bin/parcimonie

   1 #!/usr/bin/perl
   2
   3 =head1 NAME
   4
   5 parcimonie - privacy-friendly helper to refresh a GnuPG keyring
   6
   7 =head1 VERSION
   8
   9 Version 0.11.0
  10
  11 =head1 SYNOPSIS
  12
  13 B<parcimonie> [options]
  14
  15 =head1 DESCRIPTION
  16
  17 parcimonie is a daemon that slowly refreshes a GnuPG public keyring
  18 from a keyserver.
  19
  20 Its refreshes one key at a time; between every key update, parcimonie
  21 sleeps a random amount of time, long enough for the previously used Tor
  22 circuit to expire.
  23
  24 This process is meant to make it hard for an attacker to correlate the
  25 multiple performed key update operations.
  26
  27 See the design.mdwn document to learn more about the threat and risk
  28 models parcimonie attempts to help coping with.
  29
  30 =head1 USAGE
  31
  32 1. Configure GnuPG to be able to use a keyserver with Tor.
  33
  34 If you already have configured a keyserver and you run Tor
  35 0.3.0.3-alpha-1 or newer from Debian, then parcimonie will probably
  36 work fine and you can skip this step. Otherwise, you will probably
  37 need to replace your keyserver with the one documented below, or to
  38 enable IPv6 traffic in your Tor client (by enabling the IPv6Traffic
  39 flag for your SocksPort).
  40
  41 Add to ~/.gnupg/dirmngr.conf something like:
  42
  43         keyserver hkp://jirk5u4osbsr34t5.onion
  44
  45 2. Run "parcimonie --verbose".
  46
  47 3. Check the output for misconfiguration or bugs.
  48
  49 4. Once happy, start the daemon without the --verbose option.
  50    Note: the Debian package automatically starts the daemon with your X session.
  51
  52 =head1 OPTIONS
  53
  54 The following command lists available options:
  55
  56     parcimonie --help
  57
  58 =head2 Tor configuration vs. --minimum-lapse-time
  59
  60 In case you set the Tor MaxCircuitDirtiness setting yourself, you
  61 probably want to pass parcimonie a matching --minimum-lapse-time
  62 option so that subsequent key fetches use different Tor circuits.
  63
  64 Just make sure this remains true:
  65
  66         minimum-lapse-time >= Tor MaxCircuitDirtiness
  67
  68 =head2 hkpms://
  69
  70 We recommend using hkpms; see http://web.monkeysphere.info/ for
  71 details. When a hkpms:// keyserver is being used, one needs to do two
  72 additional steps since gpgkeys_hkpms does not work in the torsocks
  73 wrapped environment parcimonie uses by default to run gpg.
  74
  75 =head3 Torify gpgkeys_hkpms
  76
  77 Just add the following line to gpg.conf:
  78
  79     keyserver-options http-proxy=socks://127.0.0.1:9050
  80
  81 =head3 Hey, parcimonie, gpg is already torified
  82
  83 Pass the --gnupg-already-torified switch to the parcimonie daemon
  84 command-line. parcimonie will then rely on the keyserver-options
  85 previously added to gpg.conf, and won't attempt to torify gpg
  86 connections itself.
  87
  88 =head1 AUTHOR
  89
  90 intrigeri <intrigeri@boum.org>
  91
  92 =head1 COPYRIGHT
  93
  94 Copyright (C) 2010-2018 intrigeri <intrigeri@boum.org>
  95
  96 =head1 LICENSE
  97
  98 Licensed under the same terms as Perl itself.
  99
 100 =head1 BUGS
 101
 102 Please report any bugs or feature requests to C<intrigeri at boum.org>.
 103
 104 =head1 SUPPORT
 105
 106 You can find documentation for parcimonie with the man command.
 107
 108     man parcimonie
 109
 110
 111 You can also look for information at:
 112
 113 =over 4
 114
 115 =item * parcimonie's homepage
 116
 117 L<https://gaffer.boum.org/intrigeri/code/parcimonie/>
 118
 119 =back
 120
 121 =cut
 122
 123 use strict;
 124 use warnings;
 125
 126 our $VERSION = '0.11.0';
 127
 128 use FindBin;
 129 use lib "$FindBin::Bin/../lib";
 130
 131 use Env qw{@PATH};
 132 unshift @PATH, "$FindBin::Bin";
 133
 134 use 5.10.0;
 135
 136 use Carp;
 137 use Try::Tiny;
 138
 139 my $mu;
 140 sub record_memory_usage { 1 }
 141 sub report_memory_usage { 1 }
 142
 143 my @options;
 144
 145 BEGIN {
 146     if (exists $ENV{REPORT_MEMORY_USAGE}
 147             && defined $ENV{REPORT_MEMORY_USAGE}
 148             && $ENV{REPORT_MEMORY_USAGE}) {
 149         try {
 150             require Memory::Usage;
 151         } catch {
 152             croak "Memory::Usage is needed when REPORT_MEMORY_USAGE is set."
 153         };
 154         $mu = Memory::Usage->new();
 155         no warnings 'redefine';
 156         *record_memory_usage = sub { $mu->record(shift) };
 157         *report_memory_usage = sub { $mu->dump() };
 158         push @options, ('memory_usage' => $mu);
 159     }
 160 }
 161
 162 $SIG{'INT'}  = $SIG{'TERM'} = sub { report_memory_usage(); exit(0); };
 163 $SIG{'USR1'} = sub { report_memory_usage(); };
 164
 165 record_memory_usage('starting work');
 166 record_memory_usage('before loading App::Parcimonie');
 167 require App::Parcimonie;
 168 App::Parcimonie->import();
 169 record_memory_usage('after loading App::Parcimonie');
 170
 171 record_memory_usage('before loading App::Parcimonie::Daemon');
 172 require App::Parcimonie::Daemon;
 173 App::Parcimonie::Daemon->import();
 174 record_memory_usage('after loading App::Parcimonie::Daemon');
 175
 176 App::Parcimonie::Daemon->new_with_options(@options)->run;
 177
 178 report_memory_usage();