We need to set GNUPG_KEYSERVER_OPTIONS and pass something to address
EtiennePerot/parcimonie.sh#15
I set no-honor-keyserver-url in my gpg.conf anyway. I think the option
makes sense, so we'll use that until the parcimonie issue is resolved.
This is used in parcimonie's delay computation function to determine
frequency of key refresh. It defaults to 1 (ie, the computer is online
100% of the time). Spark targets laptops. For a laptop which is off at
night and moving with the user between home and work, 70% seems
reasonable. Maybe still high. We'll start here and tweak as needed.
Hooking into tor's nmtrust config seems to make sense. I don't know if
someone would want to run tor and not this, and you can't run this and
not tor.
This does introduce a new requirement for nmtrust that we haven't seen
before: tor must be started before parcimonie for it to work. Given the
order of the tasks, spark will cause parcimonie to be added to the
trusted unit file after tor, which means we should be good here. But if
a user were to manually edit the file, placing parcimonie above tor, it
would not work. I'm not sure I really want to deal with that problem.
We're running parcimonie for the primary user rather than using the
special `all-users.conf` that parcimonie ships with. That would cause
parcimonie to run for all users who have a ~~/.gnupg`, which in our case
includes root. Running this as root seems like a Bad Idea.
