nixpkgs/pkgs/tools/networking/chrony/default.nix
Austin Seipp 5d8bd748f3
chrony: fix build break from libseccomp 2.4.2
03be1adb bumped libseccomp to 2.4.2, which has this note in the
changelog:

    "Stop defining __NR_x values for syscalls that don't exist,
     libseccomp now uses __SNR_x internally"

This change means that invalid syscalls for Linux that aren't defined in
glibc will no longer work. In this unlucky case, 'chrony' was trying to
reference the syscall number for 'ppoll', which doesn't exist. Fixing
this is easy with a simple patch.

This also includes another patch from upstream, which allows
clock_adjtime in the seccomp filter list. This is a robustness measure
for future glibc versions that use clock_adjutime inside adjtimex().

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-12-05 18:35:43 -06:00

56 lines
2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr
, libseccomp, pps-tools }:
assert stdenv.isLinux -> libcap != null;
stdenv.mkDerivation rec {
pname = "chrony";
version = "3.5";
src = fetchurl {
url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz";
sha256 = "1d9r2dhslll4kzdmxrj0qfgwq1b30d4l3s5cwr8yr93029dpj0jf";
};
patches = [
./allow-clock_adjtime.patch
./fix-seccomp-build.patch
];
postPatch = ''
patchShebangs test
'';
buildInputs = [ readline texinfo nss nspr ]
++ stdenv.lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ];
nativeBuildInputs = [ pkgconfig ];
hardeningEnable = [ "pie" ];
configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" ]
++ stdenv.lib.optional stdenv.isLinux [ "--enable-scfilter" ];
meta = with stdenv.lib; {
description = "Sets your computer's clock from time servers on the Net";
homepage = https://chrony.tuxfamily.org/;
repositories.git = git://git.tuxfamily.org/gitroot/chrony/chrony.git;
license = licenses.gpl2;
platforms = with platforms; linux ++ freebsd ++ openbsd;
maintainers = with maintainers; [ fpletz thoughtpolice ];
longDescription = ''
Chronyd is a daemon which runs in background on the system. It obtains
measurements via the network of the system clocks offset relative to
time servers on other systems and adjusts the system time accordingly.
For isolated systems, the user can periodically enter the correct time by
hand (using Chronyc). In either case, Chronyd determines the rate at
which the computer gains or loses time, and compensates for this. Chronyd
implements the NTP protocol and can act as either a client or a server.
Chronyc provides a user interface to Chronyd for monitoring its
performance and configuring various settings. It can do so while running
on the same computer as the Chronyd instance it is controlling or a
different computer.
'';
};
}