On 28/03/15 11:48, Werner Koch wrote: > On Fri, 27 Mar 2015 17:07, j...@jcea.es said: > >> My problem is that any change to the pubring, like downloading a new >> key, refreshing, adding a new local signature with "--lsign", etc., will >> force a trustdb update (in the next execution. For instance, decrypting > > A new key signature may chnage rthe entire WoT thus it needs to be > re-computed. I have > > no-auto-check-trustdb > > in my gpg.conf and > > 30 1 * * * /usr/local/bin/gpg --batch --check-trustdb 2>/dev/null > > in my crontab. Thus tehre will be only one re-computation a day.
I understand that, nice hack, but I used 1.4.19 until a week ago and this recalculation was taking a few seconds. Now it is taking minutes. Same configuration, same keyring files: With 1.4 GPG: """ jcea@ubuntu:~/video$ time gpg.OLD --update-trustdb gpg: public key FBBB8AB1 is 58138 seconds newer than the signature gpg: public key D3A42C61 is 2009 seconds newer than the signature gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 21 signed: 96 trust: 0-, 0q, 0n, 0m, 0f, 21u gpg: depth: 1 valid: 96 signed: 116 trust: 0-, 96q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2015-04-08 real 0m7.570s user 0m6.800s sys 0m0.440s """ With 2.0.27 GPG: """ jcea@ubuntu:~/video$ time gpg2 --update-trustdb gpg: Note: signatures using the MD5 algorithm are rejected gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 21 signed: 96 trust: 0-, 0q, 0n, 0m, 0f, 21u gpg: depth: 1 valid: 96 signed: 106 trust: 0-, 96q, 0n, 0m, 0f, 0u gpg: next trustdb check due at 2015-04-08 real 1m27.370s user 1m10.240s sys 0m13.950s """ Trustdb rebuild time has skyrocketed. Unless GPG 1.4 has a serious bug, 2.0.17 is doing something wrong. The sys time is interesting, looks like GPG 2.0.27 is doing a lot of syscalls. I wonder if it is doing the calculations several times, or what. >> As I said, my pubring.gpg is 34MB long. With gnupg 1.4.x it would take a >> few seconds only. > > Which 1.4 version is this? """ jcea@ubuntu:~/video$ gpg.OLD --version gpg (GnuPG) 1.4.19 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 """ >> PS: Bonus: how to get rid of >> >> """ >> gpg: DBG: armor-keys-failed (KEY 0x010D6F3A BEGIN > > Sorry for this. It has already been fixed in the repo, see below. Great. Thanks. PS: Thanks for GNUPG!. -- Jesús Cea Avión _/_/ _/_/_/ _/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/ _/_/ _/_/ _/_/ _/_/ Twitter: @jcea _/_/ _/_/ _/_/_/_/_/ jabber / xmpp:j...@jabber.org _/_/ _/_/ _/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/ _/_/ _/_/ _/_/ _/_/ "My name is Dump, Core Dump" _/_/_/ _/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
