svn commit: r434012 - in head: . net/chrony
Kirill Ponomarew
krion at FreeBSD.org
Mon Feb 13 18:05:36 UTC 2017
Author: krion
Date: Mon Feb 13 18:05:34 2017
New Revision: 434012
URL: https://svnweb.freebsd.org/changeset/ports/434012
Log:
Update net/chrony: enable privilege separation and other minor changes.
- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group
PR: 216737
Submitted by: maintainer
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D9570
Modified:
head/GIDs
head/UIDs
head/net/chrony/Makefile
head/net/chrony/pkg-message
head/net/chrony/pkg-plist
Modified: head/GIDs
==============================================================================
--- head/GIDs Mon Feb 13 18:00:21 2017 (r434011)
+++ head/GIDs Mon Feb 13 18:05:34 2017 (r434012)
@@ -790,7 +790,7 @@ subsonic:*:844:
sogod:*:846:
domoticz:*:847:
graylog:*:848:
-# free: 849
+chronyd:*:849:
# free: 850
# free: 851
# free: 852
Modified: head/UIDs
==============================================================================
--- head/UIDs Mon Feb 13 18:00:21 2017 (r434011)
+++ head/UIDs Mon Feb 13 18:05:34 2017 (r434012)
@@ -795,7 +795,7 @@ subsonic:*:844:844::0:0:Subsonic standal
sogod:*:846:846::0:0:SOGo groupware:/nonexistent:/usr/sbin/nologin
domoticz:*:847:847::0:0:domoticz user:/nonexistent:/usr/sbin/nologin
graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin
-# free: 849
+chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
# free: 850
# free: 851
# free: 852
Modified: head/net/chrony/Makefile
==============================================================================
--- head/net/chrony/Makefile Mon Feb 13 18:00:21 2017 (r434011)
+++ head/net/chrony/Makefile Mon Feb 13 18:05:34 2017 (r434012)
@@ -12,23 +12,24 @@ COMMENT= System clock synchronization cl
LICENSE= GPLv2
LICENSE_FILE= ${WRKSRC}/COPYING
-BUILD_DEPENDS= rubygem-asciidoctor>=0:textproc/rubygem-asciidoctor
+USERS= chronyd
+GROUPS= chronyd
-USES= cpe gmake makeinfo readline
+USES= cpe gmake libedit
CPE_VENDOR= tuxfamily
HAS_CONFIGURE= yes
CONFIGURE_ARGS= --prefix=${PREFIX} \
--chronyvardir=/var/db/${PORTNAME} \
--infodir=${PREFIX}/info \
--sysconfdir=${PREFIX}/etc --mandir=${MANPREFIX}/man \
- --datarootdir=${DATADIR} --docdir=${DOCSDIR}
+ --datarootdir=${DATADIR} --docdir=${DOCSDIR} \
+ --with-user=chronyd
+LDFLAGS+= -L${LOCALBASE}/lib
USE_RC_SUBR= chronyd
-ALL_TARGET= all docs
-INSTALL_TARGET= install install-docs
-EXTRAPORTDOCS= FAQ NEWS README
-PORTDOCS= chrony.conf.html chronyc.html chronyd.html faq.html \
- installation.html ${EXTRAPORTDOCS}
+ALL_TARGET= all
+INSTALL_TARGET= install
+PORTDOCS= FAQ NEWS README
PORTEXAMPLES= chrony.conf.example1 chrony.conf.example2 \
chrony.conf.example3 chrony.keys.example
@@ -46,7 +47,8 @@ BROKEN_aarch64= Fails to compile: inval
post-install:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/chronyc
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/chronyd
- ${INSTALL_DATA} ${EXTRAPORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
${INSTALL_DATA} ${PORTEXAMPLES:S,^,${WRKSRC}/examples/,} \
${STAGEDIR}${EXAMPLESDIR}
Modified: head/net/chrony/pkg-message
==============================================================================
--- head/net/chrony/pkg-message Mon Feb 13 18:00:21 2017 (r434011)
+++ head/net/chrony/pkg-message Mon Feb 13 18:05:34 2017 (r434012)
@@ -1,5 +1,4 @@
Unfortunately, this software has shameful history of several vulnerabilities
previously discovered. FreeBSD Project cannot guarantee that this spree had
-come to an end. It is further complicated, as chronyd(8) requires superuser
-permissions to operate; please type ``make deinstall'' to deinstall the port
+come to an end. Please type ``pkg delete chrony'' to deinstall the port
if tight security is a concern.
Modified: head/net/chrony/pkg-plist
==============================================================================
--- head/net/chrony/pkg-plist Mon Feb 13 18:00:21 2017 (r434011)
+++ head/net/chrony/pkg-plist Mon Feb 13 18:05:34 2017 (r434012)
@@ -4,4 +4,4 @@ man/man1/chronyc.1.gz
man/man5/chrony.conf.5.gz
man/man8/chronyd.8.gz
sbin/chronyd
- at dir /var/db/chrony
+ at dir(chronyd,chronyd) /var/db/chrony
More information about the svn-ports-all
mailing list