diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/.gitignore b/.gitignore index 6d8cbb5..4d608e1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -/chrony-3.5.tar.gz -/clknetsim-3f5ef9.tar.gz +/chrony-4.8-tar-gz-asc.txt +/chrony-4.8.tar.gz +/clknetsim-6ee99f50dec8.tar.gz diff --git a/chrony-dnssrv@.service b/chrony-dnssrv@.service deleted file mode 100644 index 139ed28..0000000 --- a/chrony-dnssrv@.service +++ /dev/null @@ -1,8 +0,0 @@ -[Unit] -Description=DNS SRV lookup of %I for chrony -After=chronyd.service network-online.target -Wants=network-online.target - -[Service] -Type=oneshot -ExecStart=/usr/libexec/chrony-helper update-dnssrv-servers %I diff --git a/chrony-dnssrv@.timer b/chrony-dnssrv@.timer deleted file mode 100644 index 8495e01..0000000 --- a/chrony-dnssrv@.timer +++ /dev/null @@ -1,9 +0,0 @@ -[Unit] -Description=Periodic DNS SRV lookup of %I for chrony - -[Timer] -OnActiveSec=0 -OnUnitInactiveSec=1h - -[Install] -WantedBy=timers.target diff --git a/chrony-nm-dispatcher-dhcp.patch b/chrony-nm-dispatcher-dhcp.patch new file mode 100644 index 0000000..dd9fc2a --- /dev/null +++ b/chrony-nm-dispatcher-dhcp.patch @@ -0,0 +1,39 @@ +From: Robert Fairley +Date: Wed, 17 Jun 2020 10:14:19 -0400 +Subject: [PATCH] examples/nm-dispatcher.dhcp: use sysconfig + +Use the PEERNTP and NTPSERVERARGS environment variables from +/etc/sysconfig/network{-scripts}. + +Co-Authored-By: Christian Glombek + +diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher.dhcp +index 6ea4c37..a6ad35a 100644 +--- a/examples/chrony.nm-dispatcher.dhcp ++++ b/examples/chrony.nm-dispatcher.dhcp +@@ -8,15 +8,23 @@ export LC_ALL=C + interface=$1 + action=$2 + ++[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network ++[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ ++ . /etc/sysconfig/network-scripts/ifcfg-"${interface}" ++ + chronyc=/usr/bin/chronyc +-server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_options=${NTPSERVERARGS:-iburst} ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" + + add_servers_from_dhcp() { + rm -f "$dhcp_server_file" ++ ++ # Don't add NTP servers if PEERNTP=no specified; return early. ++ [ "$PEERNTP" = "no" ] && return ++ + for server in $dhcp_ntp_servers; do + # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) + len1=$(printf '%s' "$server" | wc -c) diff --git a/chrony-seccomp.patch b/chrony-seccomp.patch new file mode 100644 index 0000000..c8f79ae --- /dev/null +++ b/chrony-seccomp.patch @@ -0,0 +1,194 @@ +commit 03875f1ea5c4c0eeeb30a7d1fc5fdd53236f4ac2 +Author: Miroslav Lichvar +Date: Tue Oct 21 14:06:38 2025 +0200 + + sys_linux: allow ioctl(TCGETS2) in seccomp filter + + Add TCGETS2 to the list of allowed ioctls. It seems to be called by the + latest glibc version from isatty(), which is called from libpcsclite + used by gnutls in an NTS-KE session. + + Include the linux termios header instead of glibc header to get a usable + definition of TCGETS2. + +diff --git a/sys_linux.c b/sys_linux.c +index ca5540f2..e20e459d 100644 +--- a/sys_linux.c ++++ b/sys_linux.c +@@ -48,7 +48,7 @@ + #ifdef FEAT_SCFILTER + #include + #include +-#include ++#include + #ifdef FEAT_PPS + #include + #endif +@@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL }; + + const static unsigned long ioctls[] = { +- FIONREAD, TCGETS, TIOCGWINSZ, ++ FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ, + #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING) + PTP_EXTTS_REQUEST, PTP_SYS_OFFSET, + #ifdef PTP_PIN_SETFUNC +commit 3c39afa13c769452d4c340bfc987e229b7c9caeb +Author: Miroslav Lichvar +Date: Wed Oct 22 10:53:11 2025 +0200 + + sys_linux: fix building with older compilers and some archs + + The recent replacement of with to get + TCGETS2 seems to work only with compilers (or C standards) that allow + the same structure to be defined multiple times. There is a conflict + between and . + + Another problem is that TCGETS2 is not used on some archs like ppc64. + + Switch back to and move TCGETS2 to a list in a separate + file where it can be compiled without . + + Fixes: 03875f1ea5c4 ("sys_linux: allow ioctl(TCGETS2) in seccomp filter") + +diff --git a/configure b/configure +index 195b1ed7..ca64475d 100755 +--- a/configure ++++ b/configure +@@ -808,6 +808,7 @@ then + # a time and the async resolver would block the main thread + priv_ops="NAME2IPADDRESS RELOADDNS" + EXTRA_LIBS="$EXTRA_LIBS -lseccomp" ++ EXTRA_OBJECTS="$EXTRA_OBJECTS sys_linux_scmp.o" + fi + + if [ "x$priv_ops" != "x" ]; then +diff --git a/sys_linux.c b/sys_linux.c +index e20e459d..89eec950 100644 +--- a/sys_linux.c ++++ b/sys_linux.c +@@ -48,7 +48,7 @@ + #ifdef FEAT_SCFILTER + #include + #include +-#include ++#include + #ifdef FEAT_PPS + #include + #endif +@@ -63,6 +63,7 @@ + #endif + + #include "sys_linux.h" ++#include "sys_linux_scmp.h" + #include "sys_timex.h" + #include "conf.h" + #include "local.h" +@@ -615,7 +616,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL }; + + const static unsigned long ioctls[] = { +- FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ, ++ FIONREAD, TCGETS, TIOCGWINSZ, + #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING) + PTP_EXTTS_REQUEST, PTP_SYS_OFFSET, + #ifdef PTP_PIN_SETFUNC +@@ -728,6 +729,14 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) + SCMP_A1(SCMP_CMP_EQ, ioctls[i])) < 0) + goto add_failed; + } ++ ++ /* Allow selected ioctls that need to be specified in a separate ++ file to avoid conflicting headers (e.g. TCGETS2) */ ++ for (i = 0; SYS_Linux_GetExtraScmpIoctl(i) != 0; i++) { ++ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, ++ SCMP_A1(SCMP_CMP_EQ, SYS_Linux_GetExtraScmpIoctl(i))) < 0) ++ goto add_failed; ++ } + } + + if (seccomp_load(ctx) < 0) +diff --git a/sys_linux_scmp.c b/sys_linux_scmp.c +new file mode 100644 +index 00000000..a907a97d +--- /dev/null ++++ b/sys_linux_scmp.c +@@ -0,0 +1,44 @@ ++/* ++ chronyd/chronyc - Programs for keeping computer clocks accurate. ++ ++ ********************************************************************** ++ * Copyright (C) Miroslav Lichvar 2025 ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of version 2 of the GNU General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ * ++ ********************************************************************** ++ ++ ======================================================================= ++ ++ Lists of values that are needed in seccomp filters but need to ++ be compiled separately from sys_linux.c due to conflicting headers. ++ */ ++ ++#include ++ ++#include "sys_linux_scmp.h" ++ ++unsigned long ++SYS_Linux_GetExtraScmpIoctl(int index) ++{ ++ const unsigned long ioctls[] = { ++#ifdef TCGETS2 ++ /* Conflict between and */ ++ TCGETS2, ++#endif ++ 0 ++ }; ++ ++ return ioctls[index]; ++} +diff --git a/sys_linux_scmp.h b/sys_linux_scmp.h +new file mode 100644 +index 00000000..62a9d548 +--- /dev/null ++++ b/sys_linux_scmp.h +@@ -0,0 +1,28 @@ ++/* ++ chronyd/chronyc - Programs for keeping computer clocks accurate. ++ ++ ********************************************************************** ++ * Copyright (C) Miroslav Lichvar 2025 ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of version 2 of the GNU General Public License as ++ * published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, but ++ * WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License along ++ * with this program; if not, write to the Free Software Foundation, Inc., ++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ * ++ ********************************************************************** ++ ++ ======================================================================= ++ ++ Header file for lists that are needed in seccomp filters but need to ++ be compiled separately from sys_linux.c due to conflicting headers. ++ */ ++ ++extern unsigned long SYS_Linux_GetExtraScmpIoctl(int index); diff --git a/chrony-service-helper.patch b/chrony-service-helper.patch deleted file mode 100644 index 6376e0b..0000000 --- a/chrony-service-helper.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up chrony-3.5/examples/chronyd.service.service-helper chrony-3.5/examples/chronyd.service ---- chrony-3.5/examples/chronyd.service.service-helper 2019-05-10 12:22:57.000000000 +0200 -+++ chrony-3.5/examples/chronyd.service 2019-05-14 13:42:38.069516800 +0200 -@@ -10,6 +10,7 @@ Type=forking - PIDFile=/run/chrony/chronyd.pid - EnvironmentFile=-/etc/sysconfig/chronyd - ExecStart=/usr/sbin/chronyd $OPTIONS -+ExecStartPost=/usr/libexec/chrony-helper update-daemon - PrivateTmp=yes - ProtectHome=yes - ProtectSystem=full diff --git a/chrony-servicedirs.patch b/chrony-servicedirs.patch new file mode 100644 index 0000000..e806dc9 --- /dev/null +++ b/chrony-servicedirs.patch @@ -0,0 +1,18 @@ +diff -up chrony-4.7/examples/chronyd.service.servicedirs chrony-4.7/examples/chronyd.service +--- chrony-4.7/examples/chronyd.service.servicedirs 2025-06-11 15:06:19.000000000 +0200 ++++ chrony-4.7/examples/chronyd.service 2025-07-10 12:06:57.354215498 +0200 +@@ -10,7 +10,13 @@ Type=notify + PIDFile=/run/chrony/chronyd.pid + Environment="OPTIONS=" + EnvironmentFile=-/etc/sysconfig/chronyd +-ExecStart=/usr/sbin/chronyd -n $OPTIONS ++ExecStart=!/usr/sbin/chronyd -n $OPTIONS ++ ++User=chrony ++LogsDirectory=chrony ++LogsDirectoryMode=0750 ++StateDirectory=chrony ++StateDirectoryMode=0750 + + CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE + CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE diff --git a/chrony.dhclient b/chrony.dhclient index 8b12441..3fe9e92 100644 --- a/chrony.dhclient +++ b/chrony.dhclient @@ -1,20 +1,27 @@ #!/bin/bash -SERVERFILE=$SAVEDIR/chrony.servers.$interface +CHRONY_SOURCEDIR=/run/chrony-dhcp +SERVERFILE=$CHRONY_SOURCEDIR/$interface.sources chrony_config() { - rm -f $SERVERFILE + # Disable modifications if called from a NM dispatcher script + [ -n "$NM_DISPATCHER_ACTION" ] && return 0 + + rm -f "$SERVERFILE" if [ "$PEERNTP" != "no" ]; then + mkdir -p $CHRONY_SOURCEDIR for server in $new_ntp_servers; do - echo "$server ${NTPSERVERARGS:-iburst}" >> $SERVERFILE + echo "server $server ${NTPSERVERARGS:-iburst}" >> "$SERVERFILE" done - /usr/libexec/chrony-helper update-daemon || : + /usr/bin/chronyc reload sources > /dev/null 2>&1 || : fi } chrony_restore() { - if [ -f $SERVERFILE ]; then - rm -f $SERVERFILE - /usr/libexec/chrony-helper update-daemon || : + [ -n "$NM_DISPATCHER_ACTION" ] && return 0 + + if [ -f "$SERVERFILE" ]; then + rm -f "$SERVERFILE" + /usr/bin/chronyc reload sources > /dev/null 2>&1 || : fi } diff --git a/chrony.helper b/chrony.helper deleted file mode 100644 index ef1a4e9..0000000 --- a/chrony.helper +++ /dev/null @@ -1,252 +0,0 @@ -#!/bin/bash -# This script configures running chronyd to use NTP servers obtained from -# DHCP and _ntp._udp DNS SRV records. Files with servers from DHCP are managed -# externally (e.g. by a dhclient script). Files with servers from DNS SRV -# records are updated here using the dig utility. The script can also list -# and set static sources in the chronyd configuration file. - -chronyc=/usr/bin/chronyc -chrony_conf=/etc/chrony.conf -chrony_service=chronyd.service -helper_dir=/var/run/chrony-helper -added_servers_file=$helper_dir/added_servers - -network_sysconfig_file=/etc/sysconfig/network -dhclient_servers_files=/var/lib/dhclient/chrony.servers.* -dnssrv_servers_files=$helper_dir/dnssrv@* -dnssrv_timer_prefix=chrony-dnssrv@ - -. $network_sysconfig_file &> /dev/null - -chrony_command() { - $chronyc -a -n -m "$1" -} - -is_running() { - chrony_command "tracking" &> /dev/null -} - -get_servers_files() { - [ "$PEERNTP" != "no" ] && echo "$dhclient_servers_files" - echo "$dnssrv_servers_files" -} - -is_update_needed() { - for file in $(get_servers_files) $added_servers_file; do - [ -e "$file" ] && return 0 - done - return 1 -} - -update_daemon() { - local all_servers_with_args all_servers added_servers - - if ! is_running; then - rm -f $added_servers_file - return 0 - fi - - all_servers_with_args=$(cat $(get_servers_files) 2> /dev/null) - - all_servers=$( - echo "$all_servers_with_args" | - while read server serverargs; do - echo "$server" - done | sort -u) - added_servers=$( ( - cat $added_servers_file 2> /dev/null - echo "$all_servers_with_args" | - while read server serverargs; do - [ -z "$server" ] && continue - chrony_command "add server $server $serverargs" &> /dev/null && - echo "$server" - done) | sort -u) - - comm -23 <(echo -n "$added_servers") <(echo -n "$all_servers") | - while read server; do - chrony_command "delete $server" &> /dev/null - done - - added_servers=$(comm -12 <(echo -n "$added_servers") <(echo -n "$all_servers")) - - [ -n "$added_servers" ] && echo "$added_servers" > $added_servers_file || - rm -f $added_servers_file -} - -get_dnssrv_servers() { - local name=$1 output - - if ! command -v dig &> /dev/null; then - echo "Missing dig (DNS lookup utility)" >&2 - return 1 - fi - - output=$(dig "$name" srv +short +ndots=2 +search 2> /dev/null) - [ $? -ne 0 ] && return 0 - - echo "$output" | while read prio weight port target; do - server=${target%.} - [ -z "$server" ] && continue - echo "$server port $port ${NTPSERVERARGS:-iburst}" - done -} - -check_dnssrv_name() { - local name=$1 - - if [ -z "$name" ]; then - echo "No DNS SRV name specified" >&2 - return 1 - fi - - if [ "${name:0:9}" != _ntp._udp ]; then - echo "DNS SRV name $name doesn't start with _ntp._udp" >&2 - return 1 - fi -} - -update_dnssrv_servers() { - local name=$1 - local srv_file=$helper_dir/dnssrv@$name servers - - check_dnssrv_name "$name" || return 1 - - servers=$(get_dnssrv_servers "$name") - [ -n "$servers" ] && echo "$servers" > "$srv_file" || rm -f "$srv_file" -} - -set_dnssrv_timer() { - local state=$1 name=$2 - local srv_file=$helper_dir/dnssrv@$name servers - local timer=$dnssrv_timer_prefix$(systemd-escape "$name").timer - - check_dnssrv_name "$name" || return 1 - - if [ "$state" = enable ]; then - systemctl enable "$timer" - systemctl start "$timer" - elif [ "$state" = disable ]; then - systemctl stop "$timer" - systemctl disable "$timer" - rm -f "$srv_file" - fi -} - -list_dnssrv_timers() { - systemctl --all --full -t timer list-units | grep "^$dnssrv_timer_prefix" | \ - sed "s|^$dnssrv_timer_prefix\(.*\)\.timer.*|\1|" | - while read -r name; do - systemd-escape --unescape "$name" - done -} - -prepare_helper_dir() { - mkdir -p $helper_dir - exec 100> $helper_dir/lock - if ! flock -w 20 100; then - echo "Failed to lock $helper_dir" >&2 - return 1 - fi -} - -is_source_line() { - local pattern="^[ \t]*(server|pool|peer|refclock)[ \t]+[^ \t]+" - [[ "$1" =~ $pattern ]] -} - -list_static_sources() { - while read line; do - is_source_line "$line" && echo "$line" || : - done < $chrony_conf -} - -set_static_sources() { - local new_config tmp_conf - - new_config=$( - sources=$( - while read line; do - is_source_line "$line" && echo "$line" - done) - - while read line; do - if ! is_source_line "$line"; then - echo "$line" - continue - fi - - tmp_sources=$( - local removed=0 - - echo "$sources" | while read line2; do - [ "$removed" -ne 0 -o "$line" != "$line2" ] && \ - echo "$line2" || removed=1 - done) - - [ "$sources" == "$tmp_sources" ] && continue - sources=$tmp_sources - echo "$line" - done < $chrony_conf - - echo "$sources" - ) - - tmp_conf=${chrony_conf}.tmp - - cp -a $chrony_conf $tmp_conf && - echo "$new_config" > $tmp_conf && - mv $tmp_conf $chrony_conf || return 1 - - systemctl try-restart $chrony_service -} - -print_help() { - echo "Usage: $0 COMMAND" - echo - echo "Commands:" - echo " update-daemon" - echo " update-dnssrv-servers NAME" - echo " enable-dnssrv NAME" - echo " disable-dnssrv NAME" - echo " list-dnssrv" - echo " list-static-sources" - echo " set-static-sources < sources.list" - echo " is-running" - echo " command CHRONYC-COMMAND" -} - -case "$1" in - update-daemon|add-dhclient-servers|remove-dhclient-servers) - is_update_needed || exit 0 - prepare_helper_dir && update_daemon - ;; - update-dnssrv-servers) - prepare_helper_dir && update_dnssrv_servers "$2" && update_daemon - ;; - enable-dnssrv) - set_dnssrv_timer enable "$2" - ;; - disable-dnssrv) - set_dnssrv_timer disable "$2" && prepare_helper_dir && update_daemon - ;; - list-dnssrv) - list_dnssrv_timers - ;; - list-static-sources) - list_static_sources - ;; - set-static-sources) - set_static_sources - ;; - is-running) - is_running - ;; - command|forced-command) - chrony_command "$2" - ;; - *) - print_help - exit 2 -esac - -exit $? diff --git a/chrony.spec b/chrony.spec index 757dc36..66a86d5 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,37 +1,45 @@ %global _hardened_build 1 -%global clknetsim_ver 3f5ef9 +%global clknetsim_ver 6ee99f50dec8 %bcond_without debug +%bcond_without nts + +%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x +%bcond_without seccomp +%endif Name: chrony -Version: 3.5 -Release: 1%{?dist} +Version: 4.8 +Release: 3%{?dist} Summary: An NTP client/server -License: GPLv2 -URL: https://chrony.tuxfamily.org -Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz -Source1: chrony.dhclient -Source2: chrony.helper -Source3: chrony-dnssrv@.service -Source4: chrony-dnssrv@.timer +License: GPL-2.0-only +URL: https://chrony-project.org +Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz +Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt +Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +Source3: chrony.dhclient +Source4: chrony.sysusers # simulator for test suite -Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz +Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} -# add NTP servers from DHCP when starting service -Patch2: chrony-service-helper.patch +# add distribution-specific bits to DHCP dispatcher +Patch1: chrony-nm-dispatcher-dhcp.patch +# let systemd create /var/lib/chrony and /var/log/chrony +Patch2: chrony-servicedirs.patch +# update seccomp filter for new glibc +Patch3: chrony-seccomp.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel -%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x -BuildRequires: libseccomp-devel -%endif -BuildRequires: gcc gcc-c++ bison systemd +BuildRequires: gcc gcc-c++ make bison systemd gnupg2 +%{?with_nts:BuildRequires: gnutls-devel gnutls-utils} +%{?with_seccomp:BuildRequires: libseccomp-devel} -Requires(pre): shadow-utils %{?systemd_requires} +%{?sysusers_requires_compat} -# install timedated implementation that can control chronyd service -Recommends: timedatex +# Needed by the leapseclist directive in default chrony.conf +Requires: tzdata # suggest drivers for hardware reference clocks Suggests: ntp-refclock @@ -48,20 +56,24 @@ service to other computers in the network. %endif %prep +%{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease} -a 10 -%{?gitpatch:%patch0 -p1} -%patch2 -p1 -b .service-helper +%{?gitpatch:%patch -P 0 -p1} +%patch -P 1 -p1 -b .nm-dispatcher-dhcp +%patch -P 2 -p1 -b .servicedirs +%patch -P 3 -p1 -b .seccomp %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') - 47ad7eccc410b981d2f2101cf5682616 examples/chrony-wait.service - e473a9fab7fe200cacce3dca8b66290b