Ubuntu
ntp package

[needs-packaging] The packages ntp and ntpsec are not equivalent

Bug #2039252 reported by Jonathan Ferguson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ntp (Debian)
Confirmed
Undecided
Unassigned
ntp (Ubuntu)
Confirmed
Wishlist
Unassigned

Bug Description

I recently did an install of Ubuntu 23.04 and then configured ntp as I have been doing so for more than 8 years.
With previous versions of Debian and Ubuntu using the real ntp package, the details at https://wiki.ubuntu.com/JonathanFerguson/NTP?action=recall&rev=38 created the desired results.
I updated the details at https://wiki.ubuntu.com/JonathanFerguson/NTP with the new location of ntp.conf, after restarting I noticed that the resultant output was missing requisite details.

Compare the following and the lack of ".MCST." and ".ACST.":

Original ntp on Apollo-Lake-N3150
jonathan@Apollo-Lake-N3450:~$ lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
jonathan@Apollo-Lake-N3450:~$ ntpq -p
     remote refid st t when poll reach delay offset jitter
==============================================================================
 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
 1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
 2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
 3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000
 ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 +0.000 0.000
 ntp.mcast.net .MCST. 16 M - 64 0 0.000 +0.000 0.000
 ff0e::101 .MCST. 16 M - 64 0 0.000 +0.000 0.000
 ntp.mcast.net .ACST. 16 a - 64 0 0.000 +0.000 0.000
 ff0e::101 .ACST. 16 a - 64 0 0.000 +0.000 0.000
*time.cloudflare 10.242.8.77 3 u 469 1024 367 234.691 -0.929 67.380
+2001-44b8-2100- 42.3.115.79 2 u 581 1024 377 487.209 +55.669 57.154
+2001-44b8-2100- 4.179.66.17 3 u 215 1024 377 489.637 +57.002 35.399
jonathan@Apollo-Lake-N3450:~$

NTPsec on Braswell-N3150
jonathan@Braswell-N3150:~$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.04
Release: 23.04
jonathan@Braswell-N3150:~$ ntpq -p
     remote refid st t when poll reach delay offset jitter
=======================================================================================================
 0.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002
 1.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002
 2.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002
 3.ubuntu.pool.ntp.org .POOL. 16 p - 64 0 0.0000 0.0000 0.0002
+prod-ntp-5.ntp1.ps5.canonical.com 37.15.221.189 2 u 141 1024 367 383.4932 -19.6895 35.0534
*time.tfmcloud.au 203.35.83.242 2 u 325 1024 367 325.9317 -0.1496 43.0522
+any.time.nl 133.243.238.243 2 u 158 1024 373 300.7941 -20.8962 136.1422
+ntp2.its.waikato.ac.nz .GPS. 1 u 363 1024 377 356.5361 -18.2740 140.5984
+2001-44b8-2100-3f00-0000-0000-007b-0004 42.3.115.79 2 u 214 1024 367 490.3898 28.3416 2.7728
+tic.ntp.telstra.net 203.35.83.242 2 u 13 1024 367 566.0744 -14.1332 6.0377
+863xqmprtfqv69pv7nwc.ip6.superloop.au 192.168.1.1 2 u 79 1024 367 330.2658 -14.3483 16.2172
+gps-ads.10mrlp.juneks.com.au .PPS. 1 u 271 1024 367 443.4812 -71.8020 44.6332
+x.ns.gin.ntt.net 129.250.35.222 2 u 57 1024 367 22.4974 41.3055 6.0639
jonathan@Braswell-N3150:~$

This behaviour will affect the following:
Ubuntu 22.10, 23.04 and 23.10
Debian 12, 13 and 14

NTPsec have documented their reasoning for lacking support.
https://docs.ntpsec.org/latest/discover.html
https://docs.ntpsec.org/latest/ntpsec.html
https://docs.ntpsec.org/latest/assoc.html#broad
https://docs.ntpsec.org/latest/assoc.html#many

The issue remains that ntp and ntpsec are not capability equivalent.

I foresee two means of rectifying this predicament, if NTPsec is going to be the default implementation of NTP then ntpsec needs to implement all of the capabilities of ntp, or the easier alternative is that the real ntp https://www.ntp.org/downloads/ is packaged as ntp-classic for instances where its capabilities are required.

ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: ntp 1:4.2.8p15+dfsg-2~1.2.2+dfsg1-1
ProcVersionSignature: Ubuntu 6.2.0-34.34-generic 6.2.16
Uname: Linux 6.2.0-34-generic x86_64
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
Date: Fri Oct 13 18:13:27 2023
InstallationDate: Installed on 2023-09-15 (27 days ago)
InstallationMedia: Ubuntu-Unity 23.04 "Lunar Lobster" - Release amd64 (20230419)
PackageArchitecture: all
SourcePackage: ntpsec
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.ntpsec.ntp.conf: [modified]
mtime.conffile..etc.ntpsec.ntp.conf: 2023-10-12T21:59:03.557719

See original description
Revision history for this message
Jonathan Ferguson (jonathan-ferguson) wrote :
Jonathan Ferguson (jonathan-ferguson)
description: updated
description: updated
affects: ntpsec (Debian) → ntp (Debian)
affects: ntpsec (Ubuntu) → ntp (Ubuntu)
Jonathan Ferguson (jonathan-ferguson)
tags: added: ntp
Revision history for this message
Richard Laager (rlaager) wrote :

You are correct that the multicast support has been removed in NTPsec. This was intentional:

https://docs.ntpsec.org/latest/ntpsec.html
"Broadcast- and multicast modes, which are impossible to secure, have been removed."

The Debian maintainers of the "ntp" package decided to stop maintaining it. Rather than orphaning it, they asked on debian-devel and the consensus was to drop it entirely in favor of "ntpsec" (which I was already maintaining in Debian).

It would be a pain, but if you wanted to pick up maintaining "ntp" in Debian again, that's theoretically possible. I wouldn't recommend it, and certainly not if the only missing thing is multicast support.

Instead, I recommend you configure all of your clients to speak unicast to your NTP server. This is more-or-less the same effect anyway. It gives you the option to then "upgrade" to NTS (Network Time Security), if you desire.

Changed in ntp (Debian):
status: New → Invalid
Changed in ntp (Ubuntu):
status: New → Invalid
Jonathan Ferguson (jonathan-ferguson)
Changed in ntp (Ubuntu):
status: Invalid → Confirmed
tags: added: needs-packaging
Changed in ntp (Debian):
status: Invalid → Confirmed
Revision history for this message
Brian Murray (brian-murray) wrote :

*** This is an automated message ***

This bug is tagged needs-packaging which identifies it as a request for a new package in Ubuntu. As a part of the managing needs-packaging bug reports specification, https://wiki.ubuntu.com/QATeam/Specs/NeedsPackagingBugs, all needs-packaging bug reports have Wishlist importance. Subsequently, I'm setting this bug's status to Wishlist.

summary: - The packages ntp and ntpsec are not equivalent
+ [needs-packaging] The packages ntp and ntpsec are not equivalent
Changed in ntp (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.