[needs-packaging] The packages ntp and ntpsec are not equivalent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
NTP |
Confirmed
|
Undecided
|
|||
ntp (Debian) |
Confirmed
|
Undecided
|
Unassigned | ||
ntp (Juju Charms Collection) |
Confirmed
|
Undecided
|
Unassigned | ||
ntp (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
I recently did an install of Ubuntu 23.04 and then configured ntp as I have been doing so for more than 8 years.
With previous versions of Debian and Ubuntu using the real ntp package, the details at https:/
I updated the details at https:/
Compare the following and the lack of ".MCST." and ".ACST.":
Original ntp on Apollo-Lake-N3150
jonathan@
Description: Ubuntu 22.04.3 LTS
Release: 22.04
jonathan@
remote refid st t when poll reach delay offset jitter
=======
0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 +0.000 0.000
ntp.mcast.net .MCST. 16 M - 64 0 0.000 +0.000 0.000
ff0e::101 .MCST. 16 M - 64 0 0.000 +0.000 0.000
ntp.mcast.net .ACST. 16 a - 64 0 0.000 +0.000 0.000
ff0e::101 .ACST. 16 a - 64 0 0.000 +0.000 0.000
*time.cloudflare 10.242.8.77 3 u 469 1024 367 234.691 -0.929 67.380
+2001-44b8-2100- 42.3.115.79 2 u 581 1024 377 487.209 +55.669 57.154
+2001-44b8-2100- 4.179.66.17 3 u 215 1024 377 489.637 +57.002 35.399
jonathan@
NTPsec on Braswell-N3150
jonathan@
No LSB modules are available.
Description: Ubuntu 23.04
Release: 23.04
jonathan@
remote refid st t when poll reach delay offset jitter
=======
0.ubuntu.
1.ubuntu.
2.ubuntu.
3.ubuntu.
+prod-ntp-
*time.tfmcloud.au 203.35.83.242 2 u 325 1024 367 325.9317 -0.1496 43.0522
+any.time.nl 133.243.238.243 2 u 158 1024 373 300.7941 -20.8962 136.1422
+ntp2.its.
+2001-44b8-
+tic.ntp.
+863xqmprtfqv69
+gps-ads.
+x.ns.gin.ntt.net 129.250.35.222 2 u 57 1024 367 22.4974 41.3055 6.0639
jonathan@
This behaviour will affect the following:
Ubuntu 22.10, 23.04 and 23.10
Debian 12, 13 and 14
NTPsec have documented their reasoning for lacking support.
https:/
https:/
https:/
https:/
The issue remains that ntp and ntpsec are not capability equivalent.
I foresee two means of rectifying this predicament, if NTPsec is going to be the default implementation of NTP then ntpsec needs to implement all of the capabilities of ntp, or the easier alternative is that the real ntp https:/
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: ntp 1:4.2.8p15+
ProcVersionSign
Uname: Linux 6.2.0-34-generic x86_64
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckR
Date: Fri Oct 13 18:13:27 2023
InstallationDate: Installed on 2023-09-15 (27 days ago)
InstallationMedia: Ubuntu-Unity 23.04 "Lunar Lobster" - Release amd64 (20230419)
PackageArchitec
SourcePackage: ntpsec
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
description: | updated |
description: | updated |
affects: | ntpsec (Debian) → ntp (Debian) |
affects: | ntpsec (Ubuntu) → ntp (Ubuntu) |
tags: | added: ntp |
Changed in ntp (Ubuntu): | |
status: | Invalid → Confirmed |
tags: | added: needs-packaging |
Changed in ntp (Debian): | |
status: | Invalid → Confirmed |
Changed in ntp: | |
status: | New → Confirmed |
You are correct that the multicast support has been removed in NTPsec. This was intentional:
https:/ /docs.ntpsec. org/latest/ ntpsec. html
"Broadcast- and multicast modes, which are impossible to secure, have been removed."
The Debian maintainers of the "ntp" package decided to stop maintaining it. Rather than orphaning it, they asked on debian-devel and the consensus was to drop it entirely in favor of "ntpsec" (which I was already maintaining in Debian).
It would be a pain, but if you wanted to pick up maintaining "ntp" in Debian again, that's theoretically possible. I wouldn't recommend it, and certainly not if the only missing thing is multicast support.
Instead, I recommend you configure all of your clients to speak unicast to your NTP server. This is more-or-less the same effect anyway. It gives you the option to then "upgrade" to NTS (Network Time Security), if you desire.