[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/

Sat, 02 May 2020 03:44:12 -0700 

commit:     87242b6f6a92328671131779c43e8f14c64f4252
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Mon Apr 20 11:44:57 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat May  2 10:43:28 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87242b6f

net-misc/chrony: Sync live ebuild with caps changes

This includes the permission fixes from efd09f68d, added to
the 9999 ebuild.

This should conclude the caps fixes.

Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Closes: https://github.com/gentoo/gentoo/pull/15547
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-misc/chrony/chrony-9999.ebuild | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/net-misc/chrony/chrony-9999.ebuild 
b/net-misc/chrony/chrony-9999.ebuild
index 8d8758fa5c6..06eeb9fa032 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -20,14 +20,13 @@ REQUIRED_USE="
 "
 
 CDEPEND="
-       caps? ( sys-libs/libcap )
+       caps? ( acct-group/ntp acct-user/ntp sys-libs/libcap )
        libedit? ( dev-libs/libedit )
        readline? ( >=sys-libs/readline-4.1-r4:= )
        seccomp? ( sys-libs/libseccomp )
 "
 DEPEND="
        ${CDEPEND}
-       caps? ( acct-group/ntp acct-user/ntp )
        dev-ruby/asciidoctor
        pps? ( net-misc/pps-tools )
 "
@@ -135,6 +134,13 @@ src_install() {
 
        keepdir /var/{lib,log}/chrony
 
+       if use caps; then
+               # Prepare a directory for the chrony.drift file (a la ntpsec)
+               # Ensures the environment is sane on new installs
+               fowners ntp:ntp /var/{lib,log}/chrony
+               fperms 770 /var/lib/chrony
+       fi
+
        insinto /etc/logrotate.d
        newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
 
@@ -143,6 +149,20 @@ src_install() {
        systemd_enable_ntpunit 50-chrony chronyd.service
 }
 
+pkg_preinst() {
+       HAD_CAPS=false
+
+       if has_version 'net-misc/chrony[caps]'; then
+               HAD_CAPS=true
+       fi
+}
+
 pkg_postinst() {
        tmpfiles_process chronyd.conf
+
+       if use caps && ! ${HAD_CAPS}; then
+               ewarn "Please adjust permissions on 
${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
+               ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
+               ewarn "This is necessary for chrony to drop privileges"
+       fi
 }

Reply via email to