bug#64838: [PATCH] home: Add parcimonie service.

[Efraim Flashner]

On Wed, Aug 16, 2023 at 10:32:23PM +0200, Ludovic Courtès wrote:
> Hello,
> 
> Efraim Flashner <efraim@flashner.co.il> skribis:
> 
> > * gnu/home/services/gnupg.scm (home-parcimonie-service-type,
> > home-parcimonie-configuration): New variables.
> > * doc/guix.texi (GNU Privacy Guard): Document it.
> 
> Very nice!
> 
> > +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
> > +public key from a keyserver.  Its refreshes one key at a time; between 
> > every
>                                  ^
> “It”
> 
> > +key update parcimonie sleeps a random amount of time, long enough for the
> > +previously used Tor circuit to expire.  This process is meant to make it 
> > hard
> > +for an attacker to correlate the multiple performed key update operations.
> 
> Maybe: “to correlate the multiple key updates.”
> 
> > +As an example, here is how you would configure @code{parcimonie} to 
> > refresh the
> > +keys in your GnuPG keyring, as well as those keyrings created by Guix, 
> > such as
> > +when running @code{guix import}:
> > +
> > +@lisp
> > +(service home-parcimonie-service-type
> > +         (home-parcimonie-configuration
> > +           (refresh-guix-keyrings? #t)))
> > +@end lisp
> 
> Maybe add: “This assumes that the Tor anonymous routing daemon is
> already running on your system.  On Guix System, this can be achieved by
> setting up @code{tor-service-type} (@pxref{Networking Services,
> @code{tor-service-type}}).”
> 
> Apart from these minor nits, LGTM!
> 
> Thanks,
> Ludo’.

Thanks. I was able to test it overnight and everything looks good. Patch
pushed finally!

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature