Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-eoan-3.4-4 into ubuntu/+source/chrony:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/chrony
  3. merge-eoan-3.4-4
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: cb8fe9c6e7f13c0a1e6ebb6a37451f61f76bc273
Merge reported by: Christian Ehrhardt 
Merged at revision: cb8fe9c6e7f13c0a1e6ebb6a37451f61f76bc273
Proposed branch: ~paelzer/ubuntu/+source/chrony:merge-eoan-3.4-4
Merge into: ubuntu/+source/chrony:debian/sid
Diff against target: 629 lines (+410/-78)
11 files modified
debian/README.container (+60/-0)
debian/changelog (+235/-0)
debian/chrony.conf (+18/-1)
debian/chrony.default (+4/-0)
debian/chrony.service (+2/-2)
debian/chronyd-starter.sh (+70/-0)
debian/control (+3/-1)
debian/docs (+1/-0)
debian/install (+1/-0)
debian/postrm (+16/-1)
dev/null (+0/-73)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+367401@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~paelzer/+archive/ubuntu/merge-chrony-eoan-3.4-4

Replacing ours delta for networkd-dispatcher:
8f52063b d/control: Suggest networkd-dispatcher
=> We had used Recommends, but I think we can also work with a suggests as it is a rare case to even be a problem.
18fde15f Update sources in response to systemd-networkd events (LP: #1718227).
=> Taken from us as-is

We can drop those this time.

Minor typo in SYNC_IN_CONTAINER comment fixed.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Usual tags for review:
 * [new tag] lp1828992/logical/3.4-1ubuntu1 -> lp1828992/logical/3.4-1ubuntu1
 * [new tag] lp1828992/new/debian -> lp1828992/new/debian
 * [new tag] lp1828992/old/debian -> lp1828992/old/debian
 * [new tag] lp1828992/old/ubuntu -> lp1828992/old/ubuntu
 * [new tag] lp1828992/reconstruct/3.4-1ubuntu1 -> lp1828992/reconstruct/3.4-1ubuntu1
 * [new tag] lp1828992/split/3.4-1ubuntu1 -> lp1828992/split/3.4-1ubuntu1

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Fixed the install/remove/install issue in the MP

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI: Debian compatible delta submitted in https://salsa.debian.org/debian/chrony/merge_requests/1

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Do we expect trouble with the "Enable the system call filter by default" change? The NEWS file mentions the daemon won't be able to email anymore.

review: Needs Information
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Delta changes accounted for
d/changelog correct
closing merge bug
other debian changes don't seem to interact badly with our delta

Just the earlier question about the emailing, if we want to keep that, or maybe detect that it is being used in the chrony config and warn the user perhaps, or even switch the syscall filter off.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

I thought it is a nice change for security, the potential issue with mail-on-change is known.

The suggestion of an auto-catch is interesting.
We'd only do so on the version switch this is at not anymore later.
So it is not relevant for Debian as they already have this in the archive.
We OTOH could drop it post 20.04 so it would be no very long standing delta.

And isn't the lesson learned that modifying conffiles (chrony.conf and default/chrony are conffiles - from the postinst is always error prone.

And if we only want to detect+warn since changing is often worse than doing nothing then we are right at the same place as we are with the NEWS file already (which is shown to the user if he cares).

After the following:
 61 # We change a TMP file to leave non conffiles unmodified, but also UCF working
 62 tmp=$(mktemp)
 63 cp /usr/share/chrony/chrony.conf "$tmp"
 64 if [ -n "$2" ] && dpkg --compare-versions "$2" lt "3.4-4ubuntu1"; then
 65 if grep -q '^ *mailonchange' /etc/chrony/chrony.conf
 66 # TODO also need md5 check like mailman-2.1.16/debian/postinst
 67 echo "Warning: mailonchange configured, not enabling seccomp filter'" >&2
 68 if ! sed -e 's/^DAEMON_OPTS="-F -1"/DAEMON_OPTS="-F -0"/' debian/chrony.default
 69 echo "Warning: Failed disabling seccomp filter, please see NEWS file'" >&2
 70 fi
 71 fi
 72 fi

I gave up and decided it might be too much complexity for too rare of a case and potentially more harm than gain.

TL;DR: no lets keep the seccomp/mailonchange as it comes from Debian

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

ok, +1

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks you - tag pushed and uploaded to Eoan

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This migrated -> merged

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/README.container b/debian/README.container
2new file mode 100644
3index 0000000..16f2618
4--- /dev/null
5+++ b/debian/README.container
6@@ -0,0 +1,60 @@
7+Chrony in Containers
8+--------------------
9+
10+Currently in in 99.9+% of the cases syncing the local clock in a container
11+is wrong. Most of the time it will be unable to do so, because it is lacking
12+CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
13+containers could fight over the system's time, because the Linux kernel does
14+not provide time namespaces (yet).
15+
16+There are two things a user installing chrony usually wants:
17+1. synchronize my time (NTP client)
18+2. serve NTP (NTP server)
19+
20+In a container the first makes (usually) no sense, so by default we enable -x
21+there (as it would only crash otherwise).
22+This will disable the control of the system clock.
23+See `man chronyd` for more details on the -x option.
24+
25+Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
26+the crash of the NTP client portion, but that means the server use case will
27+not work by default in containers. It is still not recommended to use a
28+container as an NTP server, but if the host clock is synchronised via NTP,
29+adding the -x option to chronyd instances running in containers will allow
30+them to function as NTP servers which do not adjust the system clock.
31+The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
32+leaving users often unclear what happened - especially if they were more after
33+the NTP server than the NTP client.
34+
35+One could argue that someone who installs chrony expects the system time to be
36+synchronised, so it should fail if it is not able to do so. On the other hand
37+it could be argued that someone who installs chrony expects time to be served
38+over the network via NTP.
39+We can't know which expectation is applicable, so we assume that time should
40+be synchronised unless chronyd is running in a container (or is without
41+CAP_SYS_TIME in any other environment).
42+
43+To make things worse recent container implementations will offer CAP_SYS_TIME
44+to the container. Since from the container's point of view, this capability is
45+available for the container's user namespace. Just later on adjtimex and similar
46+are actually evaluated against the host kernel where they will fail. Due to
47+that without further precaution running chrony in Ubuntu in the future will
48+likely have the service start (as Condition=CAP_SYS_TIME will be true) but
49+then immediately fail.
50+This will depend on the environment e.g. versions and types of containers and
51+thereby feel just 'unreliable' from users point of view.
52+Furthermore it will affect upgrades as the service has to be restarted for a
53+package upgrade to be considered complete.
54+
55+Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
56+set the system clock) in containers.
57+
58+If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
59+environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
60+this special handling.
61+
62+It is important to mention that as soon as upstream provides a way to provide
63+a default config working in those cases Ubuntu intends to use that and drop
64+the current workaround.
65+
66+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
67diff --git a/debian/changelog b/debian/changelog
68index 8f8c9a4..f3070be 100644
69--- a/debian/changelog
70+++ b/debian/changelog
71@@ -1,3 +1,45 @@
72+chrony (3.4-4ubuntu1) eoan; urgency=medium
73+
74+ * Merge with Debian unstable (LP: #1828992). Remaining changes:
75+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
76+ - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
77+ Chrony is a single service which acts as both NTP client (i.e. syncing the
78+ local clock) and NTP server (i.e. providing NTP services to the network),
79+ and that is both desired and expected in the vast majority of cases.
80+ But in containers syncing the local clock is usually impossible, but this
