third_party/chrony: initialize
First pass at building chrony. Minimal functionality, notably skipped
features are:
 - PRIVDROP (requires libcap)
 - NTS (requires gnutls)
Do we need anything else?
Tested with:
    $ bazel build '@chrony//:chrony' --crosstool_top=//build/toolchain/musl-host-gcc:musl_host_cc_suite
    $ file bazel-bin/external/chrony/chrony
    bazel-bin/external/chrony/chrony: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
    $ bazel-bin/external/chrony/chrony -v
    chronyd (chrony) version 4.1-monogon (NTP RTC SCFILTER ASYNCDNS)
Change-Id: I56ac15a23e5741c0428580268cf40ae7744078d4
Reviewed-on: https://review.monogon.dev/c/monogon/+/293
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>
diff --git a/WORKSPACE b/WORKSPACE
index 00c6aeb..1e2d57b 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -196,6 +196,12 @@
     version = "5.2.0",
 )
 
+load("//third_party/chrony:external.bzl", "chrony_external")
+
+chrony_external(
+    name = "chrony",
+)
+
 register_toolchains("//:host_python")
 
 # python dependencies. Currently we don't use Python, but some of our deps (ie. gvisor) do expect @pydeps// to exist, even
diff --git a/third_party/chrony/BUILD.bazel b/third_party/chrony/BUILD.bazel
new file mode 100644
index 0000000..700f7de
--- /dev/null
+++ b/third_party/chrony/BUILD.bazel
@@ -0,0 +1 @@
+exports_files(["config.h.in"])
diff --git a/third_party/chrony/chrony.bzl b/third_party/chrony/chrony.bzl
new file mode 100644
index 0000000..7c15ff3
--- /dev/null
+++ b/third_party/chrony/chrony.bzl
@@ -0,0 +1,203 @@
+load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
+load("@dev_source_monogon//build/utils:template_file.bzl", "template_file")
+
+template_file(
+    name = "config.h",
+    src = "@dev_source_monogon//third_party/chrony:config.h.in",
+    substitutions = {
+        # ONCHANGE(//third_party/chrony:external.bzl): version needs to be kept in sync
+        "%CHRONY_VERSION%": "4.1-monogon",
+    }
+)
+
+# Headers which couldn't be decoupled into sub-libraries.
+cc_library(
+    name = "common_hdrs",
+    srcs = [
+        ":config.h",
+
+        # Headers corresponding to .c files in :common.
+        "addrfilt.h",
+        "array.h",
+        "clientlog.h",
+        "cmdparse.h",
+        "conf.h",
+        "keys.h",
+        "local.h",
+        "logging.h",
+        "memory.h",
+        "nameserv.h",
+        "reference.h",
+        "regress.h",
+        "samplefilt.h",
+        "sched.h",
+        "smooth.h",
+        "socket.h",
+        "sources.h",
+        "sourcestats.h",
+        "util.h",
+
+        # Corresponding to .c files in :ntp.
+        "ntp_core.h",
+        "ntp_sources.h",
+        "nts_ke.h",
+
+        # Other headers.
+        "addressing.h",
+        "candm.h",
+        "cmdmon.h",
+        "cmac.h",
+        "hash.h",
+        "localp.h",
+        "manual.h",
+        "ntp.h",
+        "privops.h",
+        "refclock.h",
+        "reports.h",
+        "siv.h",
+        "srcparams.h",
+        "sysincl.h",
+    ],
+)
+
+# Sources which couldn't be decoupled into sub-libraries.
+cc_library(
+    name = "common",
+    srcs = [
+        "addrfilt.c",
+        "array.c",
+        "clientlog.c",
+        "cmdparse.c",
+        "conf.c",
+        "keys.c",
+        "local.c",
+        "logging.c",
+        "memory.c",
+        "reference.c",
+        "regress.c",
+        "samplefilt.c",
+        "sched.c",
+        "smooth.c",
+        "socket.c",
+        "sources.c",
+        "sourcestats.c",
+        "util.c",
+    ],
+    deps = [
+        ":common_hdrs",
+    ],
+)
+
+
+# MD5 library used by keys.c, which does #include "md5.c".
