diff --git a/.fmf/version b/.fmf/version deleted file mode 100644 index d00491f..0000000 --- a/.fmf/version +++ /dev/null @@ -1 +0,0 @@ -1 diff --git a/.gitignore b/.gitignore index 4d608e1..76dba0d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -/chrony-4.8-tar-gz-asc.txt -/chrony-4.8.tar.gz -/clknetsim-6ee99f50dec8.tar.gz +/chrony-4.1.tar.gz +/chrony-4.1-tar-gz-asc.txt +/clknetsim-f89702.tar.gz diff --git a/chrony-nm-dispatcher-dhcp.patch b/chrony-nm-dispatcher-dhcp.patch index dd9fc2a..23087d6 100644 --- a/chrony-nm-dispatcher-dhcp.patch +++ b/chrony-nm-dispatcher-dhcp.patch @@ -11,29 +11,33 @@ diff --git a/examples/chrony.nm-dispatcher.dhcp b/examples/chrony.nm-dispatcher. index 6ea4c37..a6ad35a 100644 --- a/examples/chrony.nm-dispatcher.dhcp +++ b/examples/chrony.nm-dispatcher.dhcp -@@ -8,15 +8,23 @@ export LC_ALL=C - interface=$1 - action=$2 +@@ -6,16 +6,24 @@ + + chronyc=/usr/bin/chronyc + default_server_options=iburst +-server_dir=/var/run/chrony-dhcp ++server_dir=/run/chrony-dhcp + + dhcp_server_file=$server_dir/$interface.sources + # DHCP4_NTP_SERVERS is passed from DHCP options by NetworkManager. + nm_dhcp_servers=$DHCP4_NTP_SERVERS +[ -f /etc/sysconfig/network ] && . /etc/sysconfig/network +[ -f /etc/sysconfig/network-scripts/ifcfg-"${interface}" ] && \ + . /etc/sysconfig/network-scripts/ifcfg-"${interface}" + - chronyc=/usr/bin/chronyc --server_options=iburst --server_dir=/var/run/chrony-dhcp -+server_options=${NTPSERVERARGS:-iburst} -+server_dir=/run/chrony-dhcp - - dhcp_server_file=$server_dir/$interface.sources - dhcp_ntp_servers="$DHCP4_NTP_SERVERS $DHCP6_DHCP6_NTP_SERVERS" - add_servers_from_dhcp() { rm -f "$dhcp_server_file" + + # Don't add NTP servers if PEERNTP=no specified; return early. + [ "$PEERNTP" = "no" ] && return + - for server in $dhcp_ntp_servers; do - # Check for invalid characters (from the DHCPv6 NTP FQDN suboption) - len1=$(printf '%s' "$server" | wc -c) + for server in $nm_dhcp_servers; do +- echo "server $server $default_server_options" >> "$dhcp_server_file" ++ echo "server $server ${NTPSERVERARGS:-$default_server_options}" >> "$dhcp_server_file" + done + $chronyc reload sources > /dev/null 2>&1 || : + } +-- +2.29.2 + diff --git a/chrony-seccomp.patch b/chrony-seccomp.patch deleted file mode 100644 index c8f79ae..0000000 --- a/chrony-seccomp.patch +++ /dev/null @@ -1,194 +0,0 @@ -commit 03875f1ea5c4c0eeeb30a7d1fc5fdd53236f4ac2 -Author: Miroslav Lichvar -Date: Tue Oct 21 14:06:38 2025 +0200 - - sys_linux: allow ioctl(TCGETS2) in seccomp filter - - Add TCGETS2 to the list of allowed ioctls. It seems to be called by the - latest glibc version from isatty(), which is called from libpcsclite - used by gnutls in an NTS-KE session. - - Include the linux termios header instead of glibc header to get a usable - definition of TCGETS2. - -diff --git a/sys_linux.c b/sys_linux.c -index ca5540f2..e20e459d 100644 ---- a/sys_linux.c -+++ b/sys_linux.c -@@ -48,7 +48,7 @@ - #ifdef FEAT_SCFILTER - #include - #include --#include -+#include - #ifdef FEAT_PPS - #include - #endif -@@ -615,7 +615,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) - const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL }; - - const static unsigned long ioctls[] = { -- FIONREAD, TCGETS, TIOCGWINSZ, -+ FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ, - #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING) - PTP_EXTTS_REQUEST, PTP_SYS_OFFSET, - #ifdef PTP_PIN_SETFUNC -commit 3c39afa13c769452d4c340bfc987e229b7c9caeb -Author: Miroslav Lichvar -Date: Wed Oct 22 10:53:11 2025 +0200 - - sys_linux: fix building with older