Closed Bug 1559114 Opened 1 year ago Closed 1 year ago

Performance of CRLite intermediates preload update can be improved


(Core :: Security: PSM, enhancement, P2)




Tracking Status
firefox69 --- fixed


(Reporter: leplatrem, Assigned: leplatrem)




(3 files)

A number of operations take a lot a time on my local machine.

For example, the JSON contains 2164 records that are imported in the local DB.

During the first call to .updatePreloadedIntermediates(), 2164 parallel operations will be executed to set cert_import_complete to false. IndexedDB hates that and it takes ages (several minutes). Plus, why set it to false? Why not just rely on falsy values when filtering?

Maybe that's related and we can investigate how to do it, but it would be recommended to use the filtering feature of IndexedDB instead of doing it in memory on the 2100 records. See

const waiting = await col.list({ filters: { cert_import_complete: false } });

Also, later, by default we take a batch of 100 records.
100 HTTP requests are issued in parallel. I believe it would be better to download those 100 chains in chunks of 4-8 parallel requests.

When we set cert_import_complete to true, we do 100 parallel updates, each in its own transaction. See
It would be better to use a single IndexedDB transaction:

await kintoCollection.db.execute(transaction => {
    recordsToUpdate.forEach((record) => {
      transaction.update({...record, cert_import_complete: true});
Assignee: nobody → mathieu

With the current patch the CRLite downloads is a lot more performant, it uses to take minutes and is now almost instantaneous.

Pushed by
Improve debug logging of Remote Settings r=glasserc
Optimize signature verification of Remote Settings dumps r=glasserc
Optimize CRLite intermediates download r=glasserc,jcj,keeler
You need to log in before you can comment on or make changes to this bug.