fix(net-misc/ntp): update ntpd configuration

- Simplify ntp.conf, use generic pool instead of gentoo.
- Set drift file in unit so it doesn't need to be in ntp.conf.
- Run as ntp user if caps are enabled. This was previously done in the
  openrc service but not the systemd service.
- Add tmpfiles config to create /var/lib/ntp and /etc/ntp.conf

sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.conf

@@ -1,34 +1,8 @@
-# NOTES:
-# DHCP clients can append or replace NTP configuration files.
-# You should consult your DHCP client documentation about its
-# default behaviour and how to change it.
-
-# Name of the servers ntpd should sync with
-# Please respect the access policy as stated by the responsible person.
-#server		ntp.example.tld		iburst
-
-# Common pool for random people
-#server pool.ntp.org
-
-# Pools for Gentoo users
-server 0.gentoo.pool.ntp.org
-server 1.gentoo.pool.ntp.org
-server 2.gentoo.pool.ntp.org
-server 3.gentoo.pool.ntp.org
-
-##
-# A list of available servers can be found here:
-# http://www.pool.ntp.org/
-# http://www.pool.ntp.org/#use
-# A good way to get servers for your machine is:
-# netselect -s 3 pool.ntp.org
-##
-
-# you should not need to modify the following paths
-driftfile	/var/lib/ntp/ntp.drift
-
-#server ntplocal.example.com prefer 
-#server timeserver.example.org 
+# Common pool
+server 0.pool.ntp.org
+server 1.pool.ntp.org
+server 2.pool.ntp.org
+server 3.pool.ntp.org
 
 # Warning: Using default NTP settings will leave your NTP
 # server accessible to all hosts on the Internet.
@@ -37,18 +11,9 @@ driftfile	/var/lib/ntp/ntp.drift
 # from accessing the NTP server, uncomment:
 #restrict default ignore
 
-
 # Default configuration:
 # - Allow only time queries, at a limited rate, sending KoD when in excess.
 # - Allow all local queries (IPv4, IPv6)
 restrict default nomodify nopeer noquery limited kod
 restrict 127.0.0.1
 restrict [::1]
-
-
-# To allow machines within your network to synchronize
-# their clocks with your server, but ensure they are
-# not allowed to configure the server or used as peers
-# to synchronize against, uncomment this line.
-#
-#restrict 192.168.0.0 mask 255.255.255.0 nomodify nopeer notrap

sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntp.tmpfiles

@@ -0,0 +1,2 @@
+d   /var/lib/ntp    0755    ntp     ntp     -       -
+L   /etc/ntp.conf   -       -       -       -       /usr/share/ntp/ntp.conf

sdk_container/src/third_party/coreos-overlay/net-misc/ntp/files/ntpd.service

@@ -3,7 +3,7 @@ Description=Network Time Service
 After=ntpdate.service sntp.service
 
 [Service]
-ExecStart=/usr/sbin/ntpd -g -n
+ExecStart=/usr/sbin/ntpd -g -n -u ntp:ntp -f /var/lib/ntp/ntp.drift
 PrivateTmp=true
 
 [Install]

sdk_container/src/third_party/coreos-overlay/net-misc/ntp/ntp-4.2.6_p5-r10.ebuild

@@ -87,6 +87,7 @@ src_install() {
 
 	keepdir /var/lib/ntp
 	use prefix || fowners ntp:ntp /var/lib/ntp
+	systemd_newtmpfilesd "${FILESDIR}"/ntp.tmpfiles ntp.conf
 
 	if use openntpd ; then
 		cd "${ED}"
@@ -96,6 +97,10 @@ src_install() {
 	else
 		systemd_dounit "${FILESDIR}"/ntpd.service
 		systemd_enable_ntpunit 60-ntpd ntpd.service
+		if ! use caps ; then
+			sed -i "s|-u ntp:ntp||" \
+				"${ED}/$(systemd_get_unitdir)/ntpd.service" || die
+		fi
 	fi
 
 	systemd_dounit "${FILESDIR}"/ntpdate.service