{{Header}} {{#seo: |description=extracting time from Tor consensus }} = anondate-get = Diagnostic utility. anondate-get. A "higher level" easier to use tool than the "lower level" anondate. Usage of anondate-get should be safe. It does not use networking. It does not change time. Only looks at locally available information. {{CodeSelect|code= sudo anondate-get }} Sample output.
/usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok.
/usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok.
/usr/sbin/anondate-get: INFO: Tor circuit already established, ok.
/usr/sbin/anondate-get: INFO: current time in valid in range, ok.
/usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok.
/usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'.
= anondate-set = Security impact has yet to be documented. anondate-set. {{CodeSelect|code= sudo anondate-set }}
/usr/sbin/anondate-set: INFO: Status file '/run/anondate/tor_certificate_lifetime_set' does not yet exist.
/usr/sbin/anondate-set: INFO: running anondate-get...
/usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok.
/usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok.
/usr/sbin/anondate-get: INFO: Tor circuit already established, ok.
/usr/sbin/anondate-get: INFO: current time in valid in range, ok.
/usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok.
/usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'.
/usr/sbin/anondate-set: END: Exiting with exit_code '3' indicating 'Setting time using anondate either not possible or not required.'.
= anondate = ===== Introduction ===== * TODO: documentation on anondate is outdated * anondate interface description as per latest git master: * https://github.com/{{project_name_short}}/helper-scripts/blob/master/usr/sbin/anondate * See also: [[#Tor Consensus Method]] * Needs access to either: ** /var/run/tor/log [only default in {{project_name_long}} specific] [Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16821 additional /var/run/tor/log default log]] This is better, because it only contains Tor's log since last boot. More relevant information. Easier for anondate to parse. ** Or access to /var/log/tor/log. Configurable through the environment variable TOR_LOG. (export TOR_LOG=/var/log/tor/log) (Or we can change the default in the code.) ===== Consensus Related Options ===== * --verified-only * --prefer-verified * --unverified-only ===== Special Exit Codes ===== * exit 3: $TOR_LOG not readable. * exit 4: $consensus not readable. ===== Simple Status Checking ===== ====== anondate --has-consensus ====== Useful for checking if asking for any [[#Date Ranges Output]] is worthwhile. * yes: ** exit 0 * no: ** exit 1
Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. (consensus/valid-after) * unverified: No. ====== anondate --current-time-in-valid-range ====== Useful for a sanity test before setting the time for the first time and before setting the time to a newly fetched timestamp. * yes: ** exit 0 * no: ** exit 1
Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. (See below.) * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ===== Date Ranges Output ===== ====== anondate --show-valid-after ====== * yes: ** output: 2015-08-15 22:00:00 ** exit 0 * no: ** exit 1
Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. consensus/valid-after * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ====== anondate --show-valid-until ====== * yes: ** output: 2015-08-16 01:00:00 ** exit 0 * no: ** exit 1
Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. consensus/valid-until * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ====== anondate --show-middle-range ====== * yes: ** output: 2015-08-15 23:30:00 ** exit 0 * no: ** exit 1
(A scripted calculation of the above.) ===== Certificate Validity ===== When clock is several months or years fast or slow, Tor cannot even download Tor consensus. Tor however always should be providing a certificate lifetime. For security discussion, see also [[Dev/TimeSync#Tor_Certificate_Lifetime|Tor Certificate Lifetime]]. ====== anondate --tor-cert-lifetime-valid ======
Sep 03 10:32:59.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong.
Sep 03 10:32:59.000 [warn] (certificate lifetime runs from Aug 16 00:00:00 2014 GMT through Jul 29 23:59:59 2015 GMT. Your time is Sep 03 10:32:59 2015 UTC.)
* yes: ** output: Sep 03 10:34:00.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong. ** exit 0 * no: ** exit 1 Can be replaced by Tor ControlPort / python-stem? No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16822 make certificate lifetime accessible through Tor's ControlPort] ====== anondate --tor-cert-valid-after ====== Similar to above, but less output. * output: Jun 16 00:00:00 2014 GMT * Exit codes unreliable. * Don't use without using the above first. * (Could be fixed in the code if worthwhile.) {{Footer}} [[Category:Development]]