Commit bbeded14 authored by intrigeri's avatar intrigeri
Browse files

Turn the htpdate SysV initscript into a native systemd service.

parent 937afd02
#!/bin/sh
set -e
echo "Configuring htpdate HTTP User-Agent"
CONFFILE='/etc/default/htpdate.user-agent'
install -o root -g root -m 0644 /dev/null "$CONFFILE"
echo "HTTP_USER_AGENT=\"$(/usr/local/bin/getTorBrowserUserAgent)\"" \
> "$CONFFILE"
......@@ -260,5 +260,5 @@ fi
touch $TORDATE_DONE_FILE
log "Restarting htpdate"
service htpdate restart
systemctl restart htpdate.service
log "htpdate service restarted with return code $?"
HTP_POOL_PAL="boum.org,chavez.indymedia.org,db.debian.org,epic.org,mail.riseup.net,sarava.org,squat.net,tachanka.org,www.1984.is,www.eff.org,www.immerda.ch,www.privacyinternational.org,www.torproject.org"
HTP_POOL_NEUTRAL="cve.mitre.org,en.wikipedia.org,lkml.org,thepiratebay.org,www.apache.org,www.centos.org,www.democracynow.org,www.duckduckgo.com,www.gnu.org,www.kernel.org,www.mozilla.org,www.stackexchange.com,www.startpage.com,www.xkcd.com"
HTP_POOL_FOE="encrypted.google.com,github.com,login.live.com,login.yahoo.com,secure.flickr.com,tumblr.com,twitter.com,www.adobe.com,www.gandi.net,www.myspace.com,www.paypal.com,www.rsa.com,www.sony.com"
HTTP_USER_AGENT="$(/usr/local/bin/getTorBrowserUserAgent)"
#! /bin/sh
### BEGIN INIT INFO
# Provides: htpdate
# Default-Start:
# Default-Stop:
# Required-Start: mountkernfs $local_fs
# Required-Stop:
# Short-Description: Set time using HTP
# Description: Set time using HTP
### END INIT INFO
DESC="Setting time using HTP"
NAME=htpdate
SCRIPTNAME=/etc/init.d/$NAME
HTP_DIR=/var/run/$NAME
PIDFILE=$HTP_DIR/pid
HTP_DONE_FILE=$HTP_DIR/done
HTP_SUCCESS_FILE=$HTP_DIR/success
LOG=/var/log/$NAME.log
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
# Create status directory and log file
install -o root -g root -m 0755 -d ${HTP_DIR}
install -o htp -g nogroup -m 0644 /dev/null ${LOG}
# Source configuration
. /etc/default/$NAME
log() {
echo "$@" >> "${LOG}"
}
# Sanity checks
if [ -z "$HTTP_USER_AGENT" ]; then
log "HTTP_USER_AGENT is not set."
exit 2
fi
if [ -z "$HTP_POOL_PAL" ]; then
log "HTP_POOL_PAL is not set"
exit 3
fi
if [ -z "$HTP_POOL_NEUTRAL" ]; then
log "HTP_POOL_NEUTRAL is not set"
exit 3
fi
if [ -z "$HTP_POOL_FOE" ]; then
log "HTP_POOL_FOE is not set"
exit 3
fi
do_start() {
if [ -e "$HTP_DONE_FILE" ]; then
rm -f "$HTP_DONE_FILE"
fi
if [ -e "$HTP_SUCCESS_FILE" ]; then
rm -f "$HTP_SUCCESS_FILE"
fi
start-stop-daemon -S -q -p ${PIDFILE} -bm -x /usr/local/sbin/htpdate -- \
--debug \
--log_file "$LOG" \
--user_agent "$HTTP_USER_AGENT" \
--allowed_per_pool_failure_ratio 0.34 \
--user htp \
--done_file "$HTP_DONE_FILE" \
--success_file "$HTP_SUCCESS_FILE" \
--pal_pool "$HTP_POOL_PAL" \
--neutral_pool "$HTP_POOL_NEUTRAL" \
--foe_pool "$HTP_POOL_FOE" \
--proxy 127.0.0.1:9062
return $?
}
do_stop() {
start-stop-daemon -K -q -p ${PIDFILE}
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "$DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
do_stop
;;
restart)
do_stop
do_start
;;
*)
echo "Usage: $SCRIPTNAME (start|stop|restart)" >&2
exit 3
;;
esac
:
[Unit]
Description=Setting time using HTP
Documentation=https://tails.boum.org/contribute/design/Time_syncing/
[Service]
Type=simple
Environment=DONE_FILE=/run/htpdate/done
Environment=SUCCESS_FILE=/run/htpdate/success
Environment=LOG=/var/log/htpdate.log
EnvironmentFile=/etc/default/htpdate.*
ExecStartPre=/bin/sh -c '[ -n "${HTTP_USER_AGENT}" ]'
ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_PAL}" ]'
ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_NEUTRAL}" ]'
ExecStartPre=/bin/sh -c '[ -n "${HTP_POOL_FOE}" ]'
ExecStartPre=/bin/rm -f "${DONE_FILE}"
ExecStartPre=/bin/rm -f "${SUCCESS_FILE}"
ExecStartPre=/usr/bin/install -o root -g root -m 0755 -d /run/htpdate
ExecStartPre=/usr/bin/install -o htp -g nogroup -m 0644 /dev/null "${LOG}"
ExecStart=/usr/local/sbin/htpdate \
--debug \
--log_file "${LOG}" \
--user_agent "${HTTP_USER_AGENT}" \
--allowed_per_pool_failure_ratio 0.34 \
--user htp \
--done_file "${DONE_FILE}" \
--success_file "${SUCCESS_FILE}" \
--pal_pool "${HTP_POOL_PAL}" \
--neutral_pool "${HTP_POOL_NEUTRAL}" \
--foe_pool "${HTP_POOL_FOE}" \
--proxy 127.0.0.1:9062
RemainAfterExit=yes
......@@ -162,7 +162,7 @@ the the other pools. The pools are as follows:
* The "neutral" pool members have a neutral raltionship to both the
"pal" and "foe" pool.
The pools are listed in [[!tails_gitweb config/chroot_local-includes/etc/default/htpdate]].
The pools are listed in [[!tails_gitweb config/chroot_local-includes/etc/default/htpdate.pools]].
Basically, Tails `htpdate` pick three random servers (one from each
pool), and then build the mediate of the three advertised dates.
......@@ -188,3 +188,8 @@ efforts and compromise should be made to prevent these?
A Network Manager hook runs the whole thing:
[[!tails_gitweb config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh]].
See also:
* [[!tails_gitweb config/chroot_local-hooks/46-configure-htpdate]]
* [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
......@@ -92,7 +92,7 @@ in [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]:
Applications are configured to use the right SOCKS port:
- [[!tails_gitweb config/chroot_local-includes/etc/tor-browser/profile/preferences/0000tails.js]]
- [[!tails_gitweb config/chroot_local-includes/etc/init.d/htpdate]]
- [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/htpdate.service]]
- [[!tails_gitweb config/chroot_local-includes/etc/tor/tor-tsocks-mua.conf]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/tails-security-check]]
- [[!tails_gitweb config/chroot_local-includes/usr/local/bin/torified-claws-mail]]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment