bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Daniel Colascione]

On my system, I noticed that the call to emacs_gnutls_global_init is 
adding 500ms to the time it takes to run emacs -Q -nw --batch --eval 
'(kill-emacs)'. We're not actually using GNUtls for anything but an RNG 
seed, and /dev/urandom is also up to the task.

I'm not sure what's making GNUtls so slow, except that it's talking to a 
process called credkit-service, which is using a lot of CPU time. It 
shouldn't matter though.

Can we go back to just using /dev/urandom directly?

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[John Wiegley]

[-- Attachment #1: Type: text/plain, Size: 328 bytes --]

>>>>> "DC" == Daniel Colascione <dancol@dancol.org> writes:

DC> Can we go back to just using /dev/urandom directly?

I would prefer that too, if it's available.  Eli?

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 629 bytes --]

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Eli Zaretskii]

> From: John Wiegley <jwiegley@gmail.com>
> Date: Thu, 06 Oct 2016 13:22:15 -0700
> Cc: 24628@debbugs.gnu.org
> 
> >>>>> "DC" == Daniel Colascione <dancol@dancol.org> writes:
> 
> DC> Can we go back to just using /dev/urandom directly?
> 
> I would prefer that too, if it's available.  Eli?

We've been there before, and not so long ago.  The original code,
written by yours truly, read /dev/urandom directly, see commit
3ffe81e.  Two days later Paul replaced that with GnuTLS calls (commit
05e8148), and I wasn't happy about that, to say the least:

  http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202#91

However, my objections were evidently not enough to revert back,
although you agreed with me:

  http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202#118

I leave it to you to guess what is my opinion about this ;-)

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[John Wiegley]

[-- Attachment #1: Type: text/plain, Size: 672 bytes --]

>>>>> Eli Zaretskii <eliz@gnu.org> writes:

> However, my objections were evidently not enough to revert back, although
> you agreed with me:
>   http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202#118

Thanks for the references. Let's revert this change for 25.2 until the stated
problem (entropy exhaustion) becomes a real problem, i.e. reported by a user.

There is no reason to make everyone pay a 1/2 second startup cost for a
theoretical problem, or a code simplification whose benefits are so minor.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 629 bytes --]

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Lars Ingebrigtsen]

Daniel Colascione <dancol@dancol.org> writes:

> On my system, I noticed that the call to emacs_gnutls_global_init is
> adding 500ms to the time it takes to run emacs -Q -nw --batch --eval
> '(kill-emacs)'. We're not actually using GNUtls for anything but an
> RNG seed, and /dev/urandom is also up to the task.
>
> I'm not sure what's making GNUtls so slow, except that it's talking to
> a process called credkit-service, which is using a lot of CPU time. It
> shouldn't matter though.
>
> Can we go back to just using /dev/urandom directly?

[larsi@stories ~]$ time emacs -Q -nw --batch --eval '(kill-emacs)'

real    0m0.021s
user    0m0.008s
sys     0m0.004s

My Emacs (from master) doesn't spend 500ms talking to anything, and it's
built with gnutls support, so the interesting question here is why your
gnutls library is so slow.

You didn't report the bug with `M-x report-emacs-bug', so no information
about your system is available.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Ted Zlatanov]

On Fri, 07 Oct 2016 00:49:37 -0700 John Wiegley <jwiegley@gmail.com> wrote: 

>>>>>> Eli Zaretskii <eliz@gnu.org> writes:
>> However, my objections were evidently not enough to revert back, although
>> you agreed with me:
>> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202#118

JW> Thanks for the references. Let's revert this change for 25.2 until the stated
JW> problem (entropy exhaustion) becomes a real problem, i.e. reported by a user.

JW> There is no reason to make everyone pay a 1/2 second startup cost for a
JW> theoretical problem, or a code simplification whose benefits are so minor.

Could it be a compile-time or run-time option? If the problem becomes
practical, it will be good to have a workaround.

Ted

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[John Wiegley]

[-- Attachment #1: Type: text/plain, Size: 447 bytes --]

>>>>> Ted Zlatanov <tzz@lifelogs.com> writes:

> Could it be a compile-time or run-time option? If the problem becomes
> practical, it will be good to have a workaround.

That's a good idea, Ted.  A compile option, off by default until we determine
that all issues have been resolved.

-- 
John Wiegley                  GPG fingerprint = 4710 CF98 AF9B 327B B80F
http://newartisans.com                          60E1 46C4 BD1A 7AC1 4BA2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 629 bytes --]

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Is it possible to do the gnutls initialization in parallel with
ordinary Emacs execution?  Probably it would become unnoticeable that
way.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

> Is it possible to do the gnutls initialization in parallel with
> ordinary Emacs execution?  Probably it would become unnoticeable that
> way.

The gnutls initialisation should take virtually zero time, and it does
so on most systems.  We have a report of that initialisation taking time
on a single system, and we need to find out why.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#24628: GNUtls initialization adds 500ms to startup --- do we really need it just for the RNG?

[Eli Zaretskii]

> From: John Wiegley <jwiegley@gmail.com>
> Cc: dancol@dancol.org,  24628@debbugs.gnu.org
> Date: Fri, 07 Oct 2016 00:49:37 -0700
> 
> >>>>> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > However, my objections were evidently not enough to revert back, although
> > you agreed with me:
> >   http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22202#118
> 
> Thanks for the references. Let's revert this change for 25.2

Finally done by cherry-picking the change from master.