Ubuntu relies on ntpd-rs: Rust for precise time synchronization
Ubuntu plans to introduce ntpd-rs as the standard for time synchronization. The Rust implementation is intended to replace chrony and other tools.
(Image: heise medien)
Ubuntu is fundamentally revamping its time synchronization: in upcoming releases of the Linux distribution, ntpd-rs is set to become the standard for NTP services. The Rust implementation will eventually replace chrony and is also planned to replace linuxptp and gpsd. With this, Canonical aims for a unified, memory-safe time synchronization under Linux.
ntpd-rs fully implements the Network Time Protocol (NTP), including Network Time Security (NTS). The Trifecta Tech Foundation is developing the project as part of “Project Pendulum”. It aligns with Ubuntu's strategy of replacing central system tools with new Rust developments, following sudo-rs and the uutils coreutils. ntpd-rs is already running productively at Let’s Encrypt: the certification authority adopted the daemon into its production environment in June 2024.
NTP, NTS and PTP under one roof
At the heart of the change is the consolidation of previously separate tools. In many setups today, multiple components run in parallel – for example, chrony for classic NTP synchronization and linuxptp for high-precision synchronization via PTP. In the future, ntpd-rs is intended to handle both tasks. To achieve this, the Trifecta Tech Foundation is integrating its PTP implementation “Statime” directly into ntpd-rs. NTP covers typical requirements in the millisecond range, while PTP provides sub-microsecond accuracy for specialized environments such as telecommunications networks or automotive systems. A data center could thus manage standard and high-precision time sources through a single tool, instead of operating two separate daemons with different configuration models.
Security is another focus. Rust already eliminates entire classes of memory errors such as buffer overflows or use-after-free at compile time. Additionally, Canonical intends to transfer chrony's isolation mechanisms: AppArmor and seccomp profiles are intended to confine ntpd-rs just as tightly as its predecessor. Memory-safe code and restrictive runtime profiles together significantly reduce the attack surface, especially when processing network traffic.
From GPS to gPTP: planned extensions
Functionally, the Trifecta Tech Foundation also plans to expand ntpd-rs. Planned features include multi-homing for operation over multiple network interfaces, multi-threading in server operation, and the connection of external time sources such as GPS receivers via gpsd sockets. In the PTP area, profiles like gPTP, used in deterministic networks in the automotive industry, will be added. Experimentally, ntpd-rs is also intended to support the Client-Server PTP protocol (CSPTP, IEEE P1588.1).
Usability is also set to improve. Current PTP setups often require multiple daemons and complex parameter combinations. ntpd-rs aims to replace this with a unified configuration. Furthermore, improvements in logging and CLI tools are planned.
Relevant for enterprise use: ntpd-rs uses rustls as its TLS stack but is intended to optionally integrate OpenSSL as a crypto backend. This allows its use in regulated environments that mandate specific cryptography libraries.
Videos by heise
Trial run and roadmap
Before widespread adoption, Canonical plans extensive comparative tests against chrony. The focus will be on synchronization accuracy, CPU and memory consumption, and long-term stability. chrony is considered mature and is the benchmark in many productive environments.
The planned introduction, according to Canonical's announcement, will be phased: ntpd-rs will initially be available in the package repositories for testing in Ubuntu 26.10. From Ubuntu 27.04 onwards, it is intended to run by default, with integrated PTP functionality and a unified binary for NTP, NTS, and PTP. Canonical is financing the development work between July 2026 and January 2027 through the Trifecta Tech Foundation.
Since time synchronization plays a key role in TLS certificate validation and the consistency of distributed systems, the choice of the underlying implementation is crucial. Consolidating multiple services into one tool could simplify operations and troubleshooting. However, this is contingent on ntpd-rs achieving the stability level of its established competitors.
(fo)
