[ubuntu/resolute-proposed] chrony 4.8-2ubuntu1 (Accepted)
Andreas Hasenack
andreas.hasenack at canonical.com
Fri Feb 13 21:09:15 UTC 2026
chrony (4.8-2ubuntu1) resolute; urgency=medium
* Merge with Debian unstable (LP: #2126001, LP: #2122337)). Remaining changes:
- Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ d/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ d/chrony.default: new option SYNC_IN_CONTAINER to not fall
back (Default off)
+ d/chronyd-starter.sh: wrapper to handle special cases in
containers and if CAP_SYS_TIME is missing. Effectively allows
running the NTP server in containers on a default installation
and avoid failing to sync time (or if allowed to sync, avoid
multiple containers fighting over it by accident).
+ d/install: Make chrony-starter.sh available on install.
+ d/docs, d/README.container: Provide documentation about the
handling of this case.
- d/rules, d/chrony.examples: Ship restricted service as an example
not installed to the system for use. (See LP #2051028)
- d/chrony.conf: remove Debian NTP pool and Document non-NTS sources from
DHCP (LP #2115565)
- Install Ubuntu NTP sources in
/etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
(default yes) debconf question (LP #2048876):
+ d/templates: Add debconf question to customize installation of
/etc/chrony/sources.d/ubuntu-ntp-pools.sources
+ d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
in /usr/share/chrony
+ d/control: add dependency on debconf
+ d/postinst: handle Ubuntu pools via debconf and ucf
+ d/postrm: handle Ubuntu pools via debconf and ucf
+ d/NEWS: Add information about default time sources moving out from
chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
+ d/chrony.config: debconf script to handle Ubuntu pools
+ d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
debconf behavior
- Use Ubuntu NTS servers by default (LP #2084585):
+ d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
server
+ d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
bootstrap servers
+ d/install: install the NTS bootstrap CAs
+ d/ubuntu-ntp-pools.sources: use NTS by default
+ d/t/default-ubuntu-sources-behavior: update tests for NTS support
+ d/NEWS: add news entry about the NTS change
- d/chrony.service: Allow real chronyd to send READY=1 via sd_notify in
place of the chronyd-starter.sh wrapper.
- d/control: Recommends: networkd-dispatcher (LP #2132159)
- configure: switch sed separator from % to # to cope with dpkg
* Dropped:
- d/usr.sbin.chronyd: Grant access to NOTIFY_SOCKET in AppArmor profile.
[In 4.7-2]
* Added:
- d/t/helper-functions: show some logs in case of failure
- d/t/default-ubuntu-sources-behavior: use common __cleanup
- d/usr.sbin.chronyd: adjust apparmor rule so that chronyd is also allowed
to access subdirectories of /run/chrony
- d/t/upstream-simulation-test-suite: revert update of clknetsim done in
4.8-1 which redefines __open64_2 and breaks armhf build
chrony (4.8-2) unstable; urgency=medium
* debian/rules:
- Specify default chronyc user. This is the user to which chronyc will
switch when it is started under root.
* debian/chrony.service:
- Allow chronyd to run inside the Windows Subsystem for Linux.
(LP: #2122337)
* debian/watch:
- Version: field should live in its own paragraph.
chrony (4.8-1) unstable; urgency=medium
* Import upstream version 4.8:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* Merge branch 'debian/unstable' into debian/latest.
* Upload to unstable.
* debian/chrony.sysusers:
- Install a sysusers.d file to create the _chrony system user/group.
* debian/control:
- Build-depend on dh-sequence-installsysusers.
- Drop unused adduser dependency.
* debian/postinst:
- Drop adduser invocation. The _chrony system user/group is now created
using a sysusers.d fragment.
- Allocate the _chrony system user/group before running dpkg-statoverride
commands.
* debian/postrm:
- Don't delete the _chrony system user/group during purge.
Deleting it is risky because sensitive files belonging to this uid might
remain on the filesystem and could be recovered by another system user
reusing the same uid.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
- Get clknetsim from Gitlab.
* debian/watch:
- Update to version 5.
chrony (4.8~pre1-1) experimental; urgency=medium
* Import upstream version 4.8-pre1:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
* debian/control:
- Drop 'Priority: optional'. dpkg sets it by default if omitted.
