├── CONTRIBUTING.md ├── COPYING ├── README.md ├── auto-generated-man-pages ├── clock-random-manual-cli.8 └── clock-random-manual-gui.8 ├── changelog.upstream ├── debian ├── bootclockrandomization.install ├── bootclockrandomization.postinst ├── changelog ├── control ├── copyright ├── rules ├── source │ ├── format │ └── lintian-overrides └── watch ├── etc └── apparmor.d │ └── bootclockrandomization ├── man ├── clock-random-manual-cli.8.ronn └── clock-random-manual-gui.8.ronn └── usr ├── bin ├── clock-random-manual-cli └── clock-random-manual-gui ├── lib ├── systemd │ └── system │ │ └── bootclockrandomization.service └── tmpfiles.d │ └── bootclockrandomization.conf └── share └── bootclockrandomization ├── shared ├── start ├── status └── stop /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | Conditions for Contributions to Whonix 2 | 3 | By contributing to Whonix, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. 4 | 5 | https://www.whonix.org/wiki/Privacy_Policy 6 | 7 | https://www.whonix.org/wiki/Cookie_Policy 8 | 9 | https://www.whonix.org/wiki/Terms_of_Service 10 | 11 | https://www.whonix.org/wiki/E-Sign_Consent 12 | 13 | Conditions for Contributions to Whonix are not part of Whonix's license. 14 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | 3 | Files: * 4 | Copyright: 2012 - 2025 ENCRYPTED SUPPORT LLC 5 | License: AGPL-3+ 6 | 7 | License: AGPL-3+ 8 | GNU AFFERO GENERAL PUBLIC LICENSE 9 | Version 3, 19 November 2007 10 | . 11 | Copyright (C) 2007 Free Software Foundation, Inc. 12 | Everyone is permitted to copy and distribute verbatim copies 13 | of this license document, but changing it is not allowed. 14 | . 15 | Preamble 16 | . 17 | The GNU Affero General Public License is a free, copyleft license for 18 | software and other kinds of works, specifically designed to ensure 19 | cooperation with the community in the case of network server software. 20 | . 21 | The licenses for most software and other practical works are designed 22 | to take away your freedom to share and change the works. By contrast, 23 | our General Public Licenses are intended to guarantee your freedom to 24 | share and change all versions of a program--to make sure it remains free 25 | software for all its users. 26 | . 27 | When we speak of free software, we are referring to freedom, not 28 | price. Our General Public Licenses are designed to make sure that you 29 | have the freedom to distribute copies of free software (and charge for 30 | them if you wish), that you receive source code or can get it if you 31 | want it, that you can change the software or use pieces of it in new 32 | free programs, and that you know you can do these things. 33 | . 34 | Developers that use our General Public Licenses protect your rights 35 | with two steps: (1) assert copyright on the software, and (2) offer 36 | you this License which gives you legal permission to copy, distribute 37 | and/or modify the software. 38 | . 39 | A secondary benefit of defending all users' freedom is that 40 | improvements made in alternate versions of the program, if they 41 | receive widespread use, become available for other developers to 42 | incorporate. Many developers of free software are heartened and 43 | encouraged by the resulting cooperation. However, in the case of 44 | software used on network servers, this result may fail to come about. 45 | The GNU General Public License permits making a modified version and 46 | letting the public access it on a server without ever releasing its 47 | source code to the public. 48 | . 49 | The GNU Affero General Public License is designed specifically to 50 | ensure that, in such cases, the modified source code becomes available 51 | to the community. It requires the operator of a network server to 52 | provide the source code of the modified version running there to the 53 | users of that server. Therefore, public use of a modified version, on 54 | a publicly accessible server, gives the public access to the source 55 | code of the modified version. 56 | . 57 | An older license, called the Affero General Public License and 58 | published by Affero, was designed to accomplish similar goals. This is 59 | a different license, not a version of the Affero GPL, but Affero has 60 | released a new version of the Affero GPL which permits relicensing under 61 | this license. 62 | . 63 | The precise terms and conditions for copying, distribution and 64 | modification follow. 65 | . 66 | TERMS AND CONDITIONS 67 | . 68 | 0. Definitions. 69 | . 70 | "This License" refers to version 3 of the GNU Affero General Public License. 71 | . 72 | "Copyright" also means copyright-like laws that apply to other kinds of 73 | works, such as semiconductor masks. 74 | . 75 | "The Program" refers to any copyrightable work licensed under this 76 | License. Each licensee is addressed as "you". "Licensees" and 77 | "recipients" may be individuals or organizations. 78 | . 79 | To "modify" a work means to copy from or adapt all or part of the work 80 | in a fashion requiring copyright permission, other than the making of an 81 | exact copy. The resulting work is called a "modified version" of the 82 | earlier work or a work "based on" the earlier work. 83 | . 84 | A "covered work" means either the unmodified Program or a work based 85 | on the Program. 86 | . 87 | To "propagate" a work means to do anything with it that, without 88 | permission, would make you directly or secondarily liable for 89 | infringement under applicable copyright law, except executing it on a 90 | computer or modifying a private copy. Propagation includes copying, 91 | distribution (with or without modification), making available to the 92 | public, and in some countries other activities as well. 93 | . 94 | To "convey" a work means any kind of propagation that enables other 95 | parties to make or receive copies. Mere interaction with a user through 96 | a computer network, with no transfer of a copy, is not conveying. 97 | . 98 | An interactive user interface displays "Appropriate Legal Notices" 99 | to the extent that it includes a convenient and prominently visible 100 | feature that (1) displays an appropriate copyright notice, and (2) 101 | tells the user that there is no warranty for the work (except to the 102 | extent that warranties are provided), that licensees may convey the 103 | work under this License, and how to view a copy of this License. If 104 | the interface presents a list of user commands or options, such as a 105 | menu, a prominent item in the list meets this criterion. 106 | . 107 | 1. Source Code. 108 | . 109 | The "source code" for a work means the preferred form of the work 110 | for making modifications to it. "Object code" means any non-source 111 | form of a work. 112 | . 113 | A "Standard Interface" means an interface that either is an official 114 | standard defined by a recognized standards body, or, in the case of 115 | interfaces specified for a particular programming language, one that 116 | is widely used among developers working in that language. 117 | . 118 | The "System Libraries" of an executable work include anything, other 119 | than the work as a whole, that (a) is included in the normal form of 120 | packaging a Major Component, but which is not part of that Major 121 | Component, and (b) serves only to enable use of the work with that 122 | Major Component, or to implement a Standard Interface for which an 123 | implementation is available to the public in source code form. A 124 | "Major Component", in this context, means a major essential component 125 | (kernel, window system, and so on) of the specific operating system 126 | (if any) on which the executable work runs, or a compiler used to 127 | produce the work, or an object code interpreter used to run it. 128 | . 129 | The "Corresponding Source" for a work in object code form means all 130 | the source code needed to generate, install, and (for an executable 131 | work) run the object code and to modify the work, including scripts to 132 | control those activities. However, it does not include the work's 133 | System Libraries, or general-purpose tools or generally available free 134 | programs which are used unmodified in performing those activities but 135 | which are not part of the work. For example, Corresponding Source 136 | includes interface definition files associated with source files for 137 | the work, and the source code for shared libraries and dynamically 138 | linked subprograms that the work is specifically designed to require, 139 | such as by intimate data communication or control flow between those 140 | subprograms and other parts of the work. 141 | . 142 | The Corresponding Source need not include anything that users 143 | can regenerate automatically from other parts of the Corresponding 144 | Source. 145 | . 146 | The Corresponding Source for a work in source code form is that 147 | same work. 148 | . 149 | 2. Basic Permissions. 150 | . 151 | All rights granted under this License are granted for the term of 152 | copyright on the Program, and are irrevocable provided the stated 153 | conditions are met. This License explicitly affirms your unlimited 154 | permission to run the unmodified Program. The output from running a 155 | covered work is covered by this License only if the output, given its 156 | content, constitutes a covered work. This License acknowledges your 157 | rights of fair use or other equivalent, as provided by copyright law. 158 | . 159 | You may make, run and propagate covered works that you do not 160 | convey, without conditions so long as your license otherwise remains 161 | in force. You may convey covered works to others for the sole purpose 162 | of having them make modifications exclusively for you, or provide you 163 | with facilities for running those works, provided that you comply with 164 | the terms of this License in conveying all material for which you do 165 | not control copyright. Those thus making or running the covered works 166 | for you must do so exclusively on your behalf, under your direction 167 | and control, on terms that prohibit them from making any copies of 168 | your copyrighted material outside their relationship with you. 169 | . 170 | Conveying under any other circumstances is permitted solely under 171 | the conditions stated below. Sublicensing is not allowed; section 10 172 | makes it unnecessary. 173 | . 174 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 175 | . 176 | No covered work shall be deemed part of an effective technological 177 | measure under any applicable law fulfilling obligations under article 178 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 179 | similar laws prohibiting or restricting circumvention of such 180 | measures. 181 | . 182 | When you convey a covered work, you waive any legal power to forbid 183 | circumvention of technological measures to the extent such circumvention 184 | is effected by exercising rights under this License with respect to 185 | the covered work, and you disclaim any intention to limit operation or 186 | modification of the work as a means of enforcing, against the work's 187 | users, your or third parties' legal rights to forbid circumvention of 188 | technological measures. 189 | . 190 | 4. Conveying Verbatim Copies. 191 | . 192 | You may convey verbatim copies of the Program's source code as you 193 | receive it, in any medium, provided that you conspicuously and 194 | appropriately publish on each copy an appropriate copyright notice; 195 | keep intact all notices stating that this License and any 196 | non-permissive terms added in accord with section 7 apply to the code; 197 | keep intact all notices of the absence of any warranty; and give all 198 | recipients a copy of this License along with the Program. 199 | . 200 | You may charge any price or no price for each copy that you convey, 201 | and you may offer support or warranty protection for a fee. 202 | . 203 | 5. Conveying Modified Source Versions. 204 | . 205 | You may convey a work based on the Program, or the modifications to 206 | produce it from the Program, in the form of source code under the 207 | terms of section 4, provided that you also meet all of these conditions: 208 | . 209 | a) The work must carry prominent notices stating that you modified 210 | it, and giving a relevant date. 211 | . 212 | b) The work must carry prominent notices stating that it is 213 | released under this License and any conditions added under section 214 | 7. This requirement modifies the requirement in section 4 to 215 | "keep intact all notices". 216 | . 217 | c) You must license the entire work, as a whole, under this 218 | License to anyone who comes into possession of a copy. This 219 | License will therefore apply, along with any applicable section 7 220 | additional terms, to the whole of the work, and all its parts, 221 | regardless of how they are packaged. This License gives no 222 | permission to license the work in any other way, but it does not 223 | invalidate such permission if you have separately received it. 224 | . 225 | d) If the work has interactive user interfaces, each must display 226 | Appropriate Legal Notices; however, if the Program has interactive 227 | interfaces that do not display Appropriate Legal Notices, your 228 | work need not make them do so. 229 | . 230 | A compilation of a covered work with other separate and independent 231 | works, which are not by their nature extensions of the covered work, 232 | and which are not combined with it such as to form a larger program, 233 | in or on a volume of a storage or distribution medium, is called an 234 | "aggregate" if the compilation and its resulting copyright are not 235 | used to limit the access or legal rights of the compilation's users 236 | beyond what the individual works permit. Inclusion of a covered work 237 | in an aggregate does not cause this License to apply to the other 238 | parts of the aggregate. 239 | . 240 | 6. Conveying Non-Source Forms. 241 | . 242 | You may convey a covered work in object code form under the terms 243 | of sections 4 and 5, provided that you also convey the 244 | machine-readable Corresponding Source under the terms of this License, 245 | in one of these ways: 246 | . 247 | a) Convey the object code in, or embodied in, a physical product 248 | (including a physical distribution medium), accompanied by the 249 | Corresponding Source fixed on a durable physical medium 250 | customarily used for software interchange. 251 | . 252 | b) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by a 254 | written offer, valid for at least three years and valid for as 255 | long as you offer spare parts or customer support for that product 256 | model, to give anyone who possesses the object code either (1) a 257 | copy of the Corresponding Source for all the software in the 258 | product that is covered by this License, on a durable physical 259 | medium customarily used for software interchange, for a price no 260 | more than your reasonable cost of physically performing this 261 | conveying of source, or (2) access to copy the 262 | Corresponding Source from a network server at no charge. 263 | . 264 | c) Convey individual copies of the object code with a copy of the 265 | written offer to provide the Corresponding Source. This 266 | alternative is allowed only occasionally and noncommercially, and 267 | only if you received the object code with such an offer, in accord 268 | with subsection 6b. 269 | . 270 | d) Convey the object code by offering access from a designated 271 | place (gratis or for a charge), and offer equivalent access to the 272 | Corresponding Source in the same way through the same place at no 273 | further charge. You need not require recipients to copy the 274 | Corresponding Source along with the object code. If the place to 275 | copy the object code is a network server, the Corresponding Source 276 | may be on a different server (operated by you or a third party) 277 | that supports equivalent copying facilities, provided you maintain 278 | clear directions next to the object code saying where to find the 279 | Corresponding Source. Regardless of what server hosts the 280 | Corresponding Source, you remain obligated to ensure that it is 281 | available for as long as needed to satisfy these requirements. 282 | . 283 | e) Convey the object code using peer-to-peer transmission, provided 284 | you inform other peers where the object code and Corresponding 285 | Source of the work are being offered to the general public at no 286 | charge under subsection 6d. 287 | . 288 | A separable portion of the object code, whose source code is excluded 289 | from the Corresponding Source as a System Library, need not be 290 | included in conveying the object code work. 291 | . 292 | A "User Product" is either (1) a "consumer product", which means any 293 | tangible personal property which is normally used for personal, family, 294 | or household purposes, or (2) anything designed or sold for incorporation 295 | into a dwelling. In determining whether a product is a consumer product, 296 | doubtful cases shall be resolved in favor of coverage. For a particular 297 | product received by a particular user, "normally used" refers to a 298 | typical or common use of that class of product, regardless of the status 299 | of the particular user or of the way in which the particular user 300 | actually uses, or expects or is expected to use, the product. A product 301 | is a consumer product regardless of whether the product has substantial 302 | commercial, industrial or non-consumer uses, unless such uses represent 303 | the only significant mode of use of the product. 304 | . 305 | "Installation Information" for a User Product means any methods, 306 | procedures, authorization keys, or other information required to install 307 | and execute modified versions of a covered work in that User Product from 308 | a modified version of its Corresponding Source. The information must 309 | suffice to ensure that the continued functioning of the modified object 310 | code is in no case prevented or interfered with solely because 311 | modification has been made. 312 | . 313 | If you convey an object code work under this section in, or with, or 314 | specifically for use in, a User Product, and the conveying occurs as 315 | part of a transaction in which the right of possession and use of the 316 | User Product is transferred to the recipient in perpetuity or for a 317 | fixed term (regardless of how the transaction is characterized), the 318 | Corresponding Source conveyed under this section must be accompanied 319 | by the Installation Information. But this requirement does not apply 320 | if neither you nor any third party retains the ability to install 321 | modified object code on the User Product (for example, the work has 322 | been installed in ROM). 323 | . 324 | The requirement to provide Installation Information does not include a 325 | requirement to continue to provide support service, warranty, or updates 326 | for a work that has been modified or installed by the recipient, or for 327 | the User Product in which it has been modified or installed. Access to a 328 | network may be denied when the modification itself materially and 329 | adversely affects the operation of the network or violates the rules and 330 | protocols for communication across the network. 331 | . 332 | Corresponding Source conveyed, and Installation Information provided, 333 | in accord with this section must be in a format that is publicly 334 | documented (and with an implementation available to the public in 335 | source code form), and must require no special password or key for 336 | unpacking, reading or copying. 337 | . 338 | 7. Additional Terms. 339 | . 340 | "Additional permissions" are terms that supplement the terms of this 341 | License by making exceptions from one or more of its conditions. 342 | Additional permissions that are applicable to the entire Program shall 343 | be treated as though they were included in this License, to the extent 344 | that they are valid under applicable law. If additional permissions 345 | apply only to part of the Program, that part may be used separately 346 | under those permissions, but the entire Program remains governed by 347 | this License without regard to the additional permissions. 348 | . 349 | When you convey a copy of a covered work, you may at your option 350 | remove any additional permissions from that copy, or from any part of 351 | it. (Additional permissions may be written to require their own 352 | removal in certain cases when you modify the work.) You may place 353 | additional permissions on material, added by you to a covered work, 354 | for which you have or can give appropriate copyright permission. 355 | . 356 | Notwithstanding any other provision of this License, for material you 357 | add to a covered work, you may (if authorized by the copyright holders of 358 | that material) supplement the terms of this License with terms: 359 | . 360 | a) Disclaiming warranty or limiting liability differently from the 361 | terms of sections 15 and 16 of this License; or 362 | . 363 | b) Requiring preservation of specified reasonable legal notices or 364 | author attributions in that material or in the Appropriate Legal 365 | Notices displayed by works containing it; or 366 | . 367 | c) Prohibiting misrepresentation of the origin of that material, or 368 | requiring that modified versions of such material be marked in 369 | reasonable ways as different from the original version; or 370 | . 371 | d) Limiting the use for publicity purposes of names of licensors or 372 | authors of the material; or 373 | . 374 | e) Declining to grant rights under trademark law for use of some 375 | trade names, trademarks, or service marks; or 376 | . 377 | f) Requiring indemnification of licensors and authors of that 378 | material by anyone who conveys the material (or modified versions of 379 | it) with contractual assumptions of liability to the recipient, for 380 | any liability that these contractual assumptions directly impose on 381 | those licensors and authors. 382 | . 383 | All other non-permissive additional terms are considered "further 384 | restrictions" within the meaning of section 10. If the Program as you 385 | received it, or any part of it, contains a notice stating that it is 386 | governed by this License along with a term that is a further 387 | restriction, you may remove that term. If a license document contains 388 | a further restriction but permits relicensing or conveying under this 389 | License, you may add to a covered work material governed by the terms 390 | of that license document, provided that the further restriction does 391 | not survive such relicensing or conveying. 392 | . 393 | If you add terms to a covered work in accord with this section, you 394 | must place, in the relevant source files, a statement of the 395 | additional terms that apply to those files, or a notice indicating 396 | where to find the applicable terms. 397 | . 398 | Additional terms, permissive or non-permissive, may be stated in the 399 | form of a separately written license, or stated as exceptions; 400 | the above requirements apply either way. 401 | . 402 | 8. Termination. 403 | . 404 | You may not propagate or modify a covered work except as expressly 405 | provided under this License. Any attempt otherwise to propagate or 406 | modify it is void, and will automatically terminate your rights under 407 | this License (including any patent licenses granted under the third 408 | paragraph of section 11). 409 | . 410 | However, if you cease all violation of this License, then your 411 | license from a particular copyright holder is reinstated (a) 412 | provisionally, unless and until the copyright holder explicitly and 413 | finally terminates your license, and (b) permanently, if the copyright 414 | holder fails to notify you of the violation by some reasonable means 415 | prior to 60 days after the cessation. 416 | . 417 | Moreover, your license from a particular copyright holder is 418 | reinstated permanently if the copyright holder notifies you of the 419 | violation by some reasonable means, this is the first time you have 420 | received notice of violation of this License (for any work) from that 421 | copyright holder, and you cure the violation prior to 30 days after 422 | your receipt of the notice. 423 | . 424 | Termination of your rights under this section does not terminate the 425 | licenses of parties who have received copies or rights from you under 426 | this License. If your rights have been terminated and not permanently 427 | reinstated, you do not qualify to receive new licenses for the same 428 | material under section 10. 429 | . 430 | 9. Acceptance Not Required for Having Copies. 431 | . 432 | You are not required to accept this License in order to receive or 433 | run a copy of the Program. Ancillary propagation of a covered work 434 | occurring solely as a consequence of using peer-to-peer transmission 435 | to receive a copy likewise does not require acceptance. However, 436 | nothing other than this License grants you permission to propagate or 437 | modify any covered work. These actions infringe copyright if you do 438 | not accept this License. Therefore, by modifying or propagating a 439 | covered work, you indicate your acceptance of this License to do so. 440 | . 441 | 10. Automatic Licensing of Downstream Recipients. 442 | . 443 | Each time you convey a covered work, the recipient automatically 444 | receives a license from the original licensors, to run, modify and 445 | propagate that work, subject to this License. You are not responsible 446 | for enforcing compliance by third parties with this License. 447 | . 448 | An "entity transaction" is a transaction transferring control of an 449 | organization, or substantially all assets of one, or subdividing an 450 | organization, or merging organizations. If propagation of a covered 451 | work results from an entity transaction, each party to that 452 | transaction who receives a copy of the work also receives whatever 453 | licenses to the work the party's predecessor in interest had or could 454 | give under the previous paragraph, plus a right to possession of the 455 | Corresponding Source of the work from the predecessor in interest, if 456 | the predecessor has it or can get it with reasonable efforts. 457 | . 458 | You may not impose any further restrictions on the exercise of the 459 | rights granted or affirmed under this License. For example, you may 460 | not impose a license fee, royalty, or other charge for exercise of 461 | rights granted under this License, and you may not initiate litigation 462 | (including a cross-claim or counterclaim in a lawsuit) alleging that 463 | any patent claim is infringed by making, using, selling, offering for 464 | sale, or importing the Program or any portion of it. 465 | . 466 | 11. Patents. 467 | . 468 | A "contributor" is a copyright holder who authorizes use under this 469 | License of the Program or a work on which the Program is based. The 470 | work thus licensed is called the contributor's "contributor version". 471 | . 472 | A contributor's "essential patent claims" are all patent claims 473 | owned or controlled by the contributor, whether already acquired or 474 | hereafter acquired, that would be infringed by some manner, permitted 475 | by this License, of making, using, or selling its contributor version, 476 | but do not include claims that would be infringed only as a 477 | consequence of further modification of the contributor version. For 478 | purposes of this definition, "control" includes the right to grant 479 | patent sublicenses in a manner consistent with the requirements of 480 | this License. 481 | . 482 | Each contributor grants you a non-exclusive, worldwide, royalty-free 483 | patent license under the contributor's essential patent claims, to 484 | make, use, sell, offer for sale, import and otherwise run, modify and 485 | propagate the contents of its contributor version. 486 | . 487 | In the following three paragraphs, a "patent license" is any express 488 | agreement or commitment, however denominated, not to enforce a patent 489 | (such as an express permission to practice a patent or covenant not to 490 | sue for patent infringement). To "grant" such a patent license to a 491 | party means to make such an agreement or commitment not to enforce a 492 | patent against the party. 493 | . 494 | If you convey a covered work, knowingly relying on a patent license, 495 | and the Corresponding Source of the work is not available for anyone 496 | to copy, free of charge and under the terms of this License, through a 497 | publicly available network server or other readily accessible means, 498 | then you must either (1) cause the Corresponding Source to be so 499 | available, or (2) arrange to deprive yourself of the benefit of the 500 | patent license for this particular work, or (3) arrange, in a manner 501 | consistent with the requirements of this License, to extend the patent 502 | license to downstream recipients. "Knowingly relying" means you have 503 | actual knowledge that, but for the patent license, your conveying the 504 | covered work in a country, or your recipient's use of the covered work 505 | in a country, would infringe one or more identifiable patents in that 506 | country that you have reason to believe are valid. 507 | . 508 | If, pursuant to or in connection with a single transaction or 509 | arrangement, you convey, or propagate by procuring conveyance of, a 510 | covered work, and grant a patent license to some of the parties 511 | receiving the covered work authorizing them to use, propagate, modify 512 | or convey a specific copy of the covered work, then the patent license 513 | you grant is automatically extended to all recipients of the covered 514 | work and works based on it. 515 | . 516 | A patent license is "discriminatory" if it does not include within 517 | the scope of its coverage, prohibits the exercise of, or is 518 | conditioned on the non-exercise of one or more of the rights that are 519 | specifically granted under this License. You may not convey a covered 520 | work if you are a party to an arrangement with a third party that is 521 | in the business of distributing software, under which you make payment 522 | to the third party based on the extent of your activity of conveying 523 | the work, and under which the third party grants, to any of the 524 | parties who would receive the covered work from you, a discriminatory 525 | patent license (a) in connection with copies of the covered work 526 | conveyed by you (or copies made from those copies), or (b) primarily 527 | for and in connection with specific products or compilations that 528 | contain the covered work, unless you entered into that arrangement, 529 | or that patent license was granted, prior to 28 March 2007. 530 | . 531 | Nothing in this License shall be construed as excluding or limiting 532 | any implied license or other defenses to infringement that may 533 | otherwise be available to you under applicable patent law. 534 | . 535 | 12. No Surrender of Others' Freedom. 536 | . 537 | If conditions are imposed on you (whether by court order, agreement or 538 | otherwise) that contradict the conditions of this License, they do not 539 | excuse you from the conditions of this License. If you cannot convey a 540 | covered work so as to satisfy simultaneously your obligations under this 541 | License and any other pertinent obligations, then as a consequence you may 542 | not convey it at all. For example, if you agree to terms that obligate you 543 | to collect a royalty for further conveying from those to whom you convey 544 | the Program, the only way you could satisfy both those terms and this 545 | License would be to refrain entirely from conveying the Program. 546 | . 547 | 13. Remote Network Interaction; Use with the GNU General Public License. 548 | . 549 | Notwithstanding any other provision of this License, if you modify the 550 | Program, your modified version must prominently offer all users 551 | interacting with it remotely through a computer network (if your version 552 | supports such interaction) an opportunity to receive the Corresponding 553 | Source of your version by providing access to the Corresponding Source 554 | from a network server at no charge, through some standard or customary 555 | means of facilitating copying of software. This Corresponding Source 556 | shall include the Corresponding Source for any work covered by version 3 557 | of the GNU General Public License that is incorporated pursuant to the 558 | following paragraph. 559 | . 560 | Notwithstanding any other provision of this License, you have 561 | permission to link or combine any covered work with a work licensed 562 | under version 3 of the GNU General Public License into a single 563 | combined work, and to convey the resulting work. The terms of this 564 | License will continue to apply to the part which is the covered work, 565 | but the work with which it is combined will remain governed by version 566 | 3 of the GNU General Public License. 567 | . 568 | 14. Revised Versions of this License. 569 | . 570 | The Free Software Foundation may publish revised and/or new versions of 571 | the GNU Affero General Public License from time to time. Such new versions 572 | will be similar in spirit to the present version, but may differ in detail to 573 | address new problems or concerns. 574 | . 575 | Each version is given a distinguishing version number. If the 576 | Program specifies that a certain numbered version of the GNU Affero General 577 | Public License "or any later version" applies to it, you have the 578 | option of following the terms and conditions either of that numbered 579 | version or of any later version published by the Free Software 580 | Foundation. If the Program does not specify a version number of the 581 | GNU Affero General Public License, you may choose any version ever published 582 | by the Free Software Foundation. 583 | . 584 | If the Program specifies that a proxy can decide which future 585 | versions of the GNU Affero General Public License can be used, that proxy's 586 | public statement of acceptance of a version permanently authorizes you 587 | to choose that version for the Program. 588 | . 589 | Later license versions may give you additional or different 590 | permissions. However, no additional obligations are imposed on any 591 | author or copyright holder as a result of your choosing to follow a 592 | later version. 593 | . 594 | 15. Disclaimer of Warranty. 595 | . 596 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 597 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 598 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 599 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 600 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 601 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 602 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 603 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 604 | . 605 | 16. Limitation of Liability. 606 | . 607 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 608 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 609 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 610 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 611 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 612 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 613 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 614 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 615 | SUCH DAMAGES. 616 | . 617 | 17. Interpretation of Sections 15 and 16. 618 | . 619 | If the disclaimer of warranty and limitation of liability provided 620 | above cannot be given local legal effect according to their terms, 621 | reviewing courts shall apply local law that most closely approximates 622 | an absolute waiver of all civil liability in connection with the 623 | Program, unless a warranty or assumption of liability accompanies a 624 | copy of the Program in return for a fee. 625 | . 626 | END OF TERMS AND CONDITIONS 627 | . 628 | How to Apply These Terms to Your New Programs 629 | . 630 | If you develop a new program, and you want it to be of the greatest 631 | possible use to the public, the best way to achieve this is to make it 632 | free software which everyone can redistribute and change under these terms. 633 | . 634 | To do so, attach the following notices to the program. It is safest 635 | to attach them to the start of each source file to most effectively 636 | state the exclusion of warranty; and each file should have at least 637 | the "copyright" line and a pointer to where the full notice is found. 638 | . 639 | 640 | Copyright (C) 641 | . 642 | This program is free software: you can redistribute it and/or modify 643 | it under the terms of the GNU Affero General Public License as published by 644 | the Free Software Foundation, either version 3 of the License, or 645 | (at your option) any later version. 646 | . 647 | This program is distributed in the hope that it will be useful, 648 | but WITHOUT ANY WARRANTY; without even the implied warranty of 649 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 650 | GNU Affero General Public License for more details. 651 | . 652 | You should have received a copy of the GNU Affero General Public License 653 | along with this program. If not, see . 654 | . 655 | Also add information on how to contact you by electronic and paper mail. 656 | . 657 | If your software can interact with users remotely through a computer 658 | network, you should also make sure that it provides a way for users to 659 | get its source. For example, if your program is a web application, its 660 | interface could display a "Source" link that leads users to an archive 661 | of the code. There are many ways you could offer source, and different 662 | solutions will be better for different programs; see section 13 for the 663 | specific requirements. 664 | . 665 | You should also get your employer (if you work as a programmer) or school, 666 | if any, to sign a "copyright disclaimer" for the program, if necessary. 667 | For more information on this, and how to apply and follow the GNU AGPL, see 668 | . 669 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Randomizes clock when systems boots # 2 | 3 | Randomizes clock at boot time. Moves clock a few seconds and nanoseconds 4 | to past or future. Useful in context of anonymity/privacy/Tor. 5 | 6 | This is useful to enforce the design goal, that the host clock and 7 | Gateway/Workstation clock should always slightly differ (even before secure 8 | timesync succeeded!) to prevent time based fingerprinting / linkablity 9 | issues. 10 | 11 | Runs before Tor / sdwdate (if installed). 12 | 13 | See also: https://www.whonix.org/wiki/Dev/TimeSync 14 | 15 | ## How to install `bootclockrandomization` using apt-get ## 16 | 17 | 1\. Download the APT Signing Key. 18 | 19 | ``` 20 | wget https://www.kicksecure.com/keys/derivative.asc 21 | ``` 22 | 23 | Users can [check the Signing Key](https://www.kicksecure.com/wiki/Signing_Key) for better security. 24 | 25 | 2\. Add the APT Signing Key. 26 | 27 | ``` 28 | sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc 29 | ``` 30 | 31 | 3\. Add the derivative repository. 32 | 33 | ``` 34 | echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list 35 | ``` 36 | 37 | 4\. Update your package lists. 38 | 39 | ``` 40 | sudo apt-get update 41 | ``` 42 | 43 | 5\. Install `bootclockrandomization`. 44 | 45 | ``` 46 | sudo apt-get install bootclockrandomization 47 | ``` 48 | 49 | ## How to Build deb Package from Source Code ## 50 | 51 | Can be build using standard Debian package build tools such as: 52 | 53 | ``` 54 | dpkg-buildpackage -b 55 | ``` 56 | 57 | See instructions. 58 | 59 | NOTE: Replace `generic-package` with the actual name of this package `bootclockrandomization`. 60 | 61 | * **A)** [easy](https://www.kicksecure.com/wiki/Dev/Build_Documentation/generic-package/easy), _OR_ 62 | * **B)** [including verifying software signatures](https://www.kicksecure.com/wiki/Dev/Build_Documentation/generic-package) 63 | 64 | ## Contact ## 65 | 66 | * [Free Forum Support](https://forums.kicksecure.com) 67 | * [Premium Support](https://www.kicksecure.com/wiki/Premium_Support) 68 | 69 | ## Donate ## 70 | 71 | `bootclockrandomization` requires [donations](https://www.kicksecure.com/wiki/Donate) to stay alive! 72 | -------------------------------------------------------------------------------- /auto-generated-man-pages/clock-random-manual-cli.8: -------------------------------------------------------------------------------- 1 | .\" generated with Ronn-NG/v0.9.1 2 | .\" http://github.com/apjanke/ronn-ng/tree/0.9.1 3 | .TH "CLOCK\-RANDOM\-MANUAL\-CLI" "8" "January 2020" "bootclockrandomization" "bootclockrandomization Manual" 4 | .SH "NAME" 5 | \fBclock\-random\-manual\-cli\fR \- random clock setting 6 | .SH "SYNOPSIS" 7 | \fBclock\-random\-manual\-cli\fR time 8 | .SH "DESCRIPTION" 9 | Sets randomized clock relative to time given by user\. 10 | .SH "EXIT CODES" 11 | 0 Success\. 12 | .P 13 | non\-zero Error\. 14 | .SH "EXAMPLES" 15 | \fBecho "Fri Sep 30 22:20:00 UTC 2016" | /usr/bin/clock\-random\-manual\-cli\fR 16 | .SH "WWW" 17 | https://www\.whonix\.org/wiki/Boot_Clock_Randomization 18 | .SH "AUTHOR" 19 | This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\. 20 | -------------------------------------------------------------------------------- /auto-generated-man-pages/clock-random-manual-gui.8: -------------------------------------------------------------------------------- 1 | .\" generated with Ronn-NG/v0.9.1 2 | .\" http://github.com/apjanke/ronn-ng/tree/0.9.1 3 | .TH "CLOCK\-RANDOM\-MANUAL\-GUI" "8" "January 2020" "bootclockrandomization" "bootclockrandomization Manual" 4 | .SH "NAME" 5 | \fBclock\-random\-manual\-gui\fR \- random clock setting 6 | .SH "SYNOPSIS" 7 | \fBclock\-random\-manual\-gui\fR 8 | .SH "DESCRIPTION" 9 | Sets randomized clock relative to time given by user\. 10 | .SH "EXIT CODES" 11 | 0 Success\. 12 | .P 13 | non\-zero Error\. 14 | .SH "EXAMPLES" 15 | \fB/usr/bin/clock\-random\-manual\-gui\fR 16 | .SH "WWW" 17 | https://www\.whonix\.org/wiki/Boot_Clock_Randomization 18 | .SH "AUTHOR" 19 | This man page has been written by Patrick Schleizer (adrelanos@whonix\.org)\. 20 | -------------------------------------------------------------------------------- /changelog.upstream: -------------------------------------------------------------------------------- 1 | commit 5a5983caa70b6f0dd1b89b72526cb093ed6ea00a 2 | Author: Patrick Schleizer 3 | Date: Thu Jan 23 11:09:17 2025 -0500 4 | 5 | copyright 6 | 7 | commit 713574a0aed760e3ea974d56a2dea751e22ef39d 8 | Author: Patrick Schleizer 9 | Date: Tue Dec 31 18:30:22 2024 +0000 10 | 11 | bumped changelog version 12 | 13 | commit 55a302b2c261b946be1217727b63f7160a1ecf09 14 | Author: Patrick Schleizer 15 | Date: Tue Dec 31 13:26:15 2024 -0500 16 | 17 | copyright 18 | 19 | commit b8e86fa33da79c6c38455d47af795aab1e69d1e3 20 | Author: Patrick Schleizer 21 | Date: Fri Feb 2 12:33:58 2024 +0000 22 | 23 | bumped changelog version 24 | 25 | commit 8e5aee15535351bb791d350c83d34851b0874260 26 | Author: Patrick Schleizer 27 | Date: Fri Feb 2 07:32:22 2024 -0500 28 | 29 | usrmerge debhelper systemd Debian package maintainer scripts fix 30 | 31 | commit d4e34acb3f43517981ccc746065fa6c1321b5f8d 32 | Author: Patrick Schleizer 33 | Date: Mon Jan 22 12:36:49 2024 +0000 34 | 35 | bumped changelog version 36 | 37 | commit c29bebb41bbf945ba32e5c6a63901ad7f33b07f5 38 | Author: Patrick Schleizer 39 | Date: Mon Jan 22 07:12:09 2024 -0500 40 | 41 | usrmerge 42 | 43 | commit 34774753ad3b1f840c494cd8a49fef74d2dc8723 44 | Author: Patrick Schleizer 45 | Date: Sat Nov 11 20:13:14 2023 +0000 46 | 47 | bumped changelog version 48 | 49 | commit 2d3969c50ebfa712cdf2cf8e3a08c92ead213f80 50 | Author: Patrick Schleizer 51 | Date: Sat Nov 11 13:41:27 2023 -0500 52 | 53 | change license to AGPL-3+ 54 | 55 | https://forums.whonix.org/t/license-change-to-agplv3/17455 56 | 57 | commit db79ab5c6faf2a5508590c4ff83eba5803b32857 58 | Author: Patrick Schleizer 59 | Date: Sun Oct 22 08:26:03 2023 -0400 60 | 61 | bumped changelog version 62 | 63 | commit 185892b21ecd59d0865ec6f92671e385a031e005 64 | Author: Patrick Schleizer 65 | Date: Sun Oct 22 08:25:01 2023 -0400 66 | 67 | Lower amount of boot clock randomization seconds in Qubes Template to +/-1 (and nanoseconds). 68 | 69 | Because sdwdate (or other time fixing mechanism) does not yet run in Template. 70 | 71 | https://forums.whonix.org/t/whonix-ws-16-template-fails-to-update-due-to-timing-issue/12739/31 72 | 73 | commit 6ea29198cb91f2ebd21fb3ec019c62b36b038555 74 | Author: Patrick Schleizer 75 | Date: Tue Aug 29 16:03:40 2023 -0400 76 | 77 | bumped changelog version 78 | 79 | commit 51fc6c670e3d25425c714fb6b09e8aaa503b0852 80 | Author: Patrick Schleizer 81 | Date: Tue Aug 29 16:01:26 2023 -0400 82 | 83 | tmpfiles.d improvement 84 | 85 | commit b526922926832d777ee4932faa821914aadf04ca 86 | Author: Patrick Schleizer 87 | Date: Tue Aug 29 15:00:35 2023 -0400 88 | 89 | tmpfiles.d syntax fix 90 | 91 | commit 5b09c808840edbf6dbadebc332366e7f19248d1c 92 | Author: Patrick Schleizer 93 | Date: Mon Jul 17 11:32:47 2023 -0400 94 | 95 | bumped changelog version 96 | 97 | commit c104026a6dcf8c435ead76984527fd8bf42a26d9 98 | Author: Patrick Schleizer 99 | Date: Mon Jul 17 11:17:31 2023 -0400 100 | 101 | Kicksecure 102 | 103 | commit 4d79d614727be644fb87d3a25c13f4ac56414eeb 104 | Author: Patrick Schleizer 105 | Date: Mon Jul 17 11:01:08 2023 -0400 106 | 107 | Kicksecure 108 | 109 | commit d22639e9b12f994e7faf641c27a5e5bbc2a0a5b7 110 | Author: Patrick Schleizer 111 | Date: Wed Jun 21 09:14:27 2023 +0000 112 | 113 | bumped changelog version 114 | 115 | commit b2d9538254b0810ae93bfd06dc58c9dfda78dcd5 116 | Author: Patrick Schleizer 117 | Date: Wed Jun 21 09:11:26 2023 +0000 118 | 119 | bookworm 120 | 121 | commit 1c197353ce61c6b9bd24764feb4a1b4198773bc4 122 | Author: Patrick Schleizer 123 | Date: Fri Jun 16 10:51:20 2023 +0000 124 | 125 | bumped changelog version 126 | 127 | commit 2fe7e88f50f2180c9f3f26ccff333c2a9da593fd 128 | Author: Patrick Schleizer 129 | Date: Fri Jun 16 10:49:00 2023 +0000 130 | 131 | readme 132 | 133 | commit 0bba2b12afc8d4c380d1f70845f86c1f42c64b3b 134 | Author: Patrick Schleizer 135 | Date: Thu Jun 15 16:59:14 2023 +0000 136 | 137 | bumped changelog version 138 | 139 | commit 21561a98899f8a0b70b15817d906e2e7505a2c6e 140 | Author: Patrick Schleizer 141 | Date: Wed Jun 14 13:14:42 2023 +0000 142 | 143 | copyright 144 | 145 | commit 86646d6e1cf912bcc0176b67d0614981946f8425 146 | Author: Patrick Schleizer 147 | Date: Mon Jun 12 17:46:41 2023 +0000 148 | 149 | bumped changelog version 150 | 151 | commit 0d917b3076378979fc6771b377e8c09024ba6147 152 | Author: Patrick Schleizer 153 | Date: Mon Jun 12 16:22:27 2023 +0000 154 | 155 | Standards-Version: 4.6.1.0 156 | 157 | commit 5a17935058982876f8eaf1da6d6f7d28ba7c098c 158 | Author: Patrick Schleizer 159 | Date: Mon Jun 12 15:15:50 2023 +0000 160 | 161 | bumped changelog version 162 | 163 | commit 32cd0660a9ada73245cbaaac7322735c0496994a 164 | Author: Patrick Schleizer 165 | Date: Mon Jun 12 14:51:56 2023 +0000 166 | 167 | update copyright year 168 | 169 | commit 263443d8515ce77f942e0902969034d04e6f0898 170 | Author: Patrick Schleizer 171 | Date: Mon Sep 26 15:51:50 2022 -0400 172 | 173 | bumped changelog version 174 | 175 | commit 57bea40f0cc73db660f80b5435b9ffc999ce87a4 176 | Author: Patrick Schleizer 177 | Date: Mon Sep 26 15:50:45 2022 -0400 178 | 179 | output 180 | 181 | commit 871d4120e25a1316fcb82dd590f649e2caf932b5 182 | Author: Patrick Schleizer 183 | Date: Wed Jun 8 10:29:02 2022 -0400 184 | 185 | bumped changelog version 186 | 187 | commit f4b5d7ae39186aa3edac31571f4e13df4fdbc214 188 | Author: Patrick Schleizer 189 | Date: Wed Jun 8 09:01:26 2022 -0400 190 | 191 | remove unicode 192 | 193 | commit 774db1b7f0a4ae33c39535d3665737c0bc396131 194 | Author: Patrick Schleizer 195 | Date: Wed May 25 06:05:42 2022 -0400 196 | 197 | bumped changelog version 198 | 199 | commit 7975e62479e4345c462a604503042863d08100fe 200 | Author: Patrick Schleizer 201 | Date: Fri May 20 15:27:03 2022 -0400 202 | 203 | readme 204 | 205 | commit bf678e20fd274a94e1d2643c0f4033c925425755 206 | Author: Patrick Schleizer 207 | Date: Fri May 20 14:46:31 2022 -0400 208 | 209 | copyright 210 | 211 | commit 4028a1c0bbe2482f654ef72463071ad72ea3bb51 212 | Author: Patrick Schleizer 213 | Date: Sun Apr 10 12:37:33 2022 -0400 214 | 215 | readme 216 | 217 | commit 3446233581ccf0b6881cb19f795a75a0364e1b36 218 | Author: Patrick Schleizer 219 | Date: Sun Jan 2 08:23:35 2022 -0500 220 | 221 | bumped changelog version 222 | 223 | commit f02a3553c61a901d6ce98d1d5629be4c2a032cdf 224 | Author: Patrick Schleizer 225 | Date: Sun Jan 2 08:20:39 2022 -0500 226 | 227 | ConditionPathExists=!/run/qubes-service/no-bootclockrandomization 228 | ConditionPathExists=!/run/qubes-service/no-bcr 229 | 230 | commit f40cff332a68fa6312bea565636d864ff8dada15 231 | Author: Patrick Schleizer 232 | Date: Fri Dec 24 07:39:48 2021 -0500 233 | 234 | bumped changelog version 235 | 236 | commit 3b8bee042b57ae2b0945265bcac3a5b4b7e54063 237 | Merge: b7b2ccf b594c70 238 | Author: Patrick Schleizer 239 | Date: Fri Dec 24 07:35:38 2021 -0500 240 | 241 | Merge remote-tracking branch 'github-whonix/master' 242 | 243 | commit b594c70aca94270c461870fa650e424c4e3a725f 244 | Merge: b7b2ccf 1837346 245 | Author: Patrick Schleizer 246 | Date: Fri Dec 24 07:35:00 2021 -0500 247 | 248 | Merge pull request #2 from deeplow/delay-as-env-var 249 | 250 | Make delay_plus_or_minus overridable via env var 251 | 252 | commit 1837346b080132d3f7ca8dac81d13d489cfa2662 253 | Author: deeplow 254 | Date: Fri Dec 24 04:19:05 2021 -0500 255 | 256 | Make delay_plus_or_minus overridable via env var 257 | 258 | commit b7b2ccf59b1c784dbc97206a8f78ecd96fc7ec63 259 | Author: Patrick Schleizer 260 | Date: Tue Nov 9 14:32:29 2021 -0500 261 | 262 | readme 263 | 264 | commit cec998c5908516fe5ad2ecb9210ecca8b00a82b5 265 | Author: Patrick Schleizer 266 | Date: Sat Sep 11 18:38:13 2021 -0400 267 | 268 | bumped changelog version 269 | 270 | commit ebb467ce5ad1b202d1d24b5ba2ae307632873296 271 | Author: Patrick Schleizer 272 | Date: Sat Sep 11 16:31:10 2021 -0400 273 | 274 | readme 275 | 276 | commit bf3c213a7b4059264574b230a72d1906fde2cd54 277 | Author: Patrick Schleizer 278 | Date: Thu Aug 5 16:38:03 2021 -0400 279 | 280 | bumped changelog version 281 | 282 | commit 3a77abe98eb2c80353c068081b312796f264cf15 283 | Author: Patrick Schleizer 284 | Date: Wed Aug 4 06:42:11 2021 -0400 285 | 286 | move /usr/lib/msgcollector to /usr/libexec/msgcollector as per lintian FHS 287 | 288 | commit fe20af03cdc6758814607ce2c47047e731a1f856 289 | Author: Patrick Schleizer 290 | Date: Tue Aug 3 12:48:52 2021 -0400 291 | 292 | move /usr/lib/helper-scripts and /usr/lib/curl-scripts to /usr/libexec/helper-scripts as per lintian FHS 293 | 294 | commit b1fe32694a6afda36b30e259fba55ebcd7740e58 295 | Author: Patrick Schleizer 296 | Date: Tue Aug 3 11:47:32 2021 -0400 297 | 298 | re-generate man pages (generated using "genmkfile manpages") 299 | 300 | commit d75f8784a65edd6c28c1a88ea653420aeba8aaaa 301 | Author: Patrick Schleizer 302 | Date: Tue Aug 3 11:41:36 2021 -0400 303 | 304 | man page 305 | 306 | commit 8d46c5147c1c1fee45c5b27b0742485f55150f84 307 | Author: Patrick Schleizer 308 | Date: Tue Aug 3 05:48:18 2021 -0400 309 | 310 | bullseye 311 | 312 | commit a237faddc5f24b1b450dc89718b5044245f9985e 313 | Author: Patrick Schleizer 314 | Date: Sun Aug 1 16:24:24 2021 -0400 315 | 316 | readme 317 | 318 | commit 38902c1c733ebee3d2e0d1a07414e4c45760252c 319 | Author: Patrick Schleizer 320 | Date: Thu Mar 18 09:00:47 2021 -0400 321 | 322 | bumped changelog version 323 | 324 | commit 0698a5f3b6925a154481cd2a0c41d07c9edc5c5d 325 | Author: Patrick Schleizer 326 | Date: Thu Mar 18 08:57:18 2021 -0400 327 | 328 | copyright 329 | 330 | commit 8715602736146cd0058f87c1fdb2088920b4b04f 331 | Author: Patrick Schleizer 332 | Date: Wed Mar 17 11:03:36 2021 -0400 333 | 334 | bumped changelog version 335 | 336 | commit fd570105c10e33bd29c98939586c07d388690f9e 337 | Author: Patrick Schleizer 338 | Date: Wed Mar 17 09:45:13 2021 -0400 339 | 340 | copyright 341 | 342 | commit eab771b38f4429ed74edcc3dcfb90cf59d0c31b0 343 | Author: Patrick Schleizer 344 | Date: Mon Mar 15 06:47:18 2021 -0400 345 | 346 | bumped changelog version 347 | 348 | commit 5f442b60e145345b99eb55af6d751d8b44737e90 349 | Author: Patrick Schleizer 350 | Date: Mon Mar 15 06:41:08 2021 -0400 351 | 352 | apparmor 353 | 354 | AVC apparmor="DENIED" operation="open" profile="bootclockrandomization" name="/dev/tty" comm="stop" requested_mask="wr" denied_mask="wr" 355 | AVC apparmor="DENIED" operation="open" profile="bootclockrandomization" name="/dev/tty" comm="start" requested_mask="wr" denied_mask="wr" 356 | 357 | commit ec8b5d12540db671a02754b4b1d7eebc274fe07c 358 | Author: Patrick Schleizer 359 | Date: Wed Feb 10 06:05:47 2021 -0500 360 | 361 | bumped changelog version 362 | 363 | commit c3d8ea5b2790d97c7558a6f981c2249fd2911c81 364 | Author: Patrick Schleizer 365 | Date: Wed Feb 10 06:05:47 2021 -0500 366 | 367 | readme 368 | 369 | commit 3db1a6cfd0ed576350c58432ee076f4cd2ef1676 370 | Author: Patrick Schleizer 371 | Date: Wed Feb 10 02:57:03 2021 -0500 372 | 373 | cleanup 374 | 375 | commit bb37b014745d46fe505e40bc433785314c42e2ac 376 | Author: Patrick Schleizer 377 | Date: Thu Apr 16 08:27:55 2020 -0400 378 | 379 | bumped changelog version 380 | 381 | commit 1891544732cfbc7ee7163df18e77d7a8a12370c4 382 | Author: Patrick Schleizer 383 | Date: Wed Apr 15 14:05:29 2020 -0400 384 | 385 | readme 386 | 387 | commit 99afe0f394e8a14e7c2d68fcfa92a2b982226b81 388 | Author: Patrick Schleizer 389 | Date: Thu Apr 9 12:07:59 2020 +0000 390 | 391 | bumped changelog version 392 | 393 | commit ce70c45711c11aa285b0a259b4f5e38ead0542cb 394 | Author: Patrick Schleizer 395 | Date: Thu Apr 9 10:47:35 2020 +0000 396 | 397 | no more standalone log /var/run/bootclockrandomization.log 398 | 399 | logs now handled by systemd 400 | 401 | no longer depend on logrotate 402 | 403 | commit 150cda8871cfaa29e06a51f0dd318acffb74040c 404 | Author: Patrick Schleizer 405 | Date: Thu Apr 2 07:40:26 2020 -0400 406 | 407 | bumped changelog version 408 | 409 | commit 0c3c83a7136022a49850a16e4d4f1d070cf7d353 410 | Author: Patrick Schleizer 411 | Date: Thu Apr 2 07:22:24 2020 -0400 412 | 413 | readme 414 | 415 | commit 039ef13eab525ea68fb8adffd8f2dcba6f216997 416 | Author: Patrick Schleizer 417 | Date: Wed Apr 1 17:34:58 2020 -0400 418 | 419 | remove 'Build-Depends: ronn' since no longer required 420 | 421 | commit 04fe8f9ea8875285f3026ef1b9c5558349fc4d9f 422 | Author: Patrick Schleizer 423 | Date: Wed Apr 1 16:57:29 2020 -0400 424 | 425 | remove genmkfile 426 | 427 | commit b7260a35cd74dd73e0503341fc8245667f8048a3 428 | Author: Patrick Schleizer 429 | Date: Wed Apr 1 16:30:07 2020 -0400 430 | 431 | add debian install file 432 | 433 | commit 38c5638fd6ed40685ce5e413688e5a0b1dfa9c8b 434 | Author: Patrick Schleizer 435 | Date: Wed Apr 1 15:56:47 2020 -0400 436 | 437 | add man pages (generated using "genmkfile manpages") 438 | 439 | commit 41dc990b259f47370374e31ef3b782fee45cacbc 440 | Author: Patrick Schleizer 441 | Date: Wed Apr 1 15:48:26 2020 -0400 442 | 443 | no longer create man pages during build process 444 | use pre-created man pages 445 | 446 | commit 5bc5e7bc7c95ac9ebc7e886719bf6402fa43dfa2 447 | Author: Patrick Schleizer 448 | Date: Wed Apr 1 15:42:08 2020 -0400 449 | 450 | change path to auto generated man pages 451 | 452 | commit baf5a08233e62ad6d245c40927a82036e10275aa 453 | Author: Patrick Schleizer 454 | Date: Wed Apr 1 10:32:58 2020 -0400 455 | 456 | bumped changelog version 457 | 458 | commit 9efdd41e0d6d72bc0d9ad5fa0f34d29f6887fde4 459 | Author: Patrick Schleizer 460 | Date: Wed Apr 1 08:49:54 2020 -0400 461 | 462 | update copyright year 463 | 464 | commit 1562cf9d8cb03040b39588915d09cde026bef88c 465 | Author: Patrick Schleizer 466 | Date: Tue Mar 31 07:39:56 2020 -0400 467 | 468 | bumped changelog version 469 | 470 | commit 0f46f2f0db65d0377565d0be9df117cb9f2a95c3 471 | Author: Patrick Schleizer 472 | Date: Tue Mar 31 07:27:12 2020 -0400 473 | 474 | skip starting inside systemd-nspawn container 475 | 476 | systemd-nspawn does not allow clock to be changed inside the container. 477 | 478 | Quote https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html 479 | 480 | The host’s network interfaces and the system clock may not be changed from within the container. 481 | 482 | https://forums.whonix.org/t/bootclockrandomization-always-moving-clock-plus-or-5-seconds/2200/10 483 | 484 | ConditionVirtualization=!systemd-nspawn 485 | 486 | commit 4b54edcb30564c163c7faa774891cc536b5ab7e7 487 | Author: Patrick Schleizer 488 | Date: Thu Oct 31 16:50:07 2019 +0000 489 | 490 | bumped changelog version 491 | 492 | commit 1136b4b157e492dfdc0de9d11930878c17e95675 493 | Author: Patrick Schleizer 494 | Date: Thu Oct 31 16:48:55 2019 +0000 495 | 496 | apparmor fixes 497 | 498 | https://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/72 499 | 500 | commit 525465d446ffbbbc289ad29705b74e796dc9e435 501 | Author: Patrick Schleizer 502 | Date: Sun Oct 27 09:17:43 2019 +0000 503 | 504 | bumped changelog version 505 | 506 | commit 7df1e5f58788e2db0dd43356ff39627b948f54e8 507 | Author: Patrick Schleizer 508 | Date: Sun Oct 27 07:58:34 2019 +0000 509 | 510 | apparmor debian packaging 511 | 512 | commit 3bcb83957a7ccf0ecaafe8cbef01c7833435c6a0 513 | Merge: 54431e7 79b553e 514 | Author: Patrick Schleizer 515 | Date: Sun Oct 27 01:55:15 2019 -0400 516 | 517 | Merge remote-tracking branch 'origin/master' 518 | 519 | commit 79b553e15d7c34115c10699f2bf92fd25c814cca 520 | Merge: 54431e7 5ad08c3 521 | Author: Patrick Schleizer 522 | Date: Sun Oct 27 05:55:00 2019 +0000 523 | 524 | Merge pull request #1 from madaidan/apparmor 525 | 526 | Add AppArmor profile 527 | 528 | commit 5ad08c3209cfc62d18143c22176c8b59344ae2e6 529 | Author: madaidan <50278627+madaidan@users.noreply.github.com> 530 | Date: Sat Oct 26 19:23:37 2019 +0000 531 | 532 | Add attach_disconnected flag 533 | 534 | commit 10f0345dd5f42bb9cb6ca95a31a55bcdd18a3c50 535 | Author: madaidan <50278627+madaidan@users.noreply.github.com> 536 | Date: Sat Oct 26 17:17:27 2019 +0000 537 | 538 | Licensing 539 | 540 | commit e0bf335338ccadb1a864b58889a91091544ded8c 541 | Author: madaidan <50278627+madaidan@users.noreply.github.com> 542 | Date: Sat Oct 26 17:02:35 2019 +0000 543 | 544 | Add AppArmor profile 545 | 546 | commit 54431e71b37ab11f0d639c3daad7781e996625ac 547 | Author: Patrick Schleizer 548 | Date: Wed Aug 28 11:39:11 2019 +0000 549 | 550 | bumped changelog version 551 | 552 | commit 590892a080672d57ec419f9f9d90e2ae06c40a3b 553 | Author: Patrick Schleizer 554 | Date: Wed Aug 28 11:35:09 2019 +0000 555 | 556 | use properly override_dh_installman 557 | 558 | commit c0ad339765a3dd57462e88015f4d57aed1109625 559 | Author: Patrick Schleizer 560 | Date: Thu Aug 1 11:29:00 2019 +0000 561 | 562 | bumped changelog version 563 | 564 | commit cc09bcadac6a99063217445dc789ffec3565e9ae 565 | Author: Patrick Schleizer 566 | Date: Thu Aug 1 11:13:36 2019 +0000 567 | 568 | readme 569 | 570 | commit 192c57f09a27f1854e8fb993f96298f08c792e4b 571 | Author: Patrick Schleizer 572 | Date: Wed Jul 31 07:36:53 2019 +0000 573 | 574 | bumped changelog version 575 | 576 | commit 2ef9d8361f285b0b0ec72567968285fea5641433 577 | Author: Patrick Schleizer 578 | Date: Wed Jul 31 03:06:45 2019 -0400 579 | 580 | /var/run -> /run 581 | 582 | commit 44717b5e9d17a12b49b1dbb1f6ef77a7fad1fc1b 583 | Author: Patrick Schleizer 584 | Date: Sun Jun 30 08:20:27 2019 +0000 585 | 586 | bumped changelog version 587 | 588 | commit 69eb3adefd2279c326bb13a8b217aa142af5f35c 589 | Author: Patrick Schleizer 590 | Date: Sat Jun 29 13:45:39 2019 +0000 591 | 592 | man page 593 | 594 | commit 5d1448e5081e09b294d5374421b4abd5ec3e6d1b 595 | Author: Patrick Schleizer 596 | Date: Sat Jun 8 10:18:26 2019 +0000 597 | 598 | bumped changelog version 599 | 600 | commit 6a56d20b6cca24d5c890e61eb23d50a7f3dcca31 601 | Author: Patrick Schleizer 602 | Date: Sat Jun 8 00:05:31 2019 -0400 603 | 604 | fix debian/watch lintian warning debian-watch-contains-dh_make-template 605 | 606 | commit 17adfda256db838636dd9ce3f365c54a7b5a771b 607 | Author: Patrick Schleizer 608 | Date: Fri May 24 20:14:21 2019 +0000 609 | 610 | bumped changelog version 611 | 612 | commit 9d7513ba0a4e30c2f82047ce66fb3f8d7edbe8c2 613 | Author: Patrick Schleizer 614 | Date: Fri May 24 12:28:56 2019 -0400 615 | 616 | readme 617 | 618 | commit fb2197e40ce9f179d71f0186b6d2056c26b96dad 619 | Author: Patrick Schleizer 620 | Date: Sun May 12 10:32:49 2019 +0000 621 | 622 | bumped changelog version 623 | 624 | commit 0a3e4ce711f4d3564edb7d54189cfa45fdde1a00 625 | Author: Patrick Schleizer 626 | Date: Sun May 12 03:05:35 2019 -0400 627 | 628 | minor 629 | 630 | commit f7c05752db60c9fabee465367fb13eb1f2127274 631 | Author: Patrick Schleizer 632 | Date: Sun May 12 02:58:42 2019 -0400 633 | 634 | update path to pre.bsh 635 | 636 | commit 703981b703e97cf29bfa48ed12b0343cd834aef8 637 | Author: Patrick Schleizer 638 | Date: Fri May 3 11:21:51 2019 +0000 639 | 640 | bumped changelog version 641 | 642 | commit 6e94123f8c1e87885a17d512837f3ee59afcf25c 643 | Author: Patrick Schleizer 644 | Date: Fri May 3 10:56:52 2019 +0000 645 | 646 | update 647 | 648 | commit 8f3334bb83219dc1130409687705c526340e69a8 649 | Author: Patrick Schleizer 650 | Date: Sat Apr 6 12:01:31 2019 +0000 651 | 652 | bumped changelog version 653 | 654 | commit 30218ebfd8be3b4256dd118455dd4f4ae5f889c3 655 | Author: Patrick Schleizer 656 | Date: Thu Apr 4 05:55:50 2019 -0400 657 | 658 | port to debian buster 659 | 660 | commit 2e00fdf711a88b673d1b4c5dfb60fa22b08256bf 661 | Author: Patrick Schleizer 662 | Date: Thu Apr 4 05:50:35 2019 -0400 663 | 664 | port to debian buster 665 | 666 | commit fe3d04195dc94e3cea4b0d66f581d93632e397b7 667 | Author: Patrick Schleizer 668 | Date: Wed Apr 3 18:04:49 2019 -0400 669 | 670 | readme 671 | 672 | commit a30a10097483db7f373aadb7523d90806cdd45ce 673 | Author: Patrick Schleizer 674 | Date: Fri Mar 29 09:50:57 2019 +0000 675 | 676 | bumped changelog version 677 | 678 | commit 625f92f366ef3d5b70f5cd66a5ad4dd7c52cc18c 679 | Author: Patrick Schleizer 680 | Date: Fri Mar 29 09:02:46 2019 +0000 681 | 682 | https://www.whonix.org/wiki/Dev/Licensing 683 | 684 | commit f6aaad9e8e46a59db975ef817c884727aa450171 685 | Author: Patrick Schleizer 686 | Date: Tue Mar 12 11:24:12 2019 +0000 687 | 688 | bumped changelog version 689 | 690 | commit b21dec786d3dbc930d3df198004683e3262afe17 691 | Author: Patrick Schleizer 692 | Date: Fri Mar 1 14:31:50 2019 +0000 693 | 694 | add improved legal protections clauses 695 | 696 | The license for software created by Whonix is the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version with additional terms applicable per GNU GPL version 3 section 7. 697 | 698 | The additional terms are based on the Doom 3 license which is Debian refers to as `GPL-3+-with-id-software-additional-terms`, which is Debian DFSG [1] (The Debian Free Software Guidelines) approved and which is therefore suitable for Debian `main`. Whonix made applied minimal changes to it: 699 | 700 | * Rewrite `The Doom 3 BFG Edition GPL Source Code` to the more common `this program` which is used throughout the GPL. 701 | * Added a "trump clause" [2], in other words, any conflicts or disputes between the additional terms and the GPLv3 shall be resolved in favor of the GPLv3 by adding `Notwithstanding any other provision of this License` (as mentioned in GPL FAQ [3]) at the beginning of the additional terms. 702 | 703 | [1] https://www.debian.org/social_contract#guidelines 704 | [2] https://www.fsf.org/news/canonical-updated-licensing-terms 705 | [3] https://www.gnu.org/licenses/gpl-faq.html#v3Notwithstanding 706 | 707 | For more considerations, see also: 708 | https://www.whonix.org/wiki/Dev/Licensing 709 | 710 | commit 94b91cbaa6049a0da77e49dae5a212d839a932d0 711 | Author: Patrick Schleizer 712 | Date: Mon Aug 27 15:58:43 2018 +0000 713 | 714 | bumped changelog version 715 | 716 | commit b341653caf4d63594b9ede112a90e389ed33da41 717 | Author: Patrick Schleizer 718 | Date: Tue Aug 21 05:17:57 2018 +0800 719 | 720 | readme 721 | 722 | commit 2a668426d239a6433e1a736c53f45d0210644023 723 | Author: Patrick Schleizer 724 | Date: Thu Feb 1 14:57:38 2018 +0000 725 | 726 | bumped changelog version 727 | 728 | commit 60493c589075aafd2cea21a871f2bed5817b330e 729 | Author: Patrick Schleizer 730 | Date: Mon Jan 29 15:50:16 2018 +0000 731 | 732 | readme 733 | 734 | commit ad4c0b81865113684f4c44718ebfe2f055580c4e 735 | Author: Patrick Schleizer 736 | Date: Mon Jan 29 15:38:48 2018 +0000 737 | 738 | update copyright 739 | 740 | commit 8844cf08e9c1c2316b8741eddad96e3f49116553 741 | Author: Patrick Schleizer 742 | Date: Mon Jan 29 15:21:55 2018 +0000 743 | 744 | update copyright 745 | 746 | commit 827f0ccbe315b9585286898278a316fc035436fe 747 | Author: Patrick Schleizer 748 | Date: Mon Jan 29 15:15:07 2018 +0000 749 | 750 | update copyright 751 | 752 | commit 0922fe1b5fb33de54aa9ace206dda78f65e035be 753 | Author: Patrick Schleizer 754 | Date: Mon Jan 29 15:09:32 2018 +0000 755 | 756 | update copyright 757 | 758 | commit 7302193907d4c5bd43a93b57da028a3c6834c1ef 759 | Author: Patrick Schleizer 760 | Date: Fri Jan 12 20:09:17 2018 +0000 761 | 762 | bumped changelog version 763 | 764 | commit e75169fc0d9c1f9f3db23c460f2b0aa4986bc099 765 | Author: Patrick Schleizer 766 | Date: Fri Jan 12 18:02:44 2018 +0000 767 | 768 | sudoers hardening 769 | 770 | let clock-random tolls require sudo 771 | 772 | commit 66ffba77b24fbdff6c802a1010ee7a5a6f88b95b 773 | Author: Patrick Schleizer 774 | Date: Mon Feb 27 01:38:54 2017 +0000 775 | 776 | bumped changelog version 777 | 778 | commit 9bdf70894ee601ba356f744d3c420650677faf5a 779 | Author: Patrick Schleizer 780 | Date: Tue Feb 21 22:12:09 2017 +0000 781 | 782 | remove no longer required sudoers exception 783 | 784 | https://phabricator.whonix.org/T637 785 | 786 | commit 670fd303410ebe3314214603464491570bfdbb1b 787 | Author: Patrick Schleizer 788 | Date: Fri Feb 17 13:49:27 2017 +0000 789 | 790 | bumped changelog version 791 | 792 | commit 65479ab7c8847c2cf948f56c723ed7f6a5ea70ab 793 | Author: Patrick Schleizer 794 | Date: Tue Feb 14 17:30:29 2017 +0000 795 | 796 | "$@" 797 | 798 | commit 06d55e973559132edb8ba80b739425e7d6b217ea 799 | Author: Patrick Schleizer 800 | Date: Mon Feb 13 17:25:30 2017 +0000 801 | 802 | readme 803 | 804 | commit d85541929a3797e601dd7ff69247b585075bc69c 805 | Author: Patrick Schleizer 806 | Date: Fri Feb 10 15:47:50 2017 +0000 807 | 808 | remove faketime from Build-Depends: 809 | 810 | since no longer used for reproducible builds 811 | 812 | commit a760d6c1c378523b4cc79e019037c537c44316c1 813 | Author: Patrick Schleizer 814 | Date: Fri Feb 10 15:35:22 2017 +0000 815 | 816 | remove debian/gain-root-command workaround 817 | 818 | commit 155b18384c4bdf4af8e324ca584c45578b525c32 819 | Author: Patrick Schleizer 820 | Date: Fri Feb 10 15:25:19 2017 +0000 821 | 822 | packaging simplification ruby-ronn (>= 0.7.3) -> ruby-ronn 823 | 824 | commit 560e39f6bbce1eb00005c95fa1a0bd910317d7da 825 | Author: Patrick Schleizer 826 | Date: Mon Feb 6 18:00:07 2017 +0000 827 | 828 | bumped changelog version 829 | 830 | commit cd8233eb3e1dd31bd9f43645d8de35e7273d223b 831 | Author: Patrick Schleizer 832 | Date: Mon Feb 6 17:25:31 2017 +0000 833 | 834 | Before=tor@default.service 835 | 836 | commit 4bda800c5041a16e52fef701bb5e5aeaff5e4a0e 837 | Author: Patrick Schleizer 838 | Date: Sun Jan 15 15:23:23 2017 +0000 839 | 840 | bumped changelog version 841 | 842 | commit ffd34253fc2dde83f713cb3d469d9377b81457ab 843 | Author: Patrick Schleizer 844 | Date: Sun Jan 15 08:35:30 2017 +0100 845 | 846 | packaging, bumped Standards-Version from 3.9.6 to 3.9.8 for jessie support 847 | 848 | commit 029dc707d0b340338b34d306e5af5d23657708a1 849 | Author: Patrick Schleizer 850 | Date: Sat Dec 10 01:53:20 2016 +0000 851 | 852 | bumped changelog version 853 | 854 | commit 022703f7413ff4fda845cfb5bf06bad44c4f6f1a 855 | Author: Patrick Schleizer 856 | Date: Sat Dec 10 01:52:30 2016 +0000 857 | 858 | add clock-random-manual-cli / clock-random-manual-gui man pages 859 | 860 | commit 29f4eab19f3e88bda05142a8578f322956bbd3ea 861 | Author: Patrick Schleizer 862 | Date: Sat Dec 10 00:21:46 2016 +0000 863 | 864 | bumped changelog version 865 | 866 | commit aeb8884392351b0852d23d87b509b826565de3b4 867 | Author: Patrick Schleizer 868 | Date: Mon Nov 21 17:39:41 2016 +0000 869 | 870 | readme 871 | 872 | commit 960fac3b8aa4724c46093859fbcc95d555cfb149 873 | Author: Patrick Schleizer 874 | Date: Sun Sep 4 19:58:15 2016 +0000 875 | 876 | added clock-random-manual-gui tool to manually set the clock as fallback 877 | 878 | https://phabricator.whonix.org/T533 879 | 880 | commit 93367e59057c45533ceae51559a7bc5a80f87cfc 881 | Author: Patrick Schleizer 882 | Date: Sun Sep 4 18:51:37 2016 +0000 883 | 884 | added clock-random-manual-cli tool to manually set the clock as fallback 885 | 886 | refactoring 887 | 888 | https://phabricator.whonix.org/T533 889 | 890 | commit 90619dc2d6154577dcacadaa3194e467c8aba4c2 891 | Author: Patrick Schleizer 892 | Date: Mon Apr 25 23:27:54 2016 +0000 893 | 894 | bumped changelog version 895 | 896 | commit b397954ff13e7a1a6891e381adc76ab4aee0fcb7 897 | Author: Patrick Schleizer 898 | Date: Wed Apr 20 04:23:30 2016 +0000 899 | 900 | no longer mention timesync 901 | 902 | commit a034062ab37389b89479f8bb03c7c14e468e86b3 903 | Author: Patrick Schleizer 904 | Date: Thu Apr 7 22:54:35 2016 +0000 905 | 906 | bumped changelog version 907 | 908 | commit add0177c2dda409c6f5dcf224d62469ac2d6d83f 909 | Author: Patrick Schleizer 910 | Date: Sun Mar 13 00:50:43 2016 +0000 911 | 912 | no longer exclude +/- 5 seconds range to avoid fingerprinting negative correlation 913 | 914 | Thanks to @marmarek for the suggestion! 915 | 916 | https://github.com/QubesOS/qubes-issues/issues/1764#issuecomment-195619793 917 | 918 | commit cb72e2c46d9dfa0f818e5df2f23b18bb0c508d85 919 | Author: Patrick Schleizer 920 | Date: Tue Aug 25 14:07:56 2015 +0000 921 | 922 | bumped changelog version 923 | 924 | commit bee7a5ae79b9aafebe17536f9612c3f6d9c4448c 925 | Author: Patrick Schleizer 926 | Date: Mon Aug 24 17:47:19 2015 +0000 927 | 928 | bumped changelog version 929 | 930 | commit 32824d604cf355d3074de6b6f41bc938615b8230 931 | Author: Patrick Schleizer 932 | Date: Mon Aug 24 14:02:06 2015 +0000 933 | 934 | workaround for 'dh_installinit should run systemd-tmpfiles if a /usr/lib/tmpfiles.d/ snippet gets shipped for systemd-only packages also' - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795519 935 | 936 | commit b1084291ec1edf27cad6401b1c34e12b144a4244 937 | Author: Patrick Schleizer 938 | Date: Wed Jun 3 14:59:34 2015 +0000 939 | 940 | bumped changelog version 941 | 942 | commit 85d84c89079cafeb340e555035ba3ea713e52c10 943 | Author: Patrick Schleizer 944 | Date: Wed May 20 15:43:30 2015 +0000 945 | 946 | bumped changelog version 947 | 948 | commit 0a15a20467e1ef33307435fa2a7b415f940955d9 949 | Author: Patrick Schleizer 950 | Date: Wed May 20 15:43:15 2015 +0000 951 | 952 | systemd unit: workaround/fix, removed spaces, likely bug in 'deb-systemd-helper' that prevents enabling the service by default - https://phabricator.whonix.org/T316 953 | 954 | commit 4b36b27b10ac4e1cfe8601f7b4fb8bc68736a898 955 | Author: Patrick Schleizer 956 | Date: Wed May 20 15:36:15 2015 +0000 957 | 958 | bumped changelog version 959 | 960 | commit faa7fa520679f1beb3401d4dbceb288c57e84660 961 | Author: Patrick Schleizer 962 | Date: Wed May 20 15:35:46 2015 +0000 963 | 964 | systemd unit: workaround/fix, removed spaces from 'WantedBy = ', likely bug in 'deb-systemd-helper' that prevents enabling the service by default - https://phabricator.whonix.org/T316 965 | 966 | commit fcb705d8b63ef2585f1cb7866a3331834dcfb988 967 | Author: Patrick Schleizer 968 | Date: Fri May 15 20:25:25 2015 +0000 969 | 970 | bumped changelog version 971 | 972 | commit 903063c6f3f82eaadb1e2d34a0c7e0e2e290a00a 973 | Author: Patrick Schleizer 974 | Date: Wed May 13 20:19:50 2015 +0000 975 | 976 | fix, Wants -> Before 977 | 978 | commit fcc4a15c76f4e14cfc41e80d95a73597360374be 979 | Author: Patrick Schleizer 980 | Date: Wed May 13 19:52:51 2015 +0000 981 | 982 | systemd unit file, added: 983 | Wants = sdwdate.service 984 | Wants = tor.service 985 | 986 | commit 01fade8161c8d84a093a315deafe403bdaa23356 987 | Author: Patrick Schleizer 988 | Date: Wed May 13 18:48:02 2015 +0000 989 | 990 | cleanup 991 | 992 | commit 77d3e620017dd067e1660e7bebf582f042484c47 993 | Author: Patrick Schleizer 994 | Date: Wed May 13 18:47:06 2015 +0000 995 | 996 | ported to systemd - https://phabricator.whonix.org/T106 997 | 998 | commit a0be8ddf5dbdf44d930c8fa42c3a149cdb56831e 999 | Author: Patrick Schleizer 1000 | Date: Thu Apr 30 17:56:13 2015 +0000 1001 | 1002 | bumped changelog version 1003 | 1004 | commit f4d967a75d8cdf66cfcc3f73a7f7426e875383f9 1005 | Author: Patrick Schleizer 1006 | Date: Tue Apr 28 13:43:09 2015 +0000 1007 | 1008 | added debian/source/lintian-overrides with debian-watch-may-check-gpg-signature to fix lintian warning - https://phabricator.whonix.org/T277 1009 | 1010 | commit fdacba66f634140c131c402dd37ae1ceb0d2890f 1011 | Author: Patrick Schleizer 1012 | Date: Sun Apr 26 23:15:57 2015 +0000 1013 | 1014 | packaging, bumped Standards-Version from 3.9.4 to 3.9.6 for jessie support 1015 | 1016 | commit 7c95addcd5710d3591ec8faabc58bdc4b62851bc 1017 | Author: Patrick Schleizer 1018 | Date: Tue Apr 7 17:41:36 2015 +0000 1019 | 1020 | bumped changelog version 1021 | 1022 | commit cfd0ce38dc283ce138ddd9a09b553444c1225b7e 1023 | Author: Patrick Schleizer 1024 | Date: Thu Apr 2 18:41:08 2015 +0000 1025 | 1026 | added genmkfile to Build-Depends 1027 | 1028 | commit b60e362ee4542a159c8bb7ed9e38ccbe3f38b0db 1029 | Author: Patrick Schleizer 1030 | Date: Thu Apr 2 17:43:26 2015 +0000 1031 | 1032 | cleanup 1033 | 1034 | commit a6fa659c788c0e5a5220baa3e0de6b1a0ba059f3 1035 | Author: Patrick Schleizer 1036 | Date: Thu Apr 2 17:24:30 2015 +0000 1037 | 1038 | updated makefile generic to version 1.5 1039 | 1040 | commit 67bf63ab480b71e73421afdae4354fa7c7290b2d 1041 | Author: Patrick Schleizer 1042 | Date: Tue Mar 24 17:36:24 2015 +0000 1043 | 1044 | bumped changelog version 1045 | 1046 | commit 45514fc1f8c30c9207281fbab86133c5cba27a53 1047 | Author: Patrick Schleizer 1048 | Date: Tue Mar 24 17:26:29 2015 +0000 1049 | 1050 | updated makefile generic to version 1.4 1051 | 1052 | commit 1cc47334aab1c45f63ccc9a4ad6eafa2f9a4cb7a 1053 | Author: Patrick Schleizer 1054 | Date: Wed Feb 4 00:56:13 2015 +0000 1055 | 1056 | bumped changelog version 1057 | 1058 | commit 1487dec07dae90d04d67b3038c92b4d8da36affb 1059 | Author: Patrick Schleizer 1060 | Date: Wed Feb 4 00:44:47 2015 +0000 1061 | 1062 | added changelog.upstream 1063 | 1064 | commit 0c2e55e9ddf08e95f50f1029d82247d6f572e009 1065 | Author: Patrick Schleizer 1066 | Date: Wed Feb 4 00:40:34 2015 +0000 1067 | 1068 | updated makefile generic to version 1.3 1069 | 1070 | commit 34d05c85d13fb45dcfb73b86ce9f1f44182dc5c2 1071 | Author: Patrick Schleizer 1072 | Date: Tue Feb 3 23:58:40 2015 +0000 1073 | 1074 | Added creation of upstream changelog to debian/rules 1075 | 1076 | commit 1fbf62e5e3837b2d105c4255eaab0ab338b877a2 1077 | Author: Patrick Schleizer 1078 | Date: Wed Jan 7 19:33:39 2015 +0000 1079 | 1080 | bumped compat from 8 to 9 1081 | 1082 | commit 5d17839a955217d307a212b7e5b3e67625daf062 1083 | Author: Patrick Schleizer 1084 | Date: Fri Dec 5 19:01:11 2014 +0000 1085 | 1086 | updated generic makefile 1087 | 1088 | commit cfca0ac6fdee10a80fd4d369091d4ab4ccad90c8 1089 | Author: Patrick Schleizer 1090 | Date: Tue Oct 28 22:35:19 2014 +0000 1091 | 1092 | makefile: refactoring, avoid using IFS 1093 | 1094 | commit dc8d5ac0aaef5a3d05081f8cbedee36ca7ec0fdf 1095 | Author: Patrick Schleizer 1096 | Date: Sat Oct 25 01:58:50 2014 +0000 1097 | 1098 | makefile: 1099 | - make debdist; make undebdist 1100 | - cleanup 1101 | - refactoring 1102 | 1103 | commit a42157a05674ae12d35e5a9a15fdad9c9c612c8c 1104 | Author: Patrick Schleizer 1105 | Date: Thu Oct 23 22:43:02 2014 +0000 1106 | 1107 | makefile: 1108 | - new target "make undist", which deletes the upstream tarball 1109 | - $DISTDIR variable for make (un)dist, which defaults to ".." and can be used to create upstream tarballs in arbitrary locations 1110 | - refactoring, all function names and global variables now start with "make_" to make the script `source`ing friendly 1111 | - made `source`able 1112 | 1113 | commit f7a30f029914c0ce98bf10f904b0ac7decd6c352 1114 | Author: Patrick Schleizer 1115 | Date: Mon Oct 13 12:36:52 2014 +0000 1116 | 1117 | readme 1118 | 1119 | commit fa7a507abc9afeb43a8613e9854ccf2fb5414b7e 1120 | Author: Patrick Schleizer 1121 | Date: Thu Sep 25 15:40:51 2014 +0000 1122 | 1123 | Set OLD_UNIXTIME variable right before calculation of NEW_UNIXTIME so calculation gets more accurate. Thanks to intrigeri for pointing that out! (https://mailman.boum.org/pipermail/tails-dev/2014-September/006983.html) 1124 | 1125 | commit 3a4595f2b276589920a983e00af1b3f3df273b46 1126 | Author: Patrick Schleizer 1127 | Date: Tue Aug 19 18:52:37 2014 +0000 1128 | 1129 | makefile: added new feature "make deb-chl-bumpup" - Bump upstream version number in debian/changelog. 1130 | 1131 | commit 79d9a95ad8da157cc29da5d57438668c12ed6e16 1132 | Author: Patrick Schleizer 1133 | Date: Sun Aug 17 20:54:23 2014 +0000 1134 | 1135 | Updated debian/changelog. 1136 | 1137 | commit 2842a8777ea827233ef132660064828aab723fe6 1138 | Author: Patrick Schleizer 1139 | Date: Sun Aug 17 20:47:25 2014 +0000 1140 | 1141 | Fixed changelog date. 1142 | 1143 | commit 2a72669e6e408e191da27ea7918203015ca1e33b 1144 | Author: Patrick Schleizer 1145 | Date: Sun Aug 17 18:03:25 2014 +0000 1146 | 1147 | bump version number 1148 | 1149 | commit 67389b8918d00febcf4910d6f914c8b8f31c7503 1150 | Author: Patrick Schleizer 1151 | Date: Thu Aug 14 13:35:15 2014 +0000 1152 | 1153 | Implemented make deb-icup: Combination of make deb-pkg, make deb-pkg-install and make deb-pkg-cleanup. 1154 | 1155 | commit 9cfd7ab6bcaf2c3b3881028eb5f748427d9df57e 1156 | Author: Patrick Schleizer 1157 | Date: Sun Jul 27 12:42:25 2014 +0000 1158 | 1159 | packaging 1160 | 1161 | commit dc998eda282c894781896527c4ac69708fd04c37 1162 | Author: Patrick Schleizer 1163 | Date: Sun Jul 27 04:01:10 2014 +0000 1164 | 1165 | packaging 1166 | 1167 | commit 8b1ac60c1d6dd9697db8ba3b46c0af7b3ad81b0c 1168 | Author: Patrick Schleizer 1169 | Date: Sat Jul 26 15:26:35 2014 +0000 1170 | 1171 | packaging 1172 | 1173 | commit 4682555818b9b9dddc00f460c9a781f94161668c 1174 | Author: Patrick Schleizer 1175 | Date: Sat Jul 26 15:16:03 2014 +0000 1176 | 1177 | packaging: removed build dependency on git, since the .git folder won't be included in the upstream tarball. 1178 | 1179 | commit 1f1376397f52d967414f22df6b9f21ab2c2504c6 1180 | Author: Patrick Schleizer 1181 | Date: Sat Jul 12 17:30:35 2014 +0000 1182 | 1183 | packaging 1184 | 1185 | commit 43b68124f8a59cc16a582aaa644265b30c4dda1d 1186 | Author: Patrick Schleizer 1187 | Date: Sat Jul 12 17:10:59 2014 +0000 1188 | 1189 | packaging 1190 | 1191 | commit d66b7d237d8b55fa601d6f26d6a1faa81a4b1b37 1192 | Author: Patrick Schleizer 1193 | Date: Sat Jul 12 15:34:16 2014 +0000 1194 | 1195 | packaging 1196 | 1197 | commit ebc16a18ba6fffb92f98a561201d3d7689430c15 1198 | Author: Patrick Schleizer 1199 | Date: Sat Jul 5 08:09:42 2014 +0000 1200 | 1201 | Bumped debian revision number to avoid lintian warning "new-package-should-close-itp-bug" so we can use lintian --fail-on-warnings as sanity test. 1202 | 1203 | commit 0b5672460d70c2d084083e19e5b334a2fdbb658d 1204 | Author: Patrick Schleizer 1205 | Date: Tue Jul 1 12:25:24 2014 +0000 1206 | 1207 | output 1208 | 1209 | commit ab6f40f29c81988cd53025ba98308ef9220c171c 1210 | Author: Patrick Schleizer 1211 | Date: Tue Jun 24 15:45:11 2014 +0000 1212 | 1213 | added debian epoch; added dotglob 1214 | 1215 | commit a351068884c3d475b65bb5d6ae7bf6d86b941c89 1216 | Author: Patrick Schleizer 1217 | Date: Thu Jun 12 12:29:23 2014 +0000 1218 | 1219 | packaging 1220 | 1221 | commit e1387150f2d474496554d9e9d35f2e3533e3000b 1222 | Author: Patrick Schleizer 1223 | Date: Tue Jun 3 18:27:24 2014 +0000 1224 | 1225 | readme 1226 | 1227 | commit a411218ba5d949081a6acf3596320c60d5eadb85 1228 | Author: Patrick Schleizer 1229 | Date: Sun Jun 1 15:38:31 2014 +0000 1230 | 1231 | readme 1232 | 1233 | commit 14d266ada0c5d220a7c8eb776818fe0c406817cc 1234 | Author: Patrick Schleizer 1235 | Date: Sat May 31 14:36:21 2014 +0000 1236 | 1237 | # On branch master 1238 | nothing to commit (working directory clean) 1239 | 1240 | commit 159b0aad6f15879db449fa14f1f978fcab27d0a3 1241 | Author: Patrick Schleizer 1242 | Date: Thu May 1 17:57:08 2014 +0000 1243 | 1244 | initial commit 1245 | -------------------------------------------------------------------------------- /debian/bootclockrandomization.install: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2020 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | ## This file was generated using genmkfile 'make debinstfile'. 5 | 6 | etc/* 7 | usr/* 8 | -------------------------------------------------------------------------------- /debian/bootclockrandomization.postinst: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | if [ -f /usr/libexec/helper-scripts/pre.bsh ]; then 7 | source /usr/libexec/helper-scripts/pre.bsh 8 | fi 9 | 10 | set -e 11 | 12 | true " 13 | ##################################################################### 14 | ## INFO: BEGIN: $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 15 | ##################################################################### 16 | " 17 | 18 | ## workaround for 'dh_installinit should run systemd-tmpfiles if a 19 | ## /usr/lib/tmpfiles.d/ snippet gets shipped for systemd-only packages 20 | ## also' - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795519 21 | # In case this system is running systemd, we need to ensure that all 22 | # necessary tmpfiles (if any) are created before starting. 23 | if [ -d /run/systemd/system ] ; then 24 | systemd-tmpfiles --create /usr/lib/tmpfiles.d/bootclockrandomization.conf >/dev/null || true 25 | fi 26 | 27 | true "INFO: debhelper beginning here." 28 | 29 | #DEBHELPER# 30 | 31 | true "INFO: Done with debhelper." 32 | 33 | true " 34 | ##################################################################### 35 | ## INFO: END : $DPKG_MAINTSCRIPT_PACKAGE $DPKG_MAINTSCRIPT_NAME $@ 36 | ##################################################################### 37 | " 38 | 39 | ## Explicitly "exit 0", so eventually trapped errors can be ignored. 40 | exit 0 41 | -------------------------------------------------------------------------------- /debian/changelog: -------------------------------------------------------------------------------- 1 | bootclockrandomization (3:6.8-1) unstable; urgency=medium 2 | 3 | * New upstream version (local package). 4 | 5 | -- Patrick Schleizer Thu, 23 Jan 2025 16:17:33 +0000 6 | 7 | bootclockrandomization (3:6.7-1) unstable; urgency=medium 8 | 9 | * New upstream version (local package). 10 | 11 | -- Patrick Schleizer Tue, 31 Dec 2024 18:30:22 +0000 12 | 13 | bootclockrandomization (3:6.6-1) unstable; urgency=medium 14 | 15 | * New upstream version (local package). 16 | 17 | -- Patrick Schleizer Fri, 02 Feb 2024 12:33:57 +0000 18 | 19 | bootclockrandomization (3:6.5-1) unstable; urgency=medium 20 | 21 | * New upstream version (local package). 22 | 23 | -- Patrick Schleizer Mon, 22 Jan 2024 12:36:48 +0000 24 | 25 | bootclockrandomization (3:6.4-1) unstable; urgency=medium 26 | 27 | * New upstream version (local package). 28 | 29 | -- Patrick Schleizer Sat, 11 Nov 2023 20:13:14 +0000 30 | 31 | bootclockrandomization (3:6.3-1) unstable; urgency=medium 32 | 33 | * New upstream version (local package). 34 | 35 | -- Patrick Schleizer Sun, 22 Oct 2023 12:26:03 +0000 36 | 37 | bootclockrandomization (3:6.2-1) unstable; urgency=medium 38 | 39 | * New upstream version (local package). 40 | 41 | -- Patrick Schleizer Tue, 29 Aug 2023 20:03:40 +0000 42 | 43 | bootclockrandomization (3:6.1-1) unstable; urgency=medium 44 | 45 | * New upstream version (local package). 46 | 47 | -- Patrick Schleizer Mon, 17 Jul 2023 15:32:47 +0000 48 | 49 | bootclockrandomization (3:6.0-1) unstable; urgency=medium 50 | 51 | * New upstream version (local package). 52 | 53 | -- Patrick Schleizer Wed, 21 Jun 2023 09:14:27 +0000 54 | 55 | bootclockrandomization (3:5.9-1) unstable; urgency=medium 56 | 57 | * New upstream version (local package). 58 | 59 | -- Patrick Schleizer Fri, 16 Jun 2023 10:51:20 +0000 60 | 61 | bootclockrandomization (3:5.8-1) unstable; urgency=medium 62 | 63 | * New upstream version (local package). 64 | 65 | -- Patrick Schleizer Thu, 15 Jun 2023 16:59:14 +0000 66 | 67 | bootclockrandomization (3:5.7-1) unstable; urgency=medium 68 | 69 | * New upstream version (local package). 70 | 71 | -- Patrick Schleizer Mon, 12 Jun 2023 17:46:41 +0000 72 | 73 | bootclockrandomization (3:5.6-1) unstable; urgency=medium 74 | 75 | * New upstream version (local package). 76 | 77 | -- Patrick Schleizer Mon, 12 Jun 2023 15:15:50 +0000 78 | 79 | bootclockrandomization (3:5.5-1) unstable; urgency=medium 80 | 81 | * New upstream version (local package). 82 | 83 | -- Patrick Schleizer Mon, 26 Sep 2022 19:51:50 +0000 84 | 85 | bootclockrandomization (3:5.4-1) unstable; urgency=medium 86 | 87 | * New upstream version (local package). 88 | 89 | -- Patrick Schleizer Wed, 08 Jun 2022 14:29:02 +0000 90 | 91 | bootclockrandomization (3:5.3-1) unstable; urgency=medium 92 | 93 | * New upstream version (local package). 94 | 95 | -- Patrick Schleizer Wed, 25 May 2022 10:05:42 +0000 96 | 97 | bootclockrandomization (3:5.2-1) unstable; urgency=medium 98 | 99 | * New upstream version (local package). 100 | 101 | -- Patrick Schleizer Sun, 02 Jan 2022 13:23:35 +0000 102 | 103 | bootclockrandomization (3:5.1-1) unstable; urgency=medium 104 | 105 | * New upstream version (local package). 106 | 107 | -- Patrick Schleizer Fri, 24 Dec 2021 12:39:48 +0000 108 | 109 | bootclockrandomization (3:5.0-1) unstable; urgency=medium 110 | 111 | * New upstream version (local package). 112 | 113 | -- Patrick Schleizer Sat, 11 Sep 2021 22:38:13 +0000 114 | 115 | bootclockrandomization (3:4.9-1) unstable; urgency=medium 116 | 117 | * New upstream version (local package). 118 | 119 | -- Patrick Schleizer Thu, 05 Aug 2021 20:38:03 +0000 120 | 121 | bootclockrandomization (3:4.8-1) unstable; urgency=medium 122 | 123 | * New upstream version (local package). 124 | 125 | -- Patrick Schleizer Thu, 18 Mar 2021 13:00:47 +0000 126 | 127 | bootclockrandomization (3:4.7-1) unstable; urgency=medium 128 | 129 | * New upstream version (local package). 130 | 131 | -- Patrick Schleizer Wed, 17 Mar 2021 15:03:36 +0000 132 | 133 | bootclockrandomization (3:4.6-1) unstable; urgency=medium 134 | 135 | * New upstream version (local package). 136 | 137 | -- Patrick Schleizer Mon, 15 Mar 2021 10:47:18 +0000 138 | 139 | bootclockrandomization (3:4.5-1) unstable; urgency=medium 140 | 141 | * New upstream version (local package). 142 | 143 | -- Patrick Schleizer Wed, 10 Feb 2021 11:05:47 +0000 144 | 145 | bootclockrandomization (3:4.4-1) unstable; urgency=medium 146 | 147 | * New upstream version (local package). 148 | 149 | -- Patrick Schleizer Thu, 16 Apr 2020 12:27:55 +0000 150 | 151 | bootclockrandomization (3:4.3-1) unstable; urgency=medium 152 | 153 | * New upstream version (local package). 154 | 155 | -- Patrick Schleizer Thu, 09 Apr 2020 12:07:59 +0000 156 | 157 | bootclockrandomization (3:4.2-1) unstable; urgency=medium 158 | 159 | * New upstream version (local package). 160 | 161 | -- Patrick Schleizer Thu, 02 Apr 2020 11:40:25 +0000 162 | 163 | bootclockrandomization (3:4.1-1) unstable; urgency=medium 164 | 165 | * New upstream version (local package). 166 | 167 | -- Patrick Schleizer Wed, 01 Apr 2020 14:32:58 +0000 168 | 169 | bootclockrandomization (3:4.0-1) unstable; urgency=medium 170 | 171 | * New upstream version (local package). 172 | 173 | -- Patrick Schleizer Tue, 31 Mar 2020 11:39:56 +0000 174 | 175 | bootclockrandomization (3:3.9-1) unstable; urgency=medium 176 | 177 | * New upstream version (local package). 178 | 179 | -- Patrick Schleizer Thu, 31 Oct 2019 16:50:07 +0000 180 | 181 | bootclockrandomization (3:3.8-1) unstable; urgency=medium 182 | 183 | * New upstream version (local package). 184 | 185 | -- Patrick Schleizer Sun, 27 Oct 2019 09:17:43 +0000 186 | 187 | bootclockrandomization (3:3.7-1) unstable; urgency=medium 188 | 189 | * New upstream version (local package). 190 | 191 | -- Patrick Schleizer Wed, 28 Aug 2019 11:39:11 +0000 192 | 193 | bootclockrandomization (3:3.6-1) unstable; urgency=medium 194 | 195 | * New upstream version (local package). 196 | 197 | -- Patrick Schleizer Thu, 01 Aug 2019 11:29:00 +0000 198 | 199 | bootclockrandomization (3:3.5-1) unstable; urgency=medium 200 | 201 | * New upstream version (local package). 202 | 203 | -- Patrick Schleizer Wed, 31 Jul 2019 07:36:53 +0000 204 | 205 | bootclockrandomization (3:3.4-1) unstable; urgency=medium 206 | 207 | * New upstream version (local package). 208 | 209 | -- Patrick Schleizer Sun, 30 Jun 2019 08:20:27 +0000 210 | 211 | bootclockrandomization (3:3.3-1) unstable; urgency=medium 212 | 213 | * New upstream version (local package). 214 | 215 | -- Patrick Schleizer Sat, 08 Jun 2019 10:18:26 +0000 216 | 217 | bootclockrandomization (3:3.2-1) unstable; urgency=medium 218 | 219 | * New upstream version (local package). 220 | 221 | -- Patrick Schleizer Fri, 24 May 2019 20:14:21 +0000 222 | 223 | bootclockrandomization (3:3.1-1) unstable; urgency=medium 224 | 225 | * New upstream version (local package). 226 | 227 | -- Patrick Schleizer Sun, 12 May 2019 10:32:49 +0000 228 | 229 | bootclockrandomization (3:3.0-1) unstable; urgency=medium 230 | 231 | * New upstream version (local package). 232 | 233 | -- Patrick Schleizer Fri, 03 May 2019 11:21:51 +0000 234 | 235 | bootclockrandomization (3:2.9-1) unstable; urgency=medium 236 | 237 | * New upstream version (local package). 238 | 239 | -- Patrick Schleizer Sat, 06 Apr 2019 12:01:31 +0000 240 | 241 | bootclockrandomization (3:2.8-1) unstable; urgency=medium 242 | 243 | * New upstream version (local package). 244 | 245 | -- Patrick Schleizer Fri, 29 Mar 2019 09:50:57 +0000 246 | 247 | bootclockrandomization (3:2.7-1) unstable; urgency=medium 248 | 249 | * New upstream version (local package). 250 | 251 | -- Patrick Schleizer Tue, 12 Mar 2019 11:24:12 +0000 252 | 253 | bootclockrandomization (3:2.6-1) unstable; urgency=medium 254 | 255 | * New upstream version (local package). 256 | 257 | -- Patrick Schleizer Mon, 27 Aug 2018 15:58:43 +0000 258 | 259 | bootclockrandomization (3:2.5-1) unstable; urgency=medium 260 | 261 | * New upstream version (local package). 262 | 263 | -- Patrick Schleizer Thu, 01 Feb 2018 14:57:38 +0000 264 | 265 | bootclockrandomization (3:2.4-1) unstable; urgency=medium 266 | 267 | * New upstream version (local package). 268 | 269 | -- Patrick Schleizer Fri, 12 Jan 2018 20:09:17 +0000 270 | 271 | bootclockrandomization (3:2.3-1) unstable; urgency=medium 272 | 273 | * New upstream version (local package). 274 | 275 | -- Patrick Schleizer Mon, 27 Feb 2017 01:38:54 +0000 276 | 277 | bootclockrandomization (3:2.2-1) unstable; urgency=medium 278 | 279 | * New upstream version (local package). 280 | 281 | -- Patrick Schleizer Fri, 17 Feb 2017 13:49:27 +0000 282 | 283 | bootclockrandomization (3:2.1-1) unstable; urgency=medium 284 | 285 | * New upstream version (local package). 286 | 287 | -- Patrick Schleizer Mon, 06 Feb 2017 18:00:07 +0000 288 | 289 | bootclockrandomization (3:2.0-1) unstable; urgency=medium 290 | 291 | * New upstream version (local package). 292 | 293 | -- Patrick Schleizer Sun, 15 Jan 2017 15:23:23 +0000 294 | 295 | bootclockrandomization (3:1.9-1) unstable; urgency=medium 296 | 297 | * New upstream version (local package). 298 | 299 | -- Patrick Schleizer Sat, 10 Dec 2016 01:53:08 +0000 300 | 301 | bootclockrandomization (3:1.8-1) unstable; urgency=medium 302 | 303 | * New upstream version (local package). 304 | 305 | -- Patrick Schleizer Sat, 10 Dec 2016 00:21:46 +0000 306 | 307 | bootclockrandomization (3:1.7-1) unstable; urgency=medium 308 | 309 | * New upstream version (local package). 310 | 311 | -- Patrick Schleizer Mon, 25 Apr 2016 23:27:54 +0000 312 | 313 | bootclockrandomization (3:1.6-1) unstable; urgency=medium 314 | 315 | * New upstream version (local package). 316 | 317 | -- Patrick Schleizer Thu, 07 Apr 2016 22:54:34 +0000 318 | 319 | bootclockrandomization (3:1.5-1) unstable; urgency=medium 320 | 321 | * New upstream version (local package). 322 | 323 | -- Patrick Schleizer Tue, 25 Aug 2015 14:07:56 +0000 324 | 325 | bootclockrandomization (3:1.4-1) unstable; urgency=medium 326 | 327 | * New upstream version (local package). 328 | 329 | -- Patrick Schleizer Mon, 24 Aug 2015 17:47:19 +0000 330 | 331 | bootclockrandomization (3:1.3-1) unstable; urgency=low 332 | 333 | * New upstream version (local package). 334 | 335 | -- Patrick Schleizer Wed, 03 Jun 2015 14:59:34 +0000 336 | 337 | bootclockrandomization (3:1.2-1) unstable; urgency=low 338 | 339 | * New upstream version (local package). 340 | 341 | -- Patrick Schleizer Wed, 20 May 2015 15:43:27 +0000 342 | 343 | bootclockrandomization (3:1.1-1) unstable; urgency=low 344 | 345 | * New upstream version (local package). 346 | 347 | -- Patrick Schleizer Wed, 20 May 2015 15:36:10 +0000 348 | 349 | bootclockrandomization (3:1.0-1) unstable; urgency=low 350 | 351 | * New upstream version (local package). 352 | 353 | -- Patrick Schleizer Fri, 15 May 2015 20:25:20 +0000 354 | 355 | bootclockrandomization (3:0.9-1) unstable; urgency=low 356 | 357 | * New upstream version (local package). 358 | 359 | -- Patrick Schleizer Thu, 30 Apr 2015 17:56:13 +0000 360 | 361 | bootclockrandomization (3:0.8-1) unstable; urgency=low 362 | 363 | * New upstream version (local package). 364 | 365 | -- Patrick Schleizer Tue, 07 Apr 2015 17:41:36 +0000 366 | 367 | bootclockrandomization (3:0.7-1) unstable; urgency=low 368 | 369 | * New upstream version (local package). 370 | 371 | -- Patrick Schleizer Tue, 24 Mar 2015 17:29:06 +0000 372 | 373 | bootclockrandomization (3:0.6-1) unstable; urgency=low 374 | 375 | * New upstream version. 376 | 377 | -- Patrick Schleizer Wed, 04 Feb 2015 00:51:46 +0000 378 | 379 | bootclockrandomization (3:0.5-1) unstable; urgency=low 380 | 381 | * New upstream version. 382 | 383 | -- Patrick Schleizer Thu, 23 Oct 2014 22:38:41 +0000 384 | 385 | bootclockrandomization (3:0.4-1) unstable; urgency=low 386 | 387 | * New upstream version. 388 | 389 | -- Patrick Schleizer Mon, 13 Oct 2014 12:33:06 +0000 390 | 391 | bootclockrandomization (3:0.3-1) unstable; urgency=low 392 | 393 | * New upstream version. 394 | 395 | -- Patrick Schleizer Tue, 19 Aug 2014 18:41:24 +0000 396 | 397 | bootclockrandomization (3:0.2-2) unstable; urgency=low 398 | 399 | * Fixed changelog date. 400 | 401 | -- Patrick Schleizer Sun, 17 Aug 2014 20:49:58 +0000 402 | 403 | bootclockrandomization (3:0.2-1) unstable; urgency=low 404 | 405 | * New upstream version. 406 | 407 | -- Patrick Schleizer Sun, 17 Aug 2014 20:45:12 +0000 408 | 409 | bootclockrandomization (3:0.1-2) unstable; urgency=low 410 | 411 | * Initial release. 412 | 413 | -- Patrick Schleizer Sun, 17 Aug 2014 17:56:28 +0000 414 | -------------------------------------------------------------------------------- /debian/control: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | Source: bootclockrandomization 5 | Section: misc 6 | Priority: optional 7 | Maintainer: Patrick Schleizer 8 | Build-Depends: debhelper (>= 13.11.6), debhelper-compat (= 13), dh-apparmor 9 | Homepage: https://www.kicksecure.com/wiki/Boot_Clock_Randomization 10 | Vcs-Browser: https://github.com/Kicksecure/bootclockrandomization 11 | Vcs-Git: https://github.com/Kicksecure/bootclockrandomization.git 12 | Standards-Version: 4.6.2 13 | Rules-Requires-Root: no 14 | 15 | Package: bootclockrandomization 16 | Architecture: all 17 | Depends: msgcollector, ${misc:Depends} 18 | Description: Randomizes clock when systems boots 19 | Randomizes clock at boot time. Moves clock a few seconds and nanoseconds 20 | to past or future. Useful in context of anonymity/privacy/Tor. 21 | . 22 | This is useful to enforce the design goal, that the host clock and 23 | Gateway/Workstation clock should always slightly differ (even before secure 24 | timesync succeeded!) to prevent time based fingerprinting / linkablity 25 | issues. 26 | . 27 | Runs before Tor / sdwdate (if installed). 28 | . 29 | See also: https://www.whonix.org/wiki/Dev/TimeSync 30 | -------------------------------------------------------------------------------- /debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | 3 | Files: * 4 | Copyright: 2012 - 2025 ENCRYPTED SUPPORT LLC 5 | License: AGPL-3+ 6 | 7 | License: AGPL-3+ 8 | GNU AFFERO GENERAL PUBLIC LICENSE 9 | Version 3, 19 November 2007 10 | . 11 | Copyright (C) 2007 Free Software Foundation, Inc. 12 | Everyone is permitted to copy and distribute verbatim copies 13 | of this license document, but changing it is not allowed. 14 | . 15 | Preamble 16 | . 17 | The GNU Affero General Public License is a free, copyleft license for 18 | software and other kinds of works, specifically designed to ensure 19 | cooperation with the community in the case of network server software. 20 | . 21 | The licenses for most software and other practical works are designed 22 | to take away your freedom to share and change the works. By contrast, 23 | our General Public Licenses are intended to guarantee your freedom to 24 | share and change all versions of a program--to make sure it remains free 25 | software for all its users. 26 | . 27 | When we speak of free software, we are referring to freedom, not 28 | price. Our General Public Licenses are designed to make sure that you 29 | have the freedom to distribute copies of free software (and charge for 30 | them if you wish), that you receive source code or can get it if you 31 | want it, that you can change the software or use pieces of it in new 32 | free programs, and that you know you can do these things. 33 | . 34 | Developers that use our General Public Licenses protect your rights 35 | with two steps: (1) assert copyright on the software, and (2) offer 36 | you this License which gives you legal permission to copy, distribute 37 | and/or modify the software. 38 | . 39 | A secondary benefit of defending all users' freedom is that 40 | improvements made in alternate versions of the program, if they 41 | receive widespread use, become available for other developers to 42 | incorporate. Many developers of free software are heartened and 43 | encouraged by the resulting cooperation. However, in the case of 44 | software used on network servers, this result may fail to come about. 45 | The GNU General Public License permits making a modified version and 46 | letting the public access it on a server without ever releasing its 47 | source code to the public. 48 | . 49 | The GNU Affero General Public License is designed specifically to 50 | ensure that, in such cases, the modified source code becomes available 51 | to the community. It requires the operator of a network server to 52 | provide the source code of the modified version running there to the 53 | users of that server. Therefore, public use of a modified version, on 54 | a publicly accessible server, gives the public access to the source 55 | code of the modified version. 56 | . 57 | An older license, called the Affero General Public License and 58 | published by Affero, was designed to accomplish similar goals. This is 59 | a different license, not a version of the Affero GPL, but Affero has 60 | released a new version of the Affero GPL which permits relicensing under 61 | this license. 62 | . 63 | The precise terms and conditions for copying, distribution and 64 | modification follow. 65 | . 66 | TERMS AND CONDITIONS 67 | . 68 | 0. Definitions. 69 | . 70 | "This License" refers to version 3 of the GNU Affero General Public License. 71 | . 72 | "Copyright" also means copyright-like laws that apply to other kinds of 73 | works, such as semiconductor masks. 74 | . 75 | "The Program" refers to any copyrightable work licensed under this 76 | License. Each licensee is addressed as "you". "Licensees" and 77 | "recipients" may be individuals or organizations. 78 | . 79 | To "modify" a work means to copy from or adapt all or part of the work 80 | in a fashion requiring copyright permission, other than the making of an 81 | exact copy. The resulting work is called a "modified version" of the 82 | earlier work or a work "based on" the earlier work. 83 | . 84 | A "covered work" means either the unmodified Program or a work based 85 | on the Program. 86 | . 87 | To "propagate" a work means to do anything with it that, without 88 | permission, would make you directly or secondarily liable for 89 | infringement under applicable copyright law, except executing it on a 90 | computer or modifying a private copy. Propagation includes copying, 91 | distribution (with or without modification), making available to the 92 | public, and in some countries other activities as well. 93 | . 94 | To "convey" a work means any kind of propagation that enables other 95 | parties to make or receive copies. Mere interaction with a user through 96 | a computer network, with no transfer of a copy, is not conveying. 97 | . 98 | An interactive user interface displays "Appropriate Legal Notices" 99 | to the extent that it includes a convenient and prominently visible 100 | feature that (1) displays an appropriate copyright notice, and (2) 101 | tells the user that there is no warranty for the work (except to the 102 | extent that warranties are provided), that licensees may convey the 103 | work under this License, and how to view a copy of this License. If 104 | the interface presents a list of user commands or options, such as a 105 | menu, a prominent item in the list meets this criterion. 106 | . 107 | 1. Source Code. 108 | . 109 | The "source code" for a work means the preferred form of the work 110 | for making modifications to it. "Object code" means any non-source 111 | form of a work. 112 | . 113 | A "Standard Interface" means an interface that either is an official 114 | standard defined by a recognized standards body, or, in the case of 115 | interfaces specified for a particular programming language, one that 116 | is widely used among developers working in that language. 117 | . 118 | The "System Libraries" of an executable work include anything, other 119 | than the work as a whole, that (a) is included in the normal form of 120 | packaging a Major Component, but which is not part of that Major 121 | Component, and (b) serves only to enable use of the work with that 122 | Major Component, or to implement a Standard Interface for which an 123 | implementation is available to the public in source code form. A 124 | "Major Component", in this context, means a major essential component 125 | (kernel, window system, and so on) of the specific operating system 126 | (if any) on which the executable work runs, or a compiler used to 127 | produce the work, or an object code interpreter used to run it. 128 | . 129 | The "Corresponding Source" for a work in object code form means all 130 | the source code needed to generate, install, and (for an executable 131 | work) run the object code and to modify the work, including scripts to 132 | control those activities. However, it does not include the work's 133 | System Libraries, or general-purpose tools or generally available free 134 | programs which are used unmodified in performing those activities but 135 | which are not part of the work. For example, Corresponding Source 136 | includes interface definition files associated with source files for 137 | the work, and the source code for shared libraries and dynamically 138 | linked subprograms that the work is specifically designed to require, 139 | such as by intimate data communication or control flow between those 140 | subprograms and other parts of the work. 141 | . 142 | The Corresponding Source need not include anything that users 143 | can regenerate automatically from other parts of the Corresponding 144 | Source. 145 | . 146 | The Corresponding Source for a work in source code form is that 147 | same work. 148 | . 149 | 2. Basic Permissions. 150 | . 151 | All rights granted under this License are granted for the term of 152 | copyright on the Program, and are irrevocable provided the stated 153 | conditions are met. This License explicitly affirms your unlimited 154 | permission to run the unmodified Program. The output from running a 155 | covered work is covered by this License only if the output, given its 156 | content, constitutes a covered work. This License acknowledges your 157 | rights of fair use or other equivalent, as provided by copyright law. 158 | . 159 | You may make, run and propagate covered works that you do not 160 | convey, without conditions so long as your license otherwise remains 161 | in force. You may convey covered works to others for the sole purpose 162 | of having them make modifications exclusively for you, or provide you 163 | with facilities for running those works, provided that you comply with 164 | the terms of this License in conveying all material for which you do 165 | not control copyright. Those thus making or running the covered works 166 | for you must do so exclusively on your behalf, under your direction 167 | and control, on terms that prohibit them from making any copies of 168 | your copyrighted material outside their relationship with you. 169 | . 170 | Conveying under any other circumstances is permitted solely under 171 | the conditions stated below. Sublicensing is not allowed; section 10 172 | makes it unnecessary. 173 | . 174 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 175 | . 176 | No covered work shall be deemed part of an effective technological 177 | measure under any applicable law fulfilling obligations under article 178 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 179 | similar laws prohibiting or restricting circumvention of such 180 | measures. 181 | . 182 | When you convey a covered work, you waive any legal power to forbid 183 | circumvention of technological measures to the extent such circumvention 184 | is effected by exercising rights under this License with respect to 185 | the covered work, and you disclaim any intention to limit operation or 186 | modification of the work as a means of enforcing, against the work's 187 | users, your or third parties' legal rights to forbid circumvention of 188 | technological measures. 189 | . 190 | 4. Conveying Verbatim Copies. 191 | . 192 | You may convey verbatim copies of the Program's source code as you 193 | receive it, in any medium, provided that you conspicuously and 194 | appropriately publish on each copy an appropriate copyright notice; 195 | keep intact all notices stating that this License and any 196 | non-permissive terms added in accord with section 7 apply to the code; 197 | keep intact all notices of the absence of any warranty; and give all 198 | recipients a copy of this License along with the Program. 199 | . 200 | You may charge any price or no price for each copy that you convey, 201 | and you may offer support or warranty protection for a fee. 202 | . 203 | 5. Conveying Modified Source Versions. 204 | . 205 | You may convey a work based on the Program, or the modifications to 206 | produce it from the Program, in the form of source code under the 207 | terms of section 4, provided that you also meet all of these conditions: 208 | . 209 | a) The work must carry prominent notices stating that you modified 210 | it, and giving a relevant date. 211 | . 212 | b) The work must carry prominent notices stating that it is 213 | released under this License and any conditions added under section 214 | 7. This requirement modifies the requirement in section 4 to 215 | "keep intact all notices". 216 | . 217 | c) You must license the entire work, as a whole, under this 218 | License to anyone who comes into possession of a copy. This 219 | License will therefore apply, along with any applicable section 7 220 | additional terms, to the whole of the work, and all its parts, 221 | regardless of how they are packaged. This License gives no 222 | permission to license the work in any other way, but it does not 223 | invalidate such permission if you have separately received it. 224 | . 225 | d) If the work has interactive user interfaces, each must display 226 | Appropriate Legal Notices; however, if the Program has interactive 227 | interfaces that do not display Appropriate Legal Notices, your 228 | work need not make them do so. 229 | . 230 | A compilation of a covered work with other separate and independent 231 | works, which are not by their nature extensions of the covered work, 232 | and which are not combined with it such as to form a larger program, 233 | in or on a volume of a storage or distribution medium, is called an 234 | "aggregate" if the compilation and its resulting copyright are not 235 | used to limit the access or legal rights of the compilation's users 236 | beyond what the individual works permit. Inclusion of a covered work 237 | in an aggregate does not cause this License to apply to the other 238 | parts of the aggregate. 239 | . 240 | 6. Conveying Non-Source Forms. 241 | . 242 | You may convey a covered work in object code form under the terms 243 | of sections 4 and 5, provided that you also convey the 244 | machine-readable Corresponding Source under the terms of this License, 245 | in one of these ways: 246 | . 247 | a) Convey the object code in, or embodied in, a physical product 248 | (including a physical distribution medium), accompanied by the 249 | Corresponding Source fixed on a durable physical medium 250 | customarily used for software interchange. 251 | . 252 | b) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by a 254 | written offer, valid for at least three years and valid for as 255 | long as you offer spare parts or customer support for that product 256 | model, to give anyone who possesses the object code either (1) a 257 | copy of the Corresponding Source for all the software in the 258 | product that is covered by this License, on a durable physical 259 | medium customarily used for software interchange, for a price no 260 | more than your reasonable cost of physically performing this 261 | conveying of source, or (2) access to copy the 262 | Corresponding Source from a network server at no charge. 263 | . 264 | c) Convey individual copies of the object code with a copy of the 265 | written offer to provide the Corresponding Source. This 266 | alternative is allowed only occasionally and noncommercially, and 267 | only if you received the object code with such an offer, in accord 268 | with subsection 6b. 269 | . 270 | d) Convey the object code by offering access from a designated 271 | place (gratis or for a charge), and offer equivalent access to the 272 | Corresponding Source in the same way through the same place at no 273 | further charge. You need not require recipients to copy the 274 | Corresponding Source along with the object code. If the place to 275 | copy the object code is a network server, the Corresponding Source 276 | may be on a different server (operated by you or a third party) 277 | that supports equivalent copying facilities, provided you maintain 278 | clear directions next to the object code saying where to find the 279 | Corresponding Source. Regardless of what server hosts the 280 | Corresponding Source, you remain obligated to ensure that it is 281 | available for as long as needed to satisfy these requirements. 282 | . 283 | e) Convey the object code using peer-to-peer transmission, provided 284 | you inform other peers where the object code and Corresponding 285 | Source of the work are being offered to the general public at no 286 | charge under subsection 6d. 287 | . 288 | A separable portion of the object code, whose source code is excluded 289 | from the Corresponding Source as a System Library, need not be 290 | included in conveying the object code work. 291 | . 292 | A "User Product" is either (1) a "consumer product", which means any 293 | tangible personal property which is normally used for personal, family, 294 | or household purposes, or (2) anything designed or sold for incorporation 295 | into a dwelling. In determining whether a product is a consumer product, 296 | doubtful cases shall be resolved in favor of coverage. For a particular 297 | product received by a particular user, "normally used" refers to a 298 | typical or common use of that class of product, regardless of the status 299 | of the particular user or of the way in which the particular user 300 | actually uses, or expects or is expected to use, the product. A product 301 | is a consumer product regardless of whether the product has substantial 302 | commercial, industrial or non-consumer uses, unless such uses represent 303 | the only significant mode of use of the product. 304 | . 305 | "Installation Information" for a User Product means any methods, 306 | procedures, authorization keys, or other information required to install 307 | and execute modified versions of a covered work in that User Product from 308 | a modified version of its Corresponding Source. The information must 309 | suffice to ensure that the continued functioning of the modified object 310 | code is in no case prevented or interfered with solely because 311 | modification has been made. 312 | . 313 | If you convey an object code work under this section in, or with, or 314 | specifically for use in, a User Product, and the conveying occurs as 315 | part of a transaction in which the right of possession and use of the 316 | User Product is transferred to the recipient in perpetuity or for a 317 | fixed term (regardless of how the transaction is characterized), the 318 | Corresponding Source conveyed under this section must be accompanied 319 | by the Installation Information. But this requirement does not apply 320 | if neither you nor any third party retains the ability to install 321 | modified object code on the User Product (for example, the work has 322 | been installed in ROM). 323 | . 324 | The requirement to provide Installation Information does not include a 325 | requirement to continue to provide support service, warranty, or updates 326 | for a work that has been modified or installed by the recipient, or for 327 | the User Product in which it has been modified or installed. Access to a 328 | network may be denied when the modification itself materially and 329 | adversely affects the operation of the network or violates the rules and 330 | protocols for communication across the network. 331 | . 332 | Corresponding Source conveyed, and Installation Information provided, 333 | in accord with this section must be in a format that is publicly 334 | documented (and with an implementation available to the public in 335 | source code form), and must require no special password or key for 336 | unpacking, reading or copying. 337 | . 338 | 7. Additional Terms. 339 | . 340 | "Additional permissions" are terms that supplement the terms of this 341 | License by making exceptions from one or more of its conditions. 342 | Additional permissions that are applicable to the entire Program shall 343 | be treated as though they were included in this License, to the extent 344 | that they are valid under applicable law. If additional permissions 345 | apply only to part of the Program, that part may be used separately 346 | under those permissions, but the entire Program remains governed by 347 | this License without regard to the additional permissions. 348 | . 349 | When you convey a copy of a covered work, you may at your option 350 | remove any additional permissions from that copy, or from any part of 351 | it. (Additional permissions may be written to require their own 352 | removal in certain cases when you modify the work.) You may place 353 | additional permissions on material, added by you to a covered work, 354 | for which you have or can give appropriate copyright permission. 355 | . 356 | Notwithstanding any other provision of this License, for material you 357 | add to a covered work, you may (if authorized by the copyright holders of 358 | that material) supplement the terms of this License with terms: 359 | . 360 | a) Disclaiming warranty or limiting liability differently from the 361 | terms of sections 15 and 16 of this License; or 362 | . 363 | b) Requiring preservation of specified reasonable legal notices or 364 | author attributions in that material or in the Appropriate Legal 365 | Notices displayed by works containing it; or 366 | . 367 | c) Prohibiting misrepresentation of the origin of that material, or 368 | requiring that modified versions of such material be marked in 369 | reasonable ways as different from the original version; or 370 | . 371 | d) Limiting the use for publicity purposes of names of licensors or 372 | authors of the material; or 373 | . 374 | e) Declining to grant rights under trademark law for use of some 375 | trade names, trademarks, or service marks; or 376 | . 377 | f) Requiring indemnification of licensors and authors of that 378 | material by anyone who conveys the material (or modified versions of 379 | it) with contractual assumptions of liability to the recipient, for 380 | any liability that these contractual assumptions directly impose on 381 | those licensors and authors. 382 | . 383 | All other non-permissive additional terms are considered "further 384 | restrictions" within the meaning of section 10. If the Program as you 385 | received it, or any part of it, contains a notice stating that it is 386 | governed by this License along with a term that is a further 387 | restriction, you may remove that term. If a license document contains 388 | a further restriction but permits relicensing or conveying under this 389 | License, you may add to a covered work material governed by the terms 390 | of that license document, provided that the further restriction does 391 | not survive such relicensing or conveying. 392 | . 393 | If you add terms to a covered work in accord with this section, you 394 | must place, in the relevant source files, a statement of the 395 | additional terms that apply to those files, or a notice indicating 396 | where to find the applicable terms. 397 | . 398 | Additional terms, permissive or non-permissive, may be stated in the 399 | form of a separately written license, or stated as exceptions; 400 | the above requirements apply either way. 401 | . 402 | 8. Termination. 403 | . 404 | You may not propagate or modify a covered work except as expressly 405 | provided under this License. Any attempt otherwise to propagate or 406 | modify it is void, and will automatically terminate your rights under 407 | this License (including any patent licenses granted under the third 408 | paragraph of section 11). 409 | . 410 | However, if you cease all violation of this License, then your 411 | license from a particular copyright holder is reinstated (a) 412 | provisionally, unless and until the copyright holder explicitly and 413 | finally terminates your license, and (b) permanently, if the copyright 414 | holder fails to notify you of the violation by some reasonable means 415 | prior to 60 days after the cessation. 416 | . 417 | Moreover, your license from a particular copyright holder is 418 | reinstated permanently if the copyright holder notifies you of the 419 | violation by some reasonable means, this is the first time you have 420 | received notice of violation of this License (for any work) from that 421 | copyright holder, and you cure the violation prior to 30 days after 422 | your receipt of the notice. 423 | . 424 | Termination of your rights under this section does not terminate the 425 | licenses of parties who have received copies or rights from you under 426 | this License. If your rights have been terminated and not permanently 427 | reinstated, you do not qualify to receive new licenses for the same 428 | material under section 10. 429 | . 430 | 9. Acceptance Not Required for Having Copies. 431 | . 432 | You are not required to accept this License in order to receive or 433 | run a copy of the Program. Ancillary propagation of a covered work 434 | occurring solely as a consequence of using peer-to-peer transmission 435 | to receive a copy likewise does not require acceptance. However, 436 | nothing other than this License grants you permission to propagate or 437 | modify any covered work. These actions infringe copyright if you do 438 | not accept this License. Therefore, by modifying or propagating a 439 | covered work, you indicate your acceptance of this License to do so. 440 | . 441 | 10. Automatic Licensing of Downstream Recipients. 442 | . 443 | Each time you convey a covered work, the recipient automatically 444 | receives a license from the original licensors, to run, modify and 445 | propagate that work, subject to this License. You are not responsible 446 | for enforcing compliance by third parties with this License. 447 | . 448 | An "entity transaction" is a transaction transferring control of an 449 | organization, or substantially all assets of one, or subdividing an 450 | organization, or merging organizations. If propagation of a covered 451 | work results from an entity transaction, each party to that 452 | transaction who receives a copy of the work also receives whatever 453 | licenses to the work the party's predecessor in interest had or could 454 | give under the previous paragraph, plus a right to possession of the 455 | Corresponding Source of the work from the predecessor in interest, if 456 | the predecessor has it or can get it with reasonable efforts. 457 | . 458 | You may not impose any further restrictions on the exercise of the 459 | rights granted or affirmed under this License. For example, you may 460 | not impose a license fee, royalty, or other charge for exercise of 461 | rights granted under this License, and you may not initiate litigation 462 | (including a cross-claim or counterclaim in a lawsuit) alleging that 463 | any patent claim is infringed by making, using, selling, offering for 464 | sale, or importing the Program or any portion of it. 465 | . 466 | 11. Patents. 467 | . 468 | A "contributor" is a copyright holder who authorizes use under this 469 | License of the Program or a work on which the Program is based. The 470 | work thus licensed is called the contributor's "contributor version". 471 | . 472 | A contributor's "essential patent claims" are all patent claims 473 | owned or controlled by the contributor, whether already acquired or 474 | hereafter acquired, that would be infringed by some manner, permitted 475 | by this License, of making, using, or selling its contributor version, 476 | but do not include claims that would be infringed only as a 477 | consequence of further modification of the contributor version. For 478 | purposes of this definition, "control" includes the right to grant 479 | patent sublicenses in a manner consistent with the requirements of 480 | this License. 481 | . 482 | Each contributor grants you a non-exclusive, worldwide, royalty-free 483 | patent license under the contributor's essential patent claims, to 484 | make, use, sell, offer for sale, import and otherwise run, modify and 485 | propagate the contents of its contributor version. 486 | . 487 | In the following three paragraphs, a "patent license" is any express 488 | agreement or commitment, however denominated, not to enforce a patent 489 | (such as an express permission to practice a patent or covenant not to 490 | sue for patent infringement). To "grant" such a patent license to a 491 | party means to make such an agreement or commitment not to enforce a 492 | patent against the party. 493 | . 494 | If you convey a covered work, knowingly relying on a patent license, 495 | and the Corresponding Source of the work is not available for anyone 496 | to copy, free of charge and under the terms of this License, through a 497 | publicly available network server or other readily accessible means, 498 | then you must either (1) cause the Corresponding Source to be so 499 | available, or (2) arrange to deprive yourself of the benefit of the 500 | patent license for this particular work, or (3) arrange, in a manner 501 | consistent with the requirements of this License, to extend the patent 502 | license to downstream recipients. "Knowingly relying" means you have 503 | actual knowledge that, but for the patent license, your conveying the 504 | covered work in a country, or your recipient's use of the covered work 505 | in a country, would infringe one or more identifiable patents in that 506 | country that you have reason to believe are valid. 507 | . 508 | If, pursuant to or in connection with a single transaction or 509 | arrangement, you convey, or propagate by procuring conveyance of, a 510 | covered work, and grant a patent license to some of the parties 511 | receiving the covered work authorizing them to use, propagate, modify 512 | or convey a specific copy of the covered work, then the patent license 513 | you grant is automatically extended to all recipients of the covered 514 | work and works based on it. 515 | . 516 | A patent license is "discriminatory" if it does not include within 517 | the scope of its coverage, prohibits the exercise of, or is 518 | conditioned on the non-exercise of one or more of the rights that are 519 | specifically granted under this License. You may not convey a covered 520 | work if you are a party to an arrangement with a third party that is 521 | in the business of distributing software, under which you make payment 522 | to the third party based on the extent of your activity of conveying 523 | the work, and under which the third party grants, to any of the 524 | parties who would receive the covered work from you, a discriminatory 525 | patent license (a) in connection with copies of the covered work 526 | conveyed by you (or copies made from those copies), or (b) primarily 527 | for and in connection with specific products or compilations that 528 | contain the covered work, unless you entered into that arrangement, 529 | or that patent license was granted, prior to 28 March 2007. 530 | . 531 | Nothing in this License shall be construed as excluding or limiting 532 | any implied license or other defenses to infringement that may 533 | otherwise be available to you under applicable patent law. 534 | . 535 | 12. No Surrender of Others' Freedom. 536 | . 537 | If conditions are imposed on you (whether by court order, agreement or 538 | otherwise) that contradict the conditions of this License, they do not 539 | excuse you from the conditions of this License. If you cannot convey a 540 | covered work so as to satisfy simultaneously your obligations under this 541 | License and any other pertinent obligations, then as a consequence you may 542 | not convey it at all. For example, if you agree to terms that obligate you 543 | to collect a royalty for further conveying from those to whom you convey 544 | the Program, the only way you could satisfy both those terms and this 545 | License would be to refrain entirely from conveying the Program. 546 | . 547 | 13. Remote Network Interaction; Use with the GNU General Public License. 548 | . 549 | Notwithstanding any other provision of this License, if you modify the 550 | Program, your modified version must prominently offer all users 551 | interacting with it remotely through a computer network (if your version 552 | supports such interaction) an opportunity to receive the Corresponding 553 | Source of your version by providing access to the Corresponding Source 554 | from a network server at no charge, through some standard or customary 555 | means of facilitating copying of software. This Corresponding Source 556 | shall include the Corresponding Source for any work covered by version 3 557 | of the GNU General Public License that is incorporated pursuant to the 558 | following paragraph. 559 | . 560 | Notwithstanding any other provision of this License, you have 561 | permission to link or combine any covered work with a work licensed 562 | under version 3 of the GNU General Public License into a single 563 | combined work, and to convey the resulting work. The terms of this 564 | License will continue to apply to the part which is the covered work, 565 | but the work with which it is combined will remain governed by version 566 | 3 of the GNU General Public License. 567 | . 568 | 14. Revised Versions of this License. 569 | . 570 | The Free Software Foundation may publish revised and/or new versions of 571 | the GNU Affero General Public License from time to time. Such new versions 572 | will be similar in spirit to the present version, but may differ in detail to 573 | address new problems or concerns. 574 | . 575 | Each version is given a distinguishing version number. If the 576 | Program specifies that a certain numbered version of the GNU Affero General 577 | Public License "or any later version" applies to it, you have the 578 | option of following the terms and conditions either of that numbered 579 | version or of any later version published by the Free Software 580 | Foundation. If the Program does not specify a version number of the 581 | GNU Affero General Public License, you may choose any version ever published 582 | by the Free Software Foundation. 583 | . 584 | If the Program specifies that a proxy can decide which future 585 | versions of the GNU Affero General Public License can be used, that proxy's 586 | public statement of acceptance of a version permanently authorizes you 587 | to choose that version for the Program. 588 | . 589 | Later license versions may give you additional or different 590 | permissions. However, no additional obligations are imposed on any 591 | author or copyright holder as a result of your choosing to follow a 592 | later version. 593 | . 594 | 15. Disclaimer of Warranty. 595 | . 596 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 597 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 598 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 599 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 600 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 601 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 602 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 603 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 604 | . 605 | 16. Limitation of Liability. 606 | . 607 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 608 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 609 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 610 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 611 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 612 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 613 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 614 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 615 | SUCH DAMAGES. 616 | . 617 | 17. Interpretation of Sections 15 and 16. 618 | . 619 | If the disclaimer of warranty and limitation of liability provided 620 | above cannot be given local legal effect according to their terms, 621 | reviewing courts shall apply local law that most closely approximates 622 | an absolute waiver of all civil liability in connection with the 623 | Program, unless a warranty or assumption of liability accompanies a 624 | copy of the Program in return for a fee. 625 | . 626 | END OF TERMS AND CONDITIONS 627 | . 628 | How to Apply These Terms to Your New Programs 629 | . 630 | If you develop a new program, and you want it to be of the greatest 631 | possible use to the public, the best way to achieve this is to make it 632 | free software which everyone can redistribute and change under these terms. 633 | . 634 | To do so, attach the following notices to the program. It is safest 635 | to attach them to the start of each source file to most effectively 636 | state the exclusion of warranty; and each file should have at least 637 | the "copyright" line and a pointer to where the full notice is found. 638 | . 639 | 640 | Copyright (C) 641 | . 642 | This program is free software: you can redistribute it and/or modify 643 | it under the terms of the GNU Affero General Public License as published by 644 | the Free Software Foundation, either version 3 of the License, or 645 | (at your option) any later version. 646 | . 647 | This program is distributed in the hope that it will be useful, 648 | but WITHOUT ANY WARRANTY; without even the implied warranty of 649 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 650 | GNU Affero General Public License for more details. 651 | . 652 | You should have received a copy of the GNU Affero General Public License 653 | along with this program. If not, see . 654 | . 655 | Also add information on how to contact you by electronic and paper mail. 656 | . 657 | If your software can interact with users remotely through a computer 658 | network, you should also make sure that it provides a way for users to 659 | get its source. For example, if your program is a web application, its 660 | interface could display a "Source" link that leads users to an archive 661 | of the code. There are many ways you could offer source, and different 662 | solutions will be better for different programs; see section 13 for the 663 | specific requirements. 664 | . 665 | You should also get your employer (if you work as a programmer) or school, 666 | if any, to sign a "copyright disclaimer" for the program, if necessary. 667 | For more information on this, and how to apply and follow the GNU AGPL, see 668 | . 669 | -------------------------------------------------------------------------------- /debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | #export DH_VERBOSE=1 7 | 8 | %: 9 | dh $@ 10 | 11 | override_dh_install: 12 | dh_apparmor --profile-name='bootclockrandomization' 13 | dh_install 14 | 15 | override_dh_installman: 16 | dh_installman $(CURDIR)/auto-generated-man-pages/* 17 | 18 | override_dh_installchangelogs: 19 | dh_installchangelogs changelog.upstream upstream 20 | -------------------------------------------------------------------------------- /debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /debian/source/lintian-overrides: -------------------------------------------------------------------------------- 1 | ## https://phabricator.whonix.org/T277 2 | debian-watch-does-not-check-openpgp-signature 3 | -------------------------------------------------------------------------------- /debian/watch: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | version=4 5 | opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/bootclockrandomization-$1\.tar\.gz/ \ 6 | https://github.com/Whonix/bootclockrandomization/tags .*/v?(\d\S+)\.tar\.gz 7 | -------------------------------------------------------------------------------- /etc/apparmor.d/bootclockrandomization: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | #include 5 | 6 | profile bootclockrandomization /usr/share/bootclockrandomization/* flags=(attach_disconnected) { 7 | #include 8 | #include 9 | 10 | capability sys_time, 11 | 12 | /bin/bash rix, 13 | /bin/date mrix, 14 | /bin/rm mrix, 15 | /bin/touch mrix, 16 | 17 | /usr/bin/bash rix, 18 | /usr/bin/date mrix, 19 | /usr/bin/rm mrix, 20 | /usr/bin/touch mrix, 21 | 22 | /usr/bin/id mrix, 23 | /usr/bin/od mrix, 24 | /usr/bin/shuf mrix, 25 | 26 | owner /etc/nsswitch.conf r, 27 | owner /etc/passwd r, 28 | 29 | owner /run/bootclockrandomization/{fail,success} w, 30 | owner /usr/share/bootclockrandomization/* r, 31 | 32 | /dev/tty rw, 33 | 34 | #include 35 | } 36 | -------------------------------------------------------------------------------- /man/clock-random-manual-cli.8.ronn: -------------------------------------------------------------------------------- 1 | clock-random-manual-cli(8) -- random clock setting 2 | ============================================= 3 | 4 | 8 | 9 | ## SYNOPSIS 10 | `clock-random-manual-cli` time 11 | 12 | ## DESCRIPTION 13 | Sets randomized clock relative to time given by user. 14 | 15 | ## EXIT CODES 16 | 0 Success. 17 | 18 | non-zero Error. 19 | 20 | ## EXAMPLES 21 | `echo "Fri Sep 30 22:20:00 UTC 2016" | /usr/bin/clock-random-manual-cli` 22 | 23 | ## WWW 24 | https://www.whonix.org/wiki/Boot_Clock_Randomization 25 | 26 | ## AUTHOR 27 | This man page has been written by Patrick Schleizer (adrelanos@whonix.org). 28 | -------------------------------------------------------------------------------- /man/clock-random-manual-gui.8.ronn: -------------------------------------------------------------------------------- 1 | clock-random-manual-gui(8) -- random clock setting 2 | ============================================= 3 | 4 | 8 | 9 | ## SYNOPSIS 10 | `clock-random-manual-gui` 11 | 12 | ## DESCRIPTION 13 | Sets randomized clock relative to time given by user. 14 | 15 | ## EXIT CODES 16 | 0 Success. 17 | 18 | non-zero Error. 19 | 20 | ## EXAMPLES 21 | `/usr/bin/clock-random-manual-gui` 22 | 23 | ## WWW 24 | https://www.whonix.org/wiki/Boot_Clock_Randomization 25 | 26 | ## AUTHOR 27 | This man page has been written by Patrick Schleizer (adrelanos@whonix.org). 28 | -------------------------------------------------------------------------------- /usr/bin/clock-random-manual-cli: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | ## test: 7 | ## echo "Fri Sep 30 22:20:00 UTC 2016" | /usr/bin/clock-random-manual-cli 8 | 9 | set -e 10 | 11 | source /usr/share/bootclockrandomization/shared 12 | 13 | NAME=clock-random-manual 14 | DIR=/run/$NAME 15 | FAIL_FILE=$DIR/fail 16 | SUCCESS_FILE=$DIR/success 17 | LOG=/var/log/$NAME.log 18 | 19 | delay_plus_or_minus="30" 20 | 21 | mkdir -p "$DIR" 22 | 23 | echo "Enter current date. Example: 24 | Fri Sep 30 22:20:00 UTC 2016" 25 | 26 | read date_input_user 27 | 28 | ## Example date_input: 29 | ## Fri Sep 30 22:20:00 UTC 2016 30 | 31 | date_input_unixtime="$(date --date "$date_input_user" +%s)" 32 | 33 | log "input: $date_input_user 000000000" 34 | 35 | OLD_TIME="$date_input_unixtime" 36 | 37 | get_random_time 38 | 39 | log "output: $NEW_TIME_HUMAN $NANOSECONDS" 40 | 41 | ## Set new time. Syntax: date --set @1396733199.112834496 42 | date --set "@$NEW_TIME.$NANOSECONDS" > /dev/null 43 | 44 | echo "Success, clock is now randomized!" 45 | -------------------------------------------------------------------------------- /usr/bin/clock-random-manual-gui: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -e 7 | 8 | title="Manual Clock Randomization" 9 | 10 | date_start="$(date)" 11 | 12 | if user_input=$(zenity \ 13 | --entry \ 14 | --title="$title" \ 15 | --text="Please enter the time (in UTC!) in the following format. 16 | 17 | Example: 18 | $date_start" \ 19 | --entry-text "$date_start") 20 | then \ 21 | true "zentry entry ok." 22 | else 23 | type="info" 24 | msg="

Ok, aborted.

" 25 | /usr/libexec/msgcollector/msgdispatcher_dispatch_x "$type" "$title" "$msg" "$lefttop" "$icon" 26 | exit 3 27 | fi 28 | 29 | if echo "$user_input" | sudo --non-interactive /usr/bin/clock-random-manual-cli ; then 30 | date_end="$(date)" 31 | type="info" 32 | msg="

Success, date set from (user input): 33 |
$date_start 34 |
to (randomized): 35 |
$date_end.

" 36 | /usr/libexec/msgcollector/msgdispatcher_dispatch_x "$type" "$title" "$msg" "$lefttop" "$icon" 37 | exit 0 38 | else 39 | type="error" 40 | msg="

ERROR! 41 |
Please report this bug! 42 |
43 |
Please open a console and use: 44 |

sudo /usr/bin/clock-random-manual-cli

" 45 | /usr/libexec/msgcollector/msgdispatcher_dispatch_x "$type" "$title" "$msg" "$lefttop" "$icon" 46 | exit 1 47 | fi 48 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/bootclockrandomization.service: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | [Unit] 5 | Description=Boot Clock Randomization 6 | Documentation=https://github.com/Whonix/bootclockrandomization 7 | Before=sdwdate.service 8 | Before=tor.service 9 | Before=tor@default.service 10 | 11 | ConditionPathExists=!/run/qubes-service/no-bootclockrandomization 12 | ConditionPathExists=!/run/qubes-service/no-bcr 13 | 14 | ## systemd-nspawn does not allow clock to be changed inside the container. 15 | ## Quote https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html 16 | ## The host's network interfaces and the system clock may not be changed from within the container. 17 | ## https://forums.whonix.org/t/bootclockrandomization-always-moving-clock-plus-or-5-seconds/2200/10 18 | ConditionVirtualization=!systemd-nspawn 19 | 20 | [Service] 21 | Type=oneshot 22 | RemainAfterExit=yes 23 | ExecStart=/usr/share/bootclockrandomization/start 24 | ExecStop=/usr/share/bootclockrandomization/stop 25 | 26 | [Install] 27 | WantedBy=multi-user.target 28 | -------------------------------------------------------------------------------- /usr/lib/tmpfiles.d/bootclockrandomization.conf: -------------------------------------------------------------------------------- 1 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 2 | ## See the file COPYING for copying conditions. 3 | 4 | d /run/bootclockrandomization 0775 root root - 5 | Z /run/bootclockrandomization/* 0644 root root - 6 | -------------------------------------------------------------------------------- /usr/share/bootclockrandomization/shared: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -e 7 | set -o errtrace 8 | set -o pipefail 9 | 10 | NAME=bootclockrandomization 11 | DIR=/run/$NAME 12 | FAIL_FILE=$DIR/fail 13 | SUCCESS_FILE=$DIR/success 14 | 15 | log() { 16 | echo "$@" 17 | } 18 | 19 | error_handler() { 20 | local exit_code="$?" 21 | touch "$FAIL_FILE" 22 | log "ERROR: exit_code: $exit_code | BASH_COMMAND: $BASH_COMMAND" 23 | exit 1 24 | } 25 | 26 | trap "error_handler" ERR 27 | 28 | if [ "$(id -u)" != "0" ]; then 29 | log "ERROR: $0 be run as root (sudo)! Use: sudo $0" 30 | exit 3 31 | fi 32 | 33 | get_random_time() { 34 | ## Get a random 0 or 1. 35 | ## Will use this to decide to use plus or minus. 36 | ## 37 | ## Thanks to 38 | ## http://linux.byexamples.com/archives/128/generating-random-numbers/ 39 | ZERO_OR_ONE="$(( 0+($(od -An -N2 -i /dev/random) )%(0+2) ))" 40 | 41 | ## Create a random number between 0 and $delay_plus_or_minus. 42 | ## delay_plus_or_minus is 30 for clock-random-manual. 43 | ## delay_plus_or_minus is 180 for bootclockrandomization. 44 | DELAY="$(( $(od -An -N2 -i /dev/random)%($delay_plus_or_minus-0+1) ))" 45 | 46 | ## Create a random number between 0 and 999999999. 47 | ## 48 | ## Thanks to 49 | ## https://stackoverflow.com/questions/22887891/how-can-i-get-a-random-dev-random-number-between-0-and-999999999-in-bash 50 | NANOSECONDS="$(shuf -i0-999999999 -n1 --random-source=/dev/random)" 51 | 52 | ## Examples NANOSECONDS: 53 | ## 117752805 54 | ## 38653957 55 | 56 | ## Add leading zeros, because `date` expects 9 digits. 57 | NANOSECONDS="$(printf '%0*d\n' 9 "$NANOSECONDS")" 58 | 59 | ## Using 60 | ## printf '%0*d\n' 9 "38653957" 61 | ## 38653957 62 | ## becomes 63 | ## 038653957 64 | 65 | ## Examples NANOSECONDS: 66 | ## 117752805 67 | ## 038653957 68 | 69 | if [ "$ZERO_OR_ONE" = "0" ]; then 70 | PLUS_OR_MINUS="-" 71 | elif [ "$ZERO_OR_ONE" = "1" ]; then 72 | PLUS_OR_MINUS="+" 73 | else 74 | touch "$FAIL_FILE" 75 | log "ERROR: ZERO_OR_ONE is neither 0 nor 1, it's: $ZERO_OR_ONE" 76 | log " Please report this bug!" 77 | return 2 78 | fi 79 | 80 | log "$PLUS_OR_MINUS $DELAY $NANOSECONDS" 81 | 82 | ## OLD_TIME will be set when called by clock-random-manual-cli. 83 | ## OLD_TIME will not be set when called by bootclockrandomization. 84 | if [ "$OLD_TIME" = "" ]; then 85 | OLD_TIME="$(date)" 86 | true "Setting OLD_TIME to $OLD_TIME." 87 | OLD_TIME_NANOSECONDS="$(date +%s.%N)" 88 | OLD_UNIXTIME="$(date +%s)" 89 | else 90 | true "OLD_TIME already set to $OLD_TIME." 91 | OLD_TIME_NANOSECONDS="$(date --date "@$OLD_TIME" +%s.%N)" 92 | OLD_UNIXTIME="$(date --date "@$OLD_TIME" +%s)" 93 | fi 94 | 95 | NEW_TIME="$(( $OLD_UNIXTIME $PLUS_OR_MINUS $DELAY ))" 96 | NEW_TIME_HUMAN="$(date --date "@$NEW_TIME")" 97 | } 98 | -------------------------------------------------------------------------------- /usr/share/bootclockrandomization/start: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -e 7 | 8 | source /usr/share/bootclockrandomization/shared 9 | 10 | do_start () { 11 | log "Boot Clock Randomization" 12 | log "https://www.kicksecure.com/wiki/Boot_Clock_Randomization" 13 | 14 | if [ -e "$FAIL_FILE" ]; then 15 | rm -f "$FAIL_FILE" 16 | fi 17 | if [ -e "$SUCCESS_FILE" ]; then 18 | rm -f "$SUCCESS_FILE" 19 | fi 20 | 21 | ## Lower in Qubes Template. 22 | ## Because sdwdate (or other time fixing mechanism) does not yet run in Template. 23 | ## https://forums.whonix.org/t/whonix-ws-16-template-fails-to-update-due-to-timing-issue/12739/31 24 | if test -f /run/qubes/this-is-templatevm ; then 25 | : ${delay_plus_or_minus:="1"} 26 | fi 27 | : ${delay_plus_or_minus:="180"} 28 | 29 | get_random_time 30 | 31 | ## Set new time. Syntax: date --set @1396733199.112834496 32 | date --set "@$NEW_TIME.$NANOSECONDS" > /dev/null 33 | 34 | ## Testing the `date` syntax: 35 | ## sudo date --set @1396733199.112834496 ; date +%s.%N 36 | ## Sat Apr 5 21:26:39 UTC 2014 37 | ## 1396733199.114119019 38 | ## sudo date --set @1396733199.112834496 ; date +%s.%N 39 | ## Sat Apr 5 21:26:39 UTC 2014 40 | ## 1396733199.114122807 41 | 42 | log "Changed time from $OLD_TIME ($OLD_TIME_NANOSECONDS)" 43 | log " to $(date) ($(date +%s.%N))." 44 | 45 | touch "$SUCCESS_FILE" 46 | return 0 47 | } 48 | 49 | do_start 50 | -------------------------------------------------------------------------------- /usr/share/bootclockrandomization/status: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -e 7 | 8 | source /usr/share/bootclockrandomization/shared 9 | 10 | do_status () { 11 | if [ -e "$SUCCESS_FILE" ]; then 12 | log "$NAME $SUCCESS_FILE exists." 13 | exit 0 14 | else 15 | log "$NAME $SUCCESS_FILE does not exist." 16 | exit 1 17 | fi 18 | } 19 | 20 | do_status 21 | -------------------------------------------------------------------------------- /usr/share/bootclockrandomization/stop: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC 4 | ## See the file COPYING for copying conditions. 5 | 6 | set -e 7 | 8 | source /usr/share/bootclockrandomization/shared 9 | 10 | do_stop() { 11 | if [ -e "$FAIL_FILE" ]; then 12 | rm -f "$FAIL_FILE" 13 | fi 14 | if [ -e "$SUCCESS_FILE" ]; then 15 | rm -f "$SUCCESS_FILE" 16 | fi 17 | } 18 | 19 | do_stop 20 | --------------------------------------------------------------------------------