examples/chrony.conf.example2 - 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example + 5530d6e60f84b76c27495485d2510bac examples/chrony-wait.service + 3f2ddca6065c3e8f4565d7422739795a examples/chrony.conf.example2 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - 8748a663f0b1943ea491858f414a6b26 examples/chrony.nm-dispatcher - b23bcc3bd78e195ca2849459e459f3ed examples/chronyd.service + c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp + 4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline + 607c82f56639486f52c31105632909eb examples/chronyd.service + 5ddbb8a8055f587cb6b0b462ca73ea46 examples/chronyd-restricted.service EOF # don't allow packaging without vendor zone @@ -69,69 +81,79 @@ test -n "%{vendorzone}" # use example chrony.conf as the default config with some modifications: # - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) -# - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata -# - enable keyfile +# - enable leapseclist to get TAI-UTC offset and leap seconds +# - use NTP servers from DHCP sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ - -e 's|#\(leapsectz\)|\1|' \ - -e 's|#\(keyfile\)|\1|' \ + -e 's|#\(leapseclist\)|\1|' \ + -e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \ < examples/chrony.conf.example2 > chrony.conf touch -r examples/chrony.conf.example2 chrony.conf +# set selinux context in chronyd-restricted service +sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \ + examples/chronyd-restricted.service + # regenerate the file from getdate.y rm -f getdate.c -mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim +mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim %build %configure \ %{?with_debug: --enable-debug} \ --enable-ntp-signd \ - --enable-scfilter \ +%{?with_seccomp: --enable-scfilter} \ +%{!?with_nts: --disable-nts} \ + --chronyrundir=/run/chrony \ --docdir=%{_docdir} \ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ + --with-chronyc-user=chrony \ --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ + --with-pidfile=/run/chrony/chronyd.pid \ --with-sendmail=%{_sbindir}/sendmail -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT +%make_install rm -rf $RPM_BUILD_ROOT%{_docdir} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony -mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d mkdir -p $RPM_BUILD_ROOT%{_libexecdir} +mkdir -p $RPM_BUILD_ROOT%{_sysusersdir} +mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf -install -m 640 -p examples/chrony.keys.example \ - $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys -install -m 755 -p examples/chrony.nm-dispatcher \ - $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony -install -m 755 -p %{SOURCE1} \ +install -m 755 -p %{SOURCE3} \ $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh install -m 644 -p examples/chrony.logrotate \ $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony install -m 644 -p examples/chronyd.service \ $RPM_BUILD_ROOT%{_unitdir}/chronyd.service +install -m 644 -p examples/chronyd-restricted.service \ + $RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service +install -m 755 -p examples/chrony.nm-dispatcher.onoffline \ + $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline +install -m 755 -p examples/chrony.nm-dispatcher.dhcp \ + $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp install -m 644 -p examples/chrony-wait.service \ $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service -install -m 644 -p %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.service -install -m 644 -p %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/chrony-dnssrv@.timer - -install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper +install -m 644 -p %{SOURCE4} \ + $RPM_BUILD_ROOT%{_sysusersdir}/chrony.conf cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd < \ @@ -139,58 +161,261 @@ echo 'chronyd.service' > \ %check # set random seed to get deterministic results -export CLKNETSIM_RANDOM_SEED=24502 -make %{?_smp_mflags} -C test/simulation/clknetsim +export CLKNETSIM_RANDOM_SEED=24508 +%make_build -C test/simulation/clknetsim make quickcheck %pre -getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony -getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ - -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony -: +%sysusers_create_compat %{SOURCE4} %post -# fix PIDFile in local chronyd.service on upgrades from chrony < 3.3-2 -if grep -q 'PIDFile=%{_localstatedir}/run/chronyd.pid' \ - %{_sysconfdir}/systemd/system/chronyd.service 2> /dev/null && \ - ! grep -qi '^[ '$'\t'']*pidfile' %{_sysconfdir}/chrony.conf 2> /dev/null -then - sed -i '/PIDFile=/s|/run/|/run/chrony/|' \ - %{_sysconfdir}/systemd/system/chronyd.service +# migrate from chrony-helper to sourcedir directive +if test -a %{_libexecdir}/chrony-helper; then + grep -qi 'sourcedir /run/chrony-dhcp$' %{_sysconfdir}/chrony.conf 2> /dev/null || \ + echo -e '\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp' >> \ + %{_sysconfdir}/chrony.conf + mkdir -p /run/chrony-dhcp + for f in %{_localstatedir}/lib/dhclient/chrony.servers.