ntp: remove seccomp support

it causes issues and most distros dont enable it
see https://github.com/NixOS/nixpkgs/issues/140996

pkgs/tools/networking/ntp/default.nix

@@ -1,11 +1,4 @@
-{ stdenv, lib, fetchurl, openssl, perl, libcap ? null, libseccomp ? null, pps-tools }:
-
-assert stdenv.isLinux -> libcap != null;
-assert stdenv.isLinux -> libseccomp != null;
-
-let
-  withSeccomp = stdenv.isLinux && (stdenv.isi686 || stdenv.isx86_64);
-in
+{ stdenv, lib, fetchurl, openssl, perl, pps-tools, libcap }:
 
 stdenv.mkDerivation rec {
   pname = "ntp";
@@ -16,10 +9,6 @@ stdenv.mkDerivation rec {
     sha256 = "06cwhimm71safmwvp6nhxp6hvxsg62whnbgbgiflsqb8mgg40n7n";
   };
 
-  # The hardcoded list of allowed system calls for seccomp is
-  # insufficient for NixOS, add more to make it work (issue #21136).
-  patches = [ ./seccomp.patch ];
-
   configureFlags = [
     "--sysconfdir=/etc"
     "--localstatedir=/var"
@@ -27,12 +16,10 @@ stdenv.mkDerivation rec {
     "--with-openssl-incdir=${openssl.dev}/include"
     "--enable-ignore-dns-errors"
     "--with-yielding-select=yes"
-  ] ++ lib.optional stdenv.isLinux "--enable-linuxcaps"
-    ++ lib.optional withSeccomp "--enable-libseccomp";
+  ] ++ lib.optional stdenv.isLinux "--enable-linuxcaps";
 
-  buildInputs = [ libcap openssl perl ]
-    ++ lib.optional withSeccomp libseccomp
-    ++ lib.optional stdenv.isLinux pps-tools;
+  buildInputs = [ openssl perl ]
+    ++ lib.optionals stdenv.isLinux [ pps-tools libcap ];
 
   hardeningEnable = [ "pie" ];
 

pkgs/tools/networking/ntp/seccomp.patch

@@ -1,57 +0,0 @@
-From 881e427f3236046466bdb8235edf86e6dfa34391 Mon Sep 17 00:00:00 2001
-From: Michael Bishop <cleverca22@gmail.com>
-Date: Mon, 11 Jun 2018 08:30:48 -0300
-Subject: [PATCH] fix the seccomp filter to include a few previously missed
- syscalls
-
----
- ntpd/ntpd.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
-index 2c7f02ec5..4c59dc2ba 100644
---- a/ntpd/ntpd.c
-+++ b/ntpd/ntpd.c
-@@ -1140,10 +1140,12 @@ int scmp_sc[] = {
- 	SCMP_SYS(close),
- 	SCMP_SYS(connect),
- 	SCMP_SYS(exit_group),
-+	SCMP_SYS(fcntl),
- 	SCMP_SYS(fstat),
- 	SCMP_SYS(fsync),
- 	SCMP_SYS(futex),
- 	SCMP_SYS(getitimer),
-+	SCMP_SYS(getpid),
- 	SCMP_SYS(getsockname),
- 	SCMP_SYS(ioctl),
- 	SCMP_SYS(lseek),
-@@ -1162,6 +1164,8 @@ int scmp_sc[] = {
- 	SCMP_SYS(sendto),
- 	SCMP_SYS(setitimer),
- 	SCMP_SYS(setsid),
-+	SCMP_SYS(setsockopt),
-+	SCMP_SYS(openat),
- 	SCMP_SYS(socket),
- 	SCMP_SYS(stat),
- 	SCMP_SYS(time),
-@@ -1178,9 +1182,11 @@ int scmp_sc[] = {
- 	SCMP_SYS(clock_settime),
- 	SCMP_SYS(close),
- 	SCMP_SYS(exit_group),
-+	SCMP_SYS(fcntl),
- 	SCMP_SYS(fsync),
- 	SCMP_SYS(futex),
- 	SCMP_SYS(getitimer),
-+	SCMP_SYS(getpid),
- 	SCMP_SYS(madvise),
- 	SCMP_SYS(mmap),
- 	SCMP_SYS(mmap2),
-@@ -1194,6 +1200,8 @@ int scmp_sc[] = {
- 	SCMP_SYS(select),
- 	SCMP_SYS(setitimer),
- 	SCMP_SYS(setsid),
-+	SCMP_SYS(setsockopt),
-+	SCMP_SYS(openat),
- 	SCMP_SYS(sigprocmask),
- 	SCMP_SYS(sigreturn),
- 	SCMP_SYS(socketcall),

pkgs/top-level/all-packages.nix

@@ -7976,9 +7976,7 @@ with pkgs;
 
   ntopng = callPackage ../tools/networking/ntopng { };
 
-  ntp = callPackage ../tools/networking/ntp {
-    libcap = if stdenv.isLinux then libcap else null;
-  };
+  ntp = callPackage ../tools/networking/ntp { };
 
   numdiff = callPackage ../tools/text/numdiff { };