1 |
commit: becfaac19ad2b782a18eae112d64ffe1b59bd75c |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Apr 22 21:54:30 2021 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Apr 22 22:24:55 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=becfaac1 |
7 |
|
8 |
net-misc/chrony: add 4.1_pre1 (unkeyworded) |
9 |
|
10 |
* Bump to 4.1_pre1 |
11 |
* Tidy up IUSE, *DEPEND |
12 |
* Unrestrict tests |
13 |
* Add useful bug references re seccomp and caps. |
14 |
May restore turning on seccomp automatically |
15 |
in a revbump or next pre-release. |
16 |
|
17 |
* Dependency changes/fixes: |
18 |
** Depend on sys-libs/readline when not using libedit |
19 |
** NTS requires GnuTLS, not Nettle |
20 |
** Add more cases for virtual/pkgconfig BDEPEND |
21 |
** Move html? ( asciidoctor ) dependency to BDEPEND |
22 |
|
23 |
Bug: https://bugs.gentoo.org/783915 |
24 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
25 |
|
26 |
net-misc/chrony/Manifest | 2 + |
27 |
.../{chrony-9999.ebuild => chrony-4.1_pre1.ebuild} | 88 ++++++++++++---------- |
28 |
net-misc/chrony/chrony-9999.ebuild | 88 ++++++++++++---------- |
29 |
3 files changed, 102 insertions(+), 76 deletions(-) |
30 |
|
31 |
diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest |
32 |
index d699aaf1a3e..d898b8aa015 100644 |
33 |
--- a/net-misc/chrony/Manifest |
34 |
+++ b/net-misc/chrony/Manifest |
35 |
@@ -1,2 +1,4 @@ |
36 |
DIST chrony-4.0.tar.gz 546939 BLAKE2B 1d4035977be3603b34024c5c1c2aa5f2b4aca03fe7dc1eb41be2e9aeefa06e20a5f74776c50bdadaffba10ae25e7980bcbd9cf2b999bd73087728afe7a80253e SHA512 a1c11a386c43f495910f7f2e9b5fbb1652c3631471d182b9b8203dfef98611d11535ad547a879856551263aed0ae2e30e4135b8ed89553684706166bc1c725c9 |
37 |
DIST chrony-4.0.tar.gz.asc 195 BLAKE2B 1947a73f35eb5c58f91775d76473210a7b5edff5b808e360eb0c3724351c54ac4f187a2aa4450830130da718c6a0c488baa170ca87e7e6eac781d85c67b3773f SHA512 c3156d91f4fdb6f9e2fdbc83b1399afb0ecdfa9b7bc92648c5bce477c3f0f921d2a13aa21ac6c281f18b008c60f08e3db6d82b642b646f064aea1dbe19295c4c |
38 |
+DIST chrony-4.1-pre1.tar.gz 563277 BLAKE2B 474d27d0e402d83bda52125940b8205119519b93571e6b8df3fea5eeb5f1f3babbcc40bc81db77bc345830d5e9528ad087ff539026a1a585ce220feeb851e978 SHA512 03e28e6651d6aa3c99333b94ee503843c3a69b8c8366bf647c41a3a9e34e987c440e289ec16e5c62c2a7405271bddc533efbd59d6c6ab43712c8908dfb86322e |
39 |
+DIST chrony-4.1-pre1.tar.gz.asc 195 BLAKE2B 4a06b35be3257a52cc824e2acfdff32b6598d1744bc23418e89291d71d6d9a86c35559eab26034ce2e05c4152ffb691b5ec4104dc339821e93523c33c8cbdd72 SHA512 8eb695c3f85f90d02b22b1202c8766347289a6da1d0658a3d89eed90202799bcfc647b96e5f931fb862011e85feed5f4914b39e45a3e20f01827509fe271a2d7 |
40 |
|
41 |
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-4.1_pre1.ebuild |
42 |
similarity index 75% |
43 |
copy from net-misc/chrony/chrony-9999.ebuild |
44 |
copy to net-misc/chrony/chrony-4.1_pre1.ebuild |
