1 |
commit: 329122445239e1c5e6abf4fbf651a288bf165386 |
2 |
Author: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jan 4 09:53:53 2019 +0000 |
4 |
Commit: Mikle Kolyada <zlogene <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jan 4 09:53:53 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32912244 |
7 |
|
8 |
net-misc/ntp: Security cleanup |
9 |
|
10 |
Signed-off-by: Mikle Kolyada <zlogene <AT> gentoo.org> |
11 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
12 |
|
13 |
net-misc/ntp/Manifest | 2 - |
14 |
net-misc/ntp/ntp-4.2.8_p11.ebuild | 145 -------------------------------------- |
15 |
2 files changed, 147 deletions(-) |
16 |
|
17 |
diff --git a/net-misc/ntp/Manifest b/net-misc/ntp/Manifest |
18 |
index 50ab95c1356..657e596c28f 100644 |
19 |
--- a/net-misc/ntp/Manifest |
20 |
+++ b/net-misc/ntp/Manifest |
21 |
@@ -1,4 +1,2 @@ |
22 |
-DIST ntp-4.2.8p11-manpages.tar.xz 25700 BLAKE2B 8efff006297925e4dfe57abfb8130d0dcb69e804744a597ad92b9969019b87c7b3e44f032187073d3c19092ca92445ce06b93f89f449430fd21cc540f11f5f3b SHA512 403bc238681abaadc838f5a6619851dcd0cfa5bf780e8aeaa94e8f77e776998d1f5142d65e3fa99c23e22e4cb7207d24b059fbbc6ddcf4414f0076a4b6ab4e81 |
23 |
-DIST ntp-4.2.8p11.tar.gz 7076566 BLAKE2B e81ce2093ea7307a565089bba9cb267be64c71499872272cda221d7356676762a23ac1066ddfed7fb803083dbb9b26ca7376ea75277a63ee8de1c70409e81432 SHA512 05ac60f15a6aac50aaf340d40e4e439a421fa6e3d897bf30a69b2cef0cc97f8a6956012bfc6ceba055f4c3485a24f7fb8ebbd055e1875f1c69cbfdc35e71f236 |
24 |
DIST ntp-4.2.8p12-manpages.tar.xz 25700 BLAKE2B 0a84908556e997bdd08a78cd04f7f38a32a8441138f31d0adf7fefc380da79e509bea4a8bc67154501e359638f4edcab561d14cbdd1d573473bd2ea5a14f0c48 SHA512 e6df0099b9f62db63d200702267276ee094e8d00b20a67d2181f3f32fe6b871c49ac2eedbc2186b3255c919820c05eac528718b80afe7ed7ed7654b55c361f7c |
25 |
DIST ntp-4.2.8p12.tar.gz 7079642 BLAKE2B d7d7817afaf9f94bf230951901b7531aff03c0828eecd40ca6fcc836ffd081387837afee44978742b507a9bee58788022fe9556733e8861dcc37d63f5637b3d1 SHA512 5382dcd1bb7feca8f28fc650f68892cb53f9364ebeb3780754cfbe71b1602057fdfd6eb27956afe79014a435624d77e2648d9e07f4d86ce7a98f5a4438d08310 |
26 |
|
27 |
diff --git a/net-misc/ntp/ntp-4.2.8_p11.ebuild b/net-misc/ntp/ntp-4.2.8_p11.ebuild |
28 |
deleted file mode 100644 |
29 |
index 7d4665cbe8a..00000000000 |
30 |
--- a/net-misc/ntp/ntp-4.2.8_p11.ebuild |
31 |
+++ /dev/null |
32 |
@@ -1,145 +0,0 @@ |
33 |
-# Copyright 1999-2018 Gentoo Foundation |
34 |
-# Distributed under the terms of the GNU General Public License v2 |
35 |
- |
36 |
-EAPI=6 |
37 |
- |
38 |
-inherit autotools toolchain-funcs flag-o-matic user systemd |
39 |
- |
40 |
-MY_P=${P/_p/p} |
41 |
-DESCRIPTION="Network Time Protocol suite/programs" |
42 |
-HOMEPAGE="http://www.ntp.org/" |
43 |
-SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar.gz |
44 |
- https://dev.gentoo.org/~polynomial-c/${MY_P}-manpages.tar.xz" |
45 |
- |
46 |
-LICENSE="HPND BSD ISC" |
47 |
-SLOT="0" |
48 |
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint" |
49 |
-IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf" |
50 |
- |
51 |
-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= ) |
52 |
- >=dev-libs/libevent-2.0.9:=[threads?] |
53 |
- kernel_linux? ( caps? ( sys-libs/libcap ) ) |
54 |
- zeroconf? ( net-dns/avahi[mdnsresponder-compat] ) |
55 |
- snmp? ( net-analyzer/net-snmp ) |
56 |
- ssl? ( |
57 |
- !libressl? ( dev-libs/openssl:0= ) |
58 |
- libressl? ( dev-libs/libressl ) |
59 |
- ) |
60 |
- parse-clocks? ( net-misc/pps-tools )" |
61 |
-DEPEND="${CDEPEND} |
62 |
- virtual/pkgconfig" |
63 |
-RDEPEND="${CDEPEND} |
64 |
- selinux? ( sec-policy/selinux-ntp ) |
65 |
- vim-syntax? ( app-vim/ntp-syntax ) |
66 |
- !net-misc/ntpsec |
67 |
- !openntpd? ( !net-misc/openntpd ) |
68 |
-" |
69 |
-PDEPEND="openntpd? ( net-misc/openntpd )" |
70 |
- |
71 |
-S="${WORKDIR}/${MY_P}" |
72 |
- |
73 |
-PATCHES=( |
74 |
- "${FILESDIR}"/${PN}-4.2.8-ipc-caps.patch #533966 |
75 |
- "${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922 |
