From nobody Wed Aug 17 15:07:48 2022 X-Original-To: freebsd-arm@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4M7BGH6NBCz4ZgFT for ; Wed, 17 Aug 2022 15:07:51 +0000 (UTC) (envelope-from SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl) Received: from smtp-relay-int.realworks.nl (smtp-relay-int.realworks.nl [194.109.157.24]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4M7BGG5xdNz3WFh for ; Wed, 17 Aug 2022 15:07:50 +0000 (UTC) (envelope-from SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl) Date: Wed, 17 Aug 2022 17:07:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=klop.ws; s=rw2; t=1660748868; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=M6M5OvXXWfCsok1p6zVAohl5Ecqmt3dQak3e29O50Hw=; b=AXupBN+7n87cOvA/druoYDC5GjO2/W5SbAVqbZTtVPy/XQfR25GZnfGyo7UheqG64xncsM 9ANi2kr9A0aaT5CKfIAFMPo61QV8DfVgaxqNZbo+q88yvFUbj6yACea9KSlWSkTvkpUZr1 RGmBIbxSyEchwGUB6B8OnIzB/5yzKC5HPgiVrHKM650AbkZQ81iNxMPvCA+Cht+ke8jKPU fqANhW8YiRwqyE2FQWb5c5JWVCYYLU26qsbKBzi7gPJZX/xbT/2I1Frifm8mAW6AkKpemp LrtV366IkpDxzz2i6a81BMP/zLX+ASOc4q7Y5YML+cfREFcIiAEwzlc5rYHyrg== From: Ronald Klop To: Ronald Klop Cc: freebsd-arm@freebsd.org Message-ID: <262052202.466.1660748868588@localhost> In-Reply-To: References: Subject: fakertc - Re: RPI4 + ntpdate + unbound List-Id: Porting FreeBSD to ARM processors List-Archive: https://lists.freebsd.org/archives/freebsd-arm List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arm@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_465_1293863198.1660748868563" X-Mailer: Realworks (619.111) Importance: Normal X-Priority: 3 (Normal) X-Rspamd-Queue-Id: 4M7BGG5xdNz3WFh X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=klop.ws header.s=rw2 header.b=AXupBN+7; dmarc=pass (policy=quarantine) header.from=klop.ws; spf=pass (mx1.freebsd.org: domain of "SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl" designates 194.109.157.24 as permitted sender) smtp.mailfrom="SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl" X-Spamd-Result: default: False [-3.20 / 15.00]; NEURAL_HAM_LONG(-1.00)[-0.999]; NEURAL_HAM_MEDIUM(-1.00)[-0.999]; NEURAL_HAM_SHORT(-1.00)[-0.998]; MID_RHS_NOT_FQDN(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[klop.ws,quarantine]; FORGED_SENDER(0.30)[ronald-lists@klop.ws,SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl]; R_SPF_ALLOW(-0.20)[+ip4:194.109.157.0/24]; R_DKIM_ALLOW(-0.20)[klop.ws:s=rw2]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_ZERO(0.00)[0]; MLMMJ_DEST(0.00)[freebsd-arm@freebsd.org]; ARC_NA(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:3265, ipnet:194.109.0.0/16, country:NL]; FROM_HAS_DN(0.00)[]; HAS_X_PRIO_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; DKIM_TRACE(0.00)[klop.ws:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NEQ_ENVFROM(0.00)[ronald-lists@klop.ws,SRS0=JOj7=YV=klop.ws=ronald-lists@realworks.nl] X-ThisMailContainsUnwantedMimeParts: N ------=_Part_465_1293863198.1660748868563 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Van: Ronald Klop Datum: donderdag, 7 juli 2022 12:56 Aan: freebsd-arm@freebsd.org Onderwerp: Re: RPI4 + ntpdate + unbound > > On 7/6/22 11:47, Peter Jeremy wrote: > > On 2022-Jul-01 21:02:05 -0700, John Kennedy wrote: > >> So I've got a RPI4 (no system time stored in NVRAM) that I did a stock > >> type FreeBSD install on setting the time with ntpdate and the unbound > >> DNS server (aiming for DNSSEC). As many people have noted before me, > >> that setup is sort of broken because you can't look up DNSSEC hosts if > >> you think it's 1970. No NTP time servers == no date reset == no DNS. > > > > If you're running UFS, the system clock should get set to the timestamp > > in the superblock. That will be the last sync before the previous > > shutdown so it'll be minutes to hours out of date but that should be > > recent enough for DNSSEC to work. > > > > Note that this only works on UFS - see > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058 > > > > As an alternative option, the RTC in both the Rock64 and RockPro64 > > are supported. > > > > > Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot. > > Not polished yet. But it works on my RPI4 14-CURRENT. > With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in. > > Regards, > Ronald. > > > Hi, My script became a pkg: https://www.freshports.org/sysutils/fakertc . Let me know is it is useful for you too! Regards, Ronald. ------=_Part_465_1293863198.1660748868563 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  

Van: Ronald Klop <ronald-lists@klop.ws>
Datum: donderdag, 7 juli 2022 12:56
Aan: freebsd-arm@freebsd.org
Onderwerp: Re: RPI4 + ntpdate + unbound

On 7/6/22 11:47, Peter Jeremy wrote:
> On 2022-Jul-01 21:02:05 -0700, John Kennedy <warlock@phouka.net> wrote:
>>   So I've got a RPI4 (no system time stored in NVRAM) that I did a stock
>> type FreeBSD install on setting the time with ntpdate and the unbound
>> DNS server (aiming for DNSSEC).  As many people have noted before me,
>> that setup is sort of broken because you can't look up DNSSEC hosts if
>> you think it's 1970.  No NTP time servers == no date reset == no DNS.
>
> If you're running UFS, the system clock should get set to the timestamp
> in the superblock.   That will be the last sync before the previous
> shutdown so it'll be minutes to hours out of date but that should be
> recent enough for DNSSEC to work.
>
> Note that this only works on UFS - see
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254058
>
> As an alternative option, the RTC in both the Rock64 and RockPro64
> are supported.
>


Based on this idea I created a /etc/rc.d/fakertc script. It saves the datetime on shutdown and restores it early on boot.

Not polished yet. But it works on my RPI4 14-CURRENT.
With this script the time does not go backwards in the logs anymore. And it should provide a more reasonable time for validating certificates in DNSSEC/ipsec or similar processes before ntpdate kicks in.

Regards,
Ronald.


Hi,

My script became a pkg: https://www.freshports.org/sysutils/fakertc .
Let me know is it is useful for you too!

Regards,
Ronald.
  ------=_Part_465_1293863198.1660748868563--