Package Details: networkmanager-dispatcher-chrony 2.1-1

Git Clone URL: (read-only)
Package Base: networkmanager-dispatcher-chrony
Description: Dispatcher Script for chrony
Upstream URL:
Keywords: chrony dispatcher networkmanager ntp script
Licenses: MIT
Submitter: Freso
Maintainer: Freso
Last Packager: Freso
Votes: 60
Popularity: 0.244228
First Submitted: 2011-11-01 22:21
Last Updated: 2015-07-12 13:43

Latest Comments

crs commented on 2014-12-10 07:07

this script produces authentication errors for me:

501 Not authorised --- Reply not authenticated

which I think it's because the generated password in /etc/chrony.keys was hashed with SHA1. 10-chrony could be enhanced to specify the "authhash" command before "password", but this seems simpler:

--- 10-chrony~ 2014-12-08 00:09:03.000000000 -0500
+++ 10-chrony 2014-12-10 02:04:29.086331142 -0500
@@ -7,17 +7,13 @@

# Chrony set-up
+CHRONY='/usr/bin/chronyc -a'
-KEYFILE=`grep ^keyfile $CONFIG | sed 's/[^ ]* //' -`
-COMMANDKEY=`grep ^commandkey $CONFIG | sed 's/[^ ]* //' -`
-PASSWORD=`grep ^$COMMANDKEY $KEYFILE | sed 's/.*[^ ] //' -`
STATECMD='nmcli -t --fields STATE g'

chrony_cmd() {
echo Chrony going $1.
exec $CHRONY <<EOF
-password $PASSWORD

carlwgeorge commented on 2014-10-06 13:51

@Freso I sent you a PR with some fixes.

Freso commented on 2014-08-14 08:53

Implemented latest changes by Troy Engel. Thank you! Also, feel free to make pull requests proper against in the future. :)

troyengel commented on 2014-08-11 22:53

The NetworkManager that is in the repository no longer ships the 'nm-tool' utility, so this script is also broken in that area. It can be replaced by "nmcli -t --fields STATE g" easily:

STATECMD="nmcli -t --fields STATE g"
if [ ! `${STATECMD}` = 'connected' ]; then

This fix plus the PASSWORD one now results in a fully working dispatcher with the latest NM release.

troyengel commented on 2014-08-11 21:30

This script doesn't work with the default configuration of chrony.conf and chrony.keys; they set the keyword 'generatecommandkey' which writes the key in MD5 format (other Googling shows SHA is also possible):


This is documented here:

The issue is the sed line for PASSWORD doesn't strip out the method, so tries to pass "MD5 HEX:..." over to chronyc. Here's a sed that works for both what's in the wiki ('1 xyzzy') and the autogenerated keys ('1 MD5 HEX:...'):

-PASSWORD=`grep ^$COMMANDKEY $KEYFILE | sed 's/[^ ]* //' -`
+PASSWORD=`grep ^$COMMANDKEY $KEYFILE | sed 's/.*[^ ] //' -`

That will extract the other direction - find the last space and grab what follows it, rather than finding the first space etc. It also looks like we could just avoid this altogether and use "chronyc -a" to automatically do the needful.