1
diff --git a/debian/README.container b/debian/README.container
2
0
new file mode 100644
0
new file mode 100644
3
index 0000000..16f2618
4
--- /dev/null
5
+++ b/debian/README.container
6
@@ -0,0 +1,60 @@
7
1
Chrony in Containers
8
2
--------------------
9
3
10
4
Currently in in 99.9+% of the cases syncing the local clock in a container
11
5
is wrong. Most of the time it will be unable to do so, because it is lacking
12
6
CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
13
7
containers could fight over the system's time, because the Linux kernel does
14
8
not provide time namespaces (yet).
15
9
16
10
There are two things a user installing chrony usually wants:
17
11
1. synchronize my time (NTP client)
18
12
2. serve NTP (NTP server)
19
13
20
14
In a container the first makes (usually) no sense, so by default we enable -x
21
15
there (as it would only crash otherwise).
22
16
This will disable the control of the system clock.
23
17
See `man chronyd` for more details on the -x option.
24
18
25
19
Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
26
20
the crash of the NTP client portion, but that means the server use case will
27
21
not work by default in containers. It is still not recommended to use a
28
22
container as an NTP server, but if the host clock is synchronised via NTP,
29
23
adding the -x option to chronyd instances running in containers will allow
30
24
them to function as NTP servers which do not adjust the system clock.
31
25
The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
32
26
leaving users often unclear what happened - especially if they were more after
33
27
the NTP server than the NTP client.
34
28
35
29
One could argue that someone who installs chrony expects the system time to be
36
30
synchronised, so it should fail if it is not able to do so.  On the other hand
37
31
it could be argued that someone who installs chrony expects time to be served
38
32
over the network via NTP.
39
33
We can't know which expectation is applicable, so we assume that time should
40
34
be synchronised unless chronyd is running in a container (or is without
41
35
CAP_SYS_TIME in any other environment).
42
36
43
37
To make things worse recent container implementations will offer CAP_SYS_TIME
44
38
to the container. Since from the container's point of view, this capability is
45
39
available for the container's user namespace. Just later on adjtimex and similar
46
40
are actually evaluated against the host kernel where they will fail. Due to
47
41
that without further precaution running chrony in Ubuntu in the future will
48
42
likely have the service start (as Condition=CAP_SYS_TIME will be true) but
49
43
then immediately fail.
50
44
This will depend on the environment e.g. versions and types of containers and
51
45
thereby feel just 'unreliable' from users point of view.
52
46
Furthermore it will affect upgrades as the service has to be restarted for a
53
47
package upgrade to be considered complete.
54
48
55
49
Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
56
50
set the system clock) in containers.
57
51
58
52
If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
59
53
environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
60
54
this special handling.
61
55
62
56
It is important to mention that as soon as upstream provides a way to provide
63
57
a default config working in those cases Ubuntu intends to use that and drop
64
58
the current workaround.
65
59
66
60
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
67
diff --git a/debian/changelog b/debian/changelog
68
index 513307a..2ea28a0 100644
69
--- a/debian/changelog
70
+++ b/debian/changelog
71
@@ -1,3 +1,45 @@
72
1
chrony (3.4-1ubuntu1) disco; urgency=medium
73
2
74
3
  * Merge with Debian unstable (LP: #1802886). Remaining changes:
75
4
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
76
5
    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
77
6
      Chrony is a single service which acts as both NTP client (i.e. syncing the
78
7
      local clock) and NTP server (i.e. providing NTP services to the network),
79
8
      and that is both desired and expected in the vast majority of cases.
80
9
      But in containers syncing the local clock is usually impossible, but this
81
10
      shall not break the providing of NTP services to the network.
82
11
      To some extent this makes chrony's default config more similar to 'ntpd',
83
12
      which complained in syslog but still provided NTP server service in those
84
13
      cases.
85
14
      - debian/chrony.service: allow the service to run without CAP_SYS_TIME
86
15
      - debian/control: add new dependency libcap2-bin for capsh (usually
87
16
        installed anyway, but make them explicit to be sure).
88
17
      - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
89
18
        (Default off).
90
19
      - debian/chronyd-starter.sh: wrapper to handle special cases in containers
91
20
        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
92
21
        containers on a default installation and avoid failing to sync time (or
93
22
        if allowed to sync, avoid multiple containers to fight over it by
94
23
        accident).
95
24
      - debian/install: make chronyd-starter.sh available on install.
96
25
      - debian/docs, debian/README.container: provide documentation about the
97
26
        handling of this case.
98
27
    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
99
28
    - Notify chrony to update sources in response to systemd-networkd
100
29
      events (LP: 1718227)
101
30
      - d/links: link dispatcher script to networkd-dispatcher events routable
102
31
        and off
103
32
      - d/control: set Recommends to networkd-dispatcher
104
33
  * Dropped Changes (upstream):
105
34
    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
106
35
    - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
107
36
      the service on newer kernels by falling back to urandom. (LP: 1787366)
108
37
  * Added Changes:
109
38
    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
110
39
      (LP: #1771994)
111
40
112
41
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Nov 2018 11:39:08 +0100
113
42
114
1
chrony (3.4-1) unstable; urgency=medium
43
chrony (3.4-1) unstable; urgency=medium
115
2
44
116
3
  * Import upstream version 3.4:
45
  * Import upstream version 3.4:
117
@@ -74,6 +116,66 @@ chrony (3.3-3) unstable; urgency=medium
118
74
116
119
75
 -- Vincent Blut <vincent.debian@free.fr>  Sat, 18 Aug 2018 16:23:19 +0200
117
 -- Vincent Blut <vincent.debian@free.fr>  Sat, 18 Aug 2018 16:23:19 +0200
120
76
118
121
119
chrony (3.3-2ubuntu2) cosmic; urgency=medium
122
120
123
121
  * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
124
122
      the service on newer kernels by falling back to urandom.
125
123
      (LP: #1787366, Closes: #906276)
126
124
127
125
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 Aug 2018 11:48:38 +0200
128
126
129
127
chrony (3.3-2ubuntu1) cosmic; urgency=medium
130
128
131
129
  * Merge with Debian unstable (LP: #1771061). Remaining changes:
132
130
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
133
131
    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
134
132
      Chrony is a single service which acts as both NTP client (i.e. syncing the
135
133
      local clock) and NTP server (i.e. providing NTP services to the network),
136
134
      and that is both desired and expected in the vast majority of cases.
137
135
      But in containers syncing the local clock is usually impossible, but this
138
136
      shall not break the providing of NTP services to the network.
139
137
      To some extent this makes chrony's default config more similar to 'ntpd',
140
138
      which complained in syslog but still provided NTP server service in those
141
139
      cases.
142
140
      - debian/chrony.service: allow the service to run without CAP_SYS_TIME
143
141
      - debian/control: add new dependency libcap2-bin for capsh (usually
144
142
        installed anyway, but make them explicit to be sure).
145
143
      - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
146
144
        (Default off).
147
145
      - debian/chronyd-starter.sh: wrapper to handle special cases in containers
148
146
        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
149
147
        containers on a default installation and avoid failing to sync time (or
150
148
        if allowed to sync, avoid multiple containers to fight over it by
151
149
        accident).
152
150
      - debian/install: make chronyd-starter.sh available on install.
153
151
      - debian/docs, debian/README.container: provide documentation about the
154
152
        handling of this case.
155
153
    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
156
154
    - Notify chrony to update sources in response to systemd-networkd
157
155
      events (LP: 1718227)
158
156
      - d/links: link dispatcher script to networkd-dispatcher events routable
159
157
        and off
160
158
      - d/control: set Recommends to networkd-dispatcher
161
159
      - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
162
160
  * Dropped changes
163
161
    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
164
162
      (LP: 1751241) (in Debian now)
165
163
    - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
166
164
      (in Debian now)
167
165
    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
168
166
      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
169
167
      capability if the -x option was enabled. This allows chronyd to be
170
168
      started without the capability (e.g. in containers) and also drop the
171
169
      root privileges (This is upstream now).
172
170
    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
173
171
      upstream now).
