[git] GnuPG - branch, master, updated. gnupg-2.1.5-17-g0948c4f
by Werner Koch
cvs at cvs.gnupg.org
Sat Jun 20 15:07:58 CEST 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via 0948c4f217308ffa0ec61ce189d387fd61b02bbd (commit)
via 6500f338a35f4148606480c79f3a0c1b0d15f13a (commit)
via 53e9b86085ac70ede8a0b1de9018ccbfe55b0932 (commit)
via 663a31f1ea2fc5a43c822e916cf20fece5243851 (commit)
from c5604eeee4b64a44a1ca1d517ace14fc1cbda298 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0948c4f217308ffa0ec61ce189d387fd61b02bbd
Author: Werner Koch <wk at gnupg.org>
Date: Sat Jun 20 15:05:32 2015 +0200
gpg: Print number of good signatures with --check-sigs.
* g10/keylist.c (keylist_context): Add field good_sigs.
(list_keyblock_print): Updated good_sigs.
(print_signature_stats): Print number of good signatures and use
log_info instead of tty_printf.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/keylist.c b/g10/keylist.c
index 2cd988d..d4e572e 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -53,6 +53,7 @@ static void print_card_serialno (const char *serialno);
struct keylist_context
{
int check_sigs; /* If set signatures shall be verified. */
+ int good_sigs; /* Counter used if CHECK_SIGS is set. */
int inv_sigs; /* Counter used if CHECK_SIGS is set. */
int no_key; /* Counter used if CHECK_SIGS is set. */
int oth_err; /* Counter used if CHECK_SIGS is set. */
@@ -439,19 +440,25 @@ print_signature_stats (struct keylist_context *s)
if (!s->check_sigs)
return; /* Signature checking was not requested. */
+ if (s->good_sigs == 1)
+ log_info (_("1 good signature\n"));
+ else if (s->good_sigs)
+ log_info (_("%d good signatures\n"), s->good_sigs);
+
if (s->inv_sigs == 1)
- tty_printf (_("1 bad signature\n"));
+ log_info (_("1 bad signature\n"));
else if (s->inv_sigs)
- tty_printf (_("%d bad signatures\n"), s->inv_sigs);
+ log_info (_("%d bad signatures\n"), s->inv_sigs);
+
if (s->no_key == 1)
- tty_printf (_("1 signature not checked due to a missing key\n"));
+ log_info (_("1 signature not checked due to a missing key\n"));
else if (s->no_key)
- tty_printf (_("%d signatures not checked due to missing keys\n"),
- s->no_key);
+ log_info (_("%d signatures not checked due to missing keys\n"), s->no_key);
+
if (s->oth_err == 1)
- tty_printf (_("1 signature not checked due to an error\n"));
+ log_info (_("1 signature not checked due to an error\n"));
else if (s->oth_err)
- tty_printf (_("%d signatures not checked due to errors\n"), s->oth_err);
+ log_info (_("%d signatures not checked due to errors\n"), s->oth_err);
}
@@ -1138,6 +1145,7 @@ list_keyblock_print (KBNODE keyblock, int secret, int fpr,
switch (gpg_err_code (rc))
{
case 0:
+ listctx->good_sigs++;
sigrc = '!';
break;
case GPG_ERR_BAD_SIGNATURE:
commit 6500f338a35f4148606480c79f3a0c1b0d15f13a
Author: Werner Koch <wk at gnupg.org>
Date: Sat Jun 20 15:03:32 2015 +0200
gpg: Improve speed of --check-sigs and --lish-sigs.
* g10/keydb.c (kid_list_t): New.
(kid_not_found_table, n_kid_not_found_table): New.
(kid_not_found_p, kid_not_found_insert, kid_not_found_flush): New.
(keydb_insert_keyblock): Flush the new cache.
(keydb_delete_keyblock): Ditto.
(keydb_update_keyblock): Ditto.
(keydb_search): Use the new cache.
(keydb_dump_stats): New.
* g10/gpg.c (g10_exit): Dump keydb stats.
--
What we do here is to keep track of key searches by long keyids (as
stored in all signatures) so that we do not need to scan the keybox
again after we already found that this keyid will result in
not-found. As soon as we change gpg to run as a co-process we should
store this table per session because other instances of gpg may have
updated the keybox without us knowing.
On a test ring with
gpg: 94721 good signatures
gpg: 6831 bad signatures
gpg: 150703 signatures not checked due to missing keys
gpg: 5 signatures not checked due to errors
gpg: keydb: kid_not_found_table: total: 14132
this new cache speeds a --check-sigs listing up from 28 minutes to
less than 3 minutes.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/g10/gpg.c b/g10/gpg.c
index b7b81c9..eebb668 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -4361,8 +4361,10 @@ g10_exit( int rc )
gcry_control (GCRYCTL_UPDATE_RANDOM_SEED_FILE);
if (DBG_CLOCK)
log_clock ("stop");
+
if ( (opt.debug & DBG_MEMSTAT_VALUE) )
{
+ keydb_dump_stats ();
gcry_control (GCRYCTL_DUMP_MEMORY_STATS);
gcry_control (GCRYCTL_DUMP_RANDOM_STATS);
}
diff --git a/g10/keydb.c b/g10/keydb.c
index 6c79903..71ea113 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -75,6 +75,24 @@ struct keydb_handle
};
+/* This object is used to keep a list of keyids in a linked list. */
+typedef struct kid_list_s
+{
+ struct kid_list_s *next;
+ u32 kid[2];
+} *kid_list_t;
+
+/* To avoid looking up a key by keyid where we know that it does not
+ yet exist, we keep a table of keyids where a search resulted in
+ not-found. This improves the --list-sigs and --check-sigs commands
+ substantively. To avoid extra complexity we clear the entire table
+ on any inert or update operation. The array is indexed by the
+ LSByte of the keyid. N_KID_NOT_FOUND_TABLE is the nu,ber of keys
+ in the table. */
+static kid_list_t kid_not_found_table[256];
+static unsigned int n_kid_not_found_table;
+
+
/* This is a simple cache used to return the last result of a
successful fingerprint search. This works only for keybox resources
because (due to lack of a copy_keyblock function) we need to store
@@ -100,6 +118,61 @@ static int lock_all (KEYDB_HANDLE hd);
static void unlock_all (KEYDB_HANDLE hd);
+/* Return true if the keyid KID is in the table of keyids whcih were
+ not found in a previous searches. */
+static int
+kid_not_found_p (u32 *kid)
+{
+ kid_list_t k;
+
+ for (k = kid_not_found_table[kid[0] % 256]; k; k = k->next)
+ if (k->kid[0] == kid[0] && k->kid[1] == kid[1])
+ return 1;
+ return 0;
+}
+
+
+/* Put the keyid KID into the table of keyids whcih were not found in
+ previous searches. Note that there is no check whether the keyid
+ is already in the table, thus kid_not_found_p() should be used prior. */
+static void
+kid_not_found_insert (u32 *kid)
+{
+ kid_list_t k;
+
+ k = xmalloc (sizeof *k);
+ k->kid[0] = kid[0];
+ k->kid[1] = kid[1];
+ k->next = kid_not_found_table[kid[0]%256];
+ kid_not_found_table[kid[0]%256] = k;
+ n_kid_not_found_table++;
+}
+
+
+/* Flush the entire table of keyids whche were not found in previous
+ searches. */
+static void
+kid_not_found_flush (void)
+{
+ kid_list_t k, knext;
+ int i;
+
+ if (!n_kid_not_found_table)
+ return;
+
+ for (i=0; i < DIM(kid_not_found_table); i++)
+ {
+ for (k = kid_not_found_table[i]; k; k = knext)
+ {
+ knext = k->next;
+ xfree (k);
+ }
+ kid_not_found_table[i] = NULL;
+ }
+ n_kid_not_found_table = 0;
+}
+
+
static void
keyblock_cache_clear (void)
{
@@ -529,6 +602,12 @@ keydb_add_resource (const char *url, unsigned int flags)
}
+void
+keydb_dump_stats (void)
+{
+ if (n_kid_not_found_table)
+ log_info ("keydb: kid_not_found_table: total: %u\n", n_kid_not_found_table);
+}
KEYDB_HANDLE
@@ -1151,6 +1230,7 @@ keydb_update_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
if (!hd)
return gpg_error (GPG_ERR_INV_ARG);
+ kid_not_found_flush ();
keyblock_cache_clear ();
if (hd->found < 0 || hd->found >= hd->used)
@@ -1204,6 +1284,7 @@ keydb_insert_keyblock (KEYDB_HANDLE hd, kbnode_t kb)
if (!hd)
