Merge pull request #102185 from bbigras/chrony

chrony: 3.5.1 -> 4.0
2020-10-31 19:32:29 -05:00 · 2020-10-31 19:32:29 -05:00 · 4e57249fc3
commit 4e57249fc3
parent c1a8104f11 4e6f5a3054
3 changed files with 4 additions and 48 deletions
--- a/pkgs/tools/networking/chrony/allow-clock_adjtime.patch
+++ b/pkgs/tools/networking/chrony/allow-clock_adjtime.patch
@ -1,26 +0,0 @@
 From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001
 From: Miroslav Lichvar <mlichvar@redhat.com>
 Date: Mon, 2 Dec 2019 12:47:13 +0100
 Subject: sys_linux: allow clock_adjtime in seccomp filter
 The adjtimex() function in glibc was switched to the clock_adjtime
 system call.
 diff --git a/sys_linux.c b/sys_linux.c
 index 63eb8f1..fcf89c2 100644
 --- a/sys_linux.c
 +++ b/sys_linux.c
@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
 {
   const int syscalls[] = {
     /* Clock */
 -    SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
 -    SCMP_SYS(settimeofday), SCMP_SYS(time),
 +    SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
 +    SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
     /* Process */
     SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
     SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
 -- 
 cgit v0.10.2
--- a/pkgs/tools/networking/chrony/default.nix
+++ b/pkgs/tools/networking/chrony/default.nix
@ -1,27 +1,22 @@
 { stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr
-, libseccomp, pps-tools }:
+, libseccomp, pps-tools, gnutls }:
 assert stdenv.isLinux -> libcap != null;
 stdenv.mkDerivation rec {
  pname = "chrony";
-  version = "3.5.1";
+  version = "4.0";
  src = fetchurl {
    url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz";
-    sha256 = "19ywl8a3lb2id7lcna5hp2g4pjnfwdc9ihr0fk6i9m45vdq2za0v";
+    sha256 = "09f6w2x5h5kamb4rhcbaz911q1f730qdalgsn8s48yjyqlafl9xy";
  };
  patches = [
    ./allow-clock_adjtime.patch
    ./fix-seccomp-build.patch
  ];
  postPatch = ''
    patchShebangs test
  '';
-  buildInputs = [ readline texinfo nss nspr ]
+  buildInputs = [ readline texinfo nss nspr gnutls ]
    ++ stdenv.lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ];
  nativeBuildInputs = [ pkgconfig ];
--- a/pkgs/tools/networking/chrony/fix-seccomp-build.patch
+++ b/pkgs/tools/networking/chrony/fix-seccomp-build.patch
@ -1,13 +0,0 @@
 diff --git a/sys_linux.c b/sys_linux.c
 index 898dc7a7f75..fcd334ecf03 100644
 --- a/sys_linux.c
 +++ b/sys_linux.c
@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
     SCMP_SYS(socketcall),
     /* General I/O */
     SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
 -    SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
 +    SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
     SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
     /* Miscellaneous */
     SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),