Ubuntu
chrony package

Merge ~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy into ubuntu/+source/chrony:debian/sid

  1. Git
  2. lp:~paelzer/ubuntu/+source/chrony
  3. merge-4.2-2-jammy
  4. Merge into debian/sid
Proposed by Christian Ehrhardt 
Status: Merged
Merge reported by: Christian Ehrhardt 
Merged at revision: fb15e128be5419d2f0d158e475d70f10412b30c6
Proposed branch: ~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy
Merge into: ubuntu/+source/chrony:debian/sid
Diff against target: 1107 lines (+901/-5)
9 files modified
debian/README.container (+60/-0)
debian/changelog (+746/-0)
debian/chrony.conf (+17/-2)
debian/chrony.default (+4/-0)
debian/chrony.service (+1/-2)
debian/chronyd-starter.sh (+68/-0)
debian/control (+3/-1)
debian/docs (+1/-0)
debian/install (+1/-0)
Reviewer Review Type Date Requested Status
Utkarsh Gupta (community) Approve
Canonical Server Pending
git-ubuntu import Pending
Review via email: mp+415170@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4774
Tags:
To ssh://git.launchpad.net/~paelzer/ubuntu/+source/chrony
 * [new tag] logical/4.2-0ubuntu1 -> logical/4.2-0ubuntu1
 * [new tag] reconstruct/4.2-0ubuntu1 -> reconstruct/4.2-0ubuntu1
 * [new tag] split/4.2-0ubuntu1 -> split/4.2-0ubuntu1

Autopkgtests are running (I've done this merge as in the past libc has often triggered issues and that provides a change to run build & test for something more useful than just sniff testing).

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Tests are good on amd64/ppc64/s390x - arm* is still running.
I'll post an update about that later.

Ready to start review IMHO

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Arm tests complete as well now

Results from https://autopkgtest.ubuntu.com/results/autopkgtest-jammy-ci-train-ppa-service-4774/?format=plain:
  chrony @ amd64:
    07.02.22 08:42:13 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ arm64:
    07.02.22 09:08:27 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ armhf:
    07.02.22 09:52:16 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      run_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ ppc64el:
    07.02.22 08:37:53 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅
  chrony @ s390x:
    07.02.22 08:36:34 Log 🗒️ ✅ Triggers: ['chrony/4.2-2ubuntu1~jammyppa1']
      upstream-simulation-test-suite PASS ✅
      time-sources-from-dhcp-servers PASS ✅
      run_system_tests PASS ✅
      run_destructive_system_tests PASS ✅
      fragmented-configuration PASS ✅
      dynamically-add-source PASS ✅
      ntp-server-and-nts-auth PASS ✅

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

[04acd8b]: looks good, Ubuntu specific. +1.

[0526a15]: okay, long history. Fair enough. But why aren't we forwarding this to Debian? I think Debian would benefit from this, too, no? I don't think this is Ubuntu-specific, or is it?

[0e1ec67], [416c57b], [be6d2f1], [05fcb9a]: okayyyy? but is it really Ubuntu-specific (because of MIRs and such?)? or can we forward this to drop the delta? I know we've been carrying this for a while but if it's really Ubuntu-specific, can we add a comment about it (i.e. reasons behind it) in the commit message so this doesn't come up the next time and the reasons are clear before-hand?

[fb15e12]: quick comment in the d/ch entry about the "Dropped Changes" being slightly unclear. :(

review: Needs Information
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Utkarsh,
0526a15 and all the others you asked for were forwarded to Debian and there decided against it.

The reason behind that is that our container story around LXD being a system container is very different to theirs.

Without that motivation I can understand why they didn't want but we needed it.
So that is one of the "fair and ok on both sides" differences between Debian & Ubuntu.

All the other bits you have wondered belong to that context e.g. libcap2-bin is only needed for our container check. The call to the wrapper is only needed for our container handling, ...

---

Finally about d/ch "Drop patches present in v4.2" might seem short, but you'll see that in the former version we have used exactly that term. And all that I could do in the new changelog is repeating that file names which seemed superlfuous.
If you want them added it is just a copy of lines 90-92 up to 29 and done.
So let me know if you think this is really better.

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Hiya,

> 0526a15 and all the others you asked for were forwarded to Debian
> and there decided against it.
>
> The reason behind that is that our container story around LXD being
> a system container is very different to theirs.
>
> Without that motivation I can understand why they didn't want but
> we needed it.
> So that is one of the "fair and ok on both sides" differences
> between Debian & Ubuntu.
>
> All the other bits you have wondered belong to that context e.g.
> libcap2-bin is only needed for our container check. The call to
> the wrapper is only needed for our container handling, ...

Okay, fair enough. I'd like to propose adding a "[Ubuntu-specific]" tags to the commit (message) header so that the reviewer directly knows that it is more-or-less Ubuntu-only or/and equivalent. Maybe I'll bring this to our stand-up sometime this week.

> If you want them added it is just a copy of lines 90-92 up to
> 29 and done.
> So let me know if you think this is really better.

I don't have a problem, really. Either is fine now that there is context but maybe adding them would be better? But really, up to you. If you think it's not needed, so be it. \o/

Given everything has been answered/discussed, this looks good. +1.

review: Approve
~paelzer/ubuntu/+source/chrony:merge-4.2-2-jammy updated
e82626a... by Christian Ehrhardt 

changelog: make dropped patches more readable

Signed-off-by: Christian Ehrhardt <email address hidden>

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Ok, I used that in other branches added a prefix "UBUNTU-only:" to all commits of that kind.

Also added the dropped patches in the changelog, if you miss them others might as well and three lines more changelog do not cost anything.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading chrony_4.2-2ubuntu1.dsc: done.
  Uploading chrony_4.2.orig.tar.gz: done.
  Uploading chrony_4.2-2ubuntu1.debian.tar.xz: done.
  Uploading chrony_4.2-2ubuntu1_source.buildinfo: done.
  Uploading chrony_4.2-2ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Migrated

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/README.container b/debian/README.container
0new file mode 1006440new file mode 100644
index 0000000..dcacf49
--- /dev/null
+++ b/debian/README.container
@@ -0,0 +1,60 @@
1Chrony in Containers
2--------------------
3
4Currently in 99.9+% of the cases syncing the local clock in a container
5is wrong. Most of the time it will be unable to do so, because it is lacking
6CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
7containers could fight over the system's time, because the Linux kernel does
8not provide time namespaces (yet).
9
10There are two things a user installing chrony usually wants:
111. synchronize my time (NTP client)
122. serve NTP (NTP server)
13
14In a container the first makes (usually) no sense, so by default we enable -x
15there (as it would only crash otherwise).
16This will disable the control of the system clock.
17See `man chronyd` for more details on the -x option.
18
19Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
20the crash of the NTP client portion, but that means the server use case will
21not work by default in containers. It is still not recommended to use a
22container as an NTP server, but if the host clock is synchronised via NTP,
23adding the -x option to chronyd instances running in containers will allow
24them to function as NTP servers which do not adjust the system clock.
25The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
26leaving users often unclear what happened - especially if they were more after
27the NTP server than the NTP client.
28
29One could argue that someone who installs chrony expects the system time to be
30synchronised, so it should fail if it is not able to do so. On the other hand
31it could be argued that someone who installs chrony expects time to be served
32over the network via NTP.
33We can't know which expectation is applicable, so we assume that time should
34be synchronised unless chronyd is running in a container (or is without
35CAP_SYS_TIME in any other environment).
36
37To make things worse recent container implementations will offer CAP_SYS_TIME
38to the container. Since from the container's point of view, this capability is
39available for the container's user namespace. Just later on adjtimex and similar
40are actually evaluated against the host kernel where they will fail. Due to
41that without further precaution running chrony in Ubuntu in the future will
42likely have the service start (as Condition=CAP_SYS_TIME will be true) but
43then immediately fail.
44This will depend on the environment e.g. versions and types of containers and
45thereby feel just 'unreliable' from users point of view.
46Furthermore it will affect upgrades as the service has to be restarted for a
47package upgrade to be considered complete.
48
49Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
50set the system clock) in containers.
51
52If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
53environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
54this special handling.
55
56It is important to mention that as soon as upstream provides a way to provide
57a default config working in those cases Ubuntu intends to use that and drop
58the current workaround.
59
60 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
diff --git a/debian/changelog b/debian/changelog
index 2ea7ed3..5769883 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,39 @@
1chrony (4.2-2ubuntu1) jammy; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 Remaining changes:
5 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
6 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
7 Chrony is a single service which acts as both NTP client (i.e. syncing the
8 local clock) and NTP server (i.e. providing NTP services to the network),
9 and that is both desired and expected in the vast majority of cases.
10 But in containers syncing the local clock is usually impossible, but this
11 shall not break the providing of NTP services to the network.
12 To some extent this makes chrony's default config more similar to 'ntpd',
13 which complained in syslog but still provided NTP server service in those
14 cases.
15 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
16 + debian/control: add new dependency libcap2-bin for capsh (usually
17 installed anyway, but make them explicit to be sure).
18 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
19 (Default off) [fixed a minor typo in the comment in this update]
20 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
21 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
22 in containers on a default installation and avoid failing to sync time
23 (or if allowed to sync, avoid multiple containers to fight over it by
24 accident).
25 + debian/install: make chrony-starter.sh available on install.
26 + debian/docs, debian/README.container: provide documentation about the
27 handling of this case.
28 * Dropped changes [ in 4.2-1 ]
29 - Drop patches present in v4.2
30 + d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
31 + d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
32 + d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
33 - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
34
35 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 04 Feb 2022 07:52:48 +0100
36
1chrony (4.2-2) unstable; urgency=medium37chrony (4.2-2) unstable; urgency=medium
238
3 * debian/usr.sbin.chronyd:39 * debian/usr.sbin.chronyd:
@@ -26,6 +62,42 @@ chrony (4.2-1) unstable; urgency=medium
2662
27 -- Vincent Blut <vincent.debian@free.fr> Thu, 13 Jan 2022 14:01:35 +010063 -- Vincent Blut <vincent.debian@free.fr> Thu, 13 Jan 2022 14:01:35 +0100
2864
65chrony (4.2-0ubuntu1) jammy; urgency=medium
66
67 * Merge with Debian testing (LP: #1946848) and upstream v4.2.
68 Remaining changes:
69 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
70 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
71 Chrony is a single service which acts as both NTP client (i.e. syncing the
72 local clock) and NTP server (i.e. providing NTP services to the network),
73 and that is both desired and expected in the vast majority of cases.
74 But in containers syncing the local clock is usually impossible, but this
75 shall not break the providing of NTP services to the network.
76 To some extent this makes chrony's default config more similar to 'ntpd',
77 which complained in syslog but still provided NTP server service in those
78 cases.
79 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
80 + debian/control: add new dependency libcap2-bin for capsh (usually
81 installed anyway, but make them explicit to be sure).
82 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
83 (Default off) [fixed a minor typo in the comment in this update]
84 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
85 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
86 in containers on a default installation and avoid failing to sync time
87 (or if allowed to sync, avoid multiple containers to fight over it by
88 accident).
89 + debian/install: make chrony-starter.sh available on install.
90 + debian/docs, debian/README.container: provide documentation about the
91 handling of this case.
92 * Drop patches present in v4.2
93 - d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
94 - d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
95 - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
96 * Added changes:
97 - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
98
99 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 06 Jan 2022 14:51:22 +0100
100
29chrony (4.1-4) unstable; urgency=medium101chrony (4.1-4) unstable; urgency=medium
30102
31 * debian/:103 * debian/:
@@ -48,6 +120,41 @@ chrony (4.1-4) unstable; urgency=medium
