Merge ~paelzer/ubuntu/+source/chrony:merge-eoan-3.4-4 into ubuntu/+source/chrony:debian/sid
- Git
- lp:~paelzer/ubuntu/+source/chrony
- merge-eoan-3.4-4
- Merge into debian/sid
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Christian Ehrhardt | ||||
Approved revision: | cb8fe9c6e7f13c0a1e6ebb6a37451f61f76bc273 | ||||
Merge reported by: | Christian Ehrhardt | ||||
Merged at revision: | cb8fe9c6e7f13c0a1e6ebb6a37451f61f76bc273 | ||||
Proposed branch: | ~paelzer/ubuntu/+source/chrony:merge-eoan-3.4-4 | ||||
Merge into: | ubuntu/+source/chrony:debian/sid | ||||
Diff against target: |
629 lines (+410/-78) 11 files modified
debian/README.container (+60/-0) debian/changelog (+235/-0) debian/chrony.conf (+18/-1) debian/chrony.default (+4/-0) debian/chrony.service (+2/-2) debian/chronyd-starter.sh (+70/-0) debian/control (+3/-1) debian/docs (+1/-0) debian/install (+1/-0) debian/postrm (+16/-1) dev/null (+0/-73) |
||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Andreas Hasenack | Approve | ||
Canonical Server | Pending | ||
git-ubuntu developers | Pending | ||
Review via email: mp+367401@code.launchpad.net |
Commit message
Description of the change
Christian Ehrhardt (paelzer) wrote : | # |
Christian Ehrhardt (paelzer) wrote : | # |
Usual tags for review:
* [new tag] lp1828992/
* [new tag] lp1828992/
* [new tag] lp1828992/
* [new tag] lp1828992/
* [new tag] lp1828992/
* [new tag] lp1828992/
Christian Ehrhardt (paelzer) wrote : | # |
Fixed the install/
Christian Ehrhardt (paelzer) wrote : | # |
FYI: Debian compatible delta submitted in https:/
Andreas Hasenack (ahasenack) wrote : | # |
Do we expect trouble with the "Enable the system call filter by default" change? The NEWS file mentions the daemon won't be able to email anymore.
Andreas Hasenack (ahasenack) wrote : | # |
Delta changes accounted for
d/changelog correct
closing merge bug
other debian changes don't seem to interact badly with our delta
Just the earlier question about the emailing, if we want to keep that, or maybe detect that it is being used in the chrony config and warn the user perhaps, or even switch the syscall filter off.
Christian Ehrhardt (paelzer) wrote : | # |
I thought it is a nice change for security, the potential issue with mail-on-change is known.
The suggestion of an auto-catch is interesting.
We'd only do so on the version switch this is at not anymore later.
So it is not relevant for Debian as they already have this in the archive.
We OTOH could drop it post 20.04 so it would be no very long standing delta.
And isn't the lesson learned that modifying conffiles (chrony.conf and default/chrony are conffiles - from the postinst is always error prone.
And if we only want to detect+warn since changing is often worse than doing nothing then we are right at the same place as we are with the NEWS file already (which is shown to the user if he cares).
After the following:
61 # We change a TMP file to leave non conffiles unmodified, but also UCF working
62 tmp=$(mktemp)
63 cp /usr/share/
64 if [ -n "$2" ] && dpkg --compare-versions "$2" lt "3.4-4ubuntu1"; then
65 if grep -q '^ *mailonchange' /etc/chrony/
66 # TODO also need md5 check like mailman-
67 echo "Warning: mailonchange configured, not enabling seccomp filter'" >&2
68 if ! sed -e 's/^DAEMON_OPTS="-F -1"/DAEMON_OPTS="-F -0"/' debian/
69 echo "Warning: Failed disabling seccomp filter, please see NEWS file'" >&2
70 fi
71 fi
72 fi
I gave up and decided it might be too much complexity for too rare of a case and potentially more harm than gain.