*; do + sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources" + done 2> /dev/null fi -# workaround for late reload of unit file (#1614751) -%{_bindir}/systemctl daemon-reload -%systemd_post chronyd.service chrony-wait.service +%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service %preun -%systemd_preun chronyd.service chrony-wait.service +%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service %postun -%systemd_postun_with_restart chronyd.service +%systemd_postun_with_restart chronyd.service chronyd-restricted.service %files %{!?_licensedir:%global license %%doc} %license COPYING -%doc FAQ NEWS README +%doc FAQ NEWS README examples/chrony.keys.example %config(noreplace) %{_sysconfdir}/chrony.conf -%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys +%ghost %config %attr(640,root,chrony) %{_sysconfdir}/chrony.keys %config(noreplace) %{_sysconfdir}/logrotate.d/chrony %config(noreplace) %{_sysconfdir}/sysconfig/chronyd -%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony %{_sysconfdir}/dhcp/dhclient.d/chrony.sh %{_bindir}/chronyc %{_sbindir}/chronyd -%{_libexecdir}/chrony-helper +%{_prefix}/lib/NetworkManager %{_prefix}/lib/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service -%{_unitdir}/chrony*.timer +%{_sysusersdir}/chrony.conf %{_mandir}/man[158]/%{name}*.[158]* -%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony +%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc -%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony +%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog +* Tue Oct 21 2025 Miroslav Lichvar 4.8-3 +- update seccomp filter for new glibc (#2405310) + +* Mon Sep 08 2025 Miroslav Lichvar 4.8-2 +- drop root privileges in chronyc by default + +* Wed Aug 27 2025 Miroslav Lichvar 4.8-1 +- update to 4.8 + +* Thu Aug 14 2025 Miroslav Lichvar 4.8-0.1.pre1 +- update to 4.8-pre1 + +* Wed Jul 23 2025 Fedora Release Engineering - 4.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Thu Jul 10 2025 Miroslav Lichvar 4.7-2 +- let systemd create /var/lib/chrony and /var/log/chrony (#2372944) +- drop workaround for broken build on aarch64 +- drop old conflict with NetworkManager + +* Wed Jun 11 2025 Miroslav Lichvar 4.7-1 +- update to 4.7 + +* Thu May 22 2025 Miroslav Lichvar 4.7-0.2.pre1 +- add workaround for broken build on aarch64 + +* Wed May 21 2025 Miroslav Lichvar 4.7-0.1.pre1 +- update to 4.7-pre1 + +* Thu Jan 16 2025 Fedora Release Engineering - 4.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Tue Oct 08 2024 Miroslav Lichvar 4.6.1-1 +- update to 4.6.1 + +* Mon Sep 02 2024 Miroslav Lichvar 4.6-1 +- update to 4.6 + +* Tue Jul 30 2024 Miroslav Lichvar 4.6-0.1.pre1 +- update to 4.6-pre1 + +* Wed Jul 17 2024 Fedora Release Engineering - 4.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Tue Jan 23 2024 Fedora Release Engineering - 4.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Fri Jan 19 2024 Fedora Release Engineering - 4.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Dec 05 2023 Miroslav Lichvar 4.5-1 +- update to 4.5 + +* Wed Nov 22 2023 Miroslav Lichvar 4.5-0.1.pre1 +- update to 4.5-pre1 + +* Wed Aug 09 2023 Miroslav Lichvar 4.4-1 +- update to 4.4 +- require tzdata (#2218368) + +* Wed Jul 19 2023 Fedora Release Engineering - 4.4-0.4.pre2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Wed Jun 21 2023 Miroslav Lichvar 4.4-0.3.pre2 +- update to 4.4-pre2 +- set selinux context in chronyd-restricted service (#2169949) + +* Tue Jun 06 2023 Miroslav Lichvar 4.4-0.2.pre1 +- rebuild for AES-GCM-SIV in new nettle + +* Wed May 10 2023 Miroslav Lichvar 4.4-0.1.pre1 +- update to 4.4-pre1 +- switch from patchX to patch -P X + +* Wed Jan 25 2023 Miroslav Lichvar 4.3-3 +- drop default chrony.keys config (#2104918) +- add chronyd-restricted service for minimal NTP client configurations +- convert license tag to SPDX + +* Wed Jan 18 2023 Fedora Release Engineering - 4.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Wed Aug 31 2022 Miroslav Lichvar 4.3-1 +- update to 4.3 + +* Thu Aug 11 2022 Miroslav Lichvar 4.3-0.1.pre1 +- update to 4.3-pre1 + +* Wed Jul 20 2022 Fedora Release Engineering - 4.2-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue May 24 2022 Luca BRUNO - 4.2-6 +- Add a sysusers.d fragment for chrony user/group + +* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 4.2-5 +- Drop obsolete workaround in scriptlet + +* Wed Feb 09 2022 Miroslav Lichvar 4.2-4 +- update seccomp filter for latest glibc + +* Tue Feb 08 2022 Miroslav Lichvar 4.2-3 +- use NTP servers passed by NetworkManager from DHCPv6 NTP server option + +* Wed Jan 19 2022 Fedora Release Engineering - 4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Dec 16 2021 Miroslav Lichvar 4.2-1 +- update to 4.2 + +* Thu Dec 02 2021 Miroslav Lichvar 4.2-0.1.pre1 +- update to 4.2-pre1 + +* Tue Nov 16 2021 Miroslav Lichvar 4.1-5 +- fix hardened chronyd service to allow writing log files + +* Wed Sep 29 2021 Miroslav Lichvar 4.1-4 +- harden chronyd and chrony-wait services + +* Mon Aug 09 2021 Miroslav Lichvar 4.1-3 +- update seccomp filter for new glibc +- remove unnecessary build requirement + +* Wed Jul 21 2021 Fedora Release Engineering - 4.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Thu May 13 2021 Miroslav Lichvar 4.1-1 +- update to 4.1 +- enable seccomp filter by default (incompatible with mailonchange directive) + +* Thu Apr 22 2021 Miroslav Lichvar 4.1-0.1.pre1 +- update to 4.1-pre1 +- rework NM-dispatcher/dhclient detection +- enable LTO on s390x + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 4.0-4 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Tue Feb 02 2021 Miroslav Lichvar 4.0-3 +- update NM DHCP dispatcher script + +* Tue Jan 26 2021 Fedora Release Engineering - 4.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild +- Add BuildRequires: make +- drop dnssrv service and timer + +* Wed Oct 07 2020 Miroslav Lichvar 4.0-1 +- update to 4.0 +- update directory permissions to follow upstream + +* Wed Sep 16 2020 Miroslav Lichvar 4.0-0.9.pre4 +- update to 4.0-pre4 + +* Wed Aug 26 2020 Miroslav Lichvar 4.0-0.8.pre3 +- update to 4.0-pre3 +- switch to sourcedir directive for loading servers from DHCP +- add NetworkManager dispatcher script to save servers from DHCP when + dhclient is not installed (Robert Fairley) +- drop old migration code from scriptlet +- move default paths in /var/run to /run + +* Mon Aug 10 2020 Jeff Law - 4.0-0.7.pre2 +- Disable LTO on s390x + +* Sat Aug 01 2020 Fedora Release Engineering - 4.0-0.6.pre2 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 4.0-0.5.pre2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 13 2020 Tom Stellard 4.0-0.4.pre2 +- use make macros + +* Mon May 04 2020 Miroslav Lichvar 4.0-0.3.pre2 +- rebuild for new nettle + +* Mon Apr 20 2020 Miroslav Lichvar 4.0-0.2.pre2 +- update to 4.0-pre2 + +* Tue Mar 17 2020 Miroslav Lichvar 4.0-0.1.pre1 +- update to 4.0-pre1 +- add net-tools to build requirements for testing +- add missing dependency on coreutils + +* Tue Jan 28 2020 Fedora Release Engineering - 3.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Jan 20 2020 Miroslav Lichvar 3.5-7 +- fix testing with new glibc (#1792854) + +* Wed Oct 09 2019 Miroslav Lichvar 3.5-6 +- drop timedatex recommendation +- verify upstream signatures + +* Thu Aug 22 2019 Lubomir Rintel - 3.5-5 +- Move the NetworkManager dispatcher script out of /etc + +* Wed Jul 24 2019 Fedora Release Engineering - 3.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jul 16 2019 Miroslav Lichvar 3.5-3 +- rebuild for new nettle + +* Thu May 23 2019 Miroslav Lichvar 3.5-2 +- fix shellcheck warnings in helper scripts + * Tue May 14 2019 Miroslav Lichvar 3.5-1 - update to 3.5 diff --git a/chrony.sysusers b/chrony.sysusers new file mode 100644 index 0000000..b02f5fe --- /dev/null +++ b/chrony.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory Shell +u chrony - "chrony system user" /var/lib/chrony /sbin/nologin diff --git a/ci.fmf b/ci.fmf new file mode 100644 index 0000000..c5aa0e0 --- /dev/null +++ b/ci.fmf @@ -0,0 +1 @@ +resultsdb-testcase: separate diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..1b16508 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,25 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + +#Rawhide +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} + +#gating rhel +--- !Policy +product_versions: + - rhel-* +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional} + - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} \ No newline at end of file diff --git a/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc b/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc new file mode 100644 index 0000000..604babe --- /dev/null +++ b/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc @@ -0,0 +1,54 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGCc9dwBEADLydyZIqgarshQeCtIlWAgP3coy0mdJwxet1CvXwF1xpq18Qi1 +Tt9RZL64SkbQ8sKryBqnPjKZdOfVT5FwUucjp9L+/j7Bhk0tqv30EIQ57rnDLJ9T +c4LG1leO+Tc5Ym/0tvv4uMjkxr4KAKHPYrweHk6EAw06bbJ02mfy9xhlITSfyyFl +QRoRTEjy8N2IDutA4QzbZm0T5kvI7k7s/ILG5vyNo53X5PI/rWrSqmPZ5qs0lvDv +tA+rxOJp+FvlvOyBuv3ftIX0kAwRU+x/ET2Yd9qQWnXRx9d9D2UpFXm9DHfCDJYR +F56D0O3hf+rrCa/uSutIqmR33j5Wz4bYjWdmg4wbRQaoVxJl5AUrWuYEFwcCuY2B +FFgttLPb0qHpeBwuWaWJ9U6HM7qY3WEI2C/OWM0XFM8ERezedNEf7O2GTsoVVcm+ +LRg31R3eJzipKMAGZWScSDSRAXhh6oZhflMRjYKGvwRfgeos/Sl2bdYL80hqyjGV +jMhEYDC9sfLXRyLU+9FexruIzSLR8Vornma3zjzu9pRkbfTHb8FfBMt9MZEWraF2 +7riRq/zJE9QPWnBL/C8rdaXXxflBmGctn7RDKGOvxZ7SxPzzHbl5tV/Fizhkeph/ +v8YLVuCOk0pIpX65mFun3Xw5IF01x1GMzU1xYezExti9yBNiv9HVqf1DWwARAQAB +tCZNaXJvc2xhdiBMaWNodmFyIDxtbGljaHZhckByZWRoYXQuY29tPokCVAQTAQgA +PhYhBI83XH6NDuElo9O9UVN+K3b3aA2sBQJgnPXcAhsDBQkSzAMABQsJCAcCBhUK +CQgLAgQWAgMBAh4BAheAAAoJEFN+K3b3aA2sl8IQAJ9AMppV6cdxzt8g2Ypz0hw1 +6+9T5DjbYE/s0lozFQhCoYfo+SZyc3+yyKzlxI3ryHwFk9NjXGZZ8QjzT7FLj7/s +nKDjv5hUCOAi9Q+k217xwlBueeMyheeVaGGGa+Hv5CF1fZx/MtxiShUqu8oSqUyP +nW8lPGz73MfGAPT7kijVnz73pbht0vrZ9I+r8dnQGiweGBohexfCvmncrTyhjM8r +nvecycYBNnXhupzpmSMZgIA1s2v7oVmTnV0bntxE/gr7+SPk7KozhD12K8OU8deJ +cDD8F7NKa9Oe5NtuGVN4IPqp5cgj7GAyIj0sYss9Jknu4jX0imR5kwH6GbgFa7c/ +kU+fKTz57Rs1OGr3glYpMnNftXSWbC2V/OJxHVEcMk8HwKLgnQjtmKLVGeCo5iS6 +LFQuWaxpfjvxVjGSpnNu19cHVUhDM9cTP1DhUd4LdnltHQ+/xjwgzTgE4GJ1ZB0W +vhvxcdb69Sf50bGd4/WuURRoYSE7M6UKRwfXmMpyTiNhZz+3XjAoScA9AS7q9xfS +y3OddQEle/+qNFdABB12WmCgRhWemHzTZDXydIJuw+ucLO7U5RrDdqdaHkRVXJ9G +4mdk+3FgUlYgB9GY4pHQdqGdE60838R2zY9x0gK8cHU+FaRPAiTU8SJL0wb/Rko7 +qbZUY/6bgrDoXp4otAP2iF0EExECAB0WIQSLH0qa2nPUAeMIWgtf8G8puh4BOwUC +YJ0C3AAKCRBf8G8puh4BO9k2AJ4ohgz/p49IBfjf22sEL1FvYM/DhwCfTyCkbogO +uagIg5qwuEGwHMgn19G5Ag0EYJz13AEQAMrLXgl5u6vAakSF9n+xCP2WOiMHzzrR +OxHnWzsX6PTXpJt14LSZOZ5wjdyR3gLJWGLdkfHoxHpQYp7PLgNS29SuAc4HQ+Br +O5F4g9EmwDJ0ueUYxU1FcySRXfXR+gLabpQCc2s9bW6RaMwLuQNxZwkfXClkPQms +ImTFA0KntWpHc+uEr1J2i6LQS7D/BK6m72l9x8z9k9gqAabXw+xHsis+ffPMG5Jm +HOqeHYtsq+2JW1VvBnA4Qh3DKH9OQaD9hZbEiUC3nMmlLkPF/r29tWTPa7luBHBn +X556JTXVm+vDUDwZ2srLfaKyQCxbNLwvQ2Pn5SOyyCnuIWR2xZs/+KPDMhtKUBAV +HcboVu6iPCTU42CVMPaJvYD2iUEncZNeUGJOSuG240LSLNGEFFsD7YgXb1XHjQD5 +ci3Ki7P/hHi3AG53IsQTiaE5VgBdDje3zYCf5WaZ6c3DQQB9lab2RMz+5Fdr7Z6Y +mFRUbmxSnsMe0mwwcqVe3ofV0fKvE7Ep0T8bBg53dCqyU8hIbD5wUe99JmhMFnzs +5elwkv/Hb3Eg92dgu1zWb5kMzuvGEHtCIukIy1B+pzQOfT+iOC+lbmRHhPslJ9S0 +1vENJE+nEEsGxPy9pRHrmWSKI4Zh+ysjb/vW/vOwAd1RsvxTfgBeOOawmlz+n0pJ +T018ZnUgmc35ABEBAAGJAjwEGAEIACYWIQSPN1x+jQ7hJaPTvVFTfit292gNrAUC +YJz13AIbDAUJEswDAAAKCRBTfit292gNrPuRD/43kM0P71gxfJQj6PBpPtjIVVfm +4TIPWKmV+F4/9eCwAPC/o44Yw+nxGr77Rk2DsaSn0V51j2egRCXKuZBZx/v6JXP7 +qpDk3Uecml7IfxTd+N+gkI3viUsrt4ykUgyUH/wy/edMG3h9qhBQP0RxiDge18P6 +YUpQSnq3uP72ycTPLBJlqp/Y9+GXUapvcyDqBFnvs96ieDmSbjSf6tris1cuLv6f +eld4HNUY/LmI5MlYbywbgWGpSOyKUlTtyF33LqPnWd7UuTN7QNsYyjGnlJbkkGi/ +KwuNbIo5Gs4avaUSTc7SBLdCYneEIt7mt7hg0StKHQC6s/ak/w8yl1yFy5gRusO4 +QCFT2ZMQ6jZUAuaQGx0rhWQr9akNNJEDsHTBQR8pxpFp3LcDXcUXSSeySRSFZLt+ +hExvDQxXuhdbZHYGL1E6g5gtJQKnobNu2jMOziBcDivhAsqNw2Poq6fJVLavjBI5 +BI1xAqmymIExJFSlHdLuZq09cVzY3EOj3x23YTzPKNOI/qu4jTUT4Byi8Oy3PN1B +B0n5SqORWJ0KfAyVEewshSAqJ7zrZ5sJXWnKeVQqBOg5EwkOB8rz/M3mqgrnBRiq +hLiiiG5tKETA1YIQGXIbP8t1vqoQrpvYaJfkk3kQlktxfFkDRt8dKIxpFk8uPiNb +bcAu2uXfRrQxpaqcOg== +=/wbD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/plans.fmf b/plans.fmf new file mode 100644 index 0000000..c28aa6f --- /dev/null +++ b/plans.fmf @@ -0,0 +1,47 @@ +/tier1-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/tier1/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier1-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/tier1/public + +/tier2-tier3-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/tier2-tier3/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/tier2-tier3-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/tier2-tier3/public + +/others-internal: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/others/internal + adjust: + enabled: false + when: distro == centos-stream, fedora + because: They don't have access to internal repos. + +/others-public: + plan: + import: + url: https://gitlab.com/redhat/centos-stream/tests/chrony.git + name: /plans/others/public diff --git a/sources b/sources index cf7fa3f..35a8415 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (chrony-3.5.tar.gz) = c4f6376a44d71b6ac2b6d86e3d6fb4348642faeef7f3f3a4d6431627b5645efcc868b005cc398c8292bc3b63a1161fbd1a042c6ac2a0595843f908fe32eed90c -SHA512 (clknetsim-3f5ef9.tar.gz) = 01eea027ec8289d1053236fcc9ee09a8411e5f68cb3279077e50d330169a1ba1284798a50786dbd94382444aeaa652e276b94668c7adf5be66e910f937a9e55d +SHA512 (chrony-4.8-tar-gz-asc.txt) = df7f4e06f74a4b8c9a49e8fe57ea02e0324c5683d036412c32192a09f08e08f33537609cef8df0b4302bfcd63332b3092f33f40c8d02857c93ecea13822b5b47 +SHA512 (chrony-4.8.tar.gz) = 949b796bb34db32a5c1b9e6b53be6a22e51c59f24a316d585b8a52a52ab1f61bdf0378dc58b282bb0ba4fac1f05e1e99fbe37cb4259aa2b359e7bf679c176aab +SHA512 (clknetsim-6ee99f50dec8.tar.gz) = 2621d1c44b84b42fcdf644f236ff90dab9f8a8407a138c8719c53dd9c4f21480db3b4ba598116aa1b9d6bd1fa02fc410d85a43baf55ddf8ad47fc09aba4c4477