From a2036f577166e07c0422a1f9c34587c57a9a77f3 Mon Sep 17 00:00:00 2001
From: Thilo Fromm <thilo@kinvolk.io>
Date: Mon, 16 Nov 2020 13:46:10 +0100
Subject: [PATCH] net-misc/ntp: ingest gentoo upstream 4.2.8_p15

Signed-off-by: Thilo Fromm <thilo@kinvolk.io>
---
 .../coreos-overlay/net-misc/ntp/Manifest      |   4 +-
 .../net-misc/ntp/files/man-pages/genmans.sh   |  75 ++++++
 .../ntp/files/man-pages/ntp.conf.5.patch      |  27 +++
 .../net-misc/ntp/files/man-pages/ntp.xsl      | 218 ++++++++++++++++++
 .../ntp-4.2.8_p14-add_cap_ipc_lock.patch      |  13 ++
 .../net-misc/ntp/files/ntp-client.confd       |  21 ++
 .../net-misc/ntp/files/ntp-client.rc          |  31 +++
 .../net-misc/ntp/files/ntp.conf               |  47 +++-
 .../net-misc/ntp/files/ntpd.confd             |   6 +
 .../net-misc/ntp/files/ntpd.rc-r1             |  22 ++
 .../net-misc/ntp/files/ntpd.service-r2        |  11 +
 .../net-misc/ntp/files/ntpdate.service-r2     |  14 ++
 .../net-misc/ntp/files/ntpdate.service.conf   |   2 +
 .../net-misc/ntp/files/sntp.confd             |   4 +
 .../coreos-overlay/net-misc/ntp/files/sntp.rc |  26 +++
 .../net-misc/ntp/files/sntp.service-r3        |  14 ++
 .../net-misc/ntp/files/sntp.service.conf      |   2 +
 ...-4.2.8_p13.ebuild => ntp-4.2.8_p15.ebuild} |  68 ++++--
 18 files changed, 572 insertions(+), 33 deletions(-)
 create mode 100755 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/genmans.sh
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.conf.5.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.xsl
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-4.2.8_p14-add_cap_ipc_lock.patch
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.confd
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.rc
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.confd
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.rc-r1
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.service-r2
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service-r2
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service.conf
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.confd
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.rc
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service-r3
 create mode 100644 sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service.conf
 rename sdk_container/src/third_party/coreos-overlay/net-misc/ntp/{ntp-4.2.8_p13.ebuild => ntp-4.2.8_p15.ebuild} (59%)

diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
index 171e56db1a..c61825354c 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/Manifest
@@ -1,2 +1,2 @@
-DIST ntp-4.2.8p13-manpages.tar.xz 25700 BLAKE2B 47076474529146f6fd375e20c52188f1ba04959ce3752c952e60e9b48c8ac129346fdf5c315e012556422d16b7d6c223722812a56a11a98463044d2b16fcf0f0 SHA512 824832c1a8685fcd196db679cf4b87c89d577cea5251fda7c3dfee00e888d64de76df99e8cf4b0d20056e3d539b3f46a260c6ce22339aa79b915427741030da2
-DIST ntp-4.2.8p13.tar.gz 6949363 BLAKE2B b503153d8413e6ba174970bbddca59d237442e8ec29e082cedfea6523b0b7aaf2919dc219d816e02c8d3aa486beeaf5ca08b314a8b4c587333034447e1391ea0 SHA512 afbdbb8a37b8f4040a8a6939a3a85ad0350d359c153c297b32b8a013c7b7061fd925fa3e6e103671c5901e169156e22497813c654195ba50f890a7170b2f2075
+DIST ntp-4.2.8p15-manpages.tar.xz 25700 BLAKE2B 6a225bc19dcebee31cb8e0d621963863d567a882655b57be8b65a16f9d3dd138787c7c6b9ff08853306f2e9b11d65cb76e3215cc5b2262a91c411d437974fc18 SHA512 21721550864b4e7e91bf20ca894109253439b737799dfc803e1496b3454199f34646f40e0156c08a39d5914e5a92f35908cec0245e1e2627c75c0e64939ba028
+DIST ntp-4.2.8p15.tar.gz 7015970 BLAKE2B 5697d6623d79686f9ca9ad907172bf942383067d1e9817117d20db042e9f7410644f236f1a0d77ab6bf6ec468476e12ea65b494a28f0dd8674bf08fc8875cfef SHA512 f5ad765e45fc302263dd40e94c287698fd235b94f3684e49f1d5d09d7d8bdd6b8c0fb96ecdabffea3d233e1e79b3c9687b76dc204ba76bad3f554682f4a97794
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/genmans.sh b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/genmans.sh
new file mode 100755
index 0000000000..bae21e265f
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/genmans.sh
@@ -0,0 +1,75 @@
+#!/bin/bash
+#
+# ntpman.sh  -- Create man pages for ntp
+#
+
+VERSION=$1
+if [[ -z ${VERSION} ]] ; then
+	VERSION=$(ls -1d ntp-*/ 2>/dev/null | LC_COLLATE=C sort | sed -n '${s:/::;p;Q}')
+	if [[ -z ${VERSION} ]] ; then
+		VERSION=$(ls "${0%/*}"/../../ntp-*.ebuild | LC_COLLATE=C sort | sed -n '${s:.*/::;s:_::;s:[.]ebuild::;p;Q}')
+		if [[ -z ${VERSION} ]] ; then
+			echo "Usage: $0 <version>"
+			exit 1
+		fi
+	fi
+fi
+[[ ${VERSION} != ntp-* ]] && VERSION="ntp-${VERSION}"
+
+SRCDIR=${0%/*}
+HTMLDIR=${SRCDIR}/${VERSION}/html
+DISTFILE=/usr/portage/distfiles/${VERSION}.tar.gz
+MANDIR=${SRCDIR}/man
+
+rm -rf ${SRCDIR}/${VERSION}
+if [[ ! -d ${HTMLDIR} ]] ; then
+	if [[ -f ${DISTFILE} ]] ; then
+		tar zxf ${DISTFILE} -C ${SRCDIR} || exit 1
+	else
+		echo "ERROR: $HTMLDIR / $DISTFILE does not exist"
+		exit 1
+	fi
+fi
+
+# Process a single HTML file
+processfile() {
+    HTMLFILE=$1
+    MANFILE=$2
+    echo -n "Processing $HTMLFILE ..."
+	sed -e "s:<csobj.*<:csobj>/:" $HTMLDIR/$HTMLFILE > .$HTMLFILE
+	xsltproc --html --stringparam version $VERSION ${SRCDIR}/ntp.xsl .$HTMLFILE > $MANDIR/$MANFILE || exit 1
+	rm -f .$HTMLFILE
+    echo "Done."
+}
+
+# Print information
+echo "Generates ntp man files from HTML documentation. Using:"
+echo "VERSION:   $VERSION"
+echo "HTMLDIR:   $HTMLDIR"
+echo "MANDIR:    $MANDIR"
+echo "Press enter to continue, or Ctrl-C to cancel."
+read
+
+# Process HTML files
+rm -rf ${MANDIR}
+mkdir ${MANDIR}
+for f in ntp{date,dc,d,q,time,trace,dsim} keygen tickadj ; do
+	processfile ${f}.html ${f}.8
+done
+echo
+
+cp -vi /usr/local/src/freebsd/src/usr.sbin/ntp/doc/*.5 ${MANDIR}
+(
+d=${PWD}
+cd ${MANDIR}
+shopt -s nullglob
+for p in $d/*.5.patch ; do
+	patch -F0 -p0 < $p || exit 1
+done
+) || exit 1
+cp -vi ${SRCDIR}/*.patch ${SRCDIR}/genmans.sh ${SRCDIR}/ntp.xsl ${MANDIR}
+
+tar -jcf ${VERSION}-manpages.tar.bz2 -C ${MANDIR}/.. man
+du -b ${VERSION}-manpages.tar.bz2
+
+rm -rf ${MANDIR} ${SRCDIR}/${VERSION}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.conf.5.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.conf.5.patch
new file mode 100644
index 0000000000..c3d8123022
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.conf.5.patch
@@ -0,0 +1,27 @@
+--- ntp.conf.5
++++ ntp.conf.5
+@@ -24,16 +24,6 @@
+ .Fl c
+ command line option).
+ .Pp
+-The
+-.Pa /etc/rc.d/ntpdate
+-script reads this file to get a list of NTP servers to use if the
+-variable
+-.Dq Li ntpdate_hosts
+-was not declared.
+-Refer to the
+-.Xr rc.conf 5
+-man page for further info about this.
+-.Pp
+ The file format is similar to other
+ .Ux
+ configuration files.
+@@ -2686,7 +2676,6 @@
+ Diffie-Hellman agreement parameters
+ .El
+ .Sh SEE ALSO
+-.Xr rc.conf 5 ,
+ .Xr ntpd 8 ,
+ .Xr ntpdc 8 ,
+ .Xr ntpq 8
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.xsl b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.xsl
new file mode 100644
index 0000000000..ed9c1f8b8e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/man-pages/ntp.xsl
@@ -0,0 +1,218 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+ 
+<!-- 
+Description:
+    Stylesheet for converting the HTML documentation 
+    for various ntp commands into proper manual pages 
+    (in troff format).
+
+Author:
+    Per Cederberg, <per at percederberg dot net>
+-->
+
+<!DOCTYPE stylesheet [
+<!ENTITY newline "
+">
+]>
+
+<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                version="1.0">
+  
+  <!-- ### INPUT PARAMETERS ### -->
+  <xsl:param name="version" select="''" />
+
+
+  <!-- ### OUTPUT DECLARATION ### -->
+  <xsl:output method="text"
+              encoding="ISO-8859-1" />
+
+  <xsl:strip-space elements="html" />
+
+
+  <!-- ### TEMPLATES ### -->
+  <xsl:template match="/">
+    <xsl:text>.\" Automatically generated from HTML source. </xsl:text>
+    <xsl:text>DO NOT EDIT!&newline;</xsl:text>
+    <xsl:apply-templates />
+  </xsl:template>
+
+  <xsl:template match="head">
+    <xsl:text>.TH </xsl:text>
+    <xsl:value-of select="substring-before(title, ' ')" />
+    <xsl:text> 1 "" "ntp </xsl:text>
+    <xsl:value-of select="$version" />
+    <xsl:text>"</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>.SH NAME</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:value-of select="title" />
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="body">
+    <xsl:apply-templates select="*[preceding-sibling::hr]" />
+  </xsl:template>
+
+  <xsl:template match="h3">
+  </xsl:template>
+
+  <xsl:template match="h4">
+    <xsl:variable name="text">
+      <xsl:call-template name="stringToUpper">
+        <xsl:with-param name="str" select="." />
+      </xsl:call-template>
+    </xsl:variable>
+    <xsl:if test="name(preceding-sibling::*[1]) = 'tt'">
+      <xsl:text>&newline;</xsl:text>
+    </xsl:if>
+    <xsl:text>.SH </xsl:text>
+    <xsl:value-of select="$text" />
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="address">
+    <xsl:text>.SH AUTHOR</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:apply-templates />
+  </xsl:template>
+
+  <xsl:template match="p">
+    <xsl:variable name="text">
+      <xsl:apply-templates />
+    </xsl:variable>
+    <xsl:if test="starts-with($text, 'Disclaimer:')">
+      <xsl:text>&newline;</xsl:text>
+    </xsl:if>
+    <xsl:text>.P</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:value-of select="$text" />
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+ 
+  <xsl:template match="dd/p">
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:apply-templates />
+  </xsl:template>
+ 
+  <xsl:template match="hr">
+  </xsl:template>
+
+  <xsl:template match="pre">
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>.ft CW</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>.nf</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:call-template name="trim-newlines">
+      <xsl:with-param name="str" select="." />
+    </xsl:call-template>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>.ft R</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>.fi</xsl:text>
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="ul">
+  </xsl:template>
+
+  <xsl:template match="nobr">
+    <xsl:text> </xsl:text>
+    <xsl:apply-templates />
+    <xsl:text> </xsl:text>
+  </xsl:template>
+
+  <xsl:template match="dl">
+    <xsl:apply-templates />
+  </xsl:template>
+
+  <xsl:template match="dt">
+    <xsl:text>.TP&newline;</xsl:text>
+    <xsl:text>.B </xsl:text>
+    <xsl:value-of select="normalize-space(.)" />
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="dd">
+    <xsl:apply-templates />
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="tr">
+    <xsl:if test="position() &gt; 1">
+      <xsl:apply-templates />
+      <xsl:text>&newline;</xsl:text>
+      <xsl:text>&newline;</xsl:text>
+    </xsl:if>
+  </xsl:template>
+
+  <xsl:template match="tt">
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>\fB</xsl:text>
+    <xsl:apply-templates />
+    <xsl:text>\fR </xsl:text>
+  </xsl:template>
+
+  <xsl:template match="i">
+    <xsl:text>&newline;</xsl:text>
+    <xsl:text>\fI</xsl:text>
+    <xsl:apply-templates />
+    <xsl:text>\fR </xsl:text>
+  </xsl:template>
+
+  <xsl:template match="a">
+    <xsl:text> </xsl:text>
+    <xsl:apply-templates />
+    <xsl:text> </xsl:text>
+  </xsl:template>
+
+  <xsl:template match="br">
+    <xsl:text>&newline;</xsl:text>
+  </xsl:template>
+
+  <xsl:template match="text()">
+    <xsl:value-of select="normalize-space(.)" />
+  </xsl:template>
+
+
+  <!-- ### HELPER FUNCTIONS ### -->
+  <xsl:template name="stringToUpper">
+    <xsl:param name="str" />
+    <xsl:value-of select="translate($str,
+                                    'abcdefghijklmnopqrstuvwxyz',
+                                    'ABCDEFGHIJKLMNOPQRSTUVWXYZ')" />
+  </xsl:template>
+
+  <xsl:template name="trim-newlines">
+    <xsl:param name="str" />
+    <xsl:choose>
+      <xsl:when test="starts-with($str,'&newline;')">
+        <xsl:call-template name="trim-newlines">
+          <xsl:with-param name="str" select="substring($str, 2)" />
+        </xsl:call-template>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:call-template name="trim-newlines-tail">
+          <xsl:with-param name="str" select="$str" />
+        </xsl:call-template>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template name="trim-newlines-tail">
+    <xsl:param name="str" />
+    <xsl:variable name="len" select="string-length($str)" />
+    <xsl:choose>
+      <xsl:when test="substring($str,$len) = '&newline;'">
+        <xsl:call-template name="trim-newlines-tail">
+          <xsl:with-param name="str" select="substring($str, 1, $len - 1)" />
+        </xsl:call-template>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:value-of select="$str" />
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+</xsl:stylesheet>
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-4.2.8_p14-add_cap_ipc_lock.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-4.2.8_p14-add_cap_ipc_lock.patch
new file mode 100644
index 0000000000..183b6d8d47
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-4.2.8_p14-add_cap_ipc_lock.patch
@@ -0,0 +1,13 @@
+https://bugs.gentoo.org/711530
+
+--- ntp-4.2.8p14/ntpd/ntpd.c
++++ ntp-4.2.8p14/ntpd/ntpd.c
+@@ -1189,7 +1189,7 @@
+ 		 *  drop privileges in this case.
+ 		 */
+ 		cap_t caps;
+-		caps = cap_from_text("cap_sys_time,cap_setuid,cap_setgid,cap_sys_chroot,cap_net_bind_service=pe");
++		caps = cap_from_text("cap_ipc_lock,cap_sys_time,cap_setuid,cap_setgid,cap_sys_chroot,cap_net_bind_service=pe");
+ 		if ( ! caps) {
+ 			msyslog( LOG_ERR, "cap_from_text() failed: %m" );
+ 			exit(-1);
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.confd b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.confd
new file mode 100644
index 0000000000..786004da83
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.confd
@@ -0,0 +1,21 @@
+# /etc/conf.d/ntp-client
+
+# Command to run to set the clock initially
+# Most people should just leave this line alone ...
+# however, if you know what you're doing, and you
+# want to use ntpd to set the clock, change this to 'ntpd'
+NTPCLIENT_CMD="ntpdate"
+
+# Options to pass to the above command
+# This default setting should work fine but you should
+# change the default 'pool.ntp.org' to something closer
+# to your machine.  See http://www.pool.ntp.org/ or
+# try running `netselect -s 3 pool.ntp.org`.
+NTPCLIENT_OPTS="-s -b -u \
+	0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org \
+	2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
+
+# If you use hostnames above, then you should depend on dns
+# being up & running before we try to run.  Otherwise, you
+# can disable this.
+rc_use="dns"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.rc b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.rc
new file mode 100644
index 0000000000..5b5d594473
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp-client.rc
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	before cron portmap
+	after net
+	use dns logger
+}
+
+checkconfig() {
+	if ! type "${NTPCLIENT_CMD}" >/dev/null 2>&1 ; then
+		eerror "Please edit /etc/conf.d/ntp-client"
+		eerror "Unable to locate the client command ${NTPCLIENT_CMD}!"
+		return 1
+	fi
+	if [ -z "${NTPCLIENT_OPTS}" ] ; then
+		eerror "Please edit /etc/conf.d/ntp-client"
+		eerror "I need to know what server/options to use!"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return $?
+
+	ebegin "Setting clock via the NTP client '${NTPCLIENT_CMD}'"
+	"${NTPCLIENT_CMD}" ${NTPCLIENT_OPTS}
+	eend $? "Failed to set clock"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.conf b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.conf
index c0cd2271f9..97bed8dd13 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.conf
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.conf
@@ -1,8 +1,34 @@
-# Common pool
-server 0.flatcar.pool.ntp.org
-server 1.flatcar.pool.ntp.org
-server 2.flatcar.pool.ntp.org
-server 3.flatcar.pool.ntp.org
+# NOTES:
+# DHCP clients can append or replace NTP configuration files.
+# You should consult your DHCP client documentation about its
+# default behaviour and how to change it.
+
+# Name of the servers ntpd should sync with
+# Please respect the access policy as stated by the responsible person.
+#server		ntp.example.tld		iburst
+
+# Common pool for random people
+#server pool.ntp.org
+
+# Pools for Gentoo users
+server 0.gentoo.pool.ntp.org
+server 1.gentoo.pool.ntp.org
+server 2.gentoo.pool.ntp.org
+server 3.gentoo.pool.ntp.org
+
+##
+# A list of available servers can be found here:
+# http://www.pool.ntp.org/
+# http://www.pool.ntp.org/#use
+# A good way to get servers for your machine is:
+# netselect -s 3 pool.ntp.org
+##
+
+# you should not need to modify the following paths
+driftfile	/var/lib/ntp/ntp.drift
+
+#server ntplocal.example.com prefer 
+#server timeserver.example.org 
 
 # Warning: Using default NTP settings will leave your NTP
 # server accessible to all hosts on the Internet.
@@ -11,9 +37,18 @@ server 3.flatcar.pool.ntp.org
 # from accessing the NTP server, uncomment:
 #restrict default ignore
 
+
 # Default configuration:
 # - Allow only time queries, at a limited rate, sending KoD when in excess.
 # - Allow all local queries (IPv4, IPv6)
-restrict default nomodify nopeer noquery notrap limited kod
+restrict default nomodify nopeer noquery limited kod
 restrict 127.0.0.1
 restrict [::1]
+
+
+# To allow machines within your network to synchronize
+# their clocks with your server, but ensure they are
+# not allowed to configure the server or used as peers
+# to synchronize against, uncomment this line.
+#
+#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.confd b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.confd
new file mode 100644
index 0000000000..2b74282c57
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.confd
@@ -0,0 +1,6 @@
+# /etc/conf.d/ntpd
+
+# Options to pass to the ntpd process
+# Most people should leave this line alone ...
+# however, if you know what you're doing, feel free to tweak
+NTPD_OPTS="-g -u ntp:ntp"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.rc-r1 b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.rc-r1
new file mode 100644
index 0000000000..7573411c99
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.rc-r1
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="ntpd - the network time protocol daemon"
+pidfile="/var/run/ntpd.pid"
+command="/usr/sbin/ntpd"
+command_args="-p ${pidfile} ${NTPD_OPTS}"
+start_stop_daemon_args="--pidfile ${pidfile}"
+
+depend() {
+	use net dns logger
+	after ntp-client
+}
+
+start_pre() {
+	if [ ! -f /etc/ntp.conf ] ; then
+		eerror "Please create /etc/ntp.conf"
+		return 1
+	fi
+	return 0
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.service-r2 b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.service-r2
new file mode 100644
index 0000000000..5f11b27e92
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.service-r2
@@ -0,0 +1,11 @@
+[Unit]
+Description=Network Time Service
+After=ntpdate.service sntp.service
+Conflicts=systemd-timesyncd.service
+
+[Service]
+ExecStart=/usr/sbin/ntpd -g -n
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service-r2 b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service-r2
new file mode 100644
index 0000000000..7ad294eccd
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service-r2
@@ -0,0 +1,14 @@
+[Unit]
+Description=Set time via NTP using ntpdate
+After=network-online.target nss-lookup.target
+Before=time-sync.target
+Wants=network-online.target time-sync.target
+Conflicts=systemd-timesyncd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/sbin/ntpdate -b -u $SERVER
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service.conf b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service.conf
new file mode 100644
index 0000000000..75e4f41b41
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpdate.service.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment="SERVER=0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.confd b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.confd
new file mode 100644
index 0000000000..d11983a3fb
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.confd
@@ -0,0 +1,4 @@
+# /etc/conf.d/sntp
+
+# Options to pass to sntp
+SNTP_OPTS="-s 0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.rc b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.rc
new file mode 100644
index 0000000000..4ed56ae2bf
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.rc
@@ -0,0 +1,26 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/bin/sntp"
+
+depend() {
+	before cron portmap
+	after net
+	use dns logger
+}
+
+start_pre() {
+	if [ -z "${SNTP_OPTS}" ] ; then
+		eerror "Please edit /etc/conf.d/sntp"
+		eerror "I need to know what server/options to use!"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	ebegin "Setting clock via SNTP"
+	${command} ${SNTP_OPTS}
+	eend $? "Failed to set clock"
+}
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service-r3 b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service-r3
new file mode 100644
index 0000000000..2ab722f2c6
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service-r3
@@ -0,0 +1,14 @@
+[Unit]
+Description=Set time via SNTP
+After=network.target network-online.target nss-lookup.target
+Before=time-sync.target
+Wants=network-online.target time-sync.target
+Conflicts=systemd-timesyncd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/sntp -s $SERVER
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service.conf b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service.conf
new file mode 100644
index 0000000000..75e4f41b41
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/sntp.service.conf
@@ -0,0 +1,2 @@
+[Service]
+Environment="SERVER=0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org"
diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p13.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p15.ebuild
similarity index 59%
rename from sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p13.ebuild
rename to sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p15.ebuild
index f93b1c19c1..57803acb84 100644
--- a/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p13.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.8_p15.ebuild
@@ -1,9 +1,9 @@
-# Copyright 1999-2019 Gentoo Authors
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
-inherit autotools toolchain-funcs flag-o-matic user systemd
+inherit autotools toolchain-funcs flag-o-matic systemd
 
 MY_P=${P/_p/p}
 DESCRIPTION="Network Time Protocol suite/programs"
@@ -13,10 +13,10 @@ SRC_URI="http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-${PV:0:3}/${MY_P}.tar
 
 LICENSE="HPND BSD ISC"
 SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~m68k-mint"
-IUSE="caps debug ipv6 libressl openntpd parse-clocks perl readline samba selinux snmp ssl threads vim-syntax zeroconf"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv s390 sparc x86 ~amd64-linux ~x86-linux ~m68k-mint"
+IUSE="caps debug ipv6 libressl openntpd parse-clocks readline samba selinux snmp ssl +threads vim-syntax zeroconf"
 
-CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )
+COMMON_DEPEND="readline? ( >=sys-libs/readline-4.1:0= )
 	>=dev-libs/libevent-2.0.9:=[threads?]
 	kernel_linux? ( caps? ( sys-libs/libcap ) )
 	zeroconf? ( net-dns/avahi[mdnsresponder-compat] )
@@ -26,9 +26,13 @@ CDEPEND="readline? ( >=sys-libs/readline-4.1:0= )
 		libressl? ( dev-libs/libressl:0= )
 	)
 	parse-clocks? ( net-misc/pps-tools )"
-DEPEND="${CDEPEND}
-	virtual/pkgconfig"
-RDEPEND="${CDEPEND}
+BDEPEND="virtual/pkgconfig
+	acct-group/ntp
+	acct-user/ntp"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}
+	acct-group/ntp
+	acct-user/ntp
 	selinux? ( sec-policy/selinux-ntp )
 	vim-syntax? ( app-vim/ntp-syntax )
 	!net-misc/ntpsec
@@ -43,16 +47,11 @@ PATCHES=(
 	"${FILESDIR}"/${PN}-4.2.8-sntp-test-pthreads.patch #563922
 	"${FILESDIR}"/${PN}-4.2.8_p10-fix-build-wo-ssl-or-libressl.patch
 	"${FILESDIR}"/${PN}-4.2.8_p12-libressl-2.8.patch
+	"${FILESDIR}"/${PN}-4.2.8_p14-add_cap_ipc_lock.patch #711530
 )
 
-pkg_setup() {
-	enewgroup ntp 123
-	enewuser ntp 123 -1 /dev/null ntp
-}
-
 src_prepare() {
 	default
-	use perl || sed -i -e '/^SUBDIRS *=/,/[^\\]$/{/scripts/d;}' Makefile.am || die
 	append-cppflags -D_GNU_SOURCE #264109
 	# Make sure every build uses the same install layout. #539092
 	find sntp/loc/ -type f '!' -name legacy -delete || die
@@ -73,8 +72,6 @@ src_configure() {
 		--with-lineeditlibs=readline,edit,editline
 		--with-yielding-select
 		--disable-local-libevent
-		--docdir='$(datarootdir)'/doc/${PF}
-		--htmldir='$(docdir)/html'
 		--with-memlock=256
 		$(use_enable caps linuxcaps)
 		$(use_enable parse-clocks)
@@ -93,15 +90,24 @@ src_install() {
 	default
 	# move ntpd/ntpdate to sbin #66671
 	dodir /usr/sbin
-	mv "${ED%/}"/usr/bin/{ntpd,ntpdate} "${ED%/}"/usr/sbin/ || die "move to sbin"
+	mv "${ED}"/usr/bin/{ntpd,ntpdate} "${ED}"/usr/sbin/ || die "move to sbin"
 
 	dodoc INSTALL WHERE-TO-START
 	doman "${WORKDIR}"/man/*.[58]
 
-	insinto /usr/share/ntp
+	insinto /etc
 	doins "${FILESDIR}"/ntp.conf
-	use ipv6 || sed -i '/^restrict .*::1/d' "${ED%/}"/usr/share/ntp/ntp.conf #524726
-	systemd_newtmpfilesd "${FILESDIR}"/ntp.tmpfiles ntp.conf
+	use ipv6 || sed -i '/^restrict .*::1/d' "${ED}"/etc/ntp.conf #524726
+	newinitd "${FILESDIR}"/ntpd.rc-r1 ntpd
+	newconfd "${FILESDIR}"/ntpd.confd ntpd
+	newinitd "${FILESDIR}"/ntp-client.rc ntp-client
+	newconfd "${FILESDIR}"/ntp-client.confd ntp-client
+	newinitd "${FILESDIR}"/sntp.rc sntp
+	newconfd "${FILESDIR}"/sntp.confd sntp
+	if ! use caps ; then
+		sed -i "s|-u ntp:ntp||" "${ED}"/etc/conf.d/ntpd || die
+	fi
+	sed -i "s:/usr/bin:/usr/sbin:" "${ED}"/etc/init.d/ntpd || die
 
 	keepdir /var/lib/ntp
 	use prefix || fowners ntp:ntp /var/lib/ntp
@@ -110,17 +116,29 @@ src_install() {
 		cd "${ED}" || die
 		rm usr/sbin/ntpd || die
 		rm -r var/lib || die
+		rm etc/{conf,init}.d/ntpd || die
 		rm usr/share/man/*/ntpd.8 || die
 	else
-		systemd_dounit "${FILESDIR}"/ntpd.service
+		systemd_newunit "${FILESDIR}"/ntpd.service-r2 ntpd.service
 		if use caps ; then
 			sed -i '/ExecStart/ s|$| -u ntp:ntp|' \
-				"${D%/}$(systemd_get_systemunitdir)"/ntpd.service \
+				"${D}$(systemd_get_systemunitdir)"/ntpd.service \
 				|| die
 		fi
 		systemd_enable_ntpunit 60-ntpd ntpd.service
 	fi
 
-	systemd_dounit "${FILESDIR}"/ntpdate.service
-	systemd_dounit "${FILESDIR}"/sntp.service
+	systemd_newunit "${FILESDIR}"/ntpdate.service-r2 ntpdate.service
+	systemd_install_serviced "${FILESDIR}"/ntpdate.service.conf
+	systemd_newunit "${FILESDIR}"/sntp.service-r3 sntp.service
+	systemd_install_serviced "${FILESDIR}"/sntp.service.conf
+}
+
+pkg_postinst() {
+	if grep -qs '^[^#].*notrust' "${EROOT}"/etc/ntp.conf ; then
+		eerror "The notrust option was found in your /etc/ntp.conf!"
+		ewarn "If your ntpd starts sending out weird responses,"
+		ewarn "then make sure you have keys properly setup and see"
+		ewarn "https://bugs.gentoo.org/41827"
+	fi
 }