From c76735f0c8106b56a863c450ef2b9312585b9bab Mon Sep 17 00:00:00 2001
From: Demi Marie Obenour <demi@invisiblethingslab.com>
Date: Wed, 1 Jan 2025 20:53:20 -0500
Subject: [PATCH] Do not set timezone for VMs with anon-timezone feature

This is implemented as a feature so that the standard
check-with-template mechanism can be used.

Fixes: QubesOS/qubes-issues#8381
---
 qubes/tests/vm/qubesvm.py | 52 +++++++++++++++++++++------------------
 qubes/vm/qubesvm.py       |  6 ++++-
 2 files changed, 33 insertions(+), 25 deletions(-)

diff --git a/qubes/tests/vm/qubesvm.py b/qubes/tests/vm/qubesvm.py
index 9dac1f4d9..1ea025957 100644
--- a/qubes/tests/vm/qubesvm.py
+++ b/qubes/tests/vm/qubesvm.py
@@ -2160,31 +2160,35 @@ def test_620_qdb_standalone(
             "-A FORWARD -i vif+ -o vif+ -j DROP\n"
             "COMMIT\n".format(datetime.datetime.now().ctime())
         )
+        data = {
+            "/name": "test-inst-test",
+            "/type": "StandaloneVM",
+            "/default-user": "user",
+            "/qubes-vm-type": "AppVM",
+            "/qubes-debug-mode": "0",
+            "/qubes-base-template": "",
+            "/qubes-timezone": "UTC",
+            "/qubes-random-seed": base64.b64encode(b"A" * 64),
+            "/qubes-vm-persistence": "full",
+            "/qubes-vm-updateable": "True",
+            "/qubes-block-devices": "",
+            "/qubes-usb-devices": "",
+            "/qubes-iptables": "reload",
+            "/qubes-iptables-error": "",
+            "/qubes-iptables-header": iptables_header,
+            "/qubes-service/qubes-update-check": "0",
+            "/qubes-service/meminfo-writer": "1",
+            "/connected-ips": "",
+            "/connected-ips6": "",
+        }
 
-        self.assertEqual(
-            test_qubesdb.data,
-            {
-                "/name": "test-inst-test",
-                "/type": "StandaloneVM",
-                "/default-user": "user",
-                "/qubes-vm-type": "AppVM",
-                "/qubes-debug-mode": "0",
-                "/qubes-base-template": "",
-                "/qubes-timezone": "UTC",
-                "/qubes-random-seed": base64.b64encode(b"A" * 64),
-                "/qubes-vm-persistence": "full",
-                "/qubes-vm-updateable": "True",
-                "/qubes-block-devices": "",
-                "/qubes-usb-devices": "",
-                "/qubes-iptables": "reload",
-                "/qubes-iptables-error": "",
-                "/qubes-iptables-header": iptables_header,
-                "/qubes-service/qubes-update-check": "0",
-                "/qubes-service/meminfo-writer": "1",
-                "/connected-ips": "",
-                "/connected-ips6": "",
-            },
-        )
+        self.assertEqual(test_qubesdb.data, data)
+
+        test_qubesdb.data.clear()
+        vm.features["anon-timezone"] = "1"
+        vm.create_qdb_entries()
+        del data["/qubes-timezone"]
+        self.assertEqual(test_qubesdb.data, data)
 
     @unittest.mock.patch("datetime.datetime")
     @unittest.mock.patch("qubes.utils.get_timezone")
diff --git a/qubes/vm/qubesvm.py b/qubes/vm/qubesvm.py
index 195b28510..701b54af4 100644
--- a/qubes/vm/qubesvm.py
+++ b/qubes/vm/qubesvm.py
@@ -2612,8 +2612,12 @@ def create_qdb_entries(self):
                 )
 
         tzname = qubes.utils.get_timezone()
-        if tzname:
+        if tzname and not self.features.check_with_template(
+            "anon-timezone", False
+        ):
             self.untrusted_qdb.write("/qubes-timezone", tzname)
+        else:
+            self.untrusted_qdb.rm("/qubes-timezone")
 
         self.untrusted_qdb.write("/qubes-block-devices", "")
         self.untrusted_qdb.write("/qubes-usb-devices", "")