{{Header}}
{{#seo:
|description=extracting time from Tor consensus
}}

= anondate-get =
Diagnostic utility. <code>anondate-<u>get</u></code>. A "higher level" easier to use tool than the "lower level" <code>anondate</code>.

Usage of <code>anondate-get</code> should be safe. It does not use networking. It does not change time. Only looks at locally available information.

{{CodeSelect|code=
sudo anondate-get
}}

Sample output.

<pre>
/usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok.
/usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok.
/usr/sbin/anondate-get: INFO: Tor circuit already established, ok.
/usr/sbin/anondate-get: INFO: current time in valid in range, ok.
/usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok.
/usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'.
</pre>

= anondate-set =
Security impact has yet to be documented.

<code>anondate-<u>set</u></code>.

{{CodeSelect|code=
sudo anondate-set
}}

<pre>
/usr/sbin/anondate-set: INFO: Status file '/run/anondate/tor_certificate_lifetime_set' does not yet exist.
/usr/sbin/anondate-set: INFO: running anondate-get...
/usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok.
/usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok.
/usr/sbin/anondate-get: INFO: Tor circuit already established, ok.
/usr/sbin/anondate-get: INFO: current time in valid in range, ok.
/usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok.
/usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'.
/usr/sbin/anondate-set: END: Exiting with exit_code '3' indicating 'Setting time using anondate either not possible or not required.'.
</pre>

= anondate =
===== Introduction =====

* TODO: documentation on anondate is outdated
* anondate interface description as per latest git master:
* https://github.com/{{project_name_short}}/helper-scripts/blob/master/usr/sbin/anondate
* See also: [[#Tor Consensus Method]]
* Needs access to either:
** <code>/var/run/tor/log</code> [only default in {{project_name_long}} specific] [Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16821 additional /var/run/tor/log default log]] This is better, because it only contains Tor's log since last boot. More relevant information. Easier for anondate to parse.
** Or access to <code>/var/log/tor/log</code>. Configurable through the environment variable <code>TOR_LOG</code>.  (<code>export TOR_LOG=/var/log/tor/log</code>) (Or we can change the default in the code.)

===== Consensus Related Options =====

* <code>--verified-only</code>
* <code>--prefer-verified</code>
* <code>--unverified-only</code>

===== Special Exit Codes =====
* exit <code>3</code>: <code>$TOR_LOG</code> not readable.
* exit <code>4</code>: <code>$consensus</code> not readable.

===== Simple Status Checking =====
====== anondate --has-consensus ======

Useful for checking if asking for any [[#Date Ranges Output]] is worthwhile.

* yes:
** exit <code>0</code>
* no:
** exit <code>1</code>
<br />
Can be replaced by Tor ControlPort / python-stem?

* verified-only: Yes. (<code>consensus/valid-after</code>)
* unverified: No.

====== anondate --current-time-in-valid-range ======

Useful for a sanity test before setting the time for the first time and before setting the time to a newly fetched timestamp.

* yes:
** exit <code>0</code>
* no:
** exit <code>1</code>
<br />
Can be replaced by Tor ControlPort / python-stem?

* verified-only: Yes. (See below.)
* unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort]

===== Date Ranges Output =====
====== anondate --show-valid-after ======

* yes:
** output: <code>2015-08-15 22:00:00</code>
** exit <code>0</code>
* no:
** exit <code>1</code>
<br />
Can be replaced by Tor ControlPort / python-stem?

* verified-only: Yes. <code>consensus/valid-after</code>
* unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort]

====== anondate --show-valid-until  ======

* yes:
** output: <code>2015-08-16 01:00:00</code>
** exit <code>0</code>
* no:
** exit <code>1</code>
<br />
Can be replaced by Tor ControlPort / python-stem?

* verified-only: Yes. <code>consensus/valid-until</code>
* unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort]

====== anondate --show-middle-range ======

* yes:
** output: <code>2015-08-15 23:30:00</code>
** exit <code>0</code>
* no:
** exit <code>1</code>
<br />
(A scripted calculation of the above.)

===== Certificate Validity =====
When clock is several months or years fast or slow, Tor cannot even download Tor consensus. Tor however always should be providing a certificate lifetime. For security discussion, see also [[Dev/TimeSync#Tor_Certificate_Lifetime|Tor Certificate Lifetime]].

====== anondate --tor-cert-lifetime-valid ======
<pre>
Sep 03 10:32:59.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong.
Sep 03 10:32:59.000 [warn] (certificate lifetime runs from Aug 16 00:00:00 2014 GMT through Jul 29 23:59:59 2015 GMT. Your time is Sep 03 10:32:59 2015 UTC.)
</pre>

* yes:
** output: <code>Sep 03 10:34:00.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong.</code>
** exit <code>0</code>
* no:
** exit <code>1</code>

Can be replaced by Tor ControlPort / python-stem? No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16822 make certificate lifetime accessible through Tor's ControlPort]

====== anondate --tor-cert-valid-after ======

Similar to above, but less output.

* output: <code>Jun 16 00:00:00 2014 GMT</code>
* Exit codes unreliable.
* Don't use without using the above first.
* (Could be fixed in the code if worthwhile.)

{{Footer}}

[[Category:Development]]