From 83aa68ed96e099efa4b7f3e25be5eaafd5ceb9066336ab3fe00fcc49812179b5 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 26 Nov 2015 08:03:25 +0000 Subject: [PATCH] Accepting request 346314 from home:darix:branches:network:time - update to 2.2 see /usr/share/doc/packages/chrony/NEWS - sync with fedora spec and add systemd support - refreshed chrony-config.patch to apply cleanly again - added chrony-2.2_logrotate.patch: add missing su option as we no longer have the daemon run as root. - added chrony-service-helper.patch: imported from fedora with a changed path for moving from libexecdir to datadir - only use syscall filters on 12.3 and newer - move helper from libexecdir to datadir OBS-URL: https://build.opensuse.org/request/show/346314 OBS-URL: https://build.opensuse.org/package/show/network:time/chrony?expand=0&rev=6 --- chrony-1.29.1.tar.gz | 3 - chrony-2.2.tar.gz | 3 + chrony-2.2_logrotate.patch | 10 ++ chrony-config.patch | 27 +++-- chrony-dnssrv@.service | 8 ++ chrony-dnssrv@.timer | 9 ++ chrony-service-helper.patch | 12 ++ chrony.changes | 14 +++ chrony.dhclient | 20 ++++ chrony.helper | 186 ++++++++++++++++++++++++++++++ chrony.spec | 222 ++++++++++++++++++++++++------------ 11 files changed, 428 insertions(+), 86 deletions(-) delete mode 100644 chrony-1.29.1.tar.gz create mode 100644 chrony-2.2.tar.gz create mode 100644 chrony-2.2_logrotate.patch create mode 100644 chrony-dnssrv@.service create mode 100644 chrony-dnssrv@.timer create mode 100644 chrony-service-helper.patch create mode 100644 chrony.dhclient create mode 100644 chrony.helper diff --git a/chrony-1.29.1.tar.gz b/chrony-1.29.1.tar.gz deleted file mode 100644 index cab0a65..0000000 --- a/chrony-1.29.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:658c9bb4d8c8d8ec7d0908429aa266e5f8413ba86bd4acbfd2f9669f6065af27 -size 392889 diff --git a/chrony-2.2.tar.gz b/chrony-2.2.tar.gz new file mode 100644 index 0000000..bf67a27 --- /dev/null +++ b/chrony-2.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d3fd820fa63badf54ee0e48a649b94ea739df3aac5efa104bd90f89795aa2485 +size 340285 diff --git a/chrony-2.2_logrotate.patch b/chrony-2.2_logrotate.patch new file mode 100644 index 0000000..2be9b03 --- /dev/null +++ b/chrony-2.2_logrotate.patch @@ -0,0 +1,10 @@ +Index: chrony-2.2/examples/chrony.logrotate +=================================================================== +--- chrony-2.2.orig/examples/chrony.logrotate ++++ chrony-2.2/examples/chrony.logrotate +@@ -1,4 +1,5 @@ + /var/log/chrony/*.log { ++ su chrony chrony + missingok + nocreate + sharedscripts diff --git a/chrony-config.patch b/chrony-config.patch index 898aed4..804072e 100644 --- a/chrony-config.patch +++ b/chrony-config.patch @@ -1,11 +1,16 @@ -Index: examples/chrony.conf.example +Index: chrony-2.2/examples/chrony.conf.example3 =================================================================== ---- examples/chrony.conf.example.orig 2014-02-24 17:46:48.776464049 +0100 -+++ examples/chrony.conf.example 2014-02-24 17:51:15.983463576 +0100 -@@ -46,7 +46,37 @@ - ! server 0.pool.ntp.org iburst - ! server 1.pool.ntp.org iburst - ! server 2.pool.ntp.org iburst +--- chrony-2.2.orig/examples/chrony.conf.example3 ++++ chrony-2.2/examples/chrony.conf.example3 +@@ -43,12 +43,38 @@ + # you can access at http://support.ntp.org/bin/view/Servers/WebHome or + # you can use servers from the pool.ntp.org