174
172
    - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
175
173
      which is in main, so we can drop this)
176
174
  * Added changes
177
175
    - debian/README.container: fix typos
178
176
179
177
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 14 May 2018 09:06:01 +0200
180
178
181
77
chrony (3.3-2) unstable; urgency=medium
179
chrony (3.3-2) unstable; urgency=medium
182
78
180
183
79
  * debian/chrony.service:
181
  * debian/chrony.service:
184
@@ -129,6 +231,76 @@ chrony (3.2-5) unstable; urgency=medium
185
129
231
186
130
 -- Vincent Blut <vincent.debian@free.fr>  Wed, 28 Feb 2018 17:31:08 +0100
232
 -- Vincent Blut <vincent.debian@free.fr>  Wed, 28 Feb 2018 17:31:08 +0100
187
131
233
188
234
chrony (3.2-4ubuntu4) bionic; urgency=medium
189
235
190
236
  * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
191
237
  * Notify chrony to update sources in response to systemd-networkd
192
238
    events (LP: #1718227)
193
239
    - d/links: link dispatcher script to networkd-dispatcher events routable
194
240
      and off
195
241
    - d/control: set Recommends to networkd-dispatcher
196
242
    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
197
243
    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
198
244
199
245
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 16 Apr 2018 17:04:06 +0200
200
246
201
247
chrony (3.2-4ubuntu3) bionic; urgency=medium
202
248
203
249
  * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
204
250
205
251
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 05 Apr 2018 09:38:10 +0200
206
252
207
253
chrony (3.2-4ubuntu2) bionic; urgency=medium
208
254
209
255
  * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
210
256
    Chrony is a single service which acts as both NTP client (i.e. syncing the
211
257
    local clock) and NTP server (i.e. providing NTP services to the network),
212
258
    and that is both desired and expected in the vast majority of cases.
213
259
    But in containers syncing the local clock is usually impossible, but this
214
260
    shall not break the providing of NTP services to the network.
215
261
    To some extent this makes chrony's default config more similar to 'ntpd',
216
262
    which complained in syslog but still provided NTP server service in those
217
263
    cases.
218
264
    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
219
265
      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
220
266
      capability if the -x option was enabled. This allows chronyd to be
221
267
      started without the capability (e.g. in containers) and also drop the
222
268
      root privileges.
223
269
    - debian/chrony.service: allow the service to run without CAP_SYS_TIME
224
270
    - debian/control: add new dependency libcap2-bin for capsh (usually
225
271
      installed anyway, but make them explicit to be sure).
226
272
    - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
227
273
      (Default off).
228
274
    - debian/chronyd-starter.sh: wrapper to handle special cases in containers
229
275
      and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
230
276
      containers on a default installation and avoid failing to sync time (or
231
277
      if allowed to sync, avoid multiple containers to fight over it by
232
278
      accident).
233
279
    - debian/install: make chronyd-starter.sh available on install.
234
280
    - debian/docs, debian/README.container: provide documentation about the
235
281
      handling of this case.
236
282
  * debian/chrony.conf: update default chrony.conf to not violate the policy
237
283
    of pool.ntp.org (to use no more than four of their servers) and to provide
238
284
    more ipv6 capable sources by default (LP: #1754358)
239
285
240
286
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
241
287
242
288
chrony (3.2-4ubuntu1) bionic; urgency=medium
243
289
244
290
  * Merge with Debian unstable. Remaining changes:
245
291
    - d/control: switch to nss instead of tomcrypt (nss is in main)
246
292
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
247
293
  * Dropped changes (in Debian)
248
294
    - d/chrony.default, d/chrony.service: support /etc/default/chrony
249
295
      DAEMON_OPTS in systemd environment (LP: 1746081)
250
296
    - d/chrony.service: properly start after networking (LP: 1746458)
251
297
    - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
252
298
  * Added Changes:
253
299
    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
254
300
      (LP: #1751241, Closes: #891201)
255
301
256
302
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 26 Feb 2018 14:44:54 +0100
257
303
258
132
chrony (3.2-4) unstable; urgency=medium
304
chrony (3.2-4) unstable; urgency=medium
259
133
305
260
134
  * debian/changelog:
306
  * debian/changelog:
261
@@ -195,6 +367,27 @@ chrony (3.2-3) unstable; urgency=medium
262
195
367
263
196
 -- Vincent Blut <vincent.debian@free.fr>  Wed, 07 Feb 2018 21:27:09 +0100
368
 -- Vincent Blut <vincent.debian@free.fr>  Wed, 07 Feb 2018 21:27:09 +0100
264
197
369
265
370
chrony (3.2-2ubuntu3) bionic; urgency=medium
266
371
267
372
  * Revert the changes of (LP 1746458) as in the follow on discussion
268
373
    it became clear that we want it to start early (for example for an
269
374
    early offset from drift file). iIf needed chrony will later on pick
270
375
    up that servers are online via retries (augmented by hooks on network
271
376
    events).
272
377
273
378
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Feb 2018 10:52:30 +0100
274
379
275
380
chrony (3.2-2ubuntu2) bionic; urgency=medium
276
381
277
382
  * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
278
383
  * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
279
384
  * d/chrony.default, d/chrony.service: support /etc/default/chrony
280
385
    DAEMON_OPTS in systemd environment (LP: #1746081)
281
386
  * d/chrony.service: properly start after networking (LP: #1746458)
282
387
  * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
283
388
284
389
 -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 19 Jan 2018 09:45:38 +0100
285
390
286
198
chrony (3.2-2) unstable; urgency=medium
391
chrony (3.2-2) unstable; urgency=medium
287
199
392
288
200
  * Initial AppArmor profile for chronyd. Thanks to Jamie
393
  * Initial AppArmor profile for chronyd. Thanks to Jamie
289
diff --git a/debian/chrony.conf b/debian/chrony.conf
290
index 6c19767..d5a0b37 100644
291
--- a/debian/chrony.conf
292
+++ b/debian/chrony.conf
293
@@ -1,6 +1,23 @@
294
1
# Welcome to the chrony configuration file. See chrony.conf(5) for more
1
# Welcome to the chrony configuration file. See chrony.conf(5) for more
295
2
# information about usuable directives.
2
# information about usuable directives.
297
3
pool 2.debian.pool.ntp.org iburst
3
298
4
# This will use (up to):
299
5
# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
300
6
# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
301
7
# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
302
8
# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
303
9
# sources will be used.
304
10
# At the same time it retains some protection against one of the entries being
305
11
# down (compare to just using one of the lines). See (LP: #1754358) for the
306
12
# discussion.
307
13
#
308
14
# About using servers from the NTP Pool Project in general see (LP: #104525).
309
15
# Approved by Ubuntu Technical Board on 2011-02-08.
310
16
# See http://www.pool.ntp.org/join.html for more information.
311
17
pool ntp.ubuntu.com        iburst maxsources 4
312
18
pool 0.ubuntu.pool.ntp.org iburst maxsources 1
313
19
pool 1.ubuntu.pool.ntp.org iburst maxsources 1
314
20
pool 2.ubuntu.pool.ntp.org iburst maxsources 2
315
4
21
316
5
# This directive specify the location of the file containing ID/key pairs for
22
# This directive specify the location of the file containing ID/key pairs for
317
6
# NTP authentication.
23
# NTP authentication.
318
diff --git a/debian/chrony.default b/debian/chrony.default
319
index ae79e8a..b523f60 100644
320
--- a/debian/chrony.default
321
+++ b/debian/chrony.default
322
@@ -4,3 +4,7 @@
323
4
4
324
5
# Options to pass to chrony.
5
# Options to pass to chrony.
325
6
DAEMON_OPTS=""
6
DAEMON_OPTS=""
326
7
327
8
# Sync systecm clock in containers or without CAP_SYS_TIME (likely to fail)
328
9
# See /usr/share/doc/chrony/README.container for details.
329
10
SYNC_IN_CONTAINER="no"
330
diff --git a/debian/chrony.service b/debian/chrony.service
331
index 3e4451a..bb01a79 100644
332
--- a/debian/chrony.service
333
+++ b/debian/chrony.service
334
@@ -3,13 +3,13 @@ Description=chrony, an NTP client/server
335
3
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
3
Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
336
4
Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
4
Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
337
5
After=network.target
5
After=network.target
338
6
ConditionCapability=CAP_SYS_TIME
339
7
6
340
8
[Service]
7
[Service]
341
9
Type=forking
8
Type=forking
342
10
PIDFile=/run/chronyd.pid
9
PIDFile=/run/chronyd.pid
343
11
EnvironmentFile=-/etc/default/chrony
10
EnvironmentFile=-/etc/default/chrony
345
12
ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
11
# Starter takes care of special cases mostly for containers
346
12
ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
347
13
ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
13
ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
348
14
PrivateTmp=yes
14
PrivateTmp=yes
349
15
ProtectHome=yes
15
ProtectHome=yes
350
diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
351
16
new file mode 100755
16
new file mode 100755
352
index 0000000..c175db5
353
--- /dev/null
354
+++ b/debian/chronyd-starter.sh
355
@@ -0,0 +1,70 @@
356
1
#!/bin/sh
357
2
set -ue
358
3
359
4
CONF="/etc/default/chrony"
360
5
DOC="/usr/share/doc/chrony/README.container"
361
6
CAP="cap_sys_time"
362
7
CMD="/usr/sbin/chronyd"
363
8
# Take any args passed, use none if nothing was specified
364
9
EFFECTIVE_DAEMON_OPTS=${@:-""}
365
10
366
11
if [ -f "${CONF}" ]; then
367
12
    . "${CONF}"
368
13
else
369
14
    echo "<4>Warning: ${CONF} is missing"
370
15
fi
371
16
# take from conffile if available, default to no otherwise
372
17
EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
373
18
374
19
if [ ! -x "${CMD}" ]; then
375
20
    echo "<3>Error: ${CMD} not executable"
376
21
    # ugly, but works around https://github.com/systemd/systemd/issues/2913
377
22
    sleep 0.1
378
23
    exit 1
379
24
fi
380
25
381
26
# Check if -x is already set manually, don't process further if that is the case
382
27
X_SET=0
383
28
while getopts ":x" opt; do
384
29
    case $opt in
385
30
        x)
386
31
            X_SET=1
387
32
            ;;
388
33
    esac
389
34
done
390
35
391
36
if [ ${X_SET} -ne 1 ]; then
392
37
  # Assume it is not in a container
393
38
  IS_CONTAINER=0
394
39
  if [ -x /usr/bin/systemd-detect-virt ]; then
395
40
      if /usr/bin/systemd-detect-virt --quiet --container; then
396
41
          IS_CONTAINER=1
397
42
      fi
398
43
  fi
399
44
400
45
401
46
  # Assume it has the cap
402
47
  HAS_CAP=1
403
48
  CAPSH="/sbin/capsh"
404
49
  if [ -x "${CAPSH}" ]; then
405
50
      ${CAPSH} --print | grep -q "^Current.*${CAP}" || HAS_CAP=0
406
51
  fi
407
52
408
53
  if [ ${HAS_CAP} -eq 0 ]; then
409
54
      echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
410
55
  fi
411
56
  if [ ${IS_CONTAINER} -eq 1 ]; then
412
57
      echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
413
58
  fi
414
59
415
60
  if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
416
61
      if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
417
62
          echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
418
63
          EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
419
64
      else
420
65
          echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
421
66
      fi
422
67
  fi
423
68
fi
424
69
425
70
${CMD} ${EFFECTIVE_DAEMON_OPTS}
426
diff --git a/debian/control b/debian/control
427
index a35df2d..c740cc9 100644
428
--- a/debian/control
429
+++ b/debian/control
430
@@ -1,7 +1,8 @@
431
1
Source: chrony
1
Source: chrony
432
2
Section: net
2
Section: net
433
3
Priority: optional
3
Priority: optional
435
4
Maintainer: Vincent Blut <vincent.debian@free.fr>
4
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
436
5
XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
437
5
Uploaders: Joachim Wiedorn <joodebian@joonet.de>
6
Uploaders: Joachim Wiedorn <joodebian@joonet.de>
438
6
Standards-Version: 4.2.1
7
Standards-Version: 4.2.1
439
7
Build-Depends: asciidoctor (>= 1.5.3-1~),
8
Build-Depends: asciidoctor (>= 1.5.3-1~),
440
@@ -24,9 +25,11 @@ Architecture: linux-any
441
24
Depends: adduser,
25
Depends: adduser,
442
25
         iproute2 [linux-any],
26
         iproute2 [linux-any],
443
26
         lsb-base,
27
         lsb-base,
444
28
         libcap2-bin,
445
27
         ucf,
29
         ucf,
446
28
         ${misc:Depends},
30
         ${misc:Depends},
447
29
         ${shlibs:Depends}
31
         ${shlibs:Depends}
448
32
Recommends: networkd-dispatcher (>= 1.7-0ubuntu3)
449
30
Suggests: dnsutils
33
Suggests: dnsutils
450
31
Conflicts: ntp,
34
Conflicts: ntp,
451
32
           time-daemon
35
           time-daemon
452
diff --git a/debian/docs b/debian/docs
453
index e12f653..3bfc9dc 100644
454
--- a/debian/docs
455
+++ b/debian/docs
456
@@ -1,3 +1,4 @@
457
1
FAQ
1
FAQ
458
2
NEWS
2
NEWS
459
3
README
3
README
460
4
debian/README.container
461
diff --git a/debian/install b/debian/install
462
index db2e305..abaa2f3 100644
463
--- a/debian/install
464
+++ b/debian/install
465
@@ -2,3 +2,4 @@ debian/chrony-dnssrv@.* lib/systemd/system
466
2
debian/chrony-helper usr/lib/chrony
2
debian/chrony-helper usr/lib/chrony
467
3
debian/chrony.conf usr/share/chrony
3
debian/chrony.conf usr/share/chrony
468
4
debian/usr.sbin.chronyd etc/apparmor.d
4
debian/usr.sbin.chronyd etc/apparmor.d
469
5
debian/chronyd-starter.sh usr/lib/systemd/scripts/
470
diff --git a/debian/links b/debian/links
471
5
new file mode 100644
6
new file mode 100644
472
index 0000000..71e2c52
473
--- /dev/null
474
+++ b/debian/links
475
@@ -0,0 +1,5 @@
476
1
# Update sources in response to systemd-networkd events (LP: #1718227).
477
2
# This is reusing the NetworkManager dispatch script which has no hard
478
3
# dependency to NetworkManager (not using any of its arguments)
479
4
etc/NetworkManager/dispatcher.d/20-chrony usr/lib/networkd-dispatcher/routable.d/chrony
480
5
etc/NetworkManager/dispatcher.d/20-chrony usr/lib/networkd-dispatcher/off.d/chrony
481
diff --git a/debian/postrm b/debian/postrm
482
index ed3bac1..a5fd9ba 100644
483
--- a/debian/postrm
484
+++ b/debian/postrm
485
@@ -7,6 +7,15 @@ set -e
486
7
7
487
8
# targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear
8
# targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear
488
9
9
489
10
restore_timesyncd() {
490
11
    # on next reboot it would start, but that would leave time
491
12
    # unsynchronized until then. So as the Conflicts in the service file kill
492
13
    # systemd-timesyncd re-establish it if it is enabled
493
14
    if [ "$(systemctl is-enabled systemd-timesyncd 2>/dev/null)" = "enabled" ] ; then
494
15
        deb-systemd-invoke start systemd-timesyncd
495
16
    fi
496
17
}
497
18
498
10
case "$1" in
19
case "$1" in
499
11
    purge)
20
    purge)
500
12
        rm -f /var/lib/chrony/*
21
        rm -f /var/lib/chrony/*
501
@@ -30,9 +39,15 @@ case "$1" in
502
30
        then
39
        then
503
31
            deluser --quiet --system _chrony > /dev/null 2>&1 || true
40
            deluser --quiet --system _chrony > /dev/null 2>&1 || true
504
32
        fi
41
        fi
505
42
506
43
        restore_timesyncd
507
44
    ;;
508
45
509
46
    remove)
510
47
        restore_timesyncd
511
33
    ;;
48
    ;;
512
34
49
514
35
    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
50
    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
515
36
51
516
37
    ;;
52
    ;;
517
38
53
Reviewer	Date Requested	Status
Andreas Hasenack	2018-11-12	Approve on 2018-11-13
Canonical Server	2018-11-12	Pending
git-ubuntu developers	2018-11-12	Pending
Review via email: mp+358631@code.launchpad.net