2023-07-26 21:36:40 |
Ye Lu |
bug |
|
|
added bug |
2023-07-26 21:36:40 |
Ye Lu |
attachment added |
|
add-trusted-sender-arg.patch https://bugs.launchpad.net/bugs/2028810/+attachment/5688659/+files/add-trusted-sender-arg.patch |
|
2023-07-27 00:16:22 |
Ubuntu Foundations Team Bug Bot |
tags |
|
patch |
|
2023-07-27 00:16:26 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2023-07-28 16:39:20 |
Lena Voytek |
nominated for series |
|
Ubuntu Focal |
|
2023-07-28 16:39:20 |
Lena Voytek |
bug task added |
|
rsync (Ubuntu Focal) |
|
2023-07-28 16:39:31 |
Lena Voytek |
rsync (Ubuntu): status |
New |
Fix Released |
|
2023-07-28 16:39:50 |
Lena Voytek |
rsync (Ubuntu Focal): status |
New |
Incomplete |
|
2023-07-28 21:37:58 |
Lena Voytek |
bug |
|
|
added subscriber Lena Voytek |
2023-08-04 22:47:31 |
Lena Voytek |
rsync (Ubuntu Focal): status |
Incomplete |
In Progress |
|
2023-08-04 22:47:32 |
Lena Voytek |
rsync (Ubuntu Focal): assignee |
|
Lena Voytek (lvoytek) |
|
2023-08-07 16:07:16 |
Ye Lu |
rsync (Ubuntu): status |
Fix Released |
Confirmed |
|
2023-08-07 16:07:21 |
Ye Lu |
rsync (Ubuntu): status |
Confirmed |
Fix Released |
|
2023-08-07 16:32:45 |
Lena Voytek |
description |
OS: Ubuntu 20.04 Focal
Package: rsync 3.1.3-8ubuntu0.5
rsync's performance was regressed by ~7x amount after some security patch (debian/patches/CVE-2022-29154-*) was applied to the package, and introduced a list of filters that iterate on every file being transferred. We think that was where the performance regression came from.
A Jammy version of the package (3.2.5) introduced a new flag "--trust-sender" that allowed user to avoid the expensive client-side filtering introduced by those security patches. After pulling this change (https://github.com/WayneD/rsync/commit/cff8f044776c5143a5b270969d4bb0f1fea8b017) from rsync ourselves and applied it to the Focal version, the performance regression went away.
The patch we used to backport our Focal rsync is attached in this thread. Can you please backport it too? |
[Impact]
Recent necessary security fixes to rsync have caused a slow down in transfer speeds due to additional authentication. In more recent versions of rsync this can be mitigated when the environment is trusted with the --trust-sender flag.
In order to accomidate this use case, the flag should be backported to focal too.
[Test Plan]
$ lxc launch ubuntu:focal test-rsync-receiver
$ lxc exec test-rsync-receiver bash
# apt update && apt dist-upgrade -y
# apt install openssh-server rsync -y
# passwd ubuntu
- set password for user
# exit
- Check ip of receiver with lxc list
$ lxc list
$ lxc launch ubuntu:focal test-rsync-sender
$ lxc exec test-rsync-sender bash
# apt update && apt dist-upgrade -y
# apt install rsync -y
- Create a random file to send over
# dd if=/dev/urandom of=randomfile.bin bs=1M count=1000
- Send without --trust-sender
# rsync -av randomfile.bin ubuntu@<receiver ip>:~/file1.bin
- Send with --trust-sender
# rsync -av --trust-sender randomfile.bin ubuntu@<receiver ip>:~/file2.bin
With the fix in place, --trust-sender is a valid argument and the transfer is notably faster as reported back by rsync.
[Where problems could occur]
Since this change adds a new feature in the form of an input flag, problems could occour when using it. This could include issues from skipping security checks between the sending and receiving machine. Another possible problem would be issues with command line input parsing due to the additional valid argument.
[Other Info]
The --trust-sender option is already available in Jammy and later
[Original Description]
OS: Ubuntu 20.04 Focal
Package: rsync 3.1.3-8ubuntu0.5
rsync's performance was regressed by ~7x amount after some security patch (debian/patches/CVE-2022-29154-*) was applied to the package, and introduced a list of filters that iterate on every file being transferred. We think that was where the performance regression came from.
A Jammy version of the package (3.2.5) introduced a new flag "--trust-sender" that allowed user to avoid the expensive client-side filtering introduced by those security patches. After pulling this change (https://github.com/WayneD/rsync/commit/cff8f044776c5143a5b270969d4bb0f1fea8b017) from rsync ourselves and applied it to the Focal version, the performance regression went away.
The patch we used to backport our Focal rsync is attached in this thread. Can you please backport it too? |
|
2023-08-07 17:35:01 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/rsync/+git/rsync/+merge/448637 |
|
2023-08-18 21:43:18 |
Ubuntu Archive Robot |
bug |
|
|
added subscriber Bryce Harrington |
2023-08-22 21:42:26 |
Krister Johansen |
bug |
|
|
added subscriber Krister Johansen |
2023-08-23 03:33:19 |
Chris Halse Rogers |
rsync (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2023-08-23 03:33:20 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2023-08-23 03:33:22 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2023-08-23 03:33:27 |
Chris Halse Rogers |
tags |
patch |
patch verification-needed verification-needed-focal |
|
2023-08-24 14:42:21 |
Lena Voytek |
tags |
patch verification-needed verification-needed-focal |
patch verification-done verification-done-focal |
|
2023-09-01 12:16:01 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
2023-09-01 22:29:10 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~lvoytek/ubuntu/+source/rsync/+git/rsync/+merge/450497 |
|
2023-09-07 12:05:36 |
Robie Basak |
tags |
patch verification-done verification-done-focal |
patch verification-needed verification-needed-focal |
|
2023-09-07 17:34:43 |
Lena Voytek |
tags |
patch verification-needed verification-needed-focal |
patch verification-done verification-done-focal |
|
2023-09-20 07:02:32 |
Launchpad Janitor |
rsync (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2023-09-20 07:02:36 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|