From patchwork Tue Sep 22 17:52:05 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bastian Bittorf <bittorf@bluebottle.com>
X-Patchwork-Id: 521344
Return-Path: <openwrt-devel-bounces@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from arrakis.dune.hu (arrakis.dune.hu [78.24.191.176])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id C1A1A1400A0
	for <incoming@patchwork.ozlabs.org>;
	Wed, 23 Sep 2015 03:57:30 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (1024-bit key;
	unprotected) header.d=bluebottle.com header.i=@bluebottle.com
	header.b=FQ/wHyAD; dkim-atps=neutral
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id BEE9B284967;
	Tue, 22 Sep 2015 19:56:08 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on arrakis.dune.hu
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	T_DKIM_INVALID, T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.2
Received: from arrakis.dune.hu (localhost [127.0.0.1])
	by arrakis.dune.hu (Postfix) with ESMTP id A617428040D
	for <openwrt-devel@lists.openwrt.org>;
	Tue, 22 Sep 2015 19:56:05 +0200 (CEST)
X-policyd-weight: using cached result; rate:hard: -8.5
Received: from mail.bluebottle.com (mail.bluebottle.com [176.9.67.91])
	by arrakis.dune.hu (Postfix) with ESMTP
	for <openwrt-devel@lists.openwrt.org>;
	Tue, 22 Sep 2015 19:56:05 +0200 (CEST)
Received: from localhost (p57AB0CA5.dip0.t-ipconnect.de [87.171.12.165])
	(using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: bittorf@bluebottle.com)
	by mail.bluebottle.com (Postfix) with ESMTPSA id D5F1C1B10A;
	Tue, 22 Sep 2015 17:57:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bluebottle.com; s=fe0;
	t=1442944641; bh=U6KRwubWLG5FgjQwNTBt9IDehdRQ0iDk2n3FLkvp57s=;
	l=2214; h=Date:From:To:Cc:Subject:From;
	b=FQ/wHyADh4d28kC2Kbxxq70KTyE+PYytEh9+ayBt4cw9lL3Ly4kBfTy4NAyFOBZp7
	g3ZhmIwUp8QbM+ebnLxB4JAgiVFllYbKqZpDPpRnSOl9K1T3tWOu38nKIZP60Dafwy
	Wp1VQ6P1bQEFg4+puaW+PSM2GlVQWAroAT0P0DNA=
Date: Tue, 22 Sep 2015 19:52:05 +0200
From: Bastian Bittorf <bittorf@bluebottle.com>
To: openwrt-devel@lists.openwrt.org
Message-ID: <20150922175205.GA24405@medion.lan>
Mail-Followup-To: openwrt-devel@lists.openwrt.org,
	kevin@darbyshire-bryant.me.uk
MIME-Version: 1.0
Content-Disposition: inline
X-Editor: vi http://ex-vi.sourceforge.net/
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Virus-Scanned: clamav-milter 0.98.7 at fe0
X-Virus-Status: Clean
Subject: [OpenWrt-Devel] [PATCH v2] base-files: init/sysfixtime - exclude
	dnsmasq.time
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/options/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: 
 <https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel>,
	<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Errors-To: openwrt-devel-bounces@lists.openwrt.org
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>

dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps.  By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the last
time that dnsmasq considered current even though that time is in
the past.  Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.

In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of openWrt shutdown/reboot.

Either way, including /etc/dnsmasq.time as a time source for sysfixtime
is not helpful.

for safing time we dont read the filedate of every file,
but only the newest in each subdirectory of /etc and sort them.
this speeds up from 1.72 sec to 0.51 sec on my router.

v1 - original concept from Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
v2 - speedup + update copyright date

Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
---
 package/base-files/files/etc/init.d/sysfixtime |   13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/package/base-files/files/etc/init.d/sysfixtime b/package/base-files/files/etc/init.d/sysfixtime
index 4010e06..b3e3862 100755
--- a/package/base-files/files/etc/init.d/sysfixtime
+++ b/package/base-files/files/etc/init.d/sysfixtime
@@ -1,11 +1,20 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2013-2014 OpenWrt.org
+# Copyright (C) 2013-2015 OpenWrt.org
 
 START=00
 
 boot() {
 	local curtime="$(date +%s)"
-	local maxtime="$(find /etc -type f -exec date -r {} +%s \; | sort -nr | head -n1)"
+	local maxtime="$(maxtime)"
+
 	[ $curtime -lt $maxtime ] && date -s @$maxtime
 }
 
+maxtime() {
+	local dir file
+
+	find /etc -type d | while read dir; do
+		file="$dir/$( ls -1t "$dir" | head -n1 )"
+		[ -e "$file" -a "$file" != '/etc/dnsmasq.time' ] && date -r "$file" +%s
+	done | sort -nr | head -n1
+}