diff options
| author | Andrew Dunham <andrew@du.nham.ca> | 2025-03-10 16:38:44 -0400 |
|---|---|---|
| committer | Andrew Dunham <andrew@du.nham.ca> | 2025-03-10 16:38:44 -0400 |
| commit | 5869f14e748f2b217a82f04e3fbb6cf089bff8e3 (patch) | |
| tree | 911ad8d93ea41aa0dd54d340db914a28fecbc782 /.github/workflows | |
| parent | 69b27d2fcfeaa745de072f96dd6c30f4f085ecd9 (diff) | |
| download | tailscale-andrew/current-time.tar.xz tailscale-andrew/current-time.zip | |
net/{currenttime,tlsdial}: add minimum possible time for TLSandrew/current-time
This adds a new package, net/currenttime, which is a thin wrapper around
time.Now. If the value returned by time.Now is before a hard-coded value
baked into the binary, that hard-coded value will be returned instead.
In the case where the system has a buggy, malfunctioning, or nonexistent
RTC, this can improve the likelihood that Tailscale will be able to
establish a connection to the control plane (via TLS) and fetch the
server certificate.
As a future TODO: we should cache this value on-disk between process
starts (possibly in the state file?) so that we succeed even if the
Tailscale server certificate has already expired from the perspective of
the minimum time.
Additionally, add a GitHub workflow that bumps the current time to a new
value every 14 days, so that the value stays reasonably up-to-date in
our repository without introducing impurities into the build process.
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: If63cf28c4f188993894d3de589fd65ad447def6f
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/update-current-time.yml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/.github/workflows/update-current-time.yml b/.github/workflows/update-current-time.yml new file mode 100644 index 000000000..f1c86c0be --- /dev/null +++ b/.github/workflows/update-current-time.yml @@ -0,0 +1,44 @@ +name: update-current-time + +on: + # allow manual execution + workflow_dispatch: + + # run every 14 days + schedule: + - cron: "0 0 */14 * *" + +concurrency: + group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + update-flake: + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Get access token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.LICENSING_APP_ID }} + installation_retrieval_mode: "id" + installation_retrieval_payload: ${{ secrets.LICENSING_APP_INSTALLATION_ID }} + private_key: ${{ secrets.LICENSING_APP_PRIVATE_KEY }} + + - name: Send pull request + uses: peter-evans/create-pull-request@dd2324fc52d5d43c699a5636bcf19fceaa70c284 #v7.0.7 + with: + token: ${{ steps.generate-token.outputs.token }} + author: Time Updater <noreply+time-updater@tailscale.com> + committer: Time Updater <noreply+time-updater@tailscale.com> + branch: time-updates + commit-message: "net/currentime: update minimum time" + title: "net/currentime: update minimum time" + body: Triggered by ${{ github.repository }}@${{ github.sha }} + signoff: true + delete-branch: true + reviewers: andrew-d |