From nobody Thu Jul 7 10:56:05 2022 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DAD6B3E58CC for ; Thu, 7 Jul 2022 10:56:25 +0000 (UTC) (envelope-from ronald-lists@klop.ws) Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ldtd45pjHz3Sx0 for ; Thu, 7 Jul 2022 10:56:24 +0000 (UTC) (envelope-from ronald-lists@klop.ws) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=klop.ws; s=mail; h=In-Reply-To:From:References:To:Subject:MIME-Version:Date:Message-ID :Content-Type:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7/UMzCwNbviXhBFbKU+pftaFTBDyeNThEtQ3fGL2Slc=; b=X5kSRRKEF9pR3gCSgAQMlu3KDv +VbWNMBDRpZfmZYGLioBwSzN832hIZV478hDNkkwjTDSbTBrYfidIcqsjTz/Omrywb61gDeAqEVfT 4+2K3MJDxTEAkWLgTEyk4Ldq/stY8Zip19fASIj+n+SQiXWr+1tkP1hE7Lep38RSb58Q=; Content-Type: multipart/mixed; boundary="------------Ma2upRyPPGUQimYRM1PCa798" Message-ID: Date: Thu, 7 Jul 2022 12:56:05 +0200 List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: RPI4 + ntpdate + unbound Content-Language: en-US To: freebsd-arm@freebsd.org References: From: Ronald Klop In-Reply-To: X-Authenticated-As-Hash: 398f5522cb258ce43cb679602f8cfe8b62a256d1 X-Virus-Scanned: by clamav at smarthost1.greenhost.nl X-Spam-Level: / X-Spam-Score: -0.4 X-Spam-Status: No, score=-0.4 required=5.0 tests=ALL_TRUSTED,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,T_SCC_BODY_TEXT_LINE autolearn=disabled version=3.4.2 X-Scan-Signature: 4cc6a862e0a753e674eb374334b394fd X-Rspamd-Queue-Id: 4Ldtd45pjHz3Sx0 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=mail header.b=X5kSRRKE; dmarc=pass (policy=quarantine) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of ronald-lists@klop.ws designates 195.190.28.88 as permitted sender) smtp.mailfrom=ronald-lists@klop.ws X-Spamd-Result: default: False [0.94 / 15.00]; MIME_BASE64_TEXT_BOGUS(1.00)[]; NEURAL_SPAM_SHORT(0.84)[0.839]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; R_DKIM_ALLOW(-0.20)[klop.ws:s=mail]; R_SPF_ALLOW(-0.20)[+ip4:195.190.28.64/27]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; MIME_BASE64_TEXT(0.10)[]; MIME_TRACE(0.00)[0:+,1:+,2:+]; RCVD_IN_DNSWL_NONE(0.00)[195.190.28.88:from]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-arm]; RCVD_COUNT_ZERO(0.00)[0]; ARC_NA(0.00)[]; ASN(0.00)[asn:47172, ipnet:195.190.28.0/24, country:NL]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[klop.ws:+]; HAS_ATTACHMENT(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_NONE(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-ThisMailContainsUnwantedMimeParts: N This is a multi-part message in MIME format. --------------Ma2upRyPPGUQimYRM1PCa798 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 7/6/22 11:47, Peter Jeremy wrote: > On 2022-Jul-01 21:02:05 -0700, John Kennedy wrote: >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock >> type FreeBSD install on setting the time with ntpdate and the unbound >> DNS server (aiming for DNSSEC). As many people have noted before me, >> that setup is sort of broken because you can't look up DNSSEC hosts if >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > If you're running UFS, the system clock should get set to the timestamp > in the superblock. That will be the last sync before the previous > shutdown so it'll be minutes to hours out of date but that should be > recent enough for DNSSEC to work. > > Note that this only works on UFS - see > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > As an alternative option, the RTC in both the Rock64 and RockPro64 > are supported. > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. Not polished yet. But it works on my RPI4 14-CURRENT. With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. Regards, Ronald. --------------Ma2upRyPPGUQimYRM1PCa798 Content-Type: text/plain; charset=UTF-8; name="fakertc" Content-Disposition: attachment; filename="fakertc" Content-Transfer-Encoding: base64 IyEvYmluL3NoCiMKCiMgUFJPVklERTogcnRjCiMgUkVRVUlSRTogRklMRVNZU1RFTVMKIyBC RUZPUkU6IG5ldGlmCiMgS0VZV09SRDogbm9qYWlsIHNodXRkb3duCgouIC9ldGMvcmMuc3Vi cgoKbmFtZT0iZmFrZXJ0YyIKZGVzYz0iUmVzdG9yZSBSVEMgZGF0ZSBhbmQgdGltZSIKc3Rh cnRfY21kPSJmYWtlcnRjX3N0YXJ0IgpzdG9wX2NtZD0iZmFrZXJ0Y19zdG9wIgoKZXh0cmFf Y29tbWFuZHM9InNhdmVydGMiCnNhdmVydGNfY21kPSIke25hbWV9X3N0b3AiCgpydGNfZmls ZT0iL3Zhci9kYi8ke25hbWV9IgoKcnRjX2Zvcm1hdD0iKyVZJW0lZCVIJU0uJVMiCgpzYXZl X3J0YygpCnsKCW91bWFzaz1gdW1hc2tgCgl1bWFzayAwNzcKCWRlYnVnICJzYXZpbmcgcnRj IHRvICR7cnRjX2ZpbGV9IgoJZGF0ZSAtSXNlY29uZHMgPiAiJHtydGNfZmlsZX0iCgl1bWFz ayAke291bWFza30KfQoKZmFrZXJ0Y19zdGFydCgpCnsKCgllY2hvIC1uICJTZXQgUlRDIGZy b206ICR7cnRjX2ZpbGV9OiAiCgoJaWYgWyAhIC1yICR7cnRjX2ZpbGV9IF0gOyB0aGVuCgkJ d2FybiAiJHtydGNfZmlsZX0gaXMgbm90IHJlYWRhYmxlIgoJCXJldHVybiAxCglmaQoKCWNh c2UgJHtydGNfZmlsZTo9LyR7bmFtZX19IGluCglbTm5dW09vXSkKCQk7OwoJKikKCQlkYXRl IC11ICQoIGNhdCAiJHtydGNfZmlsZX0iICkKCQk7OwoJZXNhYwoKCWVjaG8gJy4nCn0KCmZh a2VydGNfc3RvcCgpCnsKCSMgV3JpdGUgc29tZSBlbnRyb3B5IHNvIHdoZW4gdGhlIG1hY2hp bmUgcmVib290cyAvZGV2L3JhbmRvbQoJIyBjYW4gYmUgcmVzZWVkZWQKCSMKCWNhc2UgJHty dGNfZmlsZTo9LyR7bmFtZX19IGluCglbTm5dW09vXSkKCQk7OwoJKikKCQllY2hvIC1uICJX cml0aW5nIFJUQyBmaWxlOiAke3J0Y19maWxlfSIKCQlvdW1hc2s9YHVtYXNrYAoJCXVtYXNr IDA3NwoJCWRhdGUgLXUgIiR7cnRjX2Zvcm1hdH0iID4gIiR7cnRjX2ZpbGV9IiB8fCB3YXJu ICd3cml0ZSBmYWlsZWQgKHJlYWQtb25seSBmcz8pJwoJCXVtYXNrICR7b3VtYXNrfQoJCWVj aG8gJy4nCgkJOzsKCWVzYWMKfQoKbG9hZF9yY19jb25maWcgJG5hbWUKcnVuX3JjX2NvbW1h bmQgIiQxIgo= --------------Ma2upRyPPGUQimYRM1PCa798--