diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index d7ba4d5ac5..353754566d 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -430,6 +430,7 @@ net-libs/nghttp2 net-libs/rpcsvc-proto net-misc/bridge-utils +net-misc/chrony net-misc/curl net-misc/ethertypes net-misc/iperf diff --git a/changelog/changes/2024-03-28-ntp-chrony.md b/changelog/changes/2024-03-28-ntp-chrony.md new file mode 100644 index 0000000000..dd6c68e1d0 --- /dev/null +++ b/changelog/changes/2024-03-28-ntp-chrony.md @@ -0,0 +1,3 @@ +- Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. ([scripts#1792](https://github.com/flatcar/scripts/pull/1792)) +- Enabled the ptp_vmw module in the kernel. +- Switched ptp_kvm from kernel builtin to module. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r190.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r191.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r190.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-0.0.1-r191.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild index f755092099..bfd0d49829 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-init/coreos-init-9999.ebuild @@ -10,7 +10,7 @@ CROS_WORKON_REPO="https://github.com" if [[ "${PV}" == 9999 ]]; then KEYWORDS="~amd64 ~arm ~arm64 ~x86" else - CROS_WORKON_COMMIT="7e30bf5baa1abc5113024f2238d9c235aedaf62e" # flatcar-master + CROS_WORKON_COMMIT="32982439c691b6de6446f82b8713edb09451d97b" # flatcar-master KEYWORDS="amd64 arm arm64 x86" fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/ntp/ntp.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/ntp/ntp.conf index 9ed4dc176f..cc9a441b7b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/ntp/ntp.conf +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/files/ntp/ntp.conf @@ -10,6 +10,14 @@ # Common pool for random people #server pool.ntp.org +# AWS Time Sync Service. +server 169.254.169.123 prefer iburst minpoll 4 maxpoll 4 +# AWS Time Sync Service IPv6: +server fd00:ec2::123 prefer iburst minpoll 4 maxpoll 4 + +# GCP NTP Service +server metadata.google.internal prefer iburst + # Pools for Flatcar users server 0.flatcar.pool.ntp.org server 1.flatcar.pool.ntp.org diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r4.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/misc-files/misc-files-0-r5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0-r1.ebuild similarity index 91% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0-r1.ebuild index 35df1ad8d5..ef95036c9f 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-ami/oem-ami-3.2.985.0-r1.ebuild @@ -30,4 +30,5 @@ src_install() { insinto "$(systemd_get_systemunitdir)/multi-user.target.d" doins "${FILESDIR}/10-oem-ami.conf" + systemd_enable_service multi-user.target ntpd.service } diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony-hyperv.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony-hyperv.conf new file mode 100644 index 0000000000..9e2fd604a5 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony-hyperv.conf @@ -0,0 +1,4 @@ +# This should only be used when chronyd is configured to use the /dev/ptp_hyperv device +[Unit] +Wants=dev-ptp_hyperv.device +After=dev-ptp_hyperv.device diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony.conf new file mode 100644 index 0000000000..b5714071af --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/chrony.conf @@ -0,0 +1,65 @@ +# CLOUD_IMG: This file was created/modified by the Cloud Image build process +# Welcome to the chrony configuration file. See chrony.conf(5) for more +# information about usable directives. + +# Include configuration files found in /etc/chrony/conf.d. +confdir /etc/chrony/conf.d + +# This will use (up to): +# - 2 sources from 2.ubuntu.pool.ntp.org which is ipv6 enabled as well +# - 1 source from [013].ubuntu.pool.ntp.org each (ipv4 only atm) +# This means by default, up to 2 dual-stack and up to 3 additional IPv4-only +# sources will be used. +# At the same time it retains some protection against one of the entries being +# down (compare to just using one of the lines). +# +# See http://www.pool.ntp.org/join.html for more information. +#pool 0.flatcar.pool.ntp.org iburst maxsources 1 +#pool 1.flatcar.pool.ntp.org iburst maxsources 1 +#pool 2.flatcar.pool.ntp.org iburst maxsources 2 +#pool 3.flatcar.pool.ntp.org iburst maxsources 1 + +# Use time sources from DHCP. +sourcedir /run/chrony-dhcp + +# Use