[pkg-gnupg-maint] Bug#811549: gnupg2: trust-model tofu+pgp causes poor performance ( 58× slower)

brian m. carlson sandals at crustytoothpaste.net
Mon Jan 18 13:37:24 UTC 2016 

Package: gnupg2
Version: 2.1.10-3
Severity: normal

I have a rather large public keyring (97 MB).  This hasn't in the past
been an issue, especially with GnuPG 2.1.

The keybase client invokes gpg with the gpg2 --no-options -k
--with-fingerprint --with-colons flags.  After setting trust-model pgp,
running gpg2 --check-trustdb, and running that command, I get

  gpg2 --no-options -k --with-fingerprint --with-colons > /dev/null  3.04s user 0.10s system 95% cpu 3.296 total

This is reasonable for a 97 MB pubring.kbx.

Switching to trust-model tofu+pgp, running gpg2 --check-trustdb, and
running that command gives me (besides a whole bunch of "gpg: TOFU:
Ignoring revoked user id")

  gpg2 --no-options -k --with-fingerprint --with-colons > /dev/null  34.63s user 157.30s system 99% cpu 3:12.30 total

This is approximately 58 times slower.  This makes the keybase client
very slow and generally slows down other processes that might want to
enumerate keys.  Is there a way this could be sped up so the performance
impact is not so great?

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=es_US.UTF-8, LC_CTYPE=es_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnupg2 depends on:
ii  dpkg           1.18.4
ii  gnupg-agent    2.1.10-3
ii  install-info   6.0.0.dfsg.1-4
ii  libassuan0     2.4.2-2
ii  libbz2-1.0     1.0.6-8
ii  libc6          2.21-6
ii  libgcrypt20    1.6.4-4
ii  libgpg-error0  1.21-1
ii  libksba8       1.3.3-1
ii  libreadline6   6.3-8+b4
ii  libsqlite3-0   3.10.1-1
ii  zlib1g         1:1.2.8.dfsg-2+b1

Versions of packages gnupg2 recommends:
ii  dirmngr  2.1.10-3

Versions of packages gnupg2 suggests:
pn  gnupg-doc   <none>
pn  parcimonie  <none>
ii  xloadimage  4.1-23+b1

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160118/11764f82/attachment.sig>

More information about the pkg-gnupg-maint mailing list