On Wed, Feb 04, 2026 at 04:57:27PM +0100, Bernd Brandstetter wrote: > Specifically, the NTP daemon shall be prevented from accepting dates that > set the clock to a time earlier than the build date of the system or a > last-known-good time, which will be saved to a file once a day.
You could set the mapping of the NTP interval at build time to start at the current time like this: ./configure --with-ntp-era=$(date +%s) That would change jumps to past to jumps to distant future (up to 136 years). I'm not sure how that is better. > I'm wondering how this could best be achieved with Chrony. My main problem > is that I can see no way to reliably detect if the time is acceptable before > Chrony has already synchronized. Moreover, since we would also like to use > rtcsync, this would mean that then also the RTC could be set to the wrong > time and we'd therefore have no means to recover, and activating rtcsync > only afterwards is unfortunately not supported. You could disable automatic steps by removing the makestep directive from the config and execute chronyc makestep in a script after verifying that the offset printed by chronyc tracking is acceptable. See other recommendations in the FAQ: https://chrony-project.org/faq.html#_how_can_i_make_the_system_clock_more_secure -- Miroslav Lichvar -- To unsubscribe email [email protected] with "unsubscribe" in the subject. For help email [email protected] with "help" in the subject. Trouble? Email [email protected].