48120
49 -- Vincent Blut <vincent.debian@free.fr> Thu, 07 Oct 2021 15:23:28 +0200121 -- Vincent Blut <vincent.debian@free.fr> Thu, 07 Oct 2021 15:23:28 +0200
50122
123chrony (4.1-3ubuntu1) impish; urgency=medium
124
125 * Merge with Debian unstable (LP: #1940252). Remaining changes:
126 Remaining changes:
127 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
128 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
129 Chrony is a single service which acts as both NTP client (i.e. syncing the
130 local clock) and NTP server (i.e. providing NTP services to the network),
131 and that is both desired and expected in the vast majority of cases.
132 But in containers syncing the local clock is usually impossible, but this
133 shall not break the providing of NTP services to the network.
134 To some extent this makes chrony's default config more similar to 'ntpd',
135 which complained in syslog but still provided NTP server service in those
136 cases.
137 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
138 + debian/control: add new dependency libcap2-bin for capsh (usually
139 installed anyway, but make them explicit to be sure).
140 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
141 (Default off) [fixed a minor typo in the comment in this update]
142 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
143 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
144 in containers on a default installation and avoid failing to sync time
145 (or if allowed to sync, avoid multiple containers to fight over it by
146 accident).
147 + debian/install: make chrony-starter.sh available on install.
148 + debian/docs, debian/README.container: provide documentation about the
149 handling of this case.
150 * Dropped changes:
151 - d/t/helper-functions: restart explicitly to fix test issues
152 * Added changes:
153 - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch: glibc 2.34
154 compatibility
155
156 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 17 Aug 2021 12:22:32 +0200
157
51chrony (4.1-3) unstable; urgency=medium158chrony (4.1-3) unstable; urgency=medium
52159
53 * Upload to unstable.160 * Upload to unstable.
@@ -78,6 +185,51 @@ chrony (4.1-2) experimental; urgency=medium
78185
79 -- Vincent Blut <vincent.debian@free.fr> Sat, 26 Jun 2021 17:16:45 +0200186 -- Vincent Blut <vincent.debian@free.fr> Sat, 26 Jun 2021 17:16:45 +0200
80187
188chrony (4.1-1ubuntu1) impish; urgency=medium
189
190 * Merge new upstream 4.1 and yet unrelased changes from Debian salsa.
191 Remaining changes:
192 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
193 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
194 Chrony is a single service which acts as both NTP client (i.e. syncing the
195 local clock) and NTP server (i.e. providing NTP services to the network),
196 and that is both desired and expected in the vast majority of cases.
197 But in containers syncing the local clock is usually impossible, but this
198 shall not break the providing of NTP services to the network.
199 To some extent this makes chrony's default config more similar to 'ntpd',
200 which complained in syslog but still provided NTP server service in those
201 cases.
202 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
203 + debian/control: add new dependency libcap2-bin for capsh (usually
204 installed anyway, but make them explicit to be sure).
205 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
206 (Default off) [fixed a minor typo in the comment in this update]
207 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
208 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
209 in containers on a default installation and avoid failing to sync time
210 (or if allowed to sync, avoid multiple containers to fight over it by
211 accident).
212 + debian/install: make chrony-starter.sh available on install.
213 + debian/docs, debian/README.container: provide documentation about the
214 handling of this case.
215 * Dropped changes:
216 - d/t/helper-functions: reduce default ubuntu config, to make space for
217 testcase config
218 [ in Debian 4.0-6 ]
219 - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
220 unify tests to use reload and restart
221 [ in Debian 4.0-6 ]
222 - d/t/upstream-simulation-test-suite: Update clknetsim version to fix
223 a test failure on s390x when LTO is enabled at build time (LP #1921377)
224 [ in Debian 4.1~pre1-1 ]
225 - d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
226 add compatibility for glibc 2.33 (LP: 1915006)
227 [ upstream in 4.1-pre1 ]
228 * Added changes:
229 - d/t/helper-functions: restart explicitly to fix test issues
230
231 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 18 May 2021 08:12:59 +0200
232
81chrony (4.1-1) experimental; urgency=medium233chrony (4.1-1) experimental; urgency=medium
82234
83 * Import upstream version 4.1:235 * Import upstream version 4.1:
@@ -168,6 +320,54 @@ chrony (4.0-6) unstable; urgency=medium
168320
169 -- Vincent Blut <vincent.debian@free.fr> Sun, 21 Feb 2021 21:59:22 +0100321 -- Vincent Blut <vincent.debian@free.fr> Sun, 21 Feb 2021 21:59:22 +0100
170322
323chrony (4.0-5ubuntu3) hirsute; urgency=medium
324
325 * d/t/upstream-simulation-test-suite: Update clknetsim version to fix
326 a test failure on s390x when LTO is enabled at build time (LP: #1921377)
327
328 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 25 Mar 2021 15:45:47 +0100
329
330chrony (4.0-5ubuntu2) hirsute; urgency=medium
331
332 * d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
333 add compatibility for glibc 2.33 (LP: 1915006)
334
335 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 15 Feb 2021 12:50:29 +0100
336
337chrony (4.0-5ubuntu1) hirsute; urgency=medium
338
339 * Merge with Debian unstable (LP: #1915006). Remaining changes:
340 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
341 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
342 Chrony is a single service which acts as both NTP client (i.e. syncing the
343 local clock) and NTP server (i.e. providing NTP services to the network),
344 and that is both desired and expected in the vast majority of cases.
345 But in containers syncing the local clock is usually impossible, but this
346 shall not break the providing of NTP services to the network.
347 To some extent this makes chrony's default config more similar to 'ntpd',
348 which complained in syslog but still provided NTP server service in those
349 cases.
350 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
351 + debian/control: add new dependency libcap2-bin for capsh (usually
352 installed anyway, but make them explicit to be sure).
353 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
354 (Default off) [fixed a minor typo in the comment in this update]
355 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
356 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
357 in containers on a default installation and avoid failing to sync time
358 (or if allowed to sync, avoid multiple containers to fight over it by
359 accident).
360 + debian/install: make chrony-starter.sh available on install.
361 + debian/docs, debian/README.container: provide documentation about the
362 handling of this case.
363 * Added changes:
364 - d/t/helper-functions: reduce default ubuntu config, to make space for
365 testcase config
366 - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
367 unify tests to use reload and restart
368
369 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 08 Feb 2021 12:45:05 +0100
370
171chrony (4.0-5) unstable; urgency=medium371chrony (4.0-5) unstable; urgency=medium
172372
173 * Follow DEP-14 branch naming conventions:373 * Follow DEP-14 branch naming conventions:
@@ -284,6 +484,35 @@ chrony (4.0-3) unstable; urgency=medium
