Date: Thu, 7 Jul 2022 12:56:05 +0200 From: Ronald Klop <ronald-lists@klop.ws> To: freebsd-arm@freebsd.org Subject: Re: RPI4 + ntpdate + unbound Message-ID: <c0b58858-5bb2-4bbd-deae-5ac3679a140b@klop.ws> In-Reply-To: <YsVaNqwNAdlEoHdj@server.rulingia.com> References: <Yr/DPWc9Y%2Brp0J78@phouka1.phouka.net> <YsVaNqwNAdlEoHdj@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------Ma2upRyPPGUQimYRM1PCa798 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 7/6/22 11:47, Peter Jeremy wrote: > On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote: >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock >> type FreeBSD install on setting the time with ntpdate and the unbound >> DNS server (aiming for DNSSEC). As many people have noted before me, >> that setup is sort of broken because you can't look up DNSSEC hosts if >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > If you're running UFS, the system clock should get set to the timestamp > in the superblock. That will be the last sync before the previous > shutdown so it'll be minutes to hours out of date but that should be > recent enough for DNSSEC to work. > > Note that this only works on UFS - see > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > As an alternative option, the RTC in both the Rock64 and RockPro64 > are supported. > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. Not polished yet. But it works on my RPI4 14-CURRENT. With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. Regards, Ronald. --------------Ma2upRyPPGUQimYRM1PCa798 Content-Type: text/plain; charset=UTF-8; name="fakertc" Content-Disposition: attachment; filename="fakertc" Content-Transfer-Encoding: base64 IyEvYmluL3NoCiMKCiMgUFJPVklERTogcnRjCiMgUkVRVUlSRTogRklMRVNZU1RFTVMKIyBC RUZPUkU6IG5ldGlmCiMgS0VZV09SRDogbm9qYWlsIHNodXRkb3duCgouIC9ldGMvcmMuc3Vi cgoKbmFtZT0iZmFrZXJ0YyIKZGVzYz0iUmVzdG9yZSBSVEMgZGF0ZSBhbmQgdGltZSIKc3Rh cnRfY21kPSJmYWtlcnRjX3N0YXJ0IgpzdG9wX2NtZD0iZmFrZXJ0Y19zdG9wIgoKZXh0cmFf Y29tbWFuZHM9InNhdmVydGMiCnNhdmVydGNfY21kPSIke25hbWV9X3N0b3AiCgpydGNfZmls ZT0iL3Zhci9kYi8ke25hbWV9IgoKcnRjX2Zvcm1hdD0iKyVZJW0lZCVIJU0uJVMiCgpzYXZl X3J0YygpCnsKCW91bWFzaz1gdW1hc2tgCgl1bWFzayAwNzcKCWRlYnVnICJzYXZpbmcgcnRj IHRvICR7cnRjX2ZpbGV9IgoJZGF0ZSAtSXNlY29uZHMgPiAiJHtydGNfZmlsZX0iCgl1bWFz ayAke291bWFza30KfQoKZmFrZXJ0Y19zdGFydCgpCnsKCgllY2hvIC1uICJTZXQgUlRDIGZy b206ICR7cnRjX2ZpbGV9OiAiCgoJaWYgWyAhIC1yICR7cnRjX2ZpbGV9IF0gOyB0aGVuCgkJ d2FybiAiJHtydGNfZmlsZX0gaXMgbm90IHJlYWRhYmxlIgoJCXJldHVybiAxCglmaQoKCWNh c2UgJHtydGNfZmlsZTo9LyR7bmFtZX19IGluCglbTm5dW09vXSkKCQk7OwoJKikKCQlkYXRl IC11ICQoIGNhdCAiJHtydGNfZmlsZX0iICkKCQk7OwoJZXNhYwoKCWVjaG8gJy4nCn0KCmZh a2VydGNfc3RvcCgpCnsKCSMgV3JpdGUgc29tZSBlbnRyb3B5IHNvIHdoZW4gdGhlIG1hY2hp bmUgcmVib290cyAvZGV2L3JhbmRvbQoJIyBjYW4gYmUgcmVzZWVkZWQKCSMKCWNhc2UgJHty dGNfZmlsZTo9LyR7bmFtZX19IGluCglbTm5dW09vXSkKCQk7OwoJKikKCQllY2hvIC1uICJX cml0aW5nIFJUQyBmaWxlOiAke3J0Y19maWxlfSIKCQlvdW1hc2s9YHVtYXNrYAoJCXVtYXNr IDA3NwoJCWRhdGUgLXUgIiR7cnRjX2Zvcm1hdH0iID4gIiR7cnRjX2ZpbGV9IiB8fCB3YXJu ICd3cml0ZSBmYWlsZWQgKHJlYWQtb25seSBmcz8pJwoJCXVtYXNrICR7b3VtYXNrfQoJCWVj aG8gJy4nCgkJOzsKCWVzYWMKfQoKbG9hZF9yY19jb25maWcgJG5hbWUKcnVuX3JjX2NvbW1h bmQgIiQxIgo= --------------Ma2upRyPPGUQimYRM1PCa798--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c0b58858-5bb2-4bbd-deae-5ac3679a140b>