kumquat-buildroot/package/ntp/ntpd.service
James Hilliard c2db53caca package/{chrony, ntp, openntpd}: turn off DNSSEC validation
We have a chicken and egg problem: validation of DNSSEC signatures
doesn't work without a correct clock, but to set the correct clock we
need to contact NTP servers which requires resolving a hostname, which
would normally require DNSSEC validation.

Let's break the cycle by excluding NTP hostname resolution from
validation for now.

Details:
abf4e5c1d3

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-16 22:58:08 +02:00

16 lines
423 B
Desktop File

[Unit]
Description=Network Time Service
After=network.target
[Service]
Type=forking
PIDFile=/run/ntpd.pid
# Turn off DNSSEC validation for hostname look-ups, since those need the
# correct time to work, but we likely won't acquire that without NTP. Let's
# break this chicken-and-egg cycle here.
Environment=SYSTEMD_NSS_RESOLVE_VALIDATE=0
ExecStart=/usr/sbin/ntpd -g -p /run/ntpd.pid
[Install]
WantedBy=multi-user.target