Bug#1035898: unblock: chrony/4.3-2+deb12u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1035898: unblock: chrony/4.3-2+deb12u1
From: Vincent Blut <vincent.debian@free.fr>
Date: Wed, 10 May 2023 22:28:45 +0200
Message-id: <[🔎] 168375052597.182970.3050435298771033006.reportbug@lamella>
Reply-to: Vincent Blut <vincent.debian@free.fr>, 1035898@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: chrony@packages.debian.org
Control: affects -1 + src:chrony

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

Please unblock package chrony

[ Reason ]
This softens a rule in the AppArmor profile. Currently, the profile is way too
strict about allowed gpsd socket names.

[ Impact ]
Users may need to override the AppArmor profile (or put the profile in complain 
mode) so that chronyd can consume time information from gpsd using sockets.
Overriding an AppArmor profile is acceptable when dealing with some exotic
configurations, but here even trying to feed chronyd with something as common
as PPS samples would be denied by the profile.

[ Tests ]
I checked that chronyd was able to receive PPS samples from gpsd through a
Unix socket driver using the '/run/chrony.pps0.sock' path. This is no longer
denied with chrony 4.3-2+deb12u1.

[ Risks ]
None that I know of.

[ Checklist ]
  [✓] all changes are documented in the d/changelog
  [✓] I reviewed all changes and I approve them
  [✓] attach debdiff against the package in testing

[ Other info ]
I must admit that the version number is atypical for an upload to unstable but
chrony 4.3-3 is already in experimental.

unblock chrony/4.3-2+deb12u1


-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSRJQjHKbAUfuoc+DAQn1qAt/bgAQUCZFv+fQAKCRAQn1qAt/bg
ATptAQDKB1vG2CXDXkwW1dGb9l3GFwua+oeoc1qOm3LNhqNfSgD/ZBld8s8e1XSD
QXFm/ZXjxKXIkU+1m8TaS5JL5oRWDwk=
=uMJh
-----END PGP SIGNATURE-----

diff -Nru chrony-4.3/debian/changelog chrony-4.3/debian/changelog
--- chrony-4.3/debian/changelog	2023-01-27 22:51:17.000000000 +0100
+++ chrony-4.3/debian/changelog	2023-05-08 22:05:00.000000000 +0200
@@ -1,3 +1,13 @@
+chrony (4.3-2+deb12u1) unstable; urgency=medium
+
+  * debian/usr.sbin.chronyd:
+    - Modify the AppArmor profile to allow more gpsd socket names. This will
+    avoid the need for users to override the profile to let chronyd consume PPS
+    samples or serial time supplied by gpsd over a Unix-domain socket.
+    Thanks to Ryan Govostes for the report. (Closes: #1034519)
+
+ -- Vincent Blut <vincent.debian@free.fr>  Mon, 08 May 2023 22:05:00 +0200
+
 chrony (4.3-2) unstable; urgency=medium
 
   * debian/control:
diff -Nru chrony-4.3/debian/usr.sbin.chronyd chrony-4.3/debian/usr.sbin.chronyd
--- chrony-4.3/debian/usr.sbin.chronyd	2023-01-27 22:51:17.000000000 +0100
+++ chrony-4.3/debian/usr.sbin.chronyd	2023-05-08 22:05:00.000000000 +0200
@@ -59,7 +59,7 @@
   # Configs using a 'chrony.' prefix like the tempcomp config file example
   /etc/chrony.* r,
   # Example gpsd socket is outside @{run}/chrony/
-  @{run}/chrony.tty{,*}.sock rw,
+  @{run}/chrony.*.sock rw,
   # To sign replies to MS-SNTP clients by the smbd daemon
   /var/lib/samba/ntp_signd/socket rw,

Reply to:

Follow-Ups:
- Processed: unblock: chrony/4.3-2+deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1035898: marked as done (unblock: chrony/4.3-2+deb12u1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: unblock: desktop-base/12.0.6
Next by Date: Processed: unblock: chrony/4.3-2+deb12u1
Previous by thread: Bug#1035894: marked as done (unblock: desktop-base/12.0.6)
Next by thread: Processed: unblock: chrony/4.3-2+deb12u1
Index(es):
- Date
- Thread