From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D866513835A for ; Mon, 8 Feb 2021 14:54:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2499FE091B; Mon, 8 Feb 2021 14:54:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 0C4B7E091B for ; Mon, 8 Feb 2021 14:54:18 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D19FF340D00 for ; Mon, 8 Feb 2021 14:54:16 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 258D64CA for ; Mon, 8 Feb 2021 14:54:14 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1612796042.9a5c393d884d5e20f95097feca7f98a3499639e6.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: net-misc/chrony/ X-VCS-Repository: repo/gentoo X-VCS-Files: net-misc/chrony/chrony-4.0-r1.ebuild net-misc/chrony/chrony-9999.ebuild X-VCS-Directories: net-misc/chrony/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 9a5c393d884d5e20f95097feca7f98a3499639e6 X-VCS-Branch: master Date: Mon, 8 Feb 2021 14:54:14 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 7790c868-f6da-4586-8974-9b1fc0de885e X-Archives-Hash: 07b0dfa448615c08c23a15f43a13e09c commit: 9a5c393d884d5e20f95097feca7f98a3499639e6 Author: Sam James gentoo org> AuthorDate: Mon Feb 8 14:10:07 2021 +0000 Commit: Sam James gentoo org> CommitDate: Mon Feb 8 14:54:02 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a5c393d net-misc/chrony: add note re changes on USE=seccomp install Users must enable seccomp manually for now at runtime. Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James gentoo.org> net-misc/chrony/chrony-4.0-r1.ebuild | 15 ++++++++++++++- net-misc/chrony/chrony-9999.ebuild | 15 ++++++++++++++- 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/net-misc/chrony/chrony-4.0-r1.ebuild b/net-misc/chrony/chrony-4.0-r1.ebuild index e0333b6483f..d663e9cb680 100644 --- a/net-misc/chrony/chrony-4.0-r1.ebuild +++ b/net-misc/chrony/chrony-4.0-r1.ebuild @@ -173,10 +173,16 @@ src_install() { pkg_preinst() { HAD_CAPS=false + HAD_SECCOMP=false - if has_version 'net-misc/chrony[caps]'; then + if has_version 'net-misc/chrony[caps]' ; then HAD_CAPS=true fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=true + fi + } pkg_postinst() { @@ -187,4 +193,11 @@ pkg_postinst() { ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" fi + + if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then + elog "To enable seccomp in enforcing mode, please modify:" + elog "- /etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)" + fi } diff --git a/net-misc/chrony/chrony-9999.ebuild b/net-misc/chrony/chrony-9999.ebuild index e0333b6483f..d663e9cb680 100644 --- a/net-misc/chrony/chrony-9999.ebuild +++ b/net-misc/chrony/chrony-9999.ebuild @@ -173,10 +173,16 @@ src_install() { pkg_preinst() { HAD_CAPS=false + HAD_SECCOMP=false - if has_version 'net-misc/chrony[caps]'; then + if has_version 'net-misc/chrony[caps]' ; then HAD_CAPS=true fi + + if has_version 'net-misc/chrony[seccomp]' ; then + HAD_SECCOMP=true + fi + } pkg_postinst() { @@ -187,4 +193,11 @@ pkg_postinst() { ewarn "e.g. chown -R ntp:ntp ${EROOT}/var/{lib,log}/chrony" ewarn "This is necessary for chrony to drop privileges" fi + + if [[ ! ${HAD_SECCOMP} ]] && use seccomp ; then + elog "To enable seccomp in enforcing mode, please modify:" + elog "- /etc/conf.d/chronyd for OpenRC" + elog "- systemctl edit chronyd for systemd" + elog "to use -F 1 or -F -1 instead of -F 0 (see man chronyd)" + fi }