[PATCH] home: Add parcimonie service.

  • Done
  • quality assurance status badge
Details
2 participants
  • Efraim Flashner
  • Ludovic Courtès
Owner
unassigned
Submitted by
Efraim Flashner
Severity
normal
E
E
Efraim Flashner wrote on 24 Jul 2023 21:03
(address . guix-patches@gnu.org)(name . Efraim Flashner)(address . efraim@flashner.co.il)
af0935b839d3424f7b7c48e4455cb3921d0bb877.1690225383.git.efraim@flashner.co.il
* gnu/home/services/gnupg.scm (home-parcimonie-service-type,
home-parcimonie-configuration): New variables.
* doc/guix.texi (GNU Privacy Guard): Document it.
---
doc/guix.texi | 55 ++++++++++++++++++++++++
gnu/home/services/gnupg.scm | 86 ++++++++++++++++++++++++++++++++++++-
2 files changed, 139 insertions(+), 2 deletions(-)

Toggle diff (186 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 585baf358f..bc86c58cdb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -43679,6 +43679,61 @@ GNU Privacy Guard
@end deftp
+@cindex Parcimonie, Home service
+The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
+public key from a keyserver. Its refreshes one key at a time; between every
+key update parcimonie sleeps a random amount of time, long enough for the
+previously used Tor circuit to expire. This process is meant to make it hard
+for an attacker to correlate the multiple performed key update operations.
+
+As an example, here is how you would configure @code{parcimonie} to refresh the
+keys in your GnuPG keyring, as well as those keyrings created by Guix, such as
+when running @code{guix import}:
+
+@lisp
+(service home-parcimonie-service-type
+ (home-parcimonie-configuration
+ (refresh-guix-keyrings? #t)))
+@end lisp
+
+The service reference is given below.
+
+@defvar parcimonie-service-type
+This is the service type for @command{parcimonie}
+(@uref{https://salsa.debian.org/intrigeri/parcimonie, Parcimonie's web site}).
+Its value must be a @code{home-parcimonie-configuration}, as shown below.
+@end defvar
+
+@c %start of fragment
+
+@deftp {Data Table} home-parcimonie-configuration
+Available @code{home-parcimonie-configuration} fields are:
+
+@table @asis
+@item @code{parcimonie} (default: @code{parcimonie}) (type: file-like)
+The parcimonie package to use.
+
+@item @code{verbose?} (default: @code{#f}) (type: boolean)
+Whether to have more verbose logging from the service.
+
+@item @code{gnupg-already-torified?} (default: @code{#f}) (type: boolean)
+Whether GnuPG is already configured to pass all traffic through
+@uref{https://torproject.org, Tor}.
+
+@item @code{dbus?} (default: @code{#f}) (type: boolean)
+Whether to send activity updates through D-Bus.
+
+@item @code{refresh-guix-keyrings?} (default: @code{#f}) (type: boolean)
+Guix creates a few keyrings in the @var{$XDG_CONFIG_DIR}, such as when running
+@code{guix import} (@pxref{Invoking guix import}). Setting this to @code{#t}
+will also refresh any keyrings which Guix has created.
+
+@item @code{extra-content} (default: @code{#f}) (type: raw-configuration-string)
+Raw content to add to the parcimonie command.
+
+@end table
+
+@end deftp
@c %end of fragment
diff --git a/gnu/home/services/gnupg.scm b/gnu/home/services/gnupg.scm
index 7e9e02a3cc..9b66f7b1cf 100644
--- a/gnu/home/services/gnupg.scm
+++ b/gnu/home/services/gnupg.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2023 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -23,7 +24,7 @@ (define-module (gnu home services gnupg)
#:use-module (gnu services configuration)
#:use-module (gnu home services)
#:use-module (gnu home services shepherd)
- #:autoload (gnu packages gnupg) (gnupg pinentry)
