From a87107cfff01e74e3519624360dbd72a60a1fdd9 Mon Sep 17 00:00:00 2001 From: Sam James Date: Thu, 10 Jun 2021 21:09:31 +0000 Subject: net-misc/ntpsec: add seccomp patch from upstream Closes: https://bugs.gentoo.org/786228 Closes: https://bugs.gentoo.org/705128 Signed-off-by: Sam James --- net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch | 19 +++ net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild | 167 ---------------------- net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild | 168 +++++++++++++++++++++++ 3 files changed, 187 insertions(+), 167 deletions(-) create mode 100644 net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch delete mode 100644 net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild create mode 100644 net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild diff --git a/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch new file mode 100644 index 000000000000..e4dc47f19cc6 --- /dev/null +++ b/net-misc/ntpsec/files/ntpsec-1.2.0-seccomp.patch @@ -0,0 +1,19 @@ +https://bugs.gentoo.org/705128 +--- a/ntpd/ntp_sandbox.c ++++ b/ntpd/ntp_sandbox.c +@@ -463,6 +463,15 @@ int scmp_sc[] = { + SCMP_SYS(send), + SCMP_SYS(stat64), + #endif ++#if defined(__arm__) ++ SCMP_SYS(statx), ++#endif ++#if defined(__riscv32__) ++ SCMP_SYS(faccessat), ++#endif ++#if defined(__aarch64__) ++ SCMP_SYS(syscall); ++#endif + }; + { + for (unsigned int i = 0; i < COUNTOF(scmp_sc); i++) { diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild b/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild deleted file mode 100644 index b303b583ef90..000000000000 --- a/net-misc/ntpsec/ntpsec-1.2.0-r1.ebuild +++ /dev/null @@ -1,167 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PYTHON_COMPAT=( python3_{6..9} ) -PYTHON_REQ_USE='threads(+)' -DISTUTILS_USE_SETUPTOOLS=no - -inherit distutils-r1 flag-o-matic waf-utils systemd - -if [[ ${PV} == *9999* ]]; then - inherit git-r3 - EGIT_REPO_URI="https://gitlab.com/NTPsec/ntpsec.git" -else - SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${PN}-${PV}.tar.gz" - RESTRICT="mirror" - KEYWORDS="amd64 arm arm64 ~x86" -fi - -DESCRIPTION="The NTP reference implementation, refactored" -HOMEPAGE="https://www.ntpsec.org/" - -NTPSEC_REFCLOCK=( - oncore trimble truetime gpsd jjy generic spectracom - shm pps hpgps zyfer arbiter nmea neoclock modem - local) - -IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_} - -LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0" -SLOT="0" -IUSE="${IUSE_NTPSEC_REFCLOCK} debug doc early gdb heat libbsd nist ntpviz samba seccomp smear tests" #ionice -REQUIRED_USE="${PYTHON_REQUIRED_USE} nist? ( rclock_local )" - -# net-misc/pps-tools oncore,pps -CDEPEND="${PYTHON_DEPS} - sys-libs/libcap - dev-python/psutil[${PYTHON_USEDEP}] - libbsd? ( dev-libs/libbsd:0= ) - dev-libs/openssl:0= - seccomp? ( sys-libs/libseccomp ) -" -RDEPEND="${CDEPEND} - ntpviz? ( sci-visualization/gnuplot media-fonts/liberation-fonts ) - !net-misc/ntp - !net-misc/openntpd - acct-group/ntp - acct-user/ntp -" -DEPEND="${CDEPEND} - >=app-text/asciidoc-8.6.8 - dev-libs/libxslt - app-text/docbook-xsl-stylesheets - sys-devel/bison - rclock_oncore? ( net-misc/pps-tools ) - rclock_pps? ( net-misc/pps-tools ) -" - -PATCHES=( - "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch" - "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" - "${FILESDIR}/${PN}-1.2.0-move-newfstatat.patch" -) - -WAF_BINARY="${S}/waf" - -src_prepare() { - default - # Remove autostripping of binaries - sed -i -e '/Strip binaries/d' wscript || die - if ! use libbsd ; then - eapply "${FILESDIR}/${PN}-no-bsd.patch" - fi - # remove extra default pool servers - sed -i '/use-pool/s/^/#/' "${S}"/etc/ntp.d/default.conf || die - - python_copy_sources -} - -src_configure() { - is-flagq -flto* && filter-flags -flto* -fuse-linker-plugin - - local string_127="" - local rclocks=""; - local CLOCKSTRING="" - - for refclock in ${NTPSEC_REFCLOCK[@]} ; do - if use rclock_${refclock} ; then - string_127+="$refclock," - fi - done - CLOCKSTRING="`echo ${string_127}|sed 's|,$||'`" - - local myconf=( - --nopyc - --nopyo - --enable-pylib ext - --refclock="${CLOCKSTRING}" - --build-epoch="$(date +%s)" - $(use doc || echo "--disable-doc") - $(use early && echo "--enable-early-droproot") - $(use gdb && echo "--enable-debug-gdb") - $(use samba && echo "--enable-mssntp") - $(use seccomp && echo "--enable-seccomp") - $(use smear && echo "--enable-leap-smear") - $(use tests && echo "--alltests") - $(use debug && echo "--enable-debug") - ) - - python_configure() { - waf-utils_src_configure "${myconf[@]}" - } - python_foreach_impl run_in_build_dir python_configure -} - -src_compile() { - unset MAKEOPTS - python_compile() { - waf-utils_src_compile - } - python_foreach_impl run_in_build_dir python_compile -} - -src_install() { - python_install() { - waf-utils_src_install - python_fix_shebang "${ED}" - } - python_foreach_impl run_in_build_dir python_install - python_foreach_impl python_optimize - - # Install heat generating scripts - use heat && dosbin "${S}"/contrib/ntpheat{,usb} - - # Install the openrc files - newinitd "${FILESDIR}"/ntpd.rc-r2 ntp - newconfd "${FILESDIR}"/ntpd.confd ntp - - # Install the systemd unit file - systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service - - # Prepare a directory for the ntp.drift file - mkdir -pv "${ED}"/var/lib/ntp - chown ntp:ntp "${ED}"/var/lib/ntp - chmod 770 "${ED}"/var/lib/ntp - keepdir /var/lib/ntp - - # Install a log rotate script - mkdir -pv "${ED}"/etc/logrotate.d - cp -v "${S}"/etc/logrotate-config.ntpd "${ED}"/etc/logrotate.d/ntpd - - # Install the configuration file and sample configuration - cp -v "${FILESDIR}"/ntp.conf "${ED}"/etc/ntp.conf - cp -Rv "${S}"/etc/ntp.d/ "${ED}"/etc/ - - # move doc files to /usr/share/doc/"${P}" - use doc && mv -v "${ED}"/usr/share/doc/"${PN}" "${ED}"/usr/share/doc/"${P}"/html -} - -pkg_postinst() { - einfo "If you want to serve time on your local network, then" - einfo "you should disable all the ref_clocks unless you have" - einfo "one and can get stable time from it. Feel free to try" - einfo "it but PPS probably won't work unless you have a UART" - einfo "GPS that actually provides PPS messages." -} diff --git a/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild new file mode 100644 index 000000000000..4a5784ca79ed --- /dev/null +++ b/net-misc/ntpsec/ntpsec-1.2.0-r2.ebuild @@ -0,0 +1,168 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python3_{7..9} ) +PYTHON_REQ_USE='threads(+)' +DISTUTILS_USE_SETUPTOOLS=no + +inherit distutils-r1 flag-o-matic waf-utils systemd + +if [[ ${PV} == *9999* ]]; then + inherit git-r3 + EGIT_REPO_URI="https://gitlab.com/NTPsec/ntpsec.git" +else + SRC_URI="ftp://ftp.ntpsec.org/pub/releases/${PN}-${PV}.tar.gz" + RESTRICT="mirror" + KEYWORDS="amd64 arm arm64 ~x86" +fi + +DESCRIPTION="The NTP reference implementation, refactored" +HOMEPAGE="https://www.ntpsec.org/" + +NTPSEC_REFCLOCK=( + oncore trimble truetime gpsd jjy generic spectracom + shm pps hpgps zyfer arbiter nmea neoclock modem + local) + +IUSE_NTPSEC_REFCLOCK=${NTPSEC_REFCLOCK[@]/#/rclock_} + +LICENSE="HPND MIT BSD-2 BSD CC-BY-SA-4.0" +SLOT="0" +IUSE="${IUSE_NTPSEC_REFCLOCK} debug doc early gdb heat libbsd nist ntpviz samba seccomp smear tests" #ionice +REQUIRED_USE="${PYTHON_REQUIRED_USE} nist? ( rclock_local )" + +# net-misc/pps-tools oncore,pps +CDEPEND="${PYTHON_DEPS} + sys-libs/libcap + dev-python/psutil[${PYTHON_USEDEP}] + libbsd? ( dev-libs/libbsd:0= ) + dev-libs/openssl:0= + seccomp? ( sys-libs/libseccomp ) +" +RDEPEND="${CDEPEND} + ntpviz? ( sci-visualization/gnuplot media-fonts/liberation-fonts ) + !net-misc/ntp + !net-misc/openntpd + acct-group/ntp + acct-user/ntp +" +DEPEND="${CDEPEND} + >=app-text/asciidoc-8.6.8 + dev-libs/libxslt + app-text/docbook-xsl-stylesheets + sys-devel/bison + rclock_oncore? ( net-misc/pps-tools ) + rclock_pps? ( net-misc/pps-tools ) +" + +PATCHES=( + "${FILESDIR}/${PN}-1.1.8-fix-missing-scmp_sys-on-aarch64.patch" + "${FILESDIR}/${PN}-1.1.9-remove-asciidoctor-from-config.patch" + "${FILESDIR}/${PN}-1.2.0-move-newfstatat.patch" + "${FILESDIR}/${PN}-1.2.0-seccomp.patch" +) + +WAF_BINARY="${S}/waf" + +src_prepare() { + default + # Remove autostripping of binaries + sed -i -e '/Strip binaries/d' wscript || die + if ! use libbsd ; then + eapply "${FILESDIR}/${PN}-no-bsd.patch" + fi + # remove extra default pool servers + sed -i '/use-pool/s/^/#/' "${S}"/etc/ntp.d/default.conf || die + + python_copy_sources +} + +src_configure() { + is-flagq -flto* && filter-flags -flto* -fuse-linker-plugin + + local string_127="" + local rclocks=""; + local CLOCKSTRING="" + + for refclock in ${NTPSEC_REFCLOCK[@]} ; do + if use rclock_${refclock} ; then + string_127+="$refclock," + fi + done + CLOCKSTRING="`echo ${string_127}|sed 's|,$||'`" + + local myconf=( + --nopyc + --nopyo + --enable-pylib ext + --refclock="${CLOCKSTRING}" + --build-epoch="$(date +%s)" + $(use doc || echo "--disable-doc") + $(use early && echo "--enable-early-droproot") + $(use gdb && echo "--enable-debug-gdb") + $(use samba && echo "--enable-mssntp") + $(use seccomp && echo "--enable-seccomp") + $(use smear && echo "--enable-leap-smear") + $(use tests && echo "--alltests") + $(use debug && echo "--enable-debug") + ) + + python_configure() { + waf-utils_src_configure "${myconf[@]}" + } + python_foreach_impl run_in_build_dir python_configure +} + +src_compile() { + unset MAKEOPTS + python_compile() { + waf-utils_src_compile + } + python_foreach_impl run_in_build_dir python_compile +} + +src_install() { + python_install() { + waf-utils_src_install + python_fix_shebang "${ED}" + } + python_foreach_impl run_in_build_dir python_install + python_foreach_impl python_optimize + + # Install heat generating scripts + use heat && dosbin "${S}"/contrib/ntpheat{,usb} + + # Install the openrc files + newinitd "${FILESDIR}"/ntpd.rc-r2 ntp + newconfd "${FILESDIR}"/ntpd.confd ntp + + # Install the systemd unit file + systemd_newunit "${FILESDIR}"/ntpd-r1.service ntpd.service + + # Prepare a directory for the ntp.drift file + mkdir -pv "${ED}"/var/lib/ntp + chown ntp:ntp "${ED}"/var/lib/ntp + chmod 770 "${ED}"/var/lib/ntp + keepdir /var/lib/ntp + + # Install a log rotate script + mkdir -pv "${ED}"/etc/logrotate.d + cp -v "${S}"/etc/logrotate-config.ntpd "${ED}"/etc/logrotate.d/ntpd + + # Install the configuration file and sample configuration + cp -v "${FILESDIR}"/ntp.conf "${ED}"/etc/ntp.conf + cp -Rv "${S}"/etc/ntp.d/ "${ED}"/etc/ + + # move doc files to /usr/share/doc/"${P}" + use doc && mv -v "${ED}"/usr/share/doc/"${PN}" "${ED}"/usr/share/doc/"${P}"/html +} + +pkg_postinst() { + einfo "If you want to serve time on your local network, then" + einfo "you should disable all the ref_clocks unless you have" + einfo "one and can get stable time from it. Feel free to try" + einfo "it but PPS probably won't work unless you have a UART" + einfo "GPS that actually provides PPS messages." +} -- cgit v1.2.3