NetBSD Problem Report #57993
From www@netbsd.org Sun Mar 3 14:40:06 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 0AC4A1A9239
for <gnats-bugs@gnats.NetBSD.org>; Sun, 3 Mar 2024 14:40:06 +0000 (UTC)
Message-Id: <20240303144005.177051A923A@mollari.NetBSD.org>
Date: Sun, 3 Mar 2024 14:40:05 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: certctl(8) is too slow
X-Send-Pr-Version: www-1.0
>Number: 57993
>Category: bin
>Synopsis: certctl(8) is too slow
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 03 14:45:01 +0000 2024
>Last-Modified: Mon Mar 11 17:15:01 +0000 2024
>Originator: Taylor R Campbell
>Release: current, 10
>Organization:
The CertBSD Installation
>Environment:
>Description:
`certctl rehash' took several minutes to run in my aarch64 qemu VM -- that's way too slow. `certctl list' alone takes over a minute.
A lot of the time is spent in running vis subprocesses, which it uses to guarantee safe operation as a shell script even if you put funny characters in your certificate file names. Not sure there's a good way to speed that up without losing the safety (short of rewriting it in C).
Looks like the basename subprocesses in list_default_trusted can be elided with judicious shell parameter expansion, though.
>How-To-Repeat:
run certctl on a slow machine
>Fix:
Yes, please!
>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57993 CVS commit: src/usr.sbin/certctl
Date: Sun, 3 Mar 2024 15:53:55 +0000
Module Name: src
Committed By: riastradh
Date: Sun Mar 3 15:53:55 UTC 2024
Modified Files:
src/usr.sbin/certctl: certctl.sh
Log Message:
certctl(8): Avoid basename(1).
Saves some time running subprocesses. Since this is only used for
non-directories (i.e., there's never trailing / on the inputs), it
suffices to delete the longest prefix matching glob `*/' with shell
parameter expansion -- much cheaper than spawning a subprocess.
Shaves off about 1/3 of the time spent in `certctl list' on an
aarch64 VM in qemu.
PR bin/57993
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/usr.sbin/certctl/certctl.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57993 CVS commit: [netbsd-10] src/usr.sbin/certctl
Date: Mon, 11 Mar 2024 17:12:53 +0000
Module Name: src
Committed By: martin
Date: Mon Mar 11 17:12:53 UTC 2024
Modified Files:
src/usr.sbin/certctl [netbsd-10]: certctl.sh
Log Message:
Pull up following revision(s) (requested by riastradh in ticket #621):
usr.sbin/certctl/certctl.sh: revision 1.6
certctl(8): Avoid basename(1).
Saves some time running subprocesses. Since this is only used for
non-directories (i.e., there's never trailing / on the inputs), it
suffices to delete the longest prefix matching glob `*/' with shell
parameter expansion -- much cheaper than spawning a subprocess.
Shaves off about 1/3 of the time spent in `certctl list' on an
aarch64 VM in qemu.
PR bin/57993
To generate a diff of this commit:
cvs rdiff -u -r1.4.2.3 -r1.4.2.4 src/usr.sbin/certctl/certctl.sh
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.