compilers and some archs - - The recent replacement of with to get - TCGETS2 seems to work only with compilers (or C standards) that allow - the same structure to be defined multiple times. There is a conflict - between and . - - Another problem is that TCGETS2 is not used on some archs like ppc64. - - Switch back to and move TCGETS2 to a list in a separate - file where it can be compiled without . - - Fixes: 03875f1ea5c4 ("sys_linux: allow ioctl(TCGETS2) in seccomp filter") - -diff --git a/configure b/configure -index 195b1ed7..ca64475d 100755 ---- a/configure -+++ b/configure -@@ -808,6 +808,7 @@ then - # a time and the async resolver would block the main thread - priv_ops="NAME2IPADDRESS RELOADDNS" - EXTRA_LIBS="$EXTRA_LIBS -lseccomp" -+ EXTRA_OBJECTS="$EXTRA_OBJECTS sys_linux_scmp.o" - fi - - if [ "x$priv_ops" != "x" ]; then -diff --git a/sys_linux.c b/sys_linux.c -index e20e459d..89eec950 100644 ---- a/sys_linux.c -+++ b/sys_linux.c -@@ -48,7 +48,7 @@ - #ifdef FEAT_SCFILTER - #include - #include --#include -+#include - #ifdef FEAT_PPS - #include - #endif -@@ -63,6 +63,7 @@ - #endif - - #include "sys_linux.h" -+#include "sys_linux_scmp.h" - #include "sys_timex.h" - #include "conf.h" - #include "local.h" -@@ -615,7 +616,7 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) - const static int fcntls[] = { F_GETFD, F_SETFD, F_GETFL, F_SETFL }; - - const static unsigned long ioctls[] = { -- FIONREAD, TCGETS, TCGETS2, TIOCGWINSZ, -+ FIONREAD, TCGETS, TIOCGWINSZ, - #if defined(FEAT_PHC) || defined(HAVE_LINUX_TIMESTAMPING) - PTP_EXTTS_REQUEST, PTP_SYS_OFFSET, - #ifdef PTP_PIN_SETFUNC -@@ -728,6 +729,14 @@ SYS_Linux_EnableSystemCallFilter(int level, SYS_ProcessContext context) - SCMP_A1(SCMP_CMP_EQ, ioctls[i])) < 0) - goto add_failed; - } -+ -+ /* Allow selected ioctls that need to be specified in a separate -+ file to avoid conflicting headers (e.g. TCGETS2) */ -+ for (i = 0; SYS_Linux_GetExtraScmpIoctl(i) != 0; i++) { -+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ioctl), 1, -+ SCMP_A1(SCMP_CMP_EQ, SYS_Linux_GetExtraScmpIoctl(i))) < 0) -+ goto add_failed; -+ } - } - - if (seccomp_load(ctx) < 0) -diff --git a/sys_linux_scmp.c b/sys_linux_scmp.c -new file mode 100644 -index 00000000..a907a97d ---- /dev/null -+++ b/sys_linux_scmp.c -@@ -0,0 +1,44 @@ -+/* -+ chronyd/chronyc - Programs for keeping computer clocks accurate. -+ -+ ********************************************************************** -+ * Copyright (C) Miroslav Lichvar 2025 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of version 2 of the GNU General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This program is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License along -+ * with this program; if not, write to the Free Software Foundation, Inc., -+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -+ * -+ ********************************************************************** -+ -+ ======================================================================= -+ -+ Lists of values that are needed in seccomp filters but need to -+ be compiled separately from sys_linux.c due to conflicting headers. -+ */ -+ -+#include -+ -+#include "sys_linux_scmp.h" -+ -+unsigned long -+SYS_Linux_GetExtraScmpIoctl(int index) -+{ -+ const unsigned long ioctls[] = { -+#ifdef TCGETS2 -+ /* Conflict between and */ -+ TCGETS2, -+#endif -+ 0 -+ }; -+ -+ return ioctls[index]; -+} -diff --git a/sys_linux_scmp.h b/sys_linux_scmp.h -new file mode 100644 -index 00000000..62a9d548 ---- /dev/null -+++ b/sys_linux_scmp.h -@@ -0,0 +1,28 @@ -+/* -+ chronyd/chronyc - Programs for keeping computer clocks accurate. -+ -+ ********************************************************************** -+ * Copyright (C) Miroslav Lichvar 2025 -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of version 2 of the GNU General Public License as -+ * published by the Free Software Foundation. -+ * -+ * This program is distributed in the hope that it will be useful, but -+ * WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License along -+ * with this program; if not, write to the Free Software Foundation, Inc., -+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -+ * -+ ********************************************************************** -+ -+ ======================================================================= -+ -+ Header file for lists that are needed in seccomp filters but need to -+ be compiled separately from sys_linux.c due to conflicting headers. -+ */ -+ -+extern unsigned long SYS_Linux_GetExtraScmpIoctl(int index); diff --git a/chrony-servicedirs.patch b/chrony-servicedirs.patch deleted file mode 100644 index e806dc9..0000000 --- a/chrony-servicedirs.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up chrony-4.7/examples/chronyd.service.servicedirs chrony-4.7/examples/chronyd.service ---- chrony-4.7/examples/chronyd.service.servicedirs 2025-06-11 15:06:19.000000000 +0200 -+++ chrony-4.7/examples/chronyd.service 2025-07-10 12:06:57.354215498 +0200 -@@ -10,7 +10,13 @@ Type=notify - PIDFile=/run/chrony/chronyd.pid - Environment="OPTIONS=" - EnvironmentFile=-/etc/sysconfig/chronyd --ExecStart=/usr/sbin/chronyd -n $OPTIONS -+ExecStart=!/usr/sbin/chronyd -n $OPTIONS -+ -+User=chrony -+LogsDirectory=chrony -+LogsDirectoryMode=0750 -+StateDirectory=chrony -+StateDirectoryMode=0750 - - CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE - CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_KILL CAP_LEASE CAP_LINUX_IMMUTABLE diff --git a/chrony.spec b/chrony.spec index 66a86d5..174cd8d 100644 --- a/chrony.spec +++ b/chrony.spec @@ -1,45 +1,39 @@ %global _hardened_build 1 -%global clknetsim_ver 6ee99f50dec8 +%global clknetsim_ver f89702 %bcond_without debug %bcond_without nts -%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x -%bcond_without seccomp -%endif - Name: chrony -Version: 4.8 -Release: 3%{?dist} +Version: 4.1 +Release: 1%{?dist} Summary: An NTP client/server -License: GPL-2.0-only -URL: https://chrony-project.org -Source0: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}.tar.gz -Source1: https://chrony-project.org/releases/chrony-%{version}%{?prerelease}-tar-gz-asc.txt -Source2: https://chrony-project.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc +License: GPLv2 +URL: https://chrony.tuxfamily.org +Source0: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz +Source1: https://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}-tar-gz-asc.txt +Source2: https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc Source3: chrony.dhclient -Source4: chrony.sysusers # simulator for test suite -Source10: https://gitlab.com/chrony/clknetsim/-/archive/master/clknetsim-%{clknetsim_ver}.tar.gz +Source10: https://github.com/mlichvar/clknetsim/archive/%{clknetsim_ver}/clknetsim-%{clknetsim_ver}.tar.gz %{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz} -# add distribution-specific bits to DHCP dispatcher +# add Fedora/RHEL-specific bits to DHCP dispatcher, including +# deferring to dhclient if installled, and using /etc/sysconfig Patch1: chrony-nm-dispatcher-dhcp.patch -# let systemd create /var/lib/chrony and /var/log/chrony -Patch2: chrony-servicedirs.patch -# update seccomp filter for new glibc -Patch3: chrony-seccomp.patch BuildRequires: libcap-devel libedit-devel nettle-devel pps-tools-devel -BuildRequires: gcc gcc-c++ make bison systemd gnupg2 +%ifarch %{ix86} x86_64 %{arm} aarch64 mipsel mips64el ppc64 ppc64le s390 s390x +BuildRequires: libseccomp-devel +%endif +BuildRequires: gcc gcc-c++ make bison systemd gnupg2 net-tools %{?with_nts:BuildRequires: gnutls-devel gnutls-utils} -%{?with_seccomp:BuildRequires: libseccomp-devel} +Requires(pre): shadow-utils %{?systemd_requires} -%{?sysusers_requires_compat} -# Needed by the leapseclist directive in default chrony.conf -Requires: tzdata +# Old NetworkManager expects the dispatcher scripts in a different place +Conflicts: NetworkManager < 1.20 # suggest drivers for hardware reference clocks Suggests: ntp-refclock @@ -58,22 +52,20 @@ service to other computers in the network. %prep %{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease} -a 10 -%{?gitpatch:%patch -P 0 -p1} -%patch -P 1 -p1 -b .nm-dispatcher-dhcp -%patch -P 2 -p1 -b .servicedirs -%patch -P 3 -p1 -b .seccomp +%{?gitpatch:%patch0 -p1} +%patch1 -p1 -b .nm-dispatcher-dhcp %{?gitpatch: echo %{version}-%{gitpatch} > version.txt} # review changes in packaged configuration files and scripts md5sum -c <<-EOF | (! grep -v 'OK$') - 5530d6e60f84b76c27495485d2510bac examples/chrony-wait.service - 3f2ddca6065c3e8f4565d7422739795a examples/chrony.conf.example2 + bc563c1bcf67b2da774bd8c2aef55a06 examples/chrony-wait.service + 2d01b94bc1a7b7fb70cbee831488d121 examples/chrony.conf.example2 + 96999221eeef476bd49fe97b97503126 examples/chrony.keys.example 6a3178c4670de7de393d9365e2793740 examples/chrony.logrotate - c3992e2f985550739cd1cd95f98c9548 examples/chrony.nm-dispatcher.dhcp - 4e85d36595727318535af3387411070c examples/chrony.nm-dispatcher.onoffline - 607c82f56639486f52c31105632909eb examples/chronyd.service - 5ddbb8a8055f587cb6b0b462ca73ea46 examples/chronyd-restricted.service + a7054c9352c07384bd7ea0477e6e8a8c examples/chrony.nm-dispatcher.dhcp + 8f5a98fcb400a482d355b929d04b5518 examples/chrony.nm-dispatcher.onoffline + 32c34c995c59fd1c3ad1616d063ae4a0 examples/chronyd.service EOF # don't allow packaging without vendor zone @@ -81,34 +73,31 @@ test -n "%{vendorzone}" # use example chrony.conf as the default config with some modifications: # - use our vendor zone (2.*pool.ntp.org names include IPv6 addresses) -# - enable leapseclist to get TAI-UTC offset and leap seconds +# - enable leapsectz to get TAI-UTC offset and leap seconds from tzdata +# - enable keyfile # - use NTP servers from DHCP sed -e 's|^\(pool \)\(pool.ntp.org\)|\12.%{vendorzone}\2|' \ - -e 's|#\(leapseclist\)|\1|' \ + -e 's|#\(leapsectz\)|\1|' \ + -e 's|#\(keyfile\)|\1|' \ -e 's|^pool.*pool.ntp.org.*|&\n\n# Use NTP servers from DHCP.\nsourcedir /run/chrony-dhcp|' \ < examples/chrony.conf.example2 > chrony.conf touch -r examples/chrony.conf.example2 chrony.conf -# set selinux context in chronyd-restricted service -sed -i '/^ExecStart/a SELinuxContext=system_u:system_r:chronyd_restricted_t:s0' \ - examples/chronyd-restricted.service - # regenerate the file from getdate.y rm -f getdate.c -mv clknetsim-*-%{clknetsim_ver}* test/simulation/clknetsim +mv clknetsim-%{clknetsim_ver}* test/simulation/clknetsim %build %configure \ %{?with_debug: --enable-debug} \ --enable-ntp-signd \ -%{?with_seccomp: --enable-scfilter} \ + --enable-scfilter \ %{!?with_nts: --disable-nts} \ --chronyrundir=/run/chrony \ --docdir=%{_docdir} \ --with-ntp-era=$(date -d '1970-01-01 00:00:00+00:00' +'%s') \ - --with-chronyc-user=chrony \ --with-user=chrony \ --with-hwclockfile=%{_sysconfdir}/adjtime \ --with-pidfile=/run/chrony/chronyd.pid \ @@ -124,12 +113,13 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d} mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d mkdir -p $RPM_BUILD_ROOT%{_libexecdir} -mkdir -p $RPM_BUILD_ROOT%{_sysusersdir} mkdir -p $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d} install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf +install -m 640 -p examples/chrony.keys.example \ + $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys install -m 755 -p %{SOURCE3} \ $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh install -m 644 -p examples/chrony.logrotate \ @@ -137,23 +127,18 @@ install -m 644 -p examples/chrony.logrotate \ install -m 644 -p examples/chronyd.service \ $RPM_BUILD_ROOT%{_unitdir}/chronyd.service -install -m 644 -p examples/chronyd-restricted.service \ - $RPM_BUILD_ROOT%{_unitdir}/chronyd-restricted.service install -m 755 -p examples/chrony.nm-dispatcher.onoffline \ $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-onoffline install -m 755 -p examples/chrony.nm-dispatcher.dhcp \ $RPM_BUILD_ROOT%{_prefix}/lib/NetworkManager/dispatcher.d/20-chrony-dhcp install -m 644 -p examples/chrony-wait.service \ $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service -install -m 644 -p %{SOURCE4} \ - $RPM_BUILD_ROOT%{_sysusersdir}/chrony.conf cat > $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/chronyd < \ @@ -161,14 +146,19 @@ echo 'chronyd.service' > \ %check # set random seed to get deterministic results -export CLKNETSIM_RANDOM_SEED=24508 +export CLKNETSIM_RANDOM_SEED=24505 %make_build -C test/simulation/clknetsim make quickcheck %pre -%sysusers_create_compat %{SOURCE4} +getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony +getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \ + -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony +: %post +# workaround for late reload of unit file (#1614751) +%{_bindir}/systemctl daemon-reload # migrate from chrony-helper to sourcedir directive if test -a %{_libexecdir}/chrony-helper; then grep -qi 'sourcedir /run/chrony-dhcp$' %{_sysconfdir}/chrony.conf 2> /dev/null || \ @@ -179,20 +169,20 @@ if test -a %{_libexecdir}/chrony-helper; then sed 's|.*|server &|' < $f > /run/chrony-dhcp/"${f##*servers.}.sources" done 2> /dev/null fi -%systemd_post chronyd.service chronyd-restricted.service chrony-wait.service +%systemd_post chronyd.service chrony-wait.service %preun -%systemd_preun chronyd.service chronyd-restricted.service chrony-wait.service +%systemd_preun chronyd.service chrony-wait.service %postun -%systemd_postun_with_restart chronyd.service chronyd-restricted.service +%systemd_postun_with_restart chronyd.service %files %{!?_licensedir:%global license %%doc} %license COPYING -%doc FAQ NEWS README examples/chrony.keys.example +%doc FAQ NEWS README %config(noreplace) %{_sysconfdir}/chrony.conf -%ghost %config %attr(640,root,chrony) %{_sysconfdir}/chrony.keys +%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys %config(noreplace) %{_sysconfdir}/logrotate.d/chrony %config(noreplace) %{_sysconfdir}/sysconfig/chronyd %{_sysconfdir}/dhcp/dhclient.d/chrony.sh @@ -201,142 +191,15 @@ fi %{_prefix}/lib/NetworkManager %{_prefix}/lib/systemd/ntp-units.d/*.list %{_unitdir}/chrony*.service -%{_sysusersdir}/chrony.conf %{_mandir}/man[158]/%{name}*.[158]* -%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony +%dir %attr(750,chrony,chrony) %{_localstatedir}/lib/chrony %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift %ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc -%ghost %dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony +%dir %attr(750,chrony,chrony) %{_localstatedir}/log/chrony %changelog -* Tue Oct 21 2025 Miroslav Lichvar 4.8-3 -- update seccomp filter for new glibc (#2405310) - -* Mon Sep 08 2025 Miroslav Lichvar 4.8-2 -- drop root privileges in chronyc by default - -* Wed Aug 27 2025 Miroslav Lichvar 4.8-1 -- update to 4.8 - -* Thu Aug 14 2025 Miroslav Lichvar 4.8-0.1.pre1 -- update to 4.8-pre1 - -* Wed Jul 23 2025 Fedora Release Engineering - 4.7-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild - -* Thu Jul 10 2025 Miroslav Lichvar 4.7-2 -- let systemd create /var/lib/chrony and /var/log/chrony (#2372944) -- drop workaround for broken build on aarch64 -- drop old conflict with NetworkManager - -* Wed Jun 11 2025 Miroslav Lichvar 4.7-1 -- update to 4.7 - -* Thu May 22 2025 Miroslav Lichvar 4.7-0.2.pre1 -- add workaround for broken build on aarch64 - -* Wed May 21 2025 Miroslav Lichvar 4.7-0.1.pre1 -- update to 4.7-pre1 - -* Thu Jan 16 2025 Fedora Release Engineering - 4.6.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild - -* Tue Oct 08 2024 Miroslav Lichvar 4.6.1-1 -- update to 4.6.1 - -* Mon Sep 02 2024 Miroslav Lichvar 4.6-1 -- update to 4.6 - -* Tue Jul 30 2024 Miroslav Lichvar 4.6-0.1.pre1 -- update to 4.6-pre1 - -* Wed Jul 17 2024 Fedora Release Engineering - 4.5-4 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild - -* Tue Jan 23 2024 Fedora Release Engineering - 4.5-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Fri Jan 19 2024 Fedora Release Engineering - 4.5-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild - -* Tue Dec 05 2023 Miroslav Lichvar 4.5-1 -- update to 4.5 - -* Wed Nov 22 2023 Miroslav Lichvar 4.5-0.1.pre1 -- update to 4.5-pre1 - -* Wed Aug 09 2023 Miroslav Lichvar 4.4-1 -- update to 4.4 -- require tzdata (#2218368) - -* Wed Jul 19 2023 Fedora Release Engineering - 4.4-0.4.pre2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Wed Jun 21 2023 Miroslav Lichvar 4.4-0.3.pre2 -- update to 4.4-pre2 -- set selinux context in chronyd-restricted service (#2169949) - -* Tue Jun 06 2023 Miroslav Lichvar 4.4-0.2.pre1 -- rebuild for AES-GCM-SIV in new nettle - -* Wed May 10 2023 Miroslav Lichvar 4.4-0.1.pre1 -- update to 4.4-pre1 -- switch from patchX to patch -P X - -* Wed Jan 25 2023 Miroslav Lichvar 4.3-3 -- drop default chrony.keys config (#2104918) -- add chronyd-restricted service for minimal NTP client configurations -- convert license tag to SPDX - -* Wed Jan 18 2023 Fedora Release Engineering - 4.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Wed Aug 31 2022 Miroslav Lichvar 4.3-1 -- update to 4.3 - -* Thu Aug 11 2022 Miroslav Lichvar 4.3-0.1.pre1 -- update to 4.3-pre1 - -* Wed Jul 20 2022 Fedora Release Engineering - 4.2-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Tue May 24 2022 Luca BRUNO - 4.2-6 -- Add a sysusers.d fragment for chrony user/group - -* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek - 4.2-5 -- Drop obsolete workaround in scriptlet - -* Wed Feb 09 2022 Miroslav Lichvar 4.2-4 -- update seccomp filter for latest glibc - -* Tue Feb 08 2022 Miroslav Lichvar 4.2-3 -- use NTP servers passed by NetworkManager from DHCPv6 NTP server option - -* Wed Jan 19 2022 Fedora Release Engineering - 4.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Thu Dec 16 2021 Miroslav Lichvar 4.2-1 -- update to 4.2 - -* Thu Dec 02 2021 Miroslav Lichvar 4.2-0.1.pre1 -- update to 4.2-pre1 - -* Tue Nov 16 2021 Miroslav Lichvar 4.1-5 -- fix hardened chronyd service to allow writing log files - -* Wed Sep 29 2021 Miroslav Lichvar 4.1-4 -- harden chronyd and chrony-wait services - -* Mon Aug 09 2021 Miroslav Lichvar 4.1-3 -- update seccomp filter for new glibc -- remove unnecessary build requirement - -* Wed Jul 21 2021 Fedora Release Engineering - 4.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - * Thu May 13 2021 Miroslav Lichvar 4.1-1 - update to 4.1 -- enable seccomp filter by default (incompatible with mailonchange directive) * Thu Apr 22 2021 Miroslav Lichvar 4.1-0.1.pre1 - update to 4.1-pre1 diff --git a/chrony.sysusers b/chrony.sysusers deleted file mode 100644 index b02f5fe..0000000 --- a/chrony.sysusers +++ /dev/null @@ -1,2 +0,0 @@ -#Type Name ID GECOS Home directory Shell -u chrony - "chrony system user" /var/lib/chrony /sbin/nologin diff --git a/ci.fmf b/ci.fmf deleted file mode 100644 index c5aa0e0..0000000 --- a/ci.fmf +++ /dev/null @@ -1 +0,0 @@ -resultsdb-testcase: separate diff --git a/gating.yaml b/gating.yaml deleted file mode 100644 index 1b16508..0000000 --- a/gating.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- !Policy -product_versions: - - fedora-* -decision_context: bodhi_update_push_testing -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} - -#Rawhide ---- !Policy -product_versions: - - fedora-* -decision_context: bodhi_update_push_stable -subject_type: koji_build -rules: - - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/tier1-public.functional} - -#gating rhel ---- !Policy -product_versions: - - rhel-* -decision_context: osci_compose_gate -rules: - - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-public.functional} - - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional} \ No newline at end of file diff --git a/plans.fmf b/plans.fmf deleted file mode 100644 index c28aa6f..0000000 --- a/plans.fmf +++ /dev/null @@ -1,47 +0,0 @@ -/tier1-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/tier1/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/tier1-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/tier1/public - -/tier2-tier3-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/tier2-tier3/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/tier2-tier3-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/tier2-tier3/public - -/others-internal: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/others/internal - adjust: - enabled: false - when: distro == centos-stream, fedora - because: They don't have access to internal repos. - -/others-public: - plan: - import: - url: https://gitlab.com/redhat/centos-stream/tests/chrony.git - name: /plans/others/public diff --git a/sources b/sources index 35a8415..14c91b8 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (chrony-4.8-tar-gz-asc.txt) = df7f4e06f74a4b8c9a49e8fe57ea02e0324c5683d036412c32192a09f08e08f33537609cef8df0b4302bfcd63332b3092f33f40c8d02857c93ecea13822b5b47 -SHA512 (chrony-4.8.tar.gz) = 949b796bb34db32a5c1b9e6b53be6a22e51c59f24a316d585b8a52a52ab1f61bdf0378dc58b282bb0ba4fac1f05e1e99fbe37cb4259aa2b359e7bf679c176aab -SHA512 (clknetsim-6ee99f50dec8.tar.gz) = 2621d1c44b84b42fcdf644f236ff90dab9f8a8407a138c8719c53dd9c4f21480db3b4ba598116aa1b9d6bd1fa02fc410d85a43baf55ddf8ad47fc09aba4c4477 +SHA512 (chrony-4.1.tar.gz) = 5e283d6a56e6852606c681a7c29c5786b102d584178cbd7033ebbc95a8e95533605631363b850a3087cca438a5878db7a317f120aab2fd856487d02fccfbcb1f +SHA512 (chrony-4.1-tar-gz-asc.txt) = 82faf9171d782c18224d2d44b340994b0ddab141e88cc803dea83d0ffbb6468bc51e8b11c8dd9bd327220cae04f7d789b58ab23141a2bdf038ce628f9adeb57a +SHA512 (clknetsim-f89702.tar.gz) = d88d37472b99e4cc044b6c864dfcf5ebb06ef9e2e009ebce06defa07cd46961220707a69c6ec93e35623403a5b4e0683b78b388bf95bfff470fa771d69579c65