[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1035898: marked as done (unblock: chrony/4.3-2+deb12u1)

Your message dated Thu, 11 May 2023 16:57:51 +0000
with message-id <CAM8zJQs4dtLqwY20hevL2ByjsnCQQ5aOCZmE3VwHn7giA+U_wQ@mail.gmail.com>
and subject line Re: Bug#1035898: unblock: chrony/4.3-2+deb12u1
has caused the Debian Bug report #1035898,
regarding unblock: chrony/4.3-2+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1035898: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035898
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: chrony@packages.debian.org
Control: affects -1 + src:chrony

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Please unblock package chrony

[ Reason ]
This softens a rule in the AppArmor profile. Currently, the profile is way too
strict about allowed gpsd socket names.

[ Impact ]
Users may need to override the AppArmor profile (or put the profile in complain 
mode) so that chronyd can consume time information from gpsd using sockets.
Overriding an AppArmor profile is acceptable when dealing with some exotic
configurations, but here even trying to feed chronyd with something as common
as PPS samples would be denied by the profile.

[ Tests ]
I checked that chronyd was able to receive PPS samples from gpsd through a
Unix socket driver using the '/run/chrony.pps0.sock' path. This is no longer
denied with chrony 4.3-2+deb12u1.

[ Risks ]
None that I know of.

[ Checklist ]
  [✓] all changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in testing

[ Other info ]
I must admit that the version number is atypical for an upload to unstable but
chrony 4.3-3 is already in experimental.

unblock chrony/4.3-2+deb12u1


-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSRJQjHKbAUfuoc+DAQn1qAt/bgAQUCZFv+fQAKCRAQn1qAt/bg
ATptAQDKB1vG2CXDXkwW1dGb9l3GFwua+oeoc1qOm3LNhqNfSgD/ZBld8s8e1XSD
QXFm/ZXjxKXIkU+1m8TaS5JL5oRWDwk=
=uMJh
-----END PGP SIGNATURE-----

diff -Nru chrony-4.3/debian/changelog chrony-4.3/debian/changelog
--- chrony-4.3/debian/changelog	2023-01-27 22:51:17.000000000 +0100
+++ chrony-4.3/debian/changelog	2023-05-08 22:05:00.000000000 +0200
@@ -1,3 +1,13 @@
+chrony (4.3-2+deb12u1) unstable; urgency=medium
+
+  * debian/usr.sbin.chronyd:
+    - Modify the AppArmor profile to allow more gpsd socket names. This will
+    avoid the need for users to override the profile to let chronyd consume PPS
+    samples or serial time supplied by gpsd over a Unix-domain socket.
+    Thanks to Ryan Govostes for the report. (Closes: #1034519)
+
+ -- Vincent Blut <vincent.debian@free.fr>  Mon, 08 May 2023 22:05:00 +0200
+
 chrony (4.3-2) unstable; urgency=medium
 
   * debian/control:
diff -Nru chrony-4.3/debian/usr.sbin.chronyd chrony-4.3/debian/usr.sbin.chronyd
--- chrony-4.3/debian/usr.sbin.chronyd	2023-01-27 22:51:17.000000000 +0100
+++ chrony-4.3/debian/usr.sbin.chronyd	2023-05-08 22:05:00.000000000 +0200
@@ -59,7 +59,7 @@
   # Configs using a 'chrony.' prefix like the tempcomp config file example
   /etc/chrony.* r,
   # Example gpsd socket is outside @{run}/chrony/
-  @{run}/chrony.tty{,*}.sock rw,
+  @{run}/chrony.*.sock rw,
   # To sign replies to MS-SNTP clients by the smbd daemon
   /var/lib/samba/ntp_signd/socket rw,

--- End Message ---
--- Begin Message --- 
On Wed, 10 May 2023 at 20:30, Vincent Blut <vincent.debian@free.fr> wrote:
> Please unblock package chrony

Unblocked, thanks.

--- End Message ---
Reply to: