gpg 2.0.27 is updating the trustdb constantly, and taking minutes to do it

Jesus Cea jcea at jcea.es
Sun Jun 7 01:46:04 CEST 2015


Upgraded to 2.0.28. No improvements in this area.

Any hint?.

I am surprised and dissapointed that 1.4.19 does this in 7 seconds and
2.0.27/2.0.28 are taking minutes. I am sure there is something "fishy"
going on.

Please, advice/hints.



On 29/03/15 19:41, Jesus Cea wrote:
> On 28/03/15 11:48, Werner Koch wrote:
>> On Fri, 27 Mar 2015 17:07, jcea at jcea.es said:
>>
>>> My problem is that any change to the pubring, like downloading a new
>>> key, refreshing, adding a new local signature with "--lsign", etc., will
>>> force a trustdb update (in the next execution. For instance, decrypting
>>
>> A new key signature may chnage rthe entire WoT thus it needs to be
>> re-computed.  I have
>>
>>   no-auto-check-trustdb
>>
>> in my gpg.conf and 
>>
>>   30   1 * * *   /usr/local/bin/gpg --batch --check-trustdb 2>/dev/null
>>
>> in my crontab.  Thus tehre will be only one re-computation a day.
> 
> I understand that, nice hack, but I used 1.4.19 until a week ago and
> this recalculation was taking a few seconds. Now it is taking minutes.
> 
> Same configuration, same keyring files:
> 
> With 1.4 GPG:
> 
> """
> jcea at ubuntu:~/video$ time gpg.OLD --update-trustdb
> gpg: public key FBBB8AB1 is 58138 seconds newer than the signature
> gpg: public key D3A42C61 is 2009 seconds newer than the signature
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:  21  signed:  96  trust: 0-, 0q, 0n, 0m, 0f, 21u
> gpg: depth: 1  valid:  96  signed: 116  trust: 0-, 96q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2015-04-08
> 
> real	0m7.570s
> user	0m6.800s
> sys	0m0.440s
> """
> 
> With 2.0.27 GPG:
> 
> """
> jcea at ubuntu:~/video$ time gpg2 --update-trustdb
> gpg: Note: signatures using the MD5 algorithm are rejected
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0  valid:  21  signed:  96  trust: 0-, 0q, 0n, 0m, 0f, 21u
> gpg: depth: 1  valid:  96  signed: 106  trust: 0-, 96q, 0n, 0m, 0f, 0u
> gpg: next trustdb check due at 2015-04-08
> 
> real	1m27.370s
> user	1m10.240s
> sys	0m13.950s
> """
> 
> Trustdb rebuild time has skyrocketed. Unless GPG 1.4 has a serious bug,
> 2.0.17 is doing something wrong. The sys time is interesting, looks like
> GPG 2.0.27 is doing a lot of syscalls. I wonder if it is doing the
> calculations several times, or what.
> 
>>> As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a
>>> few seconds only.
>>
>> Which 1.4 version is this?
> 
> """
> jcea at ubuntu:~/video$ gpg.OLD --version
> gpg (GnuPG) 1.4.19
> Copyright (C) 2015 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> 
> Home: ~/.gnupg
> Supported algorithms:
> Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
> Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
>         CAMELLIA128, CAMELLIA192, CAMELLIA256
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> """
> 
>>> PS: Bonus: how to get rid of
>>>
>>> """
>>> gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN
>>
>> Sorry for this.  It has already been fixed in the repo, see below.
> 
> Great. Thanks.
> 
> PS: Thanks for GNUPG!.
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-- 
Jesús Cea Avión                         _/_/      _/_/_/        _/_/_/
jcea at jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
Twitter: @jcea                        _/_/    _/_/          _/_/_/_/_/
jabber / xmpp:jcea at jabber.org  _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150607/ac25a8a2/attachment.sig>


More information about the Gnupg-users mailing list