[OpenWrt-Devel] base-files: sysfixtime exclude dnsmasq.time

Message ID	1442912718-6840-1-git-send-email-kevin@darbyshire-bryant.me.uk
State	Superseded
Headers	show Return-Path: <openwrt-devel-bounces@lists.openwrt.org> from: .darbyshire-bryant. - helo: .emea01-db3-obe.outbound.protection.outlook. - helo-domain: .outlook.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -7.7 From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> To: <openwrt-devel@lists.openwrt.org> Date: Tue, 22 Sep 2015 10:05:18 +0100 Message-ID: <1442912718-6840-1-git-send-email-kevin@darbyshire-bryant.me.uk> MIME-Version: 1.0 Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM2PR07MB0932; 23:8Tmt4P5+5bsLDyC1XvGa2AUyHMwzOsY/3wsoywQje?= =?us-ascii?Q?OSxe7Qhwbo6+CM09Oa8LiY9KIkZOrkzWD5oEf86PzWbXZ0YJvtjjfiyoJFKa?= =?us-ascii?Q?LL8C61hgr5DvUUEFl6i/4IXQJEcoPastdoSpAAIbMTXPR8qS7G6qg6ISg9BG?= =?us-ascii?Q?AhvHr2EdK1zuZycgR8JuMavSCL4rpQEcUQObF/8LVDclHf5QeFqWUkLOrC2i?= =?us-ascii?Q?u2AFKw/3BY/kEnV6QIkK3Q3fsh/GEluGFcHJb9PzLt7VIFAm43jW90Qg6a0k?= =?us-ascii?Q?Wp+I1xxlNRhnzhrMeKAaT3NmBkUFeQsqCSxc7gT0a0qcfD31G4aFh23bkXIL?= =?us-ascii?Q?pmXWTNYVZ8vUlHu7bQTOaCmdl2nTXgRh/nnDdE3vZM86SYfHIFaIIN5zSuJ+?= =?us-ascii?Q?sK8v8aNGjPHKWlyXm++wWXC62+rhgPPwhyyZmy+TwgM3B5p7VRWCyX67XaLL?= =?us-ascii?Q?e4r/NxgrZj51QcHprLlPVdhp/5AzJ1hBpm1b0yZZCxajeB9C1bd9Tn+PnDCq?= =?us-ascii?Q?OESRda2SfIq/+YNw5yt7DZJDqjdR/j6t3oN1NMf1NuW6PmeP3JAT/bJheeyC?= =?us-ascii?Q?2V84fEaAJByWKGJ+CyCdLkdOCDyoPx6tAaCTchOb/WHC9qgUk2ENDY+2Wy7h?= =?us-ascii?Q?tkdsbuxluDoODYAcvOdEDbDljgkSwCC4CH7Nb+3sravb6Tos4dfN+BucYJXS?= =?us-ascii?Q?z1O3UZnC/ZZ2L0ETLTzsv+L9/ZO7YDohcrcv8qvJADyBlRbOH2YYBK2jwBoZ?= =?us-ascii?Q?4OB2MOkyYsO/nFtgndmbzIaaQvkYI0nXs2Z+qhMpcU1Wk4Jp1HiTBMMmjgns?= =?us-ascii?Q?7THedKeYzFxmV9WEIRWsZqqOzznx4JxLoA1Opt/Cur++AwWSHNMEJYeX4Qgb?= =?us-ascii?Q?B2zdmDt1AaJpisvWnRMxaLoQaQRlhstYeJGodlZG8XVc9Wsf7Rgv0W7BnR5A?= =?us-ascii?Q?fAzySZG48Qfb5mQ2HNag04bv6Q2LA2cAWuOh1lPsbeQD+Cn2HyyMM1vOUXuq?= =?us-ascii?Q?Rq3+WmZpjsW3bQO6Kgy+a1SglM/GlPSq46nNQQik1taSEGMvIrLbZPBE+nj9?= =?us-ascii?Q?R5KCyQnCIO2k6v5wDDkvQ0IS/mNdgORsVXs3DrZ7erH1h15BN3xZAF0oyaE4?= =?us-ascii?Q?e3TQzlTL5K4zvShENnyzVCNsFt5nLdosOZ1hkFpi/kH0jqcgWQjnfbSbpzOM?= =?us-ascii?Q?j+YGUikDsF+LMdLUH6z8O1R2apTHEAyDLFvgiF3YA+k4nM87QPg1wPbtHHNp?= =?us-ascii?Q?yYPZsSXcjW4MddnqK+Jo7KVEFsbCg3OBrCQQwPjDq8xofvTM18/fl8pE6WKT?= =?us-ascii?B?dz09?= X-Microsoft-Exchange-Diagnostics: 1; AM2PR07MB0932; 5:uw9yVLTRSqHug5ewcDHGebYPx7Zyo+ytFRY+5rk+AjN6c2OjHFPBd5TdXdMNRj1CMnv8OqhQStL4FTs8arOTY3u5Tthn5l+A9VmqVGQSIYOHt/ECNMgAhF/PRLtfEAYZI1gYzr18rASRRJv9g+dTVQ==; 24:YFw9Be6YOu4/ab4R4qFcRAJY0Ja5vKWjxw9X5Xa6cub2rICk+uPzdpgxfVI2VKbdbAylFiMi4TzTscu5euphLk7VLVPh2a3LfhZeOPkMRP0=; 20:vLKdXT/o+oNnHuEUqiNRQ19PSsTXfyAPOGLVQo/zqOi8m+llWvH0KZ9IHZpSqKQfx6sPEy0bZzj0SzALji2LCQ== SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM Subject: [OpenWrt-Devel] [PATCH] base-files: sysfixtime exclude dnsmasq.time Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openwrt-devel-bounces@lists.openwrt.org Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

Message ID

1442912718-6840-1-git-send-email-kevin@darbyshire-bryant.me.uk

State

Superseded

Headers

From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
To: <openwrt-devel@lists.openwrt.org>
Date: Tue, 22 Sep 2015 10:05:18 +0100
Message-ID: <1442912718-6840-1-git-send-email-kevin@darbyshire-bryant.me.uk>
MIME-Version: 1.0
Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not
	designate permitted sender hosts)
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2015 09:05:34.5618
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM2PR07MB0932
Subject: [OpenWrt-Devel] [PATCH] base-files: sysfixtime exclude dnsmasq.time
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

Commit Message

Kevin Darbyshire-Bryant Sept. 22, 2015, 9:05 a.m. UTC

dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps.  By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the last
time that dnsmasq considered current even though that time is in
the past.  Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.

In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of openWrt shutdown/reboot.

Either way, including /etc/dnsmasq.time as a time source for sysfixtime
is not helpful.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
---
 package/base-files/files/etc/init.d/sysfixtime | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Bastian Bittorf Sept. 22, 2015, 5:34 p.m. UTC | #1

* Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [22.09.2015 11:06]:
> Either way, including /etc/dnsmasq.time as a time source for sysfixtime
> is not helpful.

please drop this patch, i will send a V2 which is faster - thanks Kevin for V1

bye, bastian

Kevin Darbyshire-Bryant Sept. 22, 2015, 6:33 p.m. UTC | #2

Patch dropped. Thanks for picking it up & improving. 

Kevin

--
Cheers,

Kevin@Darbyshire-Bryant.me.uk

Sent from my phone, apologies for brevity, spelling & top posting

> On 22 Sep 2015, at 18:41, Bastian Bittorf <bittorf@bluebottle.com> wrote:
> 
> * Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> [22.09.2015 11:06]:
>> Either way, including /etc/dnsmasq.time as a time source for sysfixtime
>> is not helpful.
> 
> please drop this patch, i will send a V2 which is faster - thanks Kevin for V1
> 
> bye, bastian

diff --git a/package/base-files/files/etc/init.d/sysfixtime b/package/base-files/files/etc/init.d/sysfixtime
index 4010e06..218ef20 100755
--- a/package/base-files/files/etc/init.d/sysfixtime
+++ b/package/base-files/files/etc/init.d/sysfixtime
@@ -5,7 +5,7 @@  START=00
 
 boot() {
 	local curtime="$(date +%s)"
-	local maxtime="$(find /etc -type f -exec date -r {} +%s \; | sort -nr | head -n1)"
+	local maxtime="$(find /etc -type f -path /etc/dnsmasq.time -prune -o -exec date -r {} +%s \; | sort -nr | head -n1)"
 	[ $curtime -lt $maxtime ] && date -s @$maxtime
 }