gabriel rosenkoetter on Thu, 27 Feb 2003 07:50:29 -0500


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] GnuPG 1.2.1 trustdb checks for every pubkey import?


On Thu, Feb 27, 2003 at 12:45:54AM -0500, gabriel rosenkoetter wrote:
> On Wed, Feb 26, 2003 at 11:31:20PM -0500, Walt Mankowski wrote:
> > Yeah, it's annoying.  I find that running gpg --rebuild-keydb-caches
> > periodically helps a bit, but only very briefly.
> Testing this. It's going to run longer than I want to be awake,
> though. Running that "every so often" really just isn't an option.

uriel:~% time gpg --rebuild-keydb-caches
gpg: checking keyring `/home/gr/.gnupg/pubring.gpg'
gpg: 50 keys so far checked (1504 signatures)
gpg: 100 keys so far checked (2194 signatures)
gpg: public key DCD58604 is 2046 seconds newer than the signature
gpg: 150 keys so far checked (3645 signatures)
gpg: public key 2C01DDB9 is 22800 seconds newer than the signature
gpg: 200 keys so far checked (4450 signatures)
gpg: 250 keys so far checked (6577 signatures)
gpg: 300 keys so far checked (8502 signatures)
gpg: 350 keys so far checked (10007 signatures)
gpg: 400 keys so far checked (11905 signatures)
gpg: 450 keys so far checked (13465 signatures)
gpg: 500 keys so far checked (14729 signatures)
gpg: 550 keys so far checked (16354 signatures)
gpg: 600 keys so far checked (18415 signatures)
gpg: 650 keys so far checked (20429 signatures)
gpg: 700 keys so far checked (21545 signatures)
gpg: 750 keys so far checked (23423 signatures)
gpg: 800 keys so far checked (25594 signatures)
gpg: 850 keys so far checked (26904 signatures)
gpg: 900 keys so far checked (29206 signatures)
gpg: 950 keys so far checked (30836 signatures)
gpg: 1000 keys so far checked (32316 signatures)
gpg: 1050 keys so far checked (34140 signatures)
gpg: 1100 keys so far checked (36636 signatures)
gpg: 1150 keys so far checked (38843 signatures)
gpg: 1200 keys so far checked (41309 signatures)
gpg: 1250 keys so far checked (42809 signatures)
gpg: 1300 keys so far checked (44061 signatures)
gpg: 1350 keys so far checked (46376 signatures)
gpg: 1400 keys so far checked (48096 signatures)
gpg: 1428 keys checked (48768 signatures)
gpg --rebuild-keydb-caches  8486.98s user 2282.32s system 76% cpu 3:54:23.51 total

As I said, not something I'd like to do frequently. I ran a gpg
--check-trustdb immediately after that:

uriel:~% time gpg --check-trustdb
gpg: checking at depth 0 signed=46 ot(-/q/n/m/f/u)=0/0/0/0/0/1
gpg: checking at depth 1 signed=84 ot(-/q/n/m/f/u)=0/0/0/17/29/0
gpg: checking at depth 2 signed=288 ot(-/q/n/m/f/u)=0/0/0/72/7/0
gpg: checking at depth 3 signed=181 ot(-/q/n/m/f/u)=0/74/0/22/1/0
gpg: checking at depth 4 signed=0 ot(-/q/n/m/f/u)=0/0/0/0/1/0
gpg: next trustdb check due at 2003-03-07
gpg --check-trustdb  16.48s user 7.05s system 63% cpu 36.956 total

That's under a minute, but it's still over my 30 second mark and
*way* longer than the 3 seconds David describes.

> On Thu, Feb 27, 2003 at 12:22:46AM -0500, David Shaw wrote:
> > Try this:
> >
> >   gpg --no-sig-cache --rebuild-keydb-caches
[...]
> > After you do that, let me know if --check-trustdb runs any faster.
> Like Walt, I'll let you know tomorrow.

Running now...

-- 
gabriel rosenkoetter
gr@eclipsed.net

Attachment: pgpQq7n3ehiks.pgp
Description: PGP signature