Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-focal-3.5-5 into ubuntu/+source/chrony:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/chrony
  3. merge-focal-3.5-5
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Andreas Hasenack
Approved revision: 87baa5dc87995974c835ad3215f52d63e1f4fbf6
Merge reported by: Christian Ehrhardt 
Merged at revision: 87baa5dc87995974c835ad3215f52d63e1f4fbf6
Proposed branch: ~paelzer/ubuntu/+source/chrony:merge-focal-3.5-5
Merge into: ubuntu/+source/chrony:debian/sid
Diff against target: 665 lines (+524/-4)
9 files modified
debian/README.container (+60/-0)
debian/changelog (+365/-0)
debian/chrony.conf (+18/-1)
debian/chrony.default (+4/-0)
debian/chrony.service (+2/-2)
debian/chronyd-starter.sh (+70/-0)
debian/control (+3/-1)
debian/docs (+1/-0)
debian/install (+1/-0)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+377708@code.launchpad.net

This proposal supersedes a proposal from 2020-01-16.

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Posted in a previous version of this proposal

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/3898/+packages
Tests: https://bileto.ubuntu.com/excuses/3898/focal.html
Merge Bug: https://bugs.launchpad.net/ubuntu/+source/chrony/+bug/1859969
Tags:
 * [new tag] lp1859969/logical/3.5-4ubuntu2 -> lp1859969/logical/3.5-4ubuntu2
 * [new tag] lp1859969/new/debian -> lp1859969/new/debian
 * [new tag] lp1859969/old/debian -> lp1859969/old/debian
 * [new tag] lp1859969/old/ubuntu -> lp1859969/old/ubuntu
 * [new tag] lp1859969/reconstruct/3.5-4ubuntu2 -> lp1859969/reconstruct/3.5-4ubuntu2
 * [new tag] lp1859969/split/3.5-4ubuntu2 -> lp1859969/split/3.5-4ubuntu2

Rather straight forward.

The last merge had two new deltas.
- one of them Debian took
- one of them is now replaced by the fixes out of the upstream discussion that I started

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

If a reviewer agrees with it it would be great to tag and sponsor it right away as I'll struggle on the sprint to o so.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I'll take a look, if not today, then tomorrow (my) morning.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

If someone doesn't grab it before, that is.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1.

I just spent some time reading about /usr/lib/systemd/ntp-units.d. Seems like it's a way to use an env variable to select which ntp unit to use, if so desired.

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Tagging and uploading 87baa5dc87995974c835ad3215f52d63e1f4fbf6

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

$ git push pkg upload/3.5-5ubuntu1
Enumerating objects: 52, done.
Counting objects: 100% (52/52), done.
Delta compression using up to 4 threads
Compressing objects: 100% (31/31), done.
Writing objects: 100% (43/43), 17.87 KiB | 1.05 MiB/s, done.
Total 43 (delta 28), reused 24 (delta 11)
remote: Checking connectivity: 43, done.
To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/chrony
 * [new tag] upload/3.5-5ubuntu1 -> upload/3.5-5ubuntu1

$ dput ubuntu ../chrony_3.5-5ubuntu1_source.changes
Checking signature on .changes
gpg: ../chrony_3.5-5ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../chrony_3.5-5ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Package includes an .orig.tar.gz file although the debian revision suggests
that it might not be required. Multiple uploads of the .orig.tar.gz may be
rejected by the upload queue management software.
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading chrony_3.5-5ubuntu1.dsc: done.
  Uploading chrony_3.5.orig.tar.gz: done.
  Uploading chrony_3.5-5ubuntu1.debian.tar.xz: done.
  Uploading chrony_3.5-5ubuntu1_source.buildinfo: done.
  Uploading chrony_3.5-5ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

This migrated, thanks!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/README.container b/debian/README.container
2new file mode 100644
3index 0000000..16f2618
4--- /dev/null
5+++ b/debian/README.container
6@@ -0,0 +1,60 @@
7+Chrony in Containers
8+--------------------
9+
10+Currently in in 99.9+% of the cases syncing the local clock in a container
11+is wrong. Most of the time it will be unable to do so, because it is lacking
12+CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
13+containers could fight over the system's time, because the Linux kernel does
14+not provide time namespaces (yet).
15+
16+There are two things a user installing chrony usually wants:
17+1. synchronize my time (NTP client)
18+2. serve NTP (NTP server)
19+
20+In a container the first makes (usually) no sense, so by default we enable -x
21+there (as it would only crash otherwise).
22+This will disable the control of the system clock.
23+See `man chronyd` for more details on the -x option.
24+
25+Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
26+the crash of the NTP client portion, but that means the server use case will
27+not work by default in containers. It is still not recommended to use a
28+container as an NTP server, but if the host clock is synchronised via NTP,
29+adding the -x option to chronyd instances running in containers will allow
30+them to function as NTP servers which do not adjust the system clock.
31+The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
32+leaving users often unclear what happened - especially if they were more after
33+the NTP server than the NTP client.
34+
35+One could argue that someone who installs chrony expects the system time to be
36+synchronised, so it should fail if it is not able to do so. On the other hand
37+it could be argued that someone who installs chrony expects time to be served
38+over the network via NTP.
39+We can't know which expectation is applicable, so we assume that time should
40+be synchronised unless chronyd is running in a container (or is without
41+CAP_SYS_TIME in any other environment).
42+
43+To make things worse recent container implementations will offer CAP_SYS_TIME
44+to the container. Since from the container's point of view, this capability is
45+available for the container's user namespace. Just later on adjtimex and similar
46+are actually evaluated against the host kernel where they will fail. Due to
47+that without further precaution running chrony in Ubuntu in the future will
48+likely have the service start (as Condition=CAP_SYS_TIME will be true) but
49+then immediately fail.
50+This will depend on the environment e.g. versions and types of containers and
51+thereby feel just 'unreliable' from users point of view.
52+Furthermore it will affect upgrades as the service has to be restarted for a
53+package upgrade to be considered complete.
54+
55+Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
56+set the system clock) in containers.
57+
58+If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
59+environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
60+this special handling.
61+
62+It is important to mention that as soon as upstream provides a way to provide
63+a default config working in those cases Ubuntu intends to use that and drop
64+the current workaround.
65+
66+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
67diff --git a/debian/changelog b/debian/changelog
68index 63ec198..054cfa2 100644
69--- a/debian/changelog
70+++ b/debian/changelog
71@@ -1,3 +1,38 @@
72+chrony (3.5-5ubuntu1) focal; urgency=medium
73+
74+ * Merge with Debian unstable (LP: #1859969). Remaining changes:
75+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
76+ - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
77+ Chrony is a single service which acts as both NTP client (i.e. syncing the
78+ local clock) and NTP server (i.e. providing NTP services to the network),
79+ and that is both desired and expected in the vast majority of cases.
80+ But in containers syncing the local clock is usually impossible, but this
81+ shall not break the providing of NTP services to the network.
82+ To some extent this makes chrony's default config more similar to 'ntpd',
83+ which complained in syslog but still provided NTP server service in those
84+ cases.
85+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
86+ + debian/control: add new dependency libcap2-bin for capsh (usually
87+ installed anyway, but make them explicit to be sure).
88+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
89+ (Default off) [fixed a minor typo in the comment in this update]
90+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
91+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
92+ containers on a default installation and avoid failing to sync time (or
93+ if allowed to sync, avoid multiple containers to fight over it by
94+ accident).
95+ + debian/install: make chrony-starter.sh available on install.
