Ubuntu
chrony package

Merge ~slyon/ubuntu/+source/chrony:merge-lp2110435-questing into ubuntu/+source/chrony:debian/experimental

Proposed by Lukas Märdian on 2025-06-25

Status:

Merged

Merge reported by:

Lukas Märdian

Merged at revision:

de4c18188d37067dcabe2a70671da18ef8ca0866

Proposed branch:

~slyon/ubuntu/+source/chrony:merge-lp2110435-questing

Merge into:

ubuntu/+source/chrony:debian/experimental

Diff against target:

1977 lines (+1579/-9)

23 files modified

debian/NEWS (+40/-0)
debian/README.container (+72/-0)
debian/changelog (+1115/-0)
debian/chrony.conf (+3/-2)
debian/chrony.config (+10/-0)
debian/chrony.default (+4/-0)
debian/chrony.examples (+1/-0)
debian/chrony.service (+3/-2)
debian/chronyd-starter.sh (+68/-0)
debian/conf.d/ubuntu-nts.conf (+6/-0)
debian/control (+4/-1)
debian/docs (+1/-0)
debian/install (+4/-0)
debian/nts-bootstrap-staging-ubuntu.crt (+11/-0)
debian/nts-bootstrap-ubuntu.crt (+11/-0)
debian/postinst (+26/-3)
debian/postrm (+14/-0)
debian/rules (+0/-1)
debian/templates (+12/-0)
debian/tests/control (+6/-0)
debian/tests/default-ubuntu-sources-behavior (+134/-0)
debian/ubuntu-ntp-pools.sources (+31/-0)
debian/usr.sbin.chronyd (+3/-0)

Related bugs:

Bug #2110435: Merge chrony from Debian Unstable for questing	Undecided	Fix Released
Bug #2115565: Secure config still picks up DHCP-advertised server	Low	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Jonas Jelten (community)		Approve on 2025-07-02
Lukas Märdian	2025-06-30	Pending
Canonical Server Reporter	2025-06-25	Pending
Canonical Server packageset reviewers	2025-06-25	Pending
Canonical Server Core Reviewers	2025-06-25	Pending
git-ubuntu import	2025-06-25	Pending
Review via email: mp+487764@code.launchpad.net

Description of the change

PPA: https://launchpad.net/~slyon/+archive/ubuntu/merge-lp2110435-chrony/+packages

DEP-8:
=> I retriggered amd64 as the run_system_tests case passed locally and seems to be flaky.

$ ppa tests ppa:slyon/merge-lp2110435-chrony
[...]
* Results:
  - chrony: questing/chrony/4.7-1ubuntu1~ppa3 [amd64]
    + ✅ chrony on questing for amd64 @ 30.06.25 14:02:03 Log️ 🗒️
  - chrony: questing/chrony/4.7-1ubuntu1~ppa3 [arm64]
    + ✅ chrony on questing for arm64 @ 30.06.25 13:42:46 Log️ 🗒️
  - chrony: questing/chrony/4.7-1ubuntu1~ppa3 [armhf]
    + ✅ chrony on questing for armhf @ 30.06.25 13:48:10 Log️ 🗒️
  - chrony: questing/chrony/4.7-1ubuntu1~ppa3 [ppc64el]
    + ✅ chrony on questing for ppc64el @ 30.06.25 13:43:43 Log️ 🗒️
  - chrony: questing/chrony/4.7-1ubuntu1~ppa3 [s390x]
    + ✅ chrony on questing for s390x @ 30.06.25 14:01:09 Log️ 🗒️

Range diff:

$ git range-diff old/debian..logical/4.6.1-1ubuntu2 new/debian..slyon/merge-lp2110435-questing --creation-factor=100

Installation & removal:
# add-apt-repository ppa:slyon/merge-lp2110435-chrony
[...]

# apt install chrony
Upgrading:
chrony

Summary:
  Upgrading: 1, Installing: 0, Removing: 0, Not Upgrading: 63
  Download size: 337 kB
  Space needed: 9216 B / 7041 MB available

Get:1 https://ppa.launchpadcontent.net/slyon/merge-lp2110435-chrony/ubuntu questing/main amd64 chrony amd64 4.7-1ubuntu1~ppa3 [337 kB]
Fetched 337 kB in 0s (1214 kB/s)
Preconfiguring packages ...
(Reading database ... 78160 files and directories currently installed.)
Preparing to unpack .../chrony_4.7-1ubuntu1~ppa3_amd64.deb ...
Unpacking chrony (4.7-1ubuntu1~ppa3) over (4.6.1-1ubuntu2) ...
Setting up chrony (4.7-1ubuntu1~ppa3) ...
Installing new version of config file /etc/apparmor.d/usr.sbin.chronyd ...
Replacing config file /etc/chrony/chrony.conf with new version
Processing triggers for man-db (2.13.1-1) ...
[...]

root@chrony:~# systemctl status chrony
● chrony.service - chrony, an NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chrony.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-06-30 13:25:41 UTC; 13s ago
Invocation: cdc1afe5836c4fcdbfc6dc0425716581
       Docs: man:chronyd(8)
             man:chronyc(1)
             man:chrony.conf(5)
   Main PID: 1826 (chronyd-starter)
      Tasks: 3 (limit: 1042)
     Memory: 5.5M (peak: 5.9M)
        CPU: 42ms
     CGroup: /system.slice/chrony.service
             ├─1826 /bin/sh /usr/lib/systemd/scripts/chronyd-starter.sh -n -F 1
             ├─1838 /usr/sbin/chronyd -n -F 1
             └─1839 /usr/sbin/chronyd -n -F 1

Jun 30 13:25:41 chrony chronyd[1838]: Loaded seccomp filter (level 1)
Jun 30 13:25:41 chrony systemd[1]: Started chrony.service - chrony, an NTP client/server.
Jun 30 13:25:41 chrony chronyd[1838]: Added pool 1.ntp.ubuntu.com
Jun 30 13:25:41 chrony chronyd[1838]: Added pool 2.ntp.ubuntu.com
Jun 30 13:25:41 chrony chronyd[1838]: Added pool 3.ntp.ubuntu.com
Jun 30 13:25:41 chrony chronyd[1838]: Added pool 4.ntp.ubuntu.com
Jun 30 13:25:41 chrony chronyd[1838]: Added pool ntp-bootstrap.ubuntu.com
Jun 30 13:25:47 chrony chronyd[1838]: Selected source 185.125.190.122 (1.ntp.ubuntu.com)
Jun 30 13:25:47 chrony chronyd[1838]: System clock TAI offset set to 37 seconds
Jun 30 13:25:48 chrony chronyd[1838]: Selected source 185.125.190.123 (2.ntp.ubuntu.com)

# apt purge chrony systemd-timesyncd+
Installing:
systemd-timesyncd

REMOVING:
chrony*

Summary:
  Upgrading: 0, Installing: 1, Removing: 1, Not Upgrading: 63
  Download size: 41.4 kB
  Freed space: 449 kB

Continue? [Y/n]
Get:1 http://archive.ubuntu.com/ubuntu questing/main amd64 systemd-timesyncd amd64 257.6-1ubuntu1 [41.4 kB]
Fetched 41.4 kB in 0s (102 kB/s)
[...]

Revision history for this message

Jonas Jelten (jj) wrote on 2025-07-02:

Review Symbols:
+ = OK
! = Not OK
? = Question
N = Not applicable
S = Skipped

* Changelog:
  - [+] Changelog entry has correct version and targeted codename
  - [+] Correct formatting of changelog items
  - [+] Bug references correct
  - [+] Old content and logical tag match as expected (Package Merge)

* Release notes and Documentation
- [+] Added, updated or enqueued relevant documentation.
- [N] Added, updated or enqueued relevant release notes.

* Package Merge - indirect changes:
  - [+] No upstream changes that need adapting due to Ubuntu's design
  - [+] No further upstream version/changes to consider
  - [+] Debian changes are compatible with the Ubuntu implementation
  - [+] update-maintainer has been run

* Package Merge - old delta:
  - [+] Dropped changes are ok to be dropped
  - [+] Nothing else to drop
  - [+] Old delta was forwarded to upstream/Debian or marked as Ubuntu-only

* New delta in debian/*:
- [+] new changes in debian/* are OK
- [+] New delta was forwarded to Debian or marked as Ubuntu-only

* New patches:
  - [+] No new patches added
  - [N] Patches match those proposed/committed upstream
  - [N] Patches correctly included in Debian/patches/series
  - [N] Patches have correct DEP-3 metadata
  - [N] Patches follow our style choices
  - [N] New code not from upstream was forwarded or marked as Ubuntu-only

* Git/maintenance:
- [!] Commits are properly split (more important on -dev than on SRUs)

* Build/Test:
  - [+] Build is OK
  - [N] This is an SRU, the validation instructions are ok
  - [+] Testcases added or adapted (N/A if not strictly required or already present)
  - [+] autopkgtest against the PPA package passes (if possible, evidence was provided already)
  - [+] Based on PPA builds and the build-log, no new component mismatch expected
  - [+] Verified PPA package installs/uninstalls
  - [+] Verified PPA source package matches Merge Proposal source package
  - [+] Verified function manually

notes:
- ! merge and reconstruct changelog was committed two times, please fix :)
- why doesn't chrony have After=network.target any more?
- new adjustments for sd-notify look good!

Review Symbols:
+ = OK
! = Not OK
? = Question
N = Not applicable
S = Skipped

* Release notes and Documentation
  - [+] Added, updated or enqueued relevant documentation.
  - [N] Added, updated or enqueued relevant release notes.

* Package Merge - old delta:
  - [+] Dropped changes are ok to be dropped
  - [+] Nothing else to drop
  - [+] Old delta was forwarded to upstream/Debian or marked as Ubuntu-only

* New delta in debian/*:
  - [+] new changes in debian/* are OK
  - [+] New delta was forwarded to Debian or marked as Ubuntu-only

* Git/maintenance:
  - [!] Commits are properly split (more important on -dev than on SRUs)

notes:
- ! merge and reconstruct changelog was committed two times, please fix :)
- why doesn't chrony have After=network.target any more?
- new adjustments for sd-notify look good!

review: Approve

~slyon/ubuntu/+source/chrony:merge-lp2110435-questing updated on 2025-07-03

6478701... by Lukas Märdian on 2025-07-03

d/chrony.conf: Document non-NTS sources from DHCP (LP: #2115565)

UD-Forwarded: no, ubuntu-specific

--CL--
+ d/chrony.conf: Document non-NTS sources from DHCP (LP #2115565)

de4c181... by Lukas Märdian on 2025-07-03

changelog

Revision history for this message

Lukas Märdian (slyon) wrote on 2025-07-03:

The After=network.target is explained in Debian upload 4.6.1-2 – And I think that's a good thing, chrony can happily work without routable IPs or DNS being configured.

```
  * debian/chrony.service:
    - Drop 'After=network.target'. First and foremost, the network.target unit
    doesn't guarantee that any network interfaces are configured or
    operational. Furthermore, chronyd is perfectly able to operate without
    network or DNS functionality notably when used with a hardware reference
    clock as a time source.
    - Do not pull time-sync.target nor order chrony.service before it. Services
    pulling and being ordered before time-sync.target must ensure that the
    system clock has been completely synchronized and thus typically guarantee
    an accurate clock. This can't be assumed right after chrony.service has
    finished starting.
```

Nice spot on the merge-changelogs & reconstruct-changelog commits. I will fix it before upload.

I'll also be piggybacking a tiny fix for bug #2115565 on top as "Added Changes".

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Lukas Märdian

git-ubuntu developers

 diff --git a/debian/NEWS b/debian/NEWS
 index fe7e4b9..2c4fa8f 100644
 --- a/debian/NEWS
 +++ b/debian/NEWS
@@ -1,3 +1,43 @@
++chrony (4.5-3ubuntu4) plucky; urgency=medium
++
++  Starting with version 4.5-3ubuntu4, chrony will ship with a default
++  configuration set to use Ubuntu NTS servers by default.
++
++  The two main changes are:
++
++  a) NTS/KE uses a separate port (4460/tcp) to negotiate security parameters,
++  which are then used via the normal NTP port (123/udp). This is a new
++  deployment, running on different IP addresses than the service without NTS.
++
++  b) A new CA is installed in /etc/chrony/nts-bootstrap-ubuntu.crt that is
++  used specifically for the Ubuntu NTS bootstrap server, needed for when the
++  clock is too far off. This is added to certificate set ID "1", and defined
++  via /etc/chrony/conf.d/ubuntu-nts.conf. There is also a staging CA shipped
++  with the package, but it's not referred to anywhere and is just there as a
++  convenience for testing the staging servers.
++
++  If your network does not allow access to the Ubuntu NTS servers and the
++  required ports, and the new configuration is in place, chrony will not be
++  able to adjust this system's clock. To revert to NTP, just edit the
++  configuration file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources and
++  revert to using the listed NTP servers in favor of the NTS ones. Or revert
++  to your previous copy of that configuration file.
++
++ -- Andreas Hasenack <andreas@canonical.com>  Fri, 11 Oct 2024 13:31:00 -0300
++
++chrony (4.5-3ubuntu2) oracular; urgency=medium
++
++  Starting with chrony version 4.5-3ubuntu2 the default time sources are
++  configured by default in the /etc/chrony/sources.d/ubuntu-ntp-pools.sources
++  file.
++  Setting the chrony/configure_ubuntu_pools_in_sourcesd debconf key to "false",
++  either via pre-seeding or dpkg-reconfigure, will result in the package being
++  installed without any time sources configured. With this setting, in the case
++  of an upgrade, if /etc/chrony/sources.d/ubuntu-ntp-pools.sources exists, it
++  will be removed and subsequent upgrades will not recreate it.
++
++ -- Ankush Pathak <ankush.pathak@canonical.com>  Tue, 16 Jul 2024 17:57:41 -0600
++
  chrony (4.1~pre1-1) experimental; urgency=medium
    Starting with chrony 4.0, it is possible to specify NTP sources in files
 diff --git a/debian/README.container b/debian/README.container
 new file mode 100644
 index 0000000..7a068b5
 --- /dev/null
 +++ b/debian/README.container
@@ -0,0 +1,72 @@
++Chrony in Containers
++--------------------
++
++Currently in 99.9+% of the cases syncing the local clock in a container
++is wrong. Most of the time it will be unable to do so, because it is lacking
++CAP_SYS_TIME. Or worse, if the CAP_SYS_TIME privilege is granted, multiple
++containers could fight over the system's time, because the Linux kernel does
++not provide time namespaces (yet).
++
++There are two things a user installing chrony usually wants:
++1. synchronize my time (NTP client)
++2. serve NTP (NTP server)
++
++In a container the first makes (usually) no sense, so by default we enable -x
++there (as it would only crash otherwise).
++This will disable the control of the system clock.
++See `man chronyd` for more details on the -x option.
++
++Formerly, the check for Condition=CAP_SYS_TIME in the systemd service avoided
++the crash of the NTP client portion, but that means the server use case will
++not work by default in containers. It is still not recommended to use a
++container as an NTP server, but if the host clock is synchronised via NTP,
++adding the -x option to chronyd instances running in containers will allow
++them to function as NTP servers which do not adjust the system clock.
++The Condition=CAP_SYS_TIME check was a silent, no-log-entry stealing away
++leaving users often unclear what happened - especially if they were more after
++the NTP server than the NTP client.
++
++One could argue that someone who installs chrony expects the system time to be
++synchronised, so it should fail if it is not able to do so.  On the other hand
++it could be argued that someone who installs chrony expects time to be served
++over the network via NTP.
++We can't know which expectation is applicable, so we assume that time should
++be synchronised unless chronyd is running in a container (or is without
++CAP_SYS_TIME in any other environment).
++
++To make things worse recent container implementations will offer CAP_SYS_TIME
++to the container. Since from the container's point of view, this capability is
++available for the container's user namespace. Just later on adjtimex and similar
++are actually evaluated against the host kernel where they will fail. Due to
++that without further precaution running chrony in Ubuntu in the future will
++likely have the service start (as Condition=CAP_SYS_TIME will be true) but
++then immediately fail.
++This will depend on the environment e.g. versions and types of containers and
++thereby feel just 'unreliable' from users point of view.
++Furthermore it will affect upgrades as the service has to be restarted for a
++package upgrade to be considered complete.
++
++Due to all of that Ubuntu decided (LP: #1589780) to default to -x (do not
++set the system clock) in containers.
++
++If one really wants to (try to) sync time in a container or CAP_SYS_TIME-less
++environment set SYNC_IN_CONTAINER="yes" in /etc/default/chrony to disable
++this special handling.
++
++It is important to mention that as soon as upstream provides a way to provide
++a default config working in those cases Ubuntu intends to use that and drop
++the current workaround.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
++
++
++In addition to the above mentioned SYNC_IN_CONTAINER="yes" enablement one also
++needs to disable the "ConditionVirtualization=!container" check in
++chrony.service (LP: #2111535), e.g. by placing an override config in
++/etc/systemd/system/chrony.service.d/10-container.conf:
++```
++[Unit]
++ConditionVirtualization=
++```
++
++ -- Lukas Märdian <slyon@ubuntu.com>  Mon, 02 Jun 2025 11:31:37 +0200
 diff --git a/debian/changelog b/debian/changelog
 index a3516dc..fe6515e 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,72 @@
++chrony (4.7-1ubuntu1) questing; urgency=medium
++
++  * Merge with Debian experimental. Remaining changes: (LP: #2110435)
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + d/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + d/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + d/install: Make chrony-starter.sh available on install.
++      + d/docs, d/README.container: Provide documentation about the
++        handling of this case.
++    - d/rules, d/chrony.examples: Ship restricted service as an example
++      not installed to the system for use.  (See LP #2051028)
++    - d/chrony.conf: remove Debian NTP pool
++    - Install Ubuntu NTP sources in
++      /etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
++      (default yes) debconf question (LP #2048876):
++      + d/templates: Add debconf question to customize installation of
++        /etc/chrony/sources.d/ubuntu-ntp-pools.sources
++      + d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
++        in /usr/share/chrony
++      + d/control: add dependency on debconf
++      + d/postinst: handle Ubuntu pools via debconf and ucf
++      + d/postrm: handle Ubuntu pools via debconf and ucf
++      + d/NEWS: Add information about default time sources moving out from
++        chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
++      + d/chrony.config: debconf script to handle Ubuntu pools
++      + d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
++        debconf behavior
++    - Use Ubuntu NTS servers by default (LP #2084585):
++      + d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
++        server
++      + d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
++        bootstrap servers
++      + d/install: install the NTS bootstrap CAs
++      + d/ubuntu-ntp-pools.sources: use NTS by default
++      + d/t/default-ubuntu-sources-behavior: update tests for NTS support
++      + d/NEWS: add news entry about the NTS change
++  * Drop Changes:
++    - d/t/helper-functions: Do not fail if backup does not exist
++      [Fixed in 4.7-1]
++    - d/tests: Clean up after __no_system_clock_control()
++      [Fixed in 4.7-1]
++    - d/chrony.service: Do not run inside containers by default (LP 2111535)
++      [Fixed in 4.7-1]
++    - d/t/default-ubuntu-sources-behavior: Adopt to upstream container handling.
++      [Squashed into "new test to check the debconf behavior"]
++  * Add Changes:
++    - d/chrony.service: Allow real chronyd to send READY=1 via sd_notify in
++      place of the chronyd-starter.sh wrapper.
++    - d/usr.sbin.chronyd: Grant access to NOTIFY_SOCKET in AppArmor profile.
++    - d/chrony.conf: Document non-NTS sources from DHCP (LP: #2115565)
++
++ -- Lukas Märdian <slyon@ubuntu.com>  Mon, 30 Jun 2025 13:26:18 +0200
++
  chrony (4.7-1) experimental; urgency=medium
    [ Vincent Blut ]
@@ -87,6 +156,72 @@ chrony (4.6.1-2) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 02 Apr 2025 21:33:06 +0200
++chrony (4.6.1-1ubuntu2) questing; urgency=medium
++
++  * d/chrony.service: Do not run inside containers by default (LP: #2111535)
++    Still allow running tests in containers, by installing override
++    configs in /etc/systemd/system/chrony.service.d/
++  * d/tests: Clean up after __no_system_clock_control()
++  * d/t/helper-functions: Do not fail if backup does not exist
++  * d/t/default-ubuntu-sources-behavior: Adopt to upstream container handling.
++
++ -- Lukas Märdian <slyon@ubuntu.com>  Tue, 03 Jun 2025 10:13:08 +0200
++
++chrony (4.6.1-1ubuntu1) plucky; urgency=medium
++
++  * Merge with Debian unstable (LP: #2085221). Remaining changes:
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + d/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + d/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + d/install: Make chrony-starter.sh available on install.
++      + d/docs, d/README.container: Provide documentation about the
++        handling of this case.
++    - d/rules, d/chrony.examples: Ship restricted service as an example
++      not installed to the system for use.  (See LP #2051028)
++    - d/chrony.conf: remove Debian NTP pool
++    - Install Ubuntu NTP sources in
++      /etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
++      (default yes) debconf question (LP #2048876):
++      + d/templates: Add debconf question to customize installation of
++        /etc/chrony/sources.d/ubuntu-ntp-pools.sources
++      + d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
++        in /usr/share/chrony
++      + d/control: add dependency on debconf
++      + d/postinst: handle Ubuntu pools via debconf and ucf
++      + d/postrm: handle Ubuntu pools via debconf and ucf
++      + d/NEWS: Add information about default time sources moving out from
++        chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
++      + d/chrony.config: debconf script to handle Ubuntu pools
++      + d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
++        debconf behavior
++    - Use Ubuntu NTS servers by default (LP #2084585):
++      + d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
++        server
++      + d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
++        bootstrap servers
++      + d/install: install the NTS bootstrap CAs
++      + d/ubuntu-ntp-pools.sources: use NTS by default
++      + d/t/default-ubuntu-sources-behavior: update tests for NTS support
++      + d/NEWS: add news entry about the NTS change
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 23 Jan 2025 10:35:08 -0300
++
  chrony (4.6.1-1) unstable; urgency=medium
    * Import upstream version 4.6.1:
@@ -134,6 +269,87 @@ chrony (4.6~pre1-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 30 Jul 2024 15:01:19 +0200
++chrony (4.5-3ubuntu4) plucky; urgency=medium
++
++  * Use Ubuntu NTS servers by default (LP: #2084585):
++    - d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
++      server
++    - d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
++      bootstrap servers
++    - d/install: install the NTS bootstrap CAs
++    - d/ubuntu-ntp-pools.sources: use NTS by default
++    - d/t/default-ubuntu-sources-behavior: update tests for NTS support
++    - d/NEWS: add news entry about the NTS change
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 17 Oct 2024 10:25:57 -0300
++
++chrony (4.5-3ubuntu3) oracular; urgency=medium
++
++  * d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
++    debconf behavior introduced in LP #2048876)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Mon, 02 Sep 2024 16:37:40 -0300
++
++chrony (4.5-3ubuntu2) oracular; urgency=medium
++  * Move Ubuntu NTP sources to /etc/chrony/sources.d/ubuntu-ntp-pools.sources,
++    gated on a low priority (default yes) debconf question (LP: #2048876):
++    - d/NEWS: Add entry with information about default time sources moving out
++      from chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
++    - d/chrony.conf, d/ubuntu-ntp-pools.sources: Move Ubuntu NTP pool sources
++      from chrony.conf to ubuntu-ntp-pools.sources
++    - d/chrony.config: Ask chrony/configure_ubuntu_pools_in_sourcesd debconf
++      question.
++    - d/control: Add debconf dependency.
++    - d/install: Install ubuntu-ntp-pools.sources in /usr/share/chrony
++    - d/postinst: Handle ubuntu-ntp-pools.sources installation, removal and
++      ucf tracking based on debconf question.
++    - d/postrm: Handle /etc/chrony/sources.d/ubuntu-ntp-pools.sources removal
++      from ucf tracking based on debconf question on uninstall.
++    - d/templates: Add debconf question to customize installation of
++      /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
++
++ -- Ankush Pathak <ankush.pathak@canonical.com>  Thu, 15 Aug 2024 00:03:08 +0530
++
++chrony (4.5-3ubuntu1) oracular; urgency=medium
++
++  * Merge with Debian unstable (LP: #2064393, LP: #2068526). Remaining
++    changes:
++    - d/chrony.conf: Use ubuntu ntp pool and server.
++      (LP #1744664, #1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + d/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + d/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + d/install: Make chrony-starter.sh available on install.
++      + d/docs, d/README.container: Provide documentation about the
++        handling of this case.
++    - d/rules, d/chrony.examples: Ship restricted service as an example
++      not installed to the system for use.  (See LP #2051028)
++  * Dropped:
++    - d/usr.sbin.chronyd: apparmor fixes (LP: #2032805):
++      + Allow the default UNIX domain socket address to be used by the
++        reflock_sock service in the Apport configuration.
++      + Fix failure to start timemaster due to lack of rw permissions on
++        chrony socket.
++      [In 4.5-2 and 4.5-3]
++
++ -- Andreas Hasenack <andreas@canonical.com>  Tue, 02 Jul 2024 15:57:20 -0300
++
  chrony (4.5-3) unstable; urgency=medium
    * debian/upstream-simulation-test-suite:
@@ -172,6 +388,65 @@ chrony (4.5-2) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 25 Apr 2024 15:52:18 +0200
++chrony (4.5-1ubuntu4) noble; urgency=medium
++
++  * d/usr.sbin.chronyd: Fix failure to start timemaster due to lack
++    of rw permissions on chrony socket.
++    (LP: #2032805)
++  * d/usr.sbin.chronyd: Allow the default UNIX domain socket address
++    to be used by the reflock_sock service in the Apport configuration.
++    (ref LP #2032805)
++
++ -- Bryce Harrington <bryce@canonical.com>  Mon, 01 Apr 2024 18:28:32 -0700
++
++chrony (4.5-1ubuntu3) noble; urgency=medium
++
++  * No-change rebuild for CVE-2024-3094
++
++ -- William Grant <wgrant@ubuntu.com>  Mon, 01 Apr 2024 16:38:10 +1100
++
++chrony (4.5-1ubuntu2) noble; urgency=medium
++
++  * No-change rebuild against libgnutls30t64
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 10 Mar 2024 02:02:48 +0000
++
++chrony (4.5-1ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable (LP: #2040371). Remaining changes:
++    - d/chrony.conf: Use ubuntu ntp pool and server.
++      (LP #1744664, #1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + d/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + d/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + d/install: Make chrony-starter.sh available on install.
++      + d/docs, d/README.container: Provide documentation about the
++        handling of this case.
++  * Dropped:
++    - Depend on tzdata-legacy for reading leapsectz from
++      /usr/share/zoneinfo/right/UTC
++      (LP #2008076)
++  * d/rules, d/chrony.examples: Ship restricted service as an example
++    not installed to the system for use.  (See LP #2051028)
++
++ -- Bryce Harrington <bryce@canonical.com>  Tue, 02 Jan 2024 00:45:01 -0800
++
  chrony (4.5-1) unstable; urgency=medium
    * Import upstream version 4.5:
@@ -285,6 +560,39 @@ chrony (4.3-2+deb12u1) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Mon, 08 May 2023 22:05:00 +0200
++chrony (4.3-2ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2018062). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server
++      (LP #1744664, #1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + d/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + d/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + d/install: make chrony-starter.sh available on install.
++      + d/docs, d/README.container: provide documentation about the
++        handling of this case.
++    - Depend on tzdata-legacy for reading leapsectz from
++      /usr/share/zoneinfo/right/UTC
++      (LP #2008076)
++
++ -- Bryce Harrington <bryce@canonical.com>  Mon, 08 May 2023 22:15:26 -0700
++
  chrony (4.3-2) unstable; urgency=medium
    * debian/control:
@@ -319,6 +627,60 @@ chrony (4.3-2) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Fri, 27 Jan 2023 22:51:17 +0100
++chrony (4.3-1ubuntu4) lunar; urgency=medium
++
++  * Let upstream-simulation-test-suite depend on tzdata-legacy as well
++    (LP: #2008076)
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 15 Mar 2023 15:42:10 +0100
++
++chrony (4.3-1ubuntu3) lunar; urgency=medium
++
++  * Depend on tzdata-legacy for reading leapsectz from
++    /usr/share/zoneinfo/right/UTC (LP: #2008076)
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 15 Mar 2023 09:26:25 +0100
++
++chrony (4.3-1ubuntu2) lunar; urgency=medium
++
++  * No-change rebuild for glibc 2.37
++
++ -- Bryce Harrington <bryce@canonical.com>  Thu, 09 Feb 2023 07:26:02 +0000
++
++chrony (4.3-1ubuntu1) lunar; urgency=medium
++
++  * Merge with Debian unstable (LP: #1993389). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server
++      (LP #1744664, #1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for
++        capsh (usually installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall
++        back (Default off)
++      + debian/chronyd-starter.sh: wrapper to handle special cases in
++        containers and if CAP_SYS_TIME is missing. Effectively allows
++        running the NTP server in containers on a default installation
++        and avoid failing to sync time (or if allowed to sync, avoid
++        multiple containers fighting over it by accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation
++        about the handling of this case.
++  * Dropped:
++    - d/patches/add-rseq.patch: Add "rseq" to list of acceptable syscalls to fix
++      tests with glibc 2.35.
++      [Included in upstream 4.3 release]
++
++ -- Bryce Harrington <bryce@canonical.com>  Mon, 09 Jan 2023 19:41:47 -0800
++
  chrony (4.3-1) unstable; urgency=medium
    * Import upstream version 4.3:
@@ -354,6 +716,49 @@ chrony (4.3~pre1-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 11 Aug 2022 14:12:25 +0200
++chrony (4.2-2ubuntu2) jammy; urgency=medium
++
++  * d/patches/add-rseq.patch: Add "rseq" to list of acceptable syscalls to fix
++    tests with glibc 2.35.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 08 Feb 2022 16:48:09 +1300
++
++chrony (4.2-2ubuntu1) jammy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes [ in 4.2-1 ]
++    - Drop patches present in v4.2
++      + d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
++      + d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
++      + d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
++    - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 04 Feb 2022 07:52:48 +0100
++
  chrony (4.2-2) unstable; urgency=medium
    * debian/usr.sbin.chronyd:
@@ -382,6 +787,42 @@ chrony (4.2-1) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 13 Jan 2022 14:01:35 +0100
++chrony (4.2-0ubuntu1) jammy; urgency=medium
++
++  * Merge with Debian testing (LP: #1946848) and upstream v4.2.
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Drop patches present in v4.2
++    - d/p/allow-clone3-and-pread64-in-seccomp-filter.patch
