Merge ~paelzer/ubuntu/+source/chrony:merge-3.5-9-groovy into ubuntu/+source/chrony:debian/sid
- Git
- lp:~paelzer/ubuntu/+source/chrony
- merge-3.5-9-groovy
- Merge into debian/sid
Proposed by
Christian Ehrhardt
| Status: | Merged |
|---|---|
| Approved by: | Christian Ehrhardt |
| Approved revision: | 7f083097789507443f6a9a630cefbf8e0ad039df |
| Merge reported by: | Christian Ehrhardt |
| Merged at revision: | 7f083097789507443f6a9a630cefbf8e0ad039df |
| Proposed branch: | ~paelzer/ubuntu/+source/chrony:merge-3.5-9-groovy |
| Merge into: | ubuntu/+source/chrony:debian/sid |
| Diff against target: |
801 lines (+634/-5) 10 files modified
debian/README.container (+60/-0) debian/changelog (+473/-0) debian/chrony.conf (+18/-1) debian/chrony.default (+4/-0) debian/chrony.service (+2/-2) debian/chronyd-starter.sh (+70/-0) debian/control (+3/-1) debian/docs (+1/-0) debian/install (+1/-0) debian/tests/control (+2/-1) |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Bryce Harrington (community) | Approve | ||
| Canonical Server | Pending | ||
| Canonical Server packageset reviewers | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
To post a comment you must log in.
Revision history for this message
| Christian Ehrhardt (paelzer) wrote : | # |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote : | # |
The test results look good already: https:/
Revision history for this message
| Bryce Harrington (bryce) wrote : | # |
* Changelog:
- [√] old content and logical tag match as expected
- [√] changelog entry correct version and targeted codename
- [√] changelog entries correct
- [√] update-maintainer has been run
* Actual changes:
- [√] no upstream changes to consider
- [√] no further upstream version to consider
- [√] debian changes look safe
* Old Delta:
- [√] dropped changes are ok to be dropped
- [√] nothing else to drop
- [√] changes forwarded upstream/debian (if appropriate)
* New Delta:
- [√] no new patches added
- [√] patches match what was proposed upstream
- [√] patches correctly included in debian/
- [√] patches have correct DEP3 metadata
* Build/Test:
- [√] build is ok
- [-] verified PPA package installs/uninstalls
- [√] autopkgtest against the PPA package passes
- [√] sanity checks test fine
+1 looks good. I didn't actually test the PPA install/uninstall, but have no doubt that should be fine, just verified bileto passed ok.
review:
Approve
Revision history for this message
| Bryce Harrington (bryce) wrote : | # |
Oh I did notice one small typo in the README, see inline below.
Revision history for this message
| Bryce Harrington (bryce) wrote : | # |
"in in" -> "in"
Revision history for this message
| Christian Ehrhardt (paelzer) wrote : | # |
Thanks, typo fixed
Revision history for this message
| Christian Ehrhardt (paelzer) wrote : | # |
To ssh://git.
* [new tag] upload/3.5-9ubuntu1 -> upload/3.5-9ubuntu1
Uploading to ubuntu (via ftp to upload.ubuntu.com):
Uploading chrony_
Uploading chrony_
Uploading chrony_
Uploading chrony_
Uploading chrony_
Successfully uploaded packages.
Revision history for this message
| Christian Ehrhardt (paelzer) wrote : | # |
This is merged and migrated
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | diff --git a/debian/README.container b/debian/README.container |
| 2 | new file mode 100644 |
| 3 | index 0000000..16f2618 |
| 4 | --- /dev/null |
| 5 | +++ b/debian/README.container |
| 6 | @@ -0,0 +1,60 @@ |
| 7 | +Chrony in Containers |
| 8 | +-------------------- |
| 9 | + |
| 10 | +Currently in in 99.9+% of the cases syncing the local clock in a container |
| 11 | +is wrong. Most of the time it will be unable to do so, because it is lacking |
| 12 | +CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple |
| 13 | +containers could fight over the system's time, because the Linux kernel does |
| 14 | +not provide time namespaces (yet). |
| 15 | + |
| 16 | +There are two things a user installing chrony usually wants: |
| 17 | +1. synchronize my time (NTP client) |
| 18 | +2. serve NTP (NTP server) |
| 19 | + |
| 20 | +In a container the first makes (usually) no sense, so by default we enable -x |
| 21 | +there (as it would only crash otherwise). |
| 22 | +This will disable the control of the system clock. |
| 23 | +See `man chronyd` for more details on the -x option. |
| 24 | + |
| 25 | +Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided |
| 26 | +the crash of the NTP client portion, but that means the server use case will |
| 27 | +not work by default in containers. It is still not recommended to use a |
| 28 | +container as an NTP server, but if the host clock is synchronised via NTP, |
| 29 | +adding the -x option to chronyd instances running in containers will allow |
| 30 | +them to function as NTP servers which do not adjust the system clock. |
| 31 | +The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away |
| 32 | +leaving users often unclear what happened - especially if they were more after |
| 33 | +the NTP server than the NTP client. |
| 34 | + |
| 35 | +One could argue that someone who installs chrony expects the system time to be |
| 36 | +synchronised, so it should fail if it is not able to do so. On the other hand |
| 37 | +it could be argued that someone who installs chrony expects time to be served |
| 38 | +over the network via NTP. |
| 39 | +We can't know which expectation is applicable, so we assume that time should |
| 40 | +be synchronised unless chronyd is running in a container (or is without |
| 41 | +CAP_SYS_TIME in any other environment). |
| 42 | + |
| 43 | +To make things worse recent container implementations will offer CAP_SYS_TIME |
| 44 | +to the container. Since from the container's point of view, this capability is |
| 45 | +available for the container's user namespace. Just later on adjtimex and similar |
| 46 | +are actually evaluated against the host kernel where they will fail. Due to |
| 47 | +that without further precaution running chrony in Ubuntu in the future will |
| 48 | +likely have the service start (as Condition=CAP_SYS_TIME will be true) but |
| 49 | +then immediately fail. |
| 50 | +This will depend on the environment e.g. versions and types of containers and |
| 51 | +thereby feel just 'unreliable' from users point of view. |
| 52 | +Furthermore it will affect upgrades as the service has to be restarted for a |
| 53 | +package upgrade to be considered complete. |
| 54 | + |
| 55 | +Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not |
| 56 | +set the system clock) in containers. |
| 57 | + |
| 58 | +If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less |
| 59 | +environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable |
| 60 | +this special handling. |
| 61 | + |
| 62 | +It is important to mention that as soon as upstream provides a way to provide |
| 63 | +a default config working in those cases Ubuntu intends to use that and drop |
| 64 | +the current workaround. |
| 65 | + |
| 66 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100 |
| 67 | diff --git a/debian/changelog b/debian/changelog |
| 68 | index 8e4ba7f..6d48dca 100644 |
| 69 | --- a/debian/changelog |
| 70 | +++ b/debian/changelog |
| 71 | @@ -1,3 +1,41 @@ |
| 72 | +chrony (3.5-9ubuntu1) groovy; urgency=medium |
| 73 | + |
| 74 | + * Merge with Debian unstable (LP: #1878005). Remaining changes: |
| 75 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 76 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 77 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 78 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 79 | + and that is both desired and expected in the vast majority of cases. |
| 80 | + But in containers syncing the local clock is usually impossible, but this |
| 81 | + shall not break the providing of NTP services to the network. |
| 82 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 83 | + which complained in syslog but still provided NTP server service in those |
| 84 | + cases. |
| 85 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 86 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 87 | + installed anyway, but make them explicit to be sure). |
| 88 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 89 | + (Default off) [fixed a minor typo in the comment in this update] |
| 90 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 91 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 92 | + containers on a default installation and avoid failing to sync time (or |
| 93 | + if allowed to sync, avoid multiple containers to fight over it by |
| 94 | + accident). |
| 95 | + + debian/install: make chrony-starter.sh available on install. |
| 96 | + + debian/docs, debian/README.container: provide documentation about the |
| 97 | + handling of this case. |
| 98 | + - d/t/control: harden time-sources-from-dhcp-servers test for systemd change |
| 99 | + (LP: 1873031) |
| 100 | + * Dropped changes [in Debian now] |
| 101 | + - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests |
| 102 | + - d/t/upstream-system-tests: fix stderr in case services do not exist |
| 103 | + - Stop starting systemd-timesyncd in postrm. This is no longer relevant |
| 104 | + since systemd-timesyncd is a standalone package declaring |
| 105 | + Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: 1872183) |
| 106 | + - d/postrm: Reinstate the remove target (LP: 1873810) |
| 107 | + |
| 108 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 20 May 2020 09:57:39 +0200 |
| 109 | + |
| 110 | chrony (3.5-9) unstable; urgency=medium |
| 111 | |
| 112 | * debian/patches/: |
| 113 | @@ -60,6 +98,76 @@ chrony (3.5-7) unstable; urgency=medium |
| 114 | |
| 115 | -- Vincent Blut <vincent.debian@free.fr> Tue, 17 Mar 2020 15:21:53 +0100 |
| 116 | |
| 117 | +chrony (3.5-6ubuntu6) focal; urgency=medium |
| 118 | + |
| 119 | + * d/postrm: Reinstate the remove target (LP: #1873810) |
| 120 | + |
| 121 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Apr 2020 15:58:52 +0200 |
| 122 | + |
| 123 | +chrony (3.5-6ubuntu5) focal; urgency=medium |
| 124 | + |
| 125 | + * d/t/control: harden time-sources-from-dhcp-servers test for systemd change |
| 126 | + (LP: #1873031) |
| 127 | + |
| 128 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 18:23:10 +0200 |
| 129 | + |
| 130 | +chrony (3.5-6ubuntu4) focal; urgency=medium |
| 131 | + |
| 132 | + * debian/postrm: |
| 133 | + - Stop starting systemd-timesyncd in postrm. This is no longer relevant |
| 134 | + since systemd-timesyncd is a standalone package declaring |
| 135 | + Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183) |
| 136 | + |
| 137 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 09:01:30 +0200 |
| 138 | + |
| 139 | +chrony (3.5-6ubuntu3) focal; urgency=medium |
| 140 | + |
| 141 | + * avoid multiple time services running concurrently (LP: #1870144). |
| 142 | + This fixes the autopkgtests vs chrond itself, the issue of concurrent |
| 143 | + systemd-timesyncd will be fixed in systemd by (LP 1849156) |
| 144 | + - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests |
| 145 | + - d/t/upstream-system-tests: fix stderr in case services do not exist |
| 146 | + |
| 147 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Apr 2020 09:25:45 +0200 |
| 148 | + |
| 149 | +chrony (3.5-6ubuntu2) focal; urgency=medium |
| 150 | + |
| 151 | + * fix capsh usage in focal avoiding to always fall back to -x (LP: #1867036) |
| 152 | + - d/control: add versioned dependency to libcap2-bin new enough to |
| 153 | + support --has-p |
| 154 | + - d/chronyd-starter.sh: update capsh usage to use --has-p |
| 155 | + |
| 156 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 31 Mar 2020 10:19:20 +0200 |
| 157 | + |
| 158 | +chrony (3.5-6ubuntu1) focal; urgency=medium |
| 159 | + |
| 160 | + * Merge with Debian unstable (LP: #1866753). Remaining changes: |
| 161 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 162 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 163 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 164 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 165 | + and that is both desired and expected in the vast majority of cases. |
| 166 | + But in containers syncing the local clock is usually impossible, but this |
| 167 | + shall not break the providing of NTP services to the network. |
| 168 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 169 | + which complained in syslog but still provided NTP server service in those |
| 170 | + cases. |
| 171 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 172 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 173 | + installed anyway, but make them explicit to be sure). |
| 174 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 175 | + (Default off) [fixed a minor typo in the comment in this update] |
| 176 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 177 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 178 | + containers on a default installation and avoid failing to sync time (or |
| 179 | + if allowed to sync, avoid multiple containers to fight over it by |
| 180 | + accident). |
| 181 | + + debian/install: make chrony-starter.sh available on install. |
| 182 | + + debian/docs, debian/README.container: provide documentation about the |
| 183 | + handling of this case. |
| 184 | + |
| 185 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Mar 2020 11:02:33 +0100 |
| 186 | + |
| 187 | chrony (3.5-6) unstable; urgency=medium |
| 188 | |
| 189 | * debian/chrony.service: |
| 190 | @@ -94,6 +202,41 @@ chrony (3.5-6) unstable; urgency=medium |
| 191 | |
| 192 | -- Vincent Blut <vincent.debian@free.fr> Tue, 10 Mar 2020 19:17:16 +0100 |
| 193 | |
| 194 | +chrony (3.5-5ubuntu1) focal; urgency=medium |
| 195 | + |
| 196 | + * Merge with Debian unstable (LP: #1859969). Remaining changes: |
| 197 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 198 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 199 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 200 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 201 | + and that is both desired and expected in the vast majority of cases. |
| 202 | + But in containers syncing the local clock is usually impossible, but this |
| 203 | + shall not break the providing of NTP services to the network. |
| 204 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 205 | + which complained in syslog but still provided NTP server service in those |
| 206 | + cases. |
| 207 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 208 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 209 | + installed anyway, but make them explicit to be sure). |
| 210 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 211 | + (Default off) [fixed a minor typo in the comment in this update] |
| 212 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 213 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 214 | + containers on a default installation and avoid failing to sync time (or |
| 215 | + if allowed to sync, avoid multiple containers to fight over it by |
| 216 | + accident). |
| 217 | + + debian/install: make chrony-starter.sh available on install. |
| 218 | + + debian/docs, debian/README.container: provide documentation about the |
| 219 | + handling of this case. |
| 220 | + * Dropped changes: |
| 221 | + - d/t/control: destructive_system_tests only work on amd64 and s390x right |
| 222 | + now [fixed by backporting fixes from upstream in 3.5-5 ] |
| 223 | + - d/t/upstream-simulation-test-suite: ignore warnings on stderr while |
| 224 | + running clksim make |
| 225 | + [ in Debian 3.5-5 ] |
| 226 | + |
| 227 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Jan 2020 12:55:32 +0100 |
| 228 | + |
| 229 | chrony (3.5-5) unstable; urgency=medium |
| 230 | |
| 231 | * debian/control: |
| 232 | @@ -121,6 +264,47 @@ chrony (3.5-5) unstable; urgency=medium |
| 233 | |
| 234 | -- Vincent Blut <vincent.debian@free.fr> Sun, 22 Dec 2019 17:30:40 +0100 |
| 235 | |
| 236 | +chrony (3.5-4ubuntu2) focal; urgency=medium |
| 237 | + |
| 238 | + * d/t/control: destructive_system_tests only work on amd64 and s390x right |
| 239 | + now |
| 240 | + * d/t/upstream-simulation-test-suite: ignore warnings on stderr while |
| 241 | + running clksim make |
| 242 | + |
| 243 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Dec 2019 14:50:50 +0100 |
| 244 | + |
| 245 | +chrony (3.5-4ubuntu1) focal; urgency=medium |
| 246 | + |
| 247 | + * Merge with Debian unstable (LP: #1854328). Remaining changes: |