NTP sources found in /etc/chrony/sources.d. +sourcedir /etc/chrony/sources.d + +# This directive specify the location of the file containing ID/key pairs for +# NTP authentication. +#keyfile /etc/chrony/chrony.keys + +# This directive specify the file into which chronyd will store the rate +# information. +driftfile /var/lib/chrony/chrony.drift + +# Save NTS keys and cookies. +ntsdumpdir /var/lib/chrony + +# Uncomment the following line to turn logging on. +#log tracking measurements statistics + +# Log files location. +#logdir /var/log/chrony + +# Stop bad estimates upsetting machine clock. +maxupdateskew 100.0 + +# This directive enables kernel synchronisation (every 11 minutes) of the +# real-time clock. Note that it can't be used along with the 'rtcfile' directive. +rtcsync + +# Step the system clock instead of slewing it if the adjustment is larger than +# one second, but only in the first three clock updates. +makestep 1.0 -1 + +# Get TAI-UTC offset and leap seconds from the system tz database. +# This directive must be commented out when using time sources serving +# leap-smeared time. +leapsectz right/UTC + +# Azure hosts are synchronized to internal Microsoft time servers +# that take their time from Microsoft-owned Stratum 1 devices. +# The Hyper-V drivers surface this time source as a PTP-based +# time source in the guest. This configures chrony to use it. +refclock PHC /dev/ptp_hyperv poll 3 dpoll -2 offset 0 stratum 2 diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/etc-chrony.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/etc-chrony.conf new file mode 100644 index 0000000000..95e9166535 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/etc-chrony.conf @@ -0,0 +1,3 @@ +d /etc/chrony 0755 root root - - +d /etc/chrony/conf.d 0755 root root - - +L /etc/chrony/chrony.conf - - - - ../../usr/share/oem-azure/chrony.conf diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/manglefs.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/manglefs.sh index 03518b7169..29331dde04 100755 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/manglefs.sh +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/manglefs.sh @@ -18,5 +18,5 @@ ln -sf /usr/bin/true "${rootfs}/usr/bin/eject" # At runtime we need the agent to write systemd.service to /etc but during # package creation it needs to be /usr/lib. waagent uses the same function in # both cases, so mangle manually. -mkdir -p "${rootfs}"/usr/lib/systemd -mv "${rootfs}"/{etc,usr/lib}/systemd/system +mkdir -p "${rootfs}"/usr/lib/systemd/system +cp -a "${rootfs}"/{etc,usr/lib}/systemd/system/. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/var-chrony.conf b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/var-chrony.conf new file mode 100644 index 0000000000..09fd5a1a8e --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/files/var-chrony.conf @@ -0,0 +1 @@ +d /var/lib/chrony 0770 ntp ntp - - diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r2.ebuild similarity index 50% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r2.ebuild index 2deb818840..de93bdad65 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-azure/oem-azure-2.9.1.1-r2.ebuild @@ -3,6 +3,8 @@ EAPI=8 +inherit systemd tmpfiles + DESCRIPTION="OEM suite for Azure" HOMEPAGE="https://azure.microsoft.com/" SRC_URI="" @@ -14,7 +16,20 @@ IUSE="" RDEPEND=" ~app-emulation/wa-linux-agent-${PV} + net-misc/chrony " # for coreos-base/common-oem-files OEM_NAME="Microsoft Azure" + +S="${WORKDIR}" + +src_install() { + systemd_enable_service multi-user.target chronyd.service + insinto "$(systemd_get_systemunitdir)"/chronyd.service.d + doins "${FILESDIR}"/chrony-hyperv.conf + dotmpfiles "${FILESDIR}"/var-chrony.conf + dotmpfiles "${FILESDIR}"/etc-chrony.conf + insinto /usr/share/${PN} + doins "${FILESDIR}"/chrony.conf +} diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild index ca82fb0b21..5baa71325b 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r6.