diff --git a/net/chrony/Makefile b/net/chrony/Makefile index f69be16fe3..99e933d17a 100644 --- a/net/chrony/Makefile +++ b/net/chrony/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=chrony PKG_VERSION:=4.0 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://download.tuxfamily.org/chrony/ diff --git a/net/chrony/files/chrony.conf b/net/chrony/files/chrony.conf index c427e85ace..a4d24a7c6f 100644 --- a/net/chrony/files/chrony.conf +++ b/net/chrony/files/chrony.conf @@ -10,5 +10,11 @@ logchange 0.5 # Don't log client accesses noclientlog -# set the system clock else the kernel will always stay in UNSYNC state +# Mark the system clock as synchronized rtcsync + +# Record the clock's drift +driftfile /var/run/chrony/drift + +# Save NTS keys and cookies +ntsdumpdir /var/run/chrony diff --git a/net/chrony/files/chrony.config b/net/chrony/files/chrony.config index 63f494d7a7..7214ce430f 100644 --- a/net/chrony/files/chrony.config +++ b/net/chrony/files/chrony.config @@ -5,6 +5,7 @@ config pool config dhcp_ntp_server option iburst 'yes' + option disabled 'no' config allow option interface 'lan' @@ -12,3 +13,7 @@ config allow config makestep option threshold '1.0' option limit '3' + +config nts + option rtccheck 'yes' + option systemcerts 'yes' diff --git a/net/chrony/files/chronyd.init b/net/chrony/files/chronyd.init index 42b052d8bc..a734d431e8 100644 --- a/net/chrony/files/chronyd.init +++ b/net/chrony/files/chronyd.init @@ -6,21 +6,26 @@ USE_PROCD=1 PROG=/usr/sbin/chronyd CONFIGFILE=/etc/chrony/chrony.conf INCLUDEFILE=/var/etc/chrony.d/10-uci.conf +RTCDEVICE=/dev/rtc0 handle_source() { - local cfg=$1 sourcetype=$2 hostname minpoll maxpoll iburst + local cfg=$1 sourcetype=$2 disabled hostname minpoll maxpoll iburst nts + config_get_bool disabled "$cfg" disabled 0 + [ "$disabled" = "1" ] && return hostname=$NTP_SOURCE_HOSTNAME [ -z "$hostname" ] && config_get hostname "$cfg" hostname [ -z "$hostname" ] && return config_get minpoll "$cfg" minpoll config_get maxpoll "$cfg" maxpoll config_get_bool iburst "$cfg" iburst 0 + config_get_bool nts "$cfg" nts 0 echo $( echo $sourcetype $hostname [ -n "$minpoll" ] && echo minpoll $minpoll [ -n "$maxpoll" ] && echo maxpoll $maxpoll [ "$iburst" = "1" ] && echo iburst + [ "$nts" = "1" ] && echo nts ) } @@ -53,6 +58,18 @@ handle_makestep() { echo makestep $threshold $limit } +handle_nts() { + local cfg=$1 threshold limit + + config_get_bool rtccheck "$cfg" rtccheck 0 + config_get_bool systemcerts "$cfg" systemcerts 1 + config_get trustedcerts "$cfg" trustedcerts + # Disable certificate time checks if no RTC is present + [ "$rtccheck" = "1" ] && ! [ -c $RTCDEVICE ] && echo nocerttimecheck 1 + [ "$systemcerts" = "0" ] && echo nosystemcert + [ -n "$trustedcerts" ] && echo ntstrustedcerts "$trustedcerts" +} + start_service() { . /lib/functions/network.sh @@ -71,5 +88,6 @@ start_service() { config_foreach handle_source peer peer config_foreach handle_allow allow config_foreach handle_makestep makestep + config_foreach handle_nts nts ) > $INCLUDEFILE }