> From: Aaron Lancaster <[email protected]> > Date: Wed, 4 Jul 2018 11:40:38 -0600 > > I wrote this patch/script to deal with a very irritating case of > circular dependency failure I recently encountered on an APU2 system. > > On systems with non-existent or dead battery real time clocks, with DNS > over TLS being used, if your clock gets reset to a much earlier date > due to power off, DNS over TLS will cease to function due to certs not > being valid yet, thus DNS will fail entirely, meaning that pool.ntp.org > will fail to be looked up, and ntpd(8) can not fix the date. Thus > you arrive at a situation where DNS is broken because time is broken > because DNS is broken that is not fixable without manual intervention. > > Similar situations can arise with DNSSEC, ntpd.conf(4) constraint > settings, as well as stuff like 802.1X authentication (although I have not > run into that specific case). > > My solution is to sync the current system time to a file every 30 > minutes, as well as on shutdown, and restore from it on boot if the > boot system time fails with some basic sanity checks. It is not a > perfect solution but there can't be a perfect solution as far as I > can see for this specific class of brokenness, and demanding users > bolt on an RTC to an embedded system so networking isn't fundamentally > broken seems like pretty extreme overkill. In any case this solution > is better than taking the system back to January 1st 1970. > > It seems pretty universally useful, as RTC batteries die all the time, > and it rendering your network connectivity totally broken except for > manual intervention seems pretty awful for something like a remote > system, so I have not provided any knobs for turning it on and off. > > It would make sense to emit the current date into the > /var/db/fakertc.time file from the installer, as well as do a clock > sanity check from /etc/daily but I wasn't certain how to modify these > files in the correct manner so I left them untouched. > > Looking for feedback, thanks for your time
The solution you've implemented already exists. If the RTC doesn't report a valid time, OpenBSD will take the time from the filesystem. The issue here is that some of our RTC drivers don't properly indicate that the time they report isn't valid. Some of our ports check the time and decide that any time before is invalid. And some hardware can detect a power-loss and drivers can detect this. It is all a bit inconsistent though. But fixing the cmos RTC code and/or teaching amd64/i386 that times before a certain cutoff time are invalid is a better solution than adding this fake driver. Cheers, Mark
