From 319f8f83a482ec878a87370170f882865c0cd981 Mon Sep 17 00:00:00 2001
From: Henrique Borges <henriqueborgeshbr@gmail.com>
Date: Wed, 14 Dec 2022 14:57:22 -0300
Subject: [PATCH] Implement benchmark on a Dockerfile

---
 Makefile              |  9 +++++++++
 README.md             | 33 +++++++++++----------------------
 benchmark/Dockerfile  | 42 ++++++++++++++++++++++++++++++++++++++++++
 benchmark/doas.conf   |  1 +
 benchmark/run         | 23 +++++++++++++++++++++++
 benchmark/sudoers     |  1 +
 benchmark/whoami-test |  7 +++++++
 7 files changed, 94 insertions(+), 22 deletions(-)
 create mode 100644 benchmark/Dockerfile
 create mode 100644 benchmark/doas.conf
 create mode 100755 benchmark/run
 create mode 100644 benchmark/sudoers
 create mode 100755 benchmark/whoami-test

diff --git a/Makefile b/Makefile
index a032444..a77829d 100644
--- a/Makefile
+++ b/Makefile
@@ -28,3 +28,12 @@ uninstall:
 
 clean:
 	rm rdo
+
+bench-clean:
+	docker rmi -f rdo-benchmark
+
+bench-build: bench-clean
+	docker buildx build -t rdo-benchmark -f benchmark/Dockerfile .
+
+bench-run:
+	docker run --rm -t rdo-benchmark
diff --git a/README.md b/README.md
index 3065414..d0eb07c 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ session_ttl=5
 
 ### Benchmarks
 
-The benchmark: Execute `whoami` (GNU coreutils 8.32) 1000 times.
+The benchmark: Execute `whoami` (GNU coreutils 9.1) 10000 times.
 
 Yes, this is a silly benchmark. Yes, the performance gain in real world application is close to nothing.
 
@@ -58,32 +58,21 @@ But it's fun!
 
 |Program|Time|
 --- | --- 
-sudo 1.9.9 | 22.12s
-opendoas 6.8.2 | 13.5s
-rdo 1.4 | 3.5s
-Baseline | 2.1s
+sudo 1.19.11 | 46.85s
+doas 6.8.2 | 32.57s
+rdo 1.4.2 | 13.37s
+Baseline | 7.95s
 
-Baseline here is how long it took without any wrapper to make it root.
+> Baseline here is how long it took without any wrapper to make it root.
 
-These benchmarks were done on a single core of an `AMD FX-8350` processor, on Artix Linux version `5.16.12-zen1-1-zen`.
+These benchmarks were done on a `Intel i5 7200U` processor, on a Debian 12 Docker container.
 
-`sudo` and `opendoas` were pulled from the pacman repos, rdo via AUR.
+`sudo` and `doas` were pulled from the Debian repos, `rdo` was compiled locally.
 
 All configs were kept as default, except allow the `wheel` group on both + enable `persist` on doas.
 
-Script used:
-```sh
-#!/bin/sh
+The benchmark can be executed through a Docker container by running:
 
-$1 whoami
-
-current=$(date +%s.%N)
-for i in {1..1000}; do
-	$1 whoami 2>&1 >/dev/null
-done
-done=$(date +%s.%N)
-
-echo $done - $current | bc
 ```
-
-The script requires `bc` to be installed, for floating point arithmetics.
+make bench-build bench-run
+```
diff --git a/benchmark/Dockerfile b/benchmark/Dockerfile
new file mode 100644
index 0000000..3dd54db
--- /dev/null
+++ b/benchmark/Dockerfile
@@ -0,0 +1,42 @@
+# syntax=docker/dockerfile-upstream:master-labs
+FROM debian:bookworm-slim as base
+
+ADD https://codeberg.org/sw1tchbl4d3/stdinify.git#main /stdinify
+
+ENV DEBIAN_FRONTEND noninteractive
+
+# install build dependencies and benchmarked programs
+RUN apt-get update
+RUN apt-get -y upgrade
+RUN apt-get -y --no-install-recommends install make gcc libc6-dev time sudo=1.9.11p3-2 doas=6.8.2-1+b1
+RUN apt-get clean
+RUN rm -rf /var/lib/apt/lists/*
+
+# create normal user
+RUN useradd -m rdo
+RUN printf "rdo123\nrdo123" | passwd rdo
+RUN groupadd wheel
+RUN usermod -a -G wheel rdo
+
+WORKDIR /rdo
+
+# build rdo
+RUN --mount=type=bind,target=/rdo,rw \
+    make -j "$(nproc)" && \
+    make install
+
+WORKDIR /stdinify
+
+# build stdinify
+RUN make -j "$(nproc)"
+RUN make install
+
+COPY --link benchmark/doas.conf /etc
+COPY --link --chown=0:0 --chmod=440 benchmark/sudoers /etc
+COPY --link benchmark/run benchmark/whoami-test /usr/local/bin/
+
+USER rdo
+
+WORKDIR /home/rdo
+
+ENTRYPOINT ["run", "sudo", "doas", "rdo"]
diff --git a/benchmark/doas.conf b/benchmark/doas.conf
new file mode 100644
index 0000000..34c6fa6
--- /dev/null
+++ b/benchmark/doas.conf
@@ -0,0 +1 @@
+permit persist rdo as root
diff --git a/benchmark/run b/benchmark/run
new file mode 100755
index 0000000..647fabd
--- /dev/null
+++ b/benchmark/run
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+programs="$@"
+
+if [ -z "$programs" ]; then
+    echo 'No programs specified (rdo, doas or sudo)'
+    exit 1
+fi
+
+for program in $programs; do
+    if ! which "$program" >/dev/null 2>&1; then
+        echo "Command not found: $program"
+        exit 1
+    fi
+done
+
+for program in $programs; do
+    time -f "$program %es" -o benchmark-results -a whoami-test "$program"
+done
+
+time -f "baseline %es" -o benchmark-results -a whoami-test
+
+cat benchmark-results
diff --git a/benchmark/sudoers b/benchmark/sudoers
new file mode 100644
index 0000000..40695bb
--- /dev/null
+++ b/benchmark/sudoers
@@ -0,0 +1 @@
+%wheel ALL=(ALL:ALL) ALL
diff --git a/benchmark/whoami-test b/benchmark/whoami-test
new file mode 100755
index 0000000..4d44166
--- /dev/null
+++ b/benchmark/whoami-test
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+program="$1"
+
+for _ in $(seq 1 10000); do
+    echo rdo123 | $program whoami >/dev/null
+done