commit: becfaac19ad2b782a18eae112d64ffe1b59bd75c Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Apr 22 21:54:30 2021 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Apr 22 22:24:55 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=becfaac1
net-misc/chrony: add 4.1_pre1 (unkeyworded) * Bump to 4.1_pre1 * Tidy up IUSE, *DEPEND * Unrestrict tests * Add useful bug references re seccomp and caps. May restore turning on seccomp automatically in a revbump or next pre-release. * Dependency changes/fixes: ** Depend on sys-libs/readline when not using libedit ** NTS requires GnuTLS, not Nettle ** Add more cases for virtual/pkgconfig BDEPEND ** Move html? ( asciidoctor ) dependency to BDEPEND Bug: https://bugs.gentoo.org/783915 Signed-off-by: Sam James <sam <AT> gentoo.org> net-misc/chrony/Manifest | 2 + .../{chrony-9999.ebuild => chrony-4.1_pre1.ebuild} | 88 ++++++++++++---------- net-misc/chrony/chrony-9999.ebuild | 88 ++++++++++++---------- 3 files changed, 102 insertions(+), 76 deletions(-) diff --git a/net-misc/chrony/Manifest b/net-misc/chrony/Manifest index d699aaf1a3e..d898b8aa015 100644 --- a/net-misc/chrony/Manifest +++ b/net-misc/chrony/Manifest @@ -1,2 +1,4 @@ DIST chrony-4.0.tar.gz 546939 BLAKE2B 1d4035977be3603b34024c5c1c2aa5f2b4aca03fe7dc1eb41be2e9aeefa06e20a5f74776c50bdadaffba10ae25e7980bcbd9cf2b999bd73087728afe7a80253e SHA512 a1c11a386c43f495910f7f2e9b5fbb1652c3631471d182b9b8203dfef98611d11535ad547a879856551263aed0ae2e30e4135b8ed89553684706166bc1c725c9 DIST chrony-4.0.tar.gz.asc 195 BLAKE2B 1947a73f35eb5c58f91775d76473210a7b5edff5b808e360eb0c3724351c54ac4f187a2aa4450830130da718c6a0c488baa170ca87e7e6eac781d85c67b3773f SHA512 c3156d91f4fdb6f9e2fdbc83b1399afb0ecdfa9b7bc92648c5bce477c3f0f921d2a13aa21ac6c281f18b008c60f08e3db6d82b642b646f064aea1dbe19295c4c +DIST chrony-4.1-pre1.tar.gz 563277 BLAKE2B 474d27d0e402d83bda52125940b8205119519b93571e6b8df3fea5eeb5f1f3babbcc40bc81db77bc345830d5e9528ad087ff539026a1a585ce220feeb851e978 SHA512 03e28e6651d6aa3c99333b94ee503843c3a69b8c8366bf647c41a3a9e34e987c440e289ec16e5c62c2a7405271bddc533efbd59d6c6ab43712c8908dfb86322e +DIST chrony-4.1-pre1.tar.gz.asc 195 BLAKE2B 4a06b35be3257a52cc824e2acfdff32b6598d1744bc23418e89291d71d6d9a86c35559eab26034ce2e05c4152ffb691b5ec4104dc339821e93523c33c8cbdd72 SHA512 8eb695c3f85f90d02b22b1202c8766347289a6da1d0658a3d89eed90202799bcfc647b96e5f931fb862011e85feed5f4914b39e45a3e20f01827509fe271a2d7 diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-4.1_pre1.ebuild similarity index 75% copy from net-misc/chrony/chrony-9999.ebuild copy to net-misc/chrony/chrony-4.1_pre1.ebuild index bf4786c5977..91a9a012460 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-4.1_pre1.ebuild @@ -8,7 +8,7 @@ inherit systemd tmpfiles toolchain-funcs DESCRIPTION="NTP client and server programs" HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"; -if [[ ${PV} == "9999" ]]; then +if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"; inherit git-r3 else @@ -16,15 +16,18 @@ else inherit verify-sig SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"; - SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P}-tar-gz-asc.txt -> ${P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" + + if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + fi fi S="${WORKDIR}/${P/_/-}" LICENSE="GPL-2" SLOT="0" -IUSE="+caps +cmdmon debug html ipv6 