ported to systemd - https://phabricator.whonix.org/T106

debian/control

@@ -6,7 +6,7 @@ Source: timesanitycheck
 Section: misc
 Priority: optional
 Maintainer: Patrick Schleizer <adrelanos@riseup.net>
-Build-Depends: debhelper (>= 9), faketime, genmkfile
+Build-Depends: debhelper (>= 9), faketime, genmkfile, dh-systemd
 Homepage: https://www.whonix.org/wiki/Dev/TimeSync
 Vcs-Browser: https://github.com/Whonix/timesanitycheck
 Vcs-Git: https://github.com/Whonix/timesanitycheck.git

debian/rules

@@ -7,12 +7,9 @@
 #export DH_VERBOSE=1
 
 %:
-	dh $@
+	dh $@ --with systemd
 
 #APPARMOR_PROFILE_NAME=$(shell basename $$(echo ./debian/$(shell dh_listpackages)/etc/apparmor.d/*.*))
 
-override_dh_install:
-	dh_installinit --onlyscripts
-
 override_dh_installchangelogs:
 	dh_installchangelogs changelog.upstream upstream

lib/systemd/system/timesanitycheck

@@ -0,0 +1,19 @@
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+[Unit]
+Description = checks if the system clock is between build timestamp and expiration date
+Documentation = https://github.com/Whonix/timesanitycheck
+Wants = bootclockrandomization.service
+Before = sdwdate.service
+Before = tor.service
+
+[Service]
+Type = oneshot
+RemainAfterExit = yes
+ExecStart = /usr/share/timesanitycheck/start
+ExecStop = /usr/share/timesanitycheck/stop
+
+[Install]
+WantedBy = multi-user.target

usr/lib/tmpfiles.d/timesanitycheck.conf

@@ -0,0 +1,6 @@
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+d /var/run/timesanitycheck 0775 root root
+f /var/log/timesanitycheck.log 0775 root root

usr/share/timesanitycheck/shared

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+set -e
+
+NAME=timesanitycheck
+SCRIPTNAME=/etc/init.d/$NAME
+DIR=/var/run/$NAME
+PIDFILE=$DIR/pid
+FAIL_FILE=$DIR/fail
+SUCCESS_FILE=$DIR/success
+LOG=/var/log/$NAME.log
+
+# Source configuration
+if [ -e /etc/default/$NAME ]; then
+   . /etc/default/$NAME
+else
+   echo "timesanitycheck: /etc/default/$NAME does not exist, using default.
+   ## Expiration date in unixtime.
+   ## date --date "17 MAY 2033 10:00:00" "+%s"
+   ## 1999936800
+   "
+   EXPIRATION_UNIXTIME="1999936800"
+
+   ## Convert seconds since the epoch (1970-01-01 UTC) (unixtime) to a date
+   ## date --date="@1999936800"
+fi
+
+log() {
+   echo "$@" >> "${LOG}"
+}

usr/share/timesanitycheck/start

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+source /usr/share/timesanitycheck/shared
+
+do_start() {
+   if [ -e "$FAIL_FILE" ]; then
+      rm -f "$FAIL_FILE"
+   fi
+   if [ -e "$SUCCESS_FILE" ]; then
+      rm -f "$SUCCESS_FILE"
+   fi
+
+   local build_timestamp_file
+   if [ -f "/usr/share/whonix/build_timestamp" ]; then
+      ## Originally, this was a Whonix specific script.
+      ## Prefer the eventually existing older version.
+      build_timestamp_file="/usr/share/whonix/build_timestamp"
+   elif [ -f /var/lib/anon-dist/build_version ]; then
+      build_timestamp_file="/var/lib/anon-dist/build_version"
+   else
+      ## TODO: What file exists on any system and has a high probability
+      ##       of never getting touched?
+      build_timestamp_file="/usr/share/zoneinfo/UTC"
+   fi
+
+   ## build timestamp
+   BUILD_UNIXTIME="$(date -r "$build_timestamp_file" +%s)"
+   BUILD_TIME="$(date -r "$build_timestamp_file")"
+
+   ## time after boot
+   BOOT_UNIXTIME="$(date +%s)"
+   BOOT_TIME="$(date)"
+
+   ## expiration date
+   ## EXPIRATION_UNIXTIME variable gets sourced from /etc/default/$NAME
+   EXPIRATION_TIME="$(date --date="@$EXPIRATION_UNIXTIME")"
+
+   if [ "$BOOT_UNIXTIME" -lt "$BUILD_UNIXTIME" ]; then
+      MSG="
+The clock is slow.
+       (Current time $BOOT_TIME ($BOOT_UNIXTIME) is less than
+ the build timestamp $BUILD_TIME ($BOOT_UNIXTIME).)
+"
+      log "$MSG"
+      touch "$FAIL_FILE"
+      exit 2
+   fi
+
+   if [ "$BOOT_UNIXTIME" -gt "$EXPIRATION_UNIXTIME" ]; then
+      MSG="
+The clock is fast.
+       (Current time $BOOT_TIME ($BOOT_UNIXTIME) is greater than
+ the build timestamp $EXPIRATION_TIME ($EXPIRATION_UNIXTIME).)
+"
+      log "$MSG"
+      touch "$FAIL_FILE"
+      exit 3
+   fi
+
+   MSG="The clock is sane.
+Current time $BOOT_TIME ($BOOT_UNIXTIME)."
+   log "$MSG"
+   touch "$SUCCESS_FILE"
+}
+
+do_start

usr/share/timesanitycheck/status

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+set -e
+
+source /usr/share/timesanitycheck/shared
+
+do_status() {
+   if [ -e "$FAIL_FILE" ]; then
+      exit 2
+   elif [ -e "$SUCCESS_FILE" ]; then
+      exit 0
+   else
+      exit 3
+   fi
+}
+
+do_status

usr/share/timesanitycheck/stop

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+## This file is part of Whonix.
+## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
+## See the file COPYING for copying conditions.
+
+set -e
+
+source /usr/share/timesanitycheck/shared
+
+do_stop() {
+   if [ -e "$FAIL_FILE" ]; then
+      rm -f "$FAIL_FILE"
+   fi
+   if [ -e "$SUCCESS_FILE" ]; then
+      rm -f "$SUCCESS_FILE"
+   fi
+}
+
+do_stop