++    - d/p/fix-seccomp-filter-for-BINDTODEVICE-socket-option.patch
++    - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch
++  * Added changes:
++    - d/t/upstream-simulation-test-suite: bump to the matching clknetsim
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 06 Jan 2022 14:51:22 +0100
++
  chrony (4.1-4) unstable; urgency=medium
    * debian/:
@@ -404,6 +845,41 @@ chrony (4.1-4) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 07 Oct 2021 15:23:28 +0200
++chrony (4.1-3ubuntu1) impish; urgency=medium
++
++  * Merge with Debian unstable (LP: #1940252). Remaining changes:
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/helper-functions: restart explicitly to fix test issues
++  * Added changes:
++    - d/p/lp-1940252-rtc-avoid-printing-and-scanning-time_t.patch: glibc 2.34
++      compatibility
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 17 Aug 2021 12:22:32 +0200
++
  chrony (4.1-3) unstable; urgency=medium
    * Upload to unstable.
@@ -434,6 +910,51 @@ chrony (4.1-2) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sat, 26 Jun 2021 17:16:45 +0200
++chrony (4.1-1ubuntu1) impish; urgency=medium
++
++  * Merge new upstream 4.1 and yet unrelased changes from Debian salsa.
++    Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/helper-functions: reduce default ubuntu config, to make space for
++      testcase config
++      [ in Debian 4.0-6 ]
++    - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
++      unify tests to use reload and restart
++      [ in Debian 4.0-6 ]
++    - d/t/upstream-simulation-test-suite: Update clknetsim version to fix
++      a test failure on s390x when LTO is enabled at build time (LP #1921377)
++      [ in Debian 4.1~pre1-1 ]
++    - d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
++      add compatibility for glibc 2.33 (LP: 1915006)
++      [ upstream in 4.1-pre1 ]
++  * Added changes:
++    - d/t/helper-functions: restart explicitly to fix test issues
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 18 May 2021 08:12:59 +0200
++
  chrony (4.1-1) experimental; urgency=medium
    * Import upstream version 4.1:
@@ -524,6 +1045,54 @@ chrony (4.0-6) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 21 Feb 2021 21:59:22 +0100
++chrony (4.0-5ubuntu3) hirsute; urgency=medium
++
++  * d/t/upstream-simulation-test-suite: Update clknetsim version to fix
++    a test failure on s390x when LTO is enabled at build time (LP: #1921377)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 25 Mar 2021 15:45:47 +0100
++
++chrony (4.0-5ubuntu2) hirsute; urgency=medium
++
++  * d/p/lp-1915006-sys_linux-allow-statx-and-fstatat64-in-seccomp-filte.patch:
++    add compatibility for glibc 2.33 (LP: 1915006)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 15 Feb 2021 12:50:29 +0100
++
++chrony (4.0-5ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable (LP: #1915006). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Added changes:
++    - d/t/helper-functions: reduce default ubuntu config, to make space for
++      testcase config
++    - d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
++      unify tests to use reload and restart
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 08 Feb 2021 12:45:05 +0100
++
  chrony (4.0-5) unstable; urgency=medium
    * Follow DEP-14 branch naming conventions:
@@ -640,6 +1209,35 @@ chrony (4.0-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Mon, 18 Jan 2021 21:58:52 +0100
++chrony (4.0-2ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
++        in containers on a default installation and avoid failing to sync time
++        (or if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 27 Oct 2020 10:55:19 +0100
++
  chrony (4.0-2) unstable; urgency=medium
    * Merge branch 'experimental' into 'master'.
@@ -775,6 +1373,44 @@ chrony (4.0~pre4-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Fri, 02 Oct 2020 21:21:08 +0200
++chrony (3.5.1-1ubuntu2) groovy; urgency=medium
++
++  * d/chronyd-starter.sh: fix commandline argument parsing (LP: #1898000)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 06 Oct 2020 12:20:40 +0200
++
++chrony (3.5.1-1ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes
++    - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++      (LP: 1873031) [no more needed with recent systemd that is in groovy]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 26 Aug 2020 15:30:48 +0200
++
  chrony (3.5.1-1) unstable; urgency=medium
    * Import upstream version 3.5.1:
@@ -790,6 +1426,50 @@ chrony (3.5.1-1) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Thu, 20 Aug 2020 14:07:22 +0200
++chrony (3.5-9ubuntu2) groovy; urgency=medium
++
++  * No change rebuild against new libnettle8 and libhogweed6 ABI.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 29 Jun 2020 22:22:19 +0100
++
++chrony (3.5-9ubuntu1) groovy; urgency=medium
++
++  * Merge with Debian unstable (LP: #1878005). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++      (LP: 1873031)
++  * Dropped changes [in Debian now]
++    - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
++    - d/t/upstream-system-tests: fix stderr in case services do not exist
++    - Stop starting systemd-timesyncd in postrm. This is no longer relevant
++      since systemd-timesyncd is a standalone package declaring
++      Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: 1872183)
++    - d/postrm: Reinstate the remove target (LP: 1873810)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 20 May 2020 09:57:39 +0200
++
  chrony (3.5-9) unstable; urgency=medium
    * debian/patches/:
@@ -852,6 +1532,76 @@ chrony (3.5-7) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 17 Mar 2020 15:21:53 +0100
++chrony (3.5-6ubuntu6) focal; urgency=medium
++
++  * d/postrm: Reinstate the remove target (LP: #1873810)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 20 Apr 2020 15:58:52 +0200
++
++chrony (3.5-6ubuntu5) focal; urgency=medium
++
++  * d/t/control: harden time-sources-from-dhcp-servers test for systemd change
++    (LP: #1873031)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 18:23:10 +0200
++
++chrony (3.5-6ubuntu4) focal; urgency=medium
++
++  * debian/postrm:
++    - Stop starting systemd-timesyncd in postrm. This is no longer relevant
++      since systemd-timesyncd is a standalone package declaring
++      Conflicts/Replaces/Provides: time-daemon. (Closes 955773, LP: #1872183)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 15 Apr 2020 09:01:30 +0200
++
++chrony (3.5-6ubuntu3) focal; urgency=medium
++
++  * avoid multiple time services running concurrently (LP: #1870144).
++    This fixes the autopkgtests vs chrond itself, the issue of concurrent
++    systemd-timesyncd will be fixed in systemd by (LP 1849156)
++    - d/t/upstream-system-tests: stop chrony/systemd-timesynd before tests
++    - d/t/upstream-system-tests: fix stderr in case services do not exist
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 01 Apr 2020 09:25:45 +0200
++
++chrony (3.5-6ubuntu2) focal; urgency=medium
++
++  * fix capsh usage in focal avoiding to always fall back to -x (LP: #1867036)
++    - d/control: add versioned dependency to libcap2-bin new enough to
++      support --has-p
++    - d/chronyd-starter.sh: update capsh usage to use --has-p
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 31 Mar 2020 10:19:20 +0200
++
++chrony (3.5-6ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1866753). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 12 Mar 2020 11:02:33 +0100
++
  chrony (3.5-6) unstable; urgency=medium
    * debian/chrony.service:
@@ -886,6 +1636,41 @@ chrony (3.5-6) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 10 Mar 2020 19:17:16 +0100
++chrony (3.5-5ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1859969). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/control: destructive_system_tests only work on amd64 and s390x right
++      now [fixed by backporting fixes from upstream in 3.5-5 ]
++    - d/t/upstream-simulation-test-suite: ignore warnings on stderr while
++      running clksim make
++      [ in Debian 3.5-5 ]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 Jan 2020 12:55:32 +0100
++
  chrony (3.5-5) unstable; urgency=medium
    * debian/control:
@@ -913,6 +1698,47 @@ chrony (3.5-5) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 22 Dec 2019 17:30:40 +0100
++chrony (3.5-4ubuntu2) focal; urgency=medium
++
++  * d/t/control: destructive_system_tests only work on amd64 and s390x right
++    now
++  * d/t/upstream-simulation-test-suite: ignore warnings on stderr while
++    running clksim make
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 03 Dec 2019 14:50:50 +0100
++
++chrony (3.5-4ubuntu1) focal; urgency=medium
++
++  * Merge with Debian unstable (LP: #1854328). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++  * Dropped changes:
++    - d/t/control: allow stderr for recent changes in resolved/iproute
++      (LP 1836882) [no more needed]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 28 Nov 2019 10:31:36 +0100
++
  chrony (3.5-4) unstable; urgency=medium
    * debian/tests/control:
@@ -957,6 +1783,52 @@ chrony (3.5-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Tue, 13 Aug 2019 17:57:47 +0200
++chrony (3.5-2ubuntu3) focal; urgency=medium
++
++  * No-change rebuild against libnettle7
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 31 Oct 2019 22:07:56 +0000
++
++chrony (3.5-2ubuntu2) eoan; urgency=medium
++
++  * d/t/control: allow stderr for recent changes in resolved/iproute
++    (LP: #1836882)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 17 Jul 2019 12:41:58 +0200
++
++chrony (3.5-2ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian experimental (LP: #1835046). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++   * Dropped changes (accepted in Debian now):
++    - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP 1771994)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 02 Jul 2019 13:37:23 +0200
++
  chrony (3.5-2) unstable; urgency=medium
    * Merge branch “experimental” into “master”.
@@ -1043,6 +1915,56 @@ chrony (3.5~pre1-1) experimental; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sun, 12 May 2019 22:16:14 +0200
++chrony (3.4-4ubuntu2) eoan; urgency=medium
++
++  * Dropped sysV change added in 3.4-4ubuntu1 (LP: #1829700):
++    - removed d/init to avoid weird interactions between sysV and systemd
++    [With debhelper compat level 12 this isn't an issue anymore]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Wed, 22 May 2019 09:10:41 +0200
++
++chrony (3.4-4ubuntu1) eoan; urgency=medium
++
++  * Merge with Debian unstable (LP: #1828992). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
++    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off) [fixed a minor typo in the comment in this update]
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chrony-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP 1764357)
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP 1771994)
++  * Added Changes:
++    - removed d/init to avoid weird interactions between sysV and systemd
++  * Dropped Changes:
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      + d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      + d/control: set Recommends to networkd-dispatcher
++      [Those are in Debian, except that we agreed to have networkd-dispatcher
++       to only be a Suggests]
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 14 May 2019 12:49:30 +0200
++
  chrony (3.4-4) unstable; urgency=medium
    * debian/patches/*:
@@ -1119,6 +2041,48 @@ chrony (3.4-2) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 13 Feb 2019 17:08:17 +0100
++chrony (3.4-1ubuntu1) disco; urgency=medium
++
++  * Merge with Debian unstable (LP: #1802886). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      + debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off).
++      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      + debian/install: make chronyd-starter.sh available on install.
++      + debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      + d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      + d/control: set Recommends to networkd-dispatcher
++  * Dropped Changes (upstream):
++    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++    - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
++      the service on newer kernels by falling back to urandom. (LP: 1787366)
++  * Added Changes:
++    - d/postrm: respect policy-rc.d when restoring systemd-timesyncd
++      (LP: #1771994)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 12 Nov 2018 11:39:08 +0100
++
  chrony (3.4-1) unstable; urgency=medium
    * Import upstream version 3.4:
@@ -1195,6 +2159,66 @@ chrony (3.3-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Sat, 18 Aug 2018 16:23:19 +0200
++chrony (3.3-2ubuntu2) cosmic; urgency=medium
++
++  * - d/p/lp-1787366-fall-back-to-urandom.patch: avoid hangs when starting
++      the service on newer kernels by falling back to urandom.
++      (LP: #1787366, Closes: #906276)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 16 Aug 2018 11:48:38 +0200
++
++chrony (3.3-2ubuntu1) cosmic; urgency=medium
++
++  * Merge with Debian unstable (LP: #1771061). Remaining changes:
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++    - Set -x as default if unable to set time (e.g. in containers) (LP: 1589780)
++      Chrony is a single service which acts as both NTP client (i.e. syncing the
++      local clock) and NTP server (i.e. providing NTP services to the network),
++      and that is both desired and expected in the vast majority of cases.
++      But in containers syncing the local clock is usually impossible, but this
++      shall not break the providing of NTP services to the network.
++      To some extent this makes chrony's default config more similar to 'ntpd',
++      which complained in syslog but still provided NTP server service in those
++      cases.
++      - debian/chrony.service: allow the service to run without CAP_SYS_TIME
++      - debian/control: add new dependency libcap2-bin for capsh (usually
++        installed anyway, but make them explicit to be sure).
++      - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++        (Default off).
++      - debian/chronyd-starter.sh: wrapper to handle special cases in containers
++        and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++        containers on a default installation and avoid failing to sync time (or
++        if allowed to sync, avoid multiple containers to fight over it by
++        accident).
++      - debian/install: make chronyd-starter.sh available on install.
++      - debian/docs, debian/README.container: provide documentation about the
++        handling of this case.
++    - d/postrm: re-establish systemd-timesyncd on removal (LP: 1764357)
++    - Notify chrony to update sources in response to systemd-networkd
++      events (LP: 1718227)
++      - d/links: link dispatcher script to networkd-dispatcher events routable
++        and off
++      - d/control: set Recommends to networkd-dispatcher
++      - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++  * Dropped changes
++    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
++      (LP: 1751241) (in Debian now)
++    - debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: 1761327)
++      (in Debian now)
++    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
++      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
++      capability if the -x option was enabled. This allows chronyd to be
++      started without the capability (e.g. in containers) and also drop the
++      root privileges (This is upstream now).
++    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch (This is
++      upstream now).
++    - d/control: switch to nss instead of tomcrypt (Debian switched to nettle
++      which is in main, so we can drop this)
++  * Added changes
++    - debian/README.container: fix typos
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 14 May 2018 09:06:01 +0200
++
  chrony (3.3-2) unstable; urgency=medium
    * debian/chrony.service:
@@ -1250,6 +2274,76 @@ chrony (3.2-5) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 28 Feb 2018 17:31:08 +0100
++chrony (3.2-4ubuntu4) bionic; urgency=medium
++
++  * d/postrm: re-establish systemd-timesyncd on removal (LP: #1764357)
++  * Notify chrony to update sources in response to systemd-networkd
++    events (LP: #1718227)
++    - d/links: link dispatcher script to networkd-dispatcher events routable
++      and off
++    - d/control: set Recommends to networkd-dispatcher
++    - d/p/lp-1718227-ignore-non-up-down-events-in-nm-dispatcher.patch
++    - d/p/lp-1718227-nm-dispatcher-for-networkd.patch
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 16 Apr 2018 17:04:06 +0200
++
++chrony (3.2-4ubuntu3) bionic; urgency=medium
++
++  * debian/usr.sbin.chronyd: add cap net_admin for hwtimestamp (LP: #1761327)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 05 Apr 2018 09:38:10 +0200
++
++chrony (3.2-4ubuntu2) bionic; urgency=medium
++
++  * Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
++    Chrony is a single service which acts as both NTP client (i.e. syncing the
++    local clock) and NTP server (i.e. providing NTP services to the network),
++    and that is both desired and expected in the vast majority of cases.
++    But in containers syncing the local clock is usually impossible, but this
++    shall not break the providing of NTP services to the network.
++    To some extent this makes chrony's default config more similar to 'ntpd',
++    which complained in syslog but still provided NTP server service in those
++    cases.
++    - d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
++      When dropping the root privileges, don't try to keep the CAP_SYS_TIME
++      capability if the -x option was enabled. This allows chronyd to be
++      started without the capability (e.g. in containers) and also drop the
++      root privileges.
++    - debian/chrony.service: allow the service to run without CAP_SYS_TIME
++    - debian/control: add new dependency libcap2-bin for capsh (usually
++      installed anyway, but make them explicit to be sure).
++    - debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
++      (Default off).
++    - debian/chronyd-starter.sh: wrapper to handle special cases in containers
++      and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
++      containers on a default installation and avoid failing to sync time (or
++      if allowed to sync, avoid multiple containers to fight over it by
++      accident).
++    - debian/install: make chronyd-starter.sh available on install.
++    - debian/docs, debian/README.container: provide documentation about the
++      handling of this case.
++  * debian/chrony.conf: update default chrony.conf to not violate the policy
++    of pool.ntp.org (to use no more than four of their servers) and to provide
++    more ipv6 capable sources by default (LP: #1754358)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 16 Mar 2018 12:25:44 +0100
++
++chrony (3.2-4ubuntu1) bionic; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - d/control: switch to nss instead of tomcrypt (nss is in main)
++    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664)
++  * Dropped changes (in Debian)
++    - d/chrony.default, d/chrony.service: support /etc/default/chrony
++      DAEMON_OPTS in systemd environment (LP: 1746081)
++    - d/chrony.service: properly start after networking (LP: 1746458)
++    - d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: 1746444)
++  * Added Changes:
++    - debian/usr.sbin.chronyd: ensure RTC/GPS usage isn't blocked by apparmor
++      (LP: #1751241, Closes: #891201)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Mon, 26 Feb 2018 14:44:54 +0100
++
  chrony (3.2-4) unstable; urgency=medium
    * debian/changelog:
@@ -1316,6 +2410,27 @@ chrony (3.2-3) unstable; urgency=medium
   -- Vincent Blut <vincent.debian@free.fr>  Wed, 07 Feb 2018 21:27:09 +0100
++chrony (3.2-2ubuntu3) bionic; urgency=medium
++
++  * Revert the changes of (LP 1746458) as in the follow on discussion
++    it became clear that we want it to start early (for example for an
++    early offset from drift file). iIf needed chrony will later on pick
++    up that servers are online via retries (augmented by hooks on network
++    events).
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Thu, 08 Feb 2018 10:52:30 +0100
++
++chrony (3.2-2ubuntu2) bionic; urgency=medium
++
++  * d/control: use to nss instead of tomcrypt (in main) (LP: #1744072)
++  * d/chrony.conf: use ubuntu ntp pool and server (LP: #1744664)
++  * d/chrony.default, d/chrony.service: support /etc/default/chrony
++    DAEMON_OPTS in systemd environment (LP: #1746081)
++  * d/chrony.service: properly start after networking (LP: #1746458)
++  * d/usr.sbin.chronyd: allow to create /run/chrony on demand (LP: #1746444)
++
++ -- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Fri, 19 Jan 2018 09:45:38 +0100