project. + +-! server foo.example.net iburst +-! server bar.example.net iburst +-! server baz.example.net iburst +- + ! pool pool.ntp.org iburst - + +# for Europe: @@ -41,16 +46,16 @@ Index: examples/chrony.conf.example # However, for dial-up use you probably want these instead. The word # 'offline' means that the server is not visible at boot time. Use # chronyc's 'online' command to tell chronyd that these servers have -@@ -89,7 +119,7 @@ +@@ -93,7 +119,7 @@ # immediately so that it doesn't gain or lose any more time. You # generally want this, so it is uncommented. -driftfile /var/lib/chrony/drift +driftfile /var/lib/chrony/chrony.drift - # If you want to use the program called chronyc to configure aspects of - # chronyd's operation once it is running (e.g. tell it the Internet link -@@ -152,8 +182,8 @@ commandkey 1 + # If you want to enable NTP authentication with symmetric keys, you will need + # to uncomment the following line and edit the file to set up the keys. +@@ -146,8 +172,8 @@ driftfile /var/lib/chrony/drift # produce some graphs of your system's timekeeping performance, or you # need help in debugging a problem. diff --git a/chrony-dnssrv@.service b/chrony-dnssrv@.service new file mode 100644 index 0000000..9400c88 --- /dev/null +++ b/chrony-dnssrv@.service @@ -0,0 +1,8 @@ +[Unit] +Description=DNS SRV lookup of %I for chrony +After=chronyd.service network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/share/chrony-helper update-dnssrv-servers %I diff --git a/chrony-dnssrv@.timer b/chrony-dnssrv@.timer new file mode 100644 index 0000000..6da8635 --- /dev/null +++ b/chrony-dnssrv@.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Periodic DNS SRV lookup of %I for chrony + +[Timer] +OnActiveSec=0 +OnUnitInactiveSec=1h + +[Install] +WantedBy=timers.target diff --git a/chrony-service-helper.patch b/chrony-service-helper.patch new file mode 100644 index 0000000..8e5875b --- /dev/null +++ b/chrony-service-helper.patch @@ -0,0 +1,12 @@ +Index: chrony-2.2/examples/chronyd.service +=================================================================== +--- chrony-2.2.orig/examples/chronyd.service ++++ chrony-2.2/examples/chronyd.service +@@ -8,6 +8,7 @@ Type=forking + PIDFile=/var/run/chronyd.pid + EnvironmentFile=-/etc/sysconfig/chronyd + ExecStart=/usr/sbin/chronyd $OPTIONS ++ExecStartPost=/usr/share/chrony-helper update-daemon + + [Install] + WantedBy=multi-user.target diff --git a/chrony.changes b/chrony.changes index 912cd6e..4ee91f6 100644 --- a/chrony.changes +++ b/chrony.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Thu Nov 26 01:13:52 UTC 2015 - mrueckert@suse.de + +- update to 2.2 + see /usr/share/doc/packages/chrony/NEWS +- sync with fedora spec and add systemd support +- refreshed chrony-config.patch to apply cleanly again +- added chrony-2.2_logrotate.patch: add missing su option as we no + longer have the daemon run as root. +- added chrony-service-helper.patch: imported from fedora with a + changed path for moving from libexecdir to datadir +- only use syscall filters on 12.3 and newer +- move helper from libexecdir to datadir + ------------------------------------------------------------------- Mon Feb 24 17:21:35 UTC 2014 - mrueckert@suse.de diff --git a/chrony.dhclient b/chrony.dhclient new file mode 100644 index 0000000..f590e26 --- /dev/null +++ b/chrony.dhclient @@ -0,0 +1,20 @@ +#!/bin/bash + +SERVERFILE=$SAVEDIR/chrony.servers.$interface + +chrony_config() { + rm -f $SERVERFILE + if [ "$PEERNTP" != "no" ]; then + for server in $new_ntp_servers; do + echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE + done + /usr/share/chrony-helper update-daemon || : + fi +} + +chrony_restore() { + if [ -f $SERVERFILE ]; then + rm -f $SERVERFILE + /usr/share/chrony-helper update-daemon || : + fi +} diff --git a/chrony.helper b/chrony.helper new file mode 100644 index 0000000..a9c802b --- /dev/null +++ b/chrony.helper @@ -0,0 +1,186 @@ +#!/bin/bash +# This script configures running chronyd to use NTP servers obtained from +# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed +# externally (e.g. by a dhclient script). Files with servers from DNS SRV +# records are updated here using the dig utility. + +chronyc=/usr/bin/chronyc +helper_dir=/var/run/chrony-helper +added_servers_file=$helper_dir/added_servers + +network_sysconfig_file=/etc/sysconfig/network +dhclient_servers_files=/var/lib/dhclient/chrony.servers.* +dnssrv_servers_files=$helper_dir/dnssrv@* +dnssrv_timer_prefix=chrony-dnssrv@ + +chrony_command() { + $chronyc -a -n -m "$1" +} + +is_running() { + chrony_command "tracking" &> /dev/null +} + +is_update_needed() { + for file in $dhclient_servers_files $dnssrv_servers_files \ + $added_servers_file; do + [ -e "$file" ] && return 0 + done + return 1 +} + +update_daemon() { + local all_servers_with_args all_servers added_servers + + if ! is_running; then + rm -f $added_servers_file + return 0 + fi + + all_servers_with_args=$( + cat $dhclient_servers_files $dnssrv_servers_files 2> /dev/null) + + all_servers=$( + echo "$all_servers_with_args" | + while read server serverargs; do + echo "$server" + done | sort -u) + added_servers=$( ( + cat $added_servers_file 2> /dev/null + echo "$all_servers_with_args" | + while read server serverargs; do + [ -z "$server" ] && continue + chrony_command "add server $server $serverargs" &> /dev/null && + echo "$server" + done) | sort -u) + + comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | + while read server; do + chrony_command "delete $server" &> /dev/null + done + + added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) + + [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || + rm -f $added_servers_file +} + +get_dnssrv_servers() { + local name=$1 + + if ! command -v dig &> /dev/null; then + echo "Missing dig (DNS lookup utility)" >&2 + return 1 + fi + + ( + . $network_sysconfig_file &> /dev/null + + output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) + [ $? -ne 0 ] && return 0 + + echo "$output" | while read prio weight port target; do + server=${target%.} + [ -z "$server" ] && continue + echo "$server port $port ${NTPSERVERARGS:-iburst}" + done + ) +} + +check_dnssrv_name() { + local name=$1 + + if [ -z "$name" ]; then + echo "No DNS SRV name specified" >&2 + return 1 + fi + + if [ "${name:0:9}" != _ntp._udp ]; then + echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 + return 1 + fi +} + +update_dnssrv_servers() { + local name=$1 + local srv_file=$helper_dir/dnssrv@$name servers + + check_dnssrv_name "$name" || return 1 + + servers=$(get_dnssrv_servers "$name") + [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" +} + +set_dnssrv_timer() { + local state=$1 name=$2 + local srv_file=$helper_dir/dnssrv@$name servers + local timer=$dnssrv_timer_prefix$name.timer + + check_dnssrv_name "$name" || return 1 + + if [ "$state" = enable ]; then + systemctl enable "$timer" + systemctl start "$timer" + elif [ "$state" = disable ]; then + systemctl stop "$timer" + systemctl disable "$timer" + rm -f "$srv_file" + fi +} + +list_dnssrv_timers() { + systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ + sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" +} + +prepare_helper_dir() { + mkdir -p $helper_dir + exec 100> $helper_dir/lock + if ! flock -w 20 100; then + echo "Failed to lock $helper_dir" >&2 + return 1 + fi +} + +print_help() { + echo "Usage: $0 COMMAND" + echo + echo "Commands:" + echo " update-daemon" + echo " update-dnssrv-servers NAME" + echo " enable-dnssrv NAME" + echo " disable-dnssrv NAME" + echo " list-dnssrv" + echo " is-running" + echo " command CHRONYC-COMMAND" +} + +case "$1" in + update-daemon|add-dhclient-servers|remove-dhclient-servers) + is_update_needed || exit 0 + prepare_helper_dir && update_daemon + ;; + update-dnssrv-servers) + prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon + ;; + enable-dnssrv) + set_dnssrv_timer enable "$2" + ;; + disable-dnssrv) + set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon + ;; + list-dnssrv) + list_dnssrv_timers + ;; + is-running) + is_running + ;; + command|forced-command) + chrony_command "$2" + ;; + *) + print_help + exit 2 +esac + +exit $? diff --git a/chrony.spec b/chrony.spec index 1ca70fa..9cb8ed8 100644 --- a/chrony.spec +++ b/chrony.spec @@ -2,8 +2,17 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%if 0%{?suse_version} > 1230 || 0%{?rhel_version} > 600 || 0%{?centos_version} > 600 || 0%{?fedora_version} >= 20 || 0%{?el7}%{?fc20}%{?fc21}%{?fc22} +%bcond_without systemd +%bcond_without syscallfilter +%else +%bcond_with systemd +%bcond_with syscallfilter +%endif + +%define vendorzone opensuse. Name: chrony -Version: 1.29.1 +Version: 2.2 Release: 0 License: GPL-2.0+ Summary: System Clock Synchronization Client and Server @@ -12,25 +21,42 @@ Group: Productivity/Networking/Other Source: http://download.tuxfamily.org/chrony/chrony-%{version}.tar.gz Source1: chrony.init Source2: chrony.sysconfig +Source3: chrony.dhclient +Source4: chrony.helper +Source5: chrony-dnssrv@.service +Source6: chrony-dnssrv@.timer # PATCH-MISSING-TAG -- See http://wiki.opensuse.org/openSUSE:Packaging_Patches_guidelines -Patch1: chrony-config.patch -BuildRequires: gcc -BuildRequires: glibc-devel -BuildRequires: libcap-devel -BuildRequires: make -BuildRequires: mozilla-nss-devel -BuildRequires: ncurses-devel -BuildRequires: pkg-config -BuildRequires: readline-devel -BuildRequires: texinfo +Patch: chrony-config.patch +# add NTP servers from DHCP when starting service +Patch1: chrony-service-helper.patch +Patch2: chrony-2.2_logrotate.patch +# BuildRoot: %{_tmppath}/%{name}-%{version}-build - +BuildRequires: NetworkManager-devel +BuildRequires: bison +BuildRequires: libcap-devel +BuildRequires: libedit-devel +%if %{with syscallfilter} +%ifarch %{ix86} x86_64 %{arm} aarch64 +BuildRequires: libseccomp-devel +%endif +%endif +BuildRequires: mozilla-nss-devel +BuildRequires: pkg-config +BuildRequires: texinfo +%if %{with systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%else +Requires(pre): %insserv_prereq +%endif Requires(pre): %fillup_prereq -Requires(pre): %insserv_prereq Requires(pre): %install_info_prereq Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/useradd +Requires: logrotate +Recommends: timedatex %description Chrony is a pair of programs which are used to maintain the accuracy of the @@ -50,90 +76,142 @@ as the Chronyd instance it is controlling or a different computer. %prep %setup -q -%patch1 +%patch -p1 +%patch1 -p1 +%patch2 -p1 +# use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) +sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ + < examples/chrony.conf.example2 > chrony.conf + +touch -r examples/chrony.conf.example2 chrony.conf + +# regenerate the file from getdate.y +rm -f getdate.c %build # not autoconf: -export CC="gcc" -export CFLAGS="%{optflags} -Wall -fpic -DPIC" +export CFLAGS="%{optflags} -Wall -fpic -DPIC $(pkg-config --cflags libseccomp)" export LDFLAGS="-pie -Wl,-z,relro,-z,now" -./configure \ - --prefix="%{_prefix}" \ - --exec-prefix="%{_exec_prefix}" \ - --sysconfdir="%{_sysconfdir}" \ - --bindir="%{_bindir}" \ - --sbindir="%{_sbindir}" \ - --datarootdir="%{_datadir}" \ - --infodir="%{_infodir}" \ - --mandir="%{_mandir}" \ - --docdir="%{_docdir}/%{name}" +%configure \ + --docdir="%{_docdir}/%{name}" \ + %if %{with syscallfilter} + --enable-scfilter \ + %endif + --with-user=chrony \ + --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-sendmail=%{_sbindir}/sendmail -make %{?_smp_mflags} -make chrony.txt -make chrony.info +make %{?_smp_mflags} all docs +gzip -9 -f -n chrony.txt %install -%makeinstall +%makeinstall install-docs rm -rf "%{buildroot}%{_docdir}/%{name}" -install -d "%{buildroot}%{_infodir}" -install -m0644 chrony.info "%{buildroot}%{_infodir}"/ +mkdir -p %{buildroot}%{_sysconfdir}/{sysconfig,logrotate.d} +mkdir -p %{buildroot}%{_localstatedir}/{lib,log}/chrony +mkdir -p %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d +mkdir -p %{buildroot}%{_sysconfdir}/dhcp/dhclient.d +mkdir -p %{buildroot}%{_datadir} +mkdir -p %{buildroot}{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} +install -m 644 -p chrony.conf %{buildroot}%{_sysconfdir}/chrony.conf + +install -m 640 -p examples/chrony.keys.example \ + %{buildroot}%{_sysconfdir}/chrony.keys +install -m 755 -p examples/chrony.nm-dispatcher \ + %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +install -m 755 -p %{SOURCE3} \ + %{buildroot}%{_sysconfdir}/dhcp/dhclient.d/chrony.sh +install -m 644 -p examples/chrony.logrotate \ + %{buildroot}%{_sysconfdir}/logrotate.d/chrony + +%if %{with systemd} +install -m 644 -p examples/chronyd.service \ + %{buildroot}%{_unitdir}/chronyd.service +install -m 644 -p examples/chrony-wait.service \ + %{buildroot}%{_unitdir}/chrony-wait.service +install -m 644 -p %{SOURCE5} %{buildroot}%{_unitdir}/chrony-dnssrv@.service +install -m 644 -p %{SOURCE6} %{buildroot}%{_unitdir}/chrony-dnssrv@.timer +ln -s /sbin/service "%{buildroot}%{_sbindir}/rcchronyd" +ln -s /sbin/service "%{buildroot}%{_sbindir}/rcchrony-wait" + +echo 'chronyd.service' > \ + %{buildroot}%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list +%else install -D -m0755 "%{SOURCE1}" "%{buildroot}%{_initddir}/chronyd" -install -d "%{buildroot}%{_prefix}/sbin" ln -s ../../etc/init.d/chronyd "%{buildroot}%{_sbindir}/rcchronyd" - +%endif install -D -m0644 "%{SOURCE2}" "%{buildroot}%{_localstatedir}/adm/fillup-templates/sysconfig.chronyd" -install -d "%{buildroot}%{_localstatedir}/lib/chrony" -install -d "%{buildroot}%{_localstatedir}/log/chrony" +install -m 755 -p %{SOURCE4} %{buildroot}%{_datadir}/chrony-helper - -%if 0%{?suse_version} >= 1030 && 0%{?suse_version} <= 1140 -h=/usr/share/doc/licenses/md5/$(md5sum COPYING|cut -f1 -d" ") -test -e "$h" && ln -s -f "$h" . -%endif - -install -d "%{buildroot}%{_sysconfdir}" -install -m0644 examples/chrony.conf.example "%{buildroot}%{_sysconfdir}/chrony.conf" -install -m0600 examples/chrony.keys.example "%{buildroot}%{_sysconfdir}/chrony.keys" - -%pre -/usr/sbin/groupadd -r chrony || : -/usr/sbin/useradd -r -g chrony -c "Chrony Daemon" -d "%{_localstatedir}/lib/chrony" chrony || : - -%post -%{fillup_only -an chronyd} -%install_info --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}" - -%preun -%stop_on_removal chronyd - -%postun -%restart_on_update chronyd -%insserv_cleanup -%install_info_delete --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}" +touch %{buildroot}%{_localstatedir}/lib/chrony/{drift,rtc} %clean rm -rf %{buildroot} +%pre +/usr/sbin/groupadd -r chrony || : +/usr/sbin/useradd -r -g chrony -c "Chrony Daemon" -d "%{_localstatedir}/lib/chrony" chrony || : +# START BIG SYSTEMD +%if %{with systemd} +%service_add_pre chronyd.service chrony-wait.service +%endif + +%preun +%if %{with systemd} +%service_del_preun chronyd.service chrony-wait.service +%else +%stop_on_removal chronyd +%endif + +%post +%fillup_only %{name} +%install_info --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}" +%if %{with systemd} +%service_add_post chronyd.service chrony-wait.service +%endif + +%postun +%install_info_delete --info-dir="%{_infodir}" "%{_infodir}/chrony.info%{ext_info}" +%if %{with systemd} +%service_del_postun chronyd.service chrony-wait.service +%else +%restart_on_update chronyd +%insserv_cleanup +%endif + %files %defattr(-,root,root) -%doc README chrony.txt COPYING +%doc FAQ NEWS README chrony.txt* COPYING %doc examples -%config(noreplace) %{_sysconfdir}/chrony.conf -%config(noreplace) %{_sysconfdir}/chrony.keys +%config(noreplace) %attr(0640,root,%{name}) %{_sysconfdir}/chrony.conf +%config(noreplace) %attr(0640,root,%{name}) %verify(not md5 size mtime) %{_sysconfdir}/chrony.keys +%config(noreplace) %{_sysconfdir}/logrotate.d/chrony +%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony +%dir %{_sysconfdir}/dhcp/ +%dir %{_sysconfdir}/dhcp/dhclient.d/ +%{_sysconfdir}/dhcp/dhclient.d/chrony.sh %{_bindir}/chronyc %{_sbindir}/chronyd -%doc %{_mandir}/man1/chrony.1%{ext_man} -%doc %{_mandir}/man1/chronyc.1%{ext_man} -%doc %{_mandir}/man5/chrony.conf.5%{ext_man} -%doc %{_mandir}/man8/chronyd.8%{ext_man} -%doc %{_infodir}/chrony.info%{ext_info} +%{_datadir}/chrony-helper +%{_mandir}/man1/chronyc.1%{ext_man} +%{_mandir}/man5/chrony.conf.5%{ext_man} +%{_mandir}/man8/chronyd.8%{ext_man} +%{_infodir}/chrony.info* +%if %{with systemd} +%{_prefix}/lib/systemd/ntp-units.d/*.list +%{_unitdir}/chrony*.service +%{_unitdir}/chrony*.timer +%else %config %{_sysconfdir}/init.d/chronyd -%{_sbindir}/rcchronyd +%endif +%{_sbindir}/rcchrony* %{_localstatedir}/adm/fillup-templates/sysconfig.chronyd -%attr(0750,chrony,chrony) %{_localstatedir}/lib/chrony -%attr(0750,chrony,chrony) %{_localstatedir}/log/chrony +%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/drift +%ghost %attr(640,chrony,chrony) %{_localstatedir}/lib/chrony/rtc +%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog