Skip to content

DLPX-96941 Replace ntpsec with chrony (delphix-platform changes)#556

Merged
manoj-joseph merged 1 commit into
developfrom
dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61
May 8, 2026
Merged

DLPX-96941 Replace ntpsec with chrony (delphix-platform changes)#556
manoj-joseph merged 1 commit into
developfrom
dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61

Conversation

@manoj-joseph

@manoj-joseph manoj-joseph commented Feb 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Background

The Delphix appliance previously used ntpsec as its NTP daemon (and before that, the legacy ntp package). Both packages are being replaced with chrony (DLPX-96940/96941/96942), motivated by two factors:

  1. Security (DLPX-86999, Qualys QID 38293): ntpsec and ntp respond to NTP mode 6/7 queries, exposing sensitive system information (OS version, kernel, stratum, etc.) that can aid further attacks against the system. chrony does not support these query modes by default, eliminating the disclosure.
  2. Ubuntu 25.04 compatibility: The Delphix Engine is planned to move to Ubuntu 25.04 later this year, where chrony is the default NTP daemon. Making this switch now avoids duplicating the migration effort at that time.

Companion PRs

This PR is part of a set of four that must merge together:

Problem

The Delphix Engine's Debian package declared ntpsec as a dependency in debian/rules. This needs to be replaced with chrony.

Solution

One-line change in debian/rules: ntpsec replaced with chrony in the DEPENDS list.

Testing Done

Full appliance build including all three companion PRs verified on Jenkins:

Build Description Status
#13927 Full build + upgrade from 2025.3.0.1 UNSTABLE — dx-integration-tests: NtpServerMonitoringTest flakiness (fixed; see second set of runs below)
#13928 Full build + upgrade from 2025.6.0.0 SUCCESS
#13929 Full build + upgrade from 2026.2.0.0 UNSTABLE — upgrade-testing: pre-existing failure unrelated to this change
#13930 Full build UNSTABLE — upgrade-testing: pre-existing failure unrelated to this change
#13941 Full build + upgrade from 2025.3.0.1 RUNNING
#13938 Full build + upgrade from 2025.6.0.0 RUNNING
#13940 Full build + upgrade from 2026.2.0.0 RUNNING
#13939 Full build RUNNING

Note: The git workflow runs with only this repo's changes, without the companion changes in dlpx-app-gate#4244 and appliance-build#857. The appliance-build-orchestrator-pre-push runs pull in all three companion PRs together, so their results reflect the full end-to-end change.

@manoj-joseph manoj-joseph force-pushed the dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61 branch from b345df4 to 72b7386 Compare February 18, 2026 23:33
@manoj-joseph manoj-joseph changed the title Replace ntpsec with systemd-timesyncd DLPX-96941 Replace ntpsec with chrony (delphix-platform changes) Apr 13, 2026
@manoj-joseph manoj-joseph force-pushed the dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61 branch 2 times, most recently from 8629f1e to 297d9f4 Compare April 13, 2026 23:41
@manoj-joseph manoj-joseph force-pushed the dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61 branch from 8cddf73 to 201a01b Compare April 30, 2026 22:16
@manoj-joseph manoj-joseph mentioned this pull request May 1, 2026
Merged
@manoj-joseph manoj-joseph requested a review from Copilot May 1, 2026 06:17
Copilot AI reviewed May 1, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@manoj-joseph manoj-joseph marked this pull request as ready for review May 1, 2026 08:01
@manoj-joseph manoj-joseph force-pushed the dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61 branch from 201a01b to 877552c Compare May 1, 2026 08:05
prakashsurya
prakashsurya approved these changes May 5, 2026
View reviewed changes

@prakashsurya prakashsurya left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't fully reviewed test cases, etc.. so I'll rely on you to ensure that's comprehensive, etc.. otherwise, LGTM.

@manoj-joseph manoj-joseph merged commit aca2a01 into develop May 8, 2026
21 of 22 checks passed
@manoj-joseph manoj-joseph deleted the dlpx/pr/manoj-joseph/6751484c-831c-49ed-85fd-be4ee480be61 branch May 8, 2026 17:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@prakashsurya prakashsurya prakashsurya approved these changes

@nealquigley nealquigley nealquigley approved these changes

@sebroy sebroy Awaiting requested review from sebroy

@tperkins-perforce tperkins-perforce Awaiting requested review from tperkins-perforce

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@manoj-joseph @prakashsurya @nealquigley