On 1/27/21 8:30 PM, Kevin Fenzi wrote:
On Wed, Jan 27, 2021 at 10:48:46AM +0200, Panu Matilainen wrote:
On 1/26/21 8:44 PM, Kevin Fenzi wrote:
So, the thread here kind of fell quiet with everything else going on.
It seems clear there's issues to address here before this change might
get approved. Here's my list:
* Try and change the storage format of the signatures to not take up
tons of room. I guess this would be in ima tools and sigul?
That'd be rpm upstream work.
On my F33 laptop, there are 331284 rpm-installed files. The IMA signature as
proposed is apparently 162 bytes per file in the hex-encoded format, this
makes for approximately 51 megabytes of data. My rpmdb is about 115
megabytes. That'd be almost 45% increase in size!
SO, I don't really understand... Patrick says in the Change:
"The size of the rpmdb increases from 22952 to 28416 bytes, a 20%
increase. This is on an install size of 1.7GB in total, so this 5MB
increase is a 0.3% size increase on the final installed system."
Is that just because he used the server install with fewer files?
As directories are not signed, in a smaller installation the directory
vs file ratio could be different, making the overhead smaller than in a
larger install. Looking at the F33 server edition install, there are
59246 files total, 22837 of which are directories. That's a very
different ratio to my laptop install where there are 402158 files total
of which 70874 are directories.
So it's a case of "it depends" and it depends quite a lot. By no means
the overhead is always 45% but neither is it always 20% - depending on
the exact package set it can be even be quite a bit more or less than
either figure.
Or is your or his math wrong here?
You're free to check the math [1]. As said above, the size of an IMA
signature is 162 bytes per file, which you can also see for yourself by
looking at a signed package. Multiply that by the number of files
installed. The real overhead from the string array structure is more
than that, but just the signature data is 162 bytes per non-directory
file entry.
Whether the database file size increases by that exact amount depends as
a database can preallocate space etc, but there literally is that much
more data to store, and otherwise haul around even on unrelated queries.
[1] I'm known to get it wrong on occasion,
https://github.com/rpm-software-management/rpm/pull/1252
- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