96+ + debian/docs, debian/README.container: provide documentation about the
97+ handling of this case.
98+ * Dropped changes:
99+ - d/t/control: destructive_system_tests only work on amd64 and s390x right
100+ now [fixed by backporting fixes from upstream in 3.5-5 ]
101+ - d/t/upstream-simulation-test-suite: ignore warnings on stderr while
102+ running clksim make
103+ [ in Debian 3.5-5 ]
104+
105+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Jan 2020 12:55:32 +0100
106+
107 chrony (3.5-5) unstable; urgency=medium
108
109 * debian/control:
110@@ -25,6 +60,47 @@ chrony (3.5-5) unstable; urgency=medium
111
112 -- Vincent Blut <vincent.debian@free.fr> Sun, 22 Dec 2019 17:30:40 +0100
113
114+chrony (3.5-4ubuntu2) focal; urgency=medium
115+
116+ * d/t/control: destructive_system_tests only work on amd64 and s390x right
117+ now
118+ * d/t/upstream-simulation-test-suite: ignore warnings on stderr while
119+ running clksim make
120+
121+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Dec 2019 14:50:50 +0100
122+
123+chrony (3.5-4ubuntu1) focal; urgency=medium
124+
125+ * Merge with Debian unstable (LP: #1854328). Remaining changes:
126+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
127+ - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
128+ Chrony is a single service which acts as both NTP client (i.e. syncing the
129+ local clock) and NTP server (i.e. providing NTP services to the network),
130+ and that is both desired and expected in the vast majority of cases.
131+ But in containers syncing the local clock is usually impossible, but this
132+ shall not break the providing of NTP services to the network.
133+ To some extent this makes chrony's default config more similar to 'ntpd',
134+ which complained in syslog but still provided NTP server service in those
135+ cases.
136+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
137+ + debian/control: add new dependency libcap2-bin for capsh (usually
138+ installed anyway, but make them explicit to be sure).
139+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
140+ (Default off) [fixed a minor typo in the comment in this update]
141+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
142+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
143+ containers on a default installation and avoid failing to sync time (or
144+ if allowed to sync, avoid multiple containers to fight over it by
145+ accident).
146+ + debian/install: make chrony-starter.sh available on install.
147+ + debian/docs, debian/README.container: provide documentation about the
148+ handling of this case.
149+ * Dropped changes:
150+ - d/t/control: allow stderr for recent changes in resolved/iproute
151+ (LP 1836882) [no more needed]
152+
153+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Nov 2019 10:31:36 +0100
154+
155 chrony (3.5-4) unstable; urgency=medium
156
157 * debian/tests/control:
158@@ -69,6 +145,52 @@ chrony (3.5-3) unstable; urgency=medium
159
160 -- Vincent Blut <vincent.debian@free.fr> Tue, 13 Aug 2019 17:57:47 +0200
161
162+chrony (3.5-2ubuntu3) focal; urgency=medium
163+
164+ * No-change rebuild against libnettle7
165+
166+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:07:56 +0000
167+
168+chrony (3.5-2ubuntu2) eoan; urgency=medium
169+
170+ * d/t/control: allow stderr for recent changes in resolved/iproute
171+ (LP: #1836882)
172+
173+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 12:41:58 +0200
174+
175+chrony (3.5-2ubuntu1) eoan; urgency=medium
176+
177+ * Merge with Debian experimental (LP: #1835046). Remaining changes:
178+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
179+ - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
180+ Chrony is a single service which acts as both NTP client (i.e. syncing the
181+ local clock) and NTP server (i.e. providing NTP services to the network),
182+ and that is both desired and expected in the vast majority of cases.
183+ But in containers syncing the local clock is usually impossible, but this
184+ shall not break the providing of NTP services to the network.
185+ To some extent this makes chrony's default config more similar to 'ntpd',
186+ which complained in syslog but still provided NTP server service in those
187+ cases.
188+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
189+ + debian/control: add new dependency libcap2-bin for capsh (usually
190+ installed anyway, but make them explicit to be sure).
191+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
192+ (Default off) [fixed a minor typo in the comment in this update]
193+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
194+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
195+ containers on a default installation and avoid failing to sync time (or
196+ if allowed to sync, avoid multiple containers to fight over it by
197+ accident).
198+ + debian/install: make chrony-starter.sh available on install.
199+ + debian/docs, debian/README.container: provide documentation about the
200+ handling of this case.
201+ * Dropped changes (accepted in Debian now):
202+ - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
203+ - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
204+ (LP 1771994)
205+
206+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jul 2019 13:37:23 +0200
207+
208 chrony (3.5-2) unstable; urgency=medium
209
210 * Merge branch “experimental” into “master”.
211@@ -155,6 +277,56 @@ chrony (3.5~pre1-1) experimental; urgency=medium
212
213 -- Vincent Blut <vincent.debian@free.fr> Sun, 12 May 2019 22:16:14 +0200
214
215+chrony (3.4-4ubuntu2) eoan; urgency=medium
216+
217+ * Dropped sysV change added in 3.4-4ubuntu1 (LP: #1829700):
218+ - removed d/init to avoid weird interactions between sysV and systemd
219+ [With debhelper compat level 12 this isn't an issue anymore]
220+
221+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 22 May 2019 09:10:41 +0200
222+
223+chrony (3.4-4ubuntu1) eoan; urgency=medium
224+
225+ * Merge with Debian unstable (LP: #1828992). Remaining changes:
226+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
227+ - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
228+ Chrony is a single service which acts as both NTP client (i.e. syncing the
229+ local clock) and NTP server (i.e. providing NTP services to the network),
230+ and that is both desired and expected in the vast majority of cases.
231+ But in containers syncing the local clock is usually impossible, but this
232+ shall not break the providing of NTP services to the network.
233+ To some extent this makes chrony's default config more similar to 'ntpd',
234+ which complained in syslog but still provided NTP server service in those
235+ cases.
236+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
237+ + debian/control: add new dependency libcap2-bin for capsh (usually
238+ installed anyway, but make them explicit to be sure).
239+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
240+ (Default off) [fixed a minor typo in the comment in this update]
241+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
242+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
243+ containers on a default installation and avoid failing to sync time (or
244+ if allowed to sync, avoid multiple containers to fight over it by
245+ accident).
246+ + debian/install: make chrony-starter.sh available on install.
247+ + debian/docs, debian/README.container: provide documentation about the
248+ handling of this case.
249+ - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
250+ - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
251+ (LP 1771994)
252+ * Added Changes:
253+ - removed d/init to avoid weird interactions between sysV and systemd
254+ * Dropped Changes:
255+ - Notify chrony to update sources in response to systemd-networkd
256+ events (LP: 1718227)
257+ + d/links: link dispatcher script to networkd-dispatcher events routable
258+ and off
259+ + d/control: set Recommends to networkd-dispatcher
260+ [Those are in Debian, except that we agreed to have networkd-dispatcher
261+ to only be a Suggests]
262+
263+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 May 2019 12:49:30 +0200
264+
265 chrony (3.4-4) unstable; urgency=medium
266
267 * debian/patches/*:
268@@ -231,6 +403,48 @@ chrony (3.4-2) unstable; urgency=medium
269
270 -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +0100
271
272+chrony (3.4-1ubuntu1) disco; urgency=medium
273+
274+ * Merge with Debian unstable (LP: #1802886). Remaining changes:
275+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
276+ - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
277+ Chrony is a single service which acts as both NTP client (i.e. syncing the
278+ local clock) and NTP server (i.e. providing NTP services to the network),
279+ and that is both desired and expected in the vast majority of cases.
280+ But in containers syncing the local clock is usually impossible, but this
281+ shall not break the providing of NTP services to the network.
282+ To some extent this makes chrony's default config more similar to 'ntpd',
283+ which complained in syslog but still provided NTP server service in those
284+ cases.
285+ + debian/chrony.service: allow the service to run without CAP_SYS_TIME
286+ + debian/control: add new dependency libcap2-bin for capsh (usually
287+ installed anyway, but make them explicit to be sure).
288+ + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
289+ (Default off).
290+ + debian/chronyd-starter.sh: wrapper to handle special cases in containers
291+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
292+ containers on a default installation and avoid failing to sync time (or
293+ if allowed to sync, avoid multiple containers to fight over it by
294+ accident).
295+ + debian/install: make chronyd-starter.sh available on install.
296+ + debian/docs, debian/README.container: provide documentation about the
297+ handling of this case.
298+ - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
