%global _hardened_build 1

%global clknetsim_ver e63178

%bcond_without debug

Name:           chrony

Version:        1.31.1

Release:        1%{?dist}

Summary:        An NTP client/server

Group:          System Environment/Daemons

License:        GPLv2

URL:            http://chrony.tuxfamily.org

Source0:        http://download.tuxfamily.org/chrony/chrony-%{version}%{?prerelease}.tar.gz

Source1:        chrony.dhclient

Source2:        chrony.helper

# simulator for test suite from https://github.com/mlichvar/clknetsim.git

Source10:       clknetsim-%{clknetsim_ver}.tar.gz

%{?gitpatch:Patch0: chrony-%{version}%{?prerelease}-%{gitpatch}.patch.gz}

# add NTP servers from DHCP when starting service

Patch1:         chrony-service-helper.patch

BuildRequires:  libcap-devel libedit-devel nss-devel pps-tools-devel

BuildRequires:  bison texinfo systemd-units

Requires(pre):  shadow-utils

Requires(post): systemd info

Requires(preun): systemd info

Requires(postun): systemd

%description

A client/server for the Network Time Protocol, this program keeps your

computer's clock accurate. It was specially designed to support

systems with intermittent internet connections, but it also works well

in permanently connected environments. It can use also hardware reference

clocks, system real-time clock or manual input as time references.

%if 0%{!?vendorzone:1}

%{?fedora: %global vendorzone fedora.}

%{?rhel: %global vendorzone rhel.}

%endif

%prep

%setup -q -n %{name}-%{version}%{?prerelease} -a 10

%{?gitpatch:%patch0 -p1}

%patch1 -p1 -b .service-helper

%{?gitpatch: echo %{version}-%{gitpatch} > version.txt}

# review changes in packaged configuration files and scripts

md5sum -c <<-EOF | (! grep -v 'OK$')

