Bugzilla – Bug 796055
GNOME Control Center NTP integration broken
Last modified: 2013-06-10 10:21:18 UTC
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/17.0 Firefox/17.0 The "Network Time" switch in GNOME Control Center's Date and Time module does not work. You can flip it to "On" and it won't give any warning that anything went wrong, but it won't work. Running from command line reveals: (gnome-control-center:24049): datetime-cc-panel-WARNING **: Could not set system to use NTP: GDBus.Error:org.freedesktop.DBus.Error.FileNotFound: No such file or directory Reproducible: Always Steps to Reproduce: 1. Press the switch. Actual Results: Nothing happens, except the switch misleadingly changes. Expected Results: ntpd is enabled or disabled So this is a tricky issue. Asides from the variety of outstanding NTP bugs, this particular problem is that GNOME 3.4 has completely dropped support for NTP unless systemd is enabled. Building gnome-control-center without systemd support just leads to a broken NTP setting. (The timezone setting is also suspiciously broken, but that might be a separate issue so let's not address it here.) But it's also broken on openSUSE even WITH systemd, because we disable systemd-timedated by default - and that's correct for us to do, because we have no ntpd.service file. (We instead use an initscript for ntpd, but initscripts are incompatible with systemd-timedated.) For a long-term solution, we must provide a systemd unit for ntpd and get rid of the initscript. Unfortunately that will probably require some love for YaST. Also, that's not acceptable for 12.2, since we're still required to support SysV init. So for now, we have to either (a) patch gnome-control-center to not require timedated, or (b) patch gnome-control-center to remove the Network Time switch entirely. Unfortunately (a) is very intrusive. Debian has accomplished it, but it requires large changes to both gnome-control-center and gnome-system-daemon. GCC Patch: http://patch-tracker.debian.org/package/gnome-control-center/1:3.4.2+git20121016.29d7c0-1 GSD Patch: http://patch-tracker.debian.org/package/gnome-settings-daemon/3.4.2+git20120925.a4c817-2 (b) seems hardly a better option, since providing a GUI for NTP is kind of important - but we should consider it. Live CD users already must use YaST to configure NTP since the installer is broken; a working GNOME interface will not help with that, so the value of this for 12.2 is limited. (But it would be a shame to release 12.3 with NTP still broken, whereas (a) would address that.)
I need to make one correction: in Factory we do start systemd-timedated, but it is still broken (specifically because we use an ntp initscript rather than installing an ntp service to /usr/lib/systemd/ntp-units.d). timedatectl is broken for the same reason: michael@linux-20cj:~> timedatectl set-ntp TRUE Failed to issue method call: No such file or directory So for 12.3 this is really a base system bug. But for 12.2 it is a GNOME bug (since we cannot require systemd).
"in Factory we do start systemd-timedated" makes no sense, of course it starts whenever dbus wakes it up. Or something like that. (I'm learning. :-) Also I should note that GNOME Control Center uses timedated for everything on the datetime panel regardless of whether or not it's compiled with --enable-systemd....
Vincent says we don't support NTP for SysV init GNOME users: https://mail.gnome.org/archives/desktop-devel-list/2012-January/msg00151.html So that simplifies things a bit.
I have a patch that fixes this for 12.2 by restoring the datetime module of gnome-settings-daemon - pretty much the same thing Debian/Ubuntu did. It's not the lightest or best solution, but it seems to work perfectly. This also fixes the timezone, which is broken in 12.2 but I not in Factory. (Right now the patch does conflict with the patch that allows all users to change the timezone. I'll try to fix that before submitting.) And it should work for SysV init too, yay. We can definitely apply that patch to 12.3 as well, but that won't address the underlying issue. I've added NTP and systemd bugowners Peter and Frederic to help figure out what's wrong - hi. Keep in mind that I'm new and everything I said above may or may not be sensible.
Created attachment 519085 [details] Fix NTP and timezones by reverting to g-s-d for datetime, similar to what Debian does
Created attachment 519086 [details] Follow Debian in restoring the g-s-d datetime plugin that was removed for GNOME 3.4
Created attachment 519087 [details] Rebase finegrained timezone permissions patch
Assigned NEEDINFO maintence for the 12.2 update. The underlying issue is not solved, but these patches will suffice for 12.2, and they could be applied for 12.3 as well if needed. Also, I believe this needs a security audit since it touches Dbus and polkit? Since the patches are somewhat large, it might help to mention that they're (almost but not quite) identical to the Debian ones that I linked to above and just revert code to what it used to be in 12.1.
Also I should have mentioned that the generated code in the g-c-c patch is not a mistake; that's what upstream really used to have. And unlike what we currently have, that worked. :-)
Michael, could you create a maintenancerequest with the updated package, please? I'll let review the fixes from one of our maintainers. Thank you very much for your efforts!
I kind of stalled on this because (a) I don't know how to do a mr for multiple packages at the same time, and (b) I don't know how to do it without conflicting with the ongoing password dialog update/mess. Furthermore the fundamental issue "timedated can't toggle ntp" has not been addressed. =/ But I guess it's my fault for leaving this as a GNOME bug when nothing's wrong with GNOME - marked instead as Basesystem.
Dominique would you be OK with the g-s-d/g-c-c patch I have for 12.2, or do you want a solution from someone more experienced? If my patches are fine, could you help me get it out as I don't know what I'm doing -- is it even possible to release an update for multiple packages, or one that depends on an update to another? Right now the code is sitting here: https://build.opensuse.org/project/show?project=home%3AGolbats_Everywhere%3Abranches%3AopenSUSE%3A12.2%3AUpdate (I understand if those are way too big/intrusive to be a maintenance update.) What about for 12.3 -- it seems that this late it's unlikely timedated or ntpd will be fixed. =/ I haven't attempted to update my patches for 12.3 yet, but I don't think it would be too much work so I can try if you think that'd be best.
