|Summary:||net/chrony: enable privilege separation and other changes|
|Product:||Ports & Packages||Reporter:||Yonas Yanfa <yonas>|
|Component:||Individual Port(s)||Assignee:||Kirill Ponomarev <krion>|
|Severity:||Affects Only Me|
Description Yonas Yanfa 2017-02-02 20:28:06 UTC
Created attachment 179543 [details] Updates to the chrony port Miroslav Lichvar and I have worked on a patch that does the following: - enables privilege separation - removes the build dependency on asciidoctor - removes the runtime dependency on makeinfo and readline - adds a runtime dependency on libedit - does not install the HTML documentation (in favour of man pages) - updates the post-install message (pkg-message) in light of privilege separation - sets the permission of /var/db/chrony to the new "chronyd" user and group We need to add the following to /usr/ports/UIDs: chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin and the following to /usr/ports/GIDS: chronyd:*:849: I chose UID/GUID 849 because it was not being used.
Comment 1 Kirill Ponomarev 2017-02-03 07:13:18 UTC
Comment 2 Kirill Ponomarev 2017-02-05 20:34:53 UTC
Seems like patch for Makefile is broken, please re-check it: patch -C < /tmp/krion/freebsd/216737/patch Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |diff --git a/Makefile b/Makefile |index ebd9a2b..180f388 100644 |--- a/Makefile |+++ b/Makefile -------------------------- Patching file Makefile using Plan A... Hunk #1 failed at 12. Hunk #2 failed at 46. 2 out of 2 hunks failed while patching Makefile Hmm... The next patch looks like a unified diff to me... The text leading up to this was:
Comment 3 Kirill Ponomarev 2017-02-09 10:55:28 UTC
Any progress with new patch?
Comment 4 Yonas Yanfa 2017-02-10 16:32:57 UTC
Created attachment 179836 [details] Fix broken patch. Thanks, Miroslav has composed a second attempt for this patch. I've attached it here.
Comment 5 Kirill Ponomarev 2017-02-12 13:46:10 UTC
Please, note that removing makeinfo and readline breaks the build: http://krion.cc/data/12amd64-default/2017-02-12_14h43m53s/logs/errors/chrony-3.0_1.log I would put them both back.
Comment 6 Kirill Ponomarev 2017-02-12 13:46:41 UTC
(In reply to Kirill Ponomarew from comment #5) While putting both dependencies back, resolve the problem with build
Comment 7 Yonas Yanfa 2017-02-12 13:49:30 UTC
Thanks Kirill, instead of putting them back in, can you try adding "USES=libedit" to the Makefile, as suggested by the error log output?
Comment 8 Kirill Ponomarev 2017-02-12 13:51:02 UTC
(In reply to Yonas Yanfa from comment #7) Yes, I've used: USES= cpe gmake libedit
Comment 9 Yonas Yanfa 2017-02-13 14:25:19 UTC
Created attachment 179948 [details] Fix LDFLAGS Here's another patch from Miroslav that fixes LDFLAGs so that we link to libedit in /usr/local/lib instead of /lib.
Comment 10 commit-hook 2017-02-13 18:06:23 UTC
A commit references this bug: Author: krion Date: Mon Feb 13 18:05:35 UTC 2017 New revision: 434012 URL: https://svnweb.freebsd.org/changeset/ports/434012 Log: Update net/chrony: enable privilege separation and other minor changes. - enables privilege separation - removes the build dependency on asciidoctor - removes the runtime dependency on makeinfo and readline - add a runtime dependency on libedit - do not install the HTML documentation (in favour of man pages) - update the post-install message (pkg-message) in light of privilege separation - set the permission of /var/db/chrony to the new "chronyd" user and group PR: 216737 Submitted by: maintainer Approved by: mat (mentor) Differential Revision: https://reviews.freebsd.org/D9570 Changes: head/GIDs head/UIDs head/net/chrony/Makefile head/net/chrony/pkg-message head/net/chrony/pkg-plist