#!/bin/bash

## Copyright (C) 2017 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#set -x
set -e

date_cmd(){
   date -u +"%Y-%m-%d %T"
}

output_cmd_set() {
   if [ -o xtrace ]; then
      output_cmd=true
   else
      output_cmd=echo
   fi
}

output_cmd_func() {
   msg="$(date_cmd) - $0 - $@"
   $output_cmd "$msg"
   echo "$msg" | systemd-cat --identifier="suspend-post" || true
}

output_cmd_set

output_cmd_func "INFO - START"

if [ -f /run/qubes/this-is-templatevm ]; then
   ## qubes-sync-time is triggered after suspend/resume.
   ## https://forums.whonix.org/t/whonix-ws-16-fails-to-update-due-to-timing-issue/12739/10
   output_cmd_func "INFO - Skipping, because run in TemplateVM."
   exit 0
fi

if [ ! "$(id -u)" = "0" ]; then
   output_cmd_func "ERROR - Must run as root!"
   exit 2
fi

if command -v "qubesdb-read" >/dev/null 2>&1 ; then
   true
else
   output_cmd_func "INFO - Clock fix after resume not implemented in Non-Qubes-Whonix. See: https://www.whonix.org/wiki/Troubleshooting#Clock_Fix"
   exit 3
fi

## Defensive measure to not mess up file permissions.
mkdir --parents /run/sdwdate
chown --recursive sdwdate:sdwdate /run/sdwdate

tor_restart_maybe() {
   output_cmd_func "INFO - Checking if file /run/sdwdate/tor_was_running.status exists..."

   if test -f /run/sdwdate/tor_was_running.status ; then
      output_cmd_func "INFO - Yes, file /run/sdwdate/tor_was_running.status exists."

      output_cmd_func "INFO - Deleting Tor consensus files, restart Tor (and maybe vanguards)..."
      ## Without this, Tor keeps the stale Tor consensus even after restarting Tor.
      ## provided by package helper-scripts
      anon-consensus-del
      output_cmd_func "INFO - Done, deleted Tor consensus files, restarted Tor (and maybe vanguards)."

      output_cmd_func "INFO - Deleting /run/sdwdate/tor_was_running.status..."
      rm --force /run/sdwdate/tor_was_running.status
      output_cmd_func "INFO - Done, deleted /run/sdwdate/tor_was_running.status."
   else
      output_cmd_func "INFO - No, file /run/sdwdate/tor_was_running.status did not exist, meaning we previously before suspend/hibernate did not stop Tor, therefore not starting it now."
   fi
}

## Previously in suspend-pre sdwdate
## - Tor was stopped.
## - sdwdate was stopped.
## - Whonix firewall entered timesync-fail-closed mode.
##
## Now in this script:
## - 1. restart Tor (only if it was previously running)
## - 2. sdwdate-clock-jump so it sets the time using `date` (instantly setting
##      the time), instead of sclockadj (gradually adjusting the time).
## - 3. (outside of this script) Once sdwdate succeeded,
##      whonix-firewall-sdwdate-watcher.service should enter Whonix firewall in
##      full mode.
##
## For an ISP level observer this should look like a reboot.

## Do not interfere with the clock if the sdwdate service was stopped.
output_cmd_func "INFO - Checking if file /run/sdwdate/sdwdate_was_running.status exists..."
if test -f /run/sdwdate/sdwdate_was_running.status ; then
   output_cmd_func "INFO - Yes, file /run/sdwdate/sdwdate_was_running.status exists."

   output_cmd_func "INFO - Deleting /run/sdwdate/sdwdate_was_running.status..."
   rm --force /run/sdwdate/sdwdate_was_running.status
   output_cmd_func "INFO - Done, deleted /run/sdwdate/sdwdate_was_running.status."

   tor_restart_maybe

   output_cmd_func "INFO - Running sdwdate-clock-jump..."
   sdwdate-clock-jump
   output_cmd_func "INFO - Done, with sdwdate-clock-jump."

   ## Whonix firewall full mode
   ##
   ## After sdwdate restart, sdwdate will on success recreate the status file
   ## '/run/sdwdate/first_success'.
   ##
   ## ( whonix-[gw|ws]-firewall ) /lib/systemd/system/whonix-firewall-sdwdate-watcher.service /
   ## ( helper-scripts ) /usr/libexec/helper-scripts/firewall-restarter
   ## will notice this, and restart Whonix firewall in full mode.

   exit 0
else
   output_cmd_func "INFO - No, file /run/sdwdate/sdwdate_was_running.status did not exist, meaning we previously before suspend/hilbernate did not stop sdwdate, therefore not starting it now."
fi

## Make sure Tor is restarted even if sdwdate was not running during suspend-pre.
tor_restart_maybe

output_cmd_func "INFO - END"