284484
285 -- Vincent Blut <vincent.debian@free.fr> Mon, 18 Jan 2021 21:58:52 +0100485 -- Vincent Blut <vincent.debian@free.fr> Mon, 18 Jan 2021 21:58:52 +0100
286486
487chrony (4.0-2ubuntu1) hirsute; urgency=medium
488
489 * Merge with Debian unstable. Remaining changes:
490 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
491 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
492 Chrony is a single service which acts as both NTP client (i.e. syncing the
493 local clock) and NTP server (i.e. providing NTP services to the network),
494 and that is both desired and expected in the vast majority of cases.
495 But in containers syncing the local clock is usually impossible, but this
496 shall not break the providing of NTP services to the network.
497 To some extent this makes chrony's default config more similar to 'ntpd',
498 which complained in syslog but still provided NTP server service in those
499 cases.
500 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
501 + debian/control: add new dependency libcap2-bin for capsh (usually
502 installed anyway, but make them explicit to be sure).
503 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
504 (Default off) [fixed a minor typo in the comment in this update]
505 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
506 and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
507 in containers on a default installation and avoid failing to sync time
508 (or if allowed to sync, avoid multiple containers to fight over it by
509 accident).
510 + debian/install: make chrony-starter.sh available on install.
511 + debian/docs, debian/README.container: provide documentation about the
512 handling of this case.
513
514 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 27 Oct 2020 10:55:19 +0100
515
287chrony (4.0-2) unstable; urgency=medium516chrony (4.0-2) unstable; urgency=medium
288517
289 * Merge branch 'experimental' into 'master'.518 * Merge branch 'experimental' into 'master'.
@@ -419,6 +648,44 @@ chrony (4.0~pre4-1) experimental; urgency=medium
419648
420 -- Vincent Blut <vincent.debian@free.fr> Fri, 02 Oct 2020 21:21:08 +0200649 -- Vincent Blut <vincent.debian@free.fr> Fri, 02 Oct 2020 21:21:08 +0200
421650
651chrony (3.5.1-1ubuntu2) groovy; urgency=medium
652
653 * d/chronyd-starter.sh: fix commandline argument parsing (LP: #1898000)
654
655 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 06 Oct 2020 12:20:40 +0200
656
657chrony (3.5.1-1ubuntu1) groovy; urgency=medium
658
659 * Merge with Debian unstable. Remaining changes:
660 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
661 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
662 Chrony is a single service which acts as both NTP client (i.e. syncing the
663 local clock) and NTP server (i.e. providing NTP services to the network),
664 and that is both desired and expected in the vast majority of cases.
665 But in containers syncing the local clock is usually impossible, but this
666 shall not break the providing of NTP services to the network.
667 To some extent this makes chrony's default config more similar to 'ntpd',
668 which complained in syslog but still provided NTP server service in those
669 cases.
670 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
671 + debian/control: add new dependency libcap2-bin for capsh (usually
672 installed anyway, but make them explicit to be sure).
673 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
674 (Default off) [fixed a minor typo in the comment in this update]
675 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
676 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
677 containers on a default installation and avoid failing to sync time (or
678 if allowed to sync, avoid multiple containers to fight over it by
679 accident).
680 + debian/install: make chrony-starter.sh available on install.
681 + debian/docs, debian/README.container: provide documentation about the
682 handling of this case.
683 * Dropped changes
684 - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
685 (LP: 1873031) [no more needed with recent systemd that is in groovy]
686
687 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 26 Aug 2020 15:30:48 +0200
688
422chrony (3.5.1-1) unstable; urgency=medium689chrony (3.5.1-1) unstable; urgency=medium
423690
424 * Import upstream version 3.5.1:691 * Import upstream version 3.5.1:
@@ -434,6 +701,50 @@ chrony (3.5.1-1) unstable; urgency=medium
434701
435 -- Vincent Blut <vincent.debian@free.fr> Thu, 20 Aug 2020 14:07:22 +0200702 -- Vincent Blut <vincent.debian@free.fr> Thu, 20 Aug 2020 14:07:22 +0200
436703
704chrony (3.5-9ubuntu2) groovy; urgency=medium
705
706 * No change rebuild against new libnettle8 and libhogweed6 ABI.
707
708 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 29 Jun 2020 22:22:19 +0100
709
710chrony (3.5-9ubuntu1) groovy; urgency=medium
711
712 * Merge with Debian unstable (LP: #1878005). Remaining changes:
713 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
714 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
715 Chrony is a single service which acts as both NTP client (i.e. syncing the
716 local clock) and NTP server (i.e. providing NTP services to the network),
717 and that is both desired and expected in the vast majority of cases.
718 But in containers syncing the local clock is usually impossible, but this
719 shall not break the providing of NTP services to the network.
720 To some extent this makes chrony's default config more similar to 'ntpd',
721 which complained in syslog but still provided NTP server service in those
722 cases.
723 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
724 + debian/control: add new dependency libcap2-bin for capsh (usually
725 installed anyway, but make them explicit to be sure).
726 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
727 (Default off) [fixed a minor typo in the comment in this update]
728 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
729 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
730 containers on a default installation and avoid failing to sync time (or
731 if allowed to sync, avoid multiple containers to fight over it by
732 accident).
733 + debian/install: make chrony-starter.sh available on install.
734 + debian/docs, debian/README.container: provide documentation about the
735 handling of this case.
736 - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
737 (LP: 1873031)
738 * Dropped changes [in Debian now]
739 - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
740 - d/t/upstream-system-tests: fix stderr in case services do not exist
741 - Stop starting systemd-timesyncd in postrm. This is no longer relevant
742 since systemd-timesyncd is a standalone package declaring
743 Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: 1872183)
744 - d/postrm: Reinstate the remove target (LP: 1873810)
745
746 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 20 May 2020 09:57:39 +0200
747
437chrony (3.5-9) unstable; urgency=medium748chrony (3.5-9) unstable; urgency=medium
438749
439 * debian/patches/:750 * debian/patches/:
@@ -496,6 +807,76 @@ chrony (3.5-7) unstable; urgency=medium
496807
497 -- Vincent Blut <vincent.debian@free.fr> Tue, 17 Mar 2020 15:21:53 +0100808 -- Vincent Blut <vincent.debian@free.fr> Tue, 17 Mar 2020 15:21:53 +0100
498809
810chrony (3.5-6ubuntu6) focal; urgency=medium
811
812 * d/postrm: Reinstate the remove target (LP: #1873810)
813
814 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 20 Apr 2020 15:58:52 +0200
815
816chrony (3.5-6ubuntu5) focal; urgency=medium
817
818 * d/t/control: harden time-sources-from-dhcp-servers test for systemd change
819 (LP: #1873031)
820
821 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 18:23:10 +0200
822
823chrony (3.5-6ubuntu4) focal; urgency=medium
824
825 * debian/postrm:
826 - Stop starting systemd-timesyncd in postrm. This is no longer relevant
827 since systemd-timesyncd is a standalone package declaring
828 Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183)
829
830 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 15 Apr 2020 09:01:30 +0200
831
832chrony (3.5-6ubuntu3) focal; urgency=medium
833
834 * avoid multiple time services running concurrently (LP: #1870144).
835 This fixes the autopkgtests vs chrond itself, the issue of concurrent
836 systemd-timesyncd will be fixed in systemd by (LP 1849156)
837 - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
838 - d/t/upstream-system-tests: fix stderr in case services do not exist
839
840 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 01 Apr 2020 09:25:45 +0200
841
842chrony (3.5-6ubuntu2) focal; urgency=medium
843
844 * fix capsh usage in focal avoiding to always fall back to -x (LP: #1867036)
845 - d/control: add versioned dependency to libcap2-bin new enough to
846 support --has-p
847 - d/chronyd-starter.sh: update capsh usage to use --has-p
848
849 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 31 Mar 2020 10:19:20 +0200
850
851chrony (3.5-6ubuntu1) focal; urgency=medium
852
853 * Merge with Debian unstable (LP: #1866753). Remaining changes:
854 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
855 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
856 Chrony is a single service which acts as both NTP client (i.e. syncing the
857 local clock) and NTP server (i.e. providing NTP services to the network),
858 and that is both desired and expected in the vast majority of cases.
859 But in containers syncing the local clock is usually impossible, but this
860 shall not break the providing of NTP services to the network.
861 To some extent this makes chrony's default config more similar to 'ntpd',
862 which complained in syslog but still provided NTP server service in those
863 cases.
864 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
865 + debian/control: add new dependency libcap2-bin for capsh (usually
866 installed anyway, but make them explicit to be sure).
867 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
868 (Default off) [fixed a minor typo in the comment in this update]
869 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
870 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
871 containers on a default installation and avoid failing to sync time (or
872 if allowed to sync, avoid multiple containers to fight over it by
873 accident).
874 + debian/install: make chrony-starter.sh available on install.
875 + debian/docs, debian/README.container: provide documentation about the
876 handling of this case.
877
878 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 12 Mar 2020 11:02:33 +0100
879
499chrony (3.5-6) unstable; urgency=medium880chrony (3.5-6) unstable; urgency=medium
500881
501 * debian/chrony.service:882 * debian/chrony.service:
@@ -530,6 +911,41 @@ chrony (3.5-6) unstable; urgency=medium
530911
531 -- Vincent Blut <vincent.debian@free.fr> Tue, 10 Mar 2020 19:17:16 +0100912 -- Vincent Blut <vincent.debian@free.fr> Tue, 10 Mar 2020 19:17:16 +0100
532913
914chrony (3.5-5ubuntu1) focal; urgency=medium
915
916 * Merge with Debian unstable (LP: #1859969). Remaining changes:
917 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
918 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
919 Chrony is a single service which acts as both NTP client (i.e. syncing the
920 local clock) and NTP server (i.e. providing NTP services to the network),
921 and that is both desired and expected in the vast majority of cases.
922 But in containers syncing the local clock is usually impossible, but this
923 shall not break the providing of NTP services to the network.
924 To some extent this makes chrony's default config more similar to 'ntpd',
925 which complained in syslog but still provided NTP server service in those
926 cases.
927 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
928 + debian/control: add new dependency libcap2-bin for capsh (usually
929 installed anyway, but make them explicit to be sure).
930 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
931 (Default off) [fixed a minor typo in the comment in this update]
932 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
933 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
934 containers on a default installation and avoid failing to sync time (or
935 if allowed to sync, avoid multiple containers to fight over it by
936 accident).
937 + debian/install: make chrony-starter.sh available on install.
938 + debian/docs, debian/README.container: provide documentation about the
939 handling of this case.
940 * Dropped changes:
941 - d/t/control: destructive_system_tests only work on amd64 and s390x right
942 now [fixed by backporting fixes from upstream in 3.5-5 ]
943 - d/t/upstream-simulation-test-suite: ignore warnings on stderr while
944 running clksim make
945 [ in Debian 3.5-5 ]
946
947 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Jan 2020 12:55:32 +0100
948
533chrony (3.5-5) unstable; urgency=medium949chrony (3.5-5) unstable; urgency=medium
534950
535 * debian/control:951 * debian/control:
@@ -557,6 +973,47 @@ chrony (3.5-5) unstable; urgency=medium
557973
558 -- Vincent Blut <vincent.debian@free.fr> Sun, 22 Dec 2019 17:30:40 +0100974 -- Vincent Blut <vincent.debian@free.fr> Sun, 22 Dec 2019 17:30:40 +0100
559975
976chrony (3.5-4ubuntu2) focal; urgency=medium
977
978 * d/t/control: destructive_system_tests only work on amd64 and s390x right
979 now
980 * d/t/upstream-simulation-test-suite: ignore warnings on stderr while
981 running clksim make
982
983 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 03 Dec 2019 14:50:50 +0100
984
985chrony (3.5-4ubuntu1) focal; urgency=medium
986
987 * Merge with Debian unstable (LP: #1854328). Remaining changes:
988 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
989 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
990 Chrony is a single service which acts as both NTP client (i.e. syncing the
991 local clock) and NTP server (i.e. providing NTP services to the network),
992 and that is both desired and expected in the vast majority of cases.
993 But in containers syncing the local clock is usually impossible, but this
994 shall not break the providing of NTP services to the network.
995 To some extent this makes chrony's default config more similar to 'ntpd',
996 which complained in syslog but still provided NTP server service in those
997 cases.
998 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
999 + debian/control: add new dependency libcap2-bin for capsh (usually
1000 installed anyway, but make them explicit to be sure).
1001 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1002 (Default off) [fixed a minor typo in the comment in this update]
1003 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
1004 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1005 containers on a default installation and avoid failing to sync time (or
1006 if allowed to sync, avoid multiple containers to fight over it by
1007 accident).
1008 + debian/install: make chrony-starter.sh available on install.
1009 + debian/docs, debian/README.container: provide documentation about the
1010 handling of this case.
1011 * Dropped changes:
1012 - d/t/control: allow stderr for recent changes in resolved/iproute
1013 (LP 1836882) [no more needed]
1014
1015 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 28 Nov 2019 10:31:36 +0100
1016
560chrony (3.5-4) unstable; urgency=medium1017chrony (3.5-4) unstable; urgency=medium
5611018
562 * debian/tests/control:1019 * debian/tests/control:
