Consider replacing ntpdate calls by 'ntpd -g'
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | NTP |
Invalid
|
Undecided
|
Unassigned | |
| | ntp (Debian) |
New
|
Unknown
|
||
| | ntp (Ubuntu) |
Low
|
Unassigned | ||
| | ubuntu-meta (Ubuntu) |
Medium
|
Unassigned | ||
Bug Description
Binary package hint: ntp
Given that 'ntpdate' is being obsoleted upstream [1], we should replace 'ntpdate' usage by:
* ntpd -qg (if we really want to set the time and exit), or
* ntpd-g (if we want to keep ntpd running)
the '-q' option will set the clock once, and exit; the 'g' allows for large corrections to the clock, like what is done by 'ntpdate'.
| Changed in ntp: | |
| status: | Unknown → New |
| Milan Bouchet-Valat (nalimilan) wrote : | #1 |
| Changed in ntp (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Low |
| Ben Shadwick (benshadwick) wrote : | #2 |
Adding ubuntu-meta because ntpdate lists it as a dependency, when ntpd should be allowed as an alternative.
| Ben Shadwick (benshadwick) wrote : | #3 |
Oops, I meant it the other way around: ubuntu-minimal lists ntpdate as a dependency, such that ubuntu-minimal is uninstalled if you try to replace ntpdate with ntpd.
| Launchpad Janitor (janitor) wrote : | #4 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in ubuntu-meta (Ubuntu): | |
| status: | New → Confirmed |
| Rolf Leggewie (r0lf) wrote : | #5 |
this is not a bug in ntp (unless one were to advocate to replace the ntpdate command with a wrapper calling ntp which I believe no one is doing). Closing the ntp task.
| Changed in ntp (Ubuntu): | |
| status: | Triaged → Invalid |
| Rolf Leggewie (r0lf) wrote : | #6 |
I think going forward with this ticket instead of the much older bug 61619 is preferable.
ntpdate has been deprecated upstream for a long time as previously pointed out. The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to ntpd.
Setting milestone for vivid, hoping that it is not too late, yet.
| Changed in ubuntu-meta (Ubuntu): | |
| importance: | Undecided → Medium |
| milestone: | none → ubuntu-15.02 |
| status: | Confirmed → Triaged |
| Rolf Leggewie (r0lf) wrote : | #7 |
https:/
| Ben Shadwick (benshadwick) wrote : | #8 |
Rofl, thanks for looking into the situation and reversing course on this bug.
I've can confirm what you've seen about ntpdate being deprecated and ntpd recently receiving critical vulnerability fixes.
| Changed in ntp: | |
| importance: | Unknown → Undecided |
| status: | New → Invalid |
| Changed in ntp (Ubuntu): | |
| status: | Invalid → Confirmed |
| milestone: | none → ubuntu-15.02 |
| A. Denton (aquina) wrote : | #9 |
Quote by r0lf: "The NTP code has seen numerous security vulnerabilities and we have to assume that ntpdate is not receiving the same scrutiny anymore when compared to NTPd."
Sorry r0lf, but that's laughable. Do you really want people to run a fully featured (your wording: vulnerable) NTP daemon just to do s.th. like this (ntpdate -u HOSTNAME >>/var/log/messages 2>&1) one a day within a "/etc/cron.
Don't get me wrong -- I agree with you on the upstream-part of your statement, but I disagree when it comes to bloat systems unnecessarily. Once OS used to be simple, only containing things which their operators needed. Why force them into running daemons the don't really have demand for? I think "ntpd -qg" is the only option, although far from perfect.
| Ben Shadwick (benshadwick) wrote : | #10 |
@aquina:
ntpd doesn't have to be shipped with a configuration that will launch it as a daemon. It can easily be used to do ntpdate's job without daemonizing.
Also, the ntpd binary is actually only around 2/3 the size of the ntpdate binary, so I think you may be backwards on which one is bloated.
| Changed in ntp (Debian): | |
| status: | Unknown → New |
| Changed in ntp (Ubuntu): | |
| milestone: | ubuntu-15.02 → none |
| Changed in ubuntu-meta (Ubuntu): | |
| milestone: | ubuntu-15.02 → none |
| god (humper) wrote : | #11 |
It would be much better to replace it with systemd-timesyncd calls and drop ntpdate dependency altogether.
| Bryan Quigley (bryanquigley) wrote : | #12 |
@god that was what was done according to https:/
| god (humper) wrote : | #13 |
Yes, I thought it would be more clear cause I can't change the title of this bug. Once the patch is applied and updated meta-packages pushed both bugs could be safely closed.
| Bryan Quigley (bryanquigley) wrote : | #14 |
The other bug was closed and now it's just systemd-timesyncd in minimal.
| Changed in ntp (Ubuntu): | |
| status: | Confirmed → Invalid |
| Changed in ubuntu-meta (Ubuntu): | |
| status: | Triaged → Fix Released |
| Rolf Leggewie (r0lf) wrote : | #15 |
Not a good development in my opinion since it ties everyone more and more firmly to the systemd hegemony. I'm not a systemd hater but I don't think this is a good direction. Nonetheless, I guess it's better than what we currently have which is unmaintained code.
| god (humper) wrote : | #16 |
> I'm not a systemd hater
Don't flatter yourself. Since when exactly inability of some users to run "sudo apt install ntpdate" equals to "systemd hegemony"?
| Rolf Leggewie (r0lf) wrote : | #17 |
@god, be nice, apply logic and be productive or go home. It appears you have some deficiency to understand what I wrote and didn't write.
| god (humper) wrote : | #18 |
Bug trackers are for information related to bugs. If you're unable to contribute something meaningful - go whine someplace else: there're forums, twitter, social networks for that.
See also bug 322518. I think we want to get rid of ntpdate, and use ntpd everywhere, which would be more consistent.