[ubuntu/hirsute-proposed] chrony 4.0-5ubuntu1 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Thu Feb 11 08:11:12 UTC 2021
chrony (4.0-5ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable (LP: #1915006). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
in containers on a default installation and avoid failing to sync time
(or if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
* Added changes:
- d/t/helper-functions: reduce default ubuntu config, to make space for
testcase config
- d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
unify tests to use reload and restart
chrony (4.0-5) unstable; urgency=medium
* Follow DEP-14 branch naming conventions:
master -> debian/latest
upstream -> upstream/latest
* debian/chrony.service:
- Enable some hardening settings.
* debian/control:
- Remove Joachim Wiedorn from the Uploaders field. This decision was taken
in agreement with him. Thanks a lot, Joachim, for your work on chrony and
for your benevolence when you handed me its maintenance.
- Point Vcs-Git to the debian/latest branch.
* debian/dirs:
- Do not create the /etc/apparmor.d/force-complain directory. Not needed
anymore.
* debian/postrm:
- Remove /run/chrony-dhcp on purge.
* debian/preinst:
- Drop old migration code snippet. It was used to put the newly provided
AppArmor profile in complain mode when upgrading chrony to prevent
regressions this profile could have caused. (Closes: #905485)
chrony (4.0-4) unstable; urgency=medium
* debian/chrony.examples:
- Provide example configuration files.
* debian/postinst:
- Run adduser unconditionally.
- Use 'chronyd -p' to check the whole configuration.
* debian/tests/:
- Prevent dynamically-add-source and ntp-server-and-nts-auth tests from
failing on chronyd's preparation step.
- Don't pass 'set -u' to dynamically-add-source and
ntp-server-and-nts-auth scripts.
* debian/tests/control:
- Mark dynamically-add-source as skippable.
chrony (4.0-3) unstable; urgency=medium
* debian/:
- chronyd's configuration can now be fragmented. Please see
/etc/chrony/conf.d/README for more information.
- NTP sources can be specified in /etc/chrony/sources.d. Please see
/etc/chrony/sources.d/README for more information.
* debian/chrony.conf:
- Include configuration files found in /etc/chrony/conf.d.
- Use NTP sources found in /etc/chrony/sources.d.
- Get TAI-UTC offset and leap seconds from the system tz database by using
the "leapsectz right/UTC" directive. This directive must be commented out
when using time sources serving leap-smeared time. (Closes: #974845)
- Add missing comment.
* debian/chrony.default:
- Switch the seccomp filter to level 1.
* debian/chrony.lintian-overrides:
- Override breakout-link.
* debian/control:
- Add tzdata to the dependencies.
- Bump Standards-Version to 4.5.1 (no changes required).
* debian/copyright:
- Update copyright year for debian/*.
* debian/postinst:
- Use dpkg-statoverride to manage mode bits and ownership of
/var/l{ib,og}/chrony.
* debian/postrm:
- Remove overrides for /var/l{ib,og}/chrony on purge.
* debian/rules:
- Drop '--without-readline' option. GNU readline support has been dropped
upstream due to license incompatibility.
- Replace -F -1 by -F 1 in the sed invocation.
* debian/tests/:
- Add fragmented-configuration autopkgtest.
- Add dynamically-add-source autopkgtest.
- Add ntp-server-and-nts-auth autopkgtest.
* debian/tests/control:
- Mark ntp-server-and-nts-auth as skippable.
* debian/tests/fragmented-configuration:
- Use another directive for the test since "leapsectz right/UTC" is now
used by default.
* debian/tests/helper-functions:
- Add __no_system_clock_control() function.
* debian/tests/upstream-simulation-test-suite:
- Always use the same seed to get deterministic results.
* debian/upstream/metadata:
- Remove obsolete field Name. Thanks to Debian Janitor <janitor at jelmer.uk>.
* debian/usr.sbin.chronyd:
- Make use of the @{run} variable.
Date: Mon, 08 Feb 2021 12:45:05 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chrony/4.0-5ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 08 Feb 2021 12:45:05 +0100
Source: chrony
Architecture: source
Version: 4.0-5ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 905485 974845
Launchpad-Bugs-Fixed: 1915006
Changes:
chrony (4.0-5ubuntu1) hirsute; urgency=medium
.
* Merge with Debian unstable (LP: #1915006). Remaining changes:
- d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
- Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off) [fixed a minor typo in the comment in this update]
+ debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
in containers on a default installation and avoid failing to sync time
(or if allowed to sync, avoid multiple containers to fight over it by
accident).
+ debian/install: make chrony-starter.sh available on install.
+ debian/docs, debian/README.container: provide documentation about the
handling of this case.
* Added changes:
- d/t/helper-functions: reduce default ubuntu config, to make space for
testcase config
- d/t/{dynamically-add-source,ntp-server-and-nts-auth,helper-functions}:
unify tests to use reload and restart
.
chrony (4.0-5) unstable; urgency=medium
.
* Follow DEP-14 branch naming conventions:
master -> debian/latest
upstream -> upstream/latest
.
* debian/chrony.service:
- Enable some hardening settings.
.
* debian/control:
- Remove Joachim Wiedorn from the Uploaders field. This decision was taken
in agreement with him. Thanks a lot, Joachim, for your work on chrony and
for your benevolence when you handed me its maintenance.
- Point Vcs-Git to the debian/latest branch.
.
* debian/dirs:
- Do not create the /etc/apparmor.d/force-complain directory. Not needed
anymore.
.
* debian/postrm:
- Remove /run/chrony-dhcp on purge.
.
* debian/preinst:
- Drop old migration code snippet. It was used to put the newly provided
AppArmor profile in complain mode when upgrading chrony to prevent
regressions this profile could have caused. (Closes: #905485)
.
chrony (4.0-4) unstable; urgency=medium
.
* debian/chrony.examples:
- Provide example configuration files.
.
* debian/postinst:
- Run adduser unconditionally.
- Use 'chronyd -p' to check the whole configuration.
.
* debian/tests/:
- Prevent dynamically-add-source and ntp-server-and-nts-auth tests from
failing on chronyd's preparation step.
- Don't pass 'set -u' to dynamically-add-source and
ntp-server-and-nts-auth scripts.
.
* debian/tests/control:
- Mark dynamically-add-source as skippable.
.
chrony (4.0-3) unstable; urgency=medium
.
* debian/:
- chronyd's configuration can now be fragmented. Please see
/etc/chrony/conf.d/README for more information.
- NTP sources can be specified in /etc/chrony/sources.d. Please see
/etc/chrony/sources.d/README for more information.
.
* debian/chrony.conf:
- Include configuration files found in /etc/chrony/conf.d.
- Use NTP sources found in /etc/chrony/sources.d.
- Get TAI-UTC offset and leap seconds from the system tz database by using
the "leapsectz right/UTC" directive. This directive must be commented out
when using time sources serving leap-smeared time. (Closes: #974845)
- Add missing comment.
.
* debian/chrony.default:
- Switch the seccomp filter to level 1.
.
* debian/chrony.lintian-overrides:
- Override breakout-link.
.
* debian/control:
- Add tzdata to the dependencies.
- Bump Standards-Version to 4.5.1 (no changes required).
.
* debian/copyright:
- Update copyright year for debian/*.
.
* debian/postinst:
- Use dpkg-statoverride to manage mode bits and ownership of
/var/l{ib,og}/chrony.
.
* debian/postrm:
- Remove overrides for /var/l{ib,og}/chrony on purge.
.
* debian/rules:
- Drop '--without-readline' option. GNU readline support has been dropped
upstream due to license incompatibility.
- Replace -F -1 by -F 1 in the sed invocation.
.
* debian/tests/:
- Add fragmented-configuration autopkgtest.
- Add dynamically-add-source autopkgtest.
- Add ntp-server-and-nts-auth autopkgtest.
.
* debian/tests/control:
- Mark ntp-server-and-nts-auth as skippable.
.
* debian/tests/fragmented-configuration:
- Use another directive for the test since "leapsectz right/UTC" is now
used by default.
.
* debian/tests/helper-functions:
- Add __no_system_clock_control() function.
.
* debian/tests/upstream-simulation-test-suite:
- Always use the same seed to get deterministic results.
.
* debian/upstream/metadata:
- Remove obsolete field Name. Thanks to Debian Janitor <janitor at jelmer.uk>.
.
* debian/usr.sbin.chronyd:
- Make use of the @{run} variable.
Checksums-Sha1:
4bf39fa8969fb14d06dbbeb88bb38d03eb996bc8 2475 chrony_4.0-5ubuntu1.dsc
06155c6ebe1c6d9f60c83e08ee1c8718b50b80f0 42304 chrony_4.0-5ubuntu1.debian.tar.xz
287e81798c0d818512b2f959c53ea9e02babe452 7485 chrony_4.0-5ubuntu1_source.buildinfo
Checksums-Sha256:
1434b0f4d91cf563422eac12815b5a587ef807cba73a98f7ad2a4dd059eb1ac9 2475 chrony_4.0-5ubuntu1.dsc
a6d4adccf9346e68bebeebac2801c261fa7aedcf2576278a8ba04cdb8c49ae1e 42304 chrony_4.0-5ubuntu1.debian.tar.xz
9bed000016e08c71e299678c885f0a27eec0d7dee22cde2d0fa42a89a66d77f7 7485 chrony_4.0-5ubuntu1_source.buildinfo
Files:
7f970f25fd2e18fade6f84863ca47e93 2475 net optional chrony_4.0-5ubuntu1.dsc
7f7f9a8a1489f7f121a17c2876f98264 42304 net optional chrony_4.0-5ubuntu1.debian.tar.xz
2ffaa9ac11f0891576320f57ecfc67a8 7485 net optional chrony_4.0-5ubuntu1_source.buildinfo
Original-Maintainer: Vincent Blut <vincent.debian at free.fr>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAmAk5ogACgkQuj4pM4KA
skKv7w/+MN1T9Fv2KsQe2nStZcOKLqPKF8tWalqijK1g5Qq2Nu+CSU+G7WLjGr6B
LKOJ0sU/jUABvefealBh4xjdU0ep3fqVr8UqMt7fkU/i6p2moj10qXHfQSH/XAwr
5h7U86CQnXDbTUxrkqzOR+wdxyhLgch4048utacR5H8s0ik2vBTf4ipsJ4lNrKaL
KPg+Zb5NAjoH3Mo7I0kn7GJYDKrANmDWkGU73PmYlvoPQJhQKIBeKZ9cPaCjT0H/
F6VXP5xP6Jzq3TVDgkkKfAkcfcoTMNbsbm4pOox6xivWywLdp6/4+I2dZhvrn99v
YvNV6NXS+HcFIugwVIUKfyOsH1tNUCjFHkUgkGHu4y+A5OrgsXYgtILgPjpCahHa
qkNabr8t33g1pjFGB09EJAuZny2d6M7BCc6Kv6oI7nZJfDLUrLpaapPPFO0PvifQ
pqUoOG38+mW2/VBrKVR79xsKyCIYaRMJV2vcFUp+i3DTqW17UMMBaF0wIZmawQts
P5iS6LM9F8MeCqKuVE7BcgzYxbaPIIhdALq0d52Ije7q4vEJJVtca/p3+4jb2/qR
BwNg7PbdGIcM9osIJc/zwr+ksgwpKHibFjb9WhlyC0q7DV8V9CGGhbNtYqheVOTx
ybjWCR33Y9m2yp3jQUrFPzpMIHvaswy/T3CiQoVd/3f2Udm9kAo=
=jcVM
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list