ntpd commandline expansion

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

ntpd commandline expansion

Luke Small
I often use virtualbox to run openbsd-amd64 and lately I haven't been able
to "ntpd -s" and make it update the clock, which may have been after
several days. It often adversely affects my use of google products, as they
update their keys often and if the clock is wrong, it says there is a
security issue with the secure connection.

I realize there is an interest to assure that the clock remains accurate
and I saw in a video where Theo was receiving ntp signals that attempted to
radically change his computer's time.

Is there a way that ntpd can have an extra argument that could allow for a
large time shift? Maybe where it asks you to confirm the time and date when
the time shift if the received date would otherwise be ignored?


-Luke

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Philip Guenther-2
On Sat, May 7, 2016 at 9:06 AM, Luke Small <[hidden email]> wrote:
> I often use virtualbox to run openbsd-amd64 and lately I haven't been able
> to "ntpd -s" and make it update the clock, which may have been after
> several days.

Uh, how about we start by figuring out why "ntpd -s" is misbehaving
before we launch into adding new "NO, I REALLY MEAN IT" options?
What's the verbose output?  dmesg?


Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Luke Small
It is because I am saving the state in virtualbox, which is like putting it
in hibernate, except instead of refreshing the time, the time remains the
same as when it last ran, which can be some time ago.

-Luke

On Sat, May 7, 2016 at 3:13 PM, Philip Guenther <[hidden email]> wrote:

> On Sat, May 7, 2016 at 9:06 AM, Luke Small <[hidden email]> wrote:
> > I often use virtualbox to run openbsd-amd64 and lately I haven't been
> able
> > to "ntpd -s" and make it update the clock, which may have been after
> > several days.
>
> Uh, how about we start by figuring out why "ntpd -s" is misbehaving
> before we launch into adding new "NO, I REALLY MEAN IT" options?
> What's the verbose output?  dmesg?
>
>
> Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Lyndon Nerenberg (VE6BBM/VE7TFX)
On 2016-05-07 3:56 PM, Luke Small wrote:
> It is because I am saving the state in virtualbox, which is like putting it
> in hibernate, except instead of refreshing the time, the time remains the
> same as when it last ran, which can be some time ago.

Why are you running ntpd in a VM?  Just have the VM pay attention to the
hardware clock, and let ntpd on the host take care of things.

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Luke Small
In reply to this post by Luke Small
I am running on an ASUS laptop, which OpenBSD may have disabled APM support
to remain compatible. Anyway, I can't run ZZZ even as root (unless there is
a setting that demands to be flipped somewhere). It takes a few seconds to
save the state and return using the virtualbox utility and it is as if
nothing happened to stop it. What happens on another machine in which the
battery goes out on the motherboard that powers the clock. if you hibernate
while you are running a preferable uninterruptible process, you are screwed
if your work demands an accurate clock.

-Luke

On Sat, May 7, 2016 at 5:56 PM, Luke Small <[hidden email]> wrote:

> It is because I am saving the state in virtualbox, which is like putting
> it in hibernate, except instead of refreshing the time, the time remains
> the same as when it last ran, which can be some time ago.
>
> -Luke
>
> On Sat, May 7, 2016 at 3:13 PM, Philip Guenther <[hidden email]>
> wrote:
>
>> On Sat, May 7, 2016 at 9:06 AM, Luke Small <[hidden email]> wrote:
>> > I often use virtualbox to run openbsd-amd64 and lately I haven't been
>> able
>> > to "ntpd -s" and make it update the clock, which may have been after
>> > several days.
>>
>> Uh, how about we start by figuring out why "ntpd -s" is misbehaving
>> before we launch into adding new "NO, I REALLY MEAN IT" options?
>> What's the verbose output?  dmesg?
>>
>>
>> Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Philip Guenther-2
On Sat, May 7, 2016 at 4:27 PM, Luke Small <[hidden email]> wrote:
> I am running on an ASUS laptop, which OpenBSD may have disabled APM support
> to remain compatible. Anyway, I can't run ZZZ even as root (unless there is
> a setting that demands to be flipped somewhere).

So here's the *real* problem, but I see no bug report for it, not even
a dmesg from you to [hidden email].  Plonk.


> It takes a few seconds to
> save the state and return using the virtualbox utility and it is as if
> nothing happened to stop it. What happens on another machine in which the
> battery goes out on the motherboard that powers the clock. if you hibernate
> while you are running a preferable uninterruptible process, you are screwed
> if your work demands an accurate clock.

