc/${PF}"

173

 		--mandir="${EPREFIX}/usr/share/man"

174

 		--prefix="${EPREFIX}/usr"

175

@@ -135,16 +145,11 @@ src_install() {

176

 	insinto /etc/logrotate.d

177

 	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony

178

179

-	systemd_dounit examples/{chronyd,chrony-wait}.service

180

+	systemd_dounit "${T}"/chronyd.service

181

+	systemd_dounit examples/chrony-wait.service

182

 	systemd_enable_ntpunit 50-chrony chronyd.service

183

}

184

185

-pkg_preinst() {

186

-	if use caps && has_version net-misc/chrony[-caps]; then

187

-		elog "/run/chronyd needs ntp:ntp permissions; please check."

188

-		elog "The safest option is reboot, but you may chown manually."

189

-	elif ! use caps && has_version net-misc/chrony[caps]; then

190

-		elog "/run/chronyd needs root:root permissions; please check."

191

-		elog "The safest option is reboot, but you may chown manually."

192

-	fi

193

+pkg_postinst() {

194

+	tmpfiles_process chronyd.conf

195

}

196

197

diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild

198

index 5b03ec4fe42..543cabf61d5 100644

199

--- a/net-misc/chrony/chrony-9999.ebuild

200

+++ b/net-misc/chrony/chrony-9999.ebuild

201

@@ -12,8 +12,8 @@ SLOT="0"

202

203

 KEYWORDS=""

204

 IUSE="

205

-	+adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc

206

-	seccomp selinux

207

+	+adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc

208

+	+seccomp selinux

209

"

210

 REQUIRED_USE="

211

 	?? ( libedit readline )

212

@@ -40,7 +40,7 @@ S="${WORKDIR}/${P/_/-}"

213

214

 PATCHES=(

215

 	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch

216

-	"${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch

217

+	"${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch

218

)

219

220

 src_prepare() {

221

@@ -50,13 +50,20 @@ src_prepare() {

222

 		doc/* examples/* || die

223

224

 	# Copy for potential user fixup

225

-	cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf

226

+	cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf

227

+	cp examples/chronyd.service "${T}"/chronyd.service

228

229

 	# Set config for privdrop

230

 	if ! use caps; then

231

 		sed -i \

232

 			-e 's/-u ntp//' \

233

-			"${T}"/chronyd.conf || die

234

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

235

+	fi

236

+

237

+	if ! use seccomp; then

238

+		sed -i \

239

+			-e 's/-F 1//' \

240

+			"${T}"/chronyd.conf "${T}"/chronyd.service || die

241

fi

242

}

243

244

@@ -131,16 +138,11 @@ src_install() {

245

 	insinto /etc/logrotate.d

246

 	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony

247

248

-	systemd_dounit examples/{chronyd,chrony-wait}.service

249

+	systemd_dounit "${T}"/chronyd.service

250

+	systemd_dounit examples/chrony-wait.service

251

 	systemd_enable_ntpunit 50-chrony chronyd.service

252

}

253

254

-pkg_preinst() {

255

-	if use caps && has_version net-misc/chrony[-caps]; then

256

-		elog "/run/chronyd needs ntp:ntp permissions; please check."

257

-		elog "The safest option is reboot, but you may chown manually."

258

-	elif ! use caps && has_version net-misc/chrony[caps]; then

259

-		elog "/run/chronyd needs root:root permissions; please check."

260

-		elog "The safest option is reboot, but you may chown manually."

261

-	fi

262

+pkg_postinst() {

263

+	tmpfiles_process chronyd.conf

264

}

265

266

diff --git a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch

267

new file mode 100644

268

index 00000000000..0ea3c921980

269

--- /dev/null

270

+++ b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch

271

@@ -0,0 +1,12 @@

272

+--- a/examples/chronyd.service

273

++++ b/examples/chronyd.service

274

+@@ -8,8 +8,7 @@

275

+ [Service]