81+ shall not break the providing of NTP services to the network.
82+ To some extent this makes chrony's default config more similar to 'ntpd',
83+ which complained in syslog but still provided NTP server service in those
84+ cases.
85+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
86+ + debian/control: add new dependency libcap2-bin for capsh (usually
87+ installed anyway, but make them explicit to be sure).
88+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
89+ (Default off) [fixed a minor typo in the comment in this update]
90+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
91+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
92+ containers on a default installation and avoid failing to sync time (or
93+ if allowed to sync, avoid multiple containers to fight over it by
94+ accident).
95+ + debian/install: make chrony-starter.sh available on install.
96+ + debian/docs, debian/README.container: provide documentation about the
97+ handling of this case.
98+ - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
99+ - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
100+ (LP 1771994)
101+ * Added Changes:
102+ - removed d/init to avoid weird interactions between sysV and systemd
103+ * Dropped Changes:
104+ - Notify chrony to update sources in response to systemd-networkd
105+ events (LP: 1718227)
106+ + d/links: link dispatcher script to networkd-dispatcher events routable
107+ and off
108+ + d/control: set Recommends to networkd-dispatcher
109+ [Those are in Debian, except that we agreed to have networkd-dispatcher
110+ to only be a Suggests]
111+
112+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 May 2019 12:49:30 +0200
113+
114 chrony (3.4-4) unstable; urgency=medium
115
116 * debian/patches/*:
117@@ -74,6 +116,48 @@ chrony (3.4-2) unstable; urgency=medium
118
119 -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +0100
120
121+chrony (3.4-1ubuntu1) disco; urgency=medium
122+
123+ * Merge with Debian unstable (LP: #1802886). Remaining changes:
124+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
125+ - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
126+ Chrony is a single service which acts as both NTP client (i.e. syncing the
127+ local clock) and NTP server (i.e. providing NTP services to the network),
128+ and that is both desired and expected in the vast majority of cases.
129+ But in containers syncing the local clock is usually impossible, but this
130+ shall not break the providing of NTP services to the network.
131+ To some extent this makes chrony's default config more similar to 'ntpd',
132+ which complained in syslog but still provided NTP server service in those
133+ cases.
134+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
135+ + debian/control: add new dependency libcap2-bin for capsh (usually
136+ installed anyway, but make them explicit to be sure).
137+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
138+ (Default off).
139+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
140+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
141+ containers on a default installation and avoid failing to sync time (or
142+ if allowed to sync, avoid multiple containers to fight over it by
143+ accident).
144+ + debian/install: make chronyd-starter.sh available on install.
145+ + debian/docs, debian/README.container: provide documentation about the
146+ handling of this case.
147+ - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
148+ - Notify chrony to update sources in response to systemd-networkd
149+ events (LP: 1718227)
150+ + d/links: link dispatcher script to networkd-dispatcher events routable
151+ and off
152+ + d/control: set Recommends to networkd-dispatcher
153+ * Dropped Changes (upstream):
154+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
155+ - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
156+ the service on newer kernels by falling back to urandom. (LP: 1787366)
157+ * Added Changes:
158+ - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
159+ (LP: #1771994)
160+
161+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Nov 2018 11:39:08 +0100
162+
163 chrony (3.4-1) unstable; urgency=medium
164
165 * Import upstream version 3.4:
166@@ -150,6 +234,66 @@ chrony (3.3-3) unstable; urgency=medium
167