Michael, first! Thanks for doing all this! Great to see somebody with so much energy and passion jumping in. The patches don't look wrong for 12.2... in g-c-c, you should correct the .changes to mention the removed patches by name (as per the packaging guidelines)... other than that, it looks ok. The final submit can be done in one step: in the web ui, on your project level, you should see a submit button.. this will take all the updates together and submit them to 12.2:Update.. .where one 'patchinfo' file around them will ensure they go together. It might be worthy to verify what the side effects are if only one of the packages is installed / updated... be it only to be aware for when new bug reports come in, to be able to say "hey, I know what's it: you only installed g-c-c from the updates and missed g-s-d". For 12.3: Tough one.. I recommend to track this in a sep. bug item, to be able to clearly distinguish between the two (makes communication easier). In any case, an upstream bug would be recommended as well: the goal should be to find a solution that works for every case without carrying a patch in the long run
OK thanks. :-) Sorry for the delay on this. Unfortunately I don't think an upstream patch is possible; GNOME made clear it's our job to maintain patches if we don't use the timedated interface, and I'm skeptical that systemd upstream would accept an ntpd initscript support patch... maybe. Anyway I made a new bug against timedated as suggested: Bug #803644
I've submitted my patches to GNOME:Factory as Bug #803644 will likely take a fair bit of work to address and that's unlikely to happen before 12.3.
This is an autogenerated message for OBS integration: This bug (796055) was mentioned in https://build.opensuse.org/request/show/156384 Maintenance /
Update released for openSUSE 12.2.
openSUSE-RU-2013:0391-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 796055 CVE References: Sources used: openSUSE 12.2 (src): gnome-control-center-3.4.3.1-3.19.1, gnome-control-center-branding-openSUSE-12.2-2.4.2, gnome-settings-daemon-3.4.2-3.8.1
Dominique, should I submit this as an update for 12.3 as well, since I think it's too late for my SRs to be forwarded to 12.3?
(In reply to comment #19) > Dominique, should I submit this as an update for 12.3 as well, since I think > it's too late for my SRs to be forwarded to 12.3? Yes, please do... sorry for lapsing that.
This is an autogenerated message for OBS integration: This bug (796055) was mentioned in https://build.opensuse.org/request/show/158145 Maintenance /
Update released for openSUSE 12.3. Resolved fixed.
On 12.3 this has made it impossible to change the timezone from the gnome-control-center without entering the root password. This was actually working in stock 12.3 without the update. Re-opening against 12.3...
The problem is that gnome-settings-daemon doesn't provide any finegrained polkit access to datetime settings - it's either permission to change everything datetime-related, or permission to change none. The special timezone-only permission was provided by timedated. If you want to be able to change the timezone without authentication we will have to (a) patch 12.2/12.3 gnome-settings-daemon timezone portion to respect the timedated policy instead of its own, or (b) adjust the current patch to use timedated for timezone switching and gnome-settings-daemon only for NTP, or (c) drop the current patch and write a new one where g-c-c does the NTP switch itself. I think (a) would probably be easiest... just that won't be useful in the long term, because this patch never made it into GNOME:Factory. systemd 198 provides a CanNTP property which GNOME 3.8 checks, so the patch isn't needed anymore. In Factory you should currently be able to change timezone without authentication. The long term problems are: * the NTP toggle will be insensitive unless something changes, since CanNTP ought to return false, since there's no NTP unit (Bug #803644). * we really need to rebase/upstream the finegrained-tz-polkit patch.
Hi Michael! The previous patch worked, and while ntp integration in g-c-c was broken, as you rightly point out, my understanding is that enabling it in YaST is a do-it-once-and-forget sort of thing. Requiring a root password every time to change the timezone makes it quite clumsy on the other hand (may be I am biased because I am travelling all the time and have to make use of the change timezone feature often, but nonetheless...) I think this is quite a severe usability regression from stock 12.3 (and indeed 12.2), and if nothing else, I would request that the previous patch be restored in favour of the present one.
I'll try to get them both working together, then.
Thanks a lot, that will be awesome, Mike!
I have an update prepared for 12.3 https://build.opensuse.org/project/show?project=home%3AGolbats_Everywhere%3Abranches%3AopenSUSE%3A12.3%3AUpdate which updates gnome-settings-daemon and gnome-control-center to allow changing the timezone without the root password if system policy allows it. Specifically, org.freedesktop.timedate1.set-timezone is used, as it was when 12.2 and 12.3 were released, rather than the more general (and, by default, more restrictive) org.gnome.settingsdaemon.datetimemechanism.configure. Sorry for having broken this Atri; I was focused on getting NTP working and I didn't realize the importance of the timezone patch. Can I submit a maintenance request? (I'll need to prepare an equivalent update for 12.2 as well.)
Hi Michael, could you create a maintenancerequest with the updated packages please? We'll start an update. Thanks!
(In reply to comment #28) Thanks a ton, Michael! I tried the updated packages and they fix the timezone change lockdown issue in gnome-control-center completely. Thank you.
Update released for openSUSE 12.2 and 12.3. Resolved fixed.
openSUSE-RU-2013:0739-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 796055 CVE References: Sources used: openSUSE 12.2 (src): gnome-control-center-3.4.3.1-3.25.1, gnome-settings-daemon-3.4.2-3.14.1
openSUSE-RU-2013:0962-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 796055 CVE References: Sources used: openSUSE 12.3 (src): gnome-control-center-3.6.3-3.20.1, gnome-settings-daemon-3.6.3-3.10.1