| 1 |
Hi Fabian, |
| 2 |
|
| 3 |
On Wed, Feb 21, 2018 at 10:04:42AM +0100, Fabian Groffen wrote: |
| 4 |
|
| 5 |
> To give you an idea; the current tree is getting its Manifests from |
| 6 |
> hashgen.c, which you can find in scripts/rsync-generation/hashgen.c. |
| 7 |
> The hashverify tool, which I'm currently working on, is basically an |
| 8 |
> addition to that file (doing argv[0] detection) to perform the |
| 9 |
> verification. At this time of writing, I have the gpg-verification and |
| 10 |
> single file entry verification in place. I'm still trying to close the |
| 11 |
> gap in checking the dirs in particular looking for files that are not |
| 12 |
> listed in the Manifest. |
| 13 |
|
| 14 |
I've been following or rather post-reading the discussion about GLEP-74 |
| 15 |
and it seems a lot of thought and security considerations have gone into |
| 16 |
it. Are you following it for your implementation? |
| 17 |
|
| 18 |
I see you're using OpenMP. That looks very neat and could certainly make |
| 19 |
it scale better than gemato. |
| 20 |
|
| 21 |
BTW: I remember OpenMP being plain missing from clang until recently. |
| 22 |
Ah, https://clang-omp.github.io/ says 3.7 and onwards have native |
| 23 |
support. |
| 24 |
|
| 25 |
> hashgen currently runs in 30s or so on the tree to generate manifests. |
| 26 |
> I hope it can verify in the same amount of time (we're talking about a |
| 27 |
> Quad G5 PowerPC machine here with rusty old spinning disks), leaving it |
| 28 |
> in a much better position to be used for Prefix, since we tend to have |
| 29 |
> slower/older machines around. |
| 30 |
|
| 31 |
I can only believe that number if the portage tree fits into the fs |
| 32 |
cache (RAM). Then it would be purely CPU-bound, I guess, and C could |
| 33 |
play out its advantage. |
| 34 |
|
| 35 |
On a machine that has just synced the tree using rsync it would also |
| 36 |
still be in RAM as a working set (if there was sufficient RAM) and the |
| 37 |
same consideration would apply. On my MacBook Air I get 625012k from du |
| 38 |
for the tree. So this should be alright for any machine with 1GB+ of RAM |
| 39 |
that's not doing anything else at the time. |
| 40 |
|
| 41 |
As soon as the tree doesn't completely fit into RAM, the later files of |
| 42 |
the rsync will push the first files out of the cache. So for |
| 43 |
verification, the reading will start from scratch, making the |
| 44 |
verification I/O-bound and the advantage of a C implementation mostly |
| 45 |
irrelevant, won't it? |
| 46 |
|
| 47 |
As a quick number: On an ARM SBC of mine with a Dual-Core 1.2GHz |
| 48 |
Cortex-A7, 1GB of RAM and fs on a microSD card that does 22MB/s |
| 49 |
sequential read I get 400 seconds flat for the first run of gemato |
| 50 |
verify and 386 for the second when the fs cache is primed already. I do |
| 51 |
see a bit of I/O-boundness on the first run and on the second, gemato |
| 52 |
fully hogs the CPU. It would be interesting to compare how much of that |
| 53 |
is python overhead and how much the actual crypto. Unfortunately the gcc |
| 54 |
on that board doesn't have openmp support (yet). |
| 55 |
|
| 56 |
gemato create runs 667s on the same board and falls back to a single |
| 57 |
thread for some reason about a minute in. So I'd certainly take a |
| 58 |
22fold speedup if I could get it. :) |
| 59 |
|
| 60 |
> We're not really looking forward to 15 |
| 61 |
> minutes of verification as some bugs have been reported to with gemato. |
| 62 |
|
| 63 |
Well, with webrsync I was looking at around three minutes of download |
| 64 |
and five minutes of unpacking and local rsync on my ARM SBCs. With |
| 65 |
gemato it's now about 30 seconds to three minutes of rsyncing depending |
| 66 |
on the amount of changes and six minutes of gemato checking. So |
| 67 |
basically I've neither gained nor lost anything but feel much more |
| 68 |
efficient by once again not downloading what hasn't changed. |
| 69 |
|
| 70 |
It also shows that I have a high pain threshold in dealing with Gentoo |
| 71 |
on small and old machines. Considering how long Gentoo users typically |
| 72 |
wait for compiles to finish I wouldn't have expected a bit of a wait for |
| 73 |
gemato or hashverify to be much of an issue. |
| 74 |
|
| 75 |
> Portage used to do 1) checking the digests of ebuilds and 2) checking |
| 76 |
> for missing and extra files. I noticed that at least 1) is no longer |
| 77 |
> present, which I find weird. I need checking this on normal Gentoo, |
| 78 |
> (simply edit an ebuild and try to emerge it without updating its |
| 79 |
> digest), but I have the suspicion this got disabled because the full |
| 80 |
> tree verification should catch this. Needless to say, that's |
| 81 |
> suboptimal, and not very secure IMO. |
| 82 |
|
| 83 |
Ah, now I understand what you were getting at. I just verified: Both |
| 84 |
checks are working on Gentoo Linux but not in Prefix Mac. It seems to |
| 85 |
have to do with setting "thin-manifests" in layout.conf of the prefix |
| 86 |
tree. Once I set that to false, prefix portage behaves the same as |
| 87 |
Gentoo Linux portage. |
| 88 |
|
| 89 |
Gentoo Linux: |
| 90 |
|
| 91 |
[root@linux:/usr/portage/xfce-base/garcon] sha512sum garcon-0.6.1.ebuild |
| 92 |
dfa80c3e8c766af3d170536f6d7c48793da6bccd4f1647ac8194130a521eb852bf6872514a75e8da7d0eec02eca53d76e431c4371c6f9c891a68fa516fdca8b7 garcon-0.6.1.ebuild |
| 93 |
[root@linux:/usr/portage/xfce-base/garcon] grep EBUILD.*0.6.1.*SHA512 Manifest |
| 94 |
EBUILD garcon-0.6.1.ebuild 1018 SHA512 dfa80c3e8c766af3d170536f6d7c48793da6bccd4f1647ac8194130a521eb852bf6872514a75e8da7d0eec02eca53d76e431c4371c6f9c891a68fa516fdca8b7 |
| 95 |
[root@linux:/usr/portage/xfce-base/garcon] sed -i -e "s,econf,fooconf," garcon-0.6.1.ebuild |
| 96 |
[root@linux:/usr/portage/xfce-base/garcon] ebuild garcon-0.6.1.ebuild compile |
| 97 |
* Digest verification failed: |
| 98 |
* /usr/portage/xfce-base/garcon/garcon-0.6.1.ebuild |
| 99 |
* Reason: Filesize does not match recorded size |
| 100 |
* Got: 1020 |
| 101 |
* Expected: 1018 |
| 102 |
|
| 103 |
[root@linux:/usr/portage/xfce-base/garcon] ebuild garcon-0.6.1.ebuild digest |
| 104 |
>>> Creating Manifest for /usr/portage/xfce-base/garcon |
| 105 |
[root@linux:/usr/portage/xfce-base/garcon] mkdir files |
| 106 |
[root@linux:/usr/portage/xfce-base/garcon] echo foo > files/foo |
| 107 |
[root@linux:/usr/portage/xfce-base/garcon] ebuild garcon-0.6.1.ebuild prepare |
| 108 |
* garcon-0.6.1.tar.bz2 BLAKE2B SHA512 size ;-) ... |
| 109 |
[ ok ] |
| 110 |
* checking ebuild checksums ;-) ... |
| 111 |
[ ok ] |
| 112 |
* checking miscfile checksums ;-) ... |
| 113 |
[ ok ] |
| 114 |
!!! A file is not listed in the Manifest: |
| 115 |
'/usr/portage/xfce-base/garcon/files/foo' |
| 116 |
[root@linux:/usr/portage/xfce-base/garcon] touch garcon-0.7.0.ebuild |
| 117 |
[root@linux:/usr/portage/xfce-base/garcon] ebuild garcon-0.6.1.ebuild prepare |
| 118 |
* A file is not listed in the Manifest: '/usr/portage/xfce-base/garcon/garcon-0.7.0.ebuild' |
| 119 |
[root@linux:~] grep thin /usr/portage/metadata/layout.conf |
| 120 |
# Use thin Manifests for Git |
| 121 |
thin-manifests = false |
| 122 |
|
| 123 |
Prefix Mac: |
| 124 |
|
| 125 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ sha512sum garcon-0.6.1.ebuild |
| 126 |
dfa80c3e8c766af3d170536f6d7c48793da6bccd4f1647ac8194130a521eb852bf6872514a75e8da7d0eec02eca53d76e431c4371c6f9c891a68fa516fdca8b7 garcon-0.6.1.ebuild |
| 127 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ grep EBUILD.*0.6.1.*SHA512 Manifest |
| 128 |
