--check-trustdb very slow (2+ hours) for large keyrings (6k keys, 906k sigs)
Robin H. Johnson
robbat2 at gentoo.org
Mon Jun 20 06:42:36 CEST 2011
I need a way to speed up the trustdb check. As my keyring has grown over the
years, it's become intractably slow. I already have no-auto-check-trustdb, and
normally do a weekly check, but whenever I sign a key (at least once a week),
GPG requires a trustdb check before the trust are usable for that key.
How big is my keyring?
$ time gpg --with-colon --fast-list-mode --list-sig |cut -d: -f1 | sort | uniq -c
gpg: please do a --check-trustdb
6410 pub
5532 rev
167 rvk
906030 sig
7915 sub
1 tru
real 1m9.699s
user 1m10.102s
sys 0m0.360s
(Dropping fast-list-mode causes list-sig to be in the realm of 20-30 minutes).
The system is a Core2 Quad Q6600, 2.4Ghz, w/ 6GiB of RAM. It's not hitting swap.
Compiled w/ CFLAGS/CXXFLAGS='-march=nocona -O2 -pipe'
====
gpg (GnuPG) 2.0.17
libgcrypt 1.5.0-beta1
...
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
====
--
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robbat2 at gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
URL: </pipermail/attachments/20110620/24e1f236/attachment.pgp>
More information about the Gnupg-devel
mailing list