Extend configuration of NTP sources in UCI:
- Add nts option to enable NTS
- Add disabled option to allow inactive sources
Add nts section to UCI with:
- rtccheck option to disable certificate time checks on systems that
don't have an RTC to avoid the chicken-and-egg problem (it is less
secure, but still should be better than no NTS at all)
- systemcerts option to disable system certificates
- trustedcerts option to specify path to trusted certificates
Save NTS keys and cookies by default to avoid unnecessary NTS-KE
sessions when restarted or switching back to an already used NTS source.
Also, save the drift to stabilize the clock after chronyd restart.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Fix the init script to allow access from IPv6 subnets of the interface
specified in allow section in /etc/config/chrony.
Fixes issue #7039.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
- fix the init script to read the right config
- rework the init script to allow reusing its code in the hotplug script
- find wan interfaces in the hotplug script instead of using hardcoded
name and set the online/offline status separately for IPv4/IPv6
- allow NTP access on interfaces that are configured after chronyd start
- add NTP servers obtained from DHCP, options are specified in a new
dhcp_ntp_server config section
- start chronyd before the network service, include a patch to always
have IP_FREEBIND defined, which seems to be missing with uclibc
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Support for authentication with command key was replaced with
communication over Unix domain socket.
Signed-off-by: Miroslav Lichvar <mlichvar0@gmail.com>
Jan Pavlinec
Miroslav Lichvar
Matthias Schiffer
Metafly