{{Header}} {{#seo: |description=extracting time from Tor consensus }} = anondate-get = Diagnostic utility. <code>anondate-<u>get</u></code>. A "higher level" easier to use tool than the "lower level" <code>anondate</code>. Usage of <code>anondate-get</code> should be safe. It does not use networking. It does not change time. Only looks at locally available information. {{CodeSelect|code= sudo anondate-get }} Sample output. <pre> /usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok. /usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok. /usr/sbin/anondate-get: INFO: Tor circuit already established, ok. /usr/sbin/anondate-get: INFO: current time in valid in range, ok. /usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok. /usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'. </pre> = anondate-set = Security impact has yet to be documented. <code>anondate-<u>set</u></code>. {{CodeSelect|code= sudo anondate-set }} <pre> /usr/sbin/anondate-set: INFO: Status file '/run/anondate/tor_certificate_lifetime_set' does not yet exist. /usr/sbin/anondate-set: INFO: running anondate-get... /usr/sbin/anondate-get: INFO: 100% Tor bootstrap, ok. /usr/sbin/anondate-get: INFO: tor_circuit_established_check.py, ok. /usr/sbin/anondate-get: INFO: Tor circuit already established, ok. /usr/sbin/anondate-get: INFO: current time in valid in range, ok. /usr/sbin/anondate-get: INFO: Tor certificate lifetime valid, ok. /usr/sbin/anondate-get: END: Exiting with exit_code '3' indicating 'Could not determine any time using Tor from consensus or certificate life time.'. /usr/sbin/anondate-set: END: Exiting with exit_code '3' indicating 'Setting time using anondate either not possible or not required.'. </pre> = anondate = ===== Introduction ===== * TODO: documentation on anondate is outdated * anondate interface description as per latest git master: * https://github.com/{{project_name_short}}/helper-scripts/blob/master/usr/sbin/anondate * See also: [[#Tor Consensus Method]] * Needs access to either: ** <code>/var/run/tor/log</code> [only default in {{project_name_long}} specific] [Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16821 additional /var/run/tor/log default log]] This is better, because it only contains Tor's log since last boot. More relevant information. Easier for anondate to parse. ** Or access to <code>/var/log/tor/log</code>. Configurable through the environment variable <code>TOR_LOG</code>. (<code>export TOR_LOG=/var/log/tor/log</code>) (Or we can change the default in the code.) ===== Consensus Related Options ===== * <code>--verified-only</code> * <code>--prefer-verified</code> * <code>--unverified-only</code> ===== Special Exit Codes ===== * exit <code>3</code>: <code>$TOR_LOG</code> not readable. * exit <code>4</code>: <code>$consensus</code> not readable. ===== Simple Status Checking ===== ====== anondate --has-consensus ====== Useful for checking if asking for any [[#Date Ranges Output]] is worthwhile. * yes: ** exit <code>0</code> * no: ** exit <code>1</code> <br /> Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. (<code>consensus/valid-after</code>) * unverified: No. ====== anondate --current-time-in-valid-range ====== Useful for a sanity test before setting the time for the first time and before setting the time to a newly fetched timestamp. * yes: ** exit <code>0</code> * no: ** exit <code>1</code> <br /> Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. (See below.) * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ===== Date Ranges Output ===== ====== anondate --show-valid-after ====== * yes: ** output: <code>2015-08-15 22:00:00</code> ** exit <code>0</code> * no: ** exit <code>1</code> <br /> Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. <code>consensus/valid-after</code> * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ====== anondate --show-valid-until ====== * yes: ** output: <code>2015-08-16 01:00:00</code> ** exit <code>0</code> * no: ** exit <code>1</code> <br /> Can be replaced by Tor ControlPort / python-stem? * verified-only: Yes. <code>consensus/valid-until</code> * unverified: No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16845 make unverified consensus ISOTime accessible through Tor's ControlPort] ====== anondate --show-middle-range ====== * yes: ** output: <code>2015-08-15 23:30:00</code> ** exit <code>0</code> * no: ** exit <code>1</code> <br /> (A scripted calculation of the above.) ===== Certificate Validity ===== When clock is several months or years fast or slow, Tor cannot even download Tor consensus. Tor however always should be providing a certificate lifetime. For security discussion, see also [[Dev/TimeSync#Tor_Certificate_Lifetime|Tor Certificate Lifetime]]. ====== anondate --tor-cert-lifetime-valid ====== <pre> Sep 03 10:32:59.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong. Sep 03 10:32:59.000 [warn] (certificate lifetime runs from Aug 16 00:00:00 2014 GMT through Jul 29 23:59:59 2015 GMT. Your time is Sep 03 10:32:59 2015 UTC.) </pre> * yes: ** output: <code>Sep 03 10:34:00.000 [warn] Certificate already expired. Either their clock is set wrong, or your clock is wrong.</code> ** exit <code>0</code> * no: ** exit <code>1</code> Can be replaced by Tor ControlPort / python-stem? No. Tor Project Upstream Feature Request: [https://gitlab.torproject.org/legacy/trac/-/issues/16822 make certificate lifetime accessible through Tor's ControlPort] ====== anondate --tor-cert-valid-after ====== Similar to above, but less output. * output: <code>Jun 16 00:00:00 2014 GMT</code> * Exit codes unreliable. * Don't use without using the above first. * (Could be fixed in the code if worthwhile.) {{Footer}} [[Category:Development]]