Date: Mon, 13 Feb 2017 18:05:34 +0000 (UTC) From: Kirill Ponomarew <krion@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r434012 - in head: . net/chrony Message-ID: <201702131805.v1DI5Ys7072694@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: krion Date: Mon Feb 13 18:05:34 2017 New Revision: 434012 URL: https://svnweb.freebsd.org/changeset/ports/434012 Log: Update net/chrony: enable privilege separation and other minor changes. - enables privilege separation - removes the build dependency on asciidoctor - removes the runtime dependency on makeinfo and readline - add a runtime dependency on libedit - do not install the HTML documentation (in favour of man pages) - update the post-install message (pkg-message) in light of privilege separation - set the permission of /var/db/chrony to the new "chronyd" user and group PR: 216737 Submitted by: maintainer Approved by: mat (mentor) Differential Revision: https://reviews.freebsd.org/D9570 Modified: head/GIDs head/UIDs head/net/chrony/Makefile head/net/chrony/pkg-message head/net/chrony/pkg-plist Modified: head/GIDs ============================================================================== --- head/GIDs Mon Feb 13 18:00:21 2017 (r434011) +++ head/GIDs Mon Feb 13 18:05:34 2017 (r434012) @@ -790,7 +790,7 @@ subsonic:*:844: sogod:*:846: domoticz:*:847: graylog:*:848: -# free: 849 +chronyd:*:849: # free: 850 # free: 851 # free: 852 Modified: head/UIDs ============================================================================== --- head/UIDs Mon Feb 13 18:00:21 2017 (r434011) +++ head/UIDs Mon Feb 13 18:05:34 2017 (r434012) @@ -795,7 +795,7 @@ subsonic:*:844:844::0:0:Subsonic standal sogod:*:846:846::0:0:SOGo groupware:/nonexistent:/usr/sbin/nologin domoticz:*:847:847::0:0:domoticz user:/nonexistent:/usr/sbin/nologin graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin -# free: 849 +chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin # free: 850 # free: 851 # free: 852 Modified: head/net/chrony/Makefile ============================================================================== --- head/net/chrony/Makefile Mon Feb 13 18:00:21 2017 (r434011) +++ head/net/chrony/Makefile Mon Feb 13 18:05:34 2017 (r434012) @@ -12,23 +12,24 @@ COMMENT= System clock synchronization cl LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING -BUILD_DEPENDS= rubygem-asciidoctor>=0:textproc/rubygem-asciidoctor +USERS= chronyd +GROUPS= chronyd -USES= cpe gmake makeinfo readline +USES= cpe gmake libedit CPE_VENDOR= tuxfamily HAS_CONFIGURE= yes CONFIGURE_ARGS= --prefix=${PREFIX} \ --chronyvardir=/var/db/${PORTNAME} \ --infodir=${PREFIX}/info \ --sysconfdir=${PREFIX}/etc --mandir=${MANPREFIX}/man \ - --datarootdir=${DATADIR} --docdir=${DOCSDIR} + --datarootdir=${DATADIR} --docdir=${DOCSDIR} \ + --with-user=chronyd +LDFLAGS+= -L${LOCALBASE}/lib USE_RC_SUBR= chronyd -ALL_TARGET= all docs -INSTALL_TARGET= install install-docs -EXTRAPORTDOCS= FAQ NEWS README -PORTDOCS= chrony.conf.html chronyc.html chronyd.html faq.html \ - installation.html ${EXTRAPORTDOCS} +ALL_TARGET= all +INSTALL_TARGET= install +PORTDOCS= FAQ NEWS README PORTEXAMPLES= chrony.conf.example1 chrony.conf.example2 \ chrony.conf.example3 chrony.keys.example @@ -46,7 +47,8 @@ BROKEN_aarch64= Fails to compile: inval post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/chronyc ${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/chronyd - ${INSTALL_DATA} ${EXTRAPORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR} @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} ${INSTALL_DATA} ${PORTEXAMPLES:S,^,${WRKSRC}/examples/,} \ ${STAGEDIR}${EXAMPLESDIR} Modified: head/net/chrony/pkg-message ============================================================================== --- head/net/chrony/pkg-message Mon Feb 13 18:00:21 2017 (r434011) +++ head/net/chrony/pkg-message Mon Feb 13 18:05:34 2017 (r434012) @@ -1,5 +1,4 @@ Unfortunately, this software has shameful history of several vulnerabilities previously discovered. FreeBSD Project cannot guarantee that this spree had -come to an end. It is further complicated, as chronyd(8) requires superuser -permissions to operate; please type ``make deinstall'' to deinstall the port +come to an end. Please type ``pkg delete chrony'' to deinstall the port if tight security is a concern. Modified: head/net/chrony/pkg-plist ============================================================================== --- head/net/chrony/pkg-plist Mon Feb 13 18:00:21 2017 (r434011) +++ head/net/chrony/pkg-plist Mon Feb 13 18:05:34 2017 (r434012) @@ -4,4 +4,4 @@ man/man1/chronyc.1.gz man/man5/chrony.conf.5.gz man/man8/chronyd.8.gz sbin/chronyd -@dir /var/db/chrony +@dir(chronyd,chronyd) /var/db/chrony
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201702131805.v1DI5Ys7072694>