++
  chrony (3.2-2) unstable; urgency=medium
    * Initial AppArmor profile for chronyd. Thanks to Jamie
 diff --git a/debian/chrony.conf b/debian/chrony.conf
 index 03eccbf..cb6132b 100644
 --- a/debian/chrony.conf
 +++ b/debian/chrony.conf
@@ -1,10 +1,11 @@
  # Welcome to the chrony configuration file. See chrony.conf(5) for more
  # information about usable directives.
--# Use Debian vendor zone.
--pool 2.debian.pool.ntp.org iburst
++# The Ubuntu NTP pool servers configuration was moved to /etc/chrony/sources.d/ubuntu-ntp-pools.sources
  # Use time sources from DHCP.
++# Those could be non-NTS sources. If you want to avoid unauthenticated NTP
++# sources comment the following line. (LP: #2115565)
  sourcedir /run/chrony-dhcp
  # Use NTP sources found in /etc/chrony/sources.d.
 diff --git a/debian/chrony.config b/debian/chrony.config
 new file mode 100644
 index 0000000..369c2f6
 --- /dev/null
 +++ b/debian/chrony.config
@@ -0,0 +1,10 @@
++#!/bin/sh
++
++set -e
++
++. /usr/share/debconf/confmodule
++
++if [ "${1}" = "configure" ] || [ "${1}" = "reconfigure" ]; then
++    db_input low chrony/configure_ubuntu_pools_in_sourcesd || true
++    db_go || true
++fi
 diff --git a/debian/chrony.default b/debian/chrony.default
 index 028f63d..6e4e02a 100644
 --- a/debian/chrony.default
 +++ b/debian/chrony.default
@@ -4,3 +4,7 @@
  # Options to pass to chrony.
  DAEMON_OPTS="-F 1"
++
++# Sync system clock in containers or without CAP_SYS_TIME (likely to fail)
++# See /usr/share/doc/chrony/README.container for details.
++SYNC_IN_CONTAINER="no"
 diff --git a/debian/chrony.examples b/debian/chrony.examples
 index 1a0e8e2..20fcbb5 100644
 --- a/debian/chrony.examples
 +++ b/debian/chrony.examples
@@ -1 +1,2 @@
  examples/chrony.conf*
++examples/chronyd-restricted.service
 diff --git a/debian/chrony.service b/debian/chrony.service
 index 18cab1e..3bf9622 100644
 --- a/debian/chrony.service
 +++ b/debian/chrony.service
@@ -3,7 +3,6 @@ Description=chrony, an NTP client/server
  Documentation=man:chronyd(8) man:chronyc(1) man:chrony.conf(5)
  Conflicts=openntpd.service ntp.service ntpsec.service
  ConditionVirtualization=!container
--ConditionCapability=CAP_SYS_TIME
  [Service]
  Type=notify
@@ -11,7 +10,9 @@ PIDFile=/run/chrony/chronyd.pid
  EnvironmentFile=-/etc/default/chrony
  User=_chrony
  # Daemon is started as root, but still sandboxed
--ExecStart=!/usr/sbin/chronyd -n $DAEMON_OPTS
++ExecStart=!/usr/lib/systemd/scripts/chronyd-starter.sh -n $DAEMON_OPTS
++# Allow real chronyd to notify "READY=1" for chronyd-starter.sh
++NotifyAccess=all
  CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
  CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE
 diff --git a/debian/chronyd-starter.sh b/debian/chronyd-starter.sh
 new file mode 100755
 index 0000000..2539ffe
 --- /dev/null
 +++ b/debian/chronyd-starter.sh
@@ -0,0 +1,68 @@
++#!/bin/sh
++set -ue
++
++CONF="/etc/default/chrony"
++DOC="/usr/share/doc/chrony/README.container"
++CAP="cap_sys_time"
++CMD="/usr/sbin/chronyd"
++# Take any args passed, use none if nothing was specified
++EFFECTIVE_DAEMON_OPTS=${@:-""}
++
++if [ -f "${CONF}" ]; then
++    . "${CONF}"
++else
++    echo "<4>Warning: ${CONF} is missing"
++fi
++# take from conffile if available, default to no otherwise
++EFFECTIVE_SYNC_IN_CONTAINER=${SYNC_IN_CONTAINER:-"no"}
++
++if [ ! -x "${CMD}" ]; then
++    echo "<3>Error: ${CMD} not executable"
++    # ugly, but works around https://github.com/systemd/systemd/issues/2913
++    sleep 0.1
++    exit 1
++fi
++
++# Check if -x is already set manually, don't process further if that is the case
++X_SET=0
++for arg in $@; do
++    if echo "$arg" | grep -q -e '^-[a-zA-Z0-9]*x'; then
++         X_SET=1
++    fi
++done
++
++if [ ${X_SET} -ne 1 ]; then
++  # Assume it is not in a container
++  IS_CONTAINER=0
++  if [ -x /usr/bin/systemd-detect-virt ]; then
++      if /usr/bin/systemd-detect-virt --quiet --container; then
++          IS_CONTAINER=1
++      fi
++  fi
++
++
++  # Assume it has the cap
++  HAS_CAP=1
++  CAPSH="/sbin/capsh"
++  if [ -x "${CAPSH}" ]; then
++      ${CAPSH} --has-p="${CAP}" || HAS_CAP=0
++  fi
++
++  if [ ${HAS_CAP} -eq 0 ]; then
++      echo "<4>Warning: Missing ${CAP}, syncing the system clock will fail"
++  fi
++  if [ ${IS_CONTAINER} -eq 1 ]; then
++      echo "<4>Warning: Running in a container, likely impossible and unintended to sync system clock"
++  fi
++
++  if [ ${HAS_CAP} -eq 0 -o ${IS_CONTAINER} -eq 1 ]; then
++      if [ "${EFFECTIVE_SYNC_IN_CONTAINER}" != "yes" ]; then
++          echo "<5>Adding -x as fallback disabling control of the system clock, see ${DOC} to override this behavior"
++          EFFECTIVE_DAEMON_OPTS="${EFFECTIVE_DAEMON_OPTS} -x"
++      else
++          echo "<5>Not falling back to disable control of the system clock, see ${DOC} to change this behavior"
++      fi
++  fi
++fi
++
++${CMD} ${EFFECTIVE_DAEMON_OPTS}
 diff --git a/debian/conf.d/ubuntu-nts.conf b/debian/conf.d/ubuntu-nts.conf
 new file mode 100644
 index 0000000..cfc0abc
 --- /dev/null
 +++ b/debian/conf.d/ubuntu-nts.conf
@@ -0,0 +1,6 @@
++# This CA is needed for the Ubuntu NTS bootstrap servers.  It has a very large
++# validity range (decades into the past and future) to allow systems with a
++# very large initial clock drift to use NTS.
++# If there is already another certificate set using the same index as this one
++# here ("1"), then this CA will get added to that set.
++ntstrustedcerts 1 /etc/chrony/nts-bootstrap-ubuntu.crt
 diff --git a/debian/control b/debian/control
 index a82b2d5..a932b9e 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: chrony
  Section: net
  Priority: optional
--Maintainer: Vincent Blut <vincent.debian@free.fr>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Vincent Blut <vincent.debian@free.fr>
  Standards-Version: 4.7.2
  Build-Depends: asciidoctor,
                 bison,
@@ -26,8 +27,10 @@ Package: chrony
  Architecture: linux-any
  Pre-Depends: ${misc:Pre-Depends}
  Depends: adduser (>= 3.130),
++         debconf (>= 0.5),
           iproute2 [linux-any],
           tzdata,
++         libcap2-bin (>= 1:2.32-1),
           ucf,
           ${misc:Depends},
           ${shlibs:Depends}
 diff --git a/debian/docs b/debian/docs
 index e12f653..3bfc9dc 100644
 --- a/debian/docs
 +++ b/debian/docs
@@ -1,3 +1,4 @@
  FAQ
  NEWS
  README
++debian/README.container
 diff --git a/debian/install b/debian/install
 index 2a702e8..1726964 100644
 --- a/debian/install
 +++ b/debian/install
@@ -1,6 +1,10 @@
  debian/chrony-helper usr/libexec/chrony
  debian/chrony.conf usr/share/chrony
++debian/ubuntu-ntp-pools.sources usr/share/chrony
  debian/conf.d etc/chrony
  debian/ntp-units.d/50-chrony.list usr/lib/systemd/ntp-units.d
  debian/sources.d etc/chrony
  debian/usr.sbin.chronyd etc/apparmor.d
++debian/chronyd-starter.sh usr/lib/systemd/scripts/
++debian/nts-bootstrap-staging-ubuntu.crt etc/chrony
++debian/nts-bootstrap-ubuntu.crt etc/chrony
 diff --git a/debian/nts-bootstrap-staging-ubuntu.crt b/debian/nts-bootstrap-staging-ubuntu.crt
 new file mode 100644
 index 0000000..498bc6f
 --- /dev/null
 +++ b/debian/nts-bootstrap-staging-ubuntu.crt
@@ -0,0 +1,11 @@
++-----BEGIN CERTIFICATE-----
++MIIBoDCCAUegAwIBAgIUboHEx7dO7bYbqpDEg4me/VVt+IswCgYIKoZIzj0EAwIw
++ETEPMA0GA1UEAwwGdWJ1bnR1MCAXDTUwMDEwMTAwMDAwMFoYDzk5OTkxMjMxMjM1
++OTU5WjArMSkwJwYDVQQDDCBudHAtYm9vdHN0cmFwLnN0YWdpbmcudWJ1bnR1LmNv
++bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABK9XPhpN0XjX3itffScnYxTMi+nH
++6pW7bbNTRil6THK7TTKZDhG1r3dLy+FlYBU4dsxg9CQlTSMJlApplUnLwBmjYTBf
++ME8GA1UdEQRIMEaCIG50cC1ib290c3RyYXAuc3RhZ2luZy51YnVudHUuY29tgiIq
++Lm50cC1ib290c3RyYXAuc3RhZ2luZy51YnVudHUuY29tMAwGA1UdEwEB/wQCMAAw
++CgYIKoZIzj0EAwIDRwAwRAIgOvXlLW5NlZob+ukYRAhLkMqlPOzLqLtcHQlKnnja
++3sgCIENZVt2+zsZRpX1a8p6O9yVk8n7ovF4tbqEvFkqlzLQm
++-----END CERTIFICATE-----
 diff --git a/debian/nts-bootstrap-ubuntu.crt b/debian/nts-bootstrap-ubuntu.crt
 new file mode 100644
 index 0000000..78dd811
 --- /dev/null
 +++ b/debian/nts-bootstrap-ubuntu.crt
@@ -0,0 +1,11 @@
++-----BEGIN CERTIFICATE-----
++MIIBiTCCAS+gAwIBAgIUPlSKCl0OHrnDiEB3/4yJAoeMh18wCgYIKoZIzj0EAwIw
++ETEPMA0GA1UEAwwGdWJ1bnR1MCAXDTcwMDEwMTAwMDAwMFoYDzIxMDAwMTAxMDAw
++MDAwWjAjMSEwHwYDVQQDDBhudHAtYm9vdHN0cmFwLnVidW50dS5jb20wWTATBgcq
++hkjOPQIBBggqhkjOPQMBBwNCAAS7TU/9OynpZSHZIF5/AUQPwCewy50pybP3/DBR
++PV5cNtdj4CefCp09x7hEsrofm2XSh0HkcuoADgO6pioVAOQXo1EwTzA/BgNVHREE
++ODA2ghhudHAtYm9vdHN0cmFwLnVidW50dS5jb22CGioubnRwLWJvb3RzdHJhcC51
++YnVudHUuY29tMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwIDSAAwRQIhAK06wN7r
++Ys7PDAIvFn2qlIKL8FFLhYtHZLcJwwV6vFgBAiATxuquFRB/xn4Y3ZSMvAxRx9rG
++8vLwOy6cp6CVWRVvWQ==
++-----END CERTIFICATE-----
 diff --git a/debian/postinst b/debian/postinst
 index 6404edf..0c53316 100644
 --- a/debian/postinst
 +++ b/debian/postinst
@@ -3,13 +3,15 @@
+ #
  # see: dh_installdeb(1)
++. /usr/share/debconf/confmodule
  set -e
  # targets: configure|abort-upgrade|abort-remove|abort-deconfigure
++ucf_managed_sources="true"
  case "$1" in
--    configure)
++    configure|reconfigure)
          adduser --system \
                  --group \
@@ -18,13 +20,34 @@ case "$1" in
                  --home /var/lib/chrony \
                  --no-create-home _chrony
++        ubuntu_ntp_pools_sources_filepath="/etc/chrony/sources.d/ubuntu-ntp-pools.sources"
++        packaged_ubuntu_ntp_pools_sources_filepath="/usr/share/chrony/ubuntu-ntp-pools.sources"
++
++        db_get chrony/configure_ubuntu_pools_in_sourcesd
++        ucf_managed_sources="${RET}"
++
          if command -v ucf >/dev/null
          then
--            ucf --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf
--            ucf --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys
++            ucf --debconf-ok --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf
++            ucf --debconf-ok --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys
++            if [ "${ucf_managed_sources}" = "true" ]; then
++                ucf --debconf-ok --three-way "${packaged_ubuntu_ntp_pools_sources_filepath}" "${ubuntu_ntp_pools_sources_filepath}"
++            else
++                # If this was under ucf before, purge it.
++                # If it wasn't under ucf before, this does not fail
++                ucf --debconf-ok --purge "${ubuntu_ntp_pools_sources_filepath}"
++                rm -f "${ubuntu_ntp_pools_sources_filepath}"
++            fi
              if [ -x "$(command -v ucfr)" ]; then
                  ucfr chrony /etc/chrony/chrony.conf
                  ucfr chrony /etc/chrony/chrony.keys
