mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
cb028ca53f
This commit adds code to deal with the issue that the time may we widely off when snapd tries to register the serial. For devices without a RTC the date maybe so much in the past that the SSL certificats are not valid yet. To fix this the following changes are made: * httputil: add `CertExpiredOrNotValidYet()` helper This helper can be used to check if the error is that the certificate is expired or not yet not valid. This is useful to detect situations like when the time has not yet been syncronized from a NTP sources. * devicestate: retry serial acquire on time based certificate errors When the serial assertion cannot be acquired because the certificate of the remote system is expired or not yet valid then the most likely reason for this is that the system clock is off. This case is now treated in the similar to no network errors, i.e. snapd will retry to acquire the serial and will only go into the a slow backoff mode. This helps with the issue that on systems without a RTC when the device comes up and the NTP sync is slow the serial is (re)tried 3 times and then it goes into a very long backoff (as defined in DeviceManager.ensureOperationalShouldBackoff()). A gradual backoff is still used to not overwhelm the servers and it is only tried for a bit more than 2048s because that is the maxium time it takes for timesyncd to wait before trying a NTP sync.