profiles: slsa: Remove quadratic complexity in SRC_URI iteration

SLSA provenance generation iterates over $A (which is a subset of $SRC_URI) and for each of those tries to find a match in $SRC_URI. That's quadratic complexity, and the performance impact is bad because we shell out to a helper utility (basename) for every entry. This is leading to long stalls when generating SLSA for packages with long distfile lists, like go and rust packages. Iterate over SRC_URI once and create a dictionary to speed up subsequent lookups. dev-db/etcdctl is a good candidate for testing. Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2025-08-09 14:06:58 +02:00 · 2023-11-17 12:51:33 +01:00 · 2023-11-17 12:51:33 +01:00 · 0993a9ada2
commit 0993a9ada2
parent 9faab4387e
1 changed files with 26 additions and 26 deletions
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc.slsa-provenance
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/profile.bashrc.slsa-provenance
@ -133,35 +133,35 @@ __slsa_provenance_resolved_dependencies() {
        # There can be multiple, and can be used conditionally based on use flags,
        #  and even replaced with different local names ("http://... -> othername.tgz"). So
        #  we go through what's actually used ($A), then find the corresponding source URI.
-        local src prev_uri rename orig_name found
-        for src in ${A}; do
-            found=
-            rename=
-            prev_uri=''
-            orig_name=''
+        declare -A uri_dict=() uri_orig_names=()
+        local prev_uri='' rename='' base_name prev_base_name
        for uri in ${SRC_URI}; do
            if [[ ${uri} = '->' ]] ; then
                rename=x
                continue
            fi
-                if [[ ${src} = "$(basename "${uri}")" ]] ; then
-                    orig_name=${src}
+            base_name=$(basename "${uri}")
+            uri_orig_names["${uri}"]=${base_name}
            if [[ -n ${rename} ]] ; then
+                unset "uri_dict[${prev_base_name}]"
                uri=${prev_uri}
-                        orig_name=$(basename "${uri}")
            fi
+            uri_dict["${base_name}"]=${uri}
+            rename=
+            prev_uri=${uri}
+            prev_base_name=${base_name}
+        done
+        local src orig_name
+        for src in ${A}; do
+            uri=${uri_dict["${src}"]:-}
+            if [[ -z ${uri} ]] ; then
+                die "No SRC_URI found for source '${src}', unable to record provenance!"
+            fi
+            orig_name=${uri_orig_names["${uri}"]}
            einfo "    Provenance: recording tarball material (input) '${src}' ('${orig_name}')"
            csum=$(sha512sum "${DISTDIR}/${src}")
            csum=${csum%% *}
            __slsa_rd_printf "${uri}" 'sha512' "${csum}"
-                    found=x
-                fi
-                rename=
-                prev_uri=${uri}
-            done
-            if [[ -z ${found} ]] ; then
-                die "No SRC_URI found for source '${src}', unable to record provenance!"
-            fi
        done
    elif [[ -n ${EGIT_REPO_URI:-} ]] ; then
        # package is built from repo checkout (git)