Re: Speeding up archive export

[Maxim Cournoyer <maxim.cournoyer@gmail.com>]

Hi Ludo!

Ludovic Courtès <ludovic.courtes@inria.fr> writes:

> Hello Guix!
>
> If you’ve ever used offloading (or ‘guix copy’), you’ve probably noticed
> that the time to send store items is proportional to the number of store
> items to send rather than their total size.  Namely:
>
>   guix archive --export coreutils
>
> is fast, but:
>
>   guix archive --export $(guix build -d coreutils)
>
> is slow (there are lots of small files).
>
> Running ‘perf timechart record guix archive --export …’ confirms the
> problem: guix-daemon is mostly idle, waiting for all the tiny ‘guix
> authenticate’ programs it spawns to sign each every store item.  Here’s
> the Gantt diagram (grey = idle, blue = busy):

Very cool!  The timechart suggests the guix-authenticate programs are
run sequentially?  Perhaps running them in parallel would be a cheap,
first step to improve performance?

> How can we improve on that?
>
> Here are several solutions that come to mind:
>
>   1. Sign the whole bundle instead of each individual item.
>
>      That solves the problem, but that would prevent the receiver from
>      storing individual store item signatures in the future (a few years
>      ago Nix added signatures as part of the ‘ValidPathInfo’ table of
>      the store database, and I think that’s something we might want to
>      have too).

Why? Couldn't the receiver do the book keeping no matter if it received
a signed bundle or a single file?  It could assign the bundle signature
to individual store files in the database, for example.  This seems the
obvious, easy solution.  We need good arguments to not implement it.

>   2. Sign fewer items: we can do that by signing only store items that
>      are not content-addressed—i.e., resulting from a fixed-output
>      derivation or being a “source” coming from ‘add-to-store’ or
>      similar.
>
>      That means we wouldn’t have to sign .drv and *-guile-builder, which
>      would make a big difference and is generally advisable.
>      Unfortunately, there’s no easy way to determine whether a store
>      item is content-addressable.  Again Nix added
>      “certificate-addressability claims” to ‘ValidPathInfo’, which might
>      help, though it’s not entirely clear.
>
>   3. Reimplement ‘guix authenticate’ and a subset of (guix pki) in C++ (!).
>      We could load the keys and the ACL only once, and we wouldn’t have
>      to fork and all, I’m sure it’d be very fast… and very distracting
>      too: I’d rather investigate in the daemon rewrite in Scheme.
>
>   4. Spawn ‘guix authenticate’ once and talk to it over a pipe (similar
>      to ‘guix offload’).  That might be the easiest short-term solution.

Failing 1., 4. is my second favorite, because it seems the most Guixy of
the remaining options, and should provide acceptable performance.

Maxim