EBUILD garcon-0.6.1.ebuild 1018 SHA512 dfa80c3e8c766af3d170536f6d7c48793da6bccd4f1647ac8194130a521eb852bf6872514a75e8da7d0eec02eca53d76e431c4371c6f9c891a68fa516fdca8b7 |
| 129 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ sed -i -e "s,econf,fooconf," garcon-0.6.1.ebuild |
| 130 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ sha512sum garcon-0.6.1.ebuild |
| 131 |
42f04d921b82955f8ac6237b4f2ebd78fad1cb0f2ab3cbf0f11b4b055b5a20c0cba6f2a37639b759a8912ec728bbde2f491b57d7565066f3ef5f4587e8f787a5 garcon-0.6.1.ebuild |
| 132 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ ebuild garcon-0.6.1.ebuild compile |
| 133 |
>>> Downloading 'http://distfiles.gentoo.org/distfiles/garcon-0.6.1.tar.bz2' |
| 134 |
[...] |
| 135 |
|
| 136 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ grep -r thin /gentoo/usr/portage/metadata/layout.conf |
| 137 |
# Use thin Manifests for Git |
| 138 |
thin-manifests = true |
| 139 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ sed -i -e "s,thin-manifests = true,thin-manifests = false," /gentoo/usr/portage/metadata/layout.conf |
| 140 |
|
| 141 |
root@mac:/gentoo/usr/portage/xfce-base/garcon $ ebuild garcon-0.6.1.ebuild prepare |
| 142 |
>>> Existing ${T}/environment for 'garcon-0.6.1' will be sourced. Run |
| 143 |
>>> 'clean' to start with a fresh environment. |
| 144 |
* Missing digest for '/gentoo/usr/portage/xfce-base/garcon/garcon-0.6.1.ebuild' |
| 145 |
|
| 146 |
root@nindamos:/usr/local/gentoo/usr/portage/xfce-base/garcon $ mkdir files |
| 147 |
root@nindamos:/usr/local/gentoo/usr/portage/xfce-base/garcon $ touch files/foo |
| 148 |
root@nindamos:/usr/local/gentoo/usr/portage/xfce-base/garcon $ ebuild garcon-0.6.1.ebuild prepare |
| 149 |
* garcon-0.6.1.tar.bz2 BLAKE2B SHA512 size ;-) ... |
| 150 |
[ ok ] |
| 151 |
* checking ebuild checksums ;-) ... |
| 152 |
[ ok ] |
| 153 |
* checking miscfile checksums ;-) ... |
| 154 |
[ ok ] |
| 155 |
!!! A file is not listed in the Manifest: '/usr/local/gentoo/usr/portage/xfce-base/garcon/files/foo' |
| 156 |
|
| 157 |
> Now I may be all wrong with trying to implement the verification myself, |
| 158 |
> but that's a separate topic. gemato should work fine. |
| 159 |
|
| 160 |
I think it's a worthy cause just for the fact that multiple |
| 161 |
implementations of a protocol are always good to drive improvement and |
| 162 |
show up the corner cases. |
| 163 |
|
| 164 |
Maybe it shouldn't be hidden away in the prefix tree so others can more |
| 165 |
easily become aware of and contribute to it. |
| 166 |
|
| 167 |
> I've checked some of the digests you mentioned and they look ok. So I'm |
| 168 |
> wondering whether perhaps you got caught in the middle of a sync. This |
| 169 |
> used to be much less of a problem because of per-ebuild-dir integrity, |
| 170 |
> but now the entire tree requires to be consistent. I'll look into |
| 171 |
> re-activating my symlink-flip, which should make the switch atomic, but |
| 172 |
> I don't know what rsync is doing if the symlink is flipped during a |
| 173 |
> sync. It reduces the invalid window somewhat I guess. |
| 174 |
|
| 175 |
I've retried a couple of times today. I deleted timestamp.chk several |
| 176 |
times and resynced until I saw no delta any more. There actually was a |
| 177 |
delta on the second and sometimes third run, mostly Manifest.gzs and |
| 178 |
metadata. It still fails reliably on second-level Manifests, e.g. |
| 179 |
dev-dotnet/Manifest.gz and sys-libs/Manifest.gz |
| 180 |
|
| 181 |
It looks as if regeneration of Manifests and md5-cache runs almost |
| 182 |
continuously, not just every 26,56 of the hour as rsync's motd says. Is |
| 183 |
that intentional or are perhaps multiple instances of the script running |
| 184 |
amok? |
| 185 |
-- |
| 186 |
Micha |
| 187 |
Elephants don't play chess! |
Archives