168 -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +0200
169
170+chrony (3.3-2ubuntu2) cosmic; urgency=medium
171+
172+ * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
173+ the service on newer kernels by falling back to urandom.
174+ (LP: #1787366, Closes: #906276)
175+
176+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200
177+
178+chrony (3.3-2ubuntu1) cosmic; urgency=medium
179+
180+ * Merge with Debian unstable (LP: #1771061). Remaining changes:
181+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
182+ - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
183+ Chrony is a single service which acts as both NTP client (i.e. syncing the
184+ local clock) and NTP server (i.e. providing NTP services to the network),
185+ and that is both desired and expected in the vast majority of cases.
186+ But in containers syncing the local clock is usually impossible, but this
187+ shall not break the providing of NTP services to the network.
188+ To some extent this makes chrony's default config more similar to 'ntpd',
189+ which complained in syslog but still provided NTP server service in those
190+ cases.
191+ - debian/chrony.service: allow the service to run without CAP_SYS_TIME
192+ - debian/control: add new dependency libcap2-bin for capsh (usually
193+ installed anyway, but make them explicit to be sure).
194+ - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
195+ (Default off).
196+ - debian/chronyd-starter.sh: wrapper to handle special cases in containers
197+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
198+ containers on a default installation and avoid failing to sync time (or
199+ if allowed to sync, avoid multiple containers to fight over it by
200+ accident).
201+ - debian/install: make chronyd-starter.sh available on install.
202+ - debian/docs, debian/README.container: provide documentation about the
203+ handling of this case.
204+ - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
205+ - Notify chrony to update sources in response to systemd-networkd
206+ events (LP: 1718227)
207+ - d/links: link dispatcher script to networkd-dispatcher events routable
208+ and off
209+ - d/control: set Recommends to networkd-dispatcher
210+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
211+ * Dropped changes
212+ - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
213+ (LP: 1751241) (in Debian now)
214+ - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
215+ (in Debian now)
216+ - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
217+ When dropping the root privileges, don't try to keep the CAP_SYS_TIME
218+ capability if the -x option was enabled. This allows chronyd to be
219+ started without the capability (e.g. in containers) and also drop the
220+ root privileges (This is upstream now).
221+ - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
222+ upstream now).
223+ - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
224+ which is in main, so we can drop this)
225+ * Added changes
226+ - debian/README.container: fix typos
227+
228+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 May 2018 09:06:01 +0200
229+
230 chrony (3.3-2) unstable; urgency=medium
231
232 * debian/chrony.service:
233@@ -205,6 +349,76 @@ chrony (3.2-5) unstable; urgency=medium
234
235 -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +0100
236
237+chrony (3.2-4ubuntu4) bionic; urgency=medium
238+
239+ * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
240+ * Notify chrony to update sources in response to systemd-networkd
241+ events (LP: #1718227)
242+ - d/links: link dispatcher script to networkd-dispatcher events routable
243+ and off
244+ - d/control: set Recommends to networkd-dispatcher
245+ - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
246+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
247+
248+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Apr 2018 17:04:06 +0200
249+
250+chrony (3.2-4ubuntu3) bionic; urgency=medium
251+
252+ * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
253+
254+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 05 Apr 2018 09:38:10 +0200
255+
256+chrony (3.2-4ubuntu2) bionic; urgency=medium
257+
258+ * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
259+ Chrony is a single service which acts as both NTP client (i.e. syncing the
