From ff9dd5f667181fccee16d2444515524e6fcf50e1 Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Wed, 24 Jul 2024 14:09:40 +0200 Subject: [PATCH 01/17] change system time feature Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 60 ++++++++++++++++++++++++++++++++++++++++++ initrd/bin/gui-init | 4 +++ 2 files changed, 64 insertions(+) create mode 100644 initrd/bin/change-time diff --git a/initrd/bin/change-time b/initrd/bin/change-time new file mode 100644 index 00000000..af8f6de7 --- /dev/null +++ b/initrd/bin/change-time @@ -0,0 +1,60 @@ +#!/bin/bash +#change time using hwclock and date -s + +clear + +echo -e -n "Please enter the date and time you wish to set\n" + +get_date () { + echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" + read -n $4 value + echo -e "\n" + #if enter + if [[ $value = "" ]]; then + value=$2 + fi + + #must be a $4 digits number between $2 and $3 + while [[ ! $value =~ ^[0-9]{$4} ]] || [[ ${value#0} -lt $2 ]] || [[ ${value#0} -gt $3 ]]; + do + echo -e -n "wrong $1, you enter "$value" please enter it again, must be a $4 digits number between $2 and $3 (press enter for $2) \n" + read -n $4 value + echo -e "\n" + if [[ $value = "" ]]; then + value=$2 + fi + done +} + +get_date "year" "2024" "2200" "4" +year=$value +get_date "month" "01" "12" "2" +month=$value +get_date "day" "01" "31" "2" +day=$value +get_date "hour" "00" "23" "2" +hour=$value +get_date "min" "00" "59" "2" +min=$value +get_date "sec" "00" "59" "2" +sec=$value + +##getting the output of date -s +OUTPUT=$(date -s "$year-$month-$day $hour:$min:$sec" 2>&1) + +##if output is starting with the letter d which is the beginning of the error message then we do the script again +if [[ ${OUTPUT} == d* ]]; then + echo "The date is not correct, press any key to set it again" + echo -e "\n" + read -n 1 noting + clear + change-time +else + hwclock -w + echo -e "the date has been sucessfully set to $year-$month-$day $hour:$min:$sec" + echo -e "\n" + + echo -e "press any key to return to the menu" + echo -e "\n" + read -n 1 nothing +fi \ No newline at end of file diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index dc9ec20d..8173fae6 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -438,6 +438,7 @@ show_options_menu() 'C' ' Reencrypt LUKS container -->' \ 'P' ' Change LUKS Disk Recovery Key passphrase ->' \ 'R' ' Check/Update file hashes on root disk -->' \ + 'h' ' Change system time' \ 'x' ' Exit to recovery shell' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -476,6 +477,9 @@ show_options_menu() R ) root-hashes-gui.sh ;; + h ) + change-time + ;; x ) recovery "User requested recovery shell" ;; From a3b9a1d9e9a6a61d9490abcb1b8163af0ddbb5af Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Thu, 25 Jul 2024 10:06:40 +0200 Subject: [PATCH 02/17] chmod Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 initrd/bin/change-time diff --git a/initrd/bin/change-time b/initrd/bin/change-time old mode 100644 new mode 100755 From 07a6b7819a62429f71a54db693a9a206db59573c Mon Sep 17 00:00:00 2001 From: alexgithublab Date: Thu, 25 Jul 2024 12:21:54 +0200 Subject: [PATCH 03/17] UTC statment + menu order Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 2 ++ initrd/bin/gui-init | 12 ++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index af8f6de7..d7719b7e 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -4,6 +4,8 @@ clear echo -e -n "Please enter the date and time you wish to set\n" +echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n" + get_date () { echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 8173fae6..75de0711 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -221,6 +221,7 @@ update_totp() If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n How would you like to proceed?" 0 80 4 \ 'g' ' Generate new HOTP/TOTP secret' \ + 'h' ' Change system time' \ 'i' ' Ignore error and continue to main menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ @@ -234,6 +235,9 @@ update_totp() generate_totp_hotp && update_totp && BG_COLOR_MAIN_MENU="normal" && reseal_tpm_disk_decryption_key fi ;; + h ) + change-time + ;; i ) skip_to_menu="true" return 1 @@ -430,6 +434,7 @@ show_options_menu() --menu "" 0 80 10 \ 'b' ' Boot Options -->' \ 't' ' TPM/TOTP/HOTP Options -->' \ + 'h' ' Change system time' \ 'u' ' Update checksums and sign all files in /boot' \ 'c' ' Change configuration settings -->' \ 'f' ' Flash/Update the BIOS -->' \ @@ -438,7 +443,6 @@ show_options_menu() 'C' ' Reencrypt LUKS container -->' \ 'P' ' Change LUKS