+cc_library(
+    name = "md5",
+    textual_hdrs = [
+        "md5.h",
+        "md5.c",
+    ],
+)
+
+cc_library(
+    name = "nameserv",
+    srcs = [
+        "nameserv.c",
+        "nameserv_async.h",
+        "nameserv_async.c",
+    ],
+    deps = [
+        ":common",
+    ],
+)
+
+cc_library(
+    name = "ntp",
+    srcs = [
+        "nts_ke_client.h",
+        "nts_ke_server.h",
+        "nts_ke_session.h",
+        "nts_ntp_client.h",
+        "nts_ntp_auth.h",
+        "nts_ntp_server.h",
+        "nts_ntp.h",
+
+        "ntp_auth.h",
+        "ntp_auth.c",
+        "ntp_core.c",
+        "ntp_ext.h",
+        "ntp_ext.c",
+        "ntp_io.h",
+        "ntp_io.c",
+        "ntp_signd.h",
+        "ntp_sources.c",
+    ],
+    deps = [
+        ":common",
+        ":nameserv",
+    ],
+)
+
+cc_library(
+    name = "sys",
+    srcs = [
+        "sys.h",
+        "sys.c",
+        "sys_generic.h",
+        "sys_generic.c",
+        "sys_linux.h",
+        "sys_linux.c",
+        "sys_timex.h",
+        "sys_timex.c",
+        "sys_posix.h",
+        "sys_null.h",
+        "sys_null.c",
+    ],
+    deps = [
+        ":common",
+        "@seccomp//:seccomp",
+    ],
+)
+
+cc_library(
+    name = "rtc",
+    srcs = [
+        "rtc.h",
+        "rtc.c",
+        "rtc_linux.h",
+        "rtc_linux.c",
+    ],
+    deps = [
+        ":common",
+        ":sys",
+    ],
+)
+
+cc_library(
+    name = "tempcomp",
+    srcs = [
+        "tempcomp.h",
+        "tempcomp.c",
+    ],
+    deps = [
+        ":common",
+    ],
+)
+
+cc_binary(
+    name = "chrony",
+    srcs = [
+        "hash_intmd5.c",
+        "main.h",
+        "main.c",
+        "stubs.c",
+
+    ],
+    deps = [
+        ":common",
+        ":md5",
+        ":ntp",
+        ":rtc",
+        ":tempcomp",
+    ],
+    visibility = ["//visibility:public"],
+)
diff --git a/third_party/chrony/config.h.in b/third_party/chrony/config.h.in
new file mode 100644
index 0000000..5be1b28
--- /dev/null
+++ b/third_party/chrony/config.h.in
@@ -0,0 +1,19 @@
+#define LINUX
+#define DEBUG 0
+#define USE_PTHREAD_ASYNCDNS
+
+#define CHRONY_VERSION "%CHRONY_VERSION%"
+#define CHRONYD_FEATURES "NTP RTC SCFILTER ASYNCDNS"
+#define FEAT_NTP
+#define FEAT_RTC
+#define FEAT_SCFILTER
+#define FEAT_ASYNCDNS
+
+#define DEFAULT_COMMAND_SOCKET "/todo/chronyd.sock"
+#define DEFAULT_CONF_FILE "/todo/chrony.conf"
+#define DEFAULT_HWCLOCK_FILE ""
+#define DEFAULT_PID_FILE "/todo/chronyd.pid"
+#define DEFAULT_RTC_DEVICE "/dev/rtc"
+#define DEFAULT_USER "root"
+
+#define MAIL_PROGRAM "/todo/sendmail"
diff --git a/third_party/chrony/external.bzl b/third_party/chrony/external.bzl
new file mode 100644
index 0000000..e269c41
--- /dev/null
+++ b/third_party/chrony/external.bzl
@@ -0,0 +1,29 @@
+#  Copyright 2020 The Monogon Project Authors.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
+
+def chrony_external(name):
+    # ONCHANGE(//third_party/chrony:chrony.bzl): version needs to be kept in sync
+    version = "4.1"
+
+    http_archive(
+        name = name,
+        sha256 = "61a1b0879432695735a1e2a14e5d1ae499d3be15099c767501fbe695f46861da",
+        build_file = "@//third_party/chrony:chrony.bzl",
+        strip_prefix = "chrony-" + version,
+        urls = ["https://git.tuxfamily.org/chrony/chrony.git/snapshot/chrony-%s.tar.gz" % version],
+    )
diff --git a/third_party/seccomp/seccomp.bzl b/third_party/seccomp/seccomp.bzl
index 782c762..6b0a9aa 100644
--- a/third_party/seccomp/seccomp.bzl
+++ b/third_party/seccomp/seccomp.bzl
@@ -78,5 +78,6 @@
         ":seccomp.h",
         "include/seccomp-syscalls.h",
     ],
+    includes = ["."],
     visibility = ["//visibility:public"],
 )