GNU bug report logs - #64838
[PATCH] home: Add parcimonie service.

Previous Next

Package: guix-patches;

Reported by: Efraim Flashner <efraim <at> flashner.co.il>

Date: Mon, 24 Jul 2023 19:04:01 UTC

Severity: normal

Tags: patch

Done: Efraim Flashner <efraim <at> flashner.co.il>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Efraim Flashner <efraim <at> flashner.co.il>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 64838 <at> debbugs.gnu.org, unmatched-paren <paren <at> disroot.org>, Andrew Tropin <andrew <at> trop.in>
Subject: [bug#64838] [PATCH] home: Add parcimonie service.
Date: Fri, 18 Aug 2023 16:24:39 +0300

[Message part 1 (text/plain, inline)]
On Wed, Aug 16, 2023 at 10:32:23PM +0200, Ludovic Courtès wrote:
> Hello,
> 
> Efraim Flashner <efraim <at> flashner.co.il> skribis:
> 
> > * gnu/home/services/gnupg.scm (home-parcimonie-service-type,
> > home-parcimonie-configuration): New variables.
> > * doc/guix.texi (GNU Privacy Guard): Document it.
> 
> Very nice!
> 
> > +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
> > +public key from a keyserver.  Its refreshes one key at a time; between every
>                                  ^
> “It”
> 
> > +key update parcimonie sleeps a random amount of time, long enough for the
> > +previously used Tor circuit to expire.  This process is meant to make it hard
> > +for an attacker to correlate the multiple performed key update operations.
> 
> Maybe: “to correlate the multiple key updates.”
> 
> > +As an example, here is how you would configure @code{parcimonie} to refresh the
> > +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as
> > +when running @code{guix import}:
> > +
> > +@lisp
> > +(service home-parcimonie-service-type
> > +         (home-parcimonie-configuration
> > +           (refresh-guix-keyrings? #t)))
> > +@end lisp
> 
> Maybe add: “This assumes that the Tor anonymous routing daemon is
> already running on your system.  On Guix System, this can be achieved by
> setting up @code{tor-service-type} (@pxref{Networking Services,
> @code{tor-service-type}}).”
> 
> Apart from these minor nits, LGTM!

Thanks.

Apparently the dbus integration was for the parcimonie applet, but
that's been deprecated so I'll remove that option. Also I think I need
to test the service once or twice more, I need to make sure the
append-map bits work as expected and it doesn't make an extra list. I'll
push it once I've taken care of those bits.

-- 
Efraim Flashner   <efraim <at> flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 1 year and 256 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.