chrony: make default pools optional

Move the baked-in `resinio.pool.ntp.org` entries out of `chrony.conf` and into
`balena-ntp-config` so they can be suppressed by setting `ntpServers` to
"null". Custom config entries keep using `added_config.sources` while defaults
now live in `default.sources`, matching the DHCP split. The README now explains
the unset/"null"/custom behaviors.

Fixes: #3680

Change-type: patch
Signed-off-by: Shaun Cooley <365611+shaunco@users.noreply.github.com>

Author: shaunco

README.md

@@ -193,12 +193,11 @@ The behavior of balenaOS can be configured by setting the following keys in the
 
 ### ntpServers
 
-(string) A space-separated list of NTP servers to use for time synchronization. Defaults to `resinio.pool.ntp.org` servers:
+(string) A space-separated list of NTP servers to use for time synchronization.
 
-- `0.resinio.pool.ntp.org`
-- `1.resinio.pool.ntp.org`
-- `2.resinio.pool.ntp.org`
-- `3.resinio.pool.ntp.org`
+- When `ntpServers` is not defined, or empty, the following default pools are added to the chrony configuration: `0.resinio.pool.ntp.org`, `1.resinio.pool.ntp.org`, `2.resinio.pool.ntp.org`, `3.resinio.pool.ntp.org`.
+- When `ntpServers` is "null" (a string), no default pools are added. This is useful when your network provides its own NTP servers via DHCP Option 42 or when no external NTP access is desired.
+- When `ntpServers` is defined and not "null", only the listed servers are added (in addition to any servers supplied through DHCP Option 42).
 
 ### dnsServers
 

meta-balena-common/recipes-connectivity/balena-ntp-config/balena-ntp-config/balena-ntp-config

@@ -9,6 +9,8 @@ set -e
 
 SERVER_DIR=/run/chrony
 SERVER_FILE=${SERVER_DIR}/added_config.sources
+DEFAULT_SERVER_FILE=${SERVER_DIR}/default.sources
+DEFAULT_NTP_SERVERS="0.resinio.pool.ntp.org 1.resinio.pool.ntp.org 2.resinio.pool.ntp.org 3.resinio.pool.ntp.org"
 
 if [ ! -f "$CONFIG_PATH" ]; then
 	echo "balena-ntp-config: $CONFIG_PATH does not exist."
@@ -25,12 +27,26 @@ fi
 if [ -f "$SERVER_FILE" ]; then
 	rm -f $SERVER_FILE
 fi
+if [ -f "$DEFAULT_SERVER_FILE" ]; then
+	rm -f $DEFAULT_SERVER_FILE
+fi
 
-if [ ! -z "$NTP_SERVERS" ]; then
-	echo "Adding NTP sources (config.json)"
-	for server in ${NTP_SERVERS}; do
-		echo "pool $server iburst minpoll 14 maxpoll 14 maxsources 1" >> $SERVER_FILE
+add_servers() {
+	local target_file=$1
+	local servers=$2
+	for server in $servers; do
+		echo "pool $server iburst minpoll 14 maxpoll 14 maxsources 1" >> "$target_file"
 	done
+}
+
+if [ "$NTP_SERVERS" = "null" ]; then
+	echo "balena-ntp-config: Default NTP sources disabled via config.json"
+elif [ -n "$NTP_SERVERS" ]; then
+	echo "Adding NTP sources (config.json)"
+	add_servers "$SERVER_FILE" "$NTP_SERVERS"
+else
+	echo "balena-ntp-config: Using default NTP sources"
+	add_servers "$DEFAULT_SERVER_FILE" "$DEFAULT_NTP_SERVERS"
 fi
 
 # Always update the sources as they may have been added or removed.

meta-balena-common/recipes-core/chrony/files/chrony.conf

@@ -1,7 +1,3 @@
-pool 0.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1
-pool 1.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1
-pool 2.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1
-pool 3.resinio.pool.ntp.org iburst minpoll 14 maxpoll 14 maxsources 1
 sourcedir /run/chrony
 driftfile /var/lib/chrony/drift
 maxupdateskew 100