From 0f0b1f59c310447ff259499baab6093a7e17b512 Mon Sep 17 00:00:00 2001
From: Peter Seiderer <ps.report@gmx.net>
Date: Wed, 10 Nov 2021 20:37:28 +0100
Subject: [PATCH] package/ntp: run ntpd as ntp user

- in case libcap is enabled use the now enabled '-u' option to run nptd as
  user/group ntp

Signed-off-by: Peter Seiderer <ps.report@gmx.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/ntp/{S49ntp => S49ntp.in}             |  2 +-
 package/ntp/ntp.mk                            | 15 +++++++++++++--
 package/ntp/{ntpd.service => ntpd.service.in} |  2 +-
 3 files changed, 15 insertions(+), 4 deletions(-)
 rename package/ntp/{S49ntp => S49ntp.in} (96%)
 rename package/ntp/{ntpd.service => ntpd.service.in} (85%)

diff --git a/package/ntp/S49ntp b/package/ntp/S49ntp.in
similarity index 96%
rename from package/ntp/S49ntp
rename to package/ntp/S49ntp.in
index 66c5f70a5f..11c03b888f 100644
--- a/package/ntp/S49ntp
+++ b/package/ntp/S49ntp.in
@@ -6,7 +6,7 @@
 DAEMON="ntpd"
 PIDFILE="/var/run/$DAEMON.pid"
 
-NTPD_ARGS="-g"
+NTPD_ARGS="@NTPD_EXTRA_ARGS@ -g"
 
 # shellcheck source=/dev/null
 [ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index ff23cdc2b6..96b099d5b1 100644
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -44,6 +44,10 @@ endif
 ifeq ($(BR2_PACKAGE_LIBCAP),y)
 NTP_CONF_OPTS += --enable-linuxcaps
 NTP_DEPENDENCIES += libcap
+define NTP_USERS
+	ntp -1 ntp -1 * - - - ntpd user
+endef
+NTP_DAEMON_EXTRA_ARGS = -u ntp:ntp
 else
 NTP_CONF_OPTS += --disable-linuxcaps
 endif
@@ -109,11 +113,18 @@ endif
 
 ifeq ($(BR2_PACKAGE_NTP_NTPD),y)
 define NTP_INSTALL_INIT_SYSV_NTPD
-	$(INSTALL) -D -m 755 package/ntp/S49ntp $(TARGET_DIR)/etc/init.d/S49ntp
+	mkdir -p $(TARGET_DIR)/etc/init.d
+	sed -e 's%@NTPD_EXTRA_ARGS@%$(NTP_DAEMON_EXTRA_ARGS)%g' \
+		package/ntp/S49ntp.in \
+		> $(TARGET_DIR)/etc/init.d/S49ntp
+	chmod 0755 $(TARGET_DIR)/etc/init.d/S49ntp
 endef
 
 define NTP_INSTALL_INIT_SYSTEMD
-	$(INSTALL) -D -m 644 package/ntp/ntpd.service $(TARGET_DIR)/usr/lib/systemd/system/ntpd.service
+	mkdir -p $(TARGET_DIR)/usr/lib/systemd/system
+	sed -e 's%@NTPD_EXTRA_ARGS@%$(NTP_DAEMON_EXTRA_ARGS)%g' \
+		package/ntp/ntpd.service.in \
+		> $(TARGET_DIR)/usr/lib/systemd/system/ntpd.service
 endef
 endif
 
diff --git a/package/ntp/ntpd.service b/package/ntp/ntpd.service.in
similarity index 85%
rename from package/ntp/ntpd.service
rename to package/ntp/ntpd.service.in
index 9a0f4c6dbf..b7db4a2878 100644
--- a/package/ntp/ntpd.service
+++ b/package/ntp/ntpd.service.in
@@ -9,7 +9,7 @@ PIDFile=/run/ntpd.pid
 # correct time to work, but we likely won't acquire that without NTP. Let's
 # break this chicken-and-egg cycle here.
 Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0
-ExecStart=/usr/sbin/ntpd -g -p /run/ntpd.pid
+ExecStart=/usr/sbin/ntpd @NTPD_EXTRA_ARGS@ -g -p /run/ntpd.pid
 
 [Install]
 WantedBy=multi-user.target