prelink performance gains
Robert Relyea
rrelyea at redhat.com
Wed Oct 16 22:16:35 UTC 2013
On 10/15/2013 11:52 AM, Jan Kratochvil wrote:
> On Tue, 15 Oct 2013 20:25:10 +0200, Paul Wouters wrote:
>> - complexity
>> - complicated prelink blacklists
>> - complicated cron job exclusion with sysconfig
> You can always make your software development life more simple by giving up on
> some useful feature. That -O2 vs. -O0 build is a good comparison.
I think the point is that the 'feature' is not viewed as useful. I can
measure and see the performance improvement -O2 gains me. Yes it does
complicate debugging, but it's being actively maintained, and the
debugger does an OK job of handling it.
prelink throws rocks at a lot of packages that have to check the
integrity of the shared libraries they are using. It provides no real
useful way of assisting in those tasks, and we can't meaningfully
measure or observe the performance gains. You will need to strongly show
the latter, because the cost it forces on other packages is unbearable.
>
>
>> - FIPS foot-bullets
> I really do not care and do not run FIPS. Disable/uninstall prelink for FIPS.
1. Some packages supports FIPS on the fly. Prelink puts me between a
rock and a hard place. I can't embargo my library because glibc would
then be embargoed (because prelink automatically embargos libraries that
depend on other libraries that are embargoed), so I have to exec the
prelink to get the original library, which causes problems with some
applications running under restricted policies.
2. FIPS isn't the only place you need to do sofware integrity checks.
(see rpm).
If prelink provided noticeable improvement, I would say we put the
resources into prelink to make it play more nicely with these integrity
systems, but since it doesn't, the more rational approach is have it go
away.
bob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4521 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20131016/6550c833/attachment-0001.p7s>
More information about the devel
mailing list