return gpg_error (GPG_ERR_INV_ARG);
+ kid_not_found_flush ();
keyblock_cache_clear ();
if (opt.dry_run)
@@ -1266,6 +1347,7 @@ keydb_delete_keyblock (KEYDB_HANDLE hd)
if (!hd)
return gpg_error (GPG_ERR_INV_ARG);
+ kid_not_found_flush ();
keyblock_cache_clear ();
if (hd->found < 0 || hd->found >= hd->used)
@@ -1509,6 +1591,15 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
if (DBG_CACHE)
dump_search_desc (hd, "keydb_search", desc, ndesc);
+
+ if (ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID
+ && kid_not_found_p (desc[0].u.kid))
+ {
+ if (DBG_CLOCK)
+ log_clock ("keydb_search leave (not found, cached)");
+ return gpg_error (GPG_ERR_NOT_FOUND);
+ }
+
/* NB: If one of the exact search modes below is used in a loop to
walk over all keys (with the same fingerprint) the caching must
have been disabled for the handle. */
@@ -1567,6 +1658,12 @@ keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc,
memcpy (keyblock_cache.fpr, desc[0].u.fpr, 20);
}
+ if (gpg_err_code (rc) == GPG_ERR_NOT_FOUND
+ && ndesc == 1 && desc[0].mode == KEYDB_SEARCH_MODE_LONG_KID)
+ {
+ kid_not_found_insert (desc[0].u.kid);
+ }
+
if (DBG_CLOCK)
log_clock (rc? "keydb_search leave (not found)"
: "keydb_search leave (found)");
diff --git a/g10/keydb.h b/g10/keydb.h
index 0e3816f..1aa4e0e 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -132,6 +132,7 @@ union pref_hint
#define KEYDB_RESOURCE_FLAG_READONLY 8 /* Open in read only mode. */
gpg_error_t keydb_add_resource (const char *url, unsigned int flags);
+void keydb_dump_stats (void);
KEYDB_HANDLE keydb_new (void);
void keydb_release (KEYDB_HANDLE hd);
@@ -154,6 +155,7 @@ gpg_error_t keydb_search_next (KEYDB_HANDLE hd);
gpg_error_t keydb_search_kid (KEYDB_HANDLE hd, u32 *kid);
gpg_error_t keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr);
+
/*-- pkclist.c --*/
void show_revocation_reason( PKT_public_key *pk, int mode );
int check_signatures_trust( PKT_signature *sig );
commit 53e9b86085ac70ede8a0b1de9018ccbfe55b0932
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 19 16:59:46 2015 +0200
gpg: Add more log_clock calls to keydb.c
* g10/keydb.c (keydb_get_keyblock): Add log_clock calls.
diff --git a/g10/keydb.c b/g10/keydb.c
index 2d1e07c..6c79903 100644
--- a/g10/keydb.c
+++ b/g10/keydb.c
@@ -980,6 +980,9 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
if (!hd)
return gpg_error (GPG_ERR_INV_ARG);
+ if (DBG_CLOCK)
+ log_clock ("keydb_get_keybock enter");
+
if (keyblock_cache.state == KEYBLOCK_CACHE_FILLED)
{
iobuf_seek (keyblock_cache.iobuf, 0);
@@ -990,6 +993,9 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
ret_kb);
if (err)
keyblock_cache_clear ();
+ if (DBG_CLOCK)
+ log_clock (err? "keydb_get_keyblock leave (cached, failed)"
+ : "keydb_get_keyblock leave (cached)");
return err;
}
@@ -1037,6 +1043,9 @@ keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
if (keyblock_cache.state != KEYBLOCK_CACHE_FILLED)
keyblock_cache_clear ();
+ if (DBG_CLOCK)
+ log_clock (err? "keydb_get_keyblock leave (failed)"
+ : "keydb_get_keyblock leave");
return err;
}
commit 663a31f1ea2fc5a43c822e916cf20fece5243851
Author: Werner Koch <wk at gnupg.org>
Date: Fri Jun 19 14:56:46 2015 +0200
gpg: Print available debug flags using "--debug-level help".
* g10/gpg.c (set_debug): Add "help" option and use a table for the
flags.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 6fcfe58..83dbda7 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2320,6 +2320,8 @@ a numeric value or by a keyword:
All of the debug messages you can get. A value greater than 8 may be
used instead of the keyword. The creation of hash tracing files is
only enabled if the keyword is used.
+ @item help
+ List all available debug flags (see @option{debug}) and stop.
@end table
How these messages are mapped to the actual debugging flags is not
diff --git a/g10/gpg.c b/g10/gpg.c
index 5eae240..b7b81c9 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -1084,8 +1084,27 @@ set_opt_session_env (const char *name, const char *value)
static void
set_debug (const char *level)
{
+ static struct { unsigned short val; const char *name; } flags [] = {
+ { DBG_PACKET_VALUE , "packet" },
+ { DBG_MPI_VALUE , "mpi" },
+ { DBG_CRYPTO_VALUE , "crypto" },
+ { DBG_FILTER_VALUE , "filter" },
+ { DBG_IOBUF_VALUE , "iobuf" },
+ { DBG_MEMORY_VALUE , "memory" },
+ { DBG_CACHE_VALUE , "cache" },
+ { DBG_MEMSTAT_VALUE, "memstat" },
+ { DBG_TRUST_VALUE , "trust" },
+ { DBG_HASHING_VALUE, "hashing" },
+ { DBG_CARD_IO_VALUE, "cardio" },
+ { DBG_IPC_VALUE , "ipc" },
+ { DBG_CLOCK_VALUE , "clock" },
+ { DBG_LOOKUP_VALUE , "lookup"},
+ { DBG_EXTPROG_VALUE, "extprog" },
+ { 0, NULL }
+ };
int numok = (level && digitp (level));
int numlvl = numok? atoi (level) : 0;
+ int i;
if (!level)
;
@@ -1108,10 +1127,26 @@ set_debug (const char *level)
if (numok)
opt.debug &= ~(DBG_HASHING_VALUE);
}
+ else if (!strcmp (level, "help"))
+ {
+ es_printf ("Available debug flags:\n");
+ for (i=0; flags[i].name; i++)
+ es_printf (" %5hu %s\n", flags[i].val, flags[i].name);
+ g10_exit (0);
+ }
else
{
- log_error (_("invalid debug-level '%s' given\n"), level);
- g10_exit (2);
+ for (i=0; flags[i].name; i++)
+ if (!strcmp (level, flags[i].name))
+ {
+ opt.debug |= flags[i].val;
+ break;
+ }
+ if (!flags[i].name)
+ {
+ log_error (_("invalid debug-level '%s' given\n"), level);
+ g10_exit (2);
+ }
}
if (opt.debug & DBG_MEMORY_VALUE )
@@ -1127,22 +1162,13 @@ set_debug (const char *level)
gcry_control (GCRYCTL_SET_VERBOSITY, (int)opt.verbose);
if (opt.debug)
- log_info ("enabled debug flags:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n",
- (opt.debug & DBG_PACKET_VALUE )? " packet":"",
- (opt.debug & DBG_MPI_VALUE )? " mpi":"",
- (opt.debug & DBG_CRYPTO_VALUE )? " crypto":"",
- (opt.debug & DBG_FILTER_VALUE )? " filter":"",
- (opt.debug & DBG_IOBUF_VALUE )? " iobuf":"",
- (opt.debug & DBG_MEMORY_VALUE )? " memory":"",
- (opt.debug & DBG_CACHE_VALUE )? " cache":"",
- (opt.debug & DBG_MEMSTAT_VALUE)? " memstat":"",
- (opt.debug & DBG_TRUST_VALUE )? " trust":"",
- (opt.debug & DBG_HASHING_VALUE)? " hashing":"",
- (opt.debug & DBG_EXTPROG_VALUE)? " extprog":"",
- (opt.debug & DBG_CARD_IO_VALUE)? " cardio":"",
- (opt.debug & DBG_IPC_VALUE )? " ipc":"",
- (opt.debug & DBG_CLOCK_VALUE )? " clock":"",
- (opt.debug & DBG_LOOKUP_VALUE )? " lookup":"");
+ {
+ log_info ("enabled debug flags:");
+ for (i=0; flags[i].name; i++)
+ if ((opt.debug & flags[i].val))
+ log_printf (" %s", flags[i].name);
+ log_printf ("\n");
+ }
}
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 2 ++
g10/gpg.c | 64 +++++++++++++++++++++++++----------
g10/keydb.c | 106 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
g10/keydb.h | 2 ++
g10/keylist.c | 22 ++++++++----
5 files changed, 171 insertions(+), 25 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list