Xymon Mailing List Archive search

Patch: ntpdate option -p deprecated

list Brian Scott
Tue, 13 Feb 2024 00:06:11 +1100
Message-Id: <user-fb6b4bd70ea6@xymon.invalid>

On 12/2/2024 8:08 pm, Roland Rosenfeld wrote:
Hi Brian!

On Mon, 12 Feb 2024, Brian Scott wrote:

The -p 1 option is still desirable for standard ntpd. The default is
to do 4 probes which is overkill for xymon.
You are right, but I'm not sure, whether there are still current
systems using the original ntpd.
FreeBSD includes it as part of the base system. I monitor quite a few 
FreeBSD systems.
I have just checked a fresh install of ntpsec from source and can't see
ntpdate being installed. Found this on the ntpsec site under Security
Improvements:

  * The deprecated and vulnerability-prone ntpdate program has been
    replaced with a shell wrapper around ntpdig. Its -e and -p options
    are not implemented. It is no longer documented, but can be found in
    the attic/ directory of the source distribution.

I notice that in the script the behaviour when it finds the -p option is to
simply warn and ignore it:

p) echo "ntpdate: -p is no longer supported." >&2;;

So it's just a neatness thing. The script is undocumented (debian may have
pinched their man page from standard ntp) and unlikely to ever be updated.

Not sure where this leaves us. I know others had similar problems when
distros moved to chrony for ntp. Maybe we need a more generalised approach
to different ntp implementations going forward.
Maybe the best way for ntpsec users is to replace the ntpdate call
with a final ntpdig call (which saves one shell script call).
As far as I can see "ntpdate -u -q foo" with ntpsec-ntpdate wrapper
simply calls "ntpdig -t 1 foo", so why not directly use this?
Agree 100%

i think using a discouraged wrapper like this makes no sense.

However, we still need some way to deal with the cases where the default 
is still the old ntp.

The attached rewritten patch implements this.
Would you mind if I tried to generalise your patch to automatically 
detect which version to use and pick the correct options accordingly? A 
quick look at the code suggests changes to configure.server, a new 
script under build/ to detect which type of ntp is installed, and 
possibly changes to the various build/Makefile.* to set a per-OS 
default. Also I notice that the defaults when nothing is set in 
xymonserver.cfg are established in lib/environ.c but they would be quite 
messy to tinker with.
Greetings
Roland
Cheers,

Brian