From 1d251e268c045af58e9004ce492c712aee56895a Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Thu, 26 Jan 2017 01:25:28 +0100
Subject: [PATCH] chrony: 2.4.1 -> 3.0, enable seccomp

---
 pkgs/tools/networking/chrony/default.nix | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix
index 1e2b48207f5..32a8ca5f99e 100644
--- a/pkgs/tools/networking/chrony/default.nix
+++ b/pkgs/tools/networking/chrony/default.nix
@@ -1,25 +1,26 @@
-{ stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr }:
+{ stdenv, fetchurl, pkgconfig, libcap, readline, texinfo, nss, nspr
+, libseccomp }:
 
 assert stdenv.isLinux -> libcap != null;
 
 stdenv.mkDerivation rec {
   name = "chrony-${version}";
 
-  version = "2.4.1";
+  version = "3.0";
 
   src = fetchurl {
     url = "http://download.tuxfamily.org/chrony/${name}.tar.gz";
-    sha256 = "1q5nxl19fdppwpxancff5dc9crgma8f24zww7ag4bd15yq79xm8g";
+    sha256 = "0vfdsajz2w6b7c94rxrj7fsr234jryhl2rbdlmb7h10gla8pnf50";
   };
 
-  buildInputs = [ readline texinfo nss nspr ] ++ stdenv.lib.optional stdenv.isLinux libcap;
+  buildInputs = [ readline texinfo nss nspr ]
+    ++ stdenv.lib.optionals stdenv.isLinux [ libcap libseccomp ];
   nativeBuildInputs = [ pkgconfig ];
 
   hardeningEnable = [ "pie" ];
 
-  configureFlags = [
-    "--chronyvardir=$(out)/var/lib/chrony"
-  ];
+  configureFlags = [ "--chronyvardir=$(out)/var/lib/chrony" ]
+    ++ stdenv.lib.optional stdenv.isLinux [ "--enable-scfilter" ];
 
   meta = with stdenv.lib; {
     description = "Sets your computer's clock from time servers on the Net";