| 248 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 249 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 250 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 251 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 252 | + and that is both desired and expected in the vast majority of cases. |
| 253 | + But in containers syncing the local clock is usually impossible, but this |
| 254 | + shall not break the providing of NTP services to the network. |
| 255 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 256 | + which complained in syslog but still provided NTP server service in those |
| 257 | + cases. |
| 258 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 259 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 260 | + installed anyway, but make them explicit to be sure). |
| 261 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 262 | + (Default off) [fixed a minor typo in the comment in this update] |
| 263 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 264 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 265 | + containers on a default installation and avoid failing to sync time (or |
| 266 | + if allowed to sync, avoid multiple containers to fight over it by |
| 267 | + accident). |
| 268 | + + debian/install: make chrony-starter.sh available on install. |
| 269 | + + debian/docs, debian/README.container: provide documentation about the |
| 270 | + handling of this case. |
| 271 | + * Dropped changes: |
| 272 | + - d/t/control: allow stderr for recent changes in resolved/iproute |
| 273 | + (LP 1836882) [no more needed] |
| 274 | + |
| 275 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Nov 2019 10:31:36 +0100 |
| 276 | + |
| 277 | chrony (3.5-4) unstable; urgency=medium |
| 278 | |
| 279 | * debian/tests/control: |
| 280 | @@ -165,6 +349,52 @@ chrony (3.5-3) unstable; urgency=medium |
| 281 | |
| 282 | -- Vincent Blut <vincent.debian@free.fr> Tue, 13 Aug 2019 17:57:47 +0200 |
| 283 | |
| 284 | +chrony (3.5-2ubuntu3) focal; urgency=medium |
| 285 | + |
| 286 | + * No-change rebuild against libnettle7 |
| 287 | + |
| 288 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:07:56 +0000 |
| 289 | + |
| 290 | +chrony (3.5-2ubuntu2) eoan; urgency=medium |
| 291 | + |
| 292 | + * d/t/control: allow stderr for recent changes in resolved/iproute |
| 293 | + (LP: #1836882) |
| 294 | + |
| 295 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 12:41:58 +0200 |
| 296 | + |
| 297 | +chrony (3.5-2ubuntu1) eoan; urgency=medium |
| 298 | + |
| 299 | + * Merge with Debian experimental (LP: #1835046). Remaining changes: |
| 300 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 301 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 302 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 303 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 304 | + and that is both desired and expected in the vast majority of cases. |
| 305 | + But in containers syncing the local clock is usually impossible, but this |
| 306 | + shall not break the providing of NTP services to the network. |
| 307 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 308 | + which complained in syslog but still provided NTP server service in those |
| 309 | + cases. |
| 310 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 311 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 312 | + installed anyway, but make them explicit to be sure). |
| 313 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 314 | + (Default off) [fixed a minor typo in the comment in this update] |
| 315 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 316 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 317 | + containers on a default installation and avoid failing to sync time (or |
| 318 | + if allowed to sync, avoid multiple containers to fight over it by |
| 319 | + accident). |
| 320 | + + debian/install: make chrony-starter.sh available on install. |
| 321 | + + debian/docs, debian/README.container: provide documentation about the |
| 322 | + handling of this case. |
| 323 | + * Dropped changes (accepted in Debian now): |
| 324 | + - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357) |
| 325 | + - d/postrm: respect policy-rc.d when restoring systemd-timesyncd |
| 326 | + (LP 1771994) |
| 327 | + |
| 328 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jul 2019 13:37:23 +0200 |
| 329 | + |
| 330 | chrony (3.5-2) unstable; urgency=medium |
| 331 | |
| 332 | * Merge branch “experimental” into “master”. |
| 333 | @@ -251,6 +481,56 @@ chrony (3.5~pre1-1) experimental; urgency=medium |
| 334 | |
| 335 | -- Vincent Blut <vincent.debian@free.fr> Sun, 12 May 2019 22:16:14 +0200 |
| 336 | |
| 337 | +chrony (3.4-4ubuntu2) eoan; urgency=medium |
| 338 | + |
| 339 | + * Dropped sysV change added in 3.4-4ubuntu1 (LP: #1829700): |
| 340 | + - removed d/init to avoid weird interactions between sysV and systemd |
| 341 | + [With debhelper compat level 12 this isn't an issue anymore] |
| 342 | + |
| 343 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 22 May 2019 09:10:41 +0200 |
| 344 | + |
| 345 | +chrony (3.4-4ubuntu1) eoan; urgency=medium |
| 346 | + |
| 347 | + * Merge with Debian unstable (LP: #1828992). Remaining changes: |
| 348 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358) |
| 349 | + - Set -x as default if unable to set time (e.g. in containers) (LP 1589780) |
| 350 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 351 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 352 | + and that is both desired and expected in the vast majority of cases. |
