Accepting request 346314 from home:darix:branches:network:time

- update to 2.2
  see /usr/share/doc/packages/chrony/NEWS
- sync with fedora spec and add systemd support
- refreshed chrony-config.patch to apply cleanly again
- added chrony-2.2_logrotate.patch: add missing su option as we no
  longer have the daemon run as root.
- added chrony-service-helper.patch: imported from fedora with a
  changed path for moving from libexecdir to datadir
- only use syscall filters on 12.3 and newer
- move helper from libexecdir to datadir

OBS-URL: https://build.opensuse.org/request/show/346314
OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=6

chrony-1.29.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:658c9bb4d8c8d8ec7d0908429aa266e5f8413ba86bd4acbfd2f9669f6065af27
-size 392889

chrony-2.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d3fd820fa63badf54ee0e48a649b94ea739df3aac5efa104bd90f89795aa2485
+size 340285

chrony-2.2_logrotate.patch

@@ -0,0 +1,10 @@
+Index: chrony-2.2/examples/chrony.logrotate
+===================================================================
+--- chrony-2.2.orig/examples/chrony.logrotate
++++ chrony-2.2/examples/chrony.logrotate
+@@ -1,4 +1,5 @@
+ /var/log/chrony/*.log {
++    su chrony chrony
+     missingok
+     nocreate
+     sharedscripts

chrony-config.patch

@@ -1,11 +1,16 @@
-Index: examples/chrony.conf.example
+Index: chrony-2.2/examples/chrony.conf.example3
 ===================================================================
---- examples/chrony.conf.example.orig	2014-02-24 17:46:48.776464049 +0100
-+++ examples/chrony.conf.example	2014-02-24 17:51:15.983463576 +0100
-@@ -46,7 +46,37 @@
- ! server 0.pool.ntp.org iburst
- ! server 1.pool.ntp.org iburst
- ! server 2.pool.ntp.org iburst
+--- chrony-2.2.orig/examples/chrony.conf.example3
++++ chrony-2.2/examples/chrony.conf.example3
+@@ -43,12 +43,38 @@
+ # you can access at http://support.ntp.org/bin/view/Servers/WebHome or
+ # you can use servers from the pool.ntp.org project.
+ 
+-! server foo.example.net iburst
+-! server bar.example.net iburst
+-! server baz.example.net iburst
+-
+ ! pool pool.ntp.org iburst
 - 
 +
 +# for Europe:
@@ -41,16 +46,16 @@ Index: examples/chrony.conf.example
  # However, for dial-up use you probably want these instead.  The word
  # 'offline' means that the server is not visible at boot time.  Use
  # chronyc's 'online' command to tell chronyd that these servers have
-@@ -89,7 +119,7 @@
+@@ -93,7 +119,7 @@
  # immediately so that it doesn't gain or lose any more time.  You
  # generally want this, so it is uncommented.
  
 -driftfile /var/lib/chrony/drift
 +driftfile /var/lib/chrony/chrony.drift
  
- # If you want to use the program called chronyc to configure aspects of
- # chronyd's operation once it is running (e.g. tell it the Internet link
-@@ -152,8 +182,8 @@ commandkey 1
+ # If you want to enable NTP authentication with symmetric keys, you will need
+ # to uncomment the following line and edit the file to set up the keys.
+@@ -146,8 +172,8 @@ driftfile /var/lib/chrony/drift
  # produce some graphs of your system's timekeeping performance, or you
  # need help in debugging a problem.
  

chrony-dnssrv@.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=DNS SRV lookup of %I for chrony
+After=chronyd.service network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/share/chrony-helper update-dnssrv-servers %I

chrony-dnssrv@.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Periodic DNS SRV lookup of %I for chrony
+
+[Timer]
+OnActiveSec=0
+OnUnitInactiveSec=1h
+
+[Install]
+WantedBy=timers.target

chrony-service-helper.patch

@@ -0,0 +1,12 @@
+Index: chrony-2.2/examples/chronyd.service
+===================================================================
+--- chrony-2.2.orig/examples/chronyd.service
++++ chrony-2.2/examples/chronyd.service
+@@ -8,6 +8,7 @@ Type=forking
+ PIDFile=/var/run/chronyd.pid
+ EnvironmentFile=-/etc/sysconfig/chronyd
+ ExecStart=/usr/sbin/chronyd $OPTIONS
++ExecStartPost=/usr/share/chrony-helper update-daemon
+ 
+ [Install]
+ WantedBy=multi-user.target

