Removed tlsdate

Unreliable (segfaults) and not suitable as a constantly running
time synchronization daemon.

doc/info.txt

@@ -22,9 +22,6 @@ HKP(S)
   + [alt: x-hkp://pool.sks-keyservers.net]
   + [alt: x-hkp://keys.gnupg.net]
 
-tlsdate
-  + www.google.com
-
 NTP [disabled]
   + [0-3].pool.ntp.org
 

src/etc/NetworkManager/dispatcher.d/01-tlsdated

@@ -1,16 +0,0 @@
-#!/bin/sh
-
-exec 1>/dev/null 2>&1
-
-iface=$1
-action=$2
-
-case ${action} in
-*up)
-        # tlsdated doesn't bind itself to interfaces
-        if ! /etc/init.d/tlsdated -q status; then
-            logger -p 6 -t nm.dispatch "Starting tlsdated service (${iface})"
-            /etc/init.d/tlsdated -qS start
-        fi
-        ;;
-esac

src/etc/conf.d/tlsdated

@@ -1,8 +0,0 @@
-# Host is synced with /etc/hosts and /usr/local/sbin/fw-reload
-TLSDATED_CMD="/usr/bin/tlsdate -tl -H www.google.com"
-
-# Additional tlsdated options (don't write to HW RTC)
-TLSDATED_OPTS="-w"
-
-# Timestamp directory (pass "-c" above if changed)
-TLSDATED_CACHE_DIR="/var/cache/tlsdated"

src/etc/hosts

@@ -4,7 +4,3 @@
 
 # hostname, dnsdomainname, hostname -f
 127.0.0.1	liberte.local liberte
-
-# tlsdate IPs
-# TODO: IP rotation (in /etc/init.d/lockdown)
-74.125.136.104	www.google.com

src/usr/local/sbin/fw-reload

@@ -4,10 +4,6 @@ luser=anon
 nofw=nofw
 cable=cable
 
-# Assumes the actual IP is in /etc/hosts (cf. /etc/conf.d/tlsdated)
-tlsdate=tlsdate
-tlsdateip=www.google.com
-
 # ReachableAddresses ports in /etc/tor/torrc [uid=tor]
 # (allow high ports in order to support most bridges)
 torports=80,443,1024:65535
@@ -133,9 +129,6 @@ if [ ${luser} = ${nofw} ]; then
     iptables -A OUTPUT -p tcp -m owner --uid-owner privoxy --syn --dport domain -j ACCEPT
 fi
 
-# Time synchronization via tlsdate
-iptables -A OUTPUT -p tcp -m owner --uid-owner ${tlsdate} --syn -d ${tlsdateip} --dport https   -j ACCEPT
-
 # VPN connections (root-initiated)
 iptables -A OUTPUT -p tcp -m owner --uid-owner root    --syn -m multiport --dports ${vpntports} -j ACCEPT
 iptables -A OUTPUT -p udp -m owner --uid-owner root          -m multiport --dports ${vpnuports} -j ACCEPT

src/usr/local/sbin/test-liberte

@@ -42,8 +42,6 @@ fi
 
 webhost=torproject.org
 webip=38.229.72.16
-
-tlsdatehost=https://www.google.com
 onionhost=3g2upl4pq6kufc4m.onion
 
 ccuser=`cat /home/anon/persist/security/cable/certs/username`
@@ -81,9 +79,6 @@ stest pass "Fetch .org w/o proxy as nofw"          sudo -n -u nofw curl -fsSI -x
 stest fail "Fetch .org w/o proxy as anon"          sudo -n -u anon curl -fsSI -x "" ${webhost}
 stest fail "Fetch .org w/o proxy as tor"           sudo -n -u tor  curl -fsSI -x "" ${webhost}
 
-stest fail "Fetch tlsdate w/o proxy as anon"       sudo -n -u anon    curl -fsSI -x "" ${tlsdatehost}
-stest pass "Fetch tlsdate w/o proxy as tlsdate"    sudo -n -u tlsdate curl -fsSI -x "" ${tlsdatehost}
-
 # Darknet access via HTTP/SOCKS
 stest pass "Fetch .onion via HTTP  proxy as anon"  sudo -n -u anon curl -fsSI -x 127.0.0.1:8118                ${onionhost}
 stest pass "Fetch .onion via SOCKS proxy as anon"  sudo -n -u anon curl -fsSI --socks5-hostname 127.0.0.1:9050 ${onionhost}