        5cca89b571b0780481fc6f3c518e63bf  examples/chrony-wait.service

        d77c994ec12c247a5206e724cd70483d  examples/chrony.conf.example2

        2e9fe409a17de5d53a65f9869c4119f5  examples/chrony.logrotate

        d7d323d0ea7ccc258710371ea79563d1  examples/chrony.nm-dispatcher

        1a5122f7f40446596777a6c69431c415  examples/chronyd.service

EOF

# use our vendor zone

sed -e 's|\([0-3]\.\)\(pool.ntp.org\)|\1%{vendorzone}\2|' \

        < examples/chrony.conf.example2 > chrony.conf

echo '# Keys used by chronyd for command and NTP authentication' > chrony.keys

touch -r examples/chrony.conf.example2 chrony.conf chrony.keys

# regenerate the file from getdate.y

rm -f getdate.c

mv clknetsim test/simulation

%build

%configure \

%{?with_debug: --enable-debug} \

        --docdir=%{_docdir} \

        --with-user=chrony \

        --with-sendmail=%{_sbindir}/sendmail

make %{?_smp_mflags} all docs

%install

make install install-docs DESTDIR=$RPM_BUILD_ROOT

rm -rf $RPM_BUILD_ROOT%{_docdir}

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{sysconfig,logrotate.d}

mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/chrony

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d

mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d

mkdir -p $RPM_BUILD_ROOT%{_libexecdir}

mkdir -p $RPM_BUILD_ROOT{%{_unitdir},%{_prefix}/lib/systemd/ntp-units.d}

install -m 644 -p chrony.conf $RPM_BUILD_ROOT%{_sysconfdir}/chrony.conf

install -m 640 -p chrony.keys $RPM_BUILD_ROOT%{_sysconfdir}/chrony.keys

install -m 755 -p examples/chrony.nm-dispatcher \

        $RPM_BUILD_ROOT%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony

install -m 755 -p %{SOURCE1} \

        $RPM_BUILD_ROOT%{_sysconfdir}/dhcp/dhclient.d/chrony.sh

install -m 644 -p examples/chrony.logrotate \

        $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/chrony

install -m 644 -p examples/chronyd.service \

        $RPM_BUILD_ROOT%{_unitdir}/chronyd.service

install -m 644 -p examples/chrony-wait.service \

        $RPM_BUILD_ROOT%{_unitdir}/chrony-wait.service

install -m 755 -p %{SOURCE2} $RPM_BUILD_ROOT%{_libexecdir}/chrony-helper

touch $RPM_BUILD_ROOT%{_localstatedir}/lib/chrony/{drift,rtc}

echo 'chronyd.service' > \

        $RPM_BUILD_ROOT%{_prefix}/lib/systemd/ntp-units.d/50-chronyd.list

gzip -9 -f -k chrony.txt

%check

make %{?_smp_mflags} -C test/simulation/clknetsim

make check

%pre

getent group chrony > /dev/null || /usr/sbin/groupadd -r chrony

getent passwd chrony > /dev/null || /usr/sbin/useradd -r -g chrony \

       -d %{_localstatedir}/lib/chrony -s /sbin/nologin chrony

:

%post

%systemd_post chronyd.service chrony-wait.service

/sbin/install-info %{_infodir}/chrony.info.gz %{_infodir}/dir &> /dev/null

:

%preun

%systemd_preun chronyd.service chrony-wait.service

if [ "$1" -eq 0 ]; then

        /sbin/install-info --delete %{_infodir}/chrony.info.gz \

                %{_infodir}/dir &> /dev/null

fi

:

%postun

%systemd_postun_with_restart chronyd.service

%files

%{!?_licensedir:%global license %%doc}

%license COPYING

%doc FAQ NEWS README chrony.txt.gz

%config(noreplace) %{_sysconfdir}/chrony.conf

%config(noreplace) %verify(not md5 size mtime) %attr(640,root,chrony) %{_sysconfdir}/chrony.keys

%config(noreplace) %{_sysconfdir}/logrotate.d/chrony

%{_sysconfdir}/NetworkManager/dispatcher.d/20-chrony

%{_sysconfdir}/dhcp/dhclient.d/chrony.sh

%{_bindir}/chronyc

%{_sbindir}/chronyd

%{_libexecdir}/chrony-helper

%{_infodir}/chrony.info*

%{_prefix}/lib/systemd/ntp-units.d/*.list

%{_unitdir}/chrony*.service

%{_mandir}/man[158]/%{name}*.[158]*

%dir %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony

%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/drift

%ghost %attr(-,chrony,chrony) %{_localstatedir}/lib/chrony/rtc

%dir %attr(-,chrony,chrony) %{_localstatedir}/log/chrony

%changelog

* Wed Apr 08 2015 Miroslav Lichvar <mlichvar@redhat.com> 1.31.1-1

- update to 1.31.1 (CVE-2015-1853 CVE-2015-1821 CVE-2015-1822)

* Thu Sep 11 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.31-1

- update to 1.31

- add servers from DHCP with iburst option by default

- use upstream configuration files and scripts

- don't package configuration examples

- compress chrony.txt

* Thu Aug 21 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.31-0.1.pre1

- update to 1.31-pre1

- use license macro if available

* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.30-3

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Aug 15 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.30-2

- reconnect client sockets (#1124059)

* Tue Jul 01 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.30-1

- update to 1.30

- enable debug messages

* Mon Jun 09 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.30-0.1.pre1

- update to 1.30-pre1

- execute test suite

- avoid calling systemctl in helper script

- call chronyc directly from logrotate and NM dispatcher scripts

- add conflict with systemd-timesyncd service

* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.29.1-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

* Fri Jan 31 2014 Miroslav Lichvar <mlichvar@redhat.com> 1.29.1-1

- update to 1.29.1 (CVE-2014-0021)

- replace hardening build flags with _hardened_build

* Tue Nov 19 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.29-3

- let systemd remove pid file (#974305)

* Thu Oct 03 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.29-2

- add ordering dependency to not start chronyd before ntpd stopped

* Thu Aug 08 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.29-1

- update to 1.29 (CVE-2012-4502, CVE-2012-4503)

* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.28-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

* Wed Jul 17 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-1

- update to 1.28

- change default makestep limit to 10 seconds

* Mon Jun 24 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-0.2.pre1

- buildrequire systemd-units

* Fri Jun 21 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.28-0.1.pre1

- update to 1.28-pre1

- listen for commands only on localhost by default

* Thu May 09 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-3

- disable chrony-wait service by default (#961047)

- drop old systemd scriptlets

- don't own ntp-units.d directory

- move files from /lib

- remove unncessary dependency on syslog target

* Tue Mar 12 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-2

- suppress error messages from tr when generating key (#907914)

- fix delta calculation with extreme frequency offsets

* Fri Feb 01 2013 Miroslav Lichvar <mlichvar@redhat.com> 1.27-1

- update to 1.27

- start chrony-wait service with chronyd

- start chronyd service after sntp

- remove obsolete macros

* Tue Sep 11 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.5.pre1.git1ca844

- update to git snapshot 1ca844

- update systemd integration (#846303)

- use systemd macros if available (#850151)

- use correct vendor pool.ntp.org zone on RHEL (#845981)

- don't log output of chrony-wait service

* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.27-0.4.pre1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

* Fri Apr 27 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.3.pre1

- update service file for systemd-timedated-ntp target (#816493)

* Fri Apr 06 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.2.pre1

  use systemctl is-active instead of status in chrony-helper (#794771)

* Tue Feb 28 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.27-0.1.pre1

- update to 1.27-pre1

- generate SHA1 command key instead of MD5

* Wed Feb 15 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.26-6.20110831gitb088b7

- remove old servers on DHCP update (#787042)

* Fri Feb 10 2012 Miroslav Lichvar <mlichvar@redhat.com> 1.26-5.20110831gitb088b7

- improve chrony-helper to keep track of servers added from DHCP (#787042)

- fix dhclient script to always return with zero exit code (#767859)

* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.26-4.20110831gitb088b7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

* Tue Sep 06 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-3.20110831gitb088b7

- update to git snapshot 20110831gitb088b7

- on first start generate password with 16 chars

- change systemd service type to forking

- add forced-command to chrony-helper (#735821)

* Mon Aug 15 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-2

- fix iburst with very high jitters and long delays

- use timepps header from pps-tools-devel

* Wed Jul 13 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-1

- update to 1.26

- read options from sysconfig file if it exists

* Fri Jun 24 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.26-0.1.pre1

- update to 1.26-pre1

- fix service name in %%triggerun

- drop SysV init script

- add chrony-wait service

* Fri May 06 2011 Bill Nottingham <notting@redhat.com> 1.25-2

- fix systemd scriptlets for the upgrade case

* Wed May 04 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-1

- update to 1.25

* Wed Apr 20 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-0.3.pre2

- update to 1.25-pre2

- link with -Wl,-z,relro,-z,now options

* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.25-0.2.pre1

- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

* Tue Feb 01 2011 Miroslav Lichvar <mlichvar@redhat.com> 1.25-0.1.pre1

- update to 1.25-pre1

- use iburst, four pool servers, rtcsync, stratumweight in default config

- add systemd support

- drop sysconfig file 

- suppress install-info errors

* Thu Apr 29 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-4.20100428git73d775

- update to 20100428git73d775

- replace initstepslew directive with makestep in default config

- add NetworkManager dispatcher script

- add dhclient script

- retry server/peer name resolution at least once to workaround

  NetworkManager race condition on boot

- don't verify chrony.keys

* Fri Mar 12 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-3.20100302git5fb555

- update to snapshot 20100302git5fb555

- compile with PPS API support

* Thu Feb 04 2010 Miroslav Lichvar <mlichvar@redhat.com> 1.24-1

- update to 1.24 (#555367, CVE-2010-0292 CVE-2010-0293 CVE-2010-0294)

- modify default config

  - step clock on start if it is off by more than 100 seconds

  - disable client log

- build with -fPIE on sparc

* Tue Dec 15 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.24-0.1.pre1

- update to 1.24-pre1

* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.23-7.20081106gitbe42b4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

* Fri Jul 17 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.23-6.20081106gitbe42b4

- switch to editline

- support arbitrary chronyc commands in init script

* Mon Jun 08 2009 Dan Horak <dan[at]danny.cz> 1.23-5.20081106gitbe42b4

- add patch with support for s390/s390x

* Mon Mar 09 2009 Miroslav Lichvar <mlichvar@redhat.com> 1.23-4.20081106gitbe42b4

- fix building with broken libcap header (#483548)

* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.23-3.20081106gitbe42b4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild

* Wed Nov 19 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-2.20081106gitbe42b4

- fix info uninstall

- generate random command key in init script

- support cyclelogs, online, offline commands in init script

- add logrotate script

* Tue Nov 11 2008 Miroslav Lichvar <mlichvar@redhat.com> 1.23-1.20081106gitbe42b4

- initial release