- Drop 'Rules-Requires-Root: no'. dpkg sets it by default if omitted.
* debian/copyright:
- Add a few entries and update copyright year.
* debian/test/upstream-simulation-test-suite:
- Update clknetsim version.
chrony (4.7-3) unstable; urgency=medium
* debian/patches/:
- Add skip-flaky-007-cmdmon-system-test.patch. Upstream system test
007-cmdmon fails intermittently. Skip it! (Closes: #1111222)
chrony (4.7-2) unstable; urgency=medium
[ Vincent Blut ]
* Upload to unstable.
* debian/control:
- Suggest gpsd.
[ Lukas Märdian ]
* debian/usr.sbin.chronyd:
- Grant access to sd_notify's $NOTIFY_SOCKET.
Date: Fri, 13 Feb 2026 15:50:10 -0300
Changed-By: Andreas Hasenack <andreas.hasenack at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chrony/4.8-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 13 Feb 2026 15:50:10 -0300
Source: chrony
Built-For-Profiles: noudeb
Architecture: source
Version: 4.8-2ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Andreas Hasenack <andreas.hasenack at canonical.com>
Closes: 1111222
Launchpad-Bugs-Fixed: 2122337 2126001
Changes:
chrony (4.8-2ubuntu1) resolute; urgency=medium
.
* Merge with Debian unstable (LP: #2126001, LP: #2122337)). Remaining changes:
- Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
+ debian/chrony.service: allow the service to run without CAP_SYS_TIME
+ d/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
+ d/chrony.default: new option SYNC_IN_CONTAINER to not fall
back (Default off)
+ d/chronyd-starter.sh: wrapper to handle special cases in
containers and if CAP_SYS_TIME is missing. Effectively allows
running the NTP server in containers on a default installation
and avoid failing to sync time (or if allowed to sync, avoid
multiple containers fighting over it by accident).
+ d/install: Make chrony-starter.sh available on install.
+ d/docs, d/README.container: Provide documentation about the
handling of this case.
- d/rules, d/chrony.examples: Ship restricted service as an example
not installed to the system for use. (See LP #2051028)
- d/chrony.conf: remove Debian NTP pool and Document non-NTS sources from
DHCP (LP #2115565)
- Install Ubuntu NTP sources in
/etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
(default yes) debconf question (LP #2048876):
+ d/templates: Add debconf question to customize installation of
/etc/chrony/sources.d/ubuntu-ntp-pools.sources
+ d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
in /usr/share/chrony
+ d/control: add dependency on debconf
+ d/postinst: handle Ubuntu pools via debconf and ucf
+ d/postrm: handle Ubuntu pools via debconf and ucf
+ d/NEWS: Add information about default time sources moving out from
chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
+ d/chrony.config: debconf script to handle Ubuntu pools
+ d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
debconf behavior
- Use Ubuntu NTS servers by default (LP #2084585):
+ d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
server
+ d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
bootstrap servers
+ d/install: install the NTS bootstrap CAs
+ d/ubuntu-ntp-pools.sources: use NTS by default
+ d/t/default-ubuntu-sources-behavior: update tests for NTS support
+ d/NEWS: add news entry about the NTS change
- d/chrony.service: Allow real chronyd to send READY=1 via sd_notify in
place of the chronyd-starter.sh wrapper.
- d/control: Recommends: networkd-dispatcher (LP #2132159)
- configure: switch sed separator from % to # to cope with dpkg
* Dropped:
- d/usr.sbin.chronyd: Grant access to NOTIFY_SOCKET in AppArmor profile.
[In 4.7-2]
* Added:
- d/t/helper-functions: show some logs in case of failure
- d/t/default-ubuntu-sources-behavior: use common __cleanup
- d/usr.sbin.chronyd: adjust apparmor rule so that chronyd is also allowed
to access subdirectories of /run/chrony
- d/t/upstream-simulation-test-suite: revert update of clknetsim done in
4.8-1 which redefines __open64_2 and breaks armhf build
.
chrony (4.8-2) unstable; urgency=medium
.
* debian/rules:
- Specify default chronyc user. This is the user to which chronyc will
switch when it is started under root.
.
* debian/chrony.service:
- Allow chronyd to run inside the Windows Subsystem for Linux.
(LP: #2122337)
.
* debian/watch:
- Version: field should live in its own paragraph.
.
chrony (4.8-1) unstable; urgency=medium
.
* Import upstream version 4.8:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
.
* Merge branch 'debian/unstable' into debian/latest.
.
* Upload to unstable.
.
* debian/chrony.sysusers:
- Install a sysusers.d file to create the _chrony system user/group.
.
* debian/control:
- Build-depend on dh-sequence-installsysusers.
- Drop unused adduser dependency.
.
* debian/postinst:
- Drop adduser invocation. The _chrony system user/group is now created
using a sysusers.d fragment.
- Allocate the _chrony system user/group before running dpkg-statoverride
commands.
.
* debian/postrm:
- Don't delete the _chrony system user/group during purge.
Deleting it is risky because sensitive files belonging to this uid might
remain on the filesystem and could be recovered by another system user
reusing the same uid.
.
* debian/tests/upstream-simulation-test-suite:
- Update clknetsim version.
- Get clknetsim from Gitlab.
.
* debian/watch:
- Update to version 5.
.
chrony (4.8~pre1-1) experimental; urgency=medium
.
* Import upstream version 4.8-pre1:
- Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
.
* debian/control:
- Drop 'Priority: optional'. dpkg sets it by default if omitted.
- Drop 'Rules-Requires-Root: no'. dpkg sets it by default if omitted.
.
* debian/copyright:
- Add a few entries and update copyright year.
.
* debian/test/upstream-simulation-test-suite:
- Update clknetsim version.
.
chrony (4.7-3) unstable; urgency=medium
.
* debian/patches/:
- Add skip-flaky-007-cmdmon-system-test.patch. Upstream system test
007-cmdmon fails intermittently. Skip it! (Closes: #1111222)
.
chrony (4.7-2) unstable; urgency=medium
.
[ Vincent Blut ]
* Upload to unstable.
.
* debian/control:
- Suggest gpsd.
.
[ Lukas Märdian ]
* debian/usr.sbin.chronyd:
- Grant access to sd_notify's $NOTIFY_SOCKET.
Checksums-Sha1:
bafdfcfb5f846084ba80dbcd332a1274c946f9d5 2574 chrony_4.8-2ubuntu1.dsc
f18245b2e2971a192f069d6f78e518b55ee8742c 649368 chrony_4.8.orig.tar.gz
45040c1cc034f078d0f65646b403019d44c7ecc8 54944 chrony_4.8-2ubuntu1.debian.tar.xz
d61a36be1fff4523cfb53ac48e3b24825474807c 7932 chrony_4.8-2ubuntu1_source.buildinfo
Checksums-Sha256:
511887361e91dcc37123aeb63095ac4895a19efbee234bfd3d034827f12d074a 2574 chrony_4.8-2ubuntu1.dsc
33ea8eb2a4daeaa506e8fcafd5d6d89027ed6f2f0609645c6f149b560d301706 649368 chrony_4.8.orig.tar.gz
708ef779adf3895f404e46f57906cf67c806c6a94d3198fad6fa766a376eb413 54944 chrony_4.8-2ubuntu1.debian.tar.xz
207afa32b3420de2356fc120cc5b388265997255e12ce08ce44154f82a6e3a11 7932 chrony_4.8-2ubuntu1_source.buildinfo
Files:
11cfe6260334f0962add9233254910e4 2574 net optional chrony_4.8-2ubuntu1.dsc
0ad862b6d40b84abe145b13d9f1d8025 649368 net optional chrony_4.8.orig.tar.gz
853034342e3ad787b41ceee2f2cc55a9 54944 net optional chrony_4.8-2ubuntu1.debian.tar.xz
8e5f7bbf29f58983ecef000cd5eae8b8 7932 net optional chrony_4.8-2ubuntu1_source.buildinfo
Original-Maintainer: Vincent Blut <vincent.debian at free.fr>
Vcs-Git: https://git.launchpad.net/~ahasenack/ubuntu/+source/chrony
Vcs-Git-Commit: 9b06cb69e13d04eb1cfe69bffc3b78b0628c5487
Vcs-Git-Ref: refs/heads/resolute-chrony-merge-1
More information about the Resolute-changes
mailing list