chrony.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de
+
+- update to 2.2
+  see /usr/share/doc/packages/chrony/NEWS
+- sync with fedora spec and add systemd support
+- refreshed chrony-config.patch to apply cleanly again
+- added chrony-2.2_logrotate.patch: add missing su option as we no
+  longer have the daemon run as root.
+- added chrony-service-helper.patch: imported from fedora with a
+  changed path for moving from libexecdir to datadir
+- only use syscall filters on 12.3 and newer
+- move helper from libexecdir to datadir
+
 -------------------------------------------------------------------
 Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de
 

chrony.dhclient

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+SERVERFILE=$SAVEDIR/chrony.servers.$interface
+
+chrony_config() {
+	rm -f $SERVERFILE
+	if [ "$PEERNTP" != "no" ]; then
+		for server in $new_ntp_servers; do
+			echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE
+		done
+		/usr/share/chrony-helper update-daemon || :
+	fi
+}
+
+chrony_restore() {
+	if [ -f $SERVERFILE ]; then
+		rm -f $SERVERFILE
+		/usr/share/chrony-helper update-daemon || :
+	fi
+}

chrony.helper

@@ -0,0 +1,186 @@
+#!/bin/bash
+# This script configures running chronyd to use NTP servers obtained from
+# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed
+# externally (e.g. by a dhclient script). Files with servers from DNS SRV
+# records are updated here using the dig utility.
+
+chronyc=/usr/bin/chronyc
+helper_dir=/var/run/chrony-helper
+added_servers_file=$helper_dir/added_servers
+
+network_sysconfig_file=/etc/sysconfig/network
+dhclient_servers_files=/var/lib/dhclient/chrony.servers.*
+dnssrv_servers_files=$helper_dir/dnssrv@*
+dnssrv_timer_prefix=chrony-dnssrv@
+
+chrony_command() {
+    $chronyc -a -n -m "$1"
+}
+
+is_running() {
+    chrony_command "tracking" &> /dev/null
+}
+
+is_update_needed() {
+    for file in $dhclient_servers_files $dnssrv_servers_files \
+            $added_servers_file; do
+        [ -e "$file" ] && return 0
+    done
+    return 1
+}
+
+update_daemon() {
+    local all_servers_with_args all_servers added_servers
+
+    if ! is_running; then
+        rm -f $added_servers_file
+        return 0
+    fi
+
+    all_servers_with_args=$(
+        cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null)
+
+    all_servers=$(
+        echo "$all_servers_with_args" |
+            while read server serverargs; do
+                echo "$server"
+            done | sort -u)
+    added_servers=$( (
+        cat $added_servers_file 2> /dev/null
+        echo "$all_servers_with_args" |
+            while read server serverargs; do
+                [ -z "$server" ] && continue
+                chrony_command "add server $server $serverargs" &> /dev/null &&
+                    echo "$server"
+            done) | sort -u)
+
+    comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") |
+        while read server; do
+            chrony_command "delete $server" &> /dev/null
+        done
+
+    added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers"))
+
+    [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file ||
+        rm -f $added_servers_file
+}
+
+get_dnssrv_servers() {
+    local name=$1
+
+    if ! command -v dig &> /dev/null; then
+        echo "Missing dig (DNS lookup utility)" >&2
+        return 1
+    fi
+
+    (
+        . $network_sysconfig_file &> /dev/null
+
+        output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null)
+        [ $? -ne 0 ] && return 0
+
+        echo "$output" | while read prio weight port target; do
+            server=${target%.}
+            [ -z "$server" ] && continue
+            echo "$server port $port ${NTPSERVERARGS:-iburst}"
+        done
+    )
+}
+
+check_dnssrv_name() {
+    local name=$1
+
+    if [ -z "$name" ]; then
+        echo "No DNS SRV name specified" >&2
+        return 1
+    fi
+
+    if [ "${name:0:9}" != _ntp._udp ]; then
+        echo "DNS SRV name $name doesn't start with _ntp._udp" >&2
+        return 1
+    fi
+}
+
+update_dnssrv_servers() {
+    local name=$1
+    local srv_file=$helper_dir/dnssrv@$name servers
+
+    check_dnssrv_name "$name" || return 1
+
+    servers=$(get_dnssrv_servers "$name")
+    [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file"
+}
+
+set_dnssrv_timer() {
+    local state=$1 name=$2
+    local srv_file=$helper_dir/dnssrv@$name servers
+    local timer=$dnssrv_timer_prefix$name.timer
+
+    check_dnssrv_name "$name" || return 1
+
+    if [ "$state" = enable ]; then
+        systemctl enable "$timer"
+        systemctl start "$timer"
+    elif [ "$state" = disable ]; then
+        systemctl stop "$timer"
+        systemctl disable "$timer"
+        rm -f "$srv_file"
+    fi
+}
+
+list_dnssrv_timers() {
+    systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \
+        sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|"
+}
+
+prepare_helper_dir() {
+    mkdir -p $helper_dir
+    exec 100> $helper_dir/lock
+    if ! flock -w 20 100; then
+        echo "Failed to lock $helper_dir" >&2
+        return 1
+    fi
+}
+
+print_help() {
+    echo "Usage: $0 COMMAND"
+    echo
+    echo "Commands:"
+    echo "	update-daemon"
+    echo "	update-dnssrv-servers NAME"
+    echo "	enable-dnssrv NAME"
+    echo "	disable-dnssrv NAME"
+    echo "	list-dnssrv"
+    echo "	is-running"
+    echo "	command CHRONYC-COMMAND"
+}
+
+case "$1" in
+    update-daemon|add-dhclient-servers|remove-dhclient-servers)
+        is_update_needed || exit 0
+        prepare_helper_dir && update_daemon
+        ;;
+    update-dnssrv-servers)
+        prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon
+        ;;
+    enable-dnssrv)
+        set_dnssrv_timer enable "$2"
+        ;;
+    disable-dnssrv)
+        set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon
+        ;;
+    list-dnssrv)
+        list_dnssrv_timers
+        ;;
+    is-running)
+        is_running
+        ;;
+    command|forced-command)
+        chrony_command "$2"
+        ;;
+    *)
+        print_help
+        exit 2
+esac
+
+exit $?

