[ubuntu/bionic-proposed] chrony 3.2-4ubuntu2 (Accepted)
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Mar 21 06:48:19 UTC 2018
chrony (3.2-4ubuntu2) bionic; urgency=medium
* Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
- d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
When dropping the root privileges, don't try to keep the CAP_SYS_TIME
capability if the -x option was enabled. This allows chronyd to be
started without the capability (e.g. in containers) and also drop the
root privileges.
- debian/chrony.service: allow the service to run without CAP_SYS_TIME
- debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
- debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off).
- debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
- debian/install: make chronyd-starter.sh available on install.
- debian/docs, debian/README.container: provide documentation about the
handling of this case.
* debian/chrony.conf: update default chrony.conf to not violate the policy
of pool.ntp.org (to use no more than four of their servers) and to provide
more ipv6 capable sources by default (LP: #1754358)
Date: Fri, 16 Mar 2018 12:25:44 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chrony/3.2-4ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 16 Mar 2018 12:25:44 +0100
Source: chrony
Binary: chrony
Architecture: source
Version: 3.2-4ubuntu2
Distribution: bionic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Description:
chrony - Versatile implementation of the Network Time Protocol
Launchpad-Bugs-Fixed: 1589780 1754358
Changes:
chrony (3.2-4ubuntu2) bionic; urgency=medium
.
* Set -x as default if unable to set time (e.g. in containers) (LP: #1589780)
Chrony is a single service which acts as both NTP client (i.e. syncing the
local clock) and NTP server (i.e. providing NTP services to the network),
and that is both desired and expected in the vast majority of cases.
But in containers syncing the local clock is usually impossible, but this
shall not break the providing of NTP services to the network.
To some extent this makes chrony's default config more similar to 'ntpd',
which complained in syslog but still provided NTP server service in those
cases.
- d/p/lp1589780-sys_linux-don-t-keep-CAP_SYS_TIME-with-x-option.patch:
When dropping the root privileges, don't try to keep the CAP_SYS_TIME
capability if the -x option was enabled. This allows chronyd to be
started without the capability (e.g. in containers) and also drop the
root privileges.
- debian/chrony.service: allow the service to run without CAP_SYS_TIME
- debian/control: add new dependency libcap2-bin for capsh (usually
installed anyway, but make them explicit to be sure).
- debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
(Default off).
- debian/chronyd-starter.sh: wrapper to handle special cases in containers
and if CAP_SYS_TIME is missing. Effectively allows to run NTP server in
containers on a default installation and avoid failing to sync time (or
if allowed to sync, avoid multiple containers to fight over it by
accident).
- debian/install: make chronyd-starter.sh available on install.
- debian/docs, debian/README.container: provide documentation about the
handling of this case.
* debian/chrony.conf: update default chrony.conf to not violate the policy
of pool.ntp.org (to use no more than four of their servers) and to provide
more ipv6 capable sources by default (LP: #1754358)
Checksums-Sha1:
f6ca12b7528f991be854e47b9bab653ddb20c464 2246 chrony_3.2-4ubuntu2.dsc
db404ec5474bd0277a0c4698ba850ab32fde2fa2 35096 chrony_3.2-4ubuntu2.debian.tar.xz
Checksums-Sha256:
417aa47bd51ad44054772f4943d22a9658dc493341e1faf8d508e569decb0948 2246 chrony_3.2-4ubuntu2.dsc
2365d58c7b3527e6fe6188f8d2165bc6ee02f08ce0bc22d1a3704672d894114f 35096 chrony_3.2-4ubuntu2.debian.tar.xz
Files:
c0f31451fe8d831ca40e230c5a785374 2246 net optional chrony_3.2-4ubuntu2.dsc
366b0f14bf673ff897c839d181e15381 35096 net optional chrony_3.2-4ubuntu2.debian.tar.xz
Original-Maintainer: Vincent Blut <vincent.debian at free.fr>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJasf/qAAoJELo+KTOCgLJCa1gP/ROS/GgqwVqtt44AnNj2+ezg
nSAIpXnmYL+jT7iWKsEDQe2b4kYBQw4MPiozKMG0rOZAjNHdyXTFn6o1P58e6lw5
rh6VsmWmeb6CUkxuvKqyusq2ai8eEzDFrHVuw/H7+yIWeyUB/gUahEXJkIxyTmDY
LTe+6Bth8fGyLxW63vZ1tQ2psQ0mXHg9ECSBEvftQ3gJqVDdbxh7emLQZY39XYEV
oguROEJprFjCjfOSAzJCbDSvmVnKfjNA7n7+OgSsnMqL/ZDJVv0bvLdP/3jvi/Uv
X2OUVPXxtWLxOoLaFjbRx8WcMjPeZnua4XKzxugwIGGUY1Xvu+c/1eGY5/Nqfzj+
lJtTeOqkvVfhsV2MvuGTbKNBWQ8EG4L2hfev6P9eOBx0s6uk63ZB00qupv7QDjvq
cmVeG2iGGATUUS84PeSgxYYkAxoD9VIpKlSPbd1GVw/JE9HVAdFtznJ5K0ZPiIPs
eu6rfGaKv/FyQIiSQsXcPCgGR5dErT+U3UimzdZAPCComvzSVOGaicsoubc2Ej1X
n0iCsaU+y2WyDMDt1W+BS7h4WHWwLjrG5m/eFDSVrY7fOz9HgTpp1fVwqJENFPSv
OLvIruFiTz+vChEbtHfHe2bt2G1A85Sl2B0dp4biTLoVEaQIEhRKU8sVCP1VHhfc
t4jqAhaFnC1qQ5cn8O9g
=U+xR
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list