1 <?xml version=
"1.0" encoding=
"ISO-8859-1"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries from September
2014</title>
5 <description>Entries from September
2014</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Speeding up the Debian installer using eatmydata and dpkg-divert
</title>
11 <link>http://people.skolelinux.org/pere/blog/Speeding_up_the_Debian_installer_using_eatmydata_and_dpkg_divert.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Speeding_up_the_Debian_installer_using_eatmydata_and_dpkg_divert.html
</guid>
13 <pubDate>Tue,
16 Sep
2014 14:
00:
00 +
0200</pubDate>
14 <description><p
>The
<a href=
"https://www.debian.org/
">Debian
</a
> installer could be
15 a lot quicker. When we install more than
2000 packages in
16 <a href=
"http://www.skolelinux.org/
">Skolelinux / Debian Edu
</a
> using
17 tasksel in the installer, unpacking the binary packages take forever.
18 A part of the slow I/O issue was discussed in
19 <a href=
"https://bugs.debian.org/
613428">bug #
613428</a
> about too
20 much file system sync-ing done by dpkg, which is the package
21 responsible for unpacking the binary packages. Other parts (like code
22 executed by postinst scripts) might also sync to disk during
23 installation. All this sync-ing to disk do not really make sense to
24 me. If the machine crash half-way through, I start over, I do not try
25 to salvage the half installed system. So the failure sync-ing is
26 supposed to protect against, hardware or system crash, is not really
27 relevant while the installer is running.
</p
>
29 <p
>A few days ago, I thought of a way to get rid of all the file
30 system sync()-ing in a fairly non-intrusive way, without the need to
31 change the code in several packages. The idea is not new, but I have
32 not heard anyone propose the approach using dpkg-divert before. It
33 depend on the small and clever package
34 <a href=
"https://packages.qa.debian.org/eatmydata
">eatmydata
</a
>, which
35 uses LD_PRELOAD to replace the system functions for syncing data to
36 disk with functions doing nothing, thus allowing programs to live
37 dangerous while speeding up disk I/O significantly. Instead of
38 modifying the implementation of dpkg, apt and tasksel (which are the
39 packages responsible for selecting, fetching and installing packages),
40 it occurred to me that we could just divert the programs away, replace
41 them with a simple shell wrapper calling
42 "eatmydata
&nbsp;$program
&nbsp;$@
", to get the same effect.
43 Yesterday I decided to test the idea, and wrapped up a simple
44 implementation for the Debian Edu udeb.
</p
>
46 <p
>The effect was stunning. In my first test it reduced the running
47 time of the pkgsel step (installing tasks) from
64 to less than
44
48 minutes (
20 minutes shaved off the installation) on an old Dell
49 Latitude D505 machine. I am not quite sure what the optimised time
50 would have been, as I messed up the testing a bit, causing the debconf
51 priority to get low enough for two questions to pop up during
52 installation. As soon as I saw the questions I moved the installation
53 along, but do not know how long the question were holding up the
54 installation. I did some more measurements using Debian Edu Jessie,
55 and got these results. The time measured is the time stamp in
56 /var/log/syslog between the
"pkgsel: starting tasksel
" and the
57 "pkgsel: finishing up
" lines, if you want to do the same measurement
58 yourself. In Debian Edu, the tasksel dialog do not show up, and the
59 timing thus do not depend on how quickly the user handle the tasksel
62 <p
><table
>
65 <th
>Machine/setup
</th
>
66 <th
>Original tasksel
</th
>
67 <th
>Optimised tasksel
</th
>
68 <th
>Reduction
</th
>
72 <td
>Latitude D505 Main+LTSP LXDE
</td
>
73 <td
>64 min (
07:
46-
08:
50)
</td
>
74 <td
><44 min (
11:
27-
12:
11)
</td
>
75 <td
>>20 min
18%
</td
>
79 <td
>Latitude D505 Roaming LXDE
</td
>
80 <td
>57 min (
08:
48-
09:
45)
</td
>
81 <td
>34 min (
07:
43-
08:
17)
</td
>
82 <td
>23 min
40%
</td
>
86 <td
>Latitude D505 Minimal
</td
>
87 <td
>22 min (
10:
37-
10:
59)
</td
>
88 <td
>11 min (
11:
16-
11:
27)
</td
>
89 <td
>11 min
50%
</td
>
93 <td
>Thinkpad X200 Minimal
</td
>
94 <td
>6 min (
08:
19-
08:
25)
</td
>
95 <td
>4 min (
08:
04-
08:
08)
</td
>
96 <td
>2 min
33%
</td
>
100 <td
>Thinkpad X200 Roaming KDE
</td
>
101 <td
>19 min (
09:
21-
09:
40)
</td
>
102 <td
>15 min (
10:
25-
10:
40)
</td
>
103 <td
>4 min
21%
</td
>
106 </table
></p
>
108 <p
>The test is done using a netinst ISO on a USB stick, so some of the
109 time is spent downloading packages. The connection to the Internet
110 was
100Mbit/s during testing, so downloading should not be a
111 significant factor in the measurement. Download typically took a few
112 seconds to a few minutes, depending on the amount of packages being
115 <p
>The speedup is implemented by using two hooks in
116 <a href=
"https://www.debian.org/devel/debian-installer/
">Debian
117 Installer
</a
>, the pre-pkgsel.d hook to set up the diverts, and the
118 finish-install.d hook to remove the divert at the end of the
119 installation. I picked the pre-pkgsel.d hook instead of the
120 post-base-installer.d hook because I test using an ISO without the
121 eatmydata package included, and the post-base-installer.d hook in
122 Debian Edu can only operate on packages included in the ISO. The
123 negative effect of this is that I am unable to activate this
124 optimization for the kernel installation step in d-i. If the code is
125 moved to the post-base-installer.d hook, the speedup would be larger
126 for the entire installation.
</p
>
128 <p
>I
've implemented this in the
129 <a href=
"https://packages.qa.debian.org/debian-edu-install
">debian-edu-install
</a
>
130 git repository, and plan to provide the optimization as part of the
131 Debian Edu installation. If you want to test this yourself, you can
132 create two files in the installer (or in an udeb). One shell script
133 need do go into /usr/lib/pre-pkgsel.d/, with content like this:
</p
>
135 <p
><blockquote
><pre
>
138 . /usr/share/debconf/confmodule
140 logger -t my-pkgsel
"info: $*
"
143 logger -t my-pkgsel
"error: $*
"
146 apt-install eatmydata || true
147 if [ -x /target/usr/bin/eatmydata ] ; then
148 for bin in dpkg apt-get aptitude tasksel ; do
150 # Test that the file exist and have not been diverted already.
151 if [ -f /target$file ] ; then
152 info
"diverting $file using eatmydata
"
153 printf
"#!/bin/sh\neatmydata $bin.distrib \
"\$@\
"\n
" \
154 > /target$file.edu
155 chmod
755 /target$file.edu
156 in-target dpkg-divert --package debian-edu-config \
157 --rename --quiet --add $file
158 ln -sf ./$bin.edu /target$file
160 error
"unable to divert $file, as it is missing.
"
164 error
"unable to find /usr/bin/eatmydata after installing the eatmydata pacage
"
169 </pre
></blockquote
></p
>
171 <p
>To clean up, another shell script should go into
172 /usr/lib/finish-install.d/ with code like this:
174 <p
><blockquote
><pre
>
176 . /usr/share/debconf/confmodule
178 logger -t my-finish-install
"error: $@
"
180 remove_install_override() {
181 for bin in dpkg apt-get aptitude tasksel ; do
183 if [ -x /target$file.edu ] ; then
185 in-target dpkg-divert --package debian-edu-config \
186 --rename --quiet --remove $file
189 error
"Missing divert for $file.
"
192 sync # Flush file buffers before continuing
195 remove_install_override
196 </pre
></blockquote
></p
>
198 <p
>In Debian Edu, I placed both code fragments in a separate script
199 edu-eatmydata-install and call it from the pre-pkgsel.d and
200 finish-install.d scripts.
</p
>
202 <p
>By now you might ask if this change should get into the normal
203 Debian installer too? I suspect it should, but am not sure the
204 current debian-installer coordinators find it useful enough. It also
205 depend on the side effects of the change. I
'm not aware of any, but I
206 guess we will see if the change is safe after some more testing.
207 Perhaps there is some package in Debian depending on sync() and
208 fsync() having effect? Perhaps it should go into its own udeb, to
209 allow those of us wanting to enable it to do so without affecting
215 <title>Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net
</title>
216 <link>http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html
</link>
217 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html
</guid>
218 <pubDate>Wed,
10 Sep
2014 13:
10:
00 +
0200</pubDate>
219 <description><p
>Yesterday, I had the pleasure of attending a talk with the
220 <a href=
"http://www.nuug.no/
">Norwegian Unix User Group
</a
> about
221 <a href=
"http://www.nuug.no/aktiviteter/
20140909-sks-keyservers/
">the
222 OpenPGP keyserver pool sks-keyservers.net
</a
>, and was very happy to
223 learn that there is a large set of publicly available key servers to
224 use when looking for peoples public key. So far I have used
225 subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
226 were misbehaving, but those days are ended. The servers I have used
227 up until yesterday have been slow and some times unavailable. I hope
228 those problems are gone now.
</p
>
230 <p
>Behind the round robin DNS entry of the
231 <a href=
"https://sks-keyservers.net/
">sks-keyservers.net
</a
> service
232 there is a pool of more than
100 keyservers which are checked every
233 day to ensure they are well connected and up to date. It must be
234 better than what I have used so far. :)
</p
>
236 <p
>Yesterdays speaker told me that the service is the default
237 keyserver provided by the default configuration in GnuPG, but this do
238 not seem to be used in Debian. Perhaps it should?
</p
>
240 <p
>Anyway, I
've updated my ~/.gnupg/options file to now include this
243 <p
><blockquote
><pre
>
244 keyserver pool.sks-keyservers.net
245 </pre
></blockquote
></p
>
247 <p
>With GnuPG version
2 one can also locate the keyserver using SRV
248 entries in DNS. Just for fun, I did just that at work, so now every
249 user of GnuPG at the University of Oslo should find a OpenGPG
250 keyserver automatically should their need it:
</p
>
252 <p
><blockquote
><pre
>
253 % host -t srv _pgpkey-http._tcp.uio.no
254 _pgpkey-http._tcp.uio.no has SRV record
0 100 11371 pool.sks-keyservers.net.
256 </pre
></blockquote
></p
>
259 <a href=
"http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/
">the
260 HKP lookup protocol
</a
> supported finding signature paths, I would be
261 very happy. It can look up a given key or search for a user ID, but I
262 normally do not want that, but to find a trust path from my key to
263 another key. Given a user ID or key ID, I would like to find (and
264 download) the keys representing a signature path from my key to the
265 key in question, to be able to get a trust path between the two keys.
266 This is as far as I can tell not possible today. Perhaps something
267 for a future version of the protocol?
</p
>
projects / homepage.git / blob