mercurial/dummycert.pem
author |
Gregory Szorc <gregory.szorc@gmail.com> |
|
Sun, 27 Sep 2015 16:08:18 -0700 |
changeset 26379 |
39d643252b9f |
parent 22575 |
d7f7f1860f00
|
permissions |
-rw-r--r-- |
revlog: use existing file handle when reading during _addrevision
_addrevision() may need to read from revlogs as part of computing
deltas. Previously, we would flush existing file handles and open
a new, short-lived file handle to perform the reading.
If we have an existing file handle, it seems logical to reuse it
for reading instead of opening a new file handle. This patch
makes that the new behavior.
After this patch, revlog files are only reopened when adding
revisions if the revlog is switched from inline to non-inline.
On Linux when unbundling a bundle of the mozilla-central repo, this
patch has the following impact on system call counts:
Call Before After Delta
write 827,639 673,390 -154,249
open 700,103 684,089 -16,014
read 74,489 74,489 0
fstat 493,924 461,896 -32,028
close 249,131 233,117 -16,014
stat 242,001 242,001 0
lstat 18,676 18,676 0
lseek 20,268 20,268 0
ioctl 14,652 13,173 -1,479
TOTAL 3,180,758 2,930,679 -250,079
It's worth noting that many of the open() calls fail due to missing
files. That's why there are many more open() calls than close().
Despite the significant system call reduction, this change does not
seem to have a significant performance impact on Linux.
On Windows 10 (not a VM, on a SSD), this patch appears to reduce
unbundle time for mozilla-central from ~960s to ~920s. This isn't
as significant as I was hoping. But a decrease it is nonetheless.
Still, Windows unbundle performance is still >2x slower than Linux.
Despite the lack of significant gains, fewer system calls is fewer
system calls. If nothing else, this will narrow the focus of potential
areas to optimize in the future.
A dummy certificate that will make OS X 10.6+ Python use the system CA
certificate store:
-----BEGIN CERTIFICATE-----
MIIBIzCBzgIJANjmj39sb3FmMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmhn
LmV4YW1wbGUuY29tMB4XDTE0MDgzMDA4NDU1OVoXDTE0MDgyOTA4NDU1OVowGTEX
MBUGA1UEAxMOaGcuZXhhbXBsZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
mh/ZySGlcq0ALNLmA1gZqt61HruywPrRk6WyrLJRgt+X7OP9FFlEfl2tzHfzqvmK
CtSQoPINWOdAJMekBYFgKQIDAQABMA0GCSqGSIb3DQEBBQUAA0EAF9h49LkSqJ6a
IlpogZuUHtihXeKZBsiktVIDlDccYsNy0RSh9XxUfhk+XMLw8jBlYvcltSXdJ7We
aKdQRekuMQ==
-----END CERTIFICATE-----
This certificate was generated to be syntactically valid but never be usable;
it expired before it became valid.
Created as:
$ cat > cn.conf << EOT
> [req]
> distinguished_name = req_distinguished_name
> [req_distinguished_name]
> commonName = Common Name
> commonName_default = no.example.com
> EOT
$ openssl req -nodes -new -x509 -keyout /dev/null \
> -out dummycert.pem -days -1 -config cn.conf -subj '/CN=hg.example.com'
To verify the content of this certificate:
$ openssl x509 -in dummycert.pem -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 15629337334278746470 (0xd8e68f7f6c6f7166)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=hg.example.com
Validity
Not Before: Aug 30 08:45:59 2014 GMT
Not After : Aug 29 08:45:59 2014 GMT
Subject: CN=hg.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (512 bit)
Modulus:
00:9a:1f:d9:c9:21:a5:72:ad:00:2c:d2:e6:03:58:
19:aa:de:b5:1e:bb:b2:c0:fa:d1:93:a5:b2:ac:b2:
51:82:df:97:ec:e3:fd:14:59:44:7e:5d:ad:cc:77:
f3:aa:f9:8a:0a:d4:90:a0:f2:0d:58:e7:40:24:c7:
a4:05:81:60:29
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
17:d8:78:f4:b9:12:a8:9e:9a:22:5a:68:81:9b:94:1e:d8:a1:
5d:e2:99:06:c8:a4:b5:52:03:94:37:1c:62:c3:72:d1:14:a1:
f5:7c:54:7e:19:3e:5c:c2:f0:f2:30:65:62:f7:25:b5:25:dd:
27:b5:9e:68:a7:50:45:e9:2e:31