| 353 | + But in containers syncing the local clock is usually impossible, but this |
| 354 | + shall not break the providing of NTP services to the network. |
| 355 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 356 | + which complained in syslog but still provided NTP server service in those |
| 357 | + cases. |
| 358 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 359 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 360 | + installed anyway, but make them explicit to be sure). |
| 361 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 362 | + (Default off) [fixed a minor typo in the comment in this update] |
| 363 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 364 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 365 | + containers on a default installation and avoid failing to sync time (or |
| 366 | + if allowed to sync, avoid multiple containers to fight over it by |
| 367 | + accident). |
| 368 | + + debian/install: make chrony-starter.sh available on install. |
| 369 | + + debian/docs, debian/README.container: provide documentation about the |
| 370 | + handling of this case. |
| 371 | + - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357) |
| 372 | + - d/postrm: respect policy-rc.d when restoring systemd-timesyncd |
| 373 | + (LP 1771994) |
| 374 | + * Added Changes: |
| 375 | + - removed d/init to avoid weird interactions between sysV and systemd |
| 376 | + * Dropped Changes: |
| 377 | + - Notify chrony to update sources in response to systemd-networkd |
| 378 | + events (LP: 1718227) |
| 379 | + + d/links: link dispatcher script to networkd-dispatcher events routable |
| 380 | + and off |
| 381 | + + d/control: set Recommends to networkd-dispatcher |
| 382 | + [Those are in Debian, except that we agreed to have networkd-dispatcher |
| 383 | + to only be a Suggests] |
| 384 | + |
| 385 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 May 2019 12:49:30 +0200 |
| 386 | + |
| 387 | chrony (3.4-4) unstable; urgency=medium |
| 388 | |
| 389 | * debian/patches/*: |
| 390 | @@ -327,6 +607,48 @@ chrony (3.4-2) unstable; urgency=medium |
| 391 | |
| 392 | -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +0100 |
| 393 | |
| 394 | +chrony (3.4-1ubuntu1) disco; urgency=medium |
| 395 | + |
| 396 | + * Merge with Debian unstable (LP: #1802886). Remaining changes: |
| 397 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
| 398 | + - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780) |
| 399 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 400 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 401 | + and that is both desired and expected in the vast majority of cases. |
| 402 | + But in containers syncing the local clock is usually impossible, but this |
| 403 | + shall not break the providing of NTP services to the network. |
| 404 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 405 | + which complained in syslog but still provided NTP server service in those |
| 406 | + cases. |
| 407 | + + debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 408 | + + debian/control: add new dependency libcap2-bin for capsh (usually |
| 409 | + installed anyway, but make them explicit to be sure). |
| 410 | + + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 411 | + (Default off). |
| 412 | + + debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 413 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 414 | + containers on a default installation and avoid failing to sync time (or |
| 415 | + if allowed to sync, avoid multiple containers to fight over it by |
| 416 | + accident). |
| 417 | + + debian/install: make chronyd-starter.sh available on install. |
| 418 | + + debian/docs, debian/README.container: provide documentation about the |
| 419 | + handling of this case. |
| 420 | + - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357) |
| 421 | + - Notify chrony to update sources in response to systemd-networkd |
| 422 | + events (LP: 1718227) |
| 423 | + + d/links: link dispatcher script to networkd-dispatcher events routable |
| 424 | + and off |
| 425 | + + d/control: set Recommends to networkd-dispatcher |
| 426 | + * Dropped Changes (upstream): |
| 427 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
| 428 | + - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting |
| 429 | + the service on newer kernels by falling back to urandom. (LP: 1787366) |
| 430 | + * Added Changes: |
| 431 | + - d/postrm: respect policy-rc.d when restoring systemd-timesyncd |
| 432 | + (LP: #1771994) |
| 433 | + |
| 434 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Nov 2018 11:39:08 +0100 |
| 435 | + |
| 436 | chrony (3.4-1) unstable; urgency=medium |
| 437 | |
| 438 | * Import upstream version 3.4: |
| 439 | @@ -403,6 +725,66 @@ chrony (3.3-3) unstable; urgency=medium |
| 440 | |
| 441 | -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +0200 |
| 442 | |
| 443 | +chrony (3.3-2ubuntu2) cosmic; urgency=medium |
| 444 | + |
| 445 | + * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting |
| 446 | + the service on newer kernels by falling back to urandom. |
| 447 | + (LP: #1787366, Closes: #906276) |
| 448 | + |
| 449 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200 |
| 450 | + |
| 451 | +chrony (3.3-2ubuntu1) cosmic; urgency=medium |
| 452 | + |
| 453 | + * Merge with Debian unstable (LP: #1771061). Remaining changes: |
| 454 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
| 455 | + - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780) |