++                if [ "${ucf_managed_sources}" = "true" ]; then
++                    ucfr chrony "${ubuntu_ntp_pools_sources_filepath}"
++                else
++                    # If this was under ucf before, purge it.
++                    # If it wasn't under ucf before, this does not fail
++                    ucfr --purge chrony "${ubuntu_ntp_pools_sources_filepath}"
++                fi
              fi
          fi
 diff --git a/debian/postrm b/debian/postrm
 index 79713e3..9a80d36 100644
 --- a/debian/postrm
 +++ b/debian/postrm
@@ -5,8 +5,16 @@
  set -e
++. /usr/share/debconf/confmodule
++
  # targets: purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear
++ubuntu_ntp_pools_sources_filepath="/etc/chrony/sources.d/ubuntu-ntp-pools.sources"
++ucf_managed_sources="true"
++
++db_get chrony/configure_ubuntu_pools_in_sourcesd
++ucf_managed_sources="${RET}"
++
  case "$1" in
      purge)
          rm -f /var/lib/chrony/*
@@ -16,9 +24,15 @@ case "$1" in
          then
              ucf --purge /etc/chrony/chrony.conf
              ucf --purge /etc/chrony/chrony.keys
++            if [ "${ucf_managed_sources}" = "true" ]; then
++                ucf --purge "${ubuntu_ntp_pools_sources_filepath}"
++            fi
              if [ -x "$(command -v ucfr)" ]; then
                  ucfr --purge chrony /etc/chrony/chrony.conf
                  ucfr --purge chrony /etc/chrony/chrony.keys
++                if [ "${ucf_managed_sources}" = "true" ]; then
++                    ucfr --purge chrony "${ubuntu_ntp_pools_sources_filepath}"
++                fi
              fi
          fi
          rm -rf /etc/chrony
 diff --git a/debian/rules b/debian/rules
 index 2bb8023..1945fbd 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -47,6 +47,5 @@ endif
  override_dh_installsystemd:
  	dh_installsystemd chrony.service
  	dh_installsystemd --name=chrony-wait --no-enable --no-start chrony-wait.service
--	dh_installsystemd --name=chronyd-restricted --no-enable --no-start chronyd-restricted.service
  	dh_installsystemd --name=chrony-dnssrv@ chrony-dnssrv@.service
  	dh_installsystemd --name=chrony-dnssrv@ --no-enable --no-start chrony-dnssrv@.timer
 diff --git a/debian/templates b/debian/templates
 new file mode 100644
 index 0000000..e93ccd8
 --- /dev/null
 +++ b/debian/templates
@@ -0,0 +1,12 @@
++Template: chrony/configure_ubuntu_pools_in_sourcesd
++Type: boolean
++Default: true
++Description: Configure Ubuntu NTP pools in /etc/chrony/sources.d/ubuntu-ntp-pools.sources
++ The default Ubuntu NTP pools were moved from /etc/chrony/chrony.conf to an
++ included file in /etc/chrony/sources.d/ubuntu-ntp-pools.sources. The main
++ chrony.conf file shipped by the package no longer contains any NTP pools.
++ If you answer "yes", what was described above will be applied.
++ If you answer "no", then /etc/chrony/sources.d/ubuntu-ntp-pools.sources will
++ NOT be created. If it exists already, it will be REMOVED, and subsequent
++ upgrades will not recreate it.
++ If in doubt, it's recommended that you answer "yes".
 diff --git a/debian/tests/control b/debian/tests/control
 index 5586711..42067f2 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -1,3 +1,9 @@
++# Keep this as the first test, to check default installation behavior more
++# easily.
++Tests: default-ubuntu-sources-behavior
++Depends: chrony, dpkg-dev
++Restrictions: isolation-container, needs-root
++
  Tests: upstream-simulation-test-suite
  Depends: @builddeps@, build-essential, ca-certificates, wget
  Restrictions: isolation-container, build-needed, skippable, needs-root, needs-internet
 diff --git a/debian/tests/default-ubuntu-sources-behavior b/debian/tests/default-ubuntu-sources-behavior
 new file mode 100644
 index 0000000..458d010
 --- /dev/null
 +++ b/debian/tests/default-ubuntu-sources-behavior
@@ -0,0 +1,134 @@
++#!/bin/bash
++
++set -e
++
++. debian/tests/helper-functions
++
++UBUNTU_NTP_POOLS="/etc/chrony/sources.d/ubuntu-ntp-pools.sources"
++
++cleanup() {
++    ret=$?
++    __cleanup
++    set +e
++    if [ ${ret} -ne 0 ]; then
++        echo "## ERROR, something failed"
++        echo
++        echo "## journal logs for chrony"
++        journalctl -u chrony.service --lines 500
++        echo
++        echo "## Content of /etc/chrony"
++        find /etc/chrony -ls
++        echo
++        echo "## chrony sources"
++        chronyc sources
++    fi
++}
++
++trap cleanup EXIT
++
++test_fresh_install_has_nts_sources() {
++    local -i n=0
++    local output
++
++    echo
++    echo "## Running ${FUNCNAME[0]}"
++    echo "## Fresh install, ubuntu NTS sources must be defined"
++    ls -la "$(dirname ${UBUNTU_NTP_POOLS})"
++    test -f "${UBUNTU_NTP_POOLS}" || return 1
++    cat "${UBUNTU_NTP_POOLS}"
++    grep -qE "^pool.*nts" "${UBUNTU_NTP_POOLS}" || return 1
++    echo
++    echo "## Chrony should have valid sources loaded"
++    # Sometimes this lists sources and still fails ($? != 0), so let's ignore
++    # errors and check the output instead
++    output=$(chronyc sources 2>&1 || :)
++    echo "${output}"
++    n=$(echo "${output}" | grep -E '^\^'|wc -l)
++    echo "## ${n} sources identified"
++    if [ "${n}" -gt 0 ]; then
++        echo "## OK"
++    else
++        echo "## FAIL"
++        return 1
++    fi
++    echo
++    echo "## And these sources should be authenticated"
++    output=$(chronyc authdata 2>&1 || :)
++    echo "${output}"
++    n=$(echo "${output}" | grep -E 'NTS'|wc -l)
++    echo "## ${n} authenticated sources identified"
++    if [ "${n}" -gt 0 ]; then
++        echo "## OK"
++    else
++        echo "## FAIL"
++        return 1
++    fi
++}
++
++test_debconf_no_ubuntu_sources() {
++    echo
++    echo "## Running ${FUNCNAME[0]}"
++    echo "## Checking that ${UBUNTU_NTP_POOLS} exists"
++    ls -la "${UBUNTU_NTP_POOLS}" || return 1
++    echo
++    echo "## Reconfiguring chrony with chrony/configure_ubuntu_pools_in_sourcesd set to false"
++    debconf-set-selections <<EOF
++chrony chrony/configure_ubuntu_pools_in_sourcesd boolean false
++EOF
++    dpkg-reconfigure chrony 2>&1
++    echo
++    echo "## Now ${UBUNTU_NTP_POOLS} should be gone"
++    ls -la "${UBUNTU_NTP_POOLS}" 2>&1 && return 1 || :
++    echo
++    echo "## And chrony should have no sources"
++    # Sometimes this lists sources and still fails ($? != 0), so let's ignore
++    # errors and check the output instead
++    output=$(chronyc sources 2>&1 || :)
++    echo "${output}"
++    n=$(echo "${output}" | grep -E '^\^'|wc -l)
++    echo "## ${n} sources identified"
++    if [ "${n}" -gt 0 ]; then
++        echo "## FAIL"
++        return 1
++    else
++        echo "## OK"
++    fi
++}
++
++test_debconf_with_ubuntu_sources() {
++    echo
++    echo "## Running ${FUNCNAME[0]}"
++    echo "## Checking that ${UBUNTU_NTP_POOLS} does not exist"
++    ls -la "${UBUNTU_NTP_POOLS}" 2>&1 && return 1 || :
++    echo
++    echo "## Reconfiguring chrony with chrony/configure_ubuntu_pools_in_sourcesd set to true"
++    debconf-set-selections <<EOF
++chrony chrony/configure_ubuntu_pools_in_sourcesd boolean true
++EOF
++    dpkg-reconfigure chrony 2>&1
++    echo
++    echo "## Now ${UBUNTU_NTP_POOLS} should exist now"
++    ls -la "${UBUNTU_NTP_POOLS}" || return 1
++    echo
++    echo "## And chrony should have valid sources"
++    # Sometimes this lists sources and still fails ($? != 0), so let's ignore
++    # errors and check the output instead
++    output=$(chronyc sources 2>&1 || :)
++    echo "${output}"
++    n=$(echo "${output}" | grep -E '^\^'|wc -l)
++    echo "## ${n} sources identified"
++    if [ "${n}" -gt 0 ]; then
++        echo "## OK"
++    else
++        echo "## FAIL"
++        return 1
++    fi
++}
++
++__no_system_clock_control
++__restart_chronyd
++# these tests must be run in this order, because they don't reset the state
++# each time
++test_fresh_install_has_nts_sources
++test_debconf_no_ubuntu_sources
++test_debconf_with_ubuntu_sources
 diff --git a/debian/ubuntu-ntp-pools.sources b/debian/ubuntu-ntp-pools.sources
 new file mode 100644
 index 0000000..27a08a5
 --- /dev/null
 +++ b/debian/ubuntu-ntp-pools.sources
@@ -0,0 +1,31 @@
++# Use NTS by default
++# NTS uses an additional port to negotiate security: 4460/tcp
++# The normal NTP port remains in use: 123/udp
++pool 1.ntp.ubuntu.com iburst maxsources 1 nts prefer
++pool 2.ntp.ubuntu.com iburst maxsources 1 nts prefer
++pool 3.ntp.ubuntu.com iburst maxsources 1 nts prefer
++pool 4.ntp.ubuntu.com iburst maxsources 1 nts prefer
++# The bootstrap server is needed by systems without a hardware clock, or a very
++# large initial clock offset. The specified certificate set is defined in
++# /etc/chrony/conf.d/ubuntu-nts.conf.
++pool ntp-bootstrap.ubuntu.com iburst maxsources 1 nts certset 1
++
++# If you can't or won't use NTS, then here are the old NTP-only definitions
++
++# This will use (up to):
++# - 4 sources from ntp.ubuntu.com which some are ipv6 enabled
++# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well
++# - 1 source from [01].ubuntu.pool.ntp.org each (ipv4 only atm)
++# This means by default, up to 6 dual-stack and up to 2 additional IPv4-only
++# sources will be used.
++# At the same time it retains some protection against one of the entries being
++# down (compare to just using one of the lines). See (LP: #1754358) for the
++# discussion.
++#
++# About using servers from the NTP Pool Project in general see (LP: #104525).
++# Approved by Ubuntu Technical Board on 2011-02-08.
++# See http://www.pool.ntp.org/join.html for more information.
++#pool ntp.ubuntu.com        iburst maxsources 4
++#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
++#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
++#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
 diff --git a/debian/usr.sbin.chronyd b/debian/usr.sbin.chronyd
 index 6760ef2..fa6fa03 100644
 --- a/debian/usr.sbin.chronyd
 +++ b/debian/usr.sbin.chronyd
@@ -78,6 +78,9 @@ abi <abi/3.0>,
    # Allow read-write access to the socket path(s).
    @{run}/timemaster/chrony.SOCK[0-9]* rw,
++  # Allow systemd Type=notify using sd_notify's $NOTIFY_SOCKET
++  @{run}/systemd/notify w,
++
    # For use with clocks that report via shared memory (e.g. gpsd),
    # you may need to give ntpd access to all of shared memory, though
    # this can be considered dangerous. See https://launchpad.net/bugs/722815

Ubuntuchrony package

Merge ~slyon/ubuntu/+source/chrony:merge-lp2110435-questing into ubuntu/+source/chrony:debian/experimental

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
chrony package