@@ -601,6 +1058,52 @@ chrony (3.5-3) unstable; urgency=medium
6011058
602 -- Vincent Blut <vincent.debian@free.fr> Tue, 13 Aug 2019 17:57:47 +02001059 -- Vincent Blut <vincent.debian@free.fr> Tue, 13 Aug 2019 17:57:47 +0200
6031060
1061chrony (3.5-2ubuntu3) focal; urgency=medium
1062
1063 * No-change rebuild against libnettle7
1064
1065 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Oct 2019 22:07:56 +0000
1066
1067chrony (3.5-2ubuntu2) eoan; urgency=medium
1068
1069 * d/t/control: allow stderr for recent changes in resolved/iproute
1070 (LP: #1836882)
1071
1072 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 17 Jul 2019 12:41:58 +0200
1073
1074chrony (3.5-2ubuntu1) eoan; urgency=medium
1075
1076 * Merge with Debian experimental (LP: #1835046). Remaining changes:
1077 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
1078 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
1079 Chrony is a single service which acts as both NTP client (i.e. syncing the
1080 local clock) and NTP server (i.e. providing NTP services to the network),
1081 and that is both desired and expected in the vast majority of cases.
1082 But in containers syncing the local clock is usually impossible, but this
1083 shall not break the providing of NTP services to the network.
1084 To some extent this makes chrony's default config more similar to 'ntpd',
1085 which complained in syslog but still provided NTP server service in those
1086 cases.
1087 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
1088 + debian/control: add new dependency libcap2-bin for capsh (usually
1089 installed anyway, but make them explicit to be sure).
1090 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1091 (Default off) [fixed a minor typo in the comment in this update]
1092 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
1093 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1094 containers on a default installation and avoid failing to sync time (or
1095 if allowed to sync, avoid multiple containers to fight over it by
1096 accident).
1097 + debian/install: make chrony-starter.sh available on install.
1098 + debian/docs, debian/README.container: provide documentation about the
1099 handling of this case.
1100 * Dropped changes (accepted in Debian now):
1101 - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
1102 - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
1103 (LP 1771994)
1104
1105 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 02 Jul 2019 13:37:23 +0200
1106
604chrony (3.5-2) unstable; urgency=medium1107chrony (3.5-2) unstable; urgency=medium
6051108
606 * Merge branch “experimental” into “master”.1109 * Merge branch “experimental” into “master”.
@@ -687,6 +1190,56 @@ chrony (3.5~pre1-1) experimental; urgency=medium
6871190
688 -- Vincent Blut <vincent.debian@free.fr> Sun, 12 May 2019 22:16:14 +02001191 -- Vincent Blut <vincent.debian@free.fr> Sun, 12 May 2019 22:16:14 +0200
6891192
1193chrony (3.4-4ubuntu2) eoan; urgency=medium
1194
1195 * Dropped sysV change added in 3.4-4ubuntu1 (LP: #1829700):
1196 - removed d/init to avoid weird interactions between sysV and systemd
1197 [With debhelper compat level 12 this isn't an issue anymore]
1198
1199 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Wed, 22 May 2019 09:10:41 +0200
1200
1201chrony (3.4-4ubuntu1) eoan; urgency=medium
1202
1203 * Merge with Debian unstable (LP: #1828992). Remaining changes:
1204 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
1205 - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
1206 Chrony is a single service which acts as both NTP client (i.e. syncing the
1207 local clock) and NTP server (i.e. providing NTP services to the network),
1208 and that is both desired and expected in the vast majority of cases.
1209 But in containers syncing the local clock is usually impossible, but this
1210 shall not break the providing of NTP services to the network.
1211 To some extent this makes chrony's default config more similar to 'ntpd',
1212 which complained in syslog but still provided NTP server service in those
1213 cases.
1214 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
1215 + debian/control: add new dependency libcap2-bin for capsh (usually
1216 installed anyway, but make them explicit to be sure).
1217 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1218 (Default off) [fixed a minor typo in the comment in this update]
1219 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
1220 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1221 containers on a default installation and avoid failing to sync time (or
1222 if allowed to sync, avoid multiple containers to fight over it by
1223 accident).
1224 + debian/install: make chrony-starter.sh available on install.
1225 + debian/docs, debian/README.container: provide documentation about the
1226 handling of this case.
1227 - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
1228 - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
1229 (LP 1771994)
1230 * Added Changes:
1231 - removed d/init to avoid weird interactions between sysV and systemd
1232 * Dropped Changes:
1233 - Notify chrony to update sources in response to systemd-networkd
1234 events (LP: 1718227)
1235 + d/links: link dispatcher script to networkd-dispatcher events routable
1236 and off
1237 + d/control: set Recommends to networkd-dispatcher
1238 [Those are in Debian, except that we agreed to have networkd-dispatcher
1239 to only be a Suggests]
1240
1241 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Tue, 14 May 2019 12:49:30 +0200
1242
690chrony (3.4-4) unstable; urgency=medium1243chrony (3.4-4) unstable; urgency=medium
6911244
692 * debian/patches/*:1245 * debian/patches/*:
@@ -763,6 +1316,48 @@ chrony (3.4-2) unstable; urgency=medium
7631316
764 -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +01001317 -- Vincent Blut <vincent.debian@free.fr> Wed, 13 Feb 2019 17:08:17 +0100
7651318
1319chrony (3.4-1ubuntu1) disco; urgency=medium
1320
1321 * Merge with Debian unstable (LP: #1802886). Remaining changes:
1322 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
1323 - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
1324 Chrony is a single service which acts as both NTP client (i.e. syncing the
1325 local clock) and NTP server (i.e. providing NTP services to the network),
1326 and that is both desired and expected in the vast majority of cases.
1327 But in containers syncing the local clock is usually impossible, but this
1328 shall not break the providing of NTP services to the network.
1329 To some extent this makes chrony's default config more similar to 'ntpd',
1330 which complained in syslog but still provided NTP server service in those
1331 cases.
1332 + debian/chrony.service: allow the service to run without CAP_SYS_TIME
1333 + debian/control: add new dependency libcap2-bin for capsh (usually
1334 installed anyway, but make them explicit to be sure).
1335 + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1336 (Default off).
1337 + debian/chronyd-starter.sh: wrapper to handle special cases in containers
1338 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1339 containers on a default installation and avoid failing to sync time (or
1340 if allowed to sync, avoid multiple containers to fight over it by
1341 accident).
1342 + debian/install: make chronyd-starter.sh available on install.
1343 + debian/docs, debian/README.container: provide documentation about the
1344 handling of this case.
1345 - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
1346 - Notify chrony to update sources in response to systemd-networkd
1347 events (LP: 1718227)
1348 + d/links: link dispatcher script to networkd-dispatcher events routable
1349 and off
1350 + d/control: set Recommends to networkd-dispatcher
1351 * Dropped Changes (upstream):
1352 - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
1353 - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
1354 the service on newer kernels by falling back to urandom. (LP: 1787366)
1355 * Added Changes:
1356 - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
1357 (LP: #1771994)
1358
1359 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 12 Nov 2018 11:39:08 +0100
1360
766chrony (3.4-1) unstable; urgency=medium1361chrony (3.4-1) unstable; urgency=medium
7671362
768 * Import upstream version 3.4:1363 * Import upstream version 3.4:
@@ -839,6 +1434,66 @@ chrony (3.3-3) unstable; urgency=medium
8391434
840 -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +02001435 -- Vincent Blut <vincent.debian@free.fr> Sat, 18 Aug 2018 16:23:19 +0200
8411436
1437chrony (3.3-2ubuntu2) cosmic; urgency=medium
1438
1439 * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
1440 the service on newer kernels by falling back to urandom.
1441 (LP: #1787366, Closes: #906276)
1442
1443 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 16 Aug 2018 11:48:38 +0200
1444
1445chrony (3.3-2ubuntu1) cosmic; urgency=medium
1446
1447 * Merge with Debian unstable (LP: #1771061). Remaining changes:
1448 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
1449 - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
1450 Chrony is a single service which acts as both NTP client (i.e. syncing the
1451 local clock) and NTP server (i.e. providing NTP services to the network),
1452 and that is both desired and expected in the vast majority of cases.
1453 But in containers syncing the local clock is usually impossible, but this
1454 shall not break the providing of NTP services to the network.
1455 To some extent this makes chrony's default config more similar to 'ntpd',
1456 which complained in syslog but still provided NTP server service in those
1457 cases.
1458 - debian/chrony.service: allow the service to run without CAP_SYS_TIME
1459 - debian/control: add new dependency libcap2-bin for capsh (usually
1460 installed anyway, but make them explicit to be sure).
1461 - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1462 (Default off).
1463 - debian/chronyd-starter.sh: wrapper to handle special cases in containers
1464 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1465 containers on a default installation and avoid failing to sync time (or
1466 if allowed to sync, avoid multiple containers to fight over it by
1467 accident).
1468 - debian/install: make chronyd-starter.sh available on install.
1469 - debian/docs, debian/README.container: provide documentation about the
1470 handling of this case.
1471 - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
1472 - Notify chrony to update sources in response to systemd-networkd
1473 events (LP: 1718227)
1474 - d/links: link dispatcher script to networkd-dispatcher events routable
1475 and off
1476 - d/control: set Recommends to networkd-dispatcher
1477 - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
1478 * Dropped changes
1479 - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
1480 (LP: 1751241) (in Debian now)
1481 - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
1482 (in Debian now)
1483 - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
1484 When dropping the root privileges, don't try to keep the CAP_SYS_TIME
1485 capability if the -x option was enabled. This allows chronyd to be
1486 started without the capability (e.g. in containers) and also drop the
1487 root privileges (This is upstream now).
1488 - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
1489 upstream now).
1490 - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
1491 which is in main, so we can drop this)
1492 * Added changes
1493 - debian/README.container: fix typos
1494
1495 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 14 May 2018 09:06:01 +0200
1496
842chrony (3.3-2) unstable; urgency=medium1497chrony (3.3-2) unstable; urgency=medium
8431498
844 * debian/chrony.service:1499 * debian/chrony.service:
@@ -894,6 +1549,76 @@ chrony (3.2-5) unstable; urgency=medium
8941549
895 -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +01001550 -- Vincent Blut <vincent.debian@free.fr> Wed, 28 Feb 2018 17:31:08 +0100
8961551
1552chrony (3.2-4ubuntu4) bionic; urgency=medium
1553
1554 * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
1555 * Notify chrony to update sources in response to systemd-networkd
1556 events (LP: #1718227)
1557 - d/links: link dispatcher script to networkd-dispatcher events routable
1558 and off
1559 - d/control: set Recommends to networkd-dispatcher
1560 - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
1561 - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
1562
1563 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 16 Apr 2018 17:04:06 +0200
1564
1565chrony (3.2-4ubuntu3) bionic; urgency=medium
1566
1567 * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
1568
1569 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 05 Apr 2018 09:38:10 +0200
1570
1571chrony (3.2-4ubuntu2) bionic; urgency=medium
1572
1573 * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
1574 Chrony is a single service which acts as both NTP client (i.e. syncing the
1575 local clock) and NTP server (i.e. providing NTP services to the network),
1576 and that is both desired and expected in the vast majority of cases.
1577 But in containers syncing the local clock is usually impossible, but this
1578 shall not break the providing of NTP services to the network.
1579 To some extent this makes chrony's default config more similar to 'ntpd',
1580 which complained in syslog but still provided NTP server service in those
1581 cases.
1582 - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
1583 When dropping the root privileges, don't try to keep the CAP_SYS_TIME
1584 capability if the -x option was enabled. This allows chronyd to be
1585 started without the capability (e.g. in containers) and also drop the
1586 root privileges.
1587 - debian/chrony.service: allow the service to run without CAP_SYS_TIME
1588 - debian/control: add new dependency libcap2-bin for capsh (usually
1589 installed anyway, but make them explicit to be sure).
1590 - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
1591 (Default off).
1592 - debian/chronyd-starter.sh: wrapper to handle special cases in containers
1593 and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
1594 containers on a default installation and avoid failing to sync time (or
1595 if allowed to sync, avoid multiple containers to fight over it by
1596 accident).
1597 - debian/install: make chronyd-starter.sh available on install.
1598 - debian/docs, debian/README.container: provide documentation about the
1599 handling of this case.
1600 * debian/chrony.conf: update default chrony.conf to not violate the policy
1601 of pool.ntp.org (to use no more than four of their servers) and to provide
1602 more ipv6 capable sources by default (LP: #1754358)
1603
1604 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 16 Mar 2018 12:25:44 +0100
1605
1606chrony (3.2-4ubuntu1) bionic; urgency=medium
1607
1608 * Merge with Debian unstable. Remaining changes:
1609 - d/control: switch to nss instead of tomcrypt (nss is in main)
1610 - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
1611 * Dropped changes (in Debian)
1612 - d/chrony.default, d/chrony.service: support /etc/default/chrony
1613 DAEMON_OPTS in systemd environment (LP: 1746081)
1614 - d/chrony.service: properly start after networking (LP: 1746458)
1615 - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
1616 * Added Changes:
1617 - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
1618 (LP: #1751241, Closes: #891201)
1619
1620 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 26 Feb 2018 14:44:54 +0100
1621
897chrony (3.2-4) unstable; urgency=medium1622chrony (3.2-4) unstable; urgency=medium
8981623
899 * debian/changelog:1624 * debian/changelog:
@@ -960,6 +1685,27 @@ chrony (3.2-3) unstable; urgency=medium
9601685
961 -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +01001686 -- Vincent Blut <vincent.debian@free.fr> Wed, 07 Feb 2018 21:27:09 +0100
9621687
1688chrony (3.2-2ubuntu3) bionic; urgency=medium
1689
1690 * Revert the changes of (LP 1746458) as in the follow on discussion
1691 it became clear that we want it to start early (for example for an
1692 early offset from drift file). iIf needed chrony will later on pick
1693 up that servers are online via retries (augmented by hooks on network
1694 events).
1695
1696 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Thu, 08 Feb 2018 10:52:30 +0100
1697
1698chrony (3.2-2ubuntu2) bionic; urgency=medium
1699
1700 * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
1701 * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
1702 * d/chrony.default, d/chrony.service: support /etc/default/chrony
1703 DAEMON_OPTS in systemd environment (LP: #1746081)
1704 * d/chrony.service: properly start after networking (LP: #1746458)
1705 * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
1706
1707 -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Fri, 19 Jan 2018 09:45:38 +0100
1708
963chrony (3.2-2) unstable; urgency=medium1709chrony (3.2-2) unstable; urgency=medium
9641710
965 * Initial AppArmor profile for chronyd. Thanks to Jamie1711 * Initial AppArmor profile for chronyd. Thanks to Jamie
diff --git a/debian/chrony.conf b/debian/chrony.conf
index b3a9510..793227a 100644
--- a/debian/chrony.conf
+++ b/debian/chrony.conf
@@ -4,8 +4,23 @@
4# Include configuration files found in /etc/chrony/conf.d.4# Include configuration files found in /etc/chrony/conf.d.
5confdir /etc/chrony/conf.d5confdir /etc/chrony/conf.d
66
7# Use Debian vendor zone.7# This will use (up to):
8pool 2.debian.pool.ntp.org iburst8# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
9# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
10# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
11# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
12# sources will be used.
13# At the same time it retains some protection against one of the entries being
14# down (compare to just using one of the lines). See (LP: #1754358) for the
15# discussion.
16#
17# About using servers from the NTP Pool Project in general see (LP: #104525).
18# Approved by Ubuntu Technical Board on 2011-02-08.
19# See http://www.pool.ntp.org/join.html for more information.
20pool ntp.ubuntu.com iburst maxsources 4
21pool 0.ubuntu.pool.ntp.org iburst maxsources 1
22pool 1.ubuntu.pool.ntp.org iburst maxsources 1
23pool 2.ubuntu.pool.ntp.org iburst maxsources 2
924
10# Use time sources from DHCP.25# Use time sources from DHCP.
11sourcedir /run/chrony-dhcp26sourcedir /run/chrony-dhcp
diff --git a/debian/chrony.default b/debian/chrony.default
index 028f63d..6e4e02a 100644
--- a/debian/chrony.default
+++ b/debian/chrony.default
@@ -4,3 +4,7 @@
44
5# Options to pass to chrony.5# Options to pass to chrony.
6DAEMON_OPTS="-F 1"6DAEMON_OPTS="-F 1"
7
8# Sync system clock in containers or without CAP_SYS_TIME (likely to fail)
9# See /usr/share/doc/chrony/README.container for details.
10SYNC_IN_CONTAINER="no"
diff --git a/debian/chrony.service b/debian/chrony.service
index c3050fa..c06f3f7 100644
--- a/debian/chrony.service
+++ b/debian/chrony.service
@@ -5,13 +5,12 @@ Conflicts=openntpd.service ntp.service ntpsec.service
5Wants=time-sync.target5Wants=time-sync.target
6Before=time-sync.target6Before=time-sync.target
7After=network.target7After=network.target
8ConditionCapability=CAP_SYS_TIME
98
10[Service]9[Service]
11Type=forking10Type=forking
12PIDFile=/run/chrony/chronyd.pid11PIDFile=/run/chrony/chronyd.pid
13EnvironmentFile=-/etc/default/chrony12EnvironmentFile=-/etc/default/chrony
14ExecStart=/usr/sbin/chronyd $DAEMON_OPTS13ExecStart=/usr/lib/systemd/scripts/chronyd-starter.sh $DAEMON_OPTS
1514
16CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE15CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
17CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE16CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE
diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
18new file mode 10075517new file mode 100755
index 0000000..2539ffe
--- /dev/null
+++ b/debian/chronyd-starter.sh
@@ -0,0 +1,68 @@
1#!/bin/sh
2set -ue
3
4CONF="/etc/default/chrony"
5DOC="/usr/share/doc/chrony/README.container"
6CAP="cap_sys_time"
7CMD="/usr/sbin/chronyd"
8# Take any args passed, use none if nothing was specified
9EFFECTIVE_DAEMON_OPTS=${@:-""}
10
11if [ -f "${CONF}" ]; then
12 . "${CONF}"
13else
14 echo "<4>Warning: ${CONF} is missing"
15fi
16# take from conffile if available, default to no otherwise
17EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
18
19if [ ! -x "${CMD}" ]; then
20 echo "<3>Error: ${CMD} not executable"
21 # ugly, but works around https://github.com/systemd/systemd/issues/2913
22 sleep 0.1
23 exit 1
24fi
25
26# Check if -x is already set manually, don't process further if that is the case
27X_SET=0
28for arg in $@; do
29 if echo "$arg" | grep -q -e '^-[a-zA-Z0-9]*x'; then
30 X_SET=1
31 fi
32done
33
34if [ ${X_SET} -ne 1 ]; then
35 # Assume it is not in a container
36 IS_CONTAINER=0
37 if [ -x /usr/bin/systemd-detect-virt ]; then
38 if /usr/bin/systemd-detect-virt --quiet --container; then
39 IS_CONTAINER=1
40 fi
41 fi
42
43
44 # Assume it has the cap
45 HAS_CAP=1
46 CAPSH="/sbin/capsh"
47 if [ -x "${CAPSH}" ]; then
48 ${CAPSH} --has-p="${CAP}" || HAS_CAP=0
49 fi
50
51 if [ ${HAS_CAP} -eq 0 ]; then
52 echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
53 fi
54 if [ ${IS_CONTAINER} -eq 1 ]; then
55 echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
56 fi
57
58 if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
59 if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
60 echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
61 EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
62 else
63 echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
64 fi
65 fi
66fi
67
68${CMD} ${EFFECTIVE_DAEMON_OPTS}
diff --git a/debian/control b/debian/control
index 4d0dbfd..123e334 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: chrony1Source: chrony
2Section: net2Section: net
3Priority: optional3Priority: optional
4Maintainer: Vincent Blut <vincent.debian@free.fr>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
5Standards-Version: 4.6.06Standards-Version: 4.6.0
6Build-Depends: asciidoctor,7Build-Depends: asciidoctor,
7 bison,8 bison,
@@ -27,6 +28,7 @@ Architecture: linux-any
27Pre-Depends: ${misc:Pre-Depends}28Pre-Depends: ${misc:Pre-Depends}
28Depends: adduser,29Depends: adduser,
29 iproute2 [linux-any],30 iproute2 [linux-any],
31 libcap2-bin (>= 1:2.32-1),
30 tzdata,32 tzdata,
31 ucf,33 ucf,
32 ${misc:Depends},34 ${misc:Depends},
diff --git a/debian/docs b/debian/docs
index e12f653..3bfc9dc 100644
--- a/debian/docs
+++ b/debian/docs
@@ -1,3 +1,4 @@
1FAQ1FAQ
2NEWS2NEWS
3README3README
4debian/README.container
diff --git a/debian/install b/debian/install
index e7dc12a..2647461 100644
--- a/debian/install
+++ b/debian/install
@@ -5,3 +5,4 @@ debian/conf.d etc/chrony
5debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d5debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d
6debian/sources.d etc/chrony6debian/sources.d etc/chrony
7debian/usr.sbin.chronyd etc/apparmor.d7debian/usr.sbin.chronyd etc/apparmor.d
8debian/chronyd-starter.sh usr/lib/systemd/scripts/

Subscribers

People subscribed via source and target branches