+ #:autoload (gnu packages gnupg) (gnupg pinentry parcimonie)
#:export (home-gpg-agent-configuration
home-gpg-agent-configuration?
home-gpg-agent-configuration-gnupg
@@ -34,7 +35,17 @@ (define-module (gnu home services gnupg)
home-gpg-agent-configuration-max-cache-ttl-ssh
home-gpg-agent-configuration-extra-content
- home-gpg-agent-service-type))
+ home-gpg-agent-service-type
+
+ home-parcimonie-configuration
+ home-parcimonie-configuration?
+ home-parcimonie-configuration-parcimonie
+ home-parcimonie-configuration-gnupg-already-torified?
+ home-parcimonie-configuration-with-dbus?
+ home-parcimonie-configuration-refresh-guix-keyrings?
+ home-parcimonie-configuration-extra-content
+
+ home-parcimonie-service-type))
(define raw-configuration-string? string?)
@@ -148,3 +159,74 @@ (define home-gpg-agent-service-type
managing OpenPGP and optionally SSH private keys. When SSH support is
enabled, @command{gpg-agent} acts as a drop-in replacement for OpenSSH's
@command{ssh-agent}.")))
+
+(define-configuration/no-serialization home-parcimonie-configuration
+ (parcimonie
+ (file-like parcimonie)
+ "The parcimonie package to use.")
+ (verbose?
+ (boolean #f)
+ "Provide extra output to the log file.")
+ (gnupg-aleady-torified?
+ (boolean #f)
+ "GnuPG is already configured to use tor and parcimonie won't attempt to use
+tor directly.")
+ (dbus?
+ (boolean #f)
+ "Send activity updates on the org.parcimonie.daemon D-Bus service.")
+ (refresh-guix-keyrings?
+ (boolean #f)
+ "Also refresh any Guix keyrings found in the XDG_CONFIG_DIR.")
+ (extra-content
+ (raw-configuration-string "")
+ "Raw content to add to the parcimonie service."))
+
+(define (home-parcimonie-shepherd-service config)
+ "Return a user service to run parcimonie."
+ (match-record config <home-parcimonie-configuration>
+ (parcimonie verbose? gnupg-aleady-torified? dbus?
+ refresh-guix-keyrings? extra-content)
+ (let ((log-file #~(string-append %user-log-dir "/parcimonie.log")))
+ (list (shepherd-service
+ (provision '(parcimonie))
+ (modules '((shepherd support) ;for '%user-log-dir'
+ (guix build utils)
+ (srfi srfi-1)))
+ (start #~(make-forkexec-constructor
+ (cons*
+ #$(file-append parcimonie "/bin/parcimonie")
+ #$@(if verbose?
+ '("--verbose")
+ '())
+ #$@(if gnupg-aleady-torified?
+ '("--gnupg_already_torified")
+ '())
+ #$@(if dbus?
+ '("--with_dbus")
+ '())
+ #$@(if (not (string=? extra-content ""))
+ (list extra-content)
+ '())
+ #$@(if refresh-guix-keyrings?
+ '((append-map
+ (lambda (item)
+ (list (string-append "--gnupg_extra_options="
+ "--keyring=" item)))
+ (find-files
+ (string-append (getenv "XDG_CONFIG_HOME") "/guix")
+ "^trustedkeys\\.kbx$")))
+ '((list))))
+ #:log-file #$log-file))
+ (stop #~(make-kill-destructor))
+ (respawn? #t)
+ (documentation "Incrementally refresh gnupg keyring over Tor"))))))
+
+(define home-parcimonie-service-type
+ (service-type
+ (name 'home-parcimonie)
+ (extensions
+ (list (service-extension home-shepherd-service-type
+ home-parcimonie-shepherd-service)))
+ (default-value (home-parcimonie-configuration))
+ (description
+ "Incrementally refresh GnuPG keyrings over Tor.")))

base-commit: 3adde30af52d4be347d610c0bdd543e0fdd6d64d
--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
L
L
Ludovic Courtès wrote on 16 Aug 2023 22:32
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 64838@debbugs.gnu.org)
878raa4tk8.fsf@gnu.org
Hello,

Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (4 lines)
> * gnu/home/services/gnupg.scm (home-parcimonie-service-type,
> home-parcimonie-configuration): New variables.
> * doc/guix.texi (GNU Privacy Guard): Document it.

Very nice!

Toggle quote (2 lines)
> +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
> +public key from a keyserver. Its refreshes one key at a time; between every
^
“It”

Toggle quote (4 lines)
> +key update parcimonie sleeps a random amount of time, long enough for the
> +previously used Tor circuit to expire. This process is meant to make it hard
> +for an attacker to correlate the multiple performed key update operations.

Maybe: “to correlate the multiple key updates.”

Toggle quote (10 lines)
> +As an example, here is how you would configure @code{parcimonie} to refresh the
> +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as
> +when running @code{guix import}:
> +
> +@lisp
> +(service home-parcimonie-service-type
> + (home-parcimonie-configuration
> + (refresh-guix-keyrings? #t)))
> +@end lisp

Maybe add: “This assumes that the Tor anonymous routing daemon is
already running on your system. On Guix System, this can be achieved by
setting up @code{tor-service-type} (@pxref{Networking Services,
@code{tor-service-type}}).”

Apart from these minor nits, LGTM!

Thanks,
Ludo’.
E
E
Efraim Flashner wrote on 18 Aug 2023 15:24
(name . Ludovic Courtès)(address . ludo@gnu.org)
ZN9xF43KWuLVZFmK@pbp
On Wed, Aug 16, 2023 at 10:32:23PM +0200, Ludovic Courtès wrote:
Toggle quote (38 lines)
> Hello,
>
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > * gnu/home/services/gnupg.scm (home-parcimonie-service-type,
> > home-parcimonie-configuration): New variables.
> > * doc/guix.texi (GNU Privacy Guard): Document it.
>
> Very nice!
>
> > +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
> > +public key from a keyserver. Its refreshes one key at a time; between every
> ^
> “It”
>
> > +key update parcimonie sleeps a random amount of time, long enough for the
> > +previously used Tor circuit to expire. This process is meant to make it hard
> > +for an attacker to correlate the multiple performed key update operations.
>
> Maybe: “to correlate the multiple key updates.”
>
> > +As an example, here is how you would configure @code{parcimonie} to refresh the
> > +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as
> > +when running @code{guix import}:
> > +
> > +@lisp
> > +(service home-parcimonie-service-type
> > + (home-parcimonie-configuration
> > + (refresh-guix-keyrings? #t)))
> > +@end lisp
>
> Maybe add: “This assumes that the Tor anonymous routing daemon is
> already running on your system. On Guix System, this can be achieved by
> setting up @code{tor-service-type} (@pxref{Networking Services,
> @code{tor-service-type}}).”
>
> Apart from these minor nits, LGTM!

Thanks.

Apparently the dbus integration was for the parcimonie applet, but
that's been deprecated so I'll remove that option. Also I think I need
to test the service once or twice more, I need to make sure the
append-map bits work as expected and it doesn't make an extra list. I'll
push it once I've taken care of those bits.

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmTfcRYACgkQQarn3Mo9
g1EIFQ/8Duf5JSMqQ5euovkZGjxhE4KuiY9Xl9iqWfeX6jorRDfUKbMYnjCysv3x
mnPp3v9U4NzoGFkWjwQXPwdhsCyNh/FwkWcufhW8WO+dy4PKGtk2Qd9Gd73xdy1V
MJiIyW3N86SmyvXPZXxyAn6BcjhlJFBuXd1SU8nc1K12vheCo0Qt0RJyyZ+kp8yG
+v4VrrQ+Bg3KvM5vecvsn11ZG2mWoHEPw3k9RZDsBjrY0IqSPGTrBIfHlGKpA6XL
I133drafY13I478h9vfUw6MhRW9sVTcdibwkvTNW9mDwuIvti1EZMQNGv1hcZTU4
rHawUhKWd5VPn1rpTWNGLSocg0PvKQqh1HIM/Q+G7MEfefigpGNWTXE1Qpy9j6nK
psYA3T+ha/Jqjonz1A780KJ7xCdzyqfsR3qUi6NvRssz0BfsrPRS0w9O/LG+bXG1
WO4p/jAuij25eA/0NSdvKRaaSqI6Pb1h2oZuwCnF6+6yj6qMl3lYoMpc3hp6+zxx
DUM9piowFz4eGbS7Xf5F864yvDHVmj7M1KD6pxI3IcTQNpZ78T5/5HbnasAxF9Ot
oijqDIY7+iA7H4TDrPoW/mSVMXnZsCUWNAo2hWuiOEsDvBL+GVArmAz4bUICwCcE
x8tL2w9WFUhnZr635Co+WXjXSU+KbKcJ2zb6J3m2ffXncSXgIi8=
=XbvP
-----END PGP SIGNATURE-----