| 456 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 457 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 458 | + and that is both desired and expected in the vast majority of cases. |
| 459 | + But in containers syncing the local clock is usually impossible, but this |
| 460 | + shall not break the providing of NTP services to the network. |
| 461 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 462 | + which complained in syslog but still provided NTP server service in those |
| 463 | + cases. |
| 464 | + - debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 465 | + - debian/control: add new dependency libcap2-bin for capsh (usually |
| 466 | + installed anyway, but make them explicit to be sure). |
| 467 | + - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 468 | + (Default off). |
| 469 | + - debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 470 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 471 | + containers on a default installation and avoid failing to sync time (or |
| 472 | + if allowed to sync, avoid multiple containers to fight over it by |
| 473 | + accident). |
| 474 | + - debian/install: make chronyd-starter.sh available on install. |
| 475 | + - debian/docs, debian/README.container: provide documentation about the |
| 476 | + handling of this case. |
| 477 | + - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357) |
| 478 | + - Notify chrony to update sources in response to systemd-networkd |
| 479 | + events (LP: 1718227) |
| 480 | + - d/links: link dispatcher script to networkd-dispatcher events routable |
| 481 | + and off |
| 482 | + - d/control: set Recommends to networkd-dispatcher |
| 483 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
| 484 | + * Dropped changes |
| 485 | + - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor |
| 486 | + (LP: 1751241) (in Debian now) |
| 487 | + - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327) |
| 488 | + (in Debian now) |
| 489 | + - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch: |
| 490 | + When dropping the root privileges, don't try to keep the CAP_SYS_TIME |
| 491 | + capability if the -x option was enabled. This allows chronyd to be |
| 492 | + started without the capability (e.g. in containers) and also drop the |
| 493 | + root privileges (This is upstream now). |
| 494 | + - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is |
| 495 | + upstream now). |
| 496 | + - d/control: switch to nss instead of tomcrypt (Debian switched to nettle |
| 497 | + which is in main, so we can drop this) |
| 498 | + * Added changes |
| 499 | + - debian/README.container: fix typos |
| 500 | + |
| 501 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 May 2018 09:06:01 +0200 |
| 502 | + |
| 503 | chrony (3.3-2) unstable; urgency=medium |
| 504 | |
| 505 | * debian/chrony.service: |
| 506 | @@ -458,6 +840,76 @@ chrony (3.2-5) unstable; urgency=medium |
| 507 | |
| 508 | -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +0100 |
| 509 | |
| 510 | +chrony (3.2-4ubuntu4) bionic; urgency=medium |
| 511 | + |
| 512 | + * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357) |
| 513 | + * Notify chrony to update sources in response to systemd-networkd |
| 514 | + events (LP: #1718227) |
| 515 | + - d/links: link dispatcher script to networkd-dispatcher events routable |
| 516 | + and off |
| 517 | + - d/control: set Recommends to networkd-dispatcher |
| 518 | + - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch |
| 519 | + - d/p/lp-1718227-nm-dispatcher-for-networkd.patch |
| 520 | + |
| 521 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Apr 2018 17:04:06 +0200 |
| 522 | + |
| 523 | +chrony (3.2-4ubuntu3) bionic; urgency=medium |
| 524 | + |
| 525 | + * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327) |
| 526 | + |
| 527 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 05 Apr 2018 09:38:10 +0200 |
| 528 | + |
| 529 | +chrony (3.2-4ubuntu2) bionic; urgency=medium |
| 530 | + |
| 531 | + * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780) |
| 532 | + Chrony is a single service which acts as both NTP client (i.e. syncing the |
| 533 | + local clock) and NTP server (i.e. providing NTP services to the network), |
| 534 | + and that is both desired and expected in the vast majority of cases. |
| 535 | + But in containers syncing the local clock is usually impossible, but this |
| 536 | + shall not break the providing of NTP services to the network. |
| 537 | + To some extent this makes chrony's default config more similar to 'ntpd', |
| 538 | + which complained in syslog but still provided NTP server service in those |
| 539 | + cases. |
| 540 | + - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch: |
| 541 | + When dropping the root privileges, don't try to keep the CAP_SYS_TIME |
| 542 | + capability if the -x option was enabled. This allows chronyd to be |
| 543 | + started without the capability (e.g. in containers) and also drop the |
| 544 | + root privileges. |
| 545 | + - debian/chrony.service: allow the service to run without CAP_SYS_TIME |
| 546 | + - debian/control: add new dependency libcap2-bin for capsh (usually |
| 547 | + installed anyway, but make them explicit to be sure). |
| 548 | + - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back |
| 549 | + (Default off). |
| 550 | + - debian/chronyd-starter.sh: wrapper to handle special cases in containers |
| 551 | + and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in |
| 552 | + containers on a default installation and avoid failing to sync time (or |
