From owner-svn-ports-head@freebsd.org  Mon Feb 13 18:05:36 2017
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48F42CDD27A;
 Mon, 13 Feb 2017 18:05:36 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 1600C1FFF;
 Mon, 13 Feb 2017 18:05:36 +0000 (UTC)
 (envelope-from krion@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v1DI5ZZW072699;
 Mon, 13 Feb 2017 18:05:35 GMT (envelope-from krion@FreeBSD.org)
Received: (from krion@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v1DI5Ys7072694;
 Mon, 13 Feb 2017 18:05:34 GMT (envelope-from krion@FreeBSD.org)
Message-Id: <201702131805.v1DI5Ys7072694@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: krion set sender to
 krion@FreeBSD.org using -f
From: Kirill Ponomarew <krion@FreeBSD.org>
Date: Mon, 13 Feb 2017 18:05:34 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r434012 - in head: . net/chrony
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 18:05:36 -0000

Author: krion
Date: Mon Feb 13 18:05:34 2017
New Revision: 434012
URL: https://svnweb.freebsd.org/changeset/ports/434012

Log:
  Update net/chrony: enable privilege separation and other minor changes.
  
  - enables privilege separation
  - removes the build dependency on asciidoctor
  - removes the runtime dependency on makeinfo and readline
  - add a runtime dependency on libedit
  - do not install the HTML documentation (in favour of man pages)
  - update the post-install message (pkg-message) in light of privilege separation
  - set the permission of /var/db/chrony to the new "chronyd" user and group
  
  PR:		216737
  Submitted by:	maintainer
  Approved by:	mat (mentor)
  Differential Revision:	https://reviews.freebsd.org/D9570

Modified:
  head/GIDs
  head/UIDs
  head/net/chrony/Makefile
  head/net/chrony/pkg-message
  head/net/chrony/pkg-plist

Modified: head/GIDs
==============================================================================
--- head/GIDs	Mon Feb 13 18:00:21 2017	(r434011)
+++ head/GIDs	Mon Feb 13 18:05:34 2017	(r434012)
@@ -790,7 +790,7 @@ subsonic:*:844:
 sogod:*:846:
 domoticz:*:847:
 graylog:*:848:
-# free: 849
+chronyd:*:849:
 # free: 850
 # free: 851
 # free: 852

Modified: head/UIDs
==============================================================================
--- head/UIDs	Mon Feb 13 18:00:21 2017	(r434011)
+++ head/UIDs	Mon Feb 13 18:05:34 2017	(r434012)
@@ -795,7 +795,7 @@ subsonic:*:844:844::0:0:Subsonic standal
 sogod:*:846:846::0:0:SOGo groupware:/nonexistent:/usr/sbin/nologin
 domoticz:*:847:847::0:0:domoticz user:/nonexistent:/usr/sbin/nologin
 graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin
-# free: 849
+chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
 # free: 850
 # free: 851
 # free: 852

Modified: head/net/chrony/Makefile
==============================================================================
--- head/net/chrony/Makefile	Mon Feb 13 18:00:21 2017	(r434011)
+++ head/net/chrony/Makefile	Mon Feb 13 18:05:34 2017	(r434012)
@@ -12,23 +12,24 @@ COMMENT=	System clock synchronization cl
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 
-BUILD_DEPENDS=	rubygem-asciidoctor>=0:textproc/rubygem-asciidoctor
+USERS=		chronyd
+GROUPS=		chronyd
 
-USES=		cpe gmake makeinfo readline
+USES=		cpe gmake libedit
 CPE_VENDOR=	tuxfamily
 HAS_CONFIGURE=	yes
 CONFIGURE_ARGS=	--prefix=${PREFIX} \
 		--chronyvardir=/var/db/${PORTNAME} \
 		--infodir=${PREFIX}/info \
 		--sysconfdir=${PREFIX}/etc --mandir=${MANPREFIX}/man \
-		--datarootdir=${DATADIR} --docdir=${DOCSDIR}
+		--datarootdir=${DATADIR} --docdir=${DOCSDIR} \
+		--with-user=chronyd
+LDFLAGS+=	-L${LOCALBASE}/lib
 USE_RC_SUBR=	chronyd
 
-ALL_TARGET=	all docs
-INSTALL_TARGET=	install install-docs
-EXTRAPORTDOCS=	FAQ NEWS README
-PORTDOCS=	chrony.conf.html chronyc.html chronyd.html faq.html \
-		installation.html ${EXTRAPORTDOCS}
+ALL_TARGET=	all
+INSTALL_TARGET=	install
+PORTDOCS=	FAQ NEWS README
 PORTEXAMPLES=	chrony.conf.example1 chrony.conf.example2 \
 		chrony.conf.example3 chrony.keys.example
 
@@ -46,7 +47,8 @@ BROKEN_aarch64=		Fails to compile: inval
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/chronyc
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/chronyd
-	${INSTALL_DATA} ${EXTRAPORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	${INSTALL_DATA} ${PORTEXAMPLES:S,^,${WRKSRC}/examples/,} \
 		${STAGEDIR}${EXAMPLESDIR}

Modified: head/net/chrony/pkg-message
==============================================================================
--- head/net/chrony/pkg-message	Mon Feb 13 18:00:21 2017	(r434011)
+++ head/net/chrony/pkg-message	Mon Feb 13 18:05:34 2017	(r434012)
@@ -1,5 +1,4 @@
 Unfortunately, this software has shameful history of several vulnerabilities
 previously discovered.  FreeBSD Project cannot guarantee that this spree had
-come to an end.  It is further complicated, as chronyd(8) requires superuser
-permissions to operate; please type ``make deinstall'' to deinstall the port
+come to an end.  Please type ``pkg delete chrony'' to deinstall the port
 if tight security is a concern.

Modified: head/net/chrony/pkg-plist
==============================================================================
--- head/net/chrony/pkg-plist	Mon Feb 13 18:00:21 2017	(r434011)
+++ head/net/chrony/pkg-plist	Mon Feb 13 18:05:34 2017	(r434012)
@@ -4,4 +4,4 @@ man/man1/chronyc.1.gz
 man/man5/chrony.conf.5.gz
 man/man8/chronyd.8.gz
 sbin/chronyd
-@dir /var/db/chrony
+@dir(chronyd,chronyd) /var/db/chrony