At the recent Ubuntu Engineering Sprint, we planned to move forward with
installing "chrony" by default in all Ubuntu 25.10+ images, replacing
systemd-timesyncd. Chrony is already in "main", is being used by some official
Ubuntu cloud-images, and was enabled to utilize "Network Time Security" (NTS)
in Ubuntu Plucky Puffin 25.04.
NTS uses the port 4460/TCP for its NTS KeyExchange, in addition to the normal
port 123/UDP for NTP, to allow for authenticated time synchronization. Time is
a critical factor in cryptography and needs to be trusted, e.g. when checking
certificate validity or when enabling DNSSEC.
NTS in chrony can already be tested today in Ubuntu 25.04+ by running:
$ apt-mark auto systemd-timesyncd && apt install chrony
It can be rolled back in the same way:
$ apt-mark auto chrony && apt install systemd-timesyncd
Installing chrony from the "ubuntu-minimal" seed will drop "systemd-timesyncd"
from the default installation, but bring in an additional dependency on
"libedit2" and in total grow the image size by 803 kB. After installation,
"chrony" can manually be switched to another "time-daemon" as described above.
I intend to move forward with transitioning to "chrony" in the week starting
June 2. My plan and proposed seed changes are described in [LP] and I updated
the Ubuntu Questing Quokka [25.10] release schedule accordingly.
Cheers,
-- Lukas
[LP] https://bugs.launchpad.net/ubuntu/+bug/2111342
[25.10] https://discourse.ubuntu.com/t/questing-quokka-release-schedule/36462
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
