Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy into ubuntu/+source/chrony:debian/sid

Proposed by Christian Ehrhardt  on 2022-02-07

Status:	Merged
Merge reported by:	Christian Ehrhardt 
Merged at revision:	fb15e128be5419d2f0d158e475d70f10412b30c6
Proposed branch:	~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy
Merge into:	ubuntu/+source/chrony:debian/sid
Diff against target:	1107 lines (+901/-5) 9 files modified debian/README.container (+60/-0) debian/changelog (+746/-0) debian/chrony.conf (+17/-2) debian/chrony.default (+4/-0) debian/chrony.service (+1/-2) debian/chronyd-starter.sh (+68/-0) debian/control (+3/-1) debian/docs (+1/-0) debian/install (+1/-0)
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Utkarsh Gupta (community)	2022-02-07	Approve on 2022-02-07
Canonical Server	2022-02-07	Pending
git-ubuntu import	2022-02-07	Pending
Review via email: mp+415170@code.launchpad.net

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4774
Tags:
To ssh://git.launchpad.net/~paelzer/ubuntu/+source/chrony
* [new tag] logical/4.2-0ubuntu1 -> logical/4.2-0ubuntu1
* [new tag] reconstruct/4.2-0ubuntu1 -> reconstruct/4.2-0ubuntu1
* [new tag] split/4.2-0ubuntu1 -> split/4.2-0ubuntu1

Autopkgtests are running (I've done this merge as in the past libc has often triggered issues and that provides a change to run build & test for something more useful than just sniff testing).

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

Tests are good on amd64/ppc64/s390x - arm* is still running.
I'll post an update about that later.

Ready to start review IMHO

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

Arm tests complete as well now

Results from https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4774/?format=plain:
  chrony @ amd64:
    07.02.22 08:42:13 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ arm64:
    07.02.22 09:08:27 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ armhf:
    07.02.22 09:52:16 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      run_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ ppc64el:
    07.02.22 08:37:53 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ s390x:
    07.02.22 08:36:34 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅

Arm tests complete as well now

Results from https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4774/?format=plain:
  chrony @ amd64:
    07.02.22 08:42:13    Log 🗒️	✅     Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS                ✅ 
      time-sources-from-dhcp-servers PASS                ✅ 
      run_system_tests     PASS                          ✅ 
      run_destructive_system_tests PASS                  ✅ 
      fragmented-configuration PASS                      ✅ 
      dynamically-add-source PASS                        ✅ 
      ntp-server-and-nts-auth PASS                       ✅ 
  chrony @ arm64:
    07.02.22 09:08:27    Log 🗒️	✅     Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS                ✅ 
      time-sources-from-dhcp-servers PASS                ✅ 
      run_system_tests     PASS                          ✅ 
      run_destructive_system_tests PASS                  ✅ 
      fragmented-configuration PASS                      ✅ 
      dynamically-add-source PASS                        ✅ 
      ntp-server-and-nts-auth PASS                       ✅ 
  chrony @ armhf:
    07.02.22 09:52:16    Log 🗒️	✅     Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS                ✅ 
      run_system_tests     PASS                          ✅ 
      fragmented-configuration PASS                      ✅ 
      dynamically-add-source PASS                        ✅ 
      ntp-server-and-nts-auth PASS                       ✅ 
  chrony @ ppc64el:
    07.02.22 08:37:53    Log 🗒️	✅     Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS                ✅ 
      time-sources-from-dhcp-servers PASS                ✅ 
      run_system_tests     PASS                          ✅ 
      run_destructive_system_tests PASS                  ✅ 
      fragmented-configuration PASS                      ✅ 
      dynamically-add-source PASS                        ✅ 
      ntp-server-and-nts-auth PASS                       ✅ 
  chrony @ s390x:
    07.02.22 08:36:34    Log 🗒️	✅     Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS                ✅ 
      time-sources-from-dhcp-servers PASS                ✅ 
      run_system_tests     PASS                          ✅ 
      run_destructive_system_tests PASS                  ✅ 
      fragmented-configuration PASS                      ✅ 
      dynamically-add-source PASS                        ✅ 
      ntp-server-and-nts-auth PASS                       ✅

Revision history for this message

Utkarsh Gupta (utkarsh) wrote on 2022-02-07:

[04acd8b]: looks good, Ubuntu specific. +1.

[0526a15]: okay, long history. Fair enough. But why aren't we forwarding this to Debian? I think Debian would benefit from this, too, no? I don't think this is Ubuntu-specific, or is it?

[0e1ec67], [416c57b], [be6d2f1], [05fcb9a]: okayyyy? but is it really Ubuntu-specific (because of MIRs and such?)? or can we forward this to drop the delta? I know we've been carrying this for a while but if it's really Ubuntu-specific, can we add a comment about it (i.e. reasons behind it) in the commit message so this doesn't come up the next time and the reasons are clear before-hand?

[fb15e12]: quick comment in the d/ch entry about the "Dropped Changes" being slightly unclear. :(

review: Needs Information

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

Hi Utkarsh,
0526a15 and all the others you asked for were forwarded to Debian and there decided against it.

The reason behind that is that our container story around LXD being a system container is very different to theirs.

Without that motivation I can understand why they didn't want but we needed it.
So that is one of the "fair and ok on both sides" differences between Debian & Ubuntu.

All the other bits you have wondered belong to that context e.g. libcap2-bin is only needed for our container check. The call to the wrapper is only needed for our container handling, ...

---

Finally about d/ch "Drop patches present in v4.2" might seem short, but you'll see that in the former version we have used exactly that term. And all that I could do in the new changelog is repeating that file names which seemed superlfuous.
If you want them added it is just a copy of lines 90-92 up to 29 and done.
So let me know if you think this is really better.

Revision history for this message

Utkarsh Gupta (utkarsh) wrote on 2022-02-07:

Hiya,

> 0526a15 and all the others you asked for were forwarded to Debian
> and there decided against it.
>
> The reason behind that is that our container story around LXD being
> a system container is very different to theirs.
>
> Without that motivation I can understand why they didn't want but
> we needed it.
> So that is one of the "fair and ok on both sides" differences
> between Debian & Ubuntu.
>
> All the other bits you have wondered belong to that context e.g.
> libcap2-bin is only needed for our container check. The call to
> the wrapper is only needed for our container handling, ...

Okay, fair enough. I'd like to propose adding a "[Ubuntu-specific]" tags to the commit (message) header so that the reviewer directly knows that it is more-or-less Ubuntu-only or/and equivalent. Maybe I'll bring this to our stand-up sometime this week.

> If you want them added it is just a copy of lines 90-92 up to
> 29 and done.
> So let me know if you think this is really better.

I don't have a problem, really. Either is fine now that there is context but maybe adding them would be better? But really, up to you. If you think it's not needed, so be it. \o/

Given everything has been answered/discussed, this looks good. +1.

review: Approve

~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy updated on 2022-02-07

e82626a... by Christian Ehrhardt  on 2022-02-07

changelog: make dropped patches more readable

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

Ok, I used that in other branches added a prefix "UBUNTU-only:" to all commits of that kind.

Also added the dropped patches in the changelog, if you miss them others might as well and three lines more changelog do not cost anything.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-07:

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading chrony_4.2-2ubuntu1.dsc: done.
  Uploading chrony_4.2.orig.tar.gz: done.
  Uploading chrony_4.2-2ubuntu1.debian.tar.xz: done.
  Uploading chrony_4.2-2ubuntu1_source.buildinfo: done.
  Uploading chrony_4.2-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2022-02-08:

Migrated

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christian Ehrhardt 

git-ubuntu developers

Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy into ubuntu/+source/chrony:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

 diff --git a/debian/README.container b/debian/README.container
 new file mode 100644
 index 0000000..dcacf49
 --- /dev/null
 +++ b/debian/README.container
@@ -0,0 +1,60 @@
++Chrony in Containers
++--------------------
++
++Currently in 99.9+% of the cases syncing the local clock in a container
++is wrong. Most of the time it will be unable to do so, because it is lacking
++CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
++containers could fight over the system's time, because the Linux kernel does
++not provide time namespaces (yet).
++
++There are two things a user installing chrony usually wants:
++1. synchronize my time (NTP client)
++2. serve NTP (NTP server)
++
++In a container the first makes (usually) no sense, so by default we enable -x
++there (as it would only crash otherwise).
++This will disable the control of the system clock.
++See `man chronyd` for more details on the -x option.
++
++Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
++the crash of the NTP client portion, but that means the server use case will
++not work by default in containers. It is still not recommended to use a
++container as an NTP server, but if the host clock is synchronised via NTP,
++adding the -x option to chronyd instances running in containers will allow
++them to function as NTP servers which do not adjust the system clock.
++The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
++leaving users often unclear what happened - especially if they were more after
++the NTP server than the NTP client.
++
++One could argue that someone who installs chrony expects the system time to be
++synchronised, so it should fail if it is not able to do so.  On the other hand
++it could be argued that someone who installs chrony expects time to be served
++over the network via NTP.
++We can't know which expectation is applicable, so we assume that time should
++be synchronised unless chronyd is running in a container (or is without
++CAP_SYS_TIME in any other environment).
++
++To make things worse recent container implementations will offer CAP_SYS_TIME
++to the container. Since from the container's point of view, this capability is
++available for the container's user namespace. Just later on adjtimex and similar
++are actually evaluated against the host kernel where they will fail. Due to
++that without further precaution running chrony in Ubuntu in the future will
++likely have the service start (as Condition=CAP_SYS_TIME will be true) but
++then immediately fail.
++This will depend on the environment e.g. versions and types of containers and
++thereby feel just 'unreliable' from users point of view.
++Furthermore it will affect upgrades as the service has to be restarted for a
++package upgrade to be considered complete.
++
++Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
++set the system clock) in containers.
++
++If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
++environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
++this special handling.
++
++It is important to mention that as soon as upstream provides a way to provide
++a default config working in those cases Ubuntu intends to use that and drop
++the current workaround.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
 diff --git a/debian/changelog b/debian/changelog
 index 2ea7ed3..5769883 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,39 @@
++chrony (4.2-2ubuntu1) jammy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes [ in 4.2-1 ]
++    - Drop patches present in v4.2
++      + d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
++      + d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
++      + d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
++    - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 04 Feb 2022 07:52:48 +0100
++
  chrony (4.2-2) unstable; urgency=medium
    * debian/usr.sbin.chronyd:
@@ -26,6 +62,42 @@ chrony (4.2-1) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 13 Jan 2022 14:01:35 +0100
++chrony (4.2-0ubuntu1) jammy; urgency=medium
++
++  * Merge with Debian testing (LP: #1946848) and upstream v4.2.
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Drop patches present in v4.2
++    - d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
++    - d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
++    - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
++  * Added changes:
++    - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Jan 2022 14:51:22 +0100
++
  chrony (4.1-4) unstable; urgency=medium
    * debian/:
@@ -48,6 +120,41 @@ chrony (4.1-4) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 07 Oct 2021 15:23:28 +0200
++chrony (4.1-3ubuntu1) impish; urgency=medium
++
++  * Merge with Debian unstable (LP: #1940252). Remaining changes:
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/helper-functions: restart explicitly to fix test issues
++  * Added changes:
++    - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch: glibc 2.34
++      compatibility
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 17 Aug 2021 12:22:32 +0200
++
  chrony (4.1-3) unstable; urgency=medium
    * Upload to unstable.
@@ -78,6 +185,51 @@ chrony (4.1-2) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sat, 26 Jun 2021 17:16:45 +0200
++chrony (4.1-1ubuntu1) impish; urgency=medium
++
++  * Merge new upstream 4.1 and yet unrelased changes from Debian salsa.
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/helper-functions: reduce default ubuntu config, to make space for
++      testcase config
++      [ in Debian 4.0-6 ]
++    - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
++      unify tests to use reload and restart
++      [ in Debian 4.0-6 ]
++    - d/t/upstream-simulation-test-suite: Update clknetsim version to fix
++      a test failure on s390x when LTO is enabled at build time (LP #1921377)
++      [ in Debian 4.1~pre1-1 ]
++    - d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
++      add compatibility for glibc 2.33 (LP: 1915006)
++      [ upstream in 4.1-pre1 ]
++  * Added changes:
++    - d/t/helper-functions: restart explicitly to fix test issues
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 18 May 2021 08:12:59 +0200
++
  chrony (4.1-1) experimental; urgency=medium
    * Import upstream version 4.1:
@@ -168,6 +320,54 @@ chrony (4.0-6) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 21 Feb 2021 21:59:22 +0100
++chrony (4.0-5ubuntu3) hirsute; urgency=medium
++
++  * d/t/upstream-simulation-test-suite: Update clknetsim version to fix
++    a test failure on s390x when LTO is enabled at build time (LP: #1921377)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 25 Mar 2021 15:45:47 +0100
++
++chrony (4.0-5ubuntu2) hirsute; urgency=medium
++
++  * d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
++    add compatibility for glibc 2.33 (LP: 1915006)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 15 Feb 2021 12:50:29 +0100
++
++chrony (4.0-5ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable (LP: #1915006). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Added changes:
++    - d/t/helper-functions: reduce default ubuntu config, to make space for
++      testcase config
++    - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
++      unify tests to use reload and restart
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 08 Feb 2021 12:45:05 +0100
++
  chrony (4.0-5) unstable; urgency=medium
    * Follow DEP-14 branch naming conventions:
@@ -284,6 +484,35 @@ chrony (4.0-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Mon, 18 Jan 2021 21:58:52 +0100
++chrony (4.0-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 27 Oct 2020 10:55:19 +0100
++
  chrony (4.0-2) unstable; urgency=medium
    * Merge branch 'experimental' into 'master'.
@@ -419,6 +648,44 @@ chrony (4.0~pre4-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Fri, 02 Oct 2020 21:21:08 +0200
++chrony (3.5.1-1ubuntu2) groovy; urgency=medium
++
++  * d/chronyd-starter.sh: fix commandline argument parsing (LP: #1898000)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 06 Oct 2020 12:20:40 +0200
++
++chrony (3.5.1-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes
++    - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++      (LP: 1873031) [no more needed with recent systemd that is in groovy]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 26 Aug 2020 15:30:48 +0200
++
  chrony (3.5.1-1) unstable; urgency=medium
    * Import upstream version 3.5.1:
@@ -434,6 +701,50 @@ chrony (3.5.1-1) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 20 Aug 2020 14:07:22 +0200
++chrony (3.5-9ubuntu2) groovy; urgency=medium
++
++  * No change rebuild against new libnettle8 and libhogweed6 ABI.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 29 Jun 2020 22:22:19 +0100
++
++chrony (3.5-9ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable (LP: #1878005). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++      (LP: 1873031)
++  * Dropped changes [in Debian now]
++    - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
++    - d/t/upstream-system-tests: fix stderr in case services do not exist
++    - Stop starting systemd-timesyncd in postrm. This is no longer relevant
