Kicksecure and syncing the clock

I switched my main TemplVM to Kicksecure and since then I have problems with sdwdate.

  • oathtool doesn’t give the right OTP anymore since the time is always inaccurate.
  • some networking apps that require syncing fail, also because of the clock.

Any way to fix this? Should I just use NTP (or maybe ntpsec) in the ClockVM?

Can you try to run sudo qvm-sync-clock in dom0 and then sudo systemctl restart sdwdate in the DispVM?

It seems to not be happening right now. I think it’s an intermittent error.

Now it’s happening again, even after doing this.

Shouldn’t sdwdate be disable in an offline VM (like the one I use for oathtool)?

For some reason it’s happening to me too randomly.
If the qube is offline then you can disable sdwdate since it can’t reach any domains for its test.

I think the problem was this supposedly fixed issue with qubes-sync-time. I fixed it for me by adding these 2 lines to /etc/rc.local (so it works for all VMs):

rm -v /var/run/qubes-service/clocksync
service qubes-sync-time restart

I also uninstalled sdwdate because it requires Tor working on the ClockVM (sys-net) and I’m using chrony instead (the default in Ubuntu nowadays). Uninstalling sdwdate triggered uninstalling a few things, so I’m not running a pure Kicksecure installation anymore.