260+ local clock) and NTP server (i.e. providing NTP services to the network),
261+ and that is both desired and expected in the vast majority of cases.
262+ But in containers syncing the local clock is usually impossible, but this
263+ shall not break the providing of NTP services to the network.
264+ To some extent this makes chrony's default config more similar to 'ntpd',
265+ which complained in syslog but still provided NTP server service in those
266+ cases.
267+ - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
268+ When dropping the root privileges, don't try to keep the CAP_SYS_TIME
269+ capability if the -x option was enabled. This allows chronyd to be
270+ started without the capability (e.g. in containers) and also drop the
271+ root privileges.
272+ - debian/chrony.service: allow the service to run without CAP_SYS_TIME
273+ - debian/control: add new dependency libcap2-bin for capsh (usually
274+ installed anyway, but make them explicit to be sure).
275+ - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
276+ (Default off).
277+ - debian/chronyd-starter.sh: wrapper to handle special cases in containers
278+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
279+ containers on a default installation and avoid failing to sync time (or
280+ if allowed to sync, avoid multiple containers to fight over it by
281+ accident).
282+ - debian/install: make chronyd-starter.sh available on install.
283+ - debian/docs, debian/README.container: provide documentation about the
284+ handling of this case.
285+ * debian/chrony.conf: update default chrony.conf to not violate the policy
286+ of pool.ntp.org (to use no more than four of their servers) and to provide
287+ more ipv6 capable sources by default (LP: #1754358)
288+
289+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
290+
291+chrony (3.2-4ubuntu1) bionic; urgency=medium
292+
293+ * Merge with Debian unstable. Remaining changes:
294+ - d/control: switch to nss instead of tomcrypt (nss is in main)
295+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
296+ * Dropped changes (in Debian)
297+ - d/chrony.default, d/chrony.service: support /etc/default/chrony
298+ DAEMON_OPTS in systemd environment (LP: 1746081)
299+ - d/chrony.service: properly start after networking (LP: 1746458)
300+ - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
301+ * Added Changes:
302+ - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
303+ (LP: #1751241, Closes: #891201)
304+
305+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Feb 2018 14:44:54 +0100
306+
307 chrony (3.2-4) unstable; urgency=medium
308
309 * debian/changelog:
310@@ -271,6 +485,27 @@ chrony (3.2-3) unstable; urgency=medium
311
312 -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +0100
313
314+chrony (3.2-2ubuntu3) bionic; urgency=medium
315+
316+ * Revert the changes of (LP 1746458) as in the follow on discussion
317+ it became clear that we want it to start early (for example for an
318+ early offset from drift file). iIf needed chrony will later on pick
319+ up that servers are online via retries (augmented by hooks on network
320+ events).
321+
322+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Feb 2018 10:52:30 +0100
323+
324+chrony (3.2-2ubuntu2) bionic; urgency=medium
325+
326+ * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
327+ * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
328+ * d/chrony.default, d/chrony.service: support /etc/default/chrony
329+ DAEMON_OPTS in systemd environment (LP: #1746081)
330+ * d/chrony.service: properly start after networking (LP: #1746458)
331+ * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
332+
333+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 19 Jan 2018 09:45:38 +0100
334+
335 chrony (3.2-2) unstable; urgency=medium
336
337 * Initial AppArmor profile for chronyd. Thanks to Jamie
338diff --git a/debian/chrony.conf b/debian/chrony.conf
339index 6c19767..d5a0b37 100644
340--- a/debian/chrony.conf
341+++ b/debian/chrony.conf
342@@ -1,6 +1,23 @@
343 # Welcome to the chrony configuration file. See chrony.conf(5) for more
344 # information about usuable directives.
345-pool 2.debian.pool.ntp.org iburst
346+
347+# This will use (up to):
348+# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
349+# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