Lyndon** is correct: if you want the clock in your virtualbox to jump,
virtualbox is the one that should jump it.  Changing ntpd to some how
magically detect that the VM was paused and resumed is a workaround on
a kludge.

The output of "fortune -m tailor" seems relevant: stop walking stooped
over with your elbows bent and get a correctly fitting suit.


Philip Guenther

** Hi Lyndon!  Long time since friends-of-imap dinners...

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Luke Small
I used to be able to run ntpd -s in 5.8

Now I can't. Apparently sometimes security causes incompatibilities.

I ran sendbug with my complaint.

-Luke

On Sat, May 7, 2016 at 7:06 PM, Philip Guenther <[hidden email]> wrote:

> On Sat, May 7, 2016 at 4:27 PM, Luke Small <[hidden email]> wrote:
> > I am running on an ASUS laptop, which OpenBSD may have disabled APM
> support
> > to remain compatible. Anyway, I can't run ZZZ even as root (unless there
> is
> > a setting that demands to be flipped somewhere).
>
> So here's the *real* problem, but I see no bug report for it, not even
> a dmesg from you to [hidden email].  Plonk.
>
>
> > It takes a few seconds to
> > save the state and return using the virtualbox utility and it is as if
> > nothing happened to stop it. What happens on another machine in which the
> > battery goes out on the motherboard that powers the clock. if you
> hibernate
> > while you are running a preferable uninterruptible process, you are
> screwed
> > if your work demands an accurate clock.
>
> Lyndon** is correct: if you want the clock in your virtualbox to jump,
> virtualbox is the one that should jump it.  Changing ntpd to some how
> magically detect that the VM was paused and resumed is a workaround on
> a kludge.
>
> The output of "fortune -m tailor" seems relevant: stop walking stooped
> over with your elbows bent and get a correctly fitting suit.
>
>
> Philip Guenther
>
> ** Hi Lyndon!  Long time since friends-of-imap dinners...

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Patrick Dohman
In reply to this post by Philip Guenther-2
> Lyndon** is correct: if you want the clock in your virtualbox to jump,
> virtualbox is the one that should jump it.  Changing ntpd to some how
> magically detect that the VM was paused and resumed is a workaround on
> a kludge.


I agree numerous suspend resumes will result in drift however typing doas
rdate -nv pool.ntp.org <http://pool.ntp.org/> will resolve the issue.

I ran into this exact issue recently when issuing certs in conjunction with
Antoine Jacoutot new create-ami.sh script.

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Theo de Raadt
> > Lyndon** is correct: if you want the clock in your virtualbox to jump,
> > virtualbox is the one that should jump it.  Changing ntpd to some how
> > magically detect that the VM was paused and resumed is a workaround on
> > a kludge.
>
>
> I agree numerous suspend resumes will result in drift however typing doas
> rdate -nv pool.ntp.org <http://pool.ntp.org/> will resolve the issue.

Resolves a specific issue, but creates a pile of others.  Good luck.

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Benjamin Baier
In reply to this post by Philip Guenther-2
On Sat, 7 May 2016 13:13:49 -0700
Philip Guenther <[hidden email]> wrote:

> On Sat, May 7, 2016 at 9:06 AM, Luke Small <[hidden email]> wrote:
> > I often use virtualbox to run openbsd-amd64 and lately I haven't been able
> > to "ntpd -s" and make it update the clock, which may have been after
> > several days.  
>
> Uh, how about we start by figuring out why "ntpd -s" is misbehaving
> before we launch into adding new "NO, I REALLY MEAN IT" options?
> What's the verbose output?  dmesg?

Had a similar "problem" on a recent install.
The hardware clock was so out of date, that a ntpd -s refused to set
the time because of ...ssl certificates not yet valid...

Solution one disable constraint check and run ntpd the old fashioned way
for the first few minutes. Or second solution, set the date once by hand
and then run ntpd with constraint checks.

Greetings Ben

Reply | Threaded
Open this post in threaded view
|

Re: ntpd commandline expansion

Dave Vandervies
In reply to this post by Luke Small
Somebody claiming to be Luke Small wrote:
> It is because I am saving the state in virtualbox, which is like putting it
> in hibernate, except instead of refreshing the time, the time remains the
> same as when it last ran, which can be some time ago.

Use the right tool for the job: http://www.tedunangst.com/flak/post/vmtimed
Port: http://terse.ca/vmtimed.tar.gz

--
Dave Vandervies
[hidden email] / [hidden email]

Plan your future!  Make God laugh!