diff options
| author | Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> | 2016-05-05 12:34:49 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jo@mein.io> | 2016-05-18 22:17:33 +0200 |
| commit | 382779e009af7c1c688fbd98adf71fb19ce66254 (patch) | |
| tree | b4db3035f3b9a6d1cf6ac48ad53d5c23e37b9149 /package/base-files | |
| parent | c19b7aaac5f861a20be9a7ddcce3832f6ba4a899 (diff) | |
| download | master-31e0f0ae-382779e009af7c1c688fbd98adf71fb19ce66254.tar.gz master-31e0f0ae-382779e009af7c1c688fbd98adf71fb19ce66254.tar.bz2 master-31e0f0ae-382779e009af7c1c688fbd98adf71fb19ce66254.zip | |
base-files: sysfixtime exclude dnsmasq.time
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Diffstat (limited to 'package/base-files')
| -rwxr-xr-x | package/base-files/files/etc/init.d/sysfixtime | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/package/base-files/files/etc/init.d/sysfixtime b/package/base-files/files/etc/init.d/sysfixtime index ab946f6518..1354a586ce 100755 --- a/package/base-files/files/etc/init.d/sysfixtime +++ b/package/base-files/files/etc/init.d/sysfixtime @@ -10,8 +10,8 @@ HWCLOCK=/sbin/hwclock boot() { start && exit 0 + local maxtime="$(maxtime)" local curtime="$(date +%s)" - local maxtime="$(find /etc -type f -exec date -r {} +%s \; | sort -nr | head -n1)" [ $curtime -lt $maxtime ] && date -s @$maxtime } @@ -23,3 +23,12 @@ stop() { [ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -f $RTC_DEV && \ logger -t sysfixtime "saved '$(date)' to $RTC_DEV" } + +maxtime() { + local file newest + + for file in $( find /etc -type f ! -path /etc/dnsmasq.time ) ; do + [ -z "$newest" -o "$newest" -ot "$file"] && newest=$file + done + [ "$newest" ] && date -r "$newest" +%s +} |