libedit +nettle nss +ntp +phc +nts pps +refclock +rtc samba +seccomp +sechash selinux libtomcrypt" +IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux" # nettle > nss > libtomcrypt in configure REQUIRED_USE=" sechash? ( || ( nettle nss libtomcrypt ) ) @@ -33,15 +36,9 @@ REQUIRED_USE=" libtomcrypt? ( !nettle !nss ) !sechash? ( !nss ) !sechash? ( !nts? ( !nettle ) ) - nts? ( nettle ) -" -RESTRICT="test" - -BDEPEND=" - nettle? ( virtual/pkgconfig ) " -if [[ ${PV} == "9999" ]]; then +if [[ ${PV} == "9999" ]] ; then # Needed for doc generation in 9999 REQUIRED_USE+=" html" BDEPEND+=" virtual/w3m" @@ -55,18 +52,26 @@ DEPEND=" acct-user/ntp sys-libs/libcap ) - nts? ( net-libs/gnutls:= ) libedit? ( dev-libs/libedit ) + !libedit? ( sys-libs/readline:= ) nettle? ( dev-libs/nettle:= ) nss? ( dev-libs/nss:= ) - seccomp? ( sys-libs/libseccomp ) - html? ( dev-ruby/asciidoctor ) + nts? ( net-libs/gnutls:= ) pps? ( net-misc/pps-tools ) + seccomp? ( sys-libs/libseccomp ) " RDEPEND=" ${DEPEND} selinux? ( sec-policy/selinux-chronyd ) " +BDEPEND=" + html? ( dev-ruby/asciidoctor ) + nts? ( virtual/pkgconfig ) + sechash? ( + nettle? ( virtual/pkgconfig ) + nss? ( virtual/pkgconfig ) + ) +" PATCHES=( "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch @@ -84,13 +89,13 @@ src_prepare() { } src_configure() { - if ! use caps; then + if ! use caps ; then sed -i \ -e 's/ -u ntp//' \ "${T}"/chronyd.conf examples/chronyd.service || die fi - if ! use seccomp; then + if ! use seccomp ; then sed -i \ -e 's/ -F 0//' \ "${T}"/chronyd.conf examples/chronyd.service || die @@ -102,26 +107,28 @@ src_configure() { # on a system that is time-synced. export SOURCE_DATE_EPOCH=1607976314 - # not an autotools generated script + # Not an autotools generated script local myconf=( $(use_enable seccomp scfilter) - $(usex caps '' --disable-linuxcaps) - $(usex cmdmon '' --disable-cmdmon) + + $(usex caps '' '--disable-linuxcaps') + $(usex cmdmon '' '--disable-cmdmon') $(usex debug '--enable-debug' '') - $(usex ipv6 '' --disable-ipv6) - $(usex libedit '' --without-editline) - $(usex nettle '' --without-nettle) - $(usex nss '' --without-nss) - $(usex ntp '' --disable-ntp) - $(usex nts '' --disable-nts) - $(usex nts '' --without-gnutls) - $(usex phc '' --disable-phc) - $(usex pps '' --disable-pps) - $(usex refclock '' --disable-refclock) - $(usex rtc '' --disable-rtc) - $(usex samba --enable-ntp-signd '') - $(usex sechash '' --disable-sechash) - $(usex libtomcrypt '' --disable-tomcrypt) + $(usex ipv6 '' '--disable-ipv6') + $(usex libedit '' '--without-editline') + $(usex libtomcrypt '' '--without-tomcrypt') + $(usex nettle '' '--without-nettle') + $(usex nss '' '--without-nss') + $(usex ntp '' '--disable-ntp') + $(usex nts '' '--disable-nts') + $(usex nts '' '--without-gnutls') + $(usex phc '' '--disable-phc') + $(usex pps '' '--disable-pps') + $(usex refclock '' '--disable-refclock') + $(usex rtc '' '--disable-rtc') + $(usex samba '--enable-ntp-signd' '') + $(usex sechash '' '--disable-sechash') + --chronysockdir="${EPREFIX}/run/chrony" --docdir="${EPREFIX}/usr/share/doc/${PF}" --mandir="${EPREFIX}/usr/share/man" @@ -129,17 +136,18 @@ src_configure() { --sysconfdir="${EPREFIX}/etc/chrony" --with-hwclockfile="${EPREFIX}/etc/adjtime" --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" + ${EXTRA_ECONF} ) - # print the ./configure call + # Print the ./configure call echo sh ./configure "${myconf[@]}" >&2 sh ./configure "${myconf[@]}" || die } src_compile() { - if [[ ${PV} == "9999" ]]; then - # uses w3m + if [[ ${PV} == "9999" ]] ; then + # Uses w3m emake -C doc man txt fi @@ -160,16 +168,17 @@ src_install() { newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" - if use html; then + if use html ; then docinto html dodoc doc/*.html fi keepdir /var/{lib,log}/chrony - if use caps; then + if use caps ; then # Prepare a directory for the chrony.drift file (a la ntpsec) # Ensures the environment is sane on new installs + # bug #711058 fowners ntp:ntp /var/{lib,log}/chrony fperms 770 /var/lib/chrony fi @@ -201,6 +210,7 @@ pkg_postinst() { if [[ -n "${REPLACING_VERSIONS}" ]] ; then if use caps && ! ${HAD_CAPS} ; then + # bug #719876 ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" @@ -209,6 +219,8 @@ pkg_postinst() { fi fi + # TODO: Will try to re-enable before final release ideally? + # bug #783915 if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then elog "To enable seccomp in enforcing mode, please modify:" elog "- /etc/conf.d/chronyd for OpenRC" diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild index bf4786c5977..91a9a012460 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-9999.ebuild @@ -8,7 +8,7 @@ inherit systemd tmpfiles toolchain-funcs DESCRIPTION="NTP client and server programs" HOMEPAGE="https://chrony.tuxfamily.org/ https://git.tuxfamily.org/chrony/chrony.git"; -if [[ ${PV} == "9999" ]]; then +if [[ ${PV} == "9999" ]] ; then EGIT_REPO_URI="https://git.tuxfamily.org/chrony/chrony.git"; inherit git-r3 else @@ -16,15 +16,18 @@ else inherit verify-sig SRC_URI="https://download.tuxfamily.org/${PN}/${P/_/-}.tar.gz"; - SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P}-tar-gz-asc.txt -> ${P}.tar.gz.asc )" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + SRC_URI+=" verify-sig? ( https://download.tuxfamily.org/chrony/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" + + if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + fi fi S="${WORKDIR}/${P/_/-}" LICENSE="GPL-2" SLOT="0" -IUSE="+caps +cmdmon debug html ipv6 libedit +nettle nss +ntp +phc +nts pps +refclock +rtc samba +seccomp +sechash selinux libtomcrypt" +IUSE="+caps +cmdmon debug html ipv6 libedit libtomcrypt +nettle nss +ntp +nts +phc pps +refclock +rtc samba +seccomp +sechash selinux" # nettle > nss > libtomcrypt in configure REQUIRED_USE=" sechash? ( || ( nettle nss libtomcrypt ) ) @@ -33,15 +36,9 @@ REQUIRED_USE=" libtomcrypt? ( !nettle !nss ) !sechash? ( !nss ) !sechash? ( !nts? ( !nettle ) ) - nts? ( nettle ) -" -RESTRICT="test" - -BDEPEND=" - nettle? ( virtual/pkgconfig ) " -if [[ ${PV} == "9999" ]]; then +if [[ ${PV} == "9999" ]] ; then # Needed for doc generation in 9999 REQUIRED_USE+=" html" BDEPEND+=" virtual/w3m" @@ -55,18 +52,26 @@ DEPEND=" acct-user/ntp sys-libs/libcap ) - nts? ( net-libs/gnutls:= ) libedit? ( dev-libs/libedit ) + !libedit? ( sys-libs/readline:= ) nettle? ( dev-libs/nettle:= ) nss? ( dev-libs/nss:= ) - seccomp? ( sys-libs/libseccomp ) - html? ( dev-ruby/asciidoctor ) + nts? ( net-libs/gnutls:= ) pps? ( net-misc/pps-tools ) + seccomp? ( sys-libs/libseccomp ) " RDEPEND=" ${DEPEND} selinux? ( sec-policy/selinux-chronyd ) " +BDEPEND=" + html? ( dev-ruby/asciidoctor ) + nts? ( virtual/pkgconfig ) + sechash? ( + nettle? ( virtual/pkgconfig ) + nss? ( virtual/pkgconfig ) + ) +" PATCHES=( "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch @@ -84,13 +89,13 @@ src_prepare() { } src_configure() { - if ! use caps; then + if ! use caps ; then sed -i \ -e 's/ -u ntp//' \ "${T}"/chronyd.conf examples/chronyd.service || die fi - if ! use seccomp; then + if ! use seccomp ; then sed -i \ -e 's/ -F 0//' \ "${T}"/chronyd.conf examples/chronyd.service || die @@ -102,26 +107,28 @@ src_configure() { # on a system that is time-synced. export SOURCE_DATE_EPOCH=1607976314 - # not an autotools generated script + # Not an autotools generated script local myconf=( $(use_enable seccomp scfilter) - $(usex caps '' --disable-linuxcaps) - $(usex cmdmon '' --disable-cmdmon) + + $(usex caps '' '--disable-linuxcaps') + $(usex cmdmon '' '--disable-cmdmon') $(usex debug '--enable-debug' '') - $(usex ipv6 '' --disable-ipv6) - $(usex libedit '' --without-editline) - $(usex nettle '' --without-nettle) - $(usex nss '' --without-nss) - $(usex ntp '' --disable-ntp) - $(usex nts '' --disable-nts) - $(usex nts '' --without-gnutls) - $(usex phc '' --disable-phc) - $(usex pps '' --disable-pps) - $(usex refclock '' --disable-refclock) - $(usex rtc '' --disable-rtc) - $(usex samba --enable-ntp-signd '') - $(usex sechash '' --disable-sechash) - $(usex libtomcrypt '' --disable-tomcrypt) + $(usex ipv6 '' '--disable-ipv6') + $(usex libedit '' '--without-editline') + $(usex libtomcrypt '' '--without-tomcrypt') + $(usex nettle '' '--without-nettle') + $(usex nss '' '--without-nss') + $(usex ntp '' '--disable-ntp') + $(usex nts '' '--disable-nts') + $(usex nts '' '--without-gnutls') + $(usex phc '' '--disable-phc') + $(usex pps '' '--disable-pps') + $(usex refclock '' '--disable-refclock') + $(usex rtc '' '--disable-rtc') + $(usex samba '--enable-ntp-signd' '') + $(usex sechash '' '--disable-sechash') + --chronysockdir="${EPREFIX}/run/chrony" --docdir="${EPREFIX}/usr/share/doc/${PF}" --mandir="${EPREFIX}/usr/share/man" @@ -129,17 +136,18 @@ src_configure() { --sysconfdir="${EPREFIX}/etc/chrony" --with-hwclockfile="${EPREFIX}/etc/adjtime" --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" + ${EXTRA_ECONF} ) - # print the ./configure call + # Print the ./configure call echo sh ./configure "${myconf[@]}" >&2 sh ./configure "${myconf[@]}" || die } src_compile() { - if [[ ${PV} == "9999" ]]; then - # uses w3m + if [[ ${PV} == "9999" ]] ; then + # Uses w3m emake -C doc man txt fi @@ -160,16 +168,17 @@ src_install() { newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" - if use html; then + if use html ; then docinto html dodoc doc/*.html fi keepdir /var/{lib,log}/chrony - if use caps; then + if use caps ; then # Prepare a directory for the chrony.drift file (a la ntpsec) # Ensures the environment is sane on new installs + # bug #711058 fowners ntp:ntp /var/{lib,log}/chrony fperms 770 /var/lib/chrony fi @@ -201,6 +210,7 @@ pkg_postinst() { if [[ -n "${REPLACING_VERSIONS}" ]] ; then if use caps && ! ${HAD_CAPS} ; then + # bug #719876 ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" @@ -209,6 +219,8 @@ pkg_postinst() { fi fi + # TODO: Will try to re-enable before final release ideally? + # bug #783915 if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then elog "To enable seccomp in enforcing mode, please modify:" elog "- /etc/conf.d/chronyd for OpenRC"