350+# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
351+# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
352+# sources will be used.
353+# At the same time it retains some protection against one of the entries being
354+# down (compare to just using one of the lines). See (LP: #1754358) for the
355+# discussion.
356+#
357+# About using servers from the NTP Pool Project in general see (LP: #104525).
358+# Approved by Ubuntu Technical Board on 2011-02-08.
359+# See http://www.pool.ntp.org/join.html for more information.
360+pool ntp.ubuntu.com iburst maxsources 4
361+pool 0.ubuntu.pool.ntp.org iburst maxsources 1
362+pool 1.ubuntu.pool.ntp.org iburst maxsources 1
363+pool 2.ubuntu.pool.ntp.org iburst maxsources 2
364
365 # This directive specify the location of the file containing ID/key pairs for
366 # NTP authentication.
367diff --git a/debian/chrony.default b/debian/chrony.default
368index eead3e6..5391fc4 100644
369--- a/debian/chrony.default
370+++ b/debian/chrony.default
371@@ -4,3 +4,7 @@
372
373 # Options to pass to chrony.
374 DAEMON_OPTS="-F -1"
375+
376+# Sync system clock in containers or without CAP_SYS_TIME (likely to fail)
377+# See /usr/share/doc/chrony/README.container for details.
378+SYNC_IN_CONTAINER="no"
379diff --git a/debian/chrony.service b/debian/chrony.service
380index 3e4451a..bb01a79 100644
381--- a/debian/chrony.service
382+++ b/debian/chrony.service
383@@ -3,13 +3,13 @@ Description=chrony, an NTP client/server
384 Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
385 Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
386 After=network.target
387-ConditionCapability=CAP_SYS_TIME
388
389 [Service]
390 Type=forking
391 PIDFile=/run/chronyd.pid
392 EnvironmentFile=-/etc/default/chrony
393-ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
394+# Starter takes care of special cases mostly for containers
395+ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
396 ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
397 PrivateTmp=yes
398 ProtectHome=yes
399diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
400new file mode 100755
401index 0000000..c175db5
402--- /dev/null
403+++ b/debian/chronyd-starter.sh
404@@ -0,0 +1,70 @@
405+#!/bin/sh
406+set -ue
407+
408+CONF="/etc/default/chrony"
409+DOC="/usr/share/doc/chrony/README.container"
410+CAP="cap_sys_time"
411+CMD="/usr/sbin/chronyd"
412+# Take any args passed, use none if nothing was specified
413+EFFECTIVE_DAEMON_OPTS=${@:-""}
414+
415+if [ -f "${CONF}" ]; then
416+ . "${CONF}"
417+else
418+ echo "<4>Warning: ${CONF} is missing"
419+fi
420+# take from conffile if available, default to no otherwise
421+EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
422+
423+if [ ! -x "${CMD}" ]; then
424+ echo "<3>Error: ${CMD} not executable"
425+ # ugly, but works around https://github.com/systemd/systemd/issues/2913
426+ sleep 0.1
427+ exit 1
428+fi
429+
430+# Check if -x is already set manually, don't process further if that is the case
431+X_SET=0
432+while getopts ":x" opt; do
433+ case $opt in
434+ x)
435+ X_SET=1
436+ ;;
437+ esac
438+done
439+
440+if [ ${X_SET} -ne 1 ]; then
441+ # Assume it is not in a container
442+ IS_CONTAINER=0
443+ if [ -x /usr/bin/systemd-detect-virt ]; then
444+ if /usr/bin/systemd-detect-virt --quiet --container; then
445+ IS_CONTAINER=1
446+ fi
447+ fi
448+
449+
450+ # Assume it has the cap
451+ HAS_CAP=1
452+ CAPSH="/sbin/capsh"
453+ if [ -x "${CAPSH}" ]; then
454+ ${CAPSH} --print | grep -q "^Current.*${CAP}" || HAS_CAP=0
455+ fi
456+
457+ if [ ${HAS_CAP} -eq 0 ]; then
458+ echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
459+ fi
460+ if [ ${IS_CONTAINER} -eq 1 ]; then
461+ echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
462+ fi
463+
464+ if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
465+ if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
466+ echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
467+ EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
468+ else
469+ echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
470+ fi
471+ fi
472+fi
473+
474+${CMD} ${EFFECTIVE_DAEMON_OPTS}
475diff --git a/debian/control b/debian/control
476index 54c4ccc..c552ce7 100644
477--- a/debian/control
478+++ b/debian/control
479@@ -1,7 +1,8 @@
480 Source: chrony
481 Section: net
482 Priority: optional
