Re: [chrony-dev] Chrony and leap-second table expiration

[Bill Unruh <unruh@xxxxxxxxxxxxxx>]

Since 2016 it has not mattered if you used an expired file, since the file has
not changed since then. I think the expiry date is simply next Jun or Dec from
when the file was issued since that is when the next leapsecond could occur.
For the past 14 issues of the file, the only thing that has changes is the
expiry date, and it is looking like the next leapsecond might be negative (the
earth's spin is speeding up for some unknown reason.) which will be a whole
other kettle of worms, since that has never happened before. (59 seconds in an
hour on June 30 or Dec 31 rather than 60 or 61 which will probably completely
mess up the leapsecond smear for those that use it).



William G. Unruh __| Canadian Institute for|____ Tel: +1(604)822-3273
Physics&Astronomy _|___ Advanced Research _|____ Fax: +1(604)822-5324
UBC, Vancouver,BC _|_ Program in Cosmology |____ unruh@xxxxxxxxxxxxxx
Canada V6T 1Z1 ____|____ and Gravity ______|_    theory.physics.ubc.ca/

On Thu, 30 Nov 2023, Patrick Oppenlander wrote:

> [CAUTION: Non-UBC Email]
>
> Hi Paul,
>
> On Thu, Nov 30, 2023 at 6:38 AM Paul Eggert <eggert@xxxxxxxxxxx> wrote:
> > The TZDB mailing list has recently been wrestling with the topic of
> > leap-second table expiration (see [1] and [2] for some of this).
> >
> > Here's the issue. The leap-seconds.list file, maintained by Judah Levine
> > of NIST and redistributed by TZDB, contains a line like this:
> >
> > #@      3928521600
> >
> > which in this example specifies an expiration date of 2024-06-28 00:00
> > UTC. The idea is that this particular leap-seconds.list file should not
> > be used after the expiration date, after which the file will be obsolete
> > and pehaps incorrect.
> >
> > As I understand it, NTPsec parses this comment and rejects obsolete
> > leap-seconds.list files; this is the traditional ntpd behavior.
> >
> > Currently Chrony does not look at the leap-seconds.list file. However,
> > yesterday Patrick Oppenlander proposed[3] a patch to do that.
>
> I only proposed this as the current implementation doesn't work on
> musl based systems.
>
> > So, three questions:
> >
> > * If Chrony reads leap-seconds.list should it also look at the leap
> > second expiration and reject old files?
>
> My initial proposal emits a warning in this case but uses the file
> anyway. This is consistent with chrony's existing behaviour (leapsectz
> on glibc systems) as it will currently continue to use leap second
> information inferred from the time zone without knowing it's expired.
>
> The chrony docs contain a note that the time zone database should be
> kept up to date, so it's currently the user's problem to deal with.
>
> > * If Chrony does not read leap-seconds.list, but instead uses the
> > right/UTC file, should it also look at any leap-second expiration
> > information in that file and reject old files? This would involve Chrony
> > looking at the file directly instead of relying on localtime/mktime, and
> > building right/UTC with TZDB's EXPIRES_LINE=1 option.
>
> To me, parsing leap-seconds.list is easier and more direct than
> parsing the right/UTC file and calculating the leap second offset,
> which is why I proposed the former.
>
> I'm not sure what the best thing to do is if the leap second source is
> known to be expired. There's at least three cases to consider:
> * The database has expired when chrony starts.
> * The database expires while chrony is running, and no leap second has
> been announced via NTP after it's expired.
> * The database expires while chrony is running, and a leap second has
> been announced via NTP after it's expired.
> I think in all cases we need to do our best to make sure that there
> are no unexpected jumps in the user's clock across a chrony restart.
>
> Theoretically chrony could keep its own history of announced leap
> seconds somewhere, but that feels painful and error prone as chrony
> may not be running all the time and miss an announcement.
>
> To me, the ideal solution would be for chrony to query a trusted
> source on the Internet to get current leap second data and avoid this
> whole mess. I'm not aware of such a source though.
>
> Patrick
>
> > * If leap seconds are discontinued, which is a distinct possibility,
> > what sort of "leap second expiration" should Chrony use?
> >
> > [1]: https://mm.icann.org/pipermail/tz/2023-November/033268.html
> > [2]: https://mm.icann.org/pipermail/tz/2023-November/033275.html
> > [3]:
> > https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-dev/2023/11/msg00013.html
> >
> > --
> > To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
> > For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
> > Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.
>
> --
> To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
> For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
> Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.