[ubuntu/hirsute-proposed] chrony 4.0-2ubuntu1 (Accepted)

Christian Ehrhardt christian.ehrhardt at canonical.com
Wed Nov 4 08:29:12 UTC 2020


chrony (4.0-2ubuntu1) hirsute; urgency=medium

  * Merge with Debian unstable. Remaining changes:
    - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
    - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
      Chrony is a single service which acts as both NTP client (i.e. syncing the
      local clock) and NTP server (i.e. providing NTP services to the network),
      and that is both desired and expected in the vast majority of cases.
      But in containers syncing the local clock is usually impossible, but this
      shall not break the providing of NTP services to the network.
      To some extent this makes chrony's default config more similar to 'ntpd',
      which complained in syslog but still provided NTP server service in those
      cases.
      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
      + debian/control: add new dependency libcap2-bin for capsh (usually
        installed anyway, but make them explicit to be sure).
      + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
        (Default off) [fixed a minor typo in the comment in this update]
      + debian/chronyd-starter.sh: wrapper to handle special cases in containers
        and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
        in containers on a default installation and avoid failing to sync time
        (or if allowed to sync, avoid multiple containers to fight over it by
        accident).
      + debian/install: make chrony-starter.sh available on install.
      + debian/docs, debian/README.container: provide documentation about the
        handling of this case.

chrony (4.0-2) unstable; urgency=medium

  * Merge branch 'experimental' into 'master'.

  * Upload to unstable.

chrony (4.0-1) experimental; urgency=medium

  * Import upstream version 4.0:
    - This release adds support for the Network Time Security (NTS)
    authentication mechanism (RFC 8915).
    - Please see /usr/share/doc/chrony/NEWS.gz for the release notes.

chrony (4.0~pre4-2) experimental; urgency=medium

  * debian/postinst:
    - Fix user and group ownership of "/var/lib/chrony" to allow chronyd
    to write in it. This will also fix a regression in the 104-systemdirs
    test.

chrony (4.0~pre4-1) experimental; urgency=medium

  * Import upstream version 4.0-pre4:
    - Please see /usr/share/doc/chrony/NEWS.gz for the release notes.

  * Merge branch 'master' into experimental. (Closes: #970421)

  * debian/chrony.conf:
    - Use NTP sources from /run/chrony-dhcp.
    - Save NTS keys and cookies in /var/lib/chrony/.

  * debian/chrony-dnssrv at .service:
    - Update "chrony-helper" path.

  * debian/chrony.dhcp:
    - Save NTP servers from DHCP to /run/chrony-dhcp/$interface.sources.

  * debian/chrony.lintian-overrides:
    - Override executable-in-usr-lib for NetworkManager dispatcher scripts.
    - Update NetworkManager dispatcher script name.

  * debian/chrony.ppp.ip-{down,up}:
    - Update PID file path.

  * debian/chrony.service:
    - Update PID file path.
    - Do not run 'chrony-helper update-daemon' after starting chronyd. Not
    needed anymore.

  * debian/control:
    - Build-depend on libgnutls28-dev to support NTS.
    - Build-depend on gnutls-bin for the test suite.
    - Bump debhelper-compat to 13.

  * debian/copyright:
    - Update copyright years.

  * debian/dirs:
    - Remove var/log/chrony as it will be created automatically if it doesn’t
    exist.

  * debian/if-{post-down,up}:
    - Update PID file path.

  * debian/init:
    - Update PID file path.
    - Drop the unnecessary '--remove pidfile' option from the stop target.
    - Do not run 'chrony-helper update-daemon' after starting chronyd. Not
    needed anymore.

  * debian/install:
    - Move "chrony-helper" to "/usr/libexec/chrony".

  * debian/links:
    - Update source and destination filenames.

  * debian/patches/:
    - Drop patches applied upstream.
    - Add nm-dispatcher-dhcp_Move-server_dir-to-run.patch.

  * debian/postinst:
    - Drop migration code from pre-Stretch.
    - Migrate NTP sources obtained from DHCP to /run/chrony-dhcp on upgrade
    from chrony < 4.0~pre4-1.
    - Remove staled PID file when upgrading from chrony < 4.0~pre4-1.

  * debian/rules:
    - Change the default PID file location from /run to /run/chrony.
    - Drop dh_missing --fail-missing. This is the default in debhelper 13.
    - Enable seccomp support by default on riscv64.
    - Update NetworkManager dispatcher script name from 20-chrony to
    20-chrony-onoffline.
    - Add DHCP NetworkManager dispatcher script to allow chronyd to use
    NTP sources obtained from NM's internal DHCP client.

  * debian/tests/:
    - Add some helper functions. Some tests will be updated thereafter
    to use them.

  * debian/tests/time-sources-from-dhcp-servers:
    - Adapt to the new way of using time sources from DHCP.
    - Improve sed invocation.

  * debian/tests/upstream-simulation-test-suite:
    - Update clknetsim version.
    - Cosmetic changes.

  * debian/tests/upstream-system-tests:
    - No need to stop systemd-timesyncd anymore since it is no more
    co-installable with chrony anymore.

  * debian/usr.sbin.chronyd:
    - Update PID file path.
    - Add dac_override and dac_read_search capabilities to give "root" the
    ability to write the PID file in /run/chrony/.
    - Prefix flag definition by "flags=".
    - Sort the capabilities.
    - Grant CAP_NET_RAW capability to allow an NTP socket to be bound to a
    device using the SO_BINDTODEVICE socket option on kernels before 5.7.
    - Add comments regarding capabilities.
    - Let chronyd create /var/l{ib,og}/chrony.
    - Remove a superfluous rule.
    - Allow reading of NTP sources in /run/chrony-dhcp/.

  * debian/watch:
    - Make use of special strings.