483-Maintainer: Vincent Blut <vincent.debian@free.fr>
484+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
485+XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
486 Uploaders: Joachim Wiedorn <joodebian@joonet.de>
487 Standards-Version: 4.3.0
488 Build-Depends: asciidoctor (>= 1.5.3-1~),
489@@ -25,6 +26,7 @@ Pre-Depends: ${misc:Pre-Depends}
490 Depends: adduser,
491 iproute2 [linux-any],
492 lsb-base,
493+ libcap2-bin,
494 ucf,
495 ${misc:Depends},
496 ${shlibs:Depends}
497diff --git a/debian/docs b/debian/docs
498index e12f653..3bfc9dc 100644
499--- a/debian/docs
500+++ b/debian/docs
501@@ -1,3 +1,4 @@
502 FAQ
503 NEWS
504 README
505+debian/README.container
506diff --git a/debian/init b/debian/init
507deleted file mode 100644
508index bc376b5..0000000
509--- a/debian/init
510+++ /dev/null
511@@ -1,73 +0,0 @@
512-#! /bin/sh
513-#
514-# Written by Miquel van Smoorenburg <miquels@drinkel.ow.org>.
515-# Modified for Debian GNU/Linux by Ian Murdock <imurdock@gnu.ai.mit.edu>.
516-# Modified for Debian by Christoph Lameter <clameter@debian.org>
517-# Modified for chrony by John Hasler <jhasler@debian.org> 1998-2012
518-# Modified for Debian by Vincent Blut <vincent.debian@free.fr>
519-
520-### BEGIN INIT INFO
521-# Provides: chrony
522-# Required-Start: $remote_fs
523-# Required-Stop: $remote_fs
524-# Should-Start: $syslog $network $named $time
525-# Should-Stop: $syslog $network $named $time
526-# Default-Start: 2 3 4 5
527-# Default-Stop: 0 1 6
528-# Short-Description: Controls chronyd NTP time daemon
529-# Description: Chronyd is the NTP time daemon in the Chrony package
530-### END INIT INFO
531-
532-PATH=/bin:/usr/bin:/sbin:/usr/sbin
533-DAEMON=/usr/sbin/chronyd
534-NAME="chronyd"
535-DESC="time daemon"
536-PIDFILE=/run/chronyd.pid
537-CHRONY_HELPER=/usr/lib/chrony/chrony-helper
538-
539-[ -x "$DAEMON" ] || exit 0
540-
541-. /lib/lsb/init-functions
542-
543-# Override this variable by editing /etc/default/chrony.
544-DAEMON_OPTS=""
545-if [ -f /etc/default/chrony ]; then
546- . /etc/default/chrony
547-fi
548-
549-case "$1" in
550- start)
551- if $0 status > /dev/null ; then
552- log_success_msg "$NAME is already running"
553- else
554- log_daemon_msg "Starting $DESC" "$NAME"
555- start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
556- if [ -x $CHRONY_HELPER ]; then
557- $CHRONY_HELPER update-daemon
558- fi
559- log_end_msg $?
560- fi
561- ;;
562-
563- stop)
564- log_daemon_msg "Stopping $DESC" "$NAME"
565- start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --remove-pidfile --exec $DAEMON
566- log_end_msg $?
567- ;;
568-
569- restart|force-reload)
570- $0 stop
571- $0 start
572- ;;
573-
574- status)
575- status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
576- ;;
577-
578- *)
579- log_action_msg "Usage: /etc/init.d/chrony {start|stop|restart|force-reload|status}"
580- exit 1
581- ;;
582-esac
583-
584-exit 0
585diff --git a/debian/install b/debian/install
586index db2e305..abaa2f3 100644
587--- a/debian/install
588+++ b/debian/install
589@@ -2,3 +2,4 @@ debian/chrony-dnssrv@.* lib/systemd/system
590 debian/chrony-helper usr/lib/chrony
591 debian/chrony.conf usr/share/chrony
592 debian/usr.sbin.chronyd etc/apparmor.d
593+debian/chronyd-starter.sh usr/lib/systemd/scripts/
594diff --git a/debian/postrm b/debian/postrm
595index ed3bac1..a5fd9ba 100644
596--- a/debian/postrm
597+++ b/debian/postrm
598@@ -7,6 +7,15 @@ set -e
599
600 # targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear
601
602+restore_timesyncd() {
603+ # on next reboot it would start, but that would leave time
604+ # unsynchronized until then. So as the Conflicts in the service file kill
605+ # systemd-timesyncd re-establish it if it is enabled
606+ if [ "$(systemctl is-enabled systemd-timesyncd 2>/dev/null)" = "enabled" ] ; then
607+ deb-systemd-invoke start systemd-timesyncd
608+ fi
609+}
610+
611 case "$1" in
612 purge)
613 rm -f /var/lib/chrony/*
614@@ -30,9 +39,15 @@ case "$1" in
615 then
616 deluser --quiet --system _chrony > /dev/null 2>&1 || true
617 fi
618+
619+ restore_timesyncd
620+ ;;
621+
622+ remove)
623+ restore_timesyncd
624 ;;
625
626- remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
627+ upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
628
629 ;;
630

Subscribers

People subscribed via source and target branches