276

+ Type=forking

277

+ PIDFile=/run/chrony/chronyd.pid

278

+-EnvironmentFile=-/etc/sysconfig/chronyd

279

+-ExecStart=/usr/sbin/chronyd $OPTIONS

280

++ExecStart=/usr/sbin/chronyd -u ntp -F 1

281

+ PrivateTmp=yes

282

+ ProtectHome=yes

283

+ ProtectSystem=full

284

285

diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf

286

index c641d985e56..c04f3525f0b 100644

287

--- a/net-misc/chrony/files/chronyd.conf

288

+++ b/net-misc/chrony/files/chronyd.conf

289

@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"

290

 # The combination of "-s -r" allows chronyd to perform long term averaging of

291

 # the gain or loss rate across system reboots and shutdowns.

292

293

-ARGS="-u ntp"

294

+ARGS="-u ntp -F 1"

1	commit: a2c99543bfd3245724e21089a617f28d828c5548
2	Author: Sam James (sam_c) <sam <AT> cmpct <DOT> info>
3	AuthorDate: Sun Mar 15 20:53:29 2020 +0000
4	Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
5	CommitDate: Mon Mar 30 18:36:44 2020 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2c99543
7
8	net-misc/chrony: Enable seccomp filtering when USE=seccomp
9
10	We already have USE=seccomp but chronyd won't do anything unless
11	-F is set to 1. We could also set -F -1 which will log any syscalls
12	which would've been blocked but won't deny them.
13
14	Also fixes systemd for previous commit.
15
16	Bug: https://bugs.gentoo.org/711058
17	Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
18	Closes: https://github.com/gentoo/gentoo/pull/14973
19	Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
20
21	net-misc/chrony/chrony-3.5-r3.ebuild \| 30 ++++++++++---------
22	...ony-3.5-r3.ebuild => chrony-4.0_pre1-r1.ebuild} \| 35 ++++++++++++----------
23	net-misc/chrony/chrony-9999.ebuild \| 30 ++++++++++---------
24	.../files/chrony-3.5-r3-systemd-gentoo.patch \| 12 ++++++++
25	net-misc/chrony/files/chronyd.conf \| 2 +-
26	5 files changed, 65 insertions(+), 44 deletions(-)
27
28	diff --git a/net-misc/chrony/chrony-3.5-r3.ebuild b/net-misc/chrony/chrony-3.5-r3.ebuild
29	index 3f11f8dd951..229f5b27506 100644
30	--- a/net-misc/chrony/chrony-3.5-r3.ebuild
31	+++ b/net-misc/chrony/chrony-3.5-r3.ebuild
32	@@ -12,8 +12,8 @@ SLOT="0"
33
34	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
35	IUSE="
36	- +adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
37	- seccomp selinux
38	+ +adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
39	+ +seccomp selinux
40	"
41	REQUIRED_USE="
42	?? ( libedit readline )
43	@@ -42,7 +42,7 @@ S="${WORKDIR}/${P/_/-}"
44
45	PATCHES=(
46	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
47	- "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
48	+ "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
49	)
50
51	src_prepare() {
52	@@ -52,13 +52,20 @@ src_prepare() {
53	doc/* examples/* \|\| die
54
55	# Copy for potential user fixup
56	- cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
57	+ cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
58	+ cp examples/chronyd.service "${T}"/chronyd.service
59
60	# Set config for privdrop
61	if ! use caps; then
62	sed -i \
63	-e 's/-u ntp//' \
64	- "${T}"/chronyd.conf \|\| die
65	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
66	+ fi
67	+
68	+ if ! use seccomp; then
69	+ sed -i \
70	+ -e 's/-F 1//' \
71	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
72	fi
73	}
74
75	@@ -135,16 +142,11 @@ src_install() {
76	insinto /etc/logrotate.d
77	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
78
79	- systemd_dounit examples/{chronyd,chrony-wait}.service
80	+ systemd_dounit "${T}"/chronyd.service
81	+ systemd_dounit examples/chrony-wait.service