76 |
- "${FILESDIR}"/${PN}-4.2.8_p10-fix-build-wo-ssl-or-libressl.patch |
77 |
-) |
78 |
- |
79 |
-pkg_setup() { |
80 |
- enewgroup ntp 123 |
81 |
- enewuser ntp 123 -1 /dev/null ntp |
82 |
-} |
83 |
- |
84 |
-src_prepare() { |
85 |
- default |
86 |
- append-cppflags -D_GNU_SOURCE #264109 |
87 |
- # Make sure every build uses the same install layout. #539092 |
88 |
- find sntp/loc/ -type f '!' -name legacy -delete || die |
89 |
- eautoreconf #622754 |
90 |
- # Disable pointless checks. |
91 |
- touch .checkChangeLog .gcc-warning FRC.html html/.datecheck |
92 |
-} |
93 |
- |
94 |
-src_configure() { |
95 |
- # avoid libmd5/libelf |
96 |
- export ac_cv_search_MD5Init=no ac_cv_header_md5_h=no |
97 |
- export ac_cv_lib_elf_nlist=no |
98 |
- # blah, no real configure options #176333 |
99 |
- export ac_cv_header_dns_sd_h=$(usex zeroconf) |
100 |
- export ac_cv_lib_dns_sd_DNSServiceRegister=${ac_cv_header_dns_sd_h} |
101 |
- # Increase the default memlimit from 32MiB to 128MiB. #533232 |
102 |
- local myeconfargs=( |
103 |
- --with-lineeditlibs=readline,edit,editline |
104 |
- --with-yielding-select |
105 |
- --disable-local-libevent |
106 |
- --docdir='$(datarootdir)'/doc/${PF} |
107 |
- --htmldir='$(docdir)/html' |
108 |
- --with-memlock=256 |
109 |
- $(use_enable caps linuxcaps) |
110 |
- $(use_enable parse-clocks) |
111 |
- $(use_enable ipv6) |
112 |
- $(use_enable debug debugging) |
113 |
- $(use_with readline lineeditlibs readline) |
114 |
- $(use_enable samba ntp-signd) |
115 |
- $(use_with snmp ntpsnmpd) |
116 |
- $(use_with ssl crypto) |
117 |
- $(use_enable threads thread-support) |
118 |
- ) |
119 |
- econf "${myeconfargs[@]}" |
120 |
-} |
121 |
- |
122 |
-src_install() { |
123 |
- default |
124 |
- # move ntpd/ntpdate to sbin #66671 |
125 |
- dodir /usr/sbin |
126 |
- mv "${ED%/}"/usr/bin/{ntpd,ntpdate} "${ED%/}"/usr/sbin/ || die "move to sbin" |
127 |
- |
128 |
- dodoc INSTALL WHERE-TO-START |
129 |
- doman "${WORKDIR}"/man/*.[58] |
130 |
- |
131 |
- insinto /etc |
132 |
- doins "${FILESDIR}"/ntp.conf |
133 |
- use ipv6 || sed -i '/^restrict .*::1/d' "${ED%/}"/etc/ntp.conf #524726 |
134 |
- newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd |
135 |
- newconfd "${FILESDIR}"/ntpd.confd ntpd |
136 |
- newinitd "${FILESDIR}"/ntp-client.rc ntp-client |
137 |
- newconfd "${FILESDIR}"/ntp-client.confd ntp-client |
138 |
- newinitd "${FILESDIR}"/sntp.rc sntp |
139 |
- newconfd "${FILESDIR}"/sntp.confd sntp |
140 |
- if ! use caps ; then |
141 |
- sed -i "s|-u ntp:ntp||" "${ED%/}"/etc/conf.d/ntpd || die |
142 |
- fi |
143 |
- sed -i "s:/usr/bin:/usr/sbin:" "${ED%/}"/etc/init.d/ntpd || die |
144 |
- |
145 |
- keepdir /var/lib/ntp |
146 |
- use prefix || fowners ntp:ntp /var/lib/ntp |
147 |
- |
148 |
- if use openntpd ; then |
149 |
- cd "${ED}" || die |
150 |
- rm usr/sbin/ntpd || die |
151 |
- rm -r var/lib || die |
152 |
- rm etc/{conf,init}.d/ntpd || die |
153 |
- rm usr/share/man/*/ntpd.8 || die |
154 |
- else |
155 |
- systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service |
156 |
- if use caps ; then |
157 |
- sed -i '/ExecStart/ s|$| -u ntp:ntp|' \ |
158 |
- "${D%/}$(systemd_get_systemunitdir)"/ntpd.service \ |
159 |
- || die |
160 |
- fi |
161 |
- systemd_enable_ntpunit 60-ntpd ntpd.service |
162 |
- fi |
163 |
- |
164 |
- systemd_newunit "${FILESDIR}"/ntpdate.service-r1 ntpdate.service |
165 |
- systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf |
166 |
- systemd_newunit "${FILESDIR}"/sntp.service-r2 sntp.service |
167 |
- systemd_install_serviced "${FILESDIR}"/sntp.service.conf |
168 |
-} |
169 |
- |
170 |
-pkg_postinst() { |
171 |
- if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then |
172 |
- eerror "The notrust option was found in your /etc/ntp.conf!" |
173 |
- ewarn "If your ntpd starts sending out weird responses," |
174 |
- ewarn "then make sure you have keys properly setup and see" |
175 |
- ewarn "https://bugs.gentoo.org/41827" |
176 |
- fi |
177 |
-} |