TL;DR: no lets keep the seccomp/
Christian Ehrhardt (paelzer) wrote : | # |
Thanks you - tag pushed and uploaded to Eoan
Christian Ehrhardt (paelzer) wrote : | # |
This migrated -> merged
Preview Diff
1 | diff --git a/debian/README.container b/debian/README.container |
2 | new file mode 100644 |
3 | index 0000000..16f2618 |
4 | --- /dev/null |
5 | +++ b/debian/README.container |
6 | @@ -0,0 +1,60 @@ |
7 | +Chrony in Containers |
8 | +-------------------- |
9 | + |
10 | +Currently in in 99.9+% of the cases syncing the local clock in a container |
11 | +is wrong. Most of the time it will be unable to do so, because it is lacking |
12 | +CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple |
13 | +containers could fight over the system's time, because the Linux kernel does |
14 | +not provide time namespaces (yet). |
15 | + |
16 | +There are two things a user installing chrony usually wants: |
17 | +1. synchronize my time (NTP client) |
18 | +2. serve NTP (NTP server) |
19 | + |
20 | +In a container the first makes (usually) no sense, so by default we enable -x |
21 | +there (as it would only crash otherwise). |
22 | +This will disable the control of the system clock. |
23 | +See `man chronyd` for more details on the -x option. |
24 | + |
25 | +Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided |
26 | +the crash of the NTP client portion, but that means the server use case will |
27 | +not work by default in containers. It is still not recommended to use a |
28 | +container as an NTP server, but if the host clock is synchronised via NTP, |
29 | +adding the -x option to chronyd instances running in containers will allow |
30 | +them to function as NTP servers which do not adjust the system clock. |
31 | +The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away |
32 | +leaving users often unclear what happened - especially if they were more after |
33 | +the NTP server than the NTP client. |
34 | + |
35 | +One could argue that someone who installs chrony expects the system time to be |
36 | +synchronised, so it should fail if it is not able to do so. On the other hand |
37 | +it could be argued that someone who installs chrony expects time to be served |
38 | +over the network via NTP. |
39 | +We can't know which expectation is applicable, so we assume that time should |
40 | +be synchronised unless chronyd is running in a container (or is without |
41 | +CAP_SYS_TIME in any other environment). |
42 | + |
43 | +To make things worse recent container implementations will offer CAP_SYS_TIME |
44 | +to the container. Since from the container's point of view, this capability is |
45 | +available for the container's user namespace. Just later on adjtimex and similar |
46 | +are actually evaluated against the host kernel where they will fail. Due to |
47 | +that without further precaution running chrony in Ubuntu in the future will |
48 | +likely have the service start (as Condition=CAP_SYS_TIME will be true) but |
49 | +then immediately fail. |
50 | +This will depend on the environment e.g. versions and types of containers and |
51 | +thereby feel just 'unreliable' from users point of view. |
52 | +Furthermore it will affect upgrades as the service has to be restarted for a |
53 | +package upgrade to be considered complete. |
54 | + |
55 | +Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not |
56 | +set the system clock) in containers. |
57 | + |
58 | +If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less |
59 | +environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable |
60 | +this special handling. |
61 | + |
62 | +It is important to mention that as soon as upstream provides a way to provide |
63 | +a default config working in those cases Ubuntu intends to use that and drop |
64 | +the current workaround. |
65 | + |
66 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100 |
67 | diff --git a/debian/changelog b/debian/changelog |
68 | index 8f8c9a4..f3070be 100644 |
69 | --- a/debian/changelog |
70 | +++ b/debian/changelog |
71 | @@ -1,3 +1,45 @@ |
72 | +chrony (3.4-4ubuntu1) eoan; urgency=medium |
73 | + |
74 | + * Merge with Debian unstable (LP: #1828992). Remaining changes: |
75 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
76 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
77 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
78 | + local clock) and NTP server (i.e. providing NTP services to the network), |
79 | + and that is both desired and expected in the vast majority of cases. |
80 | + But in containers syncing the local clock is usually impossible, but this |
81 | + shall not break the providing of NTP services to the network. |
82 | + To some extent this makes chrony's default config more similar to 'ntpd', |
83 | + which complained in syslog but still provided NTP server service in those |
84 | + cases. |
85 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
86 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
87 | + installed anyway, but make them explicit to be sure). |
88 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
89 | + (Default off) [fixed a minor typo in the comment in this update] |
90 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
91 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
92 | + containers on a default installation and avoid failing to sync time (or |
93 | + if allowed to sync, avoid multiple containers to fight over it by |
94 | + accident). |
95 | + + debian/install: make chrony-starter.sh available on install. |
96 | + + debian/docs, debian/README.container: provide documentation about the |
97 | + handling of this case. |
98 | + - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357) |
99 | + - d/postrm: respect policy-rc.d when restoring systemd-timesyncd |
100 | + (LP 1771994) |
101 | + * Added Changes: |
102 | + - removed d/init to avoid weird interactions between sysV and systemd |
103 | + * Dropped Changes: |
104 | + - Notify chrony to update sources in response to systemd-networkd |
105 | + events (LP: 1718227) |
106 | + + d/links: link dispatcher script to networkd-dispatcher events routable |
107 | + and off |
108 | + + d/control: set Recommends to networkd-dispatcher |
109 | + [Those are in Debian, except that we agreed to have networkd-dispatcher |
110 | + to only be a Suggests] |
111 | + |
112 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 May 2019 12:49:30 +0200 |
113 | + |
114 | chrony (3.4-4) unstable; urgency=medium |
115 | |
116 | * debian/patches/*: |
117 | @@ -74,6 +116,48 @@ chrony (3.4-2) unstable; urgency=medium |
118 | |
119 | -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +0100 |
120 | |
121 | +chrony (3.4-1ubuntu1) disco; urgency=medium |
122 | + |
123 | + * Merge with Debian unstable (LP: #1802886). Remaining changes: |
124 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
125 | + - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780) |
126 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
127 | + local clock) and NTP server (i.e. providing NTP services to the network), |
128 | + and that is both desired and expected in the vast majority of cases. |
129 | + But in containers syncing the local clock is usually impossible, but this |
130 | + shall not break the providing of NTP services to the network. |
131 | + To some extent this makes chrony's default config more similar to 'ntpd', |
132 | + which complained in syslog but still provided NTP server service in those |
133 | + cases. |
134 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
135 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
136 | + installed anyway, but make them explicit to be sure). |
137 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
138 | + (Default off). |
139 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
140 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
141 | + containers on a default installation and avoid failing to sync time (or |
142 | + if allowed to sync, avoid multiple containers to fight over it by |
143 | + accident). |
144 | + + debian/install: make chronyd-starter.sh available on install. |
145 | + + debian/docs, debian/README.container: provide documentation about the |
146 | + handling of this case. |
147 | + - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357) |
148 | + - Notify chrony to update sources in response to systemd-networkd |
149 | + events (LP: 1718227) |
150 | + + d/links: link dispatcher script to networkd-dispatcher events routable |
151 | + and off |
152 | + + d/control: set Recommends to networkd-dispatcher |
153 | + * Dropped Changes (upstream): |
154 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
155 | + - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting |
156 | + the service on newer kernels by falling back to urandom. (LP: 1787366) |
157 | + * Added Changes: |
158 | + - d/postrm: respect policy-rc.d when restoring systemd-timesyncd |
159 | + (LP: #1771994) |
160 | + |
161 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Nov 2018 11:39:08 +0100 |
162 | + |
163 | chrony (3.4-1) unstable; urgency=medium |
164 | |
165 | * Import upstream version 3.4: |
166 | @@ -150,6 +234,66 @@ chrony (3.3-3) unstable; urgency=medium |
167 | |
168 | -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +0200 |
169 | |
170 | +chrony (3.3-2ubuntu2) cosmic; urgency=medium |
171 | + |
172 | + * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting |
173 | + the service on newer kernels by falling back to urandom. |
174 | + (LP: #1787366, Closes: #906276) |
175 | + |
176 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200 |
177 | + |
178 | +chrony (3.3-2ubuntu1) cosmic; urgency=medium |
179 | + |
180 | + * Merge with Debian unstable (LP: #1771061). Remaining changes: |
181 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
182 | + - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780) |
183 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
184 | + local clock) and NTP server (i.e. providing NTP services to the network), |
185 | + and that is both desired and expected in the vast majority of cases. |
186 | + But in containers syncing the local clock is usually impossible, but this |
187 | + shall not break the providing of NTP services to the network. |
188 | + To some extent this makes chrony's default config more similar to 'ntpd', |
189 | + which complained in syslog but still provided NTP server service in those |
190 | + cases. |
191 | + - debian/chrony.service: allow the service to run without CAP_SYS_TIME |
192 | + - debian/control: add new dependency libcap2-bin for capsh (usually |
193 | + installed anyway, but make them explicit to be sure). |
194 | + - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
195 | + (Default off). |
196 | + - debian/chronyd-starter.sh: wrapper to handle special cases in containers |
197 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
198 | + containers on a default installation and avoid failing to sync time (or |
199 | + if allowed to sync, avoid multiple containers to fight over it by |
200 | + accident). |
201 | + - debian/install: make chronyd-starter.sh available on install. |
202 | + - debian/docs, debian/README.container: provide documentation about the |
203 | + handling of this case. |
204 | + - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357) |
205 | + - Notify chrony to update sources in response to systemd-networkd |
206 | + events (LP: 1718227) |
207 | + - d/links: link dispatcher script to networkd-dispatcher events routable |
208 | + and off |
209 | + - d/control: set Recommends to networkd-dispatcher |
210 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
211 | + * Dropped changes |
212 | + - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor |
213 | + (LP: 1751241) (in Debian now) |
214 | + - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327) |
215 | + (in Debian now) |
216 | + - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch: |
217 | + When dropping the root privileges, don't try to keep the CAP_SYS_TIME |
218 | + capability if the -x option was enabled. This allows chronyd to be |
219 | + started without the capability (e.g. in containers) and also drop the |
220 | + root privileges (This is upstream now). |
221 | + - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is |
222 | + upstream now). |
223 | + - d/control: switch to nss instead of tomcrypt (Debian switched to nettle |
224 | + which is in main, so we can drop this) |
225 | + * Added changes |
226 | + - debian/README.container: fix typos |
227 | + |
228 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 May 2018 09:06:01 +0200 |
229 | + |
230 | chrony (3.3-2) unstable; urgency=medium |
231 | |
232 | * debian/chrony.service: |
233 | @@ -205,6 +349,76 @@ chrony (3.2-5) unstable; urgency=medium |
234 | |
235 | -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +0100 |
236 | |
237 | +chrony (3.2-4ubuntu4) bionic; urgency=medium |
238 | + |
239 | + * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357) |
240 | + * Notify chrony to update sources in response to systemd-networkd |
241 | + events (LP: #1718227) |
242 | + - d/links: link dispatcher script to networkd-dispatcher events routable |
243 | + and off |
244 | + - d/control: set Recommends to networkd-dispatcher |
245 | + - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch |
246 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
247 | + |
248 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Apr 2018 17:04:06 +0200 |
249 | + |
250 | +chrony (3.2-4ubuntu3) bionic; urgency=medium |
251 | + |
252 | + * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327) |
253 | + |
254 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 05 Apr 2018 09:38:10 +0200 |
255 | + |
256 | +chrony (3.2-4ubuntu2) bionic; urgency=medium |
257 | + |
258 | + * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780) |
259 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
260 | + local clock) and NTP server (i.e. providing NTP services to the network), |
261 | + and that is both desired and expected in the vast majority of cases. |
262 | + But in containers syncing the local clock is usually impossible, but this |
263 | + shall not break the providing of NTP services to the network. |
264 | + To some extent this makes chrony's default config more similar to 'ntpd', |
265 | + which complained in syslog but still provided NTP server service in those |
266 | + cases. |
267 | + - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch: |
268 | + When dropping the root privileges, don't try to keep the CAP_SYS_TIME |
269 | + capability if the -x option was enabled. This allows chronyd to be |
270 | + started without the capability (e.g. in containers) and also drop the |
271 | + root privileges. |
272 | + - debian/chrony.service: allow the service to run without CAP_SYS_TIME |
273 | + - debian/control: add new dependency libcap2-bin for capsh (usually |
274 | + installed anyway, but make them explicit to be sure). |
275 | + - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
276 | + (Default off). |
277 | + - debian/chronyd-starter.sh: wrapper to handle special cases in containers |
278 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
279 | + containers on a default installation and avoid failing to sync time (or |
280 | + if allowed to sync, avoid multiple containers to fight over it by |
281 | + accident). |
282 | + - debian/install: make chronyd-starter.sh available on install. |
283 | + - debian/docs, debian/README.container: provide documentation about the |
284 | + handling of this case. |
285 | + * debian/chrony.conf: update default chrony.conf to not violate the policy |
286 | + of pool.ntp.org (to use no more than four of their servers) and to provide |
287 | + more ipv6 capable sources by default (LP: #1754358) |
288 | + |
289 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100 |
290 | + |
291 | +chrony (3.2-4ubuntu1) bionic; urgency=medium |
292 | + |
293 | + * Merge with Debian unstable. Remaining changes: |
294 | + - d/control: switch to nss instead of tomcrypt (nss is in main) |
295 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
296 | + * Dropped changes (in Debian) |
297 | + - d/chrony.default, d/chrony.service: support /etc/default/chrony |
298 | + DAEMON_OPTS in systemd environment (LP: 1746081) |
299 | + - d/chrony.service: properly start after networking (LP: 1746458) |
300 | + - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444) |
301 | + * Added Changes: |
302 | + - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor |
303 | + (LP: #1751241, Closes: #891201) |
304 | + |
305 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Feb 2018 14:44:54 +0100 |
306 | + |
307 | chrony (3.2-4) unstable; urgency=medium |
308 | |
309 | * debian/changelog: |
310 | @@ -271,6 +485,27 @@ chrony (3.2-3) unstable; urgency=medium |
311 | |
312 | -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +0100 |
313 | |
314 | +chrony (3.2-2ubuntu3) bionic; urgency=medium |
315 | + |
316 | + * Revert the changes of (LP 1746458) as in the follow on discussion |
317 | + it became clear that we want it to start early (for example for an |
318 | + early offset from drift file). iIf needed chrony will later on pick |
319 | + up that servers are online via retries (augmented by hooks on network |
320 | + events). |
321 | + |
322 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Feb 2018 10:52:30 +0100 |
323 | + |
324 | +chrony (3.2-2ubuntu2) bionic; urgency=medium |
325 | + |
326 | + * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072) |
327 | + * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664) |
328 | + * d/chrony.default, d/chrony.service: support /etc/default/chrony |
329 | + DAEMON_OPTS in systemd environment (LP: #1746081) |
330 | + * d/chrony.service: properly start after networking (LP: #1746458) |
331 | + * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444) |
332 | + |
333 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 19 Jan 2018 09:45:38 +0100 |
334 | + |
335 | chrony (3.2-2) unstable; urgency=medium |
336 | |
337 | * Initial AppArmor profile for chronyd. Thanks to Jamie |
338 | diff --git a/debian/chrony.conf b/debian/chrony.conf |
339 | index 6c19767..d5a0b37 100644 |
340 | --- a/debian/chrony.conf |
341 | +++ b/debian/chrony.conf |
342 | @@ -1,6 +1,23 @@ |
343 | # Welcome to the chrony configuration file. See chrony.conf(5) for more |
344 | # information about usuable directives. |
345 | -pool 2.debian.pool.ntp.org iburst |
346 | + |
347 | +# This will use (up to): |
348 | +# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled |
349 | +# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well |
350 | +# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) |
351 | +# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only |
352 | +# sources will be used. |
353 | +# At the same time it retains some protection against one of the entries being |
354 | +# down (compare to just using one of the lines). See (LP: #1754358) for the |
355 | +# discussion. |
356 | +# |
357 | +# About using servers from the NTP Pool Project in general see (LP: #104525). |
358 | +# Approved by Ubuntu Technical Board on 2011-02-08. |
359 | +# See http://www.pool.ntp.org/join.html for more information. |
360 | +pool ntp.ubuntu.com iburst maxsources 4 |
361 | +pool 0.ubuntu.pool.ntp.org iburst maxsources 1 |
362 | +pool 1.ubuntu.pool.ntp.org iburst maxsources 1 |
363 | +pool 2.ubuntu.pool.ntp.org iburst maxsources 2 |
364 | |
365 | # This directive specify the location of the file containing ID/key pairs for |
366 | # NTP authentication. |
367 | diff --git a/debian/chrony.default b/debian/chrony.default |
368 | index eead3e6..5391fc4 100644 |
369 | --- a/debian/chrony.default |
370 | +++ b/debian/chrony.default |
371 | @@ -4,3 +4,7 @@ |
372 | |
373 | # Options to pass to chrony. |
374 | DAEMON_OPTS="-F -1" |
375 | + |
376 | +# Sync system clock in containers or without CAP_SYS_TIME (likely to fail) |
377 | +# See /usr/share/doc/chrony/README.container for details. |
378 | +SYNC_IN_CONTAINER="no" |
379 | diff --git a/debian/chrony.service b/debian/chrony.service |
380 | index 3e4451a..bb01a79 100644 |
381 | --- a/debian/chrony.service |
382 | +++ b/debian/chrony.service |
383 | @@ -3,13 +3,13 @@ Description=chrony, an NTP client/server |
384 | Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5) |
385 | Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service |
386 | After=network.target |
387 | -ConditionCapability=CAP_SYS_TIME |
388 | |
389 | [Service] |
390 | Type=forking |
391 | PIDFile=/run/chronyd.pid |
392 | EnvironmentFile=-/etc/default/chrony |
393 | -ExecStart=/usr/sbin/chronyd $DAEMON_OPTS |
394 | +# Starter takes care of special cases mostly for containers |
