Issue an explicit warning if the Manifest timestamp is 24 hours behind
the system clock. This is meant to detect attacks based on preventing
the user from upgrading.
---
pym/portage/sync/modules/rsync/rsync.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/pym/portage/sync/modules/rsync/rsync.py
b/pym/portage/sync/modules/rsync/rsync.py
index b7758c2c3..9c352b139 100644
--- a/pym/portage/sync/modules/rsync/rsync.py
+++ b/pym/portage/sync/modules/rsync/rsync.py
@@ -6,6 +6,7 @@ import logging
import time
import signal
import socket
+import datetime
import io
import re
import random
@@ -339,6 +340,11 @@ class RsyncSync(NewBase):
ts = m.find_timestamp()
if ts is None:
raise
RuntimeError('Timestamp not found in Manifest')
+ if (datetime.datetime.utcnow()
- ts.ts).days > 1:
+ out.ewarn('Manifest is
over 24 hours old, this is suspicious!')
+ out.ewarn('You may want
to try using another mirror and/or reporting this one:')
+ out.ewarn(' %s' %
(dosyncuri,))
+ out.ewarn('')
out.einfo('Manifest timestamp:
%s UTC' % (ts.ts,))
out.einfo('Valid OpenPGP
signature found:')
--
2.16.1
