You are not logged in.

#1 2018-11-10 18:16:01

sjensen
Member
From: Germany
Registered: 2018-08-08
Posts: 31

systemd: clearing build in time server

Hi,...

how do i clear the default time server build into systemd?

# /etc/systemd/timesyncd.conf

[Time]
#NTP=
#FallbackNTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

Setting an empty "FallbackNTP=" like the "FallbackDNS=" in resolved.conf for clearing the default dns server seems not to work for NTP

# /etc/systemd/timesyncd.conf

[Time]
#NTP=
#FallbackNTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048

FallbackNTP=

Still makes connections to "0.arch.pool.ntp.org"

Offline

#2 2018-11-10 18:31:01

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: systemd: clearing build in time server


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2018-11-10 18:37:05

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: systemd: clearing build in time server

man timesyncd.conf wrote:

When the empty string is assigned, the list of NTP servers is reset, and all assignments prior to this one will have no effect. If this option is not given, a compiled-in list of NTP servers is used instead.

https://git.archlinux.org/svntogit/pack … stemd#n127
So: specify your own fallback server. Or recompile, but you may have to actually patch the code itself or at least the build/configure scripts; there may still be an upstream default that gets compiled in after removing the $_timeservers from the PKGBUILD.

Offline

#4 2018-11-10 19:07:38

sjensen
Member
From: Germany
Registered: 2018-08-08
Posts: 31

Re: systemd: clearing build in time server

Raynman wrote:
man timesyncd.conf wrote:

When the empty string is assigned, the list of NTP servers is reset, and all assignments prior to this one will have no effect. If this option is not given, a compiled-in list of NTP servers is used instead.

https://git.archlinux.org/svntogit/pack … stemd#n127
So: specify your own fallback server. Or recompile, but you may have to actually patch the code itself or at least the build/configure scripts; there may still be an upstream default that gets compiled in after removing the $_timeservers from the PKGBUILD.

So, it is a bug then? If i read the man page correctly, setting "FallbackNTP=" should indeed clear any ntp server. I did exactly that, see above. The service should rather fail in this situation, imho.

Offline

#5 2018-11-10 19:24:23

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: systemd: clearing build in time server

I don't think it would be considered a bug. It says the list is reset when you assign the empty string and that does indeed seem to happen: it resets to the compiled-in list of servers. That's why I said you should check exactly how that meson build option ntpservers works (if you were to try recompiling): it's probably set up to always have something to fall back on.

But you could try setting it to a non-existent server.

Last edited by Raynman (2018-11-10 19:34:06)

Offline

#6 2018-11-10 19:52:39

sjensen
Member
From: Germany
Registered: 2018-08-08
Posts: 31

Re: systemd: clearing build in time server

Raynman wrote:

I don't think it is a bug. It says the list is reset when you assign the empty string and that does indeed seem to happen: it resets to the compiled-in list of servers. That's why I said you may have to dig into the source if you really want to it to have zero fallback servers: it's probably meant to always have something to fall back on.

Ok, I understand. Thank you.

Raynman wrote:

But you could try setting it to a non-existent server.

That is kind of ugly, I believe. I simply don't want to connect to "unwanted" hosts outside the network and I want a service to fail, when it is not proper configured or the internal resources, that are manually configured are not available. Simple as that. I don't like these "fallback buildin serverlists" at all. At least one should be able to disable them, without rebuilding the hole package. Just my thoughts.

Offline

#7 2018-11-10 20:08:47

Raynman
Member
Registered: 2011-10-22
Posts: 1,539

Re: systemd: clearing build in time server

sjensen wrote:
Raynman wrote:

But you could try setting it to a non-existent server.

That is kind of ugly, I believe.

Kind of, yeah.

sjensen wrote:

At least one should be able to disable them, without rebuilding the hole package. Just my thoughts.

Seems like a reasonable request, but you'd have to file an issue with the systemd devs and see if they agree. Or, if building with an empty list is possible [edit: without patching, I mean, keeping it vanilla and all that], you could try to get the maintainer to build the Arch package that way and only include the arch pool servers in the default config file.

Last edited by Raynman (2018-11-10 20:18:27)

Offline

#8 2018-11-11 16:25:50

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: systemd: clearing build in time server

sjensen, have you considered using ntpd instead of systemd-timesyncd ?

/etc/ntp.conf has lots of options to control sever/client behaviour.


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#9 2018-11-11 20:16:31

sjensen
Member
From: Germany
Registered: 2018-08-08
Posts: 31

Re: systemd: clearing build in time server

Lone_Wolf wrote:

sjensen, have you considered using ntpd instead of systemd-timesyncd ?

Yeah, NetworkManager even has a dispatcher hook for ntp. But since "gnome-control-panel" presents a switch for the time/date settings, I thought to stay close to that. However, I found the real reason why the fallback ntp server are used in the first place. It seems that NetworkManger doesn't tell systemd about the ntp server learned from dhcp. I did a quick test in combination with "systemd-networkd" and it worked immediately and the local ntp is used. It seems NetworkManager is lacking support for this. In consequence, i guess any common gnome setup with NetworkManager will use the builtin fallback server and only the builtin fallback server.

Not being able to disable the hard coded fallback server is still debatable, i guess. For some reason systemd currently fails to rebuild (lz4 compress tests fails), so i have to try with the empty fallback list later.

Offline

#10 2018-11-11 20:54:16

loqs
Member
Registered: 2014-03-06
Posts: 17,195

Re: systemd: clearing build in time server

https://github.com/systemd/systemd/comm … d224d0ee7e fixes the lz4 issue
For the noted CVE

            '31c84ff11ea22b0bc1b2459db09e4d2aa66bdf2a' #CVE-2018-6954
            'b206ac8e54a3656b681b2f6031c7cd0feb7f5e26'
            '14f3480af1f5b5884827977fedecf0d7bb61ebab'
            '5ec9d065128cfc6ffde28abd3938f5009e36e41a'
            'b1f7b17f9a6374ac621c80da5e0678c0e867fe18'
            '16ba55adb1d60577b321c781d81a410da3d28dcd'
            '14ab804e14edfa224430ed2c8182864034c9075d'
            '551470ecf2bb56d28e30440ca93e07ee5427e3b8'
            '074bd73fd36a6379d10d41c307223706b0ef300d'
            'c7700a7748c2b96a048532530f1e793b654f507f'
            '4ad36844103474d8035743d55c334b88f32b808c'
            '5494602195f5300db8b2eac7c2b77b922d0ceddf'
            '1f56e4ce773f195bbdf2dfc639d967309321441c'
            '4c39d899ff00e90b7290e4985696f321d7f2726f'
            '1e9126316fa10f8f1e2d40b90c77fb63fe10f781'
            '62f9666ae03d3a2f0205ffa54eb4267faca43b74'
            'a2fc2f8dd30c17ad1e23a31fc6ff2aeba4c6fa27'
            '7ea5a87f92bbc7e30cf198bfbad2472a1ecdbf78'
            '4fe3828c587e4324184fbf153606277058dbe33a'
            '2c3d5adde0289fcbf9a99308c392bd8a3d2d91b4'
            '7e531a5265687aef5177b070c36ca4ceab42e768'
            'a12e4ade1b7634f7286f53d9ce2b3a12ab17826e'
            '43231f00c2b9508c37d4cbbb2e49e9b99b096792'
            'addc3e302dad239fb11cf280b0ce4761fe07e015'
            '9f36a8fb381afd99c1a8c46f71521cbb99472b6c'
            '7f6240fab157fe0374ecd6efbee5b8495cc95b5f'

Offline

#11 2018-11-12 20:30:59

sjensen
Member
From: Germany
Registered: 2018-08-08
Posts: 31

Re: systemd: clearing build in time server

loqs wrote:

https://github.com/systemd/systemd/comm … d224d0ee7e fixes the lz4 issue
For the noted CVE

Thank you. That helped a lot. I have now rebuild the package with an empty fallback list and there are no unwanted connections made anymore.

local _timeservers=()

I can see now how setting these Fallbacks are not a bad idea, but I still think one should be able to disable them for certain situations/needs, without removing them completely. Best way to do it, is certainly setting "FallbackNTP" in timesyncd.conf:

FallbackNTP=

I would go ahead and make a request to the developers. I am not entirely sure, if this is intended to work this way anyway, because with "FallbackDNS=" it works already this way. I'm not a native speaker, so the man page is kind of vague to me.

Offline

Board footer

Powered by FluxBB