Page MenuHome GnuPG
Create Task
Maniphest T5478

Kleopatra: Performance problems decrypting and encrypting large Archives
Closed, ResolvedPublic
Actions

Description

@werner this is meant as the issue for the buffer sizes etc. which we talked about yesterday.

In short:
We need to improve the performance of Kleopatra when working with large files. On my Windows System when encrypting for example I have 15% CPU usage of GnuPG, 15% CPU usage of Kleopatra and it is also not bottlenecked by Disk IO.

A starting point for me would be:

GPGME on Windows uses a buffer size of 512 byte. This is ok when data is only exchanged internally in GPGME but with QGpgME callbacks are used for IO and everything is slowed down through a lot of overhead when for example a qprocess is passed new data. Every read / write callback call causes a lot of code to be exectuted and to do this every 512 bytes seems very wasteful.

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRA6b9a1c728192 Make archive jobs read signed/encrypted archives directly from files
rKLEOPATRA15e39d51229c Make archive jobs write created archives directly to files
rKLEOPATRA04adbffa2aee Add missing getter for output file name
rKLEOPATRAa15434ddc59b Check for existing files before starting any encryption tasks
rKLEOPATRA31f84464df70 Only ask the user for overwrite permission if file exists
rKLEOPATRAd4a5f9c2512e Let OverwritePolicy take care of asking users whether to overwrite a file
rKLEOPATRA9c9027f85254 Fix removing of temporary files with UNC paths
rKLEOPATRA667b05dd1228 Use new jobProgress signal instead of deprecated progress signal
rKLEOPATRA8456af6200b0 Remove unused signal message()
rKLEOPATRAb0b7e48dde12 Use the more specific dataProgress signals for the archive jobs
rKLEOPATRA2313a2ff11ef Ignore the "what" value of the QGpgME::Job::progress signal
rKLEOPATRAeb937a2508e2 Avoid unused parameter warnings
rKLEOPATRA752028f8fecc Don't define functions if they are not used
rKLEOPATRA4f5f852e6aea Add missing check if QGpgME support archive jobs
rKLEOPATRAb6618773c796 Show a nice label in the results when creating an archive
rKLEOPATRA4855f44c0cbe Strip trailing slashes from input filenames
rKLEOPATRA9b9d0ba8be26 Remove now superfluous private emitResult functions
rKLEOPATRAa8e768449be9 Use new archive job for extracting signed and/or encrypted archives
rKLEOPATRAd1da30296541 Remove useless signal-slot connection
rKLEOPATRA0b981dfef4a3 Remove signal nobody connects to
rKLEOPATRA1d6369638893 Keep full name of extracted directories
rKLEOPATRA00641f60e86b Initialize members in-class
rKLEOPATRA801427781b0b Remove unimplemented function
rKLEOPATRA1f474595d6bf Use new archive jobs for creating signed and/or encrypted archives
rKLEOPATRAd349a86f1124 Separate version checks and update to actual upcoming version number
rKLEOPATRAff837375c161 Do not crash if input is a null pointer
rKLEOPATRA6b81a9fdc2d9 Don't initialize members that are default initialized
rM GPGME
rMfde20940b5ca core: New data flags "io-buffer-size" and "sensitive".
rMceb8387460b0 core,w32: Increase BUFFER_SIZE to 4096

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
aheinecke triaged this task as High priority.Jun 10 2021, 1:11 PM
aheinecke added a project: Restricted Project.Jun 10 2021, 3:48 PM
aheinecke mentioned this in T5481: Kleopatra: Progress indication for large archives wrong.
aheinecke added a commit: rMceb8387460b0: core,w32: Increase BUFFER_SIZE to 4096.Jun 10 2021, 4:03 PM
werner added a commit: rMfde20940b5ca: core: New data flags "io-buffer-size" and "sensitive"..Jun 14 2021, 8:09 PM
werner mentioned this in T5499: Release GPGME 1.16.0.Jun 24 2021, 7:40 PM
werner lowered the priority of this task from High to Normal.May 13 2022, 4:01 PM

We have a workaround by using a recent version of gpgtar directly. Thus lowering priority.

aheinecke added a comment.Jan 5 2023, 10:14 AM

We have discussed this and what we think would be the best solution would be to have an extension in the engine-gpg of GpgME either through a flag or through a new API to use gpgtar directly with --encrypt and decrypt. This should behave exactly like the gpg encrypt / decrypt / verify functions but would avoid the need of Piping in Kleopatra. It is a fairly recent development that gpgtar can do the crypto operations by itself so this is why this was not done initially.

aheinecke removed aheinecke as the assignee of this task.Jan 5 2023, 10:14 AM
aheinecke mentioned this in T6328: Kleopatra: Hangs when decrypting an archive on an USB Stick.
aheinecke raised the priority of this task from Normal to High.Jan 5 2023, 10:19 AM
aheinecke merged a task: T6328: Kleopatra: Hangs when decrypting an archive on an USB Stick.
aheinecke added a subscriber: ikloecker.

Since the issue T6328 described an issue with high pirority which would be fixed by this issue I am raising the prio here.

aheinecke added a subtask: T6342: GPGME/Kleopatra: Extend gpgme to use gpgtar.Jan 11 2023, 12:30 PM
aheinecke mentioned this in T6342: GPGME/Kleopatra: Extend gpgme to use gpgtar.
ikloecker claimed this task.Jan 11 2023, 12:33 PM
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
aheinecke mentioned this in T5475: Kleopatra: Crash when decrypting large archives.Jan 17 2023, 1:16 PM
aheinecke merged a task: T5475: Kleopatra: Crash when decrypting large archives.
aheinecke mentioned this in T4180: Kleopatra: Crash when decrypting large archives.
aheinecke merged a task: T4180: Kleopatra: Crash when decrypting large archives.
aheinecke added a subscriber: Alex77.
ikloecker added a commit: rKLEOPATRA6b81a9fdc2d9: Don't initialize members that are default initialized.Feb 6 2023, 10:03 AM
ikloecker added a commit: rKLEOPATRAff837375c161: Do not crash if input is a null pointer.
ikloecker added a commit: rKLEOPATRAd349a86f1124: Separate version checks and update to actual upcoming version number.
ikloecker added a commit: rKLEOPATRA1f474595d6bf: Use new archive jobs for creating signed and/or encrypted archives.
ikloecker added a commit: rKLEOPATRA801427781b0b: Remove unimplemented function.Feb 9 2023, 12:07 PM
ikloecker added a commit: rKLEOPATRA00641f60e86b: Initialize members in-class.
ikloecker added a commit: rKLEOPATRA1d6369638893: Keep full name of extracted directories.
ikloecker added a commit: rKLEOPATRAd1da30296541: Remove useless signal-slot connection.
ikloecker added a commit: rKLEOPATRA0b981dfef4a3: Remove signal nobody connects to.
ikloecker added a commit: rKLEOPATRA9b9d0ba8be26: Remove now superfluous private emitResult functions.
ikloecker added a commit: rKLEOPATRAa8e768449be9: Use new archive job for extracting signed and/or encrypted archives.
ikloecker added a commit: rKLEOPATRAb6618773c796: Show a nice label in the results when creating an archive.
ikloecker added a commit: rKLEOPATRA4855f44c0cbe: Strip trailing slashes from input filenames.
ikloecker added a commit: rKLEOPATRA4f5f852e6aea: Add missing check if QGpgME support archive jobs.Feb 9 2023, 12:11 PM
ikloecker added a commit: rKLEOPATRA752028f8fecc: Don't define functions if they are not used.Feb 9 2023, 12:15 PM
ikloecker added a commit: rKLEOPATRAeb937a2508e2: Avoid unused parameter warnings.Feb 9 2023, 12:21 PM
ikloecker added a comment.Feb 10 2023, 11:09 AM

I did some tests. I encrypted the g10/src folder which contains multiple repos (33098 files) with a total weight of about 1.4 GiB.

Using Kleopatra 3.1.24.221202 (22.12.2) with GnuPG 2.3.8 and gpgme 1.18 (openSUSE Tumbleweed):
36.5 s
34.8 s
34.1 s
36.2 s (control after 3 runs with my dev build)

Using Kleopatra master with GnuPG 2.4.1-beta21 and gpgme master:
37.2 s
40.2 s
36.2 s
35.2 s (control after 4th run with stock build)

As you can see, the new implementation isn't faster. (Luckily, it also isn't significantly slower.)

Other observations:

  • Size of archives: The new archives are a bit larger than the old ones: 1,050 MB (new) vs. 1,023 MB (old). (For tiny test files I observed the opposite.)
  • Progress bar: The old implementation shows a static progress bar (as if the UI was blocked). The new implementation shows a progress bar which alternates between actual progress (n %) and the static progress bar. The progress also sometimes jumps back. I guess the latter is caused by gpgtar discovering new files while processing the directory tree. I have to debug why sometimes the static progress bar is shown.
  • gpgtar --list emits lots of warnings for the archives produced by the old implementation:
gpgtar: [?]: warning: name not terminated by a nul
gpgtar: [?]: header block 997801 is corrupt (size=60 type=9 nrec=1)

There are no warnings for the archives produced by the new implementation.

Using gpgtar --decrypt on an old archive I get

gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.la' - skipped
gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.so' - skipped
gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.so.0' - skipped
[...]
gpgtar: unsupported file type 1 for 'src/gpg4win-appimage-test/.git/objects/pack/pack-480a1e9a96bc93fd3c9c57b7935d843bf7ba83c6.idx' - skipped
[...]
gpgtar: unsupported file type 1 for 'src/gpg4win-appimage-test/.git/objects/00/105321c98a9b556b7fc0fdb127b095ca0f8a16' - skipped

Using gpgtar --decrypt on an old archive I get

gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.la' - skipped
gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.so' - skipped
gpgtar: unsupported file type 2 for 'src/libassuan/src/.libs/libassuan.so.0' - skipped
[...]

i.e. I get the same errors about "unsupported file type 2", but not the errors about "unsupported file type 1".

Diffing the original src tree and the extracted src trees shows that the files for which an error was reported are missing.

ikloecker added a comment.Feb 10 2023, 11:12 AM

"file type 2" may refer to symbolic links.

aheinecke added a comment.Feb 10 2023, 11:30 AM

For testing the old version, did you use GNU Tar with Kleopatra or changed the configuration to use gpgtar?

I have not tested with gpgtar on Linux a lot as Kleopatra was not using it. But T4332 might be related to the corrupted archives. My analysis back then was that we lost data blocks somewhere between QProcess / QIODevice / QGpgME's Dataprovider. And I could not think of a better solution to do the process handling manually in Kleopatra with the windowsprocessdevice. Which is why this code exitsts. Afterwards we have no reports of data loss on windows anymore. Only we had this issue recently with hanging / unflushed output.

werner added a comment.Feb 10 2023, 11:37 AM

These are USTAR types:

case TF_REGULAR:   raw->typeflag[0] = '0'; break;
case TF_HARDLINK:  raw->typeflag[0] = '1'; break;
case TF_SYMLINK:   raw->typeflag[0] = '2'; break;
case TF_CHARDEV:   raw->typeflag[0] = '3'; break;
case TF_BLOCKDEV:  raw->typeflag[0] = '4'; break;
case TF_DIRECTORY: raw->typeflag[0] = '5'; break;
case TF_FIFO:      raw->typeflag[0] = '6'; break;

Un Unix we store symlinks but for other non-regular file we only write the header block. Creating symlinks, hardlink or fifos does not seem to be a good idea for data received from uncertain origins.

ikloecker added a comment.Feb 10 2023, 11:46 AM

Running gpgtar directly only gives slightly better results. The following

GNUPGHOME=~/xxxx gpgtar --batch --status-fd 2 --gpg-args --enable-progress-filter --encrypt --gpg-args --always-trust -r D5E17E5ABC11F4CD060E02D41DD0D4BAF77BE140 -r C02C4012C09B2AE33921CF87577E88AC284DC575 --output - --directory /xxxx src >src-gpgtar.tar.gpg 2>src-gpgtar.log

took about 31.1 seconds.

ikloecker added a comment.Feb 10 2023, 12:28 PM

Okay. So the problems with "file type 1" seem to come from git using hardlinks and tar storing them as hardlinks, but gpgtar ignores them on --decrypt. This would also explain the larger size of the archives if gpgtar stores the hardlinked files multiple times in the archive. Take home message: Don't gpgtar your git repo!

ikloecker added a commit: rKLEOPATRA2313a2ff11ef: Ignore the "what" value of the QGpgME::Job::progress signal.Feb 14 2023, 10:09 AM
ikloecker added a commit: rKLEOPATRAb0b7e48dde12: Use the more specific dataProgress signals for the archive jobs.
ikloecker added a commit: rKLEOPATRA8456af6200b0: Remove unused signal message().
ikloecker added a commit: rKLEOPATRA667b05dd1228: Use new jobProgress signal instead of deprecated progress signal.
ikloecker mentioned this in T6372: Kleopatra: Allow users to change name of sign/encryption result if (archive) file already exists.Feb 14 2023, 10:28 AM
ikloecker mentioned this in T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination.Feb 14 2023, 10:36 AM
ikloecker changed the status of subtask T6372: Kleopatra: Allow users to change name of sign/encryption result if (archive) file already exists from Open to Testing.Feb 22 2023, 11:56 AM
ikloecker changed the status of subtask T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Open to Testing.Mar 16 2023, 10:20 AM
ikloecker closed subtask T6342: GPGME/Kleopatra: Extend gpgme to use gpgtar as Resolved.
ikloecker added a comment.Mar 16 2023, 10:36 AM

I wrote T6412: Kleopatra: Inform user if some files were not extracted from encrypted archive to inform the user about not extracted files. I think this shouldn't block this issue because special files probably don't occur in normal usage of GnuPG VSD.

ikloecker changed the task status from Open to Testing.Mar 16 2023, 10:36 AM
ikloecker removed ikloecker as the assignee of this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

ready for testing

ebo closed subtask T6372: Kleopatra: Allow users to change name of sign/encryption result if (archive) file already exists as Resolved.Apr 27 2023, 1:06 PM
aheinecke added a comment.Jun 9 2023, 3:08 PM

Oh my, so I have not really tested this for nearly three months and had my head in the send when reviewing it. I really need to apologize for that. The performance improvement is _not_ what I hoped for if it is even there.

My test folder ldata-test is a real world game. Its size is 13GB with some large files, some small files ~500 files in 80 folders. Disk is dedicated to this test. Microsoft Defender is active.
I use compress algo-none
No procmon is active.

Kleopatra settings:

Note that the temporary file should be created in the output location, so that we avoid any messy moving from disk to disk.

For Kleo the most helpful timing is the debug log IMO. I have reset the debugview right before clicking on "encrypt".

Notice that the Disk IO for the most time never went above 30%, in the end there were some spikes with larger then 40%. CPU Load is higher across the board. Neutral timing is obtained by dbgview. Which I reset right before clicking encrypt. So 0:00 coincides with the start of the operation:

Same disks, same files, same everything. One took 42 seconds The other 248 seconds. For me this means we have to go back to the drawing board.

ebo added a subscriber: ebo.Jun 9 2023, 3:17 PM
ikloecker added a subtask: T6530: GPGME / QGpgME Extend Archivejobs to accept input / output from a filename.Jun 12 2023, 6:25 PM
ikloecker changed the task status from Testing to Open.Jun 12 2023, 6:38 PM
ikloecker claimed this task.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.
ikloecker changed the status of subtask T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination from Testing to Open.Jun 15 2023, 12:07 PM
ikloecker added a commit: rKLEOPATRA9c9027f85254: Fix removing of temporary files with UNC paths.Jun 15 2023, 1:33 PM
ikloecker added a commit: rKLEOPATRAd4a5f9c2512e: Let OverwritePolicy take care of asking users whether to overwrite a file.
ikloecker added a commit: rKLEOPATRA31f84464df70: Only ask the user for overwrite permission if file exists.
ikloecker added a commit: rKLEOPATRAa15434ddc59b: Check for existing files before starting any encryption tasks.
ikloecker added a commit: rKLEOPATRA04adbffa2aee: Add missing getter for output file name.Jun 15 2023, 1:43 PM
ikloecker added a commit: rKLEOPATRA15e39d51229c: Make archive jobs write created archives directly to files.Jun 20 2023, 10:33 AM
ikloecker added a commit: rKLEOPATRA6b9a1c728192: Make archive jobs read signed/encrypted archives directly from files.Jun 21 2023, 4:42 PM
ikloecker changed the task status from Open to Testing.Jun 21 2023, 4:59 PM
ikloecker changed the status of subtask T6530: GPGME / QGpgME Extend Archivejobs to accept input / output from a filename from Open to Testing.
ikloecker mentioned this in T6530: GPGME / QGpgME Extend Archivejobs to accept input / output from a filename.
ikloecker moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.

ready for testing

ikloecker removed ikloecker as the assignee of this task.Jun 21 2023, 5:01 PM
ikloecker removed a subtask: T6373: Kleopatra: Show progress dialog when moving decrypted archive to final destination.
aheinecke added a comment.Jul 4 2023, 2:27 PM

I ran the test AES.OCB encrypt only, no compression test with the same GnuPG 2.4 version on Linux.

Encrypting a 16GB folder now takes 17 Seconds. While it took 29 seconds with Kleopatra (23.04.2) See also: https://dev.gnupg.org/T6561

ebo closed subtask T6530: GPGME / QGpgME Extend Archivejobs to accept input / output from a filename as Resolved.Jul 6 2023, 2:45 PM
aheinecke closed this task as Resolved.Jul 19 2023, 4:56 PM
aheinecke claimed this task.

Macro dancewithme: We did it for gpgtar Now let us do it for all other files, too

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 20 2023, 10:32 AM