(Emailing the arm@ list because this is a common issue on arm platforms, although not arm specific. Let me know if I should redirect.)
I run a simple OpenBSD firewall on a RPi 4, which doesn't have a real-time clock. When the power goes out, the firewall boots faster than its upstream, so it doesn't have network connectivity in the first seconds. This interacts poorly with ntpd's settime logic: ntpd will only use settime in securelevel 0 (see auto_preconditions() in ntpd.c), and will only try reaching the Internet twice, with a 1s pause, upon starting. The result is that the firewall boots, gives up on settime, and ends up stuck forever with a clock weeks old, enough to break the system, and too far for ntp to catch up. I'm not sure what the right solution is. I think I would want ntpd to wait until it has network connectivity at boot, but I'm not sure if this is something I should hack myself or maybe there's space for an ntpd CLI option. Opinions?