chrony.spec

@@ -2,8 +2,17 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+%if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22}
+%bcond_without  systemd
+%bcond_without  syscallfilter
+%else
+%bcond_with     systemd
+%bcond_with     syscallfilter
+%endif
+
+%define vendorzone opensuse.
 Name:           chrony
-Version:        1.29.1
+Version:        2.2
 Release:        0
 License:        GPL-2.0+
 Summary:        System Clock Synchronization Client and Server
@@ -12,25 +21,42 @@ Group:          Productivity/Networking/Other
 Source:         http://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz
 Source1:        chrony.init
 Source2:        chrony.sysconfig
+Source3:        chrony.dhclient
+Source4:        chrony.helper
+Source5:        chrony-dnssrv@.service
+Source6:        chrony-dnssrv@.timer
 # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines
-Patch1:         chrony-config.patch
-BuildRequires:  gcc
-BuildRequires:  glibc-devel
-BuildRequires:  libcap-devel
-BuildRequires:  make
-BuildRequires:  mozilla-nss-devel
-BuildRequires:  ncurses-devel
-BuildRequires:  pkg-config
-BuildRequires:  readline-devel
-BuildRequires:  texinfo
+Patch:          chrony-config.patch
+# add NTP servers from DHCP when starting service
+Patch1:         chrony-service-helper.patch
+Patch2:         chrony-2.2_logrotate.patch
+#
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-
+BuildRequires:  NetworkManager-devel
+BuildRequires:  bison
+BuildRequires:  libcap-devel
+BuildRequires:  libedit-devel
+%if %{with syscallfilter}
+%ifarch %{ix86} x86_64 %{arm} aarch64
+BuildRequires:  libseccomp-devel
+%endif
+%endif
+BuildRequires:  mozilla-nss-devel
+BuildRequires:  pkg-config
+BuildRequires:  texinfo
+%if %{with systemd}
+BuildRequires:  pkgconfig(systemd)
+%{?systemd_requires}
+%else
+Requires(pre):  %insserv_prereq
+%endif
 
 Requires(pre):  %fillup_prereq
-Requires(pre):  %insserv_prereq
 Requires(pre):  %install_info_prereq
 Requires(pre):  /usr/sbin/groupadd
 Requires(pre):  /usr/sbin/useradd
+Requires:       logrotate
+Recommends:     timedatex
 
 %description
 Chrony is a pair of programs which are used to maintain the accuracy of the
@@ -50,90 +76,142 @@ as the Chronyd instance it is controlling or a different computer.
 
 %prep
 %setup -q
-%patch1
+%patch -p1
+%patch1 -p1
+%patch2 -p1
+# use our vendor zone (2.*pool.ntp.org names include IPv6 addresses)
+sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \
+        < examples/chrony.conf.example2 > chrony.conf
+
+touch -r examples/chrony.conf.example2 chrony.conf
+
+# regenerate the file from getdate.y
+rm -f getdate.c
 
 %build
 # not autoconf:
-export CC="gcc"
-export CFLAGS="%{optflags} -Wall -fpic -DPIC"
+export CFLAGS="%{optflags} -Wall -fpic -DPIC $(pkg-config --cflags libseccomp)"
 export LDFLAGS="-pie -Wl,-z,relro,-z,now"
-./configure \
-	 --prefix="%{_prefix}" \
-	 --exec-prefix="%{_exec_prefix}" \
-	 --sysconfdir="%{_sysconfdir}" \
-	 --bindir="%{_bindir}" \
-	 --sbindir="%{_sbindir}" \
-	 --datarootdir="%{_datadir}" \
-	 --infodir="%{_infodir}" \
-	 --mandir="%{_mandir}" \
-	 --docdir="%{_docdir}/%{name}"
+%configure                                  \
+  --docdir="%{_docdir}/%{name}"             \
+  %if %{with syscallfilter}
+  --enable-scfilter                         \
+  %endif
+  --with-user=chrony                        \
+  --with-hwclockfile=%{_sysconfdir}/adjtime \
+  --with-sendmail=%{_sbindir}/sendmail
 
-make %{?_smp_mflags}
-make chrony.txt
-make chrony.info
+make %{?_smp_mflags} all docs
+gzip -9 -f -n chrony.txt
 
 %install
-%makeinstall
+%makeinstall install-docs
 rm -rf "%{buildroot}%{_docdir}/%{name}"
 
-install -d "%{buildroot}%{_infodir}"
-install -m0644 chrony.info "%{buildroot}%{_infodir}"/
+mkdir -p %{buildroot}%{_sysconfdir}/{sysconfig,logrotate.d}
+mkdir -p %{buildroot}%{_localstatedir}/{lib,log}/chrony
+mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d
+mkdir -p %{buildroot}%{_sysconfdir}/dhcp/dhclient.d
+mkdir -p %{buildroot}%{_datadir}
+mkdir -p %{buildroot}{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}
 
+install -m 644 -p chrony.conf %{buildroot}%{_sysconfdir}/chrony.conf
+
+install -m 640 -p examples/chrony.keys.example \
+        %{buildroot}%{_sysconfdir}/chrony.keys
+install -m 755 -p examples/chrony.nm-dispatcher \
+        %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony
+install -m 755 -p %{SOURCE3} \
+        %{buildroot}%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
+install -m 644 -p examples/chrony.logrotate \
+        %{buildroot}%{_sysconfdir}/logrotate.d/chrony
+
+%if %{with systemd}
+install -m 644 -p examples/chronyd.service \
+        %{buildroot}%{_unitdir}/chronyd.service
+install -m 644 -p examples/chrony-wait.service \
+        %{buildroot}%{_unitdir}/chrony-wait.service
+install -m 644 -p %{SOURCE5} %{buildroot}%{_unitdir}/chrony-dnssrv@.service
+install -m 644 -p %{SOURCE6} %{buildroot}%{_unitdir}/chrony-dnssrv@.timer
+ln -s /sbin/service "%{buildroot}%{_sbindir}/rcchronyd"
+ln -s /sbin/service "%{buildroot}%{_sbindir}/rcchrony-wait"
+
+echo 'chronyd.service' > \
+        %{buildroot}%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list
+%else
 install -D -m0755 "%{SOURCE1}" "%{buildroot}%{_initddir}/chronyd"
-install -d "%{buildroot}%{_prefix}/sbin"
 ln -s ../../etc/init.d/chronyd "%{buildroot}%{_sbindir}/rcchronyd"
-
+%endif
 install -D -m0644 "%{SOURCE2}" "%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.chronyd"
 
-install -d "%{buildroot}%{_localstatedir}/lib/chrony"
-install -d "%{buildroot}%{_localstatedir}/log/chrony"
+install -m 755 -p %{SOURCE4} %{buildroot}%{_datadir}/chrony-helper
 
