12 vuotta sitten · 891946c041
--- a/doc/info.txt
+++ b/doc/info.txt
@@ -22,9 +22,6 @@ HKP(S)
 
				   + [alt: x-hkp://pool.sks-keyservers.net]
			
 
				   + [alt: x-hkp://keys.gnupg.net]
			
 
				 
			
 
				-tlsdate
			
 
				-  + www.google.com
			
 
				-
			
 
				 NTP [disabled]
			
 
				   + [0-3].pool.ntp.org
			
 
				 
			
--- a/src/etc/NetworkManager/dispatcher.d/01-tlsdated
+++ b/src/etc/NetworkManager/dispatcher.d/01-tlsdated
@@ -1,16 +0,0 @@
 
				-#!/bin/sh
			
 
				-
			
 
				-exec 1>/dev/null 2>&1
			
 
				-
			
 
				-iface=$1
			
 
				-action=$2
			
 
				-
			
 
				-case ${action} in
			
 
				-*up)
			
 
				-        # tlsdated doesn't bind itself to interfaces
			
 
				-        if ! /etc/init.d/tlsdated -q status; then
			
 
				-            logger -p 6 -t nm.dispatch "Starting tlsdated service (${iface})"
			
 
				-            /etc/init.d/tlsdated -qS start
			
 
				-        fi
			
 
				-        ;;
			
 
				-esac
			
--- a/src/etc/conf.d/tlsdated
+++ b/src/etc/conf.d/tlsdated
@@ -1,8 +0,0 @@
 
				-# Host is synced with /etc/hosts and /usr/local/sbin/fw-reload
			
 
				-TLSDATED_CMD="/usr/bin/tlsdate -tl -H www.google.com"
			
 
				-
			
 
				-# Additional tlsdated options (don't write to HW RTC)
			
 
				-TLSDATED_OPTS="-w"
			
 
				-
			
 
				-# Timestamp directory (pass "-c" above if changed)
			
 
				-TLSDATED_CACHE_DIR="/var/cache/tlsdated"
			
--- a/src/etc/hosts
+++ b/src/etc/hosts
@@ -4,7 +4,3 @@
 
				 
			
 
				 # hostname, dnsdomainname, hostname -f
			
 
				 127.0.0.1	liberte.local liberte
			
 
				-
			
 
				-# tlsdate IPs
			
 
				-# TODO: IP rotation (in /etc/init.d/lockdown)
			
 
				-74.125.136.104	www.google.com
			
--- a/src/usr/local/sbin/fw-reload
+++ b/src/usr/local/sbin/fw-reload
@@ -4,10 +4,6 @@ luser=anon
 
				 nofw=nofw
			
 
				 cable=cable
			
 
				 
			
 
				-# Assumes the actual IP is in /etc/hosts (cf. /etc/conf.d/tlsdated)
			
 
				-tlsdate=tlsdate
			
 
				-tlsdateip=www.google.com
			
 
				-
			
 
				 # ReachableAddresses ports in /etc/tor/torrc [uid=tor]
			
 
				 # (allow high ports in order to support most bridges)
			
 
				 torports=80,443,1024:65535
			
@@ -133,9 +129,6 @@ if [ ${luser} = ${nofw} ]; then
 
				     iptables -A OUTPUT -p tcp -m owner --uid-owner privoxy --syn --dport domain -j ACCEPT
			
 
				 fi
			
 
				 
			
 
				-# Time synchronization via tlsdate
			
 
				-iptables -A OUTPUT -p tcp -m owner --uid-owner ${tlsdate} --syn -d ${tlsdateip} --dport https   -j ACCEPT
			
 
				-
			
 
				 # VPN connections (root-initiated)
			
 
				 iptables -A OUTPUT -p tcp -m owner --uid-owner root    --syn -m multiport --dports ${vpntports} -j ACCEPT
			
 
				 iptables -A OUTPUT -p udp -m owner --uid-owner root          -m multiport --dports ${vpnuports} -j ACCEPT
			
--- a/src/usr/local/sbin/test-liberte
+++ b/src/usr/local/sbin/test-liberte
@@ -42,8 +42,6 @@ fi
 
				 
			
 
				 webhost=torproject.org
			
 
				 webip=38.229.72.16
			
 
				-
			
 
				-tlsdatehost=https://www.google.com
			
 
				 onionhost=3g2upl4pq6kufc4m.onion
			
 
				 
			
 
				 ccuser=`cat /home/anon/persist/security/cable/certs/username`
			
@@ -81,9 +79,6 @@ stest pass "Fetch .org w/o proxy as nofw"          sudo -n -u nofw curl -fsSI -x
 
				 stest fail "Fetch .org w/o proxy as anon"          sudo -n -u anon curl -fsSI -x "" ${webhost}
			
 
				 stest fail "Fetch .org w/o proxy as tor"           sudo -n -u tor  curl -fsSI -x "" ${webhost}
			
 
				 
			
 
				-stest fail "Fetch tlsdate w/o proxy as anon"       sudo -n -u anon    curl -fsSI -x "" ${tlsdatehost}
			
 
				-stest pass "Fetch tlsdate w/o proxy as tlsdate"    sudo -n -u tlsdate curl -fsSI -x "" ${tlsdatehost}
			
 
				-
			
 
				 # Darknet access via HTTP/SOCKS
			
 
				 stest pass "Fetch .onion via HTTP  proxy as anon"  sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${onionhost}
			
 
				 stest pass "Fetch .onion via SOCKS proxy as anon"  sudo -n -u anon curl -fsSI --socks5-hostname 127.0.0.1:9050 ${onionhost}