[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/

Sam James Mon, 08 Feb 2021 06:54:22 -0800

commit:     9a5c393d884d5e20f95097feca7f98a3499639e6
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Feb  8 14:10:07 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Feb  8 14:54:02 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a5c393d


net-misc/chrony: add note re changes on USE=seccomp install

Users must enable seccomp manually for now at runtime.

Package-Manager: Portage-3.0.14, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-misc/chrony/chrony-4.0-r1.ebuild | 15 ++++++++++++++-
 net-misc/chrony/chrony-9999.ebuild   | 15 ++++++++++++++-
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/net-misc/chrony/chrony-4.0-r1.ebuild 
b/net-misc/chrony/chrony-4.0-r1.ebuild
index e0333b6483f..d663e9cb680 100644
--- a/net-misc/chrony/chrony-4.0-r1.ebuild
+++ b/net-misc/chrony/chrony-4.0-r1.ebuild
@@ -173,10 +173,16 @@ src_install() {
 
 pkg_preinst() {
        HAD_CAPS=false
+       HAD_SECCOMP=false
 
-       if has_version 'net-misc/chrony[caps]'; then
+       if has_version 'net-misc/chrony[caps]' ; then
                HAD_CAPS=true
        fi
+
+       if has_version 'net-misc/chrony[seccomp]' ; then
+               HAD_SECCOMP=true
+       fi
+
 }
 
 pkg_postinst() {
@@ -187,4 +193,11 @@ pkg_postinst() {
                ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
                ewarn "This is necessary for chrony to drop privileges"
        fi
+
+       if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then
+               elog "To enable seccomp in enforcing mode, please modify:"
+               elog "- /etc/conf.d/chronyd for OpenRC"
+               elog "- systemctl edit chronyd for systemd"
+               elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)"
+       fi
 }

diff --git a/net-misc/chrony/chrony-9999.ebuild 
b/net-misc/chrony/chrony-9999.ebuild
index e0333b6483f..d663e9cb680 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -173,10 +173,16 @@ src_install() {
 
 pkg_preinst() {
        HAD_CAPS=false
+       HAD_SECCOMP=false
 
-       if has_version 'net-misc/chrony[caps]'; then
+       if has_version 'net-misc/chrony[caps]' ; then
                HAD_CAPS=true
        fi
+
+       if has_version 'net-misc/chrony[seccomp]' ; then
+               HAD_SECCOMP=true
+       fi
+
 }
 
 pkg_postinst() {
@@ -187,4 +193,11 @@ pkg_postinst() {
                ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
                ewarn "This is necessary for chrony to drop privileges"
        fi
+
+       if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then
+               elog "To enable seccomp in enforcing mode, please modify:"
+               elog "- /etc/conf.d/chronyd for OpenRC"
+               elog "- systemctl edit chronyd for systemd"
+               elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)"
+       fi
 }

[gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/

Reply via email to