395 | +ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS |
396 | ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon |
397 | PrivateTmp=yes |
398 | ProtectHome=yes |
399 | diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh |
400 | new file mode 100755 |
401 | index 0000000..c175db5 |
402 | --- /dev/null |
403 | +++ b/debian/chronyd-starter.sh |
404 | @@ -0,0 +1,70 @@ |
405 | +#!/bin/sh |
406 | +set -ue |
407 | + |
408 | +CONF="/etc/default/chrony" |
409 | +DOC="/usr/share/doc/chrony/README.container" |
410 | +CAP="cap_sys_time" |
411 | +CMD="/usr/sbin/chronyd" |
412 | +# Take any args passed, use none if nothing was specified |
413 | +EFFECTIVE_DAEMON_OPTS=${@:-""} |
414 | + |
415 | +if [ -f "${CONF}" ]; then |
416 | + . "${CONF}" |
417 | +else |
418 | + echo "<4>Warning: ${CONF} is missing" |
419 | +fi |
420 | +# take from conffile if available, default to no otherwise |
421 | +EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"} |
422 | + |
423 | +if [ ! -x "${CMD}" ]; then |
424 | + echo "<3>Error: ${CMD} not executable" |
425 | + # ugly, but works around https://github.com/systemd/systemd/issues/2913 |
426 | + sleep 0.1 |
427 | + exit 1 |
428 | +fi |
429 | + |
430 | +# Check if -x is already set manually, don't process further if that is the case |
431 | +X_SET=0 |
432 | +while getopts ":x" opt; do |
433 | + case $opt in |
434 | + x) |
435 | + X_SET=1 |
436 | + ;; |
437 | + esac |
438 | +done |
439 | + |
440 | +if [ ${X_SET} -ne 1 ]; then |
441 | + # Assume it is not in a container |
442 | + IS_CONTAINER=0 |
443 | + if [ -x /usr/bin/systemd-detect-virt ]; then |
444 | + if /usr/bin/systemd-detect-virt --quiet --container; then |
445 | + IS_CONTAINER=1 |
446 | + fi |
447 | + fi |
448 | + |
449 | + |
450 | + # Assume it has the cap |
451 | + HAS_CAP=1 |
452 | + CAPSH="/sbin/capsh" |
453 | + if [ -x "${CAPSH}" ]; then |
454 | + ${CAPSH} --print | grep -q "^Current.*${CAP}" || HAS_CAP=0 |
455 | + fi |
456 | + |
457 | + if [ ${HAS_CAP} -eq 0 ]; then |
458 | + echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail" |
459 | + fi |
460 | + if [ ${IS_CONTAINER} -eq 1 ]; then |
461 | + echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock" |
462 | + fi |
463 | + |
464 | + if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then |
465 | + if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then |
466 | + echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior" |
467 | + EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x" |
468 | + else |
469 | + echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior" |
470 | + fi |
471 | + fi |
472 | +fi |
473 | + |
474 | +${CMD} ${EFFECTIVE_DAEMON_OPTS} |
475 | diff --git a/debian/control b/debian/control |
476 | index 54c4ccc..c552ce7 100644 |
477 | --- a/debian/control |
478 | +++ b/debian/control |
479 | @@ -1,7 +1,8 @@ |
480 | Source: chrony |
481 | Section: net |
482 | Priority: optional |
483 | -Maintainer: Vincent Blut <vincent.debian@free.fr> |
484 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
485 | +XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr> |
486 | Uploaders: Joachim Wiedorn <joodebian@joonet.de> |
487 | Standards-Version: 4.3.0 |
488 | Build-Depends: asciidoctor (>= 1.5.3-1~), |
489 | @@ -25,6 +26,7 @@ Pre-Depends: ${misc:Pre-Depends} |
490 | Depends: adduser, |
491 | iproute2 [linux-any], |
492 | lsb-base, |
493 | + libcap2-bin, |
494 | ucf, |
495 | ${misc:Depends}, |
496 | ${shlibs:Depends} |
497 | diff --git a/debian/docs b/debian/docs |
498 | index e12f653..3bfc9dc 100644 |
499 | --- a/debian/docs |
500 | +++ b/debian/docs |
501 | @@ -1,3 +1,4 @@ |
502 | FAQ |
503 | NEWS |
504 | README |
505 | +debian/README.container |
506 | diff --git a/debian/init b/debian/init |
507 | deleted file mode 100644 |
508 | index bc376b5..0000000 |
509 | --- a/debian/init |
510 | +++ /dev/null |
511 | @@ -1,73 +0,0 @@ |
512 | -#! /bin/sh |
513 | -# |
514 | -# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>. |
515 | -# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>. |
516 | -# Modified for Debian by Christoph Lameter <clameter@debian.org> |
517 | -# Modified for chrony by John Hasler <jhasler@debian.org> 1998-2012 |
