fix(perf): sign multiple files at once #347
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Looks like this does essentially the same thing as mine, although it uses one invocation per "level" rather than spawning multiple EDIT: that said, my thing fixes an unrelated bug where a |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I was recently debugging a code-signing issue and noticed in the logs that we're signing one file at a time, which translates to a few hundreds of
childProcess.exec('codesign')calls.codesignsupports passing multiple files at once, so we can take advantage of that to keep the number of child processes we have to spawn (and the associated overhead) to a minimum.At first, I tried to sign all files with identical args with a single
codesigncall, but the tests for thev7.0.0-beta.3-darwin-x64andv7.0.0-beta.3-mas-x64artifacts were failing. I figured that was related to fact that that we're supposed to sign the bundle from the inside out as described here, so I changed the logic to take into account the position of the files in the file tree, and now all files at the same depth that share the same arguments are signed at the same time.I did some crude benchmarking on my machine with the Electron artifacts used in
@electron/osx-sign's test cases byconsole.timeing the total time spent and counting how many child processes we're spawning. Using themainbranch, the heaviest artifact isv6.0.3-darwin-x64, which takes 55.737s to complete and callscodesign227 times in total — with my branch, the same artifact is signed in 47.938s (~14% less time) while spawning only 13 child processes.I didn't realize we had an open PR for improving code-signing performance until just before opening this one. @SuperDisk, I couldn't test your branch locally because of some build errors, but if my PR lands before yours let me know if it helps with your use case. My PR uses a different approach, so if it doesn't solve your problem completely it could potentially speed things up some more when combined with your changes.
Closes #305.