unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Speeding up archive export
@ 2020-09-10  9:04 Ludovic Courtès
  2020-09-15  1:40 ` Maxim Cournoyer
  0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2020-09-10  9:04 UTC (permalink / raw)
  To: Guix-devel

[-- Attachment #1: Type: text/plain, Size: 652 bytes --]

Hello Guix!

If you’ve ever used offloading (or ‘guix copy’), you’ve probably noticed
that the time to send store items is proportional to the number of store
items to send rather than their total size.  Namely:

  guix archive --export coreutils

is fast, but:

  guix archive --export $(guix build -d coreutils)

is slow (there are lots of small files).

Running ‘perf timechart record guix archive --export …’ confirms the
problem: guix-daemon is mostly idle, waiting for all the tiny ‘guix
authenticate’ programs it spawns to sign each every store item.  Here’s
the Gantt diagram (grey = idle, blue = busy):


[-- Attachment #2: Gantt diagram --]
[-- Type: image/png, Size: 101155 bytes --]

[-- Attachment #3: Type: text/plain, Size: 1836 bytes --]


How can we improve on that?

Here are several solutions that come to mind:

  1. Sign the whole bundle instead of each individual item.

     That solves the problem, but that would prevent the receiver from
     storing individual store item signatures in the future (a few years
     ago Nix added signatures as part of the ‘ValidPathInfo’ table of
     the store database, and I think that’s something we might want to
     have too).

  2. Sign fewer items: we can do that by signing only store items that
     are not content-addressed—i.e., resulting from a fixed-output
     derivation or being a “source” coming from ‘add-to-store’ or
     similar.

     That means we wouldn’t have to sign .drv and *-guile-builder, which
     would make a big difference and is generally advisable.
     Unfortunately, there’s no easy way to determine whether a store
     item is content-addressable.  Again Nix added
     “certificate-addressability claims” to ‘ValidPathInfo’, which might
     help, though it’s not entirely clear.

  3. Reimplement ‘guix authenticate’ and a subset of (guix pki) in C++ (!).
     We could load the keys and the ACL only once, and we wouldn’t have
     to fork and all, I’m sure it’d be very fast… and very distracting
     too: I’d rather investigate in the daemon rewrite in Scheme.

  4. Spawn ‘guix authenticate’ once and talk to it over a pipe (similar
     to ‘guix offload’).  That might be the easiest short-term solution.

Anyway I thought I’d share and invite y’all to brainstorm.  :-)

All in all, there’s more and more pressure to get our act together
regarding the daemon rewrite in Scheme.  The difficulty here is to have
a series of reasonable milestones rather than all or nothing.

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2020-09-15 17:24 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-10  9:04 Speeding up archive export Ludovic Courtès
2020-09-15  1:40 ` Maxim Cournoyer
2020-09-15  7:53   ` Ludovic Courtès
2020-09-15 17:14     ` Maxim Cournoyer

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).