Hi Brian!
On Mon, 12 Feb 2024, Brian Scott wrote:
The -p 1 option is still desirable for standard ntpd. The default is to do 4 probes which is overkill for xymon.
You are right, but I'm not sure, whether there are still current systems using the original ntpd.
I have just checked a fresh install of ntpsec from source and can't see ntpdate being installed. Found this on the ntpsec site under Security Improvements:
- The deprecated and vulnerability-prone ntpdate program has been replaced with a shell wrapper around ntpdig. Its -e and -p options are not implemented. It is no longer documented, but can be found in the attic/ directory of the source distribution.
I notice that in the script the behaviour when it finds the -p option is to simply warn and ignore it:
p) echo "ntpdate: -p is no longer supported." >&2;;
So it's just a neatness thing. The script is undocumented (debian may have pinched their man page from standard ntp) and unlikely to ever be updated.
Not sure where this leaves us. I know others had similar problems when distros moved to chrony for ntp. Maybe we need a more generalised approach to different ntp implementations going forward.
Maybe the best way for ntpsec users is to replace the ntpdate call with a final ntpdig call (which saves one shell script call). As far as I can see "ntpdate -u -q foo" with ntpsec-ntpdate wrapper simply calls "ntpdig -t 1 foo", so why not directly use this?
The attached rewritten patch implements this.
Greetings Roland