| 553 | + if allowed to sync, avoid multiple containers to fight over it by |
| 554 | + accident). |
| 555 | + - debian/install: make chronyd-starter.sh available on install. |
| 556 | + - debian/docs, debian/README.container: provide documentation about the |
| 557 | + handling of this case. |
| 558 | + * debian/chrony.conf: update default chrony.conf to not violate the policy |
| 559 | + of pool.ntp.org (to use no more than four of their servers) and to provide |
| 560 | + more ipv6 capable sources by default (LP: #1754358) |
| 561 | + |
| 562 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100 |
| 563 | + |
| 564 | +chrony (3.2-4ubuntu1) bionic; urgency=medium |
| 565 | + |
| 566 | + * Merge with Debian unstable. Remaining changes: |
| 567 | + - d/control: switch to nss instead of tomcrypt (nss is in main) |
| 568 | + - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664) |
| 569 | + * Dropped changes (in Debian) |
| 570 | + - d/chrony.default, d/chrony.service: support /etc/default/chrony |
| 571 | + DAEMON_OPTS in systemd environment (LP: 1746081) |
| 572 | + - d/chrony.service: properly start after networking (LP: 1746458) |
| 573 | + - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444) |
| 574 | + * Added Changes: |
| 575 | + - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor |
| 576 | + (LP: #1751241, Closes: #891201) |
| 577 | + |
| 578 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Feb 2018 14:44:54 +0100 |
| 579 | + |
| 580 | chrony (3.2-4) unstable; urgency=medium |
| 581 | |
| 582 | * debian/changelog: |
| 583 | @@ -524,6 +976,27 @@ chrony (3.2-3) unstable; urgency=medium |
| 584 | |
| 585 | -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +0100 |
| 586 | |
| 587 | +chrony (3.2-2ubuntu3) bionic; urgency=medium |
| 588 | + |
| 589 | + * Revert the changes of (LP 1746458) as in the follow on discussion |
| 590 | + it became clear that we want it to start early (for example for an |
| 591 | + early offset from drift file). iIf needed chrony will later on pick |
| 592 | + up that servers are online via retries (augmented by hooks on network |
| 593 | + events). |
| 594 | + |
| 595 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Feb 2018 10:52:30 +0100 |
| 596 | + |
| 597 | +chrony (3.2-2ubuntu2) bionic; urgency=medium |
| 598 | + |
| 599 | + * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072) |
| 600 | + * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664) |
| 601 | + * d/chrony.default, d/chrony.service: support /etc/default/chrony |
| 602 | + DAEMON_OPTS in systemd environment (LP: #1746081) |
| 603 | + * d/chrony.service: properly start after networking (LP: #1746458) |
| 604 | + * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444) |
| 605 | + |
| 606 | + -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 19 Jan 2018 09:45:38 +0100 |
| 607 | + |
| 608 | chrony (3.2-2) unstable; urgency=medium |
| 609 | |
| 610 | * Initial AppArmor profile for chronyd. Thanks to Jamie |
| 611 | diff --git a/debian/chrony.conf b/debian/chrony.conf |
| 612 | index 6c19767..d5a0b37 100644 |
| 613 | --- a/debian/chrony.conf |
| 614 | +++ b/debian/chrony.conf |
| 615 | @@ -1,6 +1,23 @@ |
| 616 | # Welcome to the chrony configuration file. See chrony.conf(5) for more |
| 617 | # information about usuable directives. |
| 618 | -pool 2.debian.pool.ntp.org iburst |
| 619 | + |
| 620 | +# This will use (up to): |
| 621 | +# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled |
| 622 | +# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well |
| 623 | +# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm) |
| 624 | +# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only |
| 625 | +# sources will be used. |
| 626 | +# At the same time it retains some protection against one of the entries being |
| 627 | +# down (compare to just using one of the lines). See (LP: #1754358) for the |
| 628 | +# discussion. |
| 629 | +# |
| 630 | +# About using servers from the NTP Pool Project in general see (LP: #104525). |
| 631 | +# Approved by Ubuntu Technical Board on 2011-02-08. |
| 632 | +# See http://www.pool.ntp.org/join.html for more information. |
| 633 | +pool ntp.ubuntu.com iburst maxsources 4 |
| 634 | +pool 0.ubuntu.pool.ntp.org iburst maxsources 1 |
| 635 | +pool 1.ubuntu.pool.ntp.org iburst maxsources 1 |
| 636 | +pool 2.ubuntu.pool.ntp.org iburst maxsources 2 |
| 637 | |
| 638 | # This directive specify the location of the file containing ID/key pairs for |
| 639 | # NTP authentication. |
| 640 | diff --git a/debian/chrony.default b/debian/chrony.default |
| 641 | index eead3e6..5391fc4 100644 |
| 642 | --- a/debian/chrony.default |
| 643 | +++ b/debian/chrony.default |
| 644 | @@ -4,3 +4,7 @@ |
| 645 | |
| 646 | # Options to pass to chrony. |
| 647 | DAEMON_OPTS="-F -1" |
| 648 | + |
| 649 | +# Sync system clock in containers or without CAP_SYS_TIME (likely to fail) |
| 650 | +# See /usr/share/doc/chrony/README.container for details. |
| 651 | +SYNC_IN_CONTAINER="no" |
| 652 | diff --git a/debian/chrony.service b/debian/chrony.service |
| 653 | index 2066a7d..bab5e76 100644 |
| 654 | --- a/debian/chrony.service |
| 655 | +++ b/debian/chrony.service |
| 656 | @@ -5,13 +5,13 @@ Conflicts=openntpd.service ntp.service ntpsec.service |
| 657 | Wants=time-sync.target |
| 658 | Before=time-sync.target |
| 659 | After=network.target |
| 660 | -ConditionCapability=CAP_SYS_TIME |
| 661 | |
| 662 | [Service] |
| 663 | Type=forking |
| 664 | PIDFile=/run/chronyd.pid |
| 665 | EnvironmentFile=-/etc/default/chrony |
| 666 | -ExecStart=/usr/sbin/chronyd $DAEMON_OPTS |
| 667 | +# Starter takes care of special cases mostly for containers |
| 668 | +ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS |
| 669 | ExecStartPost=-/usr/lib/chrony/chrony-helper update-daemon |
| 670 | PrivateTmp=yes |
| 671 | ProtectHome=yes |
| 672 | diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh |
| 673 | new file mode 100755 |
| 674 | index 0000000..55cc285 |
| 675 | --- /dev/null |
| 676 | +++ b/debian/chronyd-starter.sh |
| 677 | @@ -0,0 +1,70 @@ |
| 678 | +#!/bin/sh |
| 679 | +set -ue |
| 680 | + |
| 681 | +CONF="/etc/default/chrony" |
| 682 | +DOC="/usr/share/doc/chrony/README.container" |
| 683 | +CAP="cap_sys_time" |
| 684 | +CMD="/usr/sbin/chronyd" |
| 685 | +# Take any args passed, use none if nothing was specified |
| 686 | +EFFECTIVE_DAEMON_OPTS=${@:-""} |
| 687 | + |
| 688 | +if [ -f "${CONF}" ]; then |
| 689 | + . "${CONF}" |
| 690 | +else |
| 691 | + echo "<4>Warning: ${CONF} is missing" |
| 692 | +fi |
| 693 | +# take from conffile if available, default to no otherwise |
| 694 | +EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"} |
| 695 | + |
| 696 | +if [ ! -x "${CMD}" ]; then |
| 697 | + echo "<3>Error: ${CMD} not executable" |
| 698 | + # ugly, but works around https://github.com/systemd/systemd/issues/2913 |
| 699 | + sleep 0.1 |
| 700 | + exit 1 |
| 701 | +fi |
| 702 | + |
| 703 | +# Check if -x is already set manually, don't process further if that is the case |
| 704 | +X_SET=0 |
| 705 | +while getopts ":x" opt; do |
| 706 | + case $opt in |
| 707 | + x) |
| 708 | + X_SET=1 |
| 709 | + ;; |
| 710 | + esac |
| 711 | +done |
| 712 | + |
| 713 | +if [ ${X_SET} -ne 1 ]; then |
| 714 | + # Assume it is not in a container |
| 715 | + IS_CONTAINER=0 |
| 716 | + if [ -x /usr/bin/systemd-detect-virt ]; then |
| 717 | + if /usr/bin/systemd-detect-virt --quiet --container; then |
| 718 | + IS_CONTAINER=1 |
| 719 | + fi |
| 720 | + fi |
| 721 | + |
| 722 | + |
| 723 | + # Assume it has the cap |
| 724 | + HAS_CAP=1 |
| 725 | + CAPSH="/sbin/capsh" |
| 726 | + if [ -x "${CAPSH}" ]; then |
| 727 | + ${CAPSH} --has-p="${CAP}" || HAS_CAP=0 |
| 728 | + fi |
| 729 | + |
| 730 | + if [ ${HAS_CAP} -eq 0 ]; then |
| 731 | + echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail" |
| 732 | + fi |
| 733 | + if [ ${IS_CONTAINER} -eq 1 ]; then |
| 734 | + echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock" |
| 735 | + fi |
| 736 | + |
| 737 | + if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then |
| 738 | + if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then |
| 739 | + echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior" |
| 740 | + EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x" |
| 741 | + else |
| 742 | + echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior" |
| 743 | + fi |
| 744 | + fi |
| 745 | +fi |
| 746 | + |
| 747 | +${CMD} ${EFFECTIVE_DAEMON_OPTS} |
| 748 | diff --git a/debian/control b/debian/control |
| 749 | index 33c0436..b71a54e 100644 |
| 750 | --- a/debian/control |
| 751 | +++ b/debian/control |
| 752 | @@ -1,7 +1,8 @@ |
| 753 | Source: chrony |
| 754 | Section: net |
| 755 | Priority: optional |
| 756 | -Maintainer: Vincent Blut <vincent.debian@free.fr> |
| 757 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
| 758 | +XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr> |
| 759 | Uploaders: Joachim Wiedorn <joodebian@joonet.de> |
| 760 | Standards-Version: 4.5.0 |
| 761 | Build-Depends: asciidoctor (>= 1.5.3-1~), |
| 762 | @@ -26,6 +27,7 @@ Architecture: linux-any |
| 763 | Pre-Depends: ${misc:Pre-Depends} |
| 764 | Depends: adduser, |
| 765 | iproute2 [linux-any], |
| 766 | + libcap2-bin (>= 1:2.32-1), |
| 767 | ucf, |
| 768 | ${misc:Depends}, |
| 769 | ${shlibs:Depends} |
| 770 | diff --git a/debian/docs b/debian/docs |
| 771 | index e12f653..3bfc9dc 100644 |
| 772 | --- a/debian/docs |
| 773 | +++ b/debian/docs |
| 774 | @@ -1,3 +1,4 @@ |
| 775 | FAQ |
| 776 | NEWS |
| 777 | README |
| 778 | +debian/README.container |
| 779 | diff --git a/debian/install b/debian/install |
| 780 | index 11d47a1..df91970 100644 |
| 781 | --- a/debian/install |
| 782 | +++ b/debian/install |
| 783 | @@ -3,3 +3,4 @@ debian/chrony-helper usr/lib/chrony |
| 784 | debian/chrony.conf usr/share/chrony |
| 785 | debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d |
| 786 | debian/usr.sbin.chronyd etc/apparmor.d |
| 787 | +debian/chronyd-starter.sh usr/lib/systemd/scripts/ |
| 788 | diff --git a/debian/tests/control b/debian/tests/control |
| 789 | index bc4bdd7..0657e1d 100644 |
| 790 | --- a/debian/tests/control |
| 791 | +++ b/debian/tests/control |
| 792 | @@ -4,7 +4,8 @@ Restrictions: isolation-container, build-needed, skippable, needs-root, needs-in |
| 793 | |
| 794 | Tests: time-sources-from-dhcp-servers |
| 795 | Depends: @, isc-dhcp-server, isc-dhcp-client, iproute2, kmod |
| 796 | -Restrictions: isolation-machine, needs-root |
| 797 | +# allow-stderr is needed until systemd fixed LP: 1873031 |
| 798 | +Restrictions: isolation-machine, needs-root, allow-stderr |
| 799 | |
| 800 | Features: test-name=run_system_tests |
| 801 | Test-Command: debian/tests/upstream-system-tests |
Merge tags are pushed
To ssh://git.
* [new tag] lp1878005/
* [new tag] lp1878005/
* [new tag] lp1878005/
* [new tag] lp1878005/
* [new tag] lp1878005/
* [new tag] lp1878005/
* [new branch] merge-3.5-9-groovy -> merge-3.5-9-groovy
PPA: https:/