299+ - Notify chrony to update sources in response to systemd-networkd
300+ events (LP: 1718227)
301+ + d/links: link dispatcher script to networkd-dispatcher events routable
302+ and off
303+ + d/control: set Recommends to networkd-dispatcher
304+ * Dropped Changes (upstream):
305+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
306+ - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
307+ the service on newer kernels by falling back to urandom. (LP: 1787366)
308+ * Added Changes:
309+ - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
310+ (LP: #1771994)
311+
312+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Nov 2018 11:39:08 +0100
313+
314 chrony (3.4-1) unstable; urgency=medium
315
316 * Import upstream version 3.4:
317@@ -307,6 +521,66 @@ chrony (3.3-3) unstable; urgency=medium
318
319 -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +0200
320
321+chrony (3.3-2ubuntu2) cosmic; urgency=medium
322+
323+ * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
324+ the service on newer kernels by falling back to urandom.
325+ (LP: #1787366, Closes: #906276)
326+
327+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200
328+
329+chrony (3.3-2ubuntu1) cosmic; urgency=medium
330+
331+ * Merge with Debian unstable (LP: #1771061). Remaining changes:
332+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
333+ - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
334+ Chrony is a single service which acts as both NTP client (i.e. syncing the
335+ local clock) and NTP server (i.e. providing NTP services to the network),
336+ and that is both desired and expected in the vast majority of cases.
337+ But in containers syncing the local clock is usually impossible, but this
338+ shall not break the providing of NTP services to the network.
339+ To some extent this makes chrony's default config more similar to 'ntpd',
340+ which complained in syslog but still provided NTP server service in those
341+ cases.
342+ - debian/chrony.service: allow the service to run without CAP_SYS_TIME
343+ - debian/control: add new dependency libcap2-bin for capsh (usually
344+ installed anyway, but make them explicit to be sure).
345+ - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
346+ (Default off).
347+ - debian/chronyd-starter.sh: wrapper to handle special cases in containers
348+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
349+ containers on a default installation and avoid failing to sync time (or
350+ if allowed to sync, avoid multiple containers to fight over it by
351+ accident).
352+ - debian/install: make chronyd-starter.sh available on install.
353+ - debian/docs, debian/README.container: provide documentation about the
354+ handling of this case.
355+ - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
356+ - Notify chrony to update sources in response to systemd-networkd
357+ events (LP: 1718227)
358+ - d/links: link dispatcher script to networkd-dispatcher events routable
359+ and off
360+ - d/control: set Recommends to networkd-dispatcher
361+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
362+ * Dropped changes
363+ - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
364+ (LP: 1751241) (in Debian now)
365+ - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
366+ (in Debian now)
367+ - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
368+ When dropping the root privileges, don't try to keep the CAP_SYS_TIME
369+ capability if the -x option was enabled. This allows chronyd to be
370+ started without the capability (e.g. in containers) and also drop the
371+ root privileges (This is upstream now).
372+ - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
373+ upstream now).
374+ - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
375+ which is in main, so we can drop this)
376+ * Added changes
377+ - debian/README.container: fix typos
378+
379+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 May 2018 09:06:01 +0200
380+
381 chrony (3.3-2) unstable; urgency=medium
382
383 * debian/chrony.service:
384@@ -362,6 +636,76 @@ chrony (3.2-5) unstable; urgency=medium
385
386 -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +0100
387
388+chrony (3.2-4ubuntu4) bionic; urgency=medium
389+
390+ * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
391+ * Notify chrony to update sources in response to systemd-networkd
392+ events (LP: #1718227)
393+ - d/links: link dispatcher script to networkd-dispatcher events routable
394+ and off
395+ - d/control: set Recommends to networkd-dispatcher
396+ - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
397+ - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
398+
399+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Apr 2018 17:04:06 +0200
400+
401+chrony (3.2-4ubuntu3) bionic; urgency=medium
402+
403+ * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
404+
405+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 05 Apr 2018 09:38:10 +0200
406+
407+chrony (3.2-4ubuntu2) bionic; urgency=medium
408+
409+ * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
410+ Chrony is a single service which acts as both NTP client (i.e. syncing the
411+ local clock) and NTP server (i.e. providing NTP services to the network),
412+ and that is both desired and expected in the vast majority of cases.
413+ But in containers syncing the local clock is usually impossible, but this
414+ shall not break the providing of NTP services to the network.
415+ To some extent this makes chrony's default config more similar to 'ntpd',
416+ which complained in syslog but still provided NTP server service in those
417+ cases.
418+ - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
419+ When dropping the root privileges, don't try to keep the CAP_SYS_TIME
420+ capability if the -x option was enabled. This allows chronyd to be
421+ started without the capability (e.g. in containers) and also drop the
422+ root privileges.
423+ - debian/chrony.service: allow the service to run without CAP_SYS_TIME
424+ - debian/control: add new dependency libcap2-bin for capsh (usually
425+ installed anyway, but make them explicit to be sure).
426+ - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
427+ (Default off).
428+ - debian/chronyd-starter.sh: wrapper to handle special cases in containers
429+ and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
430+ containers on a default installation and avoid failing to sync time (or
431+ if allowed to sync, avoid multiple containers to fight over it by
432+ accident).
433+ - debian/install: make chronyd-starter.sh available on install.
434+ - debian/docs, debian/README.container: provide documentation about the
435+ handling of this case.
436+ * debian/chrony.conf: update default chrony.conf to not violate the policy
437+ of pool.ntp.org (to use no more than four of their servers) and to provide
438+ more ipv6 capable sources by default (LP: #1754358)
439+
440+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
441+
442+chrony (3.2-4ubuntu1) bionic; urgency=medium
443+
444+ * Merge with Debian unstable. Remaining changes:
445+ - d/control: switch to nss instead of tomcrypt (nss is in main)
446+ - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
447+ * Dropped changes (in Debian)
448+ - d/chrony.default, d/chrony.service: support /etc/default/chrony
449+ DAEMON_OPTS in systemd environment (LP: 1746081)
450+ - d/chrony.service: properly start after networking (LP: 1746458)
451+ - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
452+ * Added Changes:
453+ - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
454+ (LP: #1751241, Closes: #891201)
455+
456+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Feb 2018 14:44:54 +0100
457+
458 chrony (3.2-4) unstable; urgency=medium
459
460 * debian/changelog:
461@@ -428,6 +772,27 @@ chrony (3.2-3) unstable; urgency=medium
462
463 -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +0100
464
465+chrony (3.2-2ubuntu3) bionic; urgency=medium
466+
467+ * Revert the changes of (LP 1746458) as in the follow on discussion
468+ it became clear that we want it to start early (for example for an
469+ early offset from drift file). iIf needed chrony will later on pick
470+ up that servers are online via retries (augmented by hooks on network
471+ events).
472+
473+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Feb 2018 10:52:30 +0100
474+
475+chrony (3.2-2ubuntu2) bionic; urgency=medium
476+
477+ * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
478+ * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
479+ * d/chrony.default, d/chrony.service: support /etc/default/chrony
480+ DAEMON_OPTS in systemd environment (LP: #1746081)
481+ * d/chrony.service: properly start after networking (LP: #1746458)
482+ * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
483+
484+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 19 Jan 2018 09:45:38 +0100
485+
486 chrony (3.2-2) unstable; urgency=medium
487
488 * Initial AppArmor profile for chronyd. Thanks to Jamie
489diff --git a/debian/chrony.conf b/debian/chrony.conf
490index 6c19767..d5a0b37 100644
491--- a/debian/chrony.conf
492+++ b/debian/chrony.conf
493@@ -1,6 +1,23 @@
494 # Welcome to the chrony configuration file. See chrony.conf(5) for more
495 # information about usuable directives.
496-pool 2.debian.pool.ntp.org iburst
497+
498+# This will use (up to):
499+# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
500+# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
501+# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
502+# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
503+# sources will be used.
504+# At the same time it retains some protection against one of the entries being
505+# down (compare to just using one of the lines). See (LP: #1754358) for the
506+# discussion.
507+#
508+# About using servers from the NTP Pool Project in general see (LP: #104525).
509+# Approved by Ubuntu Technical Board on 2011-02-08.
510+# See http://www.pool.ntp.org/join.html for more information.
511+pool ntp.ubuntu.com iburst maxsources 4
512+pool 0.ubuntu.pool.ntp.org iburst maxsources 1
513+pool 1.ubuntu.pool.ntp.org iburst maxsources 1
514+pool 2.ubuntu.pool.ntp.org iburst maxsources 2
515
516 # This directive specify the location of the file containing ID/key pairs for
517 # NTP authentication.
518diff --git a/debian/chrony.default b/debian/chrony.default
519index eead3e6..5391fc4 100644
520--- a/debian/chrony.default
521+++ b/debian/chrony.default
522@@ -4,3 +4,7 @@
523
524 # Options to pass to chrony.
525 DAEMON_OPTS="-F -1"
526+
527+# Sync system clock in containers or without CAP_SYS_TIME (likely to fail)
528+# See /usr/share/doc/chrony/README.container for details.
529+SYNC_IN_CONTAINER="no"
530diff --git a/debian/chrony.service b/debian/chrony.service
531index 8110433..175b752 100644
532--- a/debian/chrony.service
533+++ b/debian/chrony.service
534@@ -5,13 +5,13 @@ Conflicts=systemd-timesyncd.service openntpd.service ntp.service ntpsec.service
535 Wants=time-sync.target
536 Before=time-sync.target
537 After=network.target
538-ConditionCapability=CAP_SYS_TIME
539
540 [Service]
541 Type=forking
542 PIDFile=/run/chronyd.pid
543 EnvironmentFile=-/etc/default/chrony
544-ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
545+# Starter takes care of special cases mostly for containers
546+ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
547 ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon
548 PrivateTmp=yes
549 ProtectHome=yes
550diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
551new file mode 100755
552index 0000000..c175db5
553--- /dev/null
554+++ b/debian/chronyd-starter.sh
555@@ -0,0 +1,70 @@
556+#!/bin/sh
557+set -ue
558+
559+CONF="/etc/default/chrony"
560+DOC="/usr/share/doc/chrony/README.container"
561+CAP="cap_sys_time"
562+CMD="/usr/sbin/chronyd"
563+# Take any args passed, use none if nothing was specified
564+EFFECTIVE_DAEMON_OPTS=${@:-""}
565+
566+if [ -f "${CONF}" ]; then
567+ . "${CONF}"
568+else
569+ echo "<4>Warning: ${CONF} is missing"
570+fi
571+# take from conffile if available, default to no otherwise
572+EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
573+
574+if [ ! -x "${CMD}" ]; then
575+ echo "<3>Error: ${CMD} not executable"
576+ # ugly, but works around https://github.com/systemd/systemd/issues/2913
577+ sleep 0.1
578+ exit 1
579+fi
580+
581+# Check if -x is already set manually, don't process further if that is the case
582+X_SET=0
583+while getopts ":x" opt; do
584+ case $opt in
585+ x)
586+ X_SET=1
587+ ;;
588+ esac
589+done
590+
591+if [ ${X_SET} -ne 1 ]; then
592+ # Assume it is not in a container
593+ IS_CONTAINER=0
594+ if [ -x /usr/bin/systemd-detect-virt ]; then
595+ if /usr/bin/systemd-detect-virt --quiet --container; then
596+ IS_CONTAINER=1
597+ fi
598+ fi
599+
600+
601+ # Assume it has the cap
602+ HAS_CAP=1
603+ CAPSH="/sbin/capsh"
604+ if [ -x "${CAPSH}" ]; then
605+ ${CAPSH} --print | grep -q "^Current.*${CAP}" || HAS_CAP=0
606+ fi
607+
608+ if [ ${HAS_CAP} -eq 0 ]; then
609+ echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
610+ fi
611+ if [ ${IS_CONTAINER} -eq 1 ]; then
612+ echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
613+ fi
614+
615+ if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
616+ if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
617+ echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
618+ EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
619+ else
620+ echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
621+ fi
622+ fi
623+fi
624+
625+${CMD} ${EFFECTIVE_DAEMON_OPTS}
626diff --git a/debian/control b/debian/control
627index 5df0fb6..ba1284f 100644
628--- a/debian/control
629+++ b/debian/control
630@@ -1,7 +1,8 @@
631 Source: chrony
632 Section: net
633 Priority: optional
634-Maintainer: Vincent Blut <vincent.debian@free.fr>
635+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
636+XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
637 Uploaders: Joachim Wiedorn <joodebian@joonet.de>
638 Standards-Version: 4.4.1
639 Build-Depends: asciidoctor (>= 1.5.3-1~),
640@@ -26,6 +27,7 @@ Architecture: linux-any
641 Pre-Depends: ${misc:Pre-Depends}
642 Depends: adduser,
643 iproute2 [linux-any],
644+ libcap2-bin,
645 ucf,
646 ${misc:Depends},
647 ${shlibs:Depends}
648diff --git a/debian/docs b/debian/docs
649index e12f653..3bfc9dc 100644
650--- a/debian/docs
651+++ b/debian/docs
652@@ -1,3 +1,4 @@
653 FAQ
654 NEWS
655 README
656+debian/README.container
657diff --git a/debian/install b/debian/install
658index 11d47a1..df91970 100644
659--- a/debian/install
660+++ b/debian/install
661@@ -3,3 +3,4 @@ debian/chrony-helper usr/lib/chrony
662 debian/chrony.conf usr/share/chrony
663 debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d
664 debian/usr.sbin.chronyd etc/apparmor.d
665+debian/chronyd-starter.sh usr/lib/systemd/scripts/

Subscribers

People subscribed via source and target branches