Disk Recovery Key passphrase ->' \ 'R' ' Check/Update file hashes on root disk -->' \ - 'h' ' Change system time' \ 'x' ' Exit to recovery shell' \ 'r' ' <-- Return to main menu' \ 2>/tmp/whiptail || recovery "GUI menu failed" @@ -451,6 +455,9 @@ show_options_menu() t ) show_tpm_totp_hotp_options_menu ;; + h ) + change-time + ;; u ) prompt_update_checksums ;; @@ -477,9 +484,6 @@ show_options_menu() R ) root-hashes-gui.sh ;; - h ) - change-time - ;; x ) recovery "User requested recovery shell" ;; From a99298acb25ee471d2420a88ca1117fa6503040e Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 29 Jul 2024 09:41:27 -0400 Subject: [PATCH 04/17] change-time script: syntax, spcaing, wording and typo fixes Signed-off-by: Thierry Laurion Signed-off-by: Thierry Laurion --- initrd/bin/change-time | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index d7719b7e..d99c21e4 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -4,11 +4,11 @@ clear echo -e -n "Please enter the date and time you wish to set\n" -echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n" +echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n\n" get_date () { - echo -e -n "enter the $1 please ($2-$3) (enter for $2)\n" + echo -e -n "Please insert $1 (between $2-$3) (Enter key to accept $2)\n" read -n $4 value echo -e "\n" #if enter @@ -19,7 +19,7 @@ get_date () { #must be a $4 digits number between $2 and $3 while [[ ! $value =~ ^[0-9]{$4} ]] || [[ ${value#0} -lt $2 ]] || [[ ${value#0} -gt $3 ]]; do - echo -e -n "wrong $1, you enter "$value" please enter it again, must be a $4 digits number between $2 and $3 (press enter for $2) \n" + echo -e -n "$1 is wrong: you entered "$value". Please try again, it must be $4 digits number between $2 and $3 (press Enter to accept $2) \n" read -n $4 value echo -e "\n" if [[ $value = "" ]]; then @@ -36,9 +36,9 @@ get_date "day" "01" "31" "2" day=$value get_date "hour" "00" "23" "2" hour=$value -get_date "min" "00" "59" "2" +get_date "minute" "00" "59" "2" min=$value -get_date "sec" "00" "59" "2" +get_date "second" "00" "59" "2" sec=$value ##getting the output of date -s @@ -46,17 +46,17 @@ OUTPUT=$(date -s "$year-$month-$day $hour:$min:$sec" 2>&1) ##if output is starting with the letter d which is the beginning of the error message then we do the script again if [[ ${OUTPUT} == d* ]]; then - echo "The date is not correct, press any key to set it again" + echo "The date is not correct, press any key to try again" echo -e "\n" - read -n 1 noting + read -n 1 nothing clear change-time else hwclock -w - echo -e "the date has been sucessfully set to $year-$month-$day $hour:$min:$sec" + echo -e "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec" echo -e "\n" - echo -e "press any key to return to the menu" + echo -e "Press any key to return to the menu" echo -e "\n" read -n 1 nothing -fi \ No newline at end of file +fi From f4ce04716778dbb2cfdda2d9dab67f8c4a81b7d6 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Mon, 29 Jul 2024 09:59:38 -0400 Subject: [PATCH 05/17] gui-init: put change-time under TOTP mismatch where it should be, remove unneeded duplicate menu options to change system time Signed-off-by: Thierry Laurion --- initrd/bin/gui-init | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 75de0711..2f76c076 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -221,7 +221,6 @@ update_totp() If you have not just reflashed your BIOS, THIS COULD INDICATE TAMPERING!\n How would you like to proceed?" 0 80 4 \ 'g' ' Generate new HOTP/TOTP secret' \ - 'h' ' Change system time' \ 'i' ' Ignore error and continue to main menu' \ 'p' ' Reset the TPM' \ 'x' ' Exit to recovery shell' \ @@ -235,9 +234,6 @@ update_totp() generate_totp_hotp && update_totp && BG_COLOR_MAIN_MENU="normal" && reseal_tpm_disk_decryption_key fi ;; - h ) - change-time - ;; i ) skip_to_menu="true" return 1 @@ -551,16 +547,8 @@ prompt_totp_mismatch() { TRACE_FUNC if (whiptail_warning --title "TOTP/HOTP code mismatched" \ - --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift:\n\nTo correct clock drift: 'date -s yyyy-MM-DD hh:mm:ss' in UTC timezone\nand save it to the RTC: 'hwclock -w'\nthen reboot and try again.\n\nWould you like to exit to a recovery console?" 0 80) then - echo "" - echo "To correct clock drift: 'date -s yyyy-MM-DD hh:mm:ss' in UTC timezone" - echo "and save it to the RTC: 'hwclock -w'" - echo "" - echo "Alternatively you could do this automatically with an Ethernet cable connected to a functional network: 'network-init-recovery'" - echo "" - echo "Then reboot and try again" - echo "" - recovery "TOTP/HOTP mismatch" + --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift.\n\nHere, we will manually set system time to see if TOTP code mismatch was because of time drift.\n\nAlternatively you could sync time from network automatically with 'network-init-recovery' helper from Recovery shell\n " 0 80) then + change-time fi } From 16f07936481278e0eeaa2739cde808861efbdb87 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 08:49:30 -0400 Subject: [PATCH 06/17] initrd/bin/change-time: Label parameters of get_date Use local named variables instead of $1-$4 throughout the function. This makes the implementation clearer and documents the usage. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index d99c21e4..4c6e2a27 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -8,22 +8,27 @@ echo -e -n "You need to set the time according to the UTC/GMT timezone please ch get_date () { - echo -e -n "Please insert $1 (between $2-$3) (Enter key to accept $2)\n" - read -n $4 value + local field_name min max digits + field_name="$1" + min="$2" + max="$3" + digits="$4" + echo -e -n "Please insert $field_name (between $min-$max) (Enter key to accept $min)\n" + read -n $digits value echo -e "\n" #if enter if [[ $value = "" ]]; then - value=$2 + value=$min fi #must be a $4 digits number between $2 and $3 - while [[ ! $value =~ ^[0-9]{$4} ]] || [[ ${value#0} -lt $2 ]] || [[ ${value#0} -gt $3 ]]; + while [[ ! $value =~ ^[0-9]{$digits} ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; do - echo -e -n "$1 is wrong: you entered "$value". Please try again, it must be $4 digits number between $2 and $3 (press Enter to accept $2) \n" - read -n $4 value + echo -e -n "$field_name is wrong: you entered \"$value\". Please try again, it must be $digits digits number between $min and $max (press Enter to accept $min) \n" + read -n $digits value echo -e "\n" if [[ $value = "" ]]; then - value=$2 + value=$min fi done } From 770815cba89deb66331984c2d669c5a294fa81bd Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:12:03 -0400 Subject: [PATCH 07/17] change-time: Complete input with Enter, allow Backspace, don't require leading zeroes Allow Backspace in input. It's really frustrating otherwise if a typo cannot be corrected, and worse, the backspace key actually produces a character that becomes part of the input. Complete input with Enter. It is surprising when the script just moves on right away once a fourth/second digit is entered, and worse, users expecting to press Enter could reasonably press it before realizing the script did not require it, which then skips the _next_ prompt inadvertently. Users with imperfect typing might double a digit unintentionally, do not force them to proceed with an incorrect value. Removing '-n $digits' from read does both of those. Add '-r' so backslashes do not have unexpected behavior. Don't require leading zeroes, zero-pad automatically. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index 4c6e2a27..0035841c 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -14,23 +14,26 @@ get_date () { max="$3" digits="$4" echo -e -n "Please insert $field_name (between $min-$max) (Enter key to accept $min)\n" - read -n $digits value + read -r value echo -e "\n" #if enter if [[ $value = "" ]]; then value=$min fi - #must be a $4 digits number between $2 and $3 - while [[ ! $value =~ ^[0-9]{$digits} ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; + #must be a number between $2 and $3 + while [[ ! $value =~ ^[0-9]*$ ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; do - echo -e -n "$field_name is wrong: you entered \"$value\". Please try again, it must be $digits digits number between $min and $max (press Enter to accept $min) \n" - read -n $digits value + echo -e -n "$field_name is wrong: you entered \"$value\". Please try again, it must be a number between $min and $max (press Enter to accept $min) \n" + read -r value echo -e "\n" if [[ $value = "" ]]; then value=$min fi done + + # Pad with zeroes to digits + value="$(printf "%0${digits}u" "$value")" } get_date "year" "2024" "2200" "4" From a1343666d55bd044204e756dddd89f26bf2afc41 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:22:59 -0400 Subject: [PATCH 08/17] change-time: Test date exit status directly There's no need to try to parse stdout/stderr to figure out if date succeeded, just check if it was successful directly. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index 0035841c..1a130e7f 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -49,11 +49,7 @@ min=$value get_date "second" "00" "59" "2" sec=$value -##getting the output of date -s -OUTPUT=$(date -s "$year-$month-$day $hour:$min:$sec" 2>&1) - -##if output is starting with the letter d which is the beginning of the error message then we do the script again -if [[ ${OUTPUT} == d* ]]; then +if ! date -s "$year-$month-$day $hour:$min:$sec" &>/dev/null; then echo "The date is not correct, press any key to try again" echo -e "\n" read -n 1 nothing From b908e0b8bd3059aceb1cc69ff95e2ade695a76d7 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:26:36 -0400 Subject: [PATCH 09/17] change-time: Don't offer minimum field value as default There's little value to offering the minimum field value as a default IMO: * it's rarely accurate (e.g. minute 00 is only accuate 1/60 of the time) * it's very obvious to just press '0' instead (and no longer needs to be '00') * it eliminates a lot of wordiness you otherwise have to read (or more likely, ignore) Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index 1a130e7f..890b3c5d 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -13,23 +13,16 @@ get_date () { min="$2" max="$3" digits="$4" - echo -e -n "Please insert $field_name (between $min-$max) (Enter key to accept $min)\n" + echo "Please insert $field_name (between $min-$max)" read -r value - echo -e "\n" - #if enter - if [[ $value = "" ]]; then - value=$min - fi + echo #must be a number between $2 and $3 - while [[ ! $value =~ ^[0-9]*$ ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; + while [[ ! $value =~ ^[0-9]+$ ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; do - echo -e -n "$field_name is wrong: you entered \"$value\". Please try again, it must be a number between $min and $max (press Enter to accept $min) \n" + echo "$field_name is wrong: you entered \"$value\". Please try again, it must be a number between $min and $max" read -r value - echo -e "\n" - if [[ $value = "" ]]; then - value=$min - fi + echo done # Pad with zeroes to digits From 234595df4a057fce60aaddc7194ee4f27ebeece6 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:30:38 -0400 Subject: [PATCH 10/17] change-time: Infer value digits automatically Infer digits from the length of the maximum value. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index 890b3c5d..f3568407 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -8,11 +8,10 @@ echo -e -n "You need to set the time according to the UTC/GMT timezone please ch get_date () { - local field_name min max digits + local field_name min max field_name="$1" min="$2" max="$3" - digits="$4" echo "Please insert $field_name (between $min-$max)" read -r value echo @@ -25,21 +24,21 @@ get_date () { echo done - # Pad with zeroes to digits - value="$(printf "%0${digits}u" "$value")" + # Pad with zeroes to length of maximum value + value="$(printf "%0${#max}u" "$value")" } -get_date "year" "2024" "2200" "4" +get_date "year" "2024" "2200" year=$value -get_date "month" "01" "12" "2" +get_date "month" "01" "12" month=$value -get_date "day" "01" "31" "2" +get_date "day" "01" "31" day=$value -get_date "hour" "00" "23" "2" +get_date "hour" "00" "23" hour=$value -get_date "minute" "00" "59" "2" +get_date "minute" "00" "59" min=$value -get_date "second" "00" "59" "2" +get_date "second" "00" "59" sec=$value if ! date -s "$year-$month-$day $hour:$min:$sec" &>/dev/null; then From 355b7bc3028b7b346e7e6114f0db9cbb39578778 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:38:01 -0400 Subject: [PATCH 11/17] change-time: Ask whether to retry, don't say "any key", loop instead of recurse Ask whether to retry instead of always retrying, so users can escape if there is a problem setting the date instead of being forced to enter values until it works. Ask to press Enter instead of "any key". "Any key" prompts are generally misleading, because there are usually keys that won't actually work (e.g. Ctrl, Caps Lock, Shift). Loop to retry if setting the date fails instead of recursing. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 61 ++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 26 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index f3568407..b461049f 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -28,31 +28,40 @@ get_date () { value="$(printf "%0${#max}u" "$value")" } -get_date "year" "2024" "2200" -year=$value -get_date "month" "01" "12" -month=$value -get_date "day" "01" "31" -day=$value -get_date "hour" "00" "23" -hour=$value -get_date "minute" "00" "59" -min=$value -get_date "second" "00" "59" -sec=$value +enter_time_and_change() +{ + get_date "year" "2024" "2200" + year=$value + get_date "month" "01" "12" + month=$value + get_date "day" "01" "31" + day=$value + get_date "hour" "00" "23" + hour=$value + get_date "minute" "00" "59" + min=$value + get_date "second" "00" "59" + sec=$value -if ! date -s "$year-$month-$day $hour:$min:$sec" &>/dev/null; then - echo "The date is not correct, press any key to try again" - echo -e "\n" - read -n 1 nothing - clear - change-time -else - hwclock -w - echo -e "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec" - echo -e "\n" + if ! date -s "$year-$month-$day $hour:$min:$sec" &>/dev/null; then + return 1 + fi + return 0 +} - echo -e "Press any key to return to the menu" - echo -e "\n" - read -n 1 nothing -fi +while ! enter_time_and_change; do + echo "Could not set the date to $year-$month-$day $hour:$min:$sec" + read -rp "Try again? [Y/n]: " try_again_confirm + if [ "${try_again_confirm^^}" = N ]; then + exit 1 + fi + echo +done + +hwclock -w +echo "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec" +echo + +echo "Press Enter to return to the menu" +echo +read -r nothing From 653542870dcbdf735f14824f546d00f371f48e15 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:46:47 -0400 Subject: [PATCH 12/17] change-time: Improve prompt wording Adjust prompt wording when entering fields. Technically the desired value isn't always between min/max, because min and max are also acceptable :) No need to repeat an incorrect value, it is right there on the screen and it dilutes the important point describing what value is needed. Signed-off-by: Jonathon Hall --- initrd/bin/change-time | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/initrd/bin/change-time b/initrd/bin/change-time index b461049f..7f1de885 100755 --- a/initrd/bin/change-time +++ b/initrd/bin/change-time @@ -3,8 +3,8 @@ clear -echo -e -n "Please enter the date and time you wish to set\n" -echo -e -n "You need to set the time according to the UTC/GMT timezone please check https://time.is/UTC\n\n" +echo -e -n "Please enter the current date and time in UTC\n" +echo -e -n "To find the current date and time in UTC, please check https://time.is/UTC\n\n" get_date () { @@ -12,14 +12,15 @@ get_date () { field_name="$1" min="$2" max="$3" - echo "Please insert $field_name (between $min-$max)" + echo -n "Enter the current $field_name [$min-$max]: " read -r value echo #must be a number between $2 and $3 while [[ ! $value =~ ^[0-9]+$ ]] || [[ ${value#0} -lt $min ]] || [[ ${value#0} -gt $max ]]; - do - echo "$field_name is wrong: you entered \"$value\". Please try again, it must be a number between $min and $max" + do + echo "Please try again, it must be a number from $min to $max." + echo -n "Enter the current $field_name [$min-$max]: " read -r value echo done From 6eab9ddd90c390f5df22ca0f1c93f4024e10eff2 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 09:49:49 -0400 Subject: [PATCH 13/17] change-time: Add .sh We're trying to move all shell scripts to including '.sh' to differentiate them from functions. While it's not 100% consistent yet, do it for new scripts. Signed-off-by: Jonathon Hall --- initrd/bin/{change-time => change-time.sh} | 0 initrd/bin/gui-init | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) rename initrd/bin/{change-time => change-time.sh} (100%) diff --git a/initrd/bin/change-time b/initrd/bin/change-time.sh similarity index 100% rename from initrd/bin/change-time rename to initrd/bin/change-time.sh diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 2f76c076..df56ed6a 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -452,7 +452,7 @@ show_options_menu() show_tpm_totp_hotp_options_menu ;; h ) - change-time + change-time.sh ;; u ) prompt_update_checksums @@ -548,7 +548,7 @@ prompt_totp_mismatch() TRACE_FUNC if (whiptail_warning --title "TOTP/HOTP code mismatched" \ --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift.\n\nHere, we will manually set system time to see if TOTP code mismatch was because of time drift.\n\nAlternatively you could sync time from network automatically with 'network-init-recovery' helper from Recovery shell\n " 0 80) then - change-time + change-time.sh fi } From 05ce2cd0a61900ea6fae277656f2c674a5e3c6ba Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 10:01:34 -0400 Subject: [PATCH 14/17] gui-init: Improve wording of TOTP/HOTP mismatch change-time question This was a yes/no prompt but didn't actually have a question in it, ask if the user wants to change the time. Include the current time so the user can tell if it's correct. Mention that if it's incorrect they should change the time and check again. The first line was too long for fbwhiptail by a few characters, trim it a little. Signed-off-by: Jonathon Hall --- initrd/bin/gui-init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index df56ed6a..ae1c27c4 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -547,7 +547,7 @@ prompt_totp_mismatch() { TRACE_FUNC if (whiptail_warning --title "TOTP/HOTP code mismatched" \ - --yesno "TOTP/HOTP code mismatches could indicate either TPM tampering or clock drift.\n\nHere, we will manually set system time to see if TOTP code mismatch was because of time drift.\n\nAlternatively you could sync time from network automatically with 'network-init-recovery' helper from Recovery shell\n " 0 80) then + --yesno "TOTP/HOTP code mismatches could indicate TPM tampering or clock drift.\n\nThe current UTC time is: $(date "+%Y-%m-%d %H:%M:%S %Z")\nIf this is incorrect, set the correct time and check TOTP/HOTP again.\n\nDo you want to change the time?" 0 80) then change-time.sh fi } From 3a0df1bd4b7b17b05a5b58a573787174c6038103 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 12:43:20 -0400 Subject: [PATCH 15/17] change-time.sh: Fix input of 08 and 09 printf was interpreting these as invalid octal numbers, they're decimal. Signed-off-by: Jonathon Hall --- initrd/bin/change-time.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/initrd/bin/change-time.sh b/initrd/bin/change-time.sh index 7f1de885..0fb505ce 100755 --- a/initrd/bin/change-time.sh +++ b/initrd/bin/change-time.sh @@ -25,8 +25,11 @@ get_date () { echo done - # Pad with zeroes to length of maximum value - value="$(printf "%0${#max}u" "$value")" + # Pad with zeroes to length of maximum value. + # The "$((10#$value))" is needed to handle 08 and 09 correctly, which printf + # would otherwise interpret as octal. This effectively strips the leading + # zero by evaluating an arithmetic expression with the base set to 10. + value="$(printf "%0${#max}u" "$((10#$value))")" } enter_time_and_change() From c51643b65abb6422f9ae7da808109319dae749f9 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 12:44:04 -0400 Subject: [PATCH 16/17] gui-init: Remove unneeded UTC time zone indication from current time The time zone in Heads is always UTC and we mentioned that in the text. Don't repeat it. Signed-off-by: Jonathon Hall --- initrd/bin/gui-init | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index ae1c27c4..27f927cf 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -547,7 +547,7 @@ prompt_totp_mismatch() { TRACE_FUNC if (whiptail_warning --title "TOTP/HOTP code mismatched" \ - --yesno "TOTP/HOTP code mismatches could indicate TPM tampering or clock drift.\n\nThe current UTC time is: $(date "+%Y-%m-%d %H:%M:%S %Z")\nIf this is incorrect, set the correct time and check TOTP/HOTP again.\n\nDo you want to change the time?" 0 80) then + --yesno "TOTP/HOTP code mismatches could indicate TPM tampering or clock drift.\n\nThe current UTC time is: $(date "+%Y-%m-%d %H:%M:%S")\nIf this is incorrect, set the correct time and check TOTP/HOTP again.\n\nDo you want to change the time?" 0 80) then change-time.sh fi } From 05b3d85c93e40da92cc2979ce2137c5b63fb4b30 Mon Sep 17 00:00:00 2001 From: Jonathon Hall Date: Tue, 6 Aug 2024 14:01:49 -0400 Subject: [PATCH 17/17] change-time.sh: Remind of the system time when beginning Show the system time when starting to change the time. Signed-off-by: Jonathon Hall --- initrd/bin/change-time.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/initrd/bin/change-time.sh b/initrd/bin/change-time.sh index 0fb505ce..b5d2a4ff 100755 --- a/initrd/bin/change-time.sh +++ b/initrd/bin/change-time.sh @@ -3,9 +3,11 @@ clear -echo -e -n "Please enter the current date and time in UTC\n" -echo -e -n "To find the current date and time in UTC, please check https://time.is/UTC\n\n" - +echo "The system time is: $(date "+%Y-%m-%d %H:%M:%S %Z")" +echo +echo "Please enter the current date and time in UTC" +echo "To find the current date and time in UTC, please check https://time.is/UTC" +echo get_date () { local field_name min max @@ -63,7 +65,7 @@ while ! enter_time_and_change; do done hwclock -w -echo "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec" +echo "The system date has been sucessfully set to $year-$month-$day $hour:$min:$sec UTC" echo echo "Press Enter to return to the menu"