45 |
index bf4786c5977..91a9a012460 100644 |
46 |
--- a/net-misc/chrony/chrony-9999.ebuild |
47 |
+++ b/net-misc/chrony/chrony-4.1_pre1.ebuild |
48 |
@@ -8,7 +8,7 @@ inherit systemd tmpfiles toolchain-funcs |
49 |
DESCRIPTION="NTP client and server programs" |
50 |
HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git" |
51 |
|
52 |
-if [[ ${PV} == "9999" ]]; then |
53 |
+if [[ ${PV} == "9999" ]] ; then |
54 |
EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git" |
55 |
inherit git-r3 |
56 |
else |
57 |
@@ -16,15 +16,18 @@ else |
58 |
inherit verify-sig |
59 |
|
60 |
SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz" |
61 |
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P}-tar-gz-asc.txt -> ${P}.tar.gz.asc )" |
62 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" |
63 |
+ SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" |
64 |
+ |
65 |
+ if [[ ${PV} != *_pre* ]] ; then |
66 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" |
67 |
+ fi |
68 |
fi |
69 |
|
70 |
S="${WORKDIR}/${P/_/-}" |
71 |
|
72 |
LICENSE="GPL-2" |
73 |
SLOT="0" |
74 |
-IUSE="+caps +cmdmon debug html ipv6 libedit +nettle nss +ntp +phc +nts pps +refclock +rtc samba +seccomp +sechash selinux libtomcrypt" |
75 |
+IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux" |
76 |
# nettle > nss > libtomcrypt in configure |
77 |
REQUIRED_USE=" |
78 |
sechash? ( || ( nettle nss libtomcrypt ) ) |
79 |
@@ -33,15 +36,9 @@ REQUIRED_USE=" |
80 |
libtomcrypt? ( !nettle !nss ) |
81 |
!sechash? ( !nss ) |
82 |
!sechash? ( !nts? ( !nettle ) ) |
83 |
- nts? ( nettle ) |
84 |
-" |
85 |
-RESTRICT="test" |
86 |
- |
87 |
-BDEPEND=" |
88 |
- nettle? ( virtual/pkgconfig ) |
89 |
" |
90 |
|
91 |
-if [[ ${PV} == "9999" ]]; then |
92 |
+if [[ ${PV} == "9999" ]] ; then |
93 |
# Needed for doc generation in 9999 |
94 |
REQUIRED_USE+=" html" |
95 |
BDEPEND+=" virtual/w3m" |
96 |
@@ -55,18 +52,26 @@ DEPEND=" |
97 |
acct-user/ntp |
98 |
sys-libs/libcap |
99 |
) |
100 |
- nts? ( net-libs/gnutls:= ) |
101 |
libedit? ( dev-libs/libedit ) |
102 |
+ !libedit? ( sys-libs/readline:= ) |
103 |
nettle? ( dev-libs/nettle:= ) |
104 |
nss? ( dev-libs/nss:= ) |
105 |
- seccomp? ( sys-libs/libseccomp ) |
106 |
- html? ( dev-ruby/asciidoctor ) |
107 |
+ nts? ( net-libs/gnutls:= ) |
108 |
pps? ( net-misc/pps-tools ) |
109 |
+ seccomp? ( sys-libs/libseccomp ) |
110 |
" |
111 |
RDEPEND=" |
112 |
${DEPEND} |
113 |
selinux? ( sec-policy/selinux-chronyd ) |
114 |
" |
115 |
+BDEPEND=" |
116 |
+ html? ( dev-ruby/asciidoctor ) |
117 |
+ nts? ( virtual/pkgconfig ) |
118 |
+ sechash? ( |
119 |
+ nettle? ( virtual/pkgconfig ) |
120 |
+ nss? ( virtual/pkgconfig ) |
121 |
+ ) |
122 |
+" |
123 |
|
124 |
PATCHES=( |
125 |
"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch |
126 |
@@ -84,13 +89,13 @@ src_prepare() { |
127 |
} |
128 |
|
129 |
src_configure() { |
130 |
- if ! use caps; then |
131 |
+ if ! use caps ; then |
132 |
sed -i \ |
133 |
-e 's/ -u ntp//' \ |
134 |
"${T}"/chronyd.conf examples/chronyd.service || die |
135 |
fi |
136 |
|
137 |
- if ! use seccomp; then |
138 |
+ if ! use seccomp ; then |
139 |
sed -i \ |
140 |
-e 's/ -F 0//' \ |
141 |
"${T}"/chronyd.conf examples/chronyd.service || die |
142 |
@@ -102,26 +107,28 @@ src_configure() { |
143 |
# on a system that is time-synced. |
144 |
export SOURCE_DATE_EPOCH=1607976314 |
145 |
|
146 |
- # not an autotools generated script |
147 |
+ # Not an autotools generated script |
148 |
local myconf=( |
149 |
$(use_enable seccomp scfilter) |
150 |
- $(usex caps '' --disable-linuxcaps) |
151 |
- $(usex cmdmon '' --disable-cmdmon) |
152 |
+ |
153 |
+ $(usex caps '' '--disable-linuxcaps') |
154 |
+ $(usex cmdmon '' '--disable-cmdmon') |
155 |
$(usex debug '--enable-debug' '') |
156 |
- $(usex ipv6 '' --disable-ipv6) |
157 |
- $(usex libedit '' --without-editline) |
158 |
- $(usex nettle '' --without-nettle) |
159 |
- $(usex nss '' --without-nss) |
160 |
- $(usex ntp '' --disable-ntp) |
161 |
- $(usex nts '' --disable-nts) |
162 |
- $(usex nts '' --without-gnutls) |
163 |
- $(usex phc '' --disable-phc) |
164 |
- $(usex pps '' --disable-pps) |
165 |
- $(usex refclock '' --disable-refclock) |
166 |
- $(usex rtc '' --disable-rtc) |
167 |
- $(usex samba --enable-ntp-signd '') |
168 |
- $(usex sechash '' --disable-sechash) |
169 |
- $(usex libtomcrypt '' --disable-tomcrypt) |
170 |
+ $(usex ipv6 '' '--disable-ipv6') |
171 |
+ $(usex libedit '' '--without-editline') |
172 |
+ $(usex libtomcrypt '' '--without-tomcrypt') |
173 |
+ $(usex nettle '' '--without-nettle') |
174 |
+ $(usex nss '' '--without-nss') |
175 |
+ $(usex ntp '' '--disable-ntp') |
176 |
+ $(usex nts '' '--disable-nts') |
177 |
+ $(usex nts '' '--without-gnutls') |
178 |
+ $(usex phc '' '--disable-phc') |
179 |
+ $(usex pps '' '--disable-pps') |
180 |
+ $(usex refclock '' '--disable-refclock') |
181 |
+ $(usex rtc '' '--disable-rtc') |
182 |
+ $(usex samba '--enable-ntp-signd' '') |
183 |
+ $(usex sechash '' '--disable-sechash') |
184 |
+ |
185 |
--chronysockdir="${EPREFIX}/run/chrony" |
186 |
--docdir="${EPREFIX}/usr/share/doc/${PF}" |
187 |
--mandir="${EPREFIX}/usr/share/man" |
188 |
@@ -129,17 +136,18 @@ src_configure() { |
189 |
--sysconfdir="${EPREFIX}/etc/chrony" |
190 |
--with-hwclockfile="${EPREFIX}/etc/adjtime" |
191 |
--with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" |
192 |
+ |
193 |
${EXTRA_ECONF} |
194 |
) |
195 |
|
196 |
- # print the ./configure call |
197 |
+ # Print the ./configure call |
198 |
echo sh ./configure "${myconf[@]}" >&2 |
199 |
sh ./configure "${myconf[@]}" || die |
200 |
} |
201 |
|
202 |
src_compile() { |
203 |
- if [[ ${PV} == "9999" ]]; then |
204 |
- # uses w3m |
205 |
+ if [[ ${PV} == "9999" ]] ; then |
206 |
