From e33b958bdd5d279602ccce1fce877bba1608242b Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sun, 13 Mar 2016 01:15:46 +0000 Subject: [PATCH 1/4] implemented dom0 qubes.GetRandomizedTime Required for fixing 'sys-whonix doesn't connect to Tor after system suspend'. https://github.com/QubesOS/qubes-issues/issues/1764 --- Makefile | 2 + .../qubes.GetRandomizedTime.policy | 6 ++ qubes-rpc/qubes.GetRandomizedTime | 80 +++++++++++++++++++ 3 files changed, 88 insertions(+) create mode 100644 qubes-rpc-policy/qubes.GetRandomizedTime.policy create mode 100755 qubes-rpc/qubes.GetRandomizedTime diff --git a/Makefile b/Makefile index 2282173e..2d3ee271 100644 --- a/Makefile +++ b/Makefile @@ -76,8 +76,10 @@ endif cp qubes-rpc-policy/qubes.NotifyUpdates.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyUpdates cp qubes-rpc-policy/qubes.NotifyTools.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyTools cp qubes-rpc-policy/qubes.GetImageRGBA.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetImageRGBA + cp qubes-rpc-policy/qubes.GetRandomizedTime.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetTime cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/ + cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes-notify-updates $(DESTDIR)/usr/libexec/qubes/ cp qubes-rpc/qubes-notify-tools $(DESTDIR)/usr/libexec/qubes/ mkdir -p "$(DESTDIR)$(FILESDIR)" diff --git a/qubes-rpc-policy/qubes.GetRandomizedTime.policy b/qubes-rpc-policy/qubes.GetRandomizedTime.policy new file mode 100644 index 00000000..0f00b0b6 --- /dev/null +++ b/qubes-rpc-policy/qubes.GetRandomizedTime.policy @@ -0,0 +1,6 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +$anyvm dom0 allow diff --git a/qubes-rpc/qubes.GetRandomizedTime b/qubes-rpc/qubes.GetRandomizedTime new file mode 100755 index 00000000..54d78d1b --- /dev/null +++ b/qubes-rpc/qubes.GetRandomizedTime @@ -0,0 +1,80 @@ +#!/bin/bash + +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2016 Patrick Schleizer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +## Similar code as Boot Clock Randomization. +## https://www.whonix.org/wiki/Boot_Clock_Randomization + +set -e + +## Get a random 0 or 1. +## Will use this to decide to use plus or minus. +## +## Thanks to +## http://linux.byexamples.com/archives/128/generating-random-numbers/ +ZERO_OR_ONE="$(( 0+($(od -An -N2 -i /dev/random) )%(0+2) ))" + +## Create a random number between 0 and 180. +DELAY="$(( $(od -An -N2 -i /dev/random)%(180-0+1) ))" + +## Create a random number between 0 and 999999999. +## +## Thanks to +## https://stackoverflow.com/questions/22887891/how-can-i-get-a-random-dev-random-number-between-0-and-999999999-in-bash +NANOSECONDS="$(shuf -i0-999999999 -n1 --random-source=/dev/random)" + +## Examples NANOSECONDS: +## 117752805 +## 38653957 + +## Add leading zeros, because `date` expects 9 digits. +NANOSECONDS="$(printf '%0*d\n' 9 "$NANOSECONDS")" + +## Using +## printf '%0*d\n' 9 "38653957" +## 38653957 +## becomes +## 038653957 + +## Examples NANOSECONDS: +## 117752805 +## 038653957 + +if [ "$ZERO_OR_ONE" = "0" ]; then + PLUS_OR_MINUS="-" +elif [ "$ZERO_OR_ONE" = "1" ]; then + PLUS_OR_MINUS="+" +else + exit 2 +fi + +#OLD_TIME="$(date)" +#OLD_TIME_NANOSECONDS="$(date +%s.%N)" + +OLD_UNIXTIME="$(date +%s)" + +NEW_TIME="$(( $OLD_UNIXTIME $PLUS_OR_MINUS $DELAY ))" + +NEW_TIME_NANOSECONDS="$NEW_TIME.$NANOSECONDS" + +echo "$NEW_TIME_NANOSECONDS" + +## Testing the `date` syntax: +## date --date @1396733199.112834496 +## date --date "@$NEW_TIME_NANOSECONDS" From 524888d2fdfea9b83b0725f9c1ea9620990cdf0d Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sun, 13 Mar 2016 01:52:03 +0000 Subject: [PATCH 2/4] use shuf rather than od because it is more readable Thanks to @marmarek for the suggestion! https://github.com/QubesOS/qubes-core-admin/pull/23/files#r55930643 --- qubes-rpc/qubes.GetRandomizedTime | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/qubes-rpc/qubes.GetRandomizedTime b/qubes-rpc/qubes.GetRandomizedTime index 54d78d1b..53341f21 100755 --- a/qubes-rpc/qubes.GetRandomizedTime +++ b/qubes-rpc/qubes.GetRandomizedTime @@ -25,13 +25,10 @@ set -e ## Get a random 0 or 1. ## Will use this to decide to use plus or minus. -## -## Thanks to -## http://linux.byexamples.com/archives/128/generating-random-numbers/ -ZERO_OR_ONE="$(( 0+($(od -An -N2 -i /dev/random) )%(0+2) ))" +ZERO_OR_ONE="$(shuf -i0-1 -n1 --random-source=/dev/random)" ## Create a random number between 0 and 180. -DELAY="$(( $(od -An -N2 -i /dev/random)%(180-0+1) ))" +DELAY="$(shuf -i0-180 -n1 --random-source=/dev/random)" ## Create a random number between 0 and 999999999. ## From 2a46ebb205927193b8bb63fa0d1ea278297e235c Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 14 Mar 2016 22:47:46 +0100 Subject: [PATCH 3/4] fixed wrong target filename --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 2d3ee271..189989b5 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ endif cp qubes-rpc-policy/qubes.NotifyUpdates.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyUpdates cp qubes-rpc-policy/qubes.NotifyTools.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyTools cp qubes-rpc-policy/qubes.GetImageRGBA.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetImageRGBA - cp qubes-rpc-policy/qubes.GetRandomizedTime.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetTime + cp qubes-rpc-policy/qubes.GetRandomizedTime.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetRandomizedTime cp qubes-rpc/qubes.NotifyUpdates $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/ From cf5730934a5f51fb69629229c55e2c911dc3fb9e Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Mon, 14 Mar 2016 22:50:46 +0100 Subject: [PATCH 4/4] added to rpm_spec/core-dom0.spec --- rpm_spec/core-dom0.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 66737895..c3584744 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -247,8 +247,10 @@ fi %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyTools %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyUpdates %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMShell +%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.GetRandomizedTime /etc/qubes-rpc/qubes.NotifyTools /etc/qubes-rpc/qubes.NotifyUpdates +/etc/qubes-rpc/qubes.GetRandomizedTime %attr(2770,root,qubes) %dir /var/log/qubes %attr(0770,root,qubes) %dir /var/run/qubes /etc/xdg/autostart/qubes-guid.desktop