Update net/chrony: enable privilege separation and other minor changes.

- enables privilege separation
- removes the build dependency on asciidoctor
- removes the runtime dependency on makeinfo and readline
- add a runtime dependency on libedit
- do not install the HTML documentation (in favour of man pages)
- update the post-install message (pkg-message) in light of privilege separation
- set the permission of /var/db/chrony to the new "chronyd" user and group

PR:		216737
Submitted by:	maintainer
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9570

5 files changed, 15 insertions, 14 deletions

diff --git a/GIDs b/GIDs
index 699e3ef4220c..e00afa274435 100644
--- a/GIDs
+++ b/GIDs
@@ -790,7 +790,7 @@ subsonic:*:844:
 sogod:*:846:
 domoticz:*:847:
 graylog:*:848:
-# free: 849
+chronyd:*:849:
 # free: 850
 # free: 851
 # free: 852
diff --git a/UIDs b/UIDs
index 2d069a5f9ed3..f17ae2f752ea 100644
--- a/UIDs
+++ b/UIDs
@@ -795,7 +795,7 @@ subsonic:*:844:844::0:0:Subsonic standalone-server:/nonexistent:/usr/sbin/nologi
 sogod:*:846:846::0:0:SOGo groupware:/nonexistent:/usr/sbin/nologin
 domoticz:*:847:847::0:0:domoticz user:/nonexistent:/usr/sbin/nologin
 graylog:*:848:848::0:0:Graylog user:/nonexistent:/usr/sbin/nologin
-# free: 849
+chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
 # free: 850
 # free: 851
 # free: 852
diff --git a/net/chrony/Makefile b/net/chrony/Makefile
index d09e01785371..bb2d5891b871 100644
--- a/net/chrony/Makefile
+++ b/net/chrony/Makefile
@@ -12,23 +12,24 @@ COMMENT=	System clock synchronization client and server
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 
-BUILD_DEPENDS=	rubygem-asciidoctor>=0:textproc/rubygem-asciidoctor
+USERS=		chronyd
+GROUPS=		chronyd
 
-USES=		cpe gmake makeinfo readline
+USES=		cpe gmake libedit
 CPE_VENDOR=	tuxfamily
 HAS_CONFIGURE=	yes
 CONFIGURE_ARGS=	--prefix=${PREFIX} \
 		--chronyvardir=/var/db/${PORTNAME} \
 		--infodir=${PREFIX}/info \
 		--sysconfdir=${PREFIX}/etc --mandir=${MANPREFIX}/man \
-		--datarootdir=${DATADIR} --docdir=${DOCSDIR}
+		--datarootdir=${DATADIR} --docdir=${DOCSDIR} \
+		--with-user=chronyd
+LDFLAGS+=	-L${LOCALBASE}/lib
 USE_RC_SUBR=	chronyd
 
-ALL_TARGET=	all docs
-INSTALL_TARGET=	install install-docs
-EXTRAPORTDOCS=	FAQ NEWS README
-PORTDOCS=	chrony.conf.html chronyc.html chronyd.html faq.html \
-		installation.html ${EXTRAPORTDOCS}
+ALL_TARGET=	all
+INSTALL_TARGET=	install
+PORTDOCS=	FAQ NEWS README
 PORTEXAMPLES=	chrony.conf.example1 chrony.conf.example2 \
 		chrony.conf.example3 chrony.keys.example
 
@@ -46,7 +47,8 @@ BROKEN_aarch64=		Fails to compile: invalid operands to binary expression (double
 post-install:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/chronyc
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/chronyd
-	${INSTALL_DATA} ${EXTRAPORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	${INSTALL_DATA} ${PORTEXAMPLES:S,^,${WRKSRC}/examples/,} \
 		${STAGEDIR}${EXAMPLESDIR}
diff --git a/net/chrony/pkg-message b/net/chrony/pkg-message
index f9d73bb93540..1a93e4c7428c 100644
--- a/net/chrony/pkg-message
+++ b/net/chrony/pkg-message
@@ -1,5 +1,4 @@
 Unfortunately, this software has shameful history of several vulnerabilities
 previously discovered.  FreeBSD Project cannot guarantee that this spree had
-come to an end.  It is further complicated, as chronyd(8) requires superuser
-permissions to operate; please type ``make deinstall'' to deinstall the port
+come to an end.  Please type ``pkg delete chrony'' to deinstall the port
 if tight security is a concern.
diff --git a/net/chrony/pkg-plist b/net/chrony/pkg-plist
index 47cda48b5875..400d0099252f 100644
--- a/net/chrony/pkg-plist
+++ b/net/chrony/pkg-plist
@@ -4,4 +4,4 @@ man/man1/chronyc.1.gz
 man/man5/chrony.conf.5.gz
 man/man8/chronyd.8.gz
 sbin/chronyd
-@dir /var/db/chrony
+@dir(chronyd,chronyd) /var/db/chrony