| # Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Run the tlsdate daemon to set the system time" |
| author "chromium-os-dev@chromium.org" |
| |
| start on started system-services |
| stop on stopping system-services |
| respawn |
| |
| script |
| PROXY_FILE=/var/run/proxy |
| GOOGLE_CERTS=/usr/share/chromeos-ca-certificates |
| valid_proxy() { |
| scheme=$(echo "$1" | sed 's!://.*!!') |
| address=$(echo "$1" | sed 's!.*://!!') |
| host=$(echo "$address" | cut -f1 -d:) |
| port=$(echo "$address" | cut -f2 -d:) |
| |
| if ! echo "$scheme" | grep -qE '^(http|socks4|socks5)$'; then |
| return 1 |
| fi |
| |
| if ! echo "$host" | grep -qE '^[A-Za-z0-9.-]+$'; then |
| return 1 |
| fi |
| |
| if ! echo "$port" | grep -qE '^[0-9]+$'; then |
| return 1 |
| fi |
| |
| echo "$scheme://$host:$port" |
| return 0 |
| } |
| proxy_arg="none" |
| if [ -r "$PROXY_FILE" ]; then |
| proxy=$(cat "$PROXY_FILE") |
| if proxy=$(valid_proxy "$proxy"); then |
| proxy_arg="$proxy" |
| fi |
| fi |
| mkdir -m 755 -p /var/cache/tlsdated |
| # When it runs tlsdate, tlsdated stitches together an argument vector for it |
| # as follows: it begins with everything supplied to it after the --, then |
| # appends -H $host -p $port, and maybe -x $proxy if it has a proxy to use. |
| # Putting the -x $proxy on the command-line here ensures that the proxy is not |
| # overridden by a value in the config file. |
| exec tlsdated -x "$proxy_arg" -v -- /usr/bin/tlsdate -v -C "$GOOGLE_CERTS" -l \ |
| 2>&1 | logger -t tlsdate |
| end script |