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/oem-gce-20180823-r7.ebuild @@ -30,6 +30,7 @@ src_install() { systemd_dounit "${FILESDIR}/units/oem-gce-enable-oslogin.service" systemd_dounit "${FILESDIR}/units/setup-oem.service" systemd_install_dropin "multi-user.target" "${FILESDIR}/units/10-oem-gce.conf" + systemd_enable_service "multi-user.target" "ntpd.service" dobin "${FILESDIR}/bin/enable-oslogin" dobin "${FILESDIR}/bin/init.sh" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild index d2aa9fa710..5e24ad96da 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/board-packages/board-packages-0.0.1.ebuild @@ -34,5 +34,6 @@ RDEPEND=" coreos-base/coreos coreos-base/coreos-dev coreos-base/flatcar-eks + net-misc/chrony sys-fs/zfs " diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd new file mode 100644 index 0000000000..3806da9f57 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-apps/systemd @@ -0,0 +1,13 @@ +cros_post_src_install_timesync() { + local dir="${D}$(systemd_get_systemunitdir)/systemd-timesyncd.service.d" + mkdir -p "${dir}" + pushd "${dir}" + cat <flatcar.conf || die +# Allow sysexts to ship timesyncd replacements which can have +# a Conflicts=systemd-timesyncd directive that would result +# in systemd-timesyncd not being started. +[Unit] +After=ensure-sysext.service +EOF + popd +} diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use index 44fb7c9588..742eca0fb2 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use @@ -47,3 +47,6 @@ app-emulation/open-vm-tools -fuse fuse3 -icu pam -resolutionkms # no suid binaries, please sys-fs/fuse -suid + +# skip dependency for this sysext package +net-misc/chrony -readline diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 index ccb11c0dba..62ab9e7390 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 @@ -96,6 +96,7 @@ CONFIG_PMIC_OPREGION=y # CONFIG_PNP_DEBUG_MESSAGES is not set CONFIG_POWERCAP=y CONFIG_PREEMPT_VOLUNTARY=y +CONFIG_PTP_1588_CLOCK_VMW=m CONFIG_PVPANIC=y CONFIG_PVPANIC_MMIO=m CONFIG_SCHED_TRACER=y diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 index 1d99ee9d60..c676bdc88e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 @@ -125,14 +125,12 @@ CONFIG_CPU_FREQ_GOV_USERSPACE=m CONFIG_CPU_FREQ_STAT=y # CONFIG_CROSS_MEMORY_ATTACH is not set CONFIG_CRYPTO_CTS=m +CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_FIPS=y CONFIG_CRYPTO_GCM=m CONFIG_CRYPTO_HMAC=y -CONFIG_CRYPTO_LZO=m -# CONFIG_RPCSEC_GSS_KRB5 requires some older crypto modules CONFIG_CRYPTO_LIB_DES=m -CONFIG_CRYPTO_DES=m -CONFIG_RPCSEC_GSS_KRB5=m +CONFIG_CRYPTO_LZO=m # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_USER_API_HASH=m @@ -280,8 +278,8 @@ CONFIG_INFINIBAND_MTHCA=m CONFIG_INFINIBAND_OCRDMA=m CONFIG_INFINIBAND_SRP=m CONFIG_INFINIBAND_USER_MAD=m -CONFIG_INIT_STACK_NONE=y CONFIG_INITRAMFS_COMPRESSION_ZSTD=y +CONFIG_INIT_STACK_NONE=y CONFIG_INPUT_EVDEV=m CONFIG_INPUT_MISC=y CONFIG_INPUT_MOUSEDEV=m @@ -751,6 +749,8 @@ CONFIG_PROC_KCORE=y CONFIG_PROFILING=y CONFIG_PSI=y # CONFIG_PSI_DEFAULT_DISABLED is not set +CONFIG_PTP_1588_CLOCK=m +CONFIG_PTP_1588_CLOCK_KVM=m CONFIG_QED=m CONFIG_QEDE=m CONFIG_QEDF=m @@ -772,6 +772,8 @@ CONFIG_RDS_TCP=m CONFIG_REALTEK_PHY=m CONFIG_REGULATOR=y CONFIG_REGULATOR_FIXED_VOLTAGE=y +# CONFIG_RPCSEC_GSS_KRB5 requires some older crypto modules +CONFIG_RPCSEC_GSS_KRB5=m CONFIG_RTC_CLASS=y CONFIG_RT_GROUP_SCHED=y CONFIG_S2IO=m diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/Manifest b/sdk_container/src/third_party/portage-stable/net-misc/chrony/Manifest new file mode 100644 index 0000000000..c4c1b3f1db --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/Manifest @@ -0,0 +1,10 @@ +AUX chrony-2.4-r1.logrotate 131 BLAKE2B 4e649ce1c126639ea73c4e03d42175d1715b1c321544376ff2e48d67ee13bebcf04a8fea56326bf5efe66f568913dc92ff7f16a641ffb39a456e9cdac6004a6c SHA512 e6febb744476be6c83ac086f2054dc2c190b6e1abd2cf20d4187f222b2485817f06c4ad62b8d40fcea3e18a771cf21899fe0a1dafbfb31f5c99da9092d24d79b +AUX chrony-3.5-pool-vendor-gentoo.patch 544 BLAKE2B 5ef7fcea43c59d1da8f3b3a735f1e70565a8437f142f317abe81531c31e934af05eda5e3043f7874bc9b4592d44579ae1827ddba06c514b4b8124c899931ed0f SHA512 0a109e1b8367def620f5089b3fcb92d84e592eb1a2fced2b60f6c9295159a605d9605e837a06e118c8ba8095208da68592fb9cd537937a153d6eecfa0eb35eb4 +AUX chrony-4.2-systemd-gentoo.patch 538 BLAKE2B 70d3bb2a190aa2401ff566dd88d1cace1d3573261819d082863fe310bb16507fcc1497fd31ec24033cb9dbe8356aef416d91b36df6067fd37f4273e59bc4e330 SHA512 62e54e1c16380812b3cf11a84091e134401341a4a64dda806af1a52dfa4158912adc4c2524388956f67a44e095e893ed714a2eee15650080c38ce44d2bc279ec +AUX chronyd.conf-r3 390 BLAKE2B aa193e6bcf62cc305620139b7c198d39358feea7106356083cf1a20bdb8fd4b85bd8cce8cf20ce6839e8788fedc1f94e912ec512193988f83283ceef86d6cfc7 SHA512 