Re: [chrony-dev] chronyd set time and exit

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]


My embedded device is intermittently powered, and it doesn't require a very high time accuracy. So whenever it boots up again, which I expect to be once a week, i will simply run an ntp sync, and then quit. 

For secure ssh, it needs to verify certs, and for that it needs proper wall clock time (more or less). that's why I need NTP. Given all the recent news about NTP vulns, I would like to have a secure implementation, and that's why I need authenticated NTP. That's also why I'm looking at chronyd coz of all the nice security features, and the fairly regular release cycle.

RE: ntpclient, is this part of chronyd, or is this the one from ntpsec? or classic ntp? Also, I'd rather not use MD5. I'll be using my own NTP server, so i'll configure it to use SHA.

-Earlence


On Thu, Jun 9, 2016 at 2:47 AM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
On Wed, Jun 08, 2016 at 11:18:50AM -0700, Earlence Fernandes wrote:
> Hi
>
> My use case requires only running once, setting the time and then exiting.
> I know this works by doing chronyd -q

Ok, so there are no requirements on accuracy? Just bring it close to
the true time on start and it doesn't matter if the clock will drift
by several seconds per day?

Maybe it would be easier to use something other than NTP, something
that's already supported on the system. Is there a ssh or https
client? E.g. run the date command over ssh, or wget/curl the current
time from the server and set the local clock in a shell script.

> However, I am planning on using chronyd for a small embedded arm linux
> project, and I want to cut off flash space as much as I can. that is, I'd
> like to trim down the binary size. Right now, on my platform, it takes
> about 114K, but smaller would be better. My idea is to comment out code
> that does all of the drift calculations, all of the daemon code etc, and
> only retain the core logic to do a one time authenticated NTP sync.
> Basically something like ntpupdate as its own binary.

I assume you tried the --disable-* options that the configure script
has. On a MIPS-based router I use, chronyd compiled only with the NTP
support has ~90K.

The drift calculations and daemon specific code don't take much space.
There isn't an object that would be significantly bigger than others
and which could be trimmed down to save a lot of space. You would
probably need to modify a lot of code.

If you need NTP, I think it might be easier to take the ntpclient
implementation (~16K binary) and add support for MD5 keys to it.

--
Miroslav Lichvar

--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.




Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/