Date: Tue, 27 Oct 2020 10:55:19 +0100
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/chrony/4.0-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 27 Oct 2020 10:55:19 +0100
Source: chrony
Architecture: source
Version: 4.0-2ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Christian Ehrhardt <christian.ehrhardt at canonical.com>
Closes: 970421
Changes:
 chrony (4.0-2ubuntu1) hirsute; urgency=medium
 .
   * Merge with Debian unstable. Remaining changes:
     - d/chrony.conf: use ubuntu ntp pool and server (LP 1744664 1754358)
     - Set -x as default if unable to set time (e.g. in containers) (LP 1589780)
       Chrony is a single service which acts as both NTP client (i.e. syncing the
       local clock) and NTP server (i.e. providing NTP services to the network),
       and that is both desired and expected in the vast majority of cases.
       But in containers syncing the local clock is usually impossible, but this
       shall not break the providing of NTP services to the network.
       To some extent this makes chrony's default config more similar to 'ntpd',
       which complained in syslog but still provided NTP server service in those
       cases.
       + debian/chrony.service: allow the service to run without CAP_SYS_TIME
       + debian/control: add new dependency libcap2-bin for capsh (usually
         installed anyway, but make them explicit to be sure).
       + debian/chrony.default: new option SYNC_IN_CONTAINER to not fall back
         (Default off) [fixed a minor typo in the comment in this update]
       + debian/chronyd-starter.sh: wrapper to handle special cases in containers
         and if CAP_SYS_TIME is missing. Effectively allows on to run NTP server
         in containers on a default installation and avoid failing to sync time
         (or if allowed to sync, avoid multiple containers to fight over it by
         accident).
       + debian/install: make chrony-starter.sh available on install.
       + debian/docs, debian/README.container: provide documentation about the
         handling of this case.
 .
 chrony (4.0-2) unstable; urgency=medium
 .
   * Merge branch 'experimental' into 'master'.
 .
   * Upload to unstable.
 .
 chrony (4.0-1) experimental; urgency=medium
 .
   * Import upstream version 4.0:
     - This release adds support for the Network Time Security (NTS)
     authentication mechanism (RFC 8915).
     - Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
 .
 chrony (4.0~pre4-2) experimental; urgency=medium
 .
   * debian/postinst:
     - Fix user and group ownership of "/var/lib/chrony" to allow chronyd
     to write in it. This will also fix a regression in the 104-systemdirs
     test.
 .
 chrony (4.0~pre4-1) experimental; urgency=medium
 .
   * Import upstream version 4.0-pre4:
     - Please see /usr/share/doc/chrony/NEWS.gz for the release notes.
 .
   * Merge branch 'master' into experimental. (Closes: #970421)
 .
   * debian/chrony.conf:
     - Use NTP sources from /run/chrony-dhcp.
     - Save NTS keys and cookies in /var/lib/chrony/.
 .
   * debian/chrony-dnssrv at .service:
     - Update "chrony-helper" path.
 .
   * debian/chrony.dhcp:
     - Save NTP servers from DHCP to /run/chrony-dhcp/$interface.sources.
 .
   * debian/chrony.lintian-overrides:
     - Override executable-in-usr-lib for NetworkManager dispatcher scripts.
     - Update NetworkManager dispatcher script name.
 .
   * debian/chrony.ppp.ip-{down,up}:
     - Update PID file path.
 .
   * debian/chrony.service:
     - Update PID file path.
     - Do not run 'chrony-helper update-daemon' after starting chronyd. Not
     needed anymore.
 .
   * debian/control:
     - Build-depend on libgnutls28-dev to support NTS.
     - Build-depend on gnutls-bin for the test suite.
     - Bump debhelper-compat to 13.
 .
   * debian/copyright:
     - Update copyright years.
 .
   * debian/dirs:
     - Remove var/log/chrony as it will be created automatically if it doesn’t
     exist.
 .
   * debian/if-{post-down,up}:
     - Update PID file path.
 .
   * debian/init:
     - Update PID file path.
     - Drop the unnecessary '--remove pidfile' option from the stop target.
     - Do not run 'chrony-helper update-daemon' after starting chronyd. Not
     needed anymore.
 .
   * debian/install:
     - Move "chrony-helper" to "/usr/libexec/chrony".
 .
   * debian/links:
     - Update source and destination filenames.
 .
   * debian/patches/:
     - Drop patches applied upstream.
     - Add nm-dispatcher-dhcp_Move-server_dir-to-run.patch.
 .
   * debian/postinst:
     - Drop migration code from pre-Stretch.
     - Migrate NTP sources obtained from DHCP to /run/chrony-dhcp on upgrade
     from chrony < 4.0~pre4-1.
     - Remove staled PID file when upgrading from chrony < 4.0~pre4-1.
 .
   * debian/rules:
     - Change the default PID file location from /run to /run/chrony.
     - Drop dh_missing --fail-missing. This is the default in debhelper 13.
     - Enable seccomp support by default on riscv64.
     - Update NetworkManager dispatcher script name from 20-chrony to
     20-chrony-onoffline.
     - Add DHCP NetworkManager dispatcher script to allow chronyd to use
     NTP sources obtained from NM's internal DHCP client.
 .
   * debian/tests/:
     - Add some helper functions. Some tests will be updated thereafter
     to use them.
 .
   * debian/tests/time-sources-from-dhcp-servers:
     - Adapt to the new way of using time sources from DHCP.
     - Improve sed invocation.
 .
   * debian/tests/upstream-simulation-test-suite:
     - Update clknetsim version.
     - Cosmetic changes.
 .
   * debian/tests/upstream-system-tests:
     - No need to stop systemd-timesyncd anymore since it is no more
     co-installable with chrony anymore.
 .
   * debian/usr.sbin.chronyd:
     - Update PID file path.
     - Add dac_override and dac_read_search capabilities to give "root" the
     ability to write the PID file in /run/chrony/.
     - Prefix flag definition by "flags=".
     - Sort the capabilities.
     - Grant CAP_NET_RAW capability to allow an NTP socket to be bound to a
     device using the SO_BINDTODEVICE socket option on kernels before 5.7.
     - Add comments regarding capabilities.
     - Let chronyd create /var/l{ib,og}/chrony.
     - Remove a superfluous rule.
     - Allow reading of NTP sources in /run/chrony-dhcp/.
 .
   * debian/watch:
     - Make use of special strings.
Checksums-Sha1:
 4024f72a34499c32bebcb6a000b35b11addb4e60 2485 chrony_4.0-2ubuntu1.dsc
 628340e7ff3311ea5b5a6198bacde2a8b05b6ae4 546939 chrony_4.0.orig.tar.gz
 17c7defb6e01cb5dc32dd9947408da05385631da 39888 chrony_4.0-2ubuntu1.debian.tar.xz
 df8ef8d894dfabd588f76d805455a65a320a0732 7355 chrony_4.0-2ubuntu1_source.buildinfo
Checksums-Sha256:
 a826857f6e021b1932f127d020eca0d7ed304117540f87a1297d92e66962eca1 2485 chrony_4.0-2ubuntu1.dsc
 be27ea14c55e7a4434b2fa51d53018c7051c42fa6a3198c9aa6a1658bae0c625 546939 chrony_4.0.orig.tar.gz
 60f520e3d81de20d9f3383ca877d378bf9aadb767e156bf201dee3b2728d2191 39888 chrony_4.0-2ubuntu1.debian.tar.xz
 f1af881a0f2ba81aad48af91311e733cacf87bf4bc9692709a6142a804e47b06 7355 chrony_4.0-2ubuntu1_source.buildinfo
Files:
 93cafce8cb3b8f8868413b4e95803d0f 2485 net optional chrony_4.0-2ubuntu1.dsc
 30237381f0c6ec51c19a9346d478c80e 546939 net optional chrony_4.0.orig.tar.gz
 f0655a4dcbf6a3eb26a010875fcdff71 39888 net optional chrony_4.0-2ubuntu1.debian.tar.xz
 532d51668b12240cd1ce00b97e393619 7355 net optional chrony_4.0-2ubuntu1_source.buildinfo
Original-Maintainer: Vincent Blut <vincent.debian at free.fr>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEktYY9mjyL47YC+71uj4pM4KAskIFAl+iZhkACgkQuj4pM4KA
skLVrBAAnW+MZrrtkV167V8D2UYsBn90wqcFBWrDSDBNqfLG9chZkoX9Ig05/Q+U
5/pAS/jy/mxNeDFkhhtl4/L991E/WHMqEuN041TuDKUaKPrCoCfeVqC+YK4ACgvW
HznxuwlAaP5DoBa+WPqJy9jVG3kbHzH0kafw7ZwUJM0GUOwmwk4+vM7xGhxefW8C
NKxpzr1y7HgtXyJNh+38vYHy+xDs8fET/DFYZLeAWkKbITuwawHmrcUT6XgC91ZF
kxvP9dsP1LYKUc5bTQV0xr237XOeF2HeEpKo//lAu8rgrwXwWTJ8WDRWO/YtTpVV
GmYoWWF/r+ulwsQ96gBAW7WP0Igi60eTNaIFhOHpXgoK5s5iKVlGZ/IjB6WyqWk9
Bv+I+cKCuwiZocCmQt/pRASehnc9VDHWlGqWwfqC/+b0xUJzz7CrJwEPBBqdHo1l
HCwmsZD+6l9k0nujDD4Atl+zZMgsIQWoFj7nmQvXdjPxOywca0J/Hu6AwER3p6Su
orCtfWWFh4h3eU14IVo4dvzWpTh2Ay/4FkL0W41C84beJdp0rE9q/9gcoS/HHMZY
EHohJjUFos52QQUtD75I9dMtk1fNUCGSDENWMvt0Ja4LLqSUPXxrpmrlxarGDqQx
VBX4V5kJIQ/kwafXp4RDrXxopdmq5Pu+PJ/4aYgQI76az0hT04I=
=tKNd
-----END PGP SIGNATURE-----


More information about the Hirsute-changes mailing list