Search Criteria
Package Details: ntpsec 1.1.9-3
| Git Clone URL: | https://aur.archlinux.org/ntpsec.git (read-only, click to copy) |
|---|---|
| Package Base: | ntpsec |
| Description: | Security-hardened Network Time Protocol implementation |
| Upstream URL: | https://www.ntpsec.org/ |
| Licenses: | |
| Conflicts: | |
| Provides: | |
| Submitter: | chungy |
| Maintainer: | gdfuego |
| Last Packager: | gdfuego |
| Votes: | 5 |
| Popularity: | 0.000805 |
| First Submitted: | 2016-12-01 10:10 |
| Last Updated: | 2020-06-03 17:12 |
Dependencies (12)
- avahi (avahi-nosystemd, avahi-git, avahi-gtk2)
- libbsd (libbsd-git)
- libseccomp (libseccomp-git)
- python (python-dbg)
- asciidoc (asciidoc-git, asciidoc-py3) (make)
- binutils (binutils-tune-bfd-hash, binutils-git) (make)
- pps-tools (pps-tools-git) (make)
- w3m (make)
- gnuplot (gnuplot-caca, gnuplot-git, gnuplot-svg, gnuplot-headless, gnuplot-nogui) (optional) – for ntpviz
- libevent (libevent-git, libevent-fb) (optional) – for ntpdig
- python-psutil (optional) – Optional for ntpviz, allows running with ionice
- ttf-liberation (optional) – Improves font quality in ntpviz renderings
Required by (17)
- cephadm (requires ntp) (optional)
- cephadm-git (requires ntp) (optional)
- dhcpcd-hook-ntpdate (requires ntp)
- domjudge-docs (requires ntp) (optional)
- domjudge-domserver (requires ntp) (optional)
- domjudge-judgehost (requires ntp) (optional)
- domjudge-submit (requires ntp) (optional)
- ethoscope-device (requires ntp)
- ethoscope-node (requires ntp)
- freeipa-client (requires ntp)
- gpsd-timing (requires ntp)
- kana-p-git (requires ntp)
- networkmanager-dispatcher-ntpd (requires ntp)
- networkmanager-dispatcher-ntpdconf (requires ntp) (optional)
- rc.local.d (requires ntp) (optional)
- timeset (requires ntp)
- timeset-gui (requires ntp)
Latest Comments
gdfuego commented on 2019-11-26 01:53
I updated to the latest version and added arm7h support
eimis commented on 2019-11-24 18:45
took around 6 and a half minutes to compile on armv7h allwinner h3. it works well. maybe add armv7h as supported arch?
pcmoore commented on 2019-07-22 13:41
Version 1.1.6 was tagged on July 10th. Any chance you can update this package and fix the build problem (stray comma causing build failures, see comment below)?
pcmoore commented on 2019-06-30 14:19
It looks like commit
7cd5c2ab410a("Add binutils to makedepends") breaks the build with an extra comma.==> ERROR: makedepends contains invalid characters: ','
pcmoore commented on 2019-06-25 01:52
FYI: it looks like v1.1.4 has been released today.
gdfuego commented on 2018-09-18 19:38
I've updated the package to the latest upstream version, and I've configured it to include a stock set of configs. These are handled through /etc/ntp.d, but it should use ntp.conf instead if you do have one.
akrieger commented on 2017-05-01 00:17
I also ran into trouble running ntpsec (possibly the same error as Eremiell). There seems to be an issue with seccomp blocking syscalls in ntpd. seccomp is meant as an extra defense measure that forbids the use of arbitrary syscalls, but it requires a list of every syscall used (legitimately) by ntpd. Of course, different versions of libc use different syscalls (or even the same version of libc on different platforms), and apparently Arch's version of glibc uses "extra" syscalls.
There's an upstream issue here: <https://gitlab.com/NTPsec/ntpsec/issues/275>
In the meantime, editing PKGBUILD to remove '--enable-seccomp' on line 42 will build ntpd without seccomp as a temporary workaround (although this does weaken security against an attacker who gains the ability to execute arbitrary code in ntpd's process).
The alternative is to patch ntpsec sources to add the "extra" syscalls to the seccomp whitelist. I'm holding off on that since it seems like a really messy fix (it's too platform- and library-dependent), but the upstream issue has details for anyone wanting to go that route.
Eremiell commented on 2017-04-10 22:29
It looks like this package doesn't bring in any default ntp.conf.
While I always edit it in hand, I prefer to have some skeleton available, so I check if the defaults are sane, switch servers for local pool and few proven static ones, more like do minor edits and not write the whole thing anew.
You should be able to grab one from the ntp package, possibly editing it a bit if you don't find it sane enough.
Edit: OK, looking at it, the default one in ntp package is quite brief compared to what I'm used to. Guess I nicked my previous skeleton elsewhere. Still, it's at least there. ;)
More edit: ntpsec for some reason doesn't work at all for me. It starts to listen and then just flops and get killed by systemd. Rollbacked to ntp for now. While it is certainly suboptimal, I lived with it for years and it still "just works".
Apr 11 01:05:57 taurus sudo[14208]: eremiell : TTY=pts/1 ; PWD=/home/eremiell/builds/ntpsec ; USER=root ; COMMAND=/usr/bin/systemctl start ntpd.service
Apr 11 01:05:57 taurus sudo[14208]: pam_unix(sudo:session): session opened for user root by eremiell(uid=0)
Apr 11 01:05:57 taurus systemd[1]: Starting Network Time Service...
-- Subject: Unit ntpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ntpd.service has begun starting up.
Apr 11 01:05:57 taurus ntpd[14211]: ntpd ntpsec-0.9.7+7 2017-03-23T07:41:51Z: Starting
Apr 11 01:05:57 taurus ntpd[14211]: Command line: /usr/bin/ntpd -g -u ntp:ntp
Apr 11 01:05:57 taurus systemd[1]: Started Network Time Service.
-- Subject: Unit ntpd.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit ntpd.service has finished starting up.
--
-- The start-up result is done.
Apr 11 01:05:57 taurus ntpd[14212]: proto: precision = 0.099 usec (-23)
Apr 11 01:05:57 taurus systemd[1]: ntpd.service: Main process exited, code=killed, status=31/SYS
Apr 11 01:05:57 taurus ntpd[14212]: successfully locked into RAM
Apr 11 01:05:57 taurus ntpd[14212]: restrict default: notrap keyword is ignored.
Apr 11 01:05:57 taurus ntpd[14212]: Listen and drop on 0 v6wildcard [::]:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen and drop on 1 v4wildcard 0.0.0.0:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 2 lo 127.0.0.1:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 3 wlp13s0 192.168.13.24:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 4 enp14s0 192.168.13.1:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 5 lo [::1]:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 6 wlp13s0 [fe80::1acf:5eff:fe91:42eb%2]:123
Apr 11 01:05:57 taurus ntpd[14212]: Listen normally on 7 enp14s0 [fe80::6202:92ff:fe3f:c29f%3]:123
Apr 11 01:05:57 taurus ntpd[14212]: Listening on routing socket on fd #24 for interface updates
Apr 11 01:05:57 taurus ntpd[14212]: sandbox: seccomp_init() succeeded
Apr 11 01:05:57 taurus sudo[14208]: pam_unix(sudo:session): session closed for user root
glitsj16 commented on 2016-12-02 17:23
As there's quite some active development on ntpsec, you might want to offer a git version too. I took the liberty to copy your ntpsec PKGBUILD and make some very minor changes in case you're considering it.
https://gist.github.com/eee62d6853708d23765f687b74fae18d
glitsj16 commented on 2016-12-01 20:02
Hi, looks like w3m needs to be added to makedepends array:
a2x: ERROR: "w3m" -cols 70 -dump -T text/html -no-graph "/home/glitsj16/ntpsec/src/ntpsec-0.9.5/docs/copyright.text.html" > "/home/glitsj16/ntpsec/src/ntpsec-0.9.5/docs/copyright.text" returned non-zero exit status 127
==> ERROR: A failure occurred in build().
Aborting...