cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

chrony: improve configuration

Browse Source 
Extend configuration of NTP sources in UCI:
- Add nts option to enable NTS
- Add disabled option to allow inactive sources

Add nts section to UCI with:
- rtccheck option to disable certificate time checks on systems that
  don't have an RTC to avoid the chicken-and-egg problem (it is less
  secure, but still should be better than no NTS at all)
- systemcerts option to disable system certificates
- trustedcerts option to specify path to trusted certificates

Save NTS keys and cookies by default to avoid unnecessary NTS-KE
sessions when restarted or switching back to an already used NTS source.
Also, save the drift to stabilize the clock after chronyd restart.

Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
This commit is contained in:
Miroslav Lichvar
2020-10-30 20:57:35 +01:00
parent b9d6d6cdd0
commit 21c0f580f1
4 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/chrony/files/chrony.config
+5
View File
@@ -5,6 +5,7 @@ config pool
config dhcp_ntp_server
option iburst 'yes'
option disabled 'no'
config allow
option interface 'lan'
@@ -12,3 +13,7 @@ config allow
config makestep
option threshold '1.0'
option limit '3'
config nts
option rtccheck 'yes'
option systemcerts 'yes'