ab0bbd07c17e391d068c5a37d5f8d9c8fc2c42add2700869217a95784666bd3f23bebd70942cf11b42c124e0947f68c101153998e89bc61ccb71b30a0187cf0c +AUX chronyd.init-r2 1694 BLAKE2B 5ee55954c8afc2df09291dd7df4c3f1b3a01f97079ae19799a87c0217118c02b24ace0422b1f355fb67d1a0224eacf2104f3b984035f4ac9fa6b41624187d009 SHA512 63d9816017bb13b57c28de4a9d5b8061139d4aea1db5800ec7a4d9e8b2a8f5c5109b556ae5bec5c6d1cc7c4839bd49f12a0046c74fe4d1d11049ead00f1407da +DIST chrony-4.5.tar.gz 620287 BLAKE2B e89665e6ff700805b41f89e9349d280579aebab31a30817512a165da939c8f39dc55ef9a17a50e3d7e298015620667638ab119901a71868a9188093606a95d32 SHA512 58a449e23186da799064b16ab16f799c1673296984b152b43e87c620d86e272c55365e83439d410fc89e4e0ba0befd7d5c625eac78a6665813b7ea75444f71b5 +DIST chrony-4.5.tar.gz.asc 833 BLAKE2B 7d680a4f5d86335b067b95cb900761615180701cabae5978d6f924063f7a43748534bb2e4f23cd9cd2e6919ed005014db6d396330fbfb5aa6d5f1c46f3c0c3a0 SHA512 05470e6cc34524fdab494f70cee71d46172b38bdd4acd8173ac79fdec12178239248880db474437690094aae7909002113289ac7f9305130c5e0a1d9364122cb +EBUILD chrony-4.5.ebuild 6814 BLAKE2B 392707d5e5dd672eb18159911ad19645ff132cb25ca6ddd102eb17974e492c6370d87b6994ce40dc0191c74b184feba3ac5fe52dd28fe1fd545320841eb02a77 SHA512 699d6e4a24f6b5f0f7c1bcfdce728c3db694ae17684a91ad45d6360c71257db012d24d12bcd83ae3eb0df09c0cfbc23cbf113074894937cef3730baa2c935f43 +EBUILD chrony-9999.ebuild 6822 BLAKE2B 38c6b067e7f07b2045865b83c5064c9b26b02357d1718a8b1e67cb7cbafafac4b1f7425fb957d439c9793b34af4135c5d7d7fe6875394e06ed4c6f9e2f62df35 SHA512 2a2c83c5520ed3d38e9535898aeb6134a9ecda752c8ba5d7a71bea014403b7af758a35f546fd192b3b09b6d5769e9e1fd2eef1d8be9c6b44d34a966a75732e98 +MISC metadata.xml 2353 BLAKE2B c5a7458f2aabf443f01e670cf1e1a578c6d1095b607df07a6a979610f8446ad8fbbbc2b86ca79f8f06b49cfeba1a31cd05b2748c46e2d283863fd43d0b8e7a3a SHA512 1ec4023f55368e03158535d45239572e6bd160d94c85126d3c7d1ddd02fd5743d65ee9ea2bf2e6fbde5b010483928432b5d5848bed03bcc78e9f6924ee189b42 diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-4.5.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-4.5.ebuild new file mode 100644 index 0000000000..f6d81c3f64 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-4.5.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit edo systemd tmpfiles toolchain-funcs + +DESCRIPTION="NTP client and server programs" +HOMEPAGE="https://chrony-project.org/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.com/chrony/chrony.git" + inherit git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/mlichvar.asc + inherit verify-sig + + SRC_URI="https://chrony-project.org/releases/${P/_/-}.tar.gz" + SRC_URI+=" verify-sig? ( https://chrony-project.org/releases/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" + + if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv sparc x86" + fi +fi + +S="${WORKDIR}/${P/_/-}" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+caps +cmdmon debug html libtomcrypt +nettle nss +ntp +nts +phc pps +readline +refclock +rtc samba +seccomp +sechash selinux" +# nettle > nss > libtomcrypt in configure +REQUIRED_USE=" + sechash? ( || ( nettle nss libtomcrypt ) ) + nettle? ( !nss ) + nss? ( !nettle ) + libtomcrypt? ( !nettle !nss ) + !sechash? ( !nss ) + !sechash? ( !nts? ( !nettle ) ) +" + +DEPEND=" + caps? ( + acct-group/ntp + acct-user/ntp + sys-libs/libcap + ) + libtomcrypt? ( dev-libs/libtomcrypt:= ) + nettle? ( dev-libs/nettle:= ) + nss? ( dev-libs/nss:= ) + nts? ( net-libs/gnutls:= ) + pps? ( net-misc/pps-tools ) + readline? ( dev-libs/libedit ) + seccomp? ( sys-libs/libseccomp ) +" +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-chronyd ) +" +BDEPEND=" + html? ( dev-ruby/asciidoctor ) + nts? ( virtual/pkgconfig ) + sechash? ( + nettle? ( virtual/pkgconfig ) + nss? ( virtual/pkgconfig ) + ) +" + +if [[ ${PV} == 9999 ]] ; then + # Needed for doc generation in 9999 + REQUIRED_USE+=" html" + BDEPEND+=" + app-alternatives/yacc + virtual/w3m + " +else + BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )" +fi + +PATCHES=( + "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch + "${FILESDIR}"/${PN}-4.2-systemd-gentoo.patch +) + +src_prepare() { + default + + sed -i \ + -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \ + doc/* examples/* || die + + cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die +} + +src_configure() { + if ! use caps ; then + sed -i \ + -e 's/ -u ntp//' \ + "${T}"/chronyd.conf