Hal,
On 14-04-2020 05:07, Hal Murray wrote:
> I just pushed a fix. Please test.
With this fix the ntpd appears to be running a few hours now without issue.
Udo
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
> -rw--- 1 root root 1708 Dec 13 11:05 ./keys/_key-certbot.pem
> Anything wrong in here?
Your configure line includes early-droproot.
Your command line includes -u ntp:ntp
With that combination, it's probably trying to read the key after switching to
user ntp.
--
These are my opin
On 14-04-2020 07:22, Hal Murray wrote:
> Given that you have tested most of the rest of your ntp.conf, my guess would
> be file permissions on the certificate or key. The key is most likely since
> there is no reason to hide the certificate.
# cd /etc/letsencrypt/
# find . -exec ls -ld {} \;
dr
udo...@xs4all.nl said:
>> If you want the server side to support NTS, you need to add "nts enable"
> With that in ntp.conf the ntpd does not start. Config needed I guess.
The log file should have a useful message. It may take more than a few
seconds to find due to all the cruft that is useful
On 14-04-2020 05:07, Hal Murray wrote:
>
>> # grep nts /etc/ntp.conf
>> nts key /etc/letsencrypt/keys/_key-certbot.pem
>> nts cert /etc/letsencrypt/csr/_csr-certbot.pem
>> server time.cloudflare.com:1234 nts # TLS1.3 only
> ...
>
> Thanks.
>
> I just pushed a fix. Please test.
Will do
> # grep nts /etc/ntp.conf
> nts key /etc/letsencrypt/keys/_key-certbot.pem
> nts cert /etc/letsencrypt/csr/_csr-certbot.pem
> server time.cloudflare.com:1234 nts # TLS1.3 only
...
Thanks.
I just pushed a fix. Please test.
If you want the server side to support NTS, you need to add "
On 13-04-2020 20:18, Hal Murray wrote:
> It's dying while trying to reload the certificate file.
>
> Is that happening after running for an hour?
Yes.
>
> That turns into 2 questions. Why is it trying to reload the certificates,
> and
> why is it crashing?
>
> What's in your ntp.conf? I do
On 13-04-2020 19:39, Hal Murray wrote:
>> Or will I do the debug build?
>
> Please do it again with symbols.
>
> How long does it run before it crashes? Seconds? Hours? ...
(gdb) bt
#0 use_certificate_chain_file (ctx=ctx@entry=0x0, ssl=ssl@entry=0x0,
file=file@entry=0x555f9640
"/etc/let
I think I've found a way for that to happen.
Were you missing a "nts enable" in your config file?
but did have a "nts cert ..." pointing to a valid file?
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists
Thanks.
It's dying while trying to reload the certificate file.
Is that happening after running for an hour?
That turns into 2 questions. Why is it trying to reload the certificates, and
why is it crashing?
What's in your ntp.conf? I don't need the whole thing, just the lines with
"nts".
Di
> Or will I do the debug build?
Please do it again with symbols.
How long does it run before it crashes? Seconds? Hours? ...
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listin
On 13-04-2020 16:01, Hal Murray wrote:
>
> udo...@xs4all.nl said:
>> Started things this way. One gdb line worries me a bit: (No debugging symbols
>> found in build/main/ntpd/ntpd)
>
>> Perhaps a different build is needed?
>
> I'm not sure how that stuff works.
>
> configure has an --enable-de
> > udo...@xs4all.nl said:
> >> Started things this way. One gdb line worries me a bit: (No debugging
> >> symbols
> >> found in build/main/ntpd/ntpd)
> >
> >> Perhaps a different build is needed?
> >
> > I'm not sure how that stuff works.
> >
> > configure has an --enable-debug-gdb option. T
On 13-04-2020 16:01, Hal Murray wrote:
>
> udo...@xs4all.nl said:
>> Started things this way. One gdb line worries me a bit: (No debugging symbols
>> found in build/main/ntpd/ntpd)
>
>> Perhaps a different build is needed?
>
> I'm not sure how that stuff works.
>
> configure has an --enable-de
udo...@xs4all.nl said:
> I could disable NTSc for now to avoid crashes. Or if you have a patch I can
> test with that one?
Changing that may break (fix?) the crash. I'd like to understand that before
we change anything else.
Fixing Cloudflare will break all other NTS servers unless they make
On 13-04-2020 14:48, Hal Murray wrote:
>> Apr 13 06:10:27 doos ntpd[204063]: EX-REP: Count=1 Print=1, Score=0.500, M4
>> V4 from [2606:4700:f1::1]:123, lng=84
>
> That's saying the NTS stuff isn't working. 2606:4700:f1::1 is Cloudflare.
> They have updated their servers to use the latest tweak
udo...@xs4all.nl said:
> Started things this way. One gdb line worries me a bit: (No debugging symbols
> found in build/main/ntpd/ntpd)
> Perhaps a different build is needed?
I'm not sure how that stuff works.
configure has an --enable-debug-gdb option. That may do it.
--
These are my op
On 13-04-2020 15:23, Hal Murray wrote:
> when it crashes, you should get back to gdb
> then
> bt should give you a stack trace
Started things this way.
One gdb line worries me a bit:
(No debugging symbols found in build/main/ntpd/ntpd)
Perhaps a different build is needed?
Udo
udo...@xs4all.nl said:
> I did not find a core dump. How else can I get a stack dump?
use gdb.
You need to add -n to the command line args ot ntpd will detach itself.
cd build dir
gdb build/main/ntpd/ntpd
run -n http://lists.ntpsec.org/mailman/listinfo/devel
On 13-04-2020 14:48, Hal Murray wrote:
> Can you get a stack trace?
I did not find a core dump.
How else can I get a stack dump?
> What were your configure options?
CFLAGS="-O2" %{__python3} ./waf configure \
--prefix=/usr\
--enable-early-droproot\
> Apr 13 07:10:23 doos kernel: ntpd[204063]: segfault at 17f8 ip
> 7f9d70252a70 sp 7ffe3665adc0 error 4 in libssl.so.1.1.1d[7f9d7022e000+
> 5]
Can you get a stack trace?
What were your configure options?
> Apr 13 06:10:27 doos ntpd[204063]: EX-REP: Count=1 Print=1, Score=0.500, M
On 13-04-2020 14:13, Udo van den Heuvel via devel wrote:
> All,
>
> This happens since yesterday:
This is with a fairly recent 1.1.8 git build.
Fedora is up to date.
Udo
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/d
22 matches
Mail list logo
