cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 07:28:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

chrony: improve configuration

Browse Source 
Extend configuration of NTP sources in UCI:
- Add nts option to enable NTS
- Add disabled option to allow inactive sources

Add nts section to UCI with:
- rtccheck option to disable certificate time checks on systems that
  don't have an RTC to avoid the chicken-and-egg problem (it is less
  secure, but still should be better than no NTS at all)
- systemcerts option to disable system certificates
- trustedcerts option to specify path to trusted certificates

Save NTS keys and cookies by default to avoid unnecessary NTS-KE
sessions when restarted or switching back to an already used NTS source.
Also, save the drift to stabilize the clock after chronyd restart.

Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
This commit is contained in:
Miroslav Lichvar
2020-10-30 20:57:35 +01:00
parent b9d6d6cdd0
commit 21c0f580f1
4 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/chrony/files/chrony.conf
+7 -1
View File
@@ -10,5 +10,11 @@ logchange 0.5
# Don't log client accesses
noclientlog
# set the system clock else the kernel will always stay in UNSYNC state
# Mark the system clock as synchronized
rtcsync
# Record the clock's drift
driftfile /var/run/chrony/drift
# Save NTS keys and cookies
ntsdumpdir /var/run/chrony