Update net/chrony: enable privilege separation and other minor changes.
- enables privilege separation - removes the build dependency on asciidoctor - removes the runtime dependency on makeinfo and readline - add a runtime dependency on libedit - do not install the HTML documentation (in favour of man pages) - update the post-install message (pkg-message) in light of privilege separation - set the permission of /var/db/chrony to the new "chronyd" user and group PR: 216737 Submitted by: maintainer Approved by: mat (mentor) Differential Revision: https://reviews.freebsd.org/D9570
This commit is contained in:
parent
e6dd86cdc5
commit
5406a63de8
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=434012
2
GIDs
2
GIDs
|
@ -790,7 +790,7 @@ subsonic:*:844:
|
|||
sogod:*:846:
|
||||
domoticz:*:847:
|
||||
graylog:*:848:
|
||||
# free: 849
|
||||
chronyd:*:849:
|
||||
# free: 850
|
||||
# free: 851
|
||||
# free: 852
|
||||
|
|
2
UIDs
2
UIDs
|
@ -795,7 +795,7 @@ subsonic:*:844:844::0:0:Subsonic standalone-server:/nonexistent:/usr/sbin/nologi
|
|||
sogod:*:846:846::0:0:SOGo groupware:/nonexistent:/usr/sbin/nologin
|
||||
domoticz:*:847:847::0:0:domoticz user:/nonexistent:/usr/sbin/nologin
|
||||
graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin
|
||||
# free: 849
|
||||
chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
|
||||
# free: 850
|
||||
# free: 851
|
||||
# free: 852
|
||||
|
|
|
@ -12,23 +12,24 @@ COMMENT= System clock synchronization client and server
|
|||
LICENSE= GPLv2
|
||||
LICENSE_FILE= ${WRKSRC}/COPYING
|
||||
|
||||
BUILD_DEPENDS= rubygem-asciidoctor>=0:textproc/rubygem-asciidoctor
|
||||
USERS= chronyd
|
||||
GROUPS= chronyd
|
||||
|
||||
USES= cpe gmake makeinfo readline
|
||||
USES= cpe gmake libedit
|
||||
CPE_VENDOR= tuxfamily
|
||||
HAS_CONFIGURE= yes
|
||||
CONFIGURE_ARGS= --prefix=${PREFIX} \
|
||||
--chronyvardir=/var/db/${PORTNAME} \
|
||||
--infodir=${PREFIX}/info \
|
||||
--sysconfdir=${PREFIX}/etc --mandir=${MANPREFIX}/man \
|
||||
--datarootdir=${DATADIR} --docdir=${DOCSDIR}
|
||||
--datarootdir=${DATADIR} --docdir=${DOCSDIR} \
|
||||
--with-user=chronyd
|
||||
LDFLAGS+= -L${LOCALBASE}/lib
|
||||
USE_RC_SUBR= chronyd
|
||||
|
||||
ALL_TARGET= all docs
|
||||
INSTALL_TARGET= install install-docs
|
||||
EXTRAPORTDOCS= FAQ NEWS README
|
||||
PORTDOCS= chrony.conf.html chronyc.html chronyd.html faq.html \
|
||||
installation.html ${EXTRAPORTDOCS}
|
||||
ALL_TARGET= all
|
||||
INSTALL_TARGET= install
|
||||
PORTDOCS= FAQ NEWS README
|
||||
PORTEXAMPLES= chrony.conf.example1 chrony.conf.example2 \
|
||||
chrony.conf.example3 chrony.keys.example
|
||||
|
||||
|
@ -46,7 +47,8 @@ BROKEN_aarch64= Fails to compile: invalid operands to binary expression (double
|
|||
post-install:
|
||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/chronyc
|
||||
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/chronyd
|
||||
${INSTALL_DATA} ${EXTRAPORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
|
||||
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
||||
${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
|
||||
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
|
||||
${INSTALL_DATA} ${PORTEXAMPLES:S,^,${WRKSRC}/examples/,} \
|
||||
${STAGEDIR}${EXAMPLESDIR}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
Unfortunately, this software has shameful history of several vulnerabilities
|
||||
previously discovered. FreeBSD Project cannot guarantee that this spree had
|
||||
come to an end. It is further complicated, as chronyd(8) requires superuser
|
||||
permissions to operate; please type ``make deinstall'' to deinstall the port
|
||||
come to an end. Please type ``pkg delete chrony'' to deinstall the port
|
||||
if tight security is a concern.
|
||||
|
|
|
@ -4,4 +4,4 @@ man/man1/chronyc.1.gz
|
|||
man/man5/chrony.conf.5.gz
|
||||
man/man8/chronyd.8.gz
|
||||
sbin/chronyd
|
||||
@dir /var/db/chrony
|
||||
@dir(chronyd,chronyd) /var/db/chrony
|
||||
|
|
Loading…
Reference in New Issue
Block a user