[ubuntu/questing-proposed] chrony 4.7-1ubuntu1 (Accepted)
Lukas Märdian
slyon at ubuntu.com
Thu Jul 3 13:34:14 UTC 2025
chrony (4.7-1ubuntu1) questing; urgency=medium
* Merge with Debian experimental. Remaining changes: (LP: #2110435)
- Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ d/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ d/chrony.default: new option SYNC_IN_CONTAINER to not fall
back (Default off)
+ d/chronyd-starter.sh: wrapper to handle special cases in
containers and if CAP_SYS_TIME is missing. Effectively allows
running the NTP server in containers on a default installation
and avoid failing to sync time (or if allowed to sync, avoid
multiple containers fighting over it by accident).
+ d/install: Make chrony-starter.sh available on install.
+ d/docs, d/README.container: Provide documentation about the
handling of this case.
- d/rules, d/chrony.examples: Ship restricted service as an example
not installed to the system for use. (See LP #2051028)
- d/chrony.conf: remove Debian NTP pool
- Install Ubuntu NTP sources in
/etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
(default yes) debconf question (LP #2048876):
+ d/templates: Add debconf question to customize installation of
/etc/chrony/sources.d/ubuntu-ntp-pools.sources
+ d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
in /usr/share/chrony
+ d/control: add dependency on debconf
+ d/postinst: handle Ubuntu pools via debconf and ucf
+ d/postrm: handle Ubuntu pools via debconf and ucf
+ d/NEWS: Add information about default time sources moving out from
chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
+ d/chrony.config: debconf script to handle Ubuntu pools
+ d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
debconf behavior
- Use Ubuntu NTS servers by default (LP #2084585):
+ d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
server
+ d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
bootstrap servers
+ d/install: install the NTS bootstrap CAs
+ d/ubuntu-ntp-pools.sources: use NTS by default
+ d/t/default-ubuntu-sources-behavior: update tests for NTS support
+ d/NEWS: add news entry about the NTS change
* Drop Changes:
- d/t/helper-functions: Do not fail if backup does not exist
[Fixed in 4.7-1]
- d/tests: Clean up after __no_system_clock_control()
[Fixed in 4.7-1]
- d/chrony.service: Do not run inside containers by default (LP 2111535)
[Fixed in 4.7-1]
- d/t/default-ubuntu-sources-behavior: Adopt to upstream container handling.
[Squashed into "new test to check the debconf behavior"]
* Add Changes:
- d/chrony.service: Allow real chronyd to send READY=1 via sd_notify in
place of the chronyd-starter.sh wrapper.
- d/usr.sbin.chronyd: Grant access to NOTIFY_SOCKET in AppArmor profile.
- d/chrony.conf: Document non-NTS sources from DHCP (LP: #2115565)
chrony (4.7-1) experimental; urgency=medium
[ Vincent Blut ]
* Import upstream version 4.7 (LP: #2002910):
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* Merge branch 'debian/unstable' into 'debian/latest'.
* debian/copyright:
- Update copyright years.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
[ Lukas Märdian ]
* debian/chrony.service:
- Do not run inside containers by default. (LP: #2111535)
* debian/tests/helper-functions:
- Introduce '__cleanup()' function.
chrony (4.7~pre1-1) experimental; urgency=medium
* Import upstream version 4.7-pre1:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* debian/chrony.service:
- Switch service unit to use Type=notify.
* debian/copyright:
- Add an entry for refclock_rtc.c.
* debian/patches/:
- Refresh debianize-chronyd-restricted-unit-file.patch.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
chrony (4.6.1-3) unstable; urgency=medium
* debian/patches/:
- Add conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch. Thanks
to MichaelR <MichaelR42 at runbox.com> for the report. (Closes: #1106875)
chrony (4.6.1-2) unstable; urgency=medium
[ Vincent Blut ]
* debian/chrony.conf:
- Move the confdir directive at the end of the configuration file. This
should prevent directives defined in /etc/chrony/conf.d/ from being
overridden by corresponding directives in chrony.conf. (Closes: #1073865)
* debian/chrony.service:
- Drop 'After=network.target'. First and foremost, the network.target unit
doesn't guarantee that any network interfaces are configured or
operational. Furthermore, chronyd is perfectly able to operate without
network or DNS functionality notably when used with a hardware reference
clock as a time source.
- Do not pull time-sync.target nor order chrony.service before it. Services
pulling and being ordered before time-sync.target must ensure that the
system clock has been completely synchronized and thus typically guarantee
an accurate clock. This can't be assumed right after chrony.service has
finished starting.
* debian/control:
- Support seccomp facility on loong64.
- Bump Standards-Version to 4.7.2 (no changes required).
* debian/copyright:
- Update copyright year for debian/*.
* debian/rules:
- Revert "d/rules: Disable seccomp on loong64".
* debian/usr.sbin.chronyd:
- Relax rule regarding temperature sensors. (Closes: #1084841)
[ Joachim Kross ]
* debian/{control,postinst,chrony.conf}:
- Minor textual updates.
Date: Mon, 30 Jun 2025 13:26:18 +0200
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chrony/4.7-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 30 Jun 2025 13:26:18 +0200
Source: chrony
Built-For-Profiles: noudeb
Architecture: source
Version: 4.7-1ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Lukas Märdian <slyon at ubuntu.com>
Closes: 1073865 1084841 1106875
Launchpad-Bugs-Fixed: 2002910 2110435 2111535 2115565
Changes:
chrony (4.7-1ubuntu1) questing; urgency=medium
.
* Merge with Debian experimental. Remaining changes: (LP: #2110435)
- Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ d/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ d/chrony.default: new option SYNC_IN_CONTAINER to not fall
back (Default off)
+ d/chronyd-starter.sh: wrapper to handle special cases in
containers and if CAP_SYS_TIME is missing. Effectively allows
running the NTP server in containers on a default installation
and avoid failing to sync time (or if allowed to sync, avoid
multiple containers fighting over it by accident).
+ d/install: Make chrony-starter.sh available on install.
+ d/docs, d/README.container: Provide documentation about the
handling of this case.
- d/rules, d/chrony.examples: Ship restricted service as an example
not installed to the system for use. (See LP #2051028)
- d/chrony.conf: remove Debian NTP pool
- Install Ubuntu NTP sources in
/etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
(default yes) debconf question (LP #2048876):
+ d/templates: Add debconf question to customize installation of
/etc/chrony/sources.d/ubuntu-ntp-pools.sources
+ d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
in /usr/share/chrony
+ d/control: add dependency on debconf
+ d/postinst: handle Ubuntu pools via debconf and ucf
+ d/postrm: handle Ubuntu pools via debconf and ucf
+ d/NEWS: Add information about default time sources moving out from
chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
+ d/chrony.config: debconf script to handle Ubuntu pools
+ d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
debconf behavior
- Use Ubuntu NTS servers by default (LP #2084585):
+ d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
server
+ d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
bootstrap servers
+ d/install: install the NTS bootstrap CAs
+ d/ubuntu-ntp-pools.sources: use NTS by default
+ d/t/default-ubuntu-sources-behavior: update tests for NTS support
+ d/NEWS: add news entry about the NTS change
* Drop Changes:
- d/t/helper-functions: Do not fail if backup does not exist
[Fixed in 4.7-1]
- d/tests: Clean up after __no_system_clock_control()
[Fixed in 4.7-1]
- d/chrony.service: Do not run inside containers by default (LP 2111535)
[Fixed in 4.7-1]
- d/t/default-ubuntu-sources-behavior: Adopt to upstream container handling.
[Squashed into "new test to check the debconf behavior"]
* Add Changes:
- d/chrony.service: Allow real chronyd to send READY=1 via sd_notify in
place of the chronyd-starter.sh wrapper.
- d/usr.sbin.chronyd: Grant access to NOTIFY_SOCKET in AppArmor profile.
- d/chrony.conf: Document non-NTS sources from DHCP (LP: #2115565)
.
chrony (4.7-1) experimental; urgency=medium
.
[ Vincent Blut ]
* Import upstream version 4.7 (LP: #2002910):
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
.
* Merge branch 'debian/unstable' into 'debian/latest'.
.
* debian/copyright:
- Update copyright years.
.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
.
[ Lukas Märdian ]
* debian/chrony.service:
- Do not run inside containers by default. (LP: #2111535)
.
* debian/tests/helper-functions:
- Introduce '__cleanup()' function.
.
chrony (4.7~pre1-1) experimental; urgency=medium
.
* Import upstream version 4.7-pre1:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
.
* debian/chrony.service:
- Switch service unit to use Type=notify.
.
* debian/copyright:
- Add an entry for refclock_rtc.c.
.
* debian/patches/:
- Refresh debianize-chronyd-restricted-unit-file.patch.
.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
.
chrony (4.6.1-3) unstable; urgency=medium
.
* debian/patches/:
- Add conf:_fix_sourcedir_reloading_to_not_multiply_sources.patch. Thanks
to MichaelR <MichaelR42 at runbox.com> for the report. (Closes: #1106875)
.
chrony (4.6.1-2) unstable; urgency=medium
.
[ Vincent Blut ]
* debian/chrony.conf:
- Move the confdir directive at the end of the configuration file. This
should prevent directives defined in /etc/chrony/conf.d/ from being
overridden by corresponding directives in chrony.conf. (Closes: #1073865)
.
* debian/chrony.service:
- Drop 'After=network.target'. First and foremost, the network.target unit
doesn't guarantee that any network interfaces are configured or
operational. Furthermore, chronyd is perfectly able to operate without
network or DNS functionality notably when used with a hardware reference
clock as a time source.
- Do not pull time-sync.target nor order chrony.service before it. Services
pulling and being ordered before time-sync.target must ensure that the
system clock has been completely synchronized and thus typically guarantee
an accurate clock. This can't be assumed right after chrony.service has
finished starting.
.
* debian/control:
- Support seccomp facility on loong64.
- Bump Standards-Version to 4.7.2 (no changes required).
.
* debian/copyright:
- Update copyright year for debian/*.
.
* debian/rules:
- Revert "d/rules: Disable seccomp on loong64".
.
* debian/usr.sbin.chronyd:
- Relax rule regarding temperature sensors. (Closes: #1084841)
.
[ Joachim Kross ]
* debian/{control,postinst,chrony.conf}:
- Minor textual updates.
Checksums-Sha1:
6dbc1cd8a61575c91b187cf88e6209de5f1e44e4 2447 chrony_4.7-1ubuntu1.dsc
7a59427bb96df4b1d443cf6eb5bea9e95a6b071f 644610 chrony_4.7.orig.tar.gz
7af5af8f3d9a0a24aa81f095268c1a190b8f0a31 52860 chrony_4.7-1ubuntu1.debian.tar.xz
b6c226d9186799335678ef2027fdef177056dd7c 9540 chrony_4.7-1ubuntu1_source.buildinfo
Checksums-Sha256:
dd348a4608ac7d176fef78968573a4d427ebc863bee8eb7889c5c97bdda3cfb9 2447 chrony_4.7-1ubuntu1.dsc
c0de41a8c051e5d32b101b5f7014b98ca978b18e592f30ce6840b6d4602d947b 644610 chrony_4.7.orig.tar.gz
ff3cae9d6b790c11e2a54b950022719945c72f05223213f1466ee6529a0837b1 52860 chrony_4.7-1ubuntu1.debian.tar.xz
b9d65c97704a6a6e70fe8e6cca1f9a8e2f221b474a77ce65221afe54dd22e95a 9540 chrony_4.7-1ubuntu1_source.buildinfo
Files:
1c1d51d15e939a1969e9115fbfcada6d 2447 net optional chrony_4.7-1ubuntu1.dsc
a1ab6e972527a9cbf6bf862679352ed3 644610 net optional chrony_4.7.orig.tar.gz
4a3ac5115a7dfa8968eb30dabe34dfd8 52860 net optional chrony_4.7-1ubuntu1.debian.tar.xz
d4c8b8c3260eb4cd687464e6a440eebe 9540 net optional chrony_4.7-1ubuntu1_source.buildinfo
Original-Maintainer: Vincent Blut <vincent.debian at free.fr>
Vcs-Git: https://git.launchpad.net/~slyon/ubuntu/+source/chrony
Vcs-Git-Commit: de4c18188d37067dcabe2a70671da18ef8ca0866
Vcs-Git-Ref: refs/heads/merge-lp2110435-questing
More information about the Questing-changes
mailing list