about summary refs log tree commit diff
path: root/pkgs/tools/networking/ntp
diff options
context:
space:
mode:
authorArtturin <Artturin@artturin.com>2021-11-01 00:27:13 +0200
committerArtturin <Artturin@artturin.com>2021-11-01 00:44:20 +0200
commitfd86d63e2f7957b1eeb346f691b3102ae4249fb3 (patch)
tree7fc2bd8ae2158eea4f968c0698b6434c0cf5a52a /pkgs/tools/networking/ntp
parent50f4571c35af36ddcb1f0776ca0c683411139be4 (diff)
ntp: remove seccomp support
it causes issues and most distros dont enable it
see https://github.com/NixOS/nixpkgs/issues/140996
Diffstat (limited to 'pkgs/tools/networking/ntp')
-rw-r--r--pkgs/tools/networking/ntp/default.nix21
-rw-r--r--pkgs/tools/networking/ntp/seccomp.patch57
2 files changed, 4 insertions, 74 deletions
diff --git a/pkgs/tools/networking/ntp/default.nix b/pkgs/tools/networking/ntp/default.nix
index c8af08a3a30db..92a6005e2a669 100644
--- a/pkgs/tools/networking/ntp/default.nix
+++ b/pkgs/tools/networking/ntp/default.nix
@@ -1,11 +1,4 @@
-{ stdenv, lib, fetchurl, openssl, perl, libcap ? null, libseccomp ? null, pps-tools }:
-
-assert stdenv.isLinux -> libcap != null;
-assert stdenv.isLinux -> libseccomp != null;
-
-let
-  withSeccomp = stdenv.isLinux && (stdenv.isi686 || stdenv.isx86_64);
-in
+{ stdenv, lib, fetchurl, openssl, perl, pps-tools, libcap }:
 
 stdenv.mkDerivation rec {
   pname = "ntp";
@@ -16,10 +9,6 @@ stdenv.mkDerivation rec {
     sha256 = "06cwhimm71safmwvp6nhxp6hvxsg62whnbgbgiflsqb8mgg40n7n";
   };
 
-  # The hardcoded list of allowed system calls for seccomp is
-  # insufficient for NixOS, add more to make it work (issue #21136).
-  patches = [ ./seccomp.patch ];
-
   configureFlags = [
     "--sysconfdir=/etc"
     "--localstatedir=/var"
@@ -27,12 +16,10 @@ stdenv.mkDerivation rec {
     "--with-openssl-incdir=${openssl.dev}/include"
     "--enable-ignore-dns-errors"
     "--with-yielding-select=yes"
-  ] ++ lib.optional stdenv.isLinux "--enable-linuxcaps"
-    ++ lib.optional withSeccomp "--enable-libseccomp";
+  ] ++ lib.optional stdenv.isLinux "--enable-linuxcaps";
 
-  buildInputs = [ libcap openssl perl ]
-    ++ lib.optional withSeccomp libseccomp
-    ++ lib.optional stdenv.isLinux pps-tools;
+  buildInputs = [ openssl perl ]
+    ++ lib.optionals stdenv.isLinux [ pps-tools libcap ];
 
   hardeningEnable = [ "pie" ];
 
diff --git a/pkgs/tools/networking/ntp/seccomp.patch b/pkgs/tools/networking/ntp/seccomp.patch
deleted file mode 100644
index c75536dac7fb5..0000000000000
--- a/pkgs/tools/networking/ntp/seccomp.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 881e427f3236046466bdb8235edf86e6dfa34391 Mon Sep 17 00:00:00 2001
-From: Michael Bishop <cleverca22@gmail.com>
-Date: Mon, 11 Jun 2018 08:30:48 -0300
-Subject: [PATCH] fix the seccomp filter to include a few previously missed
- syscalls
-
----
- ntpd/ntpd.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
-index 2c7f02ec5..4c59dc2ba 100644
---- a/ntpd/ntpd.c
-+++ b/ntpd/ntpd.c
-@@ -1140,10 +1140,12 @@ int scmp_sc[] = {
- 	SCMP_SYS(close),
- 	SCMP_SYS(connect),
- 	SCMP_SYS(exit_group),
-+	SCMP_SYS(fcntl),
- 	SCMP_SYS(fstat),
- 	SCMP_SYS(fsync),
- 	SCMP_SYS(futex),
- 	SCMP_SYS(getitimer),
-+	SCMP_SYS(getpid),
- 	SCMP_SYS(getsockname),
- 	SCMP_SYS(ioctl),
- 	SCMP_SYS(lseek),
-@@ -1162,6 +1164,8 @@ int scmp_sc[] = {
- 	SCMP_SYS(sendto),
- 	SCMP_SYS(setitimer),
- 	SCMP_SYS(setsid),
-+	SCMP_SYS(setsockopt),
-+	SCMP_SYS(openat),
- 	SCMP_SYS(socket),
- 	SCMP_SYS(stat),
- 	SCMP_SYS(time),
-@@ -1178,9 +1182,11 @@ int scmp_sc[] = {
- 	SCMP_SYS(clock_settime),
- 	SCMP_SYS(close),
- 	SCMP_SYS(exit_group),
-+	SCMP_SYS(fcntl),
- 	SCMP_SYS(fsync),
- 	SCMP_SYS(futex),
- 	SCMP_SYS(getitimer),
-+	SCMP_SYS(getpid),
- 	SCMP_SYS(madvise),
- 	SCMP_SYS(mmap),
- 	SCMP_SYS(mmap2),
-@@ -1194,6 +1200,8 @@ int scmp_sc[] = {
- 	SCMP_SYS(select),
- 	SCMP_SYS(setitimer),
- 	SCMP_SYS(setsid),
-+	SCMP_SYS(setsockopt),
-+	SCMP_SYS(openat),
- 	SCMP_SYS(sigprocmask),
- 	SCMP_SYS(sigreturn),
- 	SCMP_SYS(socketcall),
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-22 07:25:12 +0000