Bug 1834855

Summary: Network Time Security
Product: [Fedora] Fedora Reporter: Ben Cotton <bcotton>
Component: Changes TrackingAssignee: Miroslav Lichvar <mlichvar>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 33CC: bcotton, mkolman, thozza
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 14:47:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1872624    
Bug Blocks: 1860404    

Description Ben Cotton 2020-05-12 14:26:44 UTC
This is a tracking bug for Change: Network Time Security
For more details, see: https://fedoraproject.org/wiki/Changes/NetworkTimeSecurity

Support for the Network Time Security (NTS) authentication mechanism in the NTP client/server (chrony) and installer (anaconda).

Comment 1 Miroslav Lichvar 2020-07-16 09:37:12 UTC
Pull request for NTS support in anaconda: https://github.com/rhinstaller/anaconda/pull/2738

Comment 2 Ben Cotton 2020-08-11 14:42:27 UTC
Branching F33 Change Tracker bugs.

Today is the code complete (testable) deadline. All bugs should be at least in MODIFIED state by now to indicate they are testable.

Comment 3 Miroslav Lichvar 2020-08-11 14:50:26 UTC
A chrony 4.0 prerelease with enabled NTS support is in rawhide. It doesn't use the newly assigned port for NTS-KE (4460) by default yet. An update to another prerelease and then final release is expected before Fedora 33 is released.

NTS support in anaconda was added in version 33.24.

Comment 4 Miroslav Lichvar 2020-08-26 09:09:33 UTC
chrony was updated to the latest prerelease, which uses the new NTS-KE port by default. Everything should be working as expected.

selinux-policy needs an update to allow connecting and binding to the port (bug #1872624).

Comment 5 Ben Cotton 2020-08-27 01:11:57 UTC
Yesterday we reached the Code complete (100% code complete) deadline for Fedora 33 Changes. If your Change is complete, please set this tracking bug to ON_QA. If you need to defer this Change to Fedora 34, please let NEEDINFO me.

As a reminder, we are now in the Beta Freeze. If you need to land package updates, please propose it as a Freeze Exception at https://qa.fedoraproject.org/blockerbugs/propose_bug

Comment 6 Miroslav Lichvar 2020-10-08 09:14:02 UTC
The final chrony-4.0 is now in updates testing.

Comment 7 Ben Cotton 2020-10-27 14:47:46 UTC
Closing tracking bugs for F33. If your change didn't make it into F33 for some reason, please reopen this and NEEDINFO me.