From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1167046-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 33406138351
	for <garchives@archives.gentoo.org>; Sat,  2 May 2020 10:43:46 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CD318E096E;
	Sat,  2 May 2020 10:43:43 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id B3C1FE096E
	for <gentoo-commits@lists.gentoo.org>; Sat,  2 May 2020 10:43:43 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 53F2934F131
	for <gentoo-commits@lists.gentoo.org>; Sat,  2 May 2020 10:43:42 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 7E456204
	for <gentoo-commits@lists.gentoo.org>; Sat,  2 May 2020 10:43:40 +0000 (UTC)
From: "Thomas Deutschmann" <whissi@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Thomas Deutschmann" <whissi@gentoo.org>
Message-ID: <1588416208.87242b6f6a92328671131779c43e8f14c64f4252.whissi@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-misc/chrony/chrony-9999.ebuild
X-VCS-Directories: net-misc/chrony/
X-VCS-Committer: whissi
X-VCS-Committer-Name: Thomas Deutschmann
X-VCS-Revision: 87242b6f6a92328671131779c43e8f14c64f4252
X-VCS-Branch: master
Date: Sat,  2 May 2020 10:43:40 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 33fd26e6-5f44-4eaf-8dde-593d1a1b90b8
X-Archives-Hash: 09eba5382bbac5cfb09c7a47b9d7b42c

commit:     87242b6f6a92328671131779c43e8f14c64f4252
Author:     Sam James (sam_c) <sam <AT> cmpct <DOT> info>
AuthorDate: Mon Apr 20 11:44:57 2020 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat May  2 10:43:28 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87242b6f

net-misc/chrony: Sync live ebuild with caps changes

This includes the permission fixes from efd09f68d, added to
the 9999 ebuild.

This should conclude the caps fixes.

Signed-off-by: Sam James (sam_c) <sam <AT> cmpct.info>
Closes: https://github.com/gentoo/gentoo/pull/15547
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 net-misc/chrony/chrony-9999.ebuild | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild
index 8d8758fa5c6..06eeb9fa032 100644
--- a/net-misc/chrony/chrony-9999.ebuild
+++ b/net-misc/chrony/chrony-9999.ebuild
@@ -20,14 +20,13 @@ REQUIRED_USE="
 "
 
 CDEPEND="
-	caps? ( sys-libs/libcap )
+	caps? ( acct-group/ntp acct-user/ntp sys-libs/libcap )
 	libedit? ( dev-libs/libedit )
 	readline? ( >=sys-libs/readline-4.1-r4:= )
 	seccomp? ( sys-libs/libseccomp )
 "
 DEPEND="
 	${CDEPEND}
-	caps? ( acct-group/ntp acct-user/ntp )
 	dev-ruby/asciidoctor
 	pps? ( net-misc/pps-tools )
 "
@@ -135,6 +134,13 @@ src_install() {
 
 	keepdir /var/{lib,log}/chrony
 
+	if use caps; then
+		# Prepare a directory for the chrony.drift file (a la ntpsec)
+		# Ensures the environment is sane on new installs
+		fowners ntp:ntp /var/{lib,log}/chrony
+		fperms 770 /var/lib/chrony
+	fi
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/chrony-2.4-r1.logrotate chrony
 
@@ -143,6 +149,20 @@ src_install() {
 	systemd_enable_ntpunit 50-chrony chronyd.service
 }
 
+pkg_preinst() {
+	HAD_CAPS=false
+
+	if has_version 'net-misc/chrony[caps]'; then
+		HAD_CAPS=true
+	fi
+}
+
 pkg_postinst() {
 	tmpfiles_process chronyd.conf
+
+	if use caps && ! ${HAD_CAPS}; then
+		ewarn "Please adjust permissions on ${EROOT}/var/{lib,log}/chrony to be owned by ntp:ntp"
+		ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony"
+		ewarn "This is necessary for chrony to drop privileges"
+	fi
 }