+ # Uses w3m |
207 |
emake -C doc man txt |
208 |
fi |
209 |
|
210 |
@@ -160,16 +168,17 @@ src_install() { |
211 |
|
212 |
newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" |
213 |
|
214 |
- if use html; then |
215 |
+ if use html ; then |
216 |
docinto html |
217 |
dodoc doc/*.html |
218 |
fi |
219 |
|
220 |
keepdir /var/{lib,log}/chrony |
221 |
|
222 |
- if use caps; then |
223 |
+ if use caps ; then |
224 |
# Prepare a directory for the chrony.drift file (a la ntpsec) |
225 |
# Ensures the environment is sane on new installs |
226 |
+ # bug #711058 |
227 |
fowners ntp:ntp /var/{lib,log}/chrony |
228 |
fperms 770 /var/lib/chrony |
229 |
fi |
230 |
@@ -201,6 +210,7 @@ pkg_postinst() { |
231 |
|
232 |
if [[ -n "${REPLACING_VERSIONS}" ]] ; then |
233 |
if use caps && ! ${HAD_CAPS} ; then |
234 |
+ # bug #719876 |
235 |
ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" |
236 |
ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" |
237 |
ewarn "This is necessary for chrony to drop privileges" |
238 |
@@ -209,6 +219,8 @@ pkg_postinst() { |
239 |
fi |
240 |
fi |
241 |
|
242 |
+ # TODO: Will try to re-enable before final release ideally? |
243 |
+ # bug #783915 |
244 |
if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then |
245 |
elog "To enable seccomp in enforcing mode, please modify:" |
246 |
elog "- /etc/conf.d/chronyd for OpenRC" |
247 |
|
248 |
diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild |
249 |
index bf4786c5977..91a9a012460 100644 |
250 |
--- a/net-misc/chrony/chrony-9999.ebuild |
251 |
+++ b/net-misc/chrony/chrony-9999.ebuild |
252 |
@@ -8,7 +8,7 @@ inherit systemd tmpfiles toolchain-funcs |
253 |
DESCRIPTION="NTP client and server programs" |
254 |
HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git" |
255 |
|
256 |
-if [[ ${PV} == "9999" ]]; then |
257 |
+if [[ ${PV} == "9999" ]] ; then |
258 |
EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git" |
259 |
inherit git-r3 |
260 |
else |
261 |
@@ -16,15 +16,18 @@ else |
262 |
inherit verify-sig |
263 |
|
264 |
SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz" |
265 |
- SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P}-tar-gz-asc.txt -> ${P}.tar.gz.asc )" |
266 |
- KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" |
267 |
+ SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" |
268 |
+ |
269 |
+ if [[ ${PV} != *_pre* ]] ; then |
270 |
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" |
271 |
+ fi |
272 |
fi |
273 |
|
274 |
S="${WORKDIR}/${P/_/-}" |
275 |
|
276 |
LICENSE="GPL-2" |
277 |
SLOT="0" |
278 |
-IUSE="+caps +cmdmon debug html ipv6 libedit +nettle nss +ntp +phc +nts pps +refclock +rtc samba +seccomp +sechash selinux libtomcrypt" |
279 |
+IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux" |
280 |
# nettle > nss > libtomcrypt in configure |
281 |
REQUIRED_USE=" |
282 |
sechash? ( || ( nettle nss libtomcrypt ) ) |
283 |
@@ -33,15 +36,9 @@ REQUIRED_USE=" |
284 |
libtomcrypt? ( !nettle !nss ) |
285 |
!sechash? ( !nss ) |
286 |
!sechash? ( !nts? ( !nettle ) ) |
287 |
- nts? ( nettle ) |
288 |
-" |
289 |
-RESTRICT="test" |
290 |
- |
291 |
-BDEPEND=" |
292 |
- nettle? ( virtual/pkgconfig ) |
293 |
" |
294 |
|
295 |
-if [[ ${PV} == "9999" ]]; then |
296 |
+if [[ ${PV} == "9999" ]] ; then |
297 |
# Needed for doc generation in 9999 |
298 |
REQUIRED_USE+=" html" |
299 |
BDEPEND+=" virtual/w3m" |
300 |
@@ -55,18 +52,26 @@ DEPEND=" |
301 |
acct-user/ntp |
302 |
sys-libs/libcap |
303 |
) |
304 |
- nts? ( net-libs/gnutls:= ) |
305 |
libedit? ( dev-libs/libedit ) |
306 |
+ !libedit? ( sys-libs/readline:= ) |
307 |
nettle? ( dev-libs/nettle:= ) |
308 |
nss? ( dev-libs/nss:= ) |
309 |
- seccomp? ( sys-libs/libseccomp ) |
310 |
- html? ( dev-ruby/asciidoctor ) |
311 |
+ nts? ( net-libs/gnutls:= ) |
312 |
pps? ( net-misc/pps-tools ) |
313 |
+ seccomp? ( sys-libs/libseccomp ) |
314 |
" |
315 |
RDEPEND=" |
316 |
${DEPEND} |
317 |
selinux? ( sec-policy/selinux-chronyd ) |
318 |
" |
319 |
+BDEPEND=" |
320 |
+ html? ( dev-ruby/asciidoctor ) |
321 |
+ nts? ( virtual/pkgconfig ) |
322 |
+ sechash? ( |
323 |
+ nettle? ( virtual/pkgconfig ) |
324 |
+ nss? ( virtual/pkgconfig ) |
325 |
+ ) |
326 |
+" |
327 |
|
328 |
PATCHES=( |
329 |
"${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch |
330 |
@@ -84,13 +89,13 @@ src_prepare() { |
331 |
} |
332 |
|
333 |
src_configure() { |
334 |
- if ! use caps; then |
335 |
+ if ! use caps ; then |
336 |
sed -i \ |
337 |
-e 's/ -u ntp//' \ |
338 |
"${T}"/chronyd.conf examples/chronyd.service || die |
339 |
fi |
340 |
|
341 |
- if ! use seccomp; then |
342 |
+ if ! use seccomp ; then |
343 |
sed -i \ |
344 |
-e 's/ -F 0//' \ |
345 |
"${T}"/chronyd.conf examples/chronyd.service || die |
346 |
@@ -102,26 +107,28 @@ src_configure() { |
347 |
# on a system that is time-synced. |
348 |
export SOURCE_DATE_EPOCH=1607976314 |
349 |
|
350 |
- # not an autotools generated script |
351 |
+ # Not an autotools generated script |
352 |
local myconf=( |
353 |
$(use_enable seccomp scfilter) |
354 |
- $(usex caps '' --disable-linuxcaps) |
355 |
- $(usex cmdmon '' --disable-cmdmon) |
356 |
+ |
357 |
+ $(usex caps '' '--disable-linuxcaps') |
358 |
+ $(usex cmdmon '' '--disable-cmdmon') |
359 |
$(usex debug '--enable-debug' '') |
360 |
- $(usex ipv6 '' --disable-ipv6) |
361 |
- $(usex libedit '' --without-editline) |
362 |
- $(usex nettle '' --without-nettle) |
363 |
- $(usex nss '' --without-nss) |
364 |
- $(usex ntp '' --disable-ntp) |
365 |
- $(usex nts '' --disable-nts) |
366 |
- $(usex nts '' --without-gnutls) |
367 |
- $(usex phc '' --disable-phc) |
368 |
- $(usex pps '' --disable-pps) |
369 |
- $(usex refclock '' --disable-refclock) |
370 |
- $(usex rtc '' --disable-rtc) |
371 |
- $(usex samba --enable-ntp-signd '') |
372 |
- $(usex sechash '' --disable-sechash) |
373 |
- $(usex libtomcrypt '' --disable-tomcrypt) |
374 |
+ $(usex ipv6 '' '--disable-ipv6') |
375 |
+ $(usex libedit '' '--without-editline') |
376 |
+ $(usex libtomcrypt '' '--without-tomcrypt') |
377 |
+ $(usex nettle '' '--without-nettle') |
378 |
+ $(usex nss '' '--without-nss') |
379 |
+ $(usex ntp '' '--disable-ntp') |
380 |
+ $(usex nts '' '--disable-nts') |
381 |
+ $(usex nts '' '--without-gnutls') |
382 |
+ $(usex phc '' '--disable-phc') |
383 |
+ $(usex pps '' '--disable-pps') |
384 |
+ $(usex refclock '' '--disable-refclock') |
385 |
+ $(usex rtc '' '--disable-rtc') |
386 |
+ $(usex samba '--enable-ntp-signd' '') |
387 |
+ $(usex sechash '' '--disable-sechash') |
388 |
+ |
389 |
--chronysockdir="${EPREFIX}/run/chrony" |
390 |
--docdir="${EPREFIX}/usr/share/doc/${PF}" |
391 |
--mandir="${EPREFIX}/usr/share/man" |
392 |
@@ -129,17 +136,18 @@ src_configure() { |
393 |
--sysconfdir="${EPREFIX}/etc/chrony" |
394 |
--with-hwclockfile="${EPREFIX}/etc/adjtime" |
395 |
--with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" |
396 |
+ |
397 |
${EXTRA_ECONF} |
398 |
) |
399 |
|
400 |
- # print the ./configure call |
401 |
+ # Print the ./configure call |
402 |
echo sh ./configure "${myconf[@]}" >&2 |
403 |
sh ./configure "${myconf[@]}" || die |
404 |
} |
405 |
|
406 |
src_compile() { |
407 |
- if [[ ${PV} == "9999" ]]; then |
408 |
- # uses w3m |
409 |
+ if [[ ${PV} == "9999" ]] ; then |
410 |
+ # Uses w3m |
411 |
emake -C doc man txt |
412 |
fi |
413 |
|
414 |
@@ -160,16 +168,17 @@ src_install() { |
415 |
|
416 |
newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" |
417 |
|
418 |
- if use html; then |
419 |
+ if use html ; then |
420 |
docinto html |
421 |
dodoc doc/*.html |
422 |
fi |
423 |
|
424 |
keepdir /var/{lib,log}/chrony |
425 |
|
426 |
- if use caps; then |
427 |
+ if use caps ; then |
428 |
# Prepare a directory for the chrony.drift file (a la ntpsec) |
429 |
# Ensures the environment is sane on new installs |
430 |
+ # bug #711058 |
431 |
fowners ntp:ntp /var/{lib,log}/chrony |
432 |
fperms 770 /var/lib/chrony |
433 |
fi |
434 |
@@ -201,6 +210,7 @@ pkg_postinst() { |
435 |
|
436 |
if [[ -n "${REPLACING_VERSIONS}" ]] ; then |
437 |
if use caps && ! ${HAD_CAPS} ; then |
438 |
+ # bug #719876 |
439 |
ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" |
440 |
ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" |
441 |
ewarn "This is necessary for chrony to drop privileges" |
442 |
@@ -209,6 +219,8 @@ pkg_postinst() { |
443 |
fi |
444 |
fi |
445 |
|
446 |
+ # TODO: Will try to re-enable before final release ideally? |
447 |
+ # bug #783915 |
448 |
if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then |
449 |
elog "To enable seccomp in enforcing mode, please modify:" |
450 |
elog "- /etc/conf.d/chronyd for OpenRC" |