Right, so I took a stab at prototyping something based on the --dnssec-no-timecheck option Simon just added to dnsmasq.
There's an updated dnsmasq package here: http://archive.tohojo.dk/cerowrt/wndr/3.10.32-12-tohojo/packages/dnsmasq-dhcpv6_2014-03-29-b7639d58158c6e971535893b407560e136a27994_ar71xx.ipk Which, apart from the change to dnsmasq itself, has a modification to the init script that will add the parameter to dnsmasq on bootup (but not on subsequent restarts), and then spawn a script that will check the ntpd stratum status and wait for it to be set; or, if no stratum information is available just set the time with ntpd -q. Once either the time has been set, or ntpd reports a valid stratum, dnsmasq is sent SIGHUP to turn dnssec time validation back on. To get ntpd to report its stratum status, it is spawned with the -S parameter which will periodically report its status, including stratum. A small script then records that in a file which the dnsmasq script checks. Since the script falls back to running ntpd -q, this change to ntpd is not strictly necessary; but I thought it better to make it available rather than running a second ntp sync on top of the running ntpd server. To enable the ntpd modification, replace /etc/init.d/sysntpd with the attached file, put this into /usr/sbin/ntpd_record_stratum and chmod +x it: #!/bin/sh echo $stratum > /var/ntp.stratum There's a busybox package with this modification included here, but I can't promise it is built with the exact same options as the one distributed with cerowrt (though it works for me): http://archive.tohojo.dk/cerowrt/wndr/3.10.32-12-tohojo/packages/busybox_1.19.4-7_ar71xx.ipk Please test this out and let me know if it works for you. It seems to work for me; however, I have not been successful in actually getting my router to boot up without the time synced. Not sure if it's just ntpd that syncs up before the script runs (and then takes a while to update its stratum), or if some hidden mechanism does something magical to set the time (even when the *fixtime init scripts are disabled). -Toke
#!/bin/sh /etc/rc.common
# Copyright (C) 2011 OpenWrt.org
START=98
USE_PROCD=1
PROG=/usr/sbin/ntpd
validate_ntp_section() {
uci_validate_section system timeserver "${1}" \
'server:list(host)' 'enable_server:bool:0'
}
start_service() {
local server enable_server peer
validate_ntp_section ntp || {
echo "validation failed"
return 1
}
[ -z "$server" ] && return
procd_open_instance
procd_set_param command "$PROG" -n -S /usr/sbin/ntpd_record_stratum
[ "$enable_server" = "1" ] && procd_append_param command -l
for peer in $server; do
procd_append_param command -p $peer
done
procd_set_param respawn
procd_close_instance
}
service_triggers()
{
procd_add_reload_trigger "system"
procd_add_validation validate_ntp_section
}
signature.asc
Description: PGP signature
_______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
