Commit Graph

15 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
dce0b28cf4
clock sync: drop untrusted_ prefix after validation, fix error msg 2017-07-12 20:57:52 +02:00
Marta Marczykowska-Górecka
ab88cd9644
minor amends to clock synchronization
renamed date_out variable to untrusted_date_out
2017-07-11 21:39:01 +02:00
Marta Marczykowska-Górecka
6da06d424e
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
9d1b7504da
qvm-sync-clock: allow colon in timezone spec
`date` in debian 9 puts colon there. Since the timezone is not used here
in any way (it operates on UTC time anyway), simply allow this format
too.
2016-07-19 00:46:48 +02:00
Marek Marczykowski-Górecki
fae73e6373
qvm-sync-clock: clarify message on NTP call failed and --force used 2016-03-03 23:47:50 +01:00
Marek Marczykowski-Górecki
3ece17a8cf
qvm-sync-clock: sync dom0 clock only when NTP sync succeeded, even with --force
Otherwise dom0 clock (initially almost ok) may be adjusted to totally
invalid timestamp of ClockVM (for example just after resume from S3
sleep).
2016-02-22 20:56:38 +01:00
Zrubi
2fcd3c6832 new --force option for qvm-sync-clock to be able to bypass time sync errors 2016-02-10 14:55:11 +01:00
Marek Marczykowski-Górecki
6c167911f1 qvm-sync-clock: hide stdout in non-verbose mode 2015-07-08 01:59:49 +02:00
Marek Marczykowski-Górecki
5f9a30d335 qvm-sync-clock: use qubes.SetDateTime service instead of direct "date" call
This way it gives more control over time synchronization to the VM. For
example Whonix VMs can decide to not use this mechanism. Also VM can
choose how that time will be set (chronyc call?). And finally it will be
possible to implement the same for other OS-es (Windows).

Additionally because of calling date as "localcmd" each time, instead of
once at the beginning, time synchronization is more accurrate now. If
some VM stall the time set call, other VMs time will no longer be
affected (but still synchronization will be delayed).
2015-07-08 01:56:38 +02:00
Marek Marczykowski-Górecki
f7c86f861c Prevent GUI usage in qvm-sync-clock 2015-06-23 00:15:21 +02:00
Marek Marczykowski-Górecki
c421dc2a95 Prevent concurrent qvm-sync-clock calls
In some cases qvm-sync-clock can take a long time (for example in case
of network problems, or when some do not responds). This can lead to
multiple qvm-sync-clock hanging for the same reason (blocking vchan
resources). To prevent that create a lock file and simply abort when one
instance is already running.
2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
44f38fe076 Declare file encoding for all python files, fill missing copyright headers
Without that, python do not accept UTF-8 even in comments.
2014-05-18 21:03:27 +02:00
Wojciech Zygmunt Porczyk
45318ecb43 regexp fixes and validation (#829) 2014-05-16 18:35:59 +02:00
Marek Marczykowski-Górecki
0695a5ff82 qvm-sync-clock: don't show unverified output to the terminal 2014-04-15 04:14:45 +02:00
Marek Marczykowski
a84886db07 Move all files one level up 2013-03-16 19:56:51 +01:00