Consider replacing ntpdate calls by 'ntpd -g'

Bug #583994 reported by C de-Avillez on 2010-05-21
90
This bug affects 17 people
Affects Status Importance Assigned to Milestone
NTP
Invalid
Undecided
Unassigned
ntp (Debian)
New
Unknown
ntp (Ubuntu)
Low
Unassigned
ubuntu-meta (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: ntp

Given that 'ntpdate' is being obsoleted upstream [1], we should replace 'ntpdate' usage by:

 * ntpd -qg (if we really want to set the time and exit), or
 * ntpd-g (if we want to keep ntpd running)

the '-q' option will set the clock once, and exit; the 'g' allows for large corrections to the clock, like what is done by 'ntpdate'.

[1] http://www.eecis.udel.edu/~mills/ntp/html/ntpdate.html

Changed in ntp:
status: Unknown → New
Milan Bouchet-Valat (nalimilan) wrote :

See also bug 322518. I think we want to get rid of ntpdate, and use ntpd everywhere, which would be more consistent.

Changed in ntp (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Ben Shadwick (benshadwick) wrote :

Adding ubuntu-meta because ntpdate lists it as a dependency, when ntpd should be allowed as an alternative.

Ben Shadwick (benshadwick) wrote :

Oops, I meant it the other way around: ubuntu-minimal lists ntpdate as a dependency, such that ubuntu-minimal is uninstalled if you try to replace ntpdate with ntpd.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-meta (Ubuntu):
status: New → Confirmed
Rolf Leggewie (r0lf) wrote :

this is not a bug in ntp (unless one were to advocate to replace the ntpdate command with a wrapper calling ntp which I believe no one is doing). Closing the ntp task.

Changed in ntp (Ubuntu):
status: Triaged → Invalid
Rolf Leggewie (r0lf) wrote :

I think going forward with this ticket instead of the much older bug 61619 is preferable.

ntpdate has been deprecated upstream for a long time as previously pointed out. The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to ntpd.

Setting milestone for vivid, hoping that it is not too late, yet.

Changed in ubuntu-meta (Ubuntu):
importance: Undecided → Medium
milestone: none → ubuntu-15.02
status: Confirmed → Triaged
Rolf Leggewie (r0lf) wrote :
Ben Shadwick (benshadwick) wrote :

Rofl, thanks for looking into the situation and reversing course on this bug.

I've can confirm what you've seen about ntpdate being deprecated and ntpd recently receiving critical vulnerability fixes.

Changed in ntp:
importance: Unknown → Undecided
status: New → Invalid
Rolf Leggewie (r0lf) on 2015-04-19
Changed in ntp (Ubuntu):
status: Invalid → Confirmed
milestone: none → ubuntu-15.02
A. Denton (aquina) wrote :

Quote by r0lf: "The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to NTPd."

Sorry r0lf, but that's laughable. Do you really want people to run a fully featured (your wording: vulnerable) NTP daemon just to do s.th. like this (ntpdate -u HOSTNAME >>/var/log/messages 2>&1) one a day within a "/etc/cron.hourly/ntp"?

Don't get me wrong -- I agree with you on the upstream-part of your statement, but I disagree when it comes to bloat systems unnecessarily. Once OS used to be simple, only containing things which their operators needed. Why force them into running daemons the don't really have demand for? I think "ntpd -qg" is the only option, although far from perfect.

https://twitter.com/TRONDELTA/status/546138511284658177

Ben Shadwick (benshadwick) wrote :

@aquina:

ntpd doesn't have to be shipped with a configuration that will launch it as a daemon. It can easily be used to do ntpdate's job without daemonizing.

Also, the ntpd binary is actually only around 2/3 the size of the ntpdate binary, so I think you may be backwards on which one is bloated.

Changed in ntp (Debian):
status: Unknown → New
Robie Basak (racb) on 2015-04-23
Changed in ntp (Ubuntu):
milestone: ubuntu-15.02 → none
Changed in ubuntu-meta (Ubuntu):
milestone: ubuntu-15.02 → none
god (humper) wrote :

It would be much better to replace it with systemd-timesyncd calls and drop ntpdate dependency altogether.

Bryan Quigley (bryanquigley) wrote :

@god that was what was done according to https://www.youtube.com/watch?v=ihVibT0Lm0I, and I see you opened a new bug for it here https://bugs.launchpad.net/ubuntu/+source/ubuntu-meta/+bug/1451247

god (humper) wrote :

Yes, I thought it would be more clear cause I can't change the title of this bug. Once the patch is applied and updated meta-packages pushed both bugs could be safely closed.

Bryan Quigley (bryanquigley) wrote :

The other bug was closed and now it's just systemd-timesyncd in minimal.

Changed in ntp (Ubuntu):
status: Confirmed → Invalid
Changed in ubuntu-meta (Ubuntu):
status: Triaged → Fix Released
Rolf Leggewie (r0lf) wrote :

Not a good development in my opinion since it ties everyone more and more firmly to the systemd hegemony. I'm not a systemd hater but I don't think this is a good direction. Nonetheless, I guess it's better than what we currently have which is unmaintained code.

god (humper) wrote :

> I'm not a systemd hater

Don't flatter yourself. Since when exactly inability of some users to run "sudo apt install ntpdate" equals to "systemd hegemony"?

Rolf Leggewie (r0lf) wrote :

@god, be nice, apply logic and be productive or go home. It appears you have some deficiency to understand what I wrote and didn't write.

god (humper) wrote :

Bug trackers are for information related to bugs. If you're unable to contribute something meaningful - go whine someplace else: there're forums, twitter, social networks for that.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.