Merge chrony from Debian Unstable for questing

Scheduled-For: ubuntu-25.06
Ubuntu: 4.6.1-1ubuntu1
Debian Unstable: 4.6.1-2

A new release of chrony is available for merging from Debian Unstable.

If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired.

### New Debian Changes ###

chrony (4.6.1-2) unstable; urgency=medium

  [ Vincent Blut ]
  * debian/chrony.conf:
    - Move the confdir directive at the end of the configuration file. This
    should prevent directives defined in /etc/chrony/conf.d/ from being
    overridden by corresponding directives in chrony.conf. (Closes: #1073865)

  * debian/chrony.service:
    - Drop 'After=network.target'. First and foremost, the network.target unit
    doesn't guarantee that any network interfaces are configured or
    operational. Furthermore, chronyd is perfectly able to operate without
    network or DNS functionality notably when used with a hardware reference
    clock as a time source.
    - Do not pull time-sync.target nor order chrony.service before it. Services
    pulling and being ordered before time-sync.target must ensure that the
    system clock has been completely synchronized and thus typically guarantee
    an accurate clock. This can't be assumed right after chrony.service has
    finished starting.

  * debian/control:
    - Support seccomp facility on loong64.
    - Bump Standards-Version to 4.7.2 (no changes required).

  * debian/copyright:
    - Update copyright year for debian/*.

  * debian/rules:
    - Revert "d/rules: Disable seccomp on loong64".

  * debian/usr.sbin.chronyd:
    - Relax rule regarding temperature sensors. (Closes: #1084841)

  [ Joachim Kross ]
  * debian/{control,postinst,chrony.conf}:
    - Minor textual updates.

 -- Vincent Blut <email address hidden> Wed, 02 Apr 2025 21:33:06 +0200

### Old Ubuntu Delta ###

chrony (4.6.1-1ubuntu1) plucky; urgency=medium

  * Merge with Debian unstable (LP: #2085221). Remaining changes:
    - Set -x as default if unable to set time (e.g. in containers) (LP #1589780)
      Chrony is a single service which acts as both NTP client (i.e. syncing the
      local clock) and NTP server (i.e. providing NTP services to the network),
      and that is both desired and expected in the vast majority of cases.
      But in containers syncing the local clock is usually impossible, but this
      shall not break the providing of NTP services to the network.
      To some extent this makes chrony's default config more similar to 'ntpd',
      which complained in syslog but still provided NTP server service in those
      cases.
      + debian/chrony.service: allow the service to run without CAP_SYS_TIME
      + d/control: add new dependency libcap2-bin for capsh (usually
        installed anyway, but make them explicit to be sure).
      + d/chrony.default: new option SYNC_IN_CONTAINER to not fall
        back (Default off)
      + d/chronyd-starter.sh: wrapper to handle special cases in
        containers and if CAP_SYS_TIME is missing. Effectively allows
        running the NTP server in containers on a default installation
        and avoid failing to sync time (or if allowed to sync, avoid
        multiple containers fighting over it by accident).
      + d/install: Make chrony-starter.sh available on install.
      + d/docs, d/README.container: Provide documentation about the
        handling of this case.
    - d/rules, d/chrony.examples: Ship restricted service as an example
      not installed to the system for use. (See LP #2051028)
    - d/chrony.conf: remove Debian NTP pool
    - Install Ubuntu NTP sources in
      /etc/chrony/sources.d/ubuntu-ntp-pools.sources, gated on a low priority
      (default yes) debconf question (LP #2048876):
      + d/templates: Add debconf question to customize installation of
        /etc/chrony/sources.d/ubuntu-ntp-pools.sources
      + d/install, d/ubuntu-ntp-pools.sources: Install ubuntu-ntp-pools.sources
        in /usr/share/chrony
      + d/control: add dependency on debconf
      + d/postinst: handle Ubuntu pools via debconf and ucf
      + d/postrm: handle Ubuntu pools via debconf and ucf
      + d/NEWS: Add information about default time sources moving out from
        chrony.conf to /etc/chrony/sources.d/ubuntu-ntp-pools.sources.
      + d/chrony.config: debconf script to handle Ubuntu pools
      + d/t/control, d/t/default-ubuntu-sources-behavior: new test to check the
        debconf behavior
    - Use Ubuntu NTS servers by default (LP #2084585):
      + d/conf.d/ubuntu-nts.conf: refer to the CA used to sign the NTS bootstrap
        server
      + d/nts-bootstrap-{,staging}-ubuntu.crt: CA certificate for the NTS
        bootstrap servers
      + d/install: install the NTS bootstrap CAs
      + d/ubuntu-ntp-pools.sources: use NTS by default
      + d/t/default-ubuntu-sources-behavior: update tests for NTS support
      + d/NEWS: add news entry about the NTS change

 -- Andreas Hasenack <email address hidden> Thu, 23 Jan 2025 10:35:08 -0300