Fix private operator time drift

[caroline-ttd]

Correct the time drift once a day

For testing, I added a function to manually changed the time and use the cron job to set it back.

TIME_SYNC_OFFSET_SECONDS="${TIME_SYNC_OFFSET_SECONDS:-30}"

sync_enclave_time_with_offset_once() {
 local current_time
 local parent_epoch
 if current_time=$(curl -s -f -x socks5h://127.0.0.1:3305 "${TIME_SYNC_URL}"); then
   parent_epoch=$(date -u -d "${current_time}" +%s 2>/dev/null || true)
   if [[ -n "${parent_epoch}" ]]; then
     parent_epoch=$((parent_epoch + TIME_SYNC_OFFSET_SECONDS))
     if ! date -u -s "@${parent_epoch}"; then
       echo "Time sync: failed to set enclave time from '${current_time}' with offset ${TIME_SYNC_OFFSET_SECONDS}s"
       return 1
     fi
     echo "Time sync: updated enclave time to ${current_time} + ${TIME_SYNC_OFFSET_SECONDS}s"
   fi
 else
   echo "Time sync: failed to fetch time from parent instance"
   return 1
 fi
}
 
sync_enclave_time_with_offset_once || true

Test:
Cron job in enclave:

---

Cronjob in host (out of date):

1. Manually set the time drift for 30 seconds

2. Correct the drift ---

Previous python version:

1. Manually set the time drift for 30 seconds

2. Correct the drift

[abuabraham-ttd]

I feel this is a bit complex.

Why not something much simpler like

sync_enclave_time() {
  curl -s -f -x socks5h://127.0.0.1:3305 "${TIME_SYNC_URL}" | xargs -I{} date -u -s "{}"
}

Trust the parent instance clock without the condition ?

[abuabraham-ttd]

suggest using cron. Python sleep is process based, if process crashes (this process running, isn't a requirement for our enclave), it stops.

Using cron on systemd timer would be better IMO

[caroline-ttd]

Updated to cronjob

[abuabraham-ttd]

I am not sure if we need this. This AMI is the parent instance which already has time sync configured with AWS time server

[caroline-ttd]

Removed it

[abuabraham-ttd]

/usr/local/bin/uid2-time-sync

what's that ? how do you get that? (I would suggest creating that over your implementation of adding start_time_sync_server in entrypoint.sh (cleaner)