++      since systemd-timesyncd is a standalone package declaring
++      Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: 1872183)
++    - d/postrm: Reinstate the remove target (LP: 1873810)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 20 May 2020 09:57:39 +0200
++
  chrony (3.5-9) unstable; urgency=medium
    * debian/patches/:
@@ -496,6 +807,76 @@ chrony (3.5-7) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 17 Mar 2020 15:21:53 +0100
++chrony (3.5-6ubuntu6) focal; urgency=medium
++
++  * d/postrm: Reinstate the remove target (LP: #1873810)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 20 Apr 2020 15:58:52 +0200
++
++chrony (3.5-6ubuntu5) focal; urgency=medium
++
++  * d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++    (LP: #1873031)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 18:23:10 +0200
++
++chrony (3.5-6ubuntu4) focal; urgency=medium
++
++  * debian/postrm:
++    - Stop starting systemd-timesyncd in postrm. This is no longer relevant
++      since systemd-timesyncd is a standalone package declaring
++      Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 09:01:30 +0200
++
++chrony (3.5-6ubuntu3) focal; urgency=medium
++
++  * avoid multiple time services running concurrently (LP: #1870144).
++    This fixes the autopkgtests vs chrond itself, the issue of concurrent
++    systemd-timesyncd will be fixed in systemd by (LP 1849156)
++    - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
++    - d/t/upstream-system-tests: fix stderr in case services do not exist
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 01 Apr 2020 09:25:45 +0200
++
++chrony (3.5-6ubuntu2) focal; urgency=medium
++
++  * fix capsh usage in focal avoiding to always fall back to -x (LP: #1867036)
++    - d/control: add versioned dependency to libcap2-bin new enough to
++      support --has-p
++    - d/chronyd-starter.sh: update capsh usage to use --has-p
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 31 Mar 2020 10:19:20 +0200
++
++chrony (3.5-6ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1866753). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 12 Mar 2020 11:02:33 +0100
++
  chrony (3.5-6) unstable; urgency=medium
    * debian/chrony.service:
@@ -530,6 +911,41 @@ chrony (3.5-6) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 10 Mar 2020 19:17:16 +0100
++chrony (3.5-5ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1859969). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/control: destructive_system_tests only work on amd64 and s390x right
++      now [fixed by backporting fixes from upstream in 3.5-5 ]
++    - d/t/upstream-simulation-test-suite: ignore warnings on stderr while
++      running clksim make
++      [ in Debian 3.5-5 ]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 Jan 2020 12:55:32 +0100
++
  chrony (3.5-5) unstable; urgency=medium
    * debian/control:
@@ -557,6 +973,47 @@ chrony (3.5-5) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 22 Dec 2019 17:30:40 +0100
++chrony (3.5-4ubuntu2) focal; urgency=medium
++
++  * d/t/control: destructive_system_tests only work on amd64 and s390x right
++    now
++  * d/t/upstream-simulation-test-suite: ignore warnings on stderr while
++    running clksim make
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 03 Dec 2019 14:50:50 +0100
++
++chrony (3.5-4ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1854328). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/control: allow stderr for recent changes in resolved/iproute
++      (LP 1836882) [no more needed]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Nov 2019 10:31:36 +0100
++
  chrony (3.5-4) unstable; urgency=medium
    * debian/tests/control:
@@ -601,6 +1058,52 @@ chrony (3.5-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 13 Aug 2019 17:57:47 +0200
++chrony (3.5-2ubuntu3) focal; urgency=medium
++
++  * No-change rebuild against libnettle7
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 31 Oct 2019 22:07:56 +0000
++
++chrony (3.5-2ubuntu2) eoan; urgency=medium
++
++  * d/t/control: allow stderr for recent changes in resolved/iproute
++    (LP: #1836882)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 17 Jul 2019 12:41:58 +0200
++
++chrony (3.5-2ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian experimental (LP: #1835046). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++   * Dropped changes (accepted in Debian now):
++    - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP 1771994)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 02 Jul 2019 13:37:23 +0200
++
  chrony (3.5-2) unstable; urgency=medium
    * Merge branch “experimental” into “master”.
@@ -687,6 +1190,56 @@ chrony (3.5~pre1-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 12 May 2019 22:16:14 +0200
++chrony (3.4-4ubuntu2) eoan; urgency=medium
++
++  * Dropped sysV change added in 3.4-4ubuntu1 (LP: #1829700):
++    - removed d/init to avoid weird interactions between sysV and systemd
++    [With debhelper compat level 12 this isn't an issue anymore]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 22 May 2019 09:10:41 +0200
++
++chrony (3.4-4ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable (LP: #1828992). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP 1771994)
++  * Added Changes:
++    - removed d/init to avoid weird interactions between sysV and systemd
++  * Dropped Changes:
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      + d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      + d/control: set Recommends to networkd-dispatcher
++      [Those are in Debian, except that we agreed to have networkd-dispatcher
++       to only be a Suggests]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 14 May 2019 12:49:30 +0200
++
  chrony (3.4-4) unstable; urgency=medium
    * debian/patches/*:
@@ -763,6 +1316,48 @@ chrony (3.4-2) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 13 Feb 2019 17:08:17 +0100
++chrony (3.4-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable (LP: #1802886). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off).
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chronyd-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      + d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      + d/control: set Recommends to networkd-dispatcher
++  * Dropped Changes (upstream):
++    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++    - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
++      the service on newer kernels by falling back to urandom. (LP: 1787366)
++  * Added Changes:
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP: #1771994)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Nov 2018 11:39:08 +0100
++
  chrony (3.4-1) unstable; urgency=medium
    * Import upstream version 3.4:
@@ -839,6 +1434,66 @@ chrony (3.3-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sat, 18 Aug 2018 16:23:19 +0200
++chrony (3.3-2ubuntu2) cosmic; urgency=medium
++
++  * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
++      the service on newer kernels by falling back to urandom.
++      (LP: #1787366, Closes: #906276)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 Aug 2018 11:48:38 +0200
++
++chrony (3.3-2ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1771061). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      - debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      - debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off).
++      - debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      - debian/install: make chronyd-starter.sh available on install.
++      - debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      - d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      - d/control: set Recommends to networkd-dispatcher
++      - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++  * Dropped changes
++    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
++      (LP: 1751241) (in Debian now)
++    - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
++      (in Debian now)
++    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
++      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
++      capability if the -x option was enabled. This allows chronyd to be
++      started without the capability (e.g. in containers) and also drop the
++      root privileges (This is upstream now).
++    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
++      upstream now).
++    - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
++      which is in main, so we can drop this)
++  * Added changes
++    - debian/README.container: fix typos
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 14 May 2018 09:06:01 +0200
++
  chrony (3.3-2) unstable; urgency=medium
    * debian/chrony.service:
@@ -894,6 +1549,76 @@ chrony (3.2-5) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 28 Feb 2018 17:31:08 +0100
++chrony (3.2-4ubuntu4) bionic; urgency=medium
++
++  * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
++  * Notify chrony to update sources in response to systemd-networkd
++    events (LP: #1718227)
++    - d/links: link dispatcher script to networkd-dispatcher events routable
++      and off
++    - d/control: set Recommends to networkd-dispatcher
++    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
++    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 16 Apr 2018 17:04:06 +0200
++
++chrony (3.2-4ubuntu3) bionic; urgency=medium
++
++  * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 05 Apr 2018 09:38:10 +0200
++
++chrony (3.2-4ubuntu2) bionic; urgency=medium
++
++  * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
++    Chrony is a single service which acts as both NTP client (i.e. syncing the
++    local clock) and NTP server (i.e. providing NTP services to the network),
++    and that is both desired and expected in the vast majority of cases.
++    But in containers syncing the local clock is usually impossible, but this
++    shall not break the providing of NTP services to the network.
++    To some extent this makes chrony's default config more similar to 'ntpd',
++    which complained in syslog but still provided NTP server service in those
++    cases.
++    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
++      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
++      capability if the -x option was enabled. This allows chronyd to be
++      started without the capability (e.g. in containers) and also drop the
++      root privileges.
++    - debian/chrony.service: allow the service to run without CAP_SYS_TIME
++    - debian/control: add new dependency libcap2-bin for capsh (usually
++      installed anyway, but make them explicit to be sure).
++    - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++      (Default off).
++    - debian/chronyd-starter.sh: wrapper to handle special cases in containers
++      and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++      containers on a default installation and avoid failing to sync time (or
++      if allowed to sync, avoid multiple containers to fight over it by
++      accident).
++    - debian/install: make chronyd-starter.sh available on install.
++    - debian/docs, debian/README.container: provide documentation about the
++      handling of this case.
++  * debian/chrony.conf: update default chrony.conf to not violate the policy
++    of pool.ntp.org (to use no more than four of their servers) and to provide
++    more ipv6 capable sources by default (LP: #1754358)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
++
++chrony (3.2-4ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/control: switch to nss instead of tomcrypt (nss is in main)
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++  * Dropped changes (in Debian)
++    - d/chrony.default, d/chrony.service: support /etc/default/chrony
++      DAEMON_OPTS in systemd environment (LP: 1746081)
++    - d/chrony.service: properly start after networking (LP: 1746458)
++    - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
++  * Added Changes:
++    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
++      (LP: #1751241, Closes: #891201)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 26 Feb 2018 14:44:54 +0100
++
  chrony (3.2-4) unstable; urgency=medium
    * debian/changelog:
@@ -960,6 +1685,27 @@ chrony (3.2-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 07 Feb 2018 21:27:09 +0100
++chrony (3.2-2ubuntu3) bionic; urgency=medium
++
++  * Revert the changes of (LP 1746458) as in the follow on discussion
++    it became clear that we want it to start early (for example for an
++    early offset from drift file). iIf needed chrony will later on pick
++    up that servers are online via retries (augmented by hooks on network
++    events).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Feb 2018 10:52:30 +0100
++
++chrony (3.2-2ubuntu2) bionic; urgency=medium
++
++  * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
++  * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
++  * d/chrony.default, d/chrony.service: support /etc/default/chrony
++    DAEMON_OPTS in systemd environment (LP: #1746081)
++  * d/chrony.service: properly start after networking (LP: #1746458)
++  * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 19 Jan 2018 09:45:38 +0100
++
  chrony (3.2-2) unstable; urgency=medium
    * Initial AppArmor profile for chronyd. Thanks to Jamie
 diff --git a/debian/chrony.conf b/debian/chrony.conf
 index b3a9510..793227a 100644
 --- a/debian/chrony.conf
 +++ b/debian/chrony.conf
@@ -4,8 +4,23 @@
  # Include configuration files found in /etc/chrony/conf.d.
  confdir /etc/chrony/conf.d
--# Use Debian vendor zone.
--pool 2.debian.pool.ntp.org iburst
++# This will use (up to):
++# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
++# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
++# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
++# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
++# sources will be used.
++# At the same time it retains some protection against one of the entries being
++# down (compare to just using one of the lines). See (LP: #1754358) for the
++# discussion.
++#
++# About using servers from the NTP Pool Project in general see (LP: #104525).
