Beyond Linux® From Scratch (systemd Edition) - Version 13.0

Chapter 15. Networking Programs

ntp-4.2.8p18

Introduction to ntp

The ntp package contains a client and server to keep the time synchronized between various computers over a network. This package is the official reference implementation of the NTP protocol.

For most systemd installations systemd-timesyncd provides for simple time synchronization. This package is not needed unless you need to run an NTP time Server or want to connect to local hardware clocks

[Note]

Note

This package is known to build and work properly using an LFS 13.0 platform.

Package Information

ntp Dependencies

Required

IO-Socket-SSL-2.098

Optional

libcap-2.77 with PAM, libevent-2.1.12, libedit, and libopts from AutoGen

Editor Notes: https://wiki.linuxfromscratch.org/blfs/wiki/ntp

Installation of ntp

There should be a dedicated user and group to take control of the ntpd daemon after it is started. Issue the following commands as the root user: 

groupadd -g 87 ntp &&
useradd -c "Network Time Protocol" -d /var/lib/ntp -u 87 \
        -g ntp -s /bin/false ntp

First fix build issues identified when glibc-2.43 was introduced: 

sed -i 's/getclock/getclock memchr/'               sntp/m4/ntp_libntp.m4 &&
sed -i 's/pthread_detach(NULL)/pthread_detach(0)/' sntp/m4/openldap-thread-check.m4 &&
autoreconf -fiv

Then apply an upstream fix to prevent a segfault: 

sed -i "/ep.*FAILED/,+4s/ep/ep2/" ntpd/ntp_io.c

Install ntp by running the following commands: 

./configure --prefix=/usr      \
            --bindir=/usr/sbin \
            --sysconfdir=/etc  \
            --enable-linuxcaps \
            --with-lineeditlibs=readline \
            --docdir=/usr/share/doc/ntp-4.2.8p18 &&
make

To test the results, issue: make check. Three tests (test-crypto, test-packetHandling, and test-packetProcessing) are known to fail due to using OpenSSL 3.5.2 and later.

Now, as the root user: 

make install &&
install -v -o ntp -g ntp -d /var/lib/ntp

Command Explanations

--bindir=/usr/sbin: This parameter places the administrative programs in /usr/sbin.

--enable-linuxcaps: ntpd is run as user ntp, so use Linux capabilities for non-root clock control.

--with-lineeditlibs=readline: This switch enables Readline support for ntpdc and ntpq programs. If omitted, libedit will be used if installed, otherwise no readline capabilities will be compiled.

Configuring ntp

Config Files

/etc/ntp.conf

Configuration Information

The following configuration file first defines various ntp servers with open access from different continents. Second, it creates a drift file where ntpd stores the frequency offset and a pid file to store the ntpd process ID. Since the documentation included with the package is sparse, visit the ntp website at https://www.ntp.org/ and https://www.ntppool.org/ for more information. 

cat > /etc/ntp.conf << "EOF"
# Asia
server 0.asia.pool.ntp.org

# Australia
server 0.oceania.pool.ntp.org

# Europe
server 0.europe.pool.ntp.org

# North America
server 0.north-america.pool.ntp.org

# South America
server 2.south-america.pool.ntp.org

driftfile /var/lib/ntp/ntp.drift
pidfile   /run/ntpd.pid
EOF

You may wish to add a Security session. For explanations, see https://www.eecis.udel.edu/~mills/ntp/html/accopt.html#restrict. 

cat >> /etc/ntp.conf << "EOF"
# Security session
restrict    default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict ::1
EOF

Synchronizing the Time

There are two options. Option one is to run ntpd continuously and allow it to synchronize the time in a gradual manner. The other option is to run ntpd periodically (using cron) and update the time each time ntpd is scheduled.

If you choose Option one, then install the ntpd.service unit included in the blfs-systemd-units-20251204 package. 

make install-ntpd

In addition, you should disable an incompatible service. As the root user: 

systemctl disable systemd-timesyncd.service

If you prefer to run ntpd periodically, add the following command to root's crontab: 

ntpd -q

Contents

Installed Programs: calc_tickadj, ntp-keygen, ntp-wait, ntpd, ntpdate, ntpdc, ntpq, ntptime, ntptrace, sntp, tickadj, and update-leap
Installed Libraries: None
Installed Directories: /usr/share/ntp, /usr/share/doc/ntp-4.2.8 and /var/lib/ntp

Short Descriptions

calc_tickadj

calculates optimal value for tick given ntp drift file

ntp-keygen

generates cryptographic data files used by the NTPv4 authentication and identification schemes

ntp-wait

is useful at boot time, to delay the boot sequence until ntpd has set the time

ntpd

is a ntp daemon that runs in the background and keeps the date and time synchronized based on response from configured ntp servers. It also functions as a ntp server

ntpdate

is a client program that sets the date and time based on the response from an ntp server. This command is deprecated

ntpdc

is used to query the ntp daemon about its current state and to request changes in that state

ntpq

is a utility program used to monitor ntpd operations and determine performance

ntptime

reads and displays time-related kernel variables

ntptrace

traces a chain of ntp servers back to the primary source

sntp

is a Simple Network Time Protocol (SNTP) client

tickadj

reads, and optionally modifies, several timekeeping-related variables in older kernels that do not have support for precision timekeeping

update-leap

is a script to verify and, if necessary, update the leap-second definition file.

[Note]

Note

In November 2022, at the 27th General Conference on Weights and Measures, it was decided to abandon the leap second. In addition this script hardcodes a URL for an update file that no longer exists. The last time a leap second was declared was January 2017. This script will probably be removed in a future release.