3 files changed, 4 insertions, 48 deletions

diff --git a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/allow-clock_adjtime.patch b/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/allow-clock_adjtime.patch
deleted file mode 100644
index 2fa3baca7221..000000000000
--- a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/allow-clock_adjtime.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 0cf506c92967c84f9ed83ba9e1be946a7fda6425 Mon Sep 17 00:00:00 2001
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Mon, 2 Dec 2019 12:47:13 +0100
-Subject: sys_linux: allow clock_adjtime in seccomp filter
-
-The adjtimex() function in glibc was switched to the clock_adjtime
-system call.
-
-diff --git a/sys_linux.c b/sys_linux.c
-index 63eb8f1..fcf89c2 100644
---- a/sys_linux.c
-+++ b/sys_linux.c
-@@ -478,8 +478,8 @@ SYS_Linux_EnableSystemCallFilter(int level)
- {
-   const int syscalls[] = {
-     /* Clock */
--    SCMP_SYS(adjtimex), SCMP_SYS(clock_gettime), SCMP_SYS(gettimeofday),
--    SCMP_SYS(settimeofday), SCMP_SYS(time),
-+    SCMP_SYS(adjtimex), SCMP_SYS(clock_adjtime), SCMP_SYS(clock_gettime),
-+    SCMP_SYS(gettimeofday), SCMP_SYS(settimeofday), SCMP_SYS(time),
-     /* Process */
-     SCMP_SYS(clone), SCMP_SYS(exit), SCMP_SYS(exit_group), SCMP_SYS(getpid),
-     SCMP_SYS(getrlimit), SCMP_SYS(rt_sigaction), SCMP_SYS(rt_sigreturn),
--- 
-cgit v0.10.2
-
diff --git a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/default.nix b/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/default.nix
index 6c8254c797b7..374036d11a44 100644
--- a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/default.nix
+++ b/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/default.nix
@@ -1,27 +1,22 @@
 { stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr
-, libseccomp, pps-tools }:
+, libseccomp, pps-tools, gnutls }:
 
 assert stdenv.isLinux -> libcap != null;
 
 stdenv.mkDerivation rec {
   pname = "chrony";
-  version = "3.5.1";
+  version = "4.0";
 
   src = fetchurl {
     url = "https://download.tuxfamily.org/chrony/${pname}-${version}.tar.gz";
-    sha256 = "19ywl8a3lb2id7lcna5hp2g4pjnfwdc9ihr0fk6i9m45vdq2za0v";
+    sha256 = "09f6w2x5h5kamb4rhcbaz911q1f730qdalgsn8s48yjyqlafl9xy";
   };
 
-  patches = [
-    ./allow-clock_adjtime.patch
-    ./fix-seccomp-build.patch
-  ];
-
   postPatch = ''
     patchShebangs test
   '';
 
-  buildInputs = [ readline texinfo nss nspr ]
+  buildInputs = [ readline texinfo nss nspr gnutls ]
     ++ stdenv.lib.optionals stdenv.isLinux [ libcap libseccomp pps-tools ];
   nativeBuildInputs = [ pkgconfig ];
 
diff --git a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/fix-seccomp-build.patch b/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/fix-seccomp-build.patch
deleted file mode 100644
index 6888e7efeb72..000000000000
--- a/infra/libkookie/nixpkgs/pkgs/tools/networking/chrony/fix-seccomp-build.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/sys_linux.c b/sys_linux.c
-index 898dc7a7f75..fcd334ecf03 100644
---- a/sys_linux.c
-+++ b/sys_linux.c
-@@ -503,7 +503,7 @@ SYS_Linux_EnableSystemCallFilter(int level)
-     SCMP_SYS(socketcall),
-     /* General I/O */
-     SCMP_SYS(_newselect), SCMP_SYS(close), SCMP_SYS(open), SCMP_SYS(openat), SCMP_SYS(pipe),
--    SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(ppoll), SCMP_SYS(pselect6), SCMP_SYS(read),
-+    SCMP_SYS(pipe2), SCMP_SYS(poll), SCMP_SYS(pselect6), SCMP_SYS(read),
-     SCMP_SYS(futex), SCMP_SYS(select), SCMP_SYS(set_robust_list), SCMP_SYS(write),
-     /* Miscellaneous */
-     SCMP_SYS(getrandom), SCMP_SYS(sysinfo), SCMP_SYS(uname),