Package Details: ntpsec 1.2.1-0

Git Clone URL: https://aur.archlinux.org/ntpsec.git (read-only, click to copy)
Package Base: ntpsec
Description: Security-hardened Network Time Protocol implementation
Upstream URL: https://www.ntpsec.org/
Licenses: custom
Conflicts: ntp
Provides: ntp
Submitter: chungy
Maintainer: gdfuego
Last Packager: gdfuego
Votes: 9
Popularity: 0.22
First Submitted: 2016-12-01 10:10
Last Updated: 2021-06-14 20:15

Dependencies (11)

Required by (19)

Sources (4)

Latest Comments

1 2 Next › Last »

kql commented on 2021-03-12 19:32

Thanks! Now it's running perfectly.

gdfuego commented on 2021-03-12 19:09

I just removed seccomp. Can you confirm it's working for you now?

kql commented on 2021-03-12 16:26

After a fresh install and default config, the service crashed with ntpd.service: Main process exited, code=killed, status=31/SYS. After removing --enable-seccomp as suggested here https://lists.ntpsec.org/pipermail/devel/2021-January/009680.html the service seems to run as expected.

Perhaps the switch should be removed from build()?

gdfuego commented on 2019-11-26 01:53

I updated to the latest version and added arm7h support

eimis commented on 2019-11-24 18:45

took around 6 and a half minutes to compile on armv7h allwinner h3. it works well. maybe add armv7h as supported arch?

pcmoore commented on 2019-07-22 13:41

Version 1.1.6 was tagged on July 10th. Any chance you can update this package and fix the build problem (stray comma causing build failures, see comment below)?

pcmoore commented on 2019-06-30 14:19

It looks like commit 7cd5c2ab410a ("Add binutils to makedepends") breaks the build with an extra comma.

==> ERROR: makedepends contains invalid characters: ','

pcmoore commented on 2019-06-25 01:52

FYI: it looks like v1.1.4 has been released today.

gdfuego commented on 2018-09-18 19:38

I've updated the package to the latest upstream version, and I've configured it to include a stock set of configs. These are handled through /etc/ntp.d, but it should use ntp.conf instead if you do have one.

akrieger commented on 2017-05-01 00:17

I also ran into trouble running ntpsec (possibly the same error as Eremiell). There seems to be an issue with seccomp blocking syscalls in ntpd. seccomp is meant as an extra defense measure that forbids the use of arbitrary syscalls, but it requires a list of every syscall used (legitimately) by ntpd. Of course, different versions of libc use different syscalls (or even the same version of libc on different platforms), and apparently Arch's version of glibc uses "extra" syscalls.

There's an upstream issue here: <https://gitlab.com/NTPsec/ntpsec/issues/275>

In the meantime, editing PKGBUILD to remove '--enable-seccomp' on line 42 will build ntpd without seccomp as a temporary workaround (although this does weaken security against an attacker who gains the ability to execute arbitrary code in ntpd's process).

The alternative is to patch ntpsec sources to add the "extra" syscalls to the seccomp whitelist. I'm holding off on that since it seems like a really messy fix (it's too platform- and library-dependent), but the upstream issue has details for anyone wanting to go that route.