No edit summary |
No edit summary |
||
Line 52: | Line 52: | ||
== Upgrade/compatibility impact == | == Upgrade/compatibility impact == | ||
The `ntp` package is replaced automatically on upgrade to Fedora 34. | The `ntp` package is replaced automatically with `ntpsec` on upgrade to Fedora 34. If the original `ntpd` service is enabled, the new `ntpd` service will be enabled and the original ''/etc/ntp.conf'' configuration file will be kept, which will override the new default configuration in ''/etc/ntp.d''. | ||
== How To Test == | == How To Test == |
Revision as of 14:05, 7 December 2020
ntp replacement
Summary
The ntp
package is replaced with ntpsec
.
Owner
- Name: Miroslav Lichvar
- Email: mlichvar@redhat.com
Current status
- Targeted release: Fedora 34
- Last updated: 2020-12-07
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
ntp
is one of the few NTP implementations provided in Fedora. It is not used or installed by default.
The upstream project is not in a good shape and it doesn't seem to be improving. The development is slow and happens behind closed doors. There is a significant number of known security issues that have not been fixed yet. Some are exploitable in the default configuration.
ntpsec is a fork of ntp
with focus on security. It has removed a lot of code and fixed or avoided most of the security issues in ntp
. It doesn't support all features, but in typical configurations it can be used as a drop-in replacement for ntp
.
There are few packages in Fedora that have a dependency on ntp
:
nagios-plugins-ntp-perl
ntpstat
Benefit to Fedora
This change makes Fedora more secure.
Scope
- Proposal owners:
- Package
ntpsec
obsoleting thentp
package. - Retire
ntp
package. - Make sure the dependent packages still work.
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not needed for this Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
The ntp
package is replaced automatically with ntpsec
on upgrade to Fedora 34. If the original ntpd
service is enabled, the new ntpd
service will be enabled and the original /etc/ntp.conf configuration file will be kept, which will override the new default configuration in /etc/ntp.d.
How To Test
- Install
ntpsec
- Run
ntpdate pool.ntp.org
- Start the
ntpd
service - Run
ntpq -p
to verifyntpd
is polling servers and synchronizing the clock
User Experience
For most users of ntp
the experience is not expected to change significantly. Advanced configurations may need to be modified to work with ntpsec
.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: Unretire
ntp
and remove the obsoletes inntpsec
- Contingency deadline: Fedora 34 Beta
- Blocks release? N/A (not a System Wide Change)
- Blocks product?
Documentation
N/A (not a System Wide Change)
Release Notes
The classic ntpd
service was formerly provided by the ntp
package. The ntp
software has significant security issues and development seems moribund. It has now been replaced with the ntpsec
package, an actively maintained fork of the ntp
software. No functional changes are expected for most users.