-
-%if 0%{?suse_version} >= 1030 && 0%{?suse_version} <= 1140
-h=/usr/share/doc/licenses/md5/$(md5sum COPYING|cut -f1 -d" ")
-test -e "$h" && ln -s -f "$h" .
-%endif
-
-install -d "%{buildroot}%{_sysconfdir}"
-install -m0644 examples/chrony.conf.example "%{buildroot}%{_sysconfdir}/chrony.conf"
-install -m0600 examples/chrony.keys.example "%{buildroot}%{_sysconfdir}/chrony.keys"
-
-%pre
-/usr/sbin/groupadd -r chrony || :
-/usr/sbin/useradd -r -g chrony -c "Chrony Daemon" -d "%{_localstatedir}/lib/chrony" chrony || :
-
-%post
-%{fillup_only -an chronyd}
-%install_info --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}"
-
-%preun
-%stop_on_removal chronyd
-
-%postun
-%restart_on_update chronyd
-%insserv_cleanup
-%install_info_delete --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}"
+touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc}
 
 %clean
 rm -rf %{buildroot}
 
+%pre
+/usr/sbin/groupadd -r chrony || :
+/usr/sbin/useradd -r -g chrony -c "Chrony Daemon" -d "%{_localstatedir}/lib/chrony" chrony || :
+# START BIG SYSTEMD
+%if %{with systemd}
+%service_add_pre chronyd.service chrony-wait.service
+%endif
+
+%preun
+%if %{with systemd}
+%service_del_preun chronyd.service chrony-wait.service
+%else
+%stop_on_removal chronyd
+%endif
+
+%post
+%fillup_only %{name}
+%install_info --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}"
+%if %{with systemd}
+%service_add_post chronyd.service chrony-wait.service
+%endif
+
+%postun
+%install_info_delete --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}"
+%if %{with systemd}
+%service_del_postun chronyd.service chrony-wait.service
+%else
+%restart_on_update chronyd
+%insserv_cleanup
+%endif
+
 %files
 %defattr(-,root,root)
-%doc README chrony.txt COPYING
+%doc FAQ NEWS README chrony.txt* COPYING
 %doc examples
-%config(noreplace) %{_sysconfdir}/chrony.conf
-%config(noreplace) %{_sysconfdir}/chrony.keys
+%config(noreplace) %attr(0640,root,%{name})                             %{_sysconfdir}/chrony.conf
+%config(noreplace) %attr(0640,root,%{name}) %verify(not md5 size mtime) %{_sysconfdir}/chrony.keys
+%config(noreplace)                                                      %{_sysconfdir}/logrotate.d/chrony
+%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony
+%dir %{_sysconfdir}/dhcp/
+%dir %{_sysconfdir}/dhcp/dhclient.d/
+%{_sysconfdir}/dhcp/dhclient.d/chrony.sh
 %{_bindir}/chronyc
 %{_sbindir}/chronyd
-%doc %{_mandir}/man1/chrony.1%{ext_man}
-%doc %{_mandir}/man1/chronyc.1%{ext_man}
-%doc %{_mandir}/man5/chrony.conf.5%{ext_man}
-%doc %{_mandir}/man8/chronyd.8%{ext_man}
-%doc %{_infodir}/chrony.info%{ext_info}
+%{_datadir}/chrony-helper
+%{_mandir}/man1/chronyc.1%{ext_man}
+%{_mandir}/man5/chrony.conf.5%{ext_man}
+%{_mandir}/man8/chronyd.8%{ext_man}
+%{_infodir}/chrony.info*
+%if %{with systemd}
+%{_prefix}/lib/systemd/ntp-units.d/*.list
+%{_unitdir}/chrony*.service
+%{_unitdir}/chrony*.timer
+%else
 %config %{_sysconfdir}/init.d/chronyd
-%{_sbindir}/rcchronyd
+%endif
+%{_sbindir}/rcchrony*
 %{_localstatedir}/adm/fillup-templates/sysconfig.chronyd
-%attr(0750,chrony,chrony) %{_localstatedir}/lib/chrony
-%attr(0750,chrony,chrony) %{_localstatedir}/log/chrony
+%dir   %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony
+%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/drift
+%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/rtc
+%dir   %attr(750,chrony,chrony) %{_localstatedir}/log/chrony
 
 %changelog