gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it
Jesus Cea
jcea at jcea.es
Sun Jun 7 01:46:04 CEST 2015
Upgraded to 2.0.28. No improvements in this area.
Any hint?.
I am surprised and dissapointed that 1.4.19 does this in 7 seconds and
2.0.27/2.0.28 are taking minutes. I am sure there is something "fishy"
going on.
Please, advice/hints.
On 29/03/15 19:41, Jesus Cea wrote:
> On 28/03/15 11:48, Werner Koch wrote:
>> On Fri, 27 Mar 2015 17:07, jcea at jcea.es said:
>>
>>> My problem is that any change to the pubring, like downloading a new
>>> key, refreshing, adding a new local signature with "--lsign", etc., will
>>> force a trustdb update (in the next execution. For instance, decrypting
>>
>> A new key signature may chnage rthe entire WoT thus it needs to be
>> re-computed. I have
>>
>> no-auto-check-trustdb
>>
>> in my gpg.conf and
>>
>> 30 1 * * * /usr/local/bin/gpg --batch --check-trustdb 2>/dev/null
>>
>> in my crontab. Thus tehre will be only one re-computation a day.
>
> I understand that, nice hack, but I used 1.4.19 until a week ago and
> this recalculation was taking a few seconds. Now it is taking minutes.
>
> Same configuration, same keyring files:
>
> With 1.4 GPG:
>
> """
> jcea at ubuntu:~/video$ time gpg.OLD --update-trustdb
> gpg: public key FBBB8AB1 is 58138 seconds newer than the signature
> gpg: public key D3A42C61 is 2009 seconds newer than the signature
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 21 signed: 96 trust: 0-, 0q, 0n, 0m, 0f, 21u
> gpg: depth: 1 valid: 96 signed: 116 trust: 0-, 96q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2015-04-08
>
> real 0m7.570s
> user 0m6.800s
> sys 0m0.440s
> """
>
> With 2.0.27 GPG:
>
> """
> jcea at ubuntu:~/video$ time gpg2 --update-trustdb
> gpg: Note: signatures using the MD5 algorithm are rejected
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 21 signed: 96 trust: 0-, 0q, 0n, 0m, 0f, 21u
> gpg: depth: 1 valid: 96 signed: 106 trust: 0-, 96q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2015-04-08
>
> real 1m27.370s
> user 1m10.240s
> sys 0m13.950s
> """
>
> Trustdb rebuild time has skyrocketed. Unless GPG 1.4 has a serious bug,
> 2.0.17 is doing something wrong. The sys time is interesting, looks like
> GPG 2.0.27 is doing a lot of syscalls. I wonder if it is doing the
> calculations several times, or what.
>
>>> As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a
>>> few seconds only.
>>
>> Which 1.4 version is this?
>
> """
> jcea at ubuntu:~/video$ gpg.OLD --version
> gpg (GnuPG) 1.4.19
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
> CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> """
>
>>> PS: Bonus: how to get rid of
>>>
>>> """
>>> gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN
>>
>> Sorry for this. It has already been fixed in the repo, see below.
>
> Great. Thanks.
>
> PS: Thanks for GNUPG!.
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
Jesús Cea Avión _/_/ _/_/_/ _/_/_/
jcea at jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/
Twitter: @jcea _/_/ _/_/ _/_/_/_/_/
jabber / xmpp:jcea at jabber.org _/_/ _/_/ _/_/ _/_/ _/_/
"Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/
"My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150607/ac25a8a2/attachment.sig>
More information about the Gnupg-users
mailing list