++# Approved by Ubuntu Technical Board on 2011-02-08.
++# See http://www.pool.ntp.org/join.html for more information.
++pool ntp.ubuntu.com        iburst maxsources 4
++pool 0.ubuntu.pool.ntp.org iburst maxsources 1
++pool 1.ubuntu.pool.ntp.org iburst maxsources 1
++pool 2.ubuntu.pool.ntp.org iburst maxsources 2
  # Use time sources from DHCP.
  sourcedir /run/chrony-dhcp
 diff --git a/debian/chrony.default b/debian/chrony.default
 index 028f63d..6e4e02a 100644
 --- a/debian/chrony.default
 +++ b/debian/chrony.default
@@ -4,3 +4,7 @@
  # Options to pass to chrony.
  DAEMON_OPTS="-F 1"
++
++# Sync system clock in containers or without CAP_SYS_TIME (likely to fail)
++# See /usr/share/doc/chrony/README.container for details.
++SYNC_IN_CONTAINER="no"
 diff --git a/debian/chrony.service b/debian/chrony.service
 index c3050fa..c06f3f7 100644
 --- a/debian/chrony.service
 +++ b/debian/chrony.service
@@ -5,13 +5,12 @@ Conflicts=openntpd.service ntp.service ntpsec.service
  Wants=time-sync.target
  Before=time-sync.target
  After=network.target
--ConditionCapability=CAP_SYS_TIME
  [Service]
  Type=forking
  PIDFile=/run/chrony/chronyd.pid
  EnvironmentFile=-/etc/default/chrony
--ExecStart=/usr/sbin/chronyd $DAEMON_OPTS
++ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
  CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
  CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE
 diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
 new file mode 100755
 index 0000000..2539ffe
 --- /dev/null
 +++ b/debian/chronyd-starter.sh
@@ -0,0 +1,68 @@
++#!/bin/sh
++set -ue
++
++CONF="/etc/default/chrony"
++DOC="/usr/share/doc/chrony/README.container"
++CAP="cap_sys_time"
++CMD="/usr/sbin/chronyd"
++# Take any args passed, use none if nothing was specified
++EFFECTIVE_DAEMON_OPTS=${@:-""}
++
++if [ -f "${CONF}" ]; then
++    . "${CONF}"
++else
++    echo "<4>Warning: ${CONF} is missing"
++fi
++# take from conffile if available, default to no otherwise
++EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
++
++if [ ! -x "${CMD}" ]; then
++    echo "<3>Error: ${CMD} not executable"
++    # ugly, but works around https://github.com/systemd/systemd/issues/2913
++    sleep 0.1
++    exit 1
++fi
++
++# Check if -x is already set manually, don't process further if that is the case
++X_SET=0
++for arg in $@; do
++    if echo "$arg" | grep -q -e '^-[a-zA-Z0-9]*x'; then
++         X_SET=1
++    fi
++done
++
++if [ ${X_SET} -ne 1 ]; then
++  # Assume it is not in a container
++  IS_CONTAINER=0
++  if [ -x /usr/bin/systemd-detect-virt ]; then
++      if /usr/bin/systemd-detect-virt --quiet --container; then
++          IS_CONTAINER=1
++      fi
++  fi
++
++
++  # Assume it has the cap
++  HAS_CAP=1
++  CAPSH="/sbin/capsh"
++  if [ -x "${CAPSH}" ]; then
++      ${CAPSH} --has-p="${CAP}" || HAS_CAP=0
++  fi
++
++  if [ ${HAS_CAP} -eq 0 ]; then
++      echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
++  fi
++  if [ ${IS_CONTAINER} -eq 1 ]; then
++      echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
++  fi
++
++  if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
++      if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
++          echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
++          EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
++      else
++          echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
++      fi
++  fi
++fi
++
++${CMD} ${EFFECTIVE_DAEMON_OPTS}
 diff --git a/debian/control b/debian/control
 index 4d0dbfd..123e334 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: chrony
  Section: net
  Priority: optional
--Maintainer: Vincent Blut <vincent.debian@free.fr>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
  Standards-Version: 4.6.0
  Build-Depends: asciidoctor,
                 bison,
@@ -27,6 +28,7 @@ Architecture: linux-any
  Pre-Depends: ${misc:Pre-Depends}
  Depends: adduser,
           iproute2 [linux-any],
++         libcap2-bin (>= 1:2.32-1),
           tzdata,
           ucf,
           ${misc:Depends},
 diff --git a/debian/docs b/debian/docs
 index e12f653..3bfc9dc 100644
 --- a/debian/docs
 +++ b/debian/docs
@@ -1,3 +1,4 @@
  FAQ
  NEWS
  README
++debian/README.container
 diff --git a/debian/install b/debian/install
 index e7dc12a..2647461 100644
 --- a/debian/install
 +++ b/debian/install
@@ -5,3 +5,4 @@ debian/conf.d etc/chrony
  debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d
  debian/sources.d etc/chrony
  debian/usr.sbin.chronyd etc/apparmor.d
++debian/chronyd-starter.sh usr/lib/systemd/scripts/

Ubuntuchrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy into ubuntu/+source/chrony:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
chrony package