518 | -# Modified for Debian by Vincent Blut <vincent.debian@free.fr> |
519 | - |
520 | -### BEGIN INIT INFO |
521 | -# Provides: chrony |
522 | -# Required-Start: $remote_fs |
523 | -# Required-Stop: $remote_fs |
524 | -# Should-Start: $syslog $network $named $time |
525 | -# Should-Stop: $syslog $network $named $time |
526 | -# Default-Start: 2 3 4 5 |
527 | -# Default-Stop: 0 1 6 |
528 | -# Short-Description: Controls chronyd NTP time daemon |
529 | -# Description: Chronyd is the NTP time daemon in the Chrony package |
530 | -### END INIT INFO |
531 | - |
532 | -PATH=/bin:/usr/bin:/sbin:/usr/sbin |
533 | -DAEMON=/usr/sbin/chronyd |
534 | -NAME="chronyd" |
535 | -DESC="time daemon" |
536 | -PIDFILE=/run/chronyd.pid |
537 | -CHRONY_HELPER=/usr/lib/chrony/chrony-helper |
538 | - |
539 | -[ -x "$DAEMON" ] || exit 0 |
540 | - |
541 | -. /lib/lsb/init-functions |
542 | - |
543 | -# Override this variable by editing /etc/default/chrony. |
544 | -DAEMON_OPTS="" |
545 | -if [ -f /etc/default/chrony ]; then |
546 | - . /etc/default/chrony |
547 | -fi |
548 | - |
549 | -case "$1" in |
550 | - start) |
551 | - if $0 status > /dev/null ; then |
552 | - log_success_msg "$NAME is already running" |
553 | - else |
554 | - log_daemon_msg "Starting $DESC" "$NAME" |
555 | - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS |
556 | - if [ -x $CHRONY_HELPER ]; then |
557 | - $CHRONY_HELPER update-daemon |
558 | - fi |
559 | - log_end_msg $? |
560 | - fi |
561 | - ;; |
562 | - |
563 | - stop) |
564 | - log_daemon_msg "Stopping $DESC" "$NAME" |
565 | - start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --remove-pidfile --exec $DAEMON |
566 | - log_end_msg $? |
567 | - ;; |
568 | - |
569 | - restart|force-reload) |
570 | - $0 stop |
571 | - $0 start |
572 | - ;; |
573 | - |
574 | - status) |
575 | - status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? |
576 | - ;; |
577 | - |
578 | - *) |
579 | - log_action_msg "Usage: /etc/init.d/chrony {start|stop|restart|force-reload|status}" |
580 | - exit 1 |
581 | - ;; |
582 | -esac |
583 | - |
584 | -exit 0 |
585 | diff --git a/debian/install b/debian/install |
586 | index db2e305..abaa2f3 100644 |
587 | --- a/debian/install |
588 | +++ b/debian/install |
589 | @@ -2,3 +2,4 @@ debian/chrony-dnssrv@.* lib/systemd/system |
590 | debian/chrony-helper usr/lib/chrony |
591 | debian/chrony.conf usr/share/chrony |
592 | debian/usr.sbin.chronyd etc/apparmor.d |
593 | +debian/chronyd-starter.sh usr/lib/systemd/scripts/ |
594 | diff --git a/debian/postrm b/debian/postrm |
595 | index ed3bac1..a5fd9ba 100644 |
596 | --- a/debian/postrm |
597 | +++ b/debian/postrm |
598 | @@ -7,6 +7,15 @@ set -e |
599 | |
600 | # targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear |
601 | |
602 | +restore_timesyncd() { |
603 | + # on next reboot it would start, but that would leave time |
604 | + # unsynchronized until then. So as the Conflicts in the service file kill |
605 | + # systemd-timesyncd re-establish it if it is enabled |
606 | + if [ "$(systemctl is-enabled systemd-timesyncd 2>/dev/null)" = "enabled" ] ; then |
607 | + deb-systemd-invoke start systemd-timesyncd |
608 | + fi |
609 | +} |
610 | + |
611 | case "$1" in |
612 | purge) |
613 | rm -f /var/lib/chrony/* |
614 | @@ -30,9 +39,15 @@ case "$1" in |
615 | then |
616 | deluser --quiet --system _chrony > /dev/null 2>&1 || true |
617 | fi |
618 | + |
619 | + restore_timesyncd |
620 | + ;; |
621 | + |
622 | + remove) |
623 | + restore_timesyncd |
624 | ;; |
625 | |
626 | - remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) |
627 | + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) |
628 | |
629 | ;; |
630 |
PPA: https:/ /launchpad. net/~paelzer/ +archive/ ubuntu/ merge-chrony- eoan-3. 4-4
Replacing ours delta for networkd- dispatcher:
8f52063b d/control: Suggest networkd-dispatcher
=> We had used Recommends, but I think we can also work with a suggests as it is a rare case to even be a problem.
18fde15f Update sources in response to systemd-networkd events (LP: #1718227).
=> Taken from us as-is
We can drop those this time.
Minor typo in SYNC_IN_CONTAINER comment fixed.