82	systemd_enable_ntpunit 50-chrony chronyd.service
83	}
84
85	-pkg_preinst() {
86	- if use caps && has_version net-misc/chrony[-caps]; then
87	- elog "/run/chronyd needs ntp:ntp permissions; please check."
88	- elog "The safest option is reboot, but you may chown manually."
89	- elif ! use caps && has_version net-misc/chrony[caps]; then
90	- elog "/run/chronyd needs root:root permissions; please check."
91	- elog "The safest option is reboot, but you may chown manually."
92	- fi
93	+pkg_postinst() {
94	+ tmpfiles_process chronyd.conf
95	}
96
97	diff --git a/net-misc/chrony/chrony-3.5-r3.ebuild b/net-misc/chrony/chrony-4.0_pre1-r1.ebuild
98	similarity index 81%
99	copy from net-misc/chrony/chrony-3.5-r3.ebuild
100	copy to net-misc/chrony/chrony-4.0_pre1-r1.ebuild
101	index 3f11f8dd951..af44e004523 100644
102	--- a/net-misc/chrony/chrony-3.5-r3.ebuild
103	+++ b/net-misc/chrony/chrony-4.0_pre1-r1.ebuild
104	@@ -12,16 +12,18 @@ SLOT="0"
105
106	KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86"
107	IUSE="
108	- +adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
109	- seccomp selinux
110	+ +adns +caps +cmdmon html ipv6 libedit +nettle +ntp +phc pps readline +refclock +rtc
111	+ +seccomp +sechash selinux
112	"
113	REQUIRED_USE="
114	?? ( libedit readline )
115	+ sechash? ( nettle )
116	"
117
118	CDEPEND="
119	caps? ( sys-libs/libcap )
120	libedit? ( dev-libs/libedit )
121	+ nettle? ( dev-libs/nettle )
122	readline? ( >=sys-libs/readline-4.1-r4:= )
123	seccomp? ( sys-libs/libseccomp )
124	"
125	@@ -42,7 +44,7 @@ S="${WORKDIR}/${P/_/-}"
126
127	PATCHES=(
128	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
129	- "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
130	+ "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
131	)
132
133	src_prepare() {
134	@@ -52,13 +54,20 @@ src_prepare() {
135	doc/* examples/* \|\| die
136
137	# Copy for potential user fixup
138	- cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
139	+ cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
140	+ cp examples/chronyd.service "${T}"/chronyd.service
141
142	# Set config for privdrop
143	if ! use caps; then
144	sed -i \
145	-e 's/-u ntp//' \
146	- "${T}"/chronyd.conf \|\| die
147	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
148	+ fi
149	+
150	+ if ! use seccomp; then
151	+ sed -i \
152	+ -e 's/-F 1//' \
153	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
154	fi
155	}
156
157	@@ -84,15 +93,16 @@ src_configure() {
158	$(usex caps '' --disable-linuxcaps)
159	$(usex cmdmon '' --disable-cmdmon)
160	$(usex ipv6 '' --disable-ipv6)
161	+ $(usex nettle '' --without-nettle)
162	$(usex ntp '' --disable-ntp)
163	$(usex phc '' --disable-phc)
164	$(usex pps '' --disable-pps)
165	$(usex refclock '' --disable-refclock)
166	$(usex rtc '' --disable-rtc)
167	+ $(usex sechash '' --disable-sechash)
168	${CHRONY_EDITLINE}
169	${EXTRA_ECONF}
170	--chronysockdir="${EPREFIX}/run/chrony"
171	- --disable-sechash
172	--docdir="${EPREFIX}/usr/share/doc/${PF}"
173	--mandir="${EPREFIX}/usr/share/man"
174	--prefix="${EPREFIX}/usr"
175	@@ -135,16 +145,11 @@ src_install() {
176	insinto /etc/logrotate.d
177	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
178
179	- systemd_dounit examples/{chronyd,chrony-wait}.service
180	+ systemd_dounit "${T}"/chronyd.service
181	+ systemd_dounit examples/chrony-wait.service
182	systemd_enable_ntpunit 50-chrony chronyd.service
183	}
184
185	-pkg_preinst() {
186	- if use caps && has_version net-misc/chrony[-caps]; then
187	- elog "/run/chronyd needs ntp:ntp permissions; please check."
188	- elog "The safest option is reboot, but you may chown manually."
189	- elif ! use caps && has_version net-misc/chrony[caps]; then
190	- elog "/run/chronyd needs root:root permissions; please check."
191	- elog "The safest option is reboot, but you may chown manually."
192	- fi
193	+pkg_postinst() {
194	+ tmpfiles_process chronyd.conf
195	}
196
197	diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
198	index 5b03ec4fe42..543cabf61d5 100644
199	--- a/net-misc/chrony/chrony-9999.ebuild
200	+++ b/net-misc/chrony/chrony-9999.ebuild
201	@@ -12,8 +12,8 @@ SLOT="0"
202
203	KEYWORDS=""
204	IUSE="
205	- +adns caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
206	- seccomp selinux
207	+ +adns +caps +cmdmon html ipv6 libedit +ntp +phc pps readline +refclock +rtc
208	+ +seccomp selinux
209	"
210	REQUIRED_USE="
211	?? ( libedit readline )
212	@@ -40,7 +40,7 @@ S="${WORKDIR}/${P/_/-}"
213
214	PATCHES=(
215	"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch
216	- "${FILESDIR}"/${PN}-3.5-systemd-gentoo.patch
217	+ "${FILESDIR}"/${PN}-3.5-r3-systemd-gentoo.patch
218	)
219
220	src_prepare() {
221	@@ -50,13 +50,20 @@ src_prepare() {
222	doc/* examples/* \|\| die
223
224	# Copy for potential user fixup
225	- cp "${FILESDIR}"/chronyd.conf "$T"/chronyd.conf
226	+ cp "${FILESDIR}"/chronyd.conf "${T}"/chronyd.conf
227	+ cp examples/chronyd.service "${T}"/chronyd.service
228
229	# Set config for privdrop
230	if ! use caps; then
231	sed -i \
232	-e 's/-u ntp//' \
233	- "${T}"/chronyd.conf \|\| die
234	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
235	+ fi
236	+
237	+ if ! use seccomp; then
238	+ sed -i \
239	+ -e 's/-F 1//' \
240	+ "${T}"/chronyd.conf "${T}"/chronyd.service \|\| die
241	fi
242	}
243
244	@@ -131,16 +138,11 @@ src_install() {
245	insinto /etc/logrotate.d
246	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
247
248	- systemd_dounit examples/{chronyd,chrony-wait}.service
249	+ systemd_dounit "${T}"/chronyd.service
250	+ systemd_dounit examples/chrony-wait.service
251	systemd_enable_ntpunit 50-chrony chronyd.service
252	}
253
254	-pkg_preinst() {
255	- if use caps && has_version net-misc/chrony[-caps]; then
256	- elog "/run/chronyd needs ntp:ntp permissions; please check."
257	- elog "The safest option is reboot, but you may chown manually."
258	- elif ! use caps && has_version net-misc/chrony[caps]; then
259	- elog "/run/chronyd needs root:root permissions; please check."
260	- elog "The safest option is reboot, but you may chown manually."
261	- fi
262	+pkg_postinst() {
263	+ tmpfiles_process chronyd.conf
264	}
265
266	diff --git a/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
267	new file mode 100644
268	index 00000000000..0ea3c921980
269	--- /dev/null
270	+++ b/net-misc/chrony/files/chrony-3.5-r3-systemd-gentoo.patch
271	@@ -0,0 +1,12 @@
272	+--- a/examples/chronyd.service
273	++++ b/examples/chronyd.service
274	+@@ -8,8 +8,7 @@
275	+ [Service]
276	+ Type=forking
277	+ PIDFile=/run/chrony/chronyd.pid
278	+-EnvironmentFile=-/etc/sysconfig/chronyd
279	+-ExecStart=/usr/sbin/chronyd $OPTIONS
280	++ExecStart=/usr/sbin/chronyd -u ntp -F 1
281	+ PrivateTmp=yes
282	+ ProtectHome=yes
283	+ ProtectSystem=full
284
285	diff --git a/net-misc/chrony/files/chronyd.conf b/net-misc/chrony/files/chronyd.conf
286	index c641d985e56..c04f3525f0b 100644
287	--- a/net-misc/chrony/files/chronyd.conf
288	+++ b/net-misc/chrony/files/chronyd.conf
289	@@ -9,4 +9,4 @@ CFGFILE="/etc/chrony/chrony.conf"
290	# The combination of "-s -r" allows chronyd to perform long term averaging of
291	# the gain or loss rate across system reboots and shutdowns.
292
293	-ARGS="-u ntp"
294	+ARGS="-u ntp -F 1"

Gentoo Archives: gentoo-commits