examples/chronyd.service || die + fi + + if ! use seccomp ; then + sed -i \ + -e 's/ -F 2//' \ + "${T}"/chronyd.conf examples/chronyd.service || die + fi + + tc-export CC PKG_CONFIG + + # Update from time to time with output from "date +%s" + # on a system that is time-synced. + export SOURCE_DATE_EPOCH=1607976314 + + # Not an autotools generated script + local myconf=( + $(use_enable seccomp scfilter) + + $(usev !caps '--disable-linuxcaps') + $(usev !cmdmon '--disable-cmdmon') + $(usev debug '--enable-debug') + + # USE=readline here means "readline-like functionality" + # chrony only supports libedit in terms of the library providing + # it. + $(usev !readline '--without-editline --disable-readline') + + $(usev !libtomcrypt '--without-tomcrypt') + $(usev !nettle '--without-nettle') + $(usev !nss '--without-nss') + $(usev !ntp '--disable-ntp') + $(usev !nts '--disable-nts') + $(usev !nts '--without-gnutls') + $(usev !phc '--disable-phc') + $(usev !pps '--disable-pps') + $(usev !refclock '--disable-refclock') + $(usev !rtc '--disable-rtc') + $(usev samba '--enable-ntp-signd') + $(usev !sechash '--disable-sechash') + + --chronysockdir="${EPREFIX}/run/chrony" + --docdir="${EPREFIX}/usr/share/doc/${PF}" + --mandir="${EPREFIX}/usr/share/man" + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc/chrony" + --with-hwclockfile="${EPREFIX}/etc/adjtime" + --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" + + ${EXTRA_ECONF} + ) + + # Print the ./configure call + edo ./configure "${myconf[@]}" || die +} + +src_compile() { + if [[ ${PV} == 9999 ]] ; then + # Uses w3m + emake -C doc man txt + fi + + emake all docs $(usev !html 'ADOC=true') +} + +src_install() { + default + + # Compatibility with other distributions who install to /etc/chrony.conf (bug #835461) + dosym -r /etc/chrony/chrony.conf /etc/chrony.conf + + newinitd "${FILESDIR}"/chronyd.init-r2 chronyd + newconfd "${T}"/chronyd.conf chronyd + + insinto /etc/${PN} + newins examples/chrony.conf.example1 chrony.conf + + docinto examples + dodoc examples/*.example* + + newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" + + if use html ; then + docinto html + dodoc doc/*.html + fi + + keepdir /var/{lib,log}/chrony + + if use caps ; then + # Prepare a directory for the chrony.drift file (a la ntpsec) + # Ensures the environment is sane on new installs + # bug #711058 + fowners -R ntp:ntp /var/{lib,log}/chrony + fperms -R 770 /var/lib/chrony + fi + + insinto /etc/logrotate.d + newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony + + systemd_dounit examples/chronyd.service + systemd_dounit examples/chrony-wait.service + systemd_enable_ntpunit 50-chrony chronyd.service +} + +pkg_preinst() { + HAD_CAPS=0 + HAD_SECCOMP=0 + HAD_PRE_NEW_SECCOMP_LEVEL=0 + + # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5 + # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand + if has_version 'net-misc/chrony[caps]' ; then + HAD_CAPS=1 + fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=1 + fi + + if has_version '>=net-misc/chrony-4.1[seccomp]' ; then + # This version introduced a new filter level: -F 2 + # It's a limited set of seccomp filters designed to be 'bare minimum' + HAD_PRE_NEW_SECCOMP_LEVEL=1 + fi +} + +pkg_postinst() { + tmpfiles_process chronyd.conf + + if [[ -n "${REPLACING_VERSIONS}" ]] ; then + if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then + # bug #719876 + ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" + ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" + ewarn "This is necessary for chrony to drop privileges" + elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then + ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root" + fi + fi + + # See bug #783915 for general discussion on enabling seccomp filtering + # by default. + local show_seccomp_enable_msg=0 + + # Was seccomp disabled before and now enabled? + if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then + show_seccomp_enable_msg=1 + fi + + # Are we coming from an old version without the new 'minimal' filter? + # (-F 2) + if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then + show_seccomp_enable_msg=1 + fi + + if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then + elog "To enable seccomp in a stricter mode, please modify:" + elog "- ${EROOT}/etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)" + elog "By default, we now use -F 2 which is a baseline/minimal filter." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-9999.ebuild new file mode 100644 index 0000000000..13628d6f3f --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/chrony-9999.ebuild @@ -0,0 +1,261 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit edo systemd tmpfiles toolchain-funcs + +DESCRIPTION="NTP client and server programs" +HOMEPAGE="https://chrony-project.org/" + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://gitlab.com/chrony/chrony.git" + inherit git-r3 +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/mlichvar.asc + inherit verify-sig + + SRC_URI="https://chrony-project.org/releases/${P/_/-}.tar.gz" + SRC_URI+=" verify-sig? ( https://chrony-project.org/releases/${P/_/-}-tar-gz-asc.txt -> ${P/_/-}.tar.gz.asc )" + + if [[ ${PV} != *_pre* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86" + fi +fi + +S="${WORKDIR}/${P/_/-}" + +LICENSE="GPL-2" +SLOT="0" +IUSE="+caps +cmdmon debug html libtomcrypt +nettle nss +ntp +nts +phc pps +readline +refclock +rtc samba +seccomp +sechash selinux" +# nettle > nss > libtomcrypt in configure +REQUIRED_USE=" + sechash? ( || ( nettle nss libtomcrypt ) ) + nettle? ( !nss ) + nss? ( !nettle ) + libtomcrypt? ( !nettle !nss ) + !sechash? ( !nss ) + !sechash? ( !nts? ( !nettle ) ) +" + +DEPEND=" + caps? ( + acct-group/ntp + acct-user/ntp + sys-libs/libcap + ) + libtomcrypt? ( dev-libs/libtomcrypt:= ) + nettle? ( dev-libs/nettle:= ) + nss? ( dev-libs/nss:= ) + nts? ( net-libs/gnutls:= ) + pps? ( net-misc/pps-tools ) + readline? ( dev-libs/libedit ) + seccomp? ( sys-libs/libseccomp ) +" +RDEPEND=" + ${DEPEND} + selinux? ( sec-policy/selinux-chronyd ) +" +BDEPEND=" + html? ( dev-ruby/asciidoctor ) + nts? ( virtual/pkgconfig ) + sechash? ( + nettle? ( virtual/pkgconfig ) + nss? ( virtual/pkgconfig ) + ) +" + +if [[ ${PV} == 9999 ]] ; then + # Needed for doc generation in 9999 + REQUIRED_USE+=" html" + BDEPEND+=" + app-alternatives/yacc + virtual/w3m + " +else + BDEPEND+=" verify-sig? ( >=sec-keys/openpgp-keys-mlichvar-20210513 )" +fi + +PATCHES=( + "${FILESDIR}"/${PN}-3.5-pool-vendor-gentoo.patch + "${FILESDIR}"/${PN}-4.2-systemd-gentoo.patch +) + +src_prepare() { + default + + sed -i \ + -e 's:/etc/chrony\.conf:/etc/chrony/chrony.conf:g' \ + doc/* examples/* || die + + cp "${FILESDIR}"/chronyd.conf-r3 "${T}"/chronyd.conf || die +} + +src_configure() { + if ! use caps ; then + sed -i \ + -e 's/ -u ntp//' \ + "${T}"/chronyd.conf examples/chronyd.service || die + fi + + if ! use seccomp ; then + sed -i \ + -e 's/ -F 2//' \ + "${T}"/chronyd.conf examples/chronyd.service || die + fi + + tc-export CC PKG_CONFIG + + # Update from time to time with output from "date +%s" + # on a system that is time-synced. + export SOURCE_DATE_EPOCH=1607976314 + + # Not an autotools generated script + local myconf=( + $(use_enable seccomp scfilter) + + $(usev !caps '--disable-linuxcaps') + $(usev !cmdmon '--disable-cmdmon') + $(usev debug '--enable-debug') + + # USE=readline here means "readline-like functionality" + # chrony only supports libedit in terms of the library providing + # it. + $(usev !readline '--without-editline --disable-readline') + + $(usev !libtomcrypt '--without-tomcrypt') + $(usev !nettle '--without-nettle') + $(usev !nss '--without-nss') + $(usev !ntp '--disable-ntp') + $(usev !nts '--disable-nts') + $(usev !nts '--without-gnutls') + $(usev !phc '--disable-phc') + $(usev !pps '--disable-pps') + $(usev !refclock '--disable-refclock') + $(usev !rtc '--disable-rtc') + $(usev samba '--enable-ntp-signd') + $(usev !sechash '--disable-sechash') + + --chronysockdir="${EPREFIX}/run/chrony" + --docdir="${EPREFIX}/usr/share/doc/${PF}" + --mandir="${EPREFIX}/usr/share/man" + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc/chrony" + --with-hwclockfile="${EPREFIX}/etc/adjtime" + --with-pidfile="${EPREFIX}/run/chrony/chronyd.pid" + + ${EXTRA_ECONF} + ) + + # Print the ./configure call + edo ./configure "${myconf[@]}" || die +} + +src_compile() { + if [[ ${PV} == 9999 ]] ; then + # Uses w3m + emake -C doc man txt + fi + + emake all docs $(usev !html 'ADOC=true') +} + +src_install() { + default + + # Compatibility with other distributions who install to /etc/chrony.conf (bug #835461) + dosym -r /etc/chrony/chrony.conf /etc/chrony.conf + + newinitd "${FILESDIR}"/chronyd.init-r2 chronyd + newconfd "${T}"/chronyd.conf chronyd + + insinto /etc/${PN} + newins examples/chrony.conf.example1 chrony.conf + + docinto examples + dodoc examples/*.example* + + newtmpfiles - chronyd.conf <<<"d /run/chrony 0750 $(usex caps 'ntp ntp' 'root root')" + + if use html ; then + docinto html + dodoc doc/*.html + fi + + keepdir /var/{lib,log}/chrony + + if use caps ; then + # Prepare a directory for the chrony.drift file (a la ntpsec) + # Ensures the environment is sane on new installs + # bug #711058 + fowners -R ntp:ntp /var/{lib,log}/chrony + fperms -R 770 /var/lib/chrony + fi + + insinto /etc/logrotate.d + newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony + + systemd_dounit examples/chronyd.service + systemd_dounit examples/chrony-wait.service + systemd_enable_ntpunit 50-chrony chronyd.service +} + +pkg_preinst() { + HAD_CAPS=0 + HAD_SECCOMP=0 + HAD_PRE_NEW_SECCOMP_LEVEL=0 + + # See https://dev.gentoo.org/~zmedico/portage/doc/portage.html#package-ebuild-phases-after-2.1.5 + # in "Ebuild Phases" for an explanation of why we need to save the variable beforehand + if has_version 'net-misc/chrony[caps]' ; then + HAD_CAPS=1 + fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=1 + fi + + if has_version '>=net-misc/chrony-4.1[seccomp]' ; then + # This version introduced a new filter level: -F 2 + # It's a limited set of seccomp filters designed to be 'bare minimum' + HAD_PRE_NEW_SECCOMP_LEVEL=1 + fi +} + +pkg_postinst() { + tmpfiles_process chronyd.conf + + if [[ -n "${REPLACING_VERSIONS}" ]] ; then + if use caps && ! [[ ${HAD_CAPS} -eq 1 ]] ; then + # bug #719876 + ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp" + ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" + ewarn "This is necessary for chrony to drop privileges" + elif ! use caps && [[ ${HAD_CAPS} -eq 0 ]] ; then + ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by root:root" + fi + fi + + # See bug #783915 for general discussion on enabling seccomp filtering + # by default. + local show_seccomp_enable_msg=0 + + # Was seccomp disabled before and now enabled? + if [[ ${HAD_SECCOMP} -eq 0 ]] && use seccomp ; then + show_seccomp_enable_msg=1 + fi + + # Are we coming from an old version without the new 'minimal' filter? + # (-F 2) + if [[ ${HAD_PRE_NEW_SECCOMP_LEVEL} -eq 0 ]] ; then + show_seccomp_enable_msg=1 + fi + + if [[ ${show_seccomp_enable_msg} -eq 1 ]] ; then + elog "To enable seccomp in a stricter mode, please modify:" + elog "- ${EROOT}/etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 2 (see man chronyd)" + elog "By default, we now use -F 2 which is a baseline/minimal filter." + fi +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-2.4-r1.logrotate b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-2.4-r1.logrotate new file mode 100644 index 0000000000..a2cf8feb5b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-2.4-r1.logrotate @@ -0,0 +1,7 @@ +/var/log/chrony/*.log { + missingok + sharedscripts + postrotate + /usr/bin/chronyc cyclelogs |grep -v '^200 OK'; exit 0 + endscript +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch new file mode 100644 index 0000000000..817a410673 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-3.5-pool-vendor-gentoo.patch @@ -0,0 +1,16 @@ +- Use the Gentoo pool +- Use the server directive instead of the pool directive so we get four time + sources and not twelve. + +--- a/examples/chrony.conf.example1 ++++ b/examples/chrony.conf.example1 +@@ -1,5 +1,8 @@ + # Use public NTP servers from the pool.ntp.org project. +-pool pool.ntp.org iburst ++server 0.gentoo.pool.ntp.org iburst ++server 1.gentoo.pool.ntp.org iburst ++server 2.gentoo.pool.ntp.org iburst ++server 3.gentoo.pool.ntp.org iburst + + # Record the rate at which the system clock gains/losses time. + driftfile /var/lib/chrony/drift diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-4.2-systemd-gentoo.patch b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-4.2-systemd-gentoo.patch new file mode 100644 index 0000000000..1852cdeb92 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chrony-4.2-systemd-gentoo.patch @@ -0,0 +1,13 @@ +diff --git a/examples/chronyd.service b/examples/chronyd.service +index 4fb930e..8df627a 100644 +--- a/examples/chronyd.service ++++ b/examples/chronyd.service +@@ -9,7 +9,7 @@ ConditionCapability=CAP_SYS_TIME + Type=forking + PIDFile=/run/chrony/chronyd.pid + EnvironmentFile=-/etc/sysconfig/chronyd +-ExecStart=/usr/sbin/chronyd $OPTIONS ++ExecStart=/usr/sbin/chronyd $OPTIONS -u ntp -F 2 + + CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE + CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.conf-r3 b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.conf-r3 new file mode 100644 index 0000000000..25a4758954 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.conf-r3 @@ -0,0 +1,12 @@ +# /etc/conf.d/chronyd + +CFGFILE="/etc/chrony/chrony.conf" + +# Configuration dependant options : +# -s - Set system time from RTC if rtcfile directive present +# -r - Reload sample histories if dumponexit directive present +# +# The combination of "-s -r" allows chronyd to perform long term averaging of +# the gain or loss rate across system reboots and shutdowns. + +ARGS=" -u ntp -F 2" diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.init-r2 b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.init-r2 new file mode 100644 index 0000000000..4892a57b16 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/files/chronyd.init-r2 @@ -0,0 +1,70 @@ +#!/sbin/openrc-run +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use dns +} + +checkconfig() { + # Note that /etc/chrony/chrony.keys is *NOT* checked. This + # is because the user may have specified another key + # file, and we don't want to force the user to use that + # exact name for the key file. + if [ ! -f "${CFGFILE}" ] ; then + eerror "Please create ${CFGFILE} and the" + eerror "chrony key file (usually /etc/chrony/chrony.keys)" + eerror "by using the" + eerror "" + eerror " chrony.conf.example" + eerror " chrony.keys.example" + eerror "" + eerror "files (from the documentation directory)" + eerror "as templates." + return 1 + else + # Actually, I tried it, and chrony seems to ignore the pidfile + # option. I'm going to leave it here anyway, since you never + # know if it might be handy + PIDFILE=`awk '/^ *pidfile/{print $2}' "${CFGFILE}"` + [ -z "${PIDFILE}" ] && PIDFILE=/run/chrony/chronyd.pid + fi + return 0 +} + +setxtrarg() { + if [ -c /dev/rtc ]; then + grep -q '^rtcfile' "${CFGFILE}" && ARGS="${ARGS} -s" + fi + grep -q '^dumponexit$' "${CFGFILE}" && ARGS="${ARGS} -r" + return 0 +} + +start() { + checkconfig || return $? + setxtrarg + + [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid + + ebegin "Starting chronyd" + start-stop-daemon \ + --start \ + --quiet \ + --exec /usr/sbin/chronyd \ + --pidfile "${PIDFILE}" \ + -- -f "${CFGFILE}" ${ARGS} + eend $? "Failed to start chronyd" +} + +stop() { + checkconfig || return $? + + [ -n "${PIDFILE}" ] || PIDFILE=/run/chronyd.pid + + ebegin "Stopping chronyd" + start-stop-daemon \ + --stop \ + --quiet \ + --pidfile "${PIDFILE}" + eend $? "Failed to stop chronyd" +} diff --git a/sdk_container/src/third_party/portage-stable/net-misc/chrony/metadata.xml b/sdk_container/src/third_party/portage-stable/net-misc/chrony/metadata.xml new file mode 100644 index 0000000000..33ac8a4feb --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-misc/chrony/metadata.xml @@ -0,0 +1,44 @@ + + + + + sam@gentoo.org + Sam James + + + base-system@gentoo.org + Gentoo Base System + + + Chrony is a pair of programs (chronyd and chronyc) which are used to maintain + the accuracy of the system clock on a computer. chronyd has been specifically + written to work well for systems which have only an intermittent (e.g. dial-up) + connection to the network where the NTP servers are. It still works well + in a "permanently connected" mode. + + + Chrony はコンピュータのシステム・クロックの精度を保つために使われるプログラムの + ペア(chronyd と chronyc)です。chronyd は NTP サーバがあるネットワークと断続的な + 接続(e.g. dial-up)しか持たないシステムで機能するよう書かれています。ですが永続的 + な接続でも機能します。 + + + Support for command and monitoring + Get DEBUG_LOG output from chronyd when passing -dd parameter + Install HTML documentation + Use dev-libs/nettle for hash functions or nts + Use dev-libs/nss for hash functions + Support for the Network Time Protocol (NTP) + Support for Network Time Security (NTS). Uses net-libs/gnutls + Support for the PTP (Precision Time Protocol) Hardware Clock (PHC) interface + Support for the Linux Pulse Per Second (PPS) interface + Support for reference clocks + Support for the Linux Real Time Clock interface + Enable support for hashes other than MD5 + Support different hashes via dev-libs/libtomcrypt + + + cpe:/a:chrony_project:chrony + chrony/chrony + +