E
E
Efraim Flashner wrote on 4 Sep 2023 10:21
(name . Ludovic Courtès)(address . ludo@gnu.org)
ZPWTo3c9WBiocOnp@pbp
On Wed, Aug 16, 2023 at 10:32:23PM +0200, Ludovic Courtès wrote:
Toggle quote (41 lines)
> Hello,
>
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > * gnu/home/services/gnupg.scm (home-parcimonie-service-type,
> > home-parcimonie-configuration): New variables.
> > * doc/guix.texi (GNU Privacy Guard): Document it.
>
> Very nice!
>
> > +The @code{parcimonie} service runs a daemon that slowly refreshes a GnuPG
> > +public key from a keyserver. Its refreshes one key at a time; between every
> ^
> “It”
>
> > +key update parcimonie sleeps a random amount of time, long enough for the
> > +previously used Tor circuit to expire. This process is meant to make it hard
> > +for an attacker to correlate the multiple performed key update operations.
>
> Maybe: “to correlate the multiple key updates.”
>
> > +As an example, here is how you would configure @code{parcimonie} to refresh the
> > +keys in your GnuPG keyring, as well as those keyrings created by Guix, such as
> > +when running @code{guix import}:
> > +
> > +@lisp
> > +(service home-parcimonie-service-type
> > + (home-parcimonie-configuration
> > + (refresh-guix-keyrings? #t)))
> > +@end lisp
>
> Maybe add: “This assumes that the Tor anonymous routing daemon is
> already running on your system. On Guix System, this can be achieved by
> setting up @code{tor-service-type} (@pxref{Networking Services,
> @code{tor-service-type}}).”
>
> Apart from these minor nits, LGTM!
>
> Thanks,
> Ludo’.

Thanks. I was able to test it overnight and everything looks good. Patch
pushed finally!

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmT1k6IACgkQQarn3Mo9
g1Eo/hAAuH/20pWjcADDHisBDd8HUtnVStf0z4wBhgDAYpOWngfuXnIlUV3KKd3y
Of1Qt18X3QZAhakzoH9HbSy8a716WD0U+qICHXkMHTO4kyJcb1NZxF7+M1j+GLO7
yNHcJfsvz3h40WDWbp4I2Tlq4hcEcV/7q1yYBJTV0TaRocvh+OEAbrurGy5Vm/TN
ncIN22hI4OujDAnG6ks5HUtv2V3QZOblVFMyMEIAzWfyT9K608MJFbdLhio+n8LA
Xqt8n/CUOlLNg6ie6fXIKdEQ1wb/qxT25xQ5Mcq5mNznSl44iyv96U1rcPlqEOSC
y5WgbLbamAptN8OmaMmPJsUqlueNn9GKZP//XnLxSTmquIt8oT0YFBG8KZ3O4GQ+
wUgEes+5dTfNfkVRv/jfxG55SZOWtXvE1wY8y40aVx5+bKlVNl207bBuBdfvwTvV
MBp9pPYp7YCVA15a57LLbUS12XtB9ree2ZnEp7xdzl8R8XdeU3A00JTfcAYaV/o3
PjekXtqxLZHe5x+qXDLG6QBk45I/Iu7jxk8ZX2w+kSuqIHEY3VeblJ/P3owV7tv1
63FrDNvLYeJx7DSwRnvCt1cKOlCQr4ESdE6WFC5yQNu98vph9CMSE0a22FkCMW6D
ep+85dLt5vSVF7E9xytxO3u0+bOgVaHUig65DGjMo2hg6rayDs4=
=jjTU
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 64838@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 64838
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch