Installing / updating dependencies seems very slow

[asgrim]

Hi there. I seem to have some issue with the Installing or Updating dependencies steps taking forever. To isolate my issue somewhat, I created a new directory, use the latest composer at the moment (19bfd6c7), and put this composer.json, nothing else:

{
    "require": {
        "php": ">=5.4",
        "zendframework/zendframework": "2.*",
        "doctrine/doctrine-orm-module": "0.*"
    },
    "require-dev": {
        "zendframework/zend-developer-tools": "dev-master"
    }
}

First output:

$ php composer.phar install --profile
[3.1MB/0.37s] Loading composer repositories with package information
[3.4MB/0.90s] Installing dependencies
[37.7MB/64.18s]   - Installing zendframework/zendframework (2.1.4)
[37.7MB/64.19s] [37.7MB/66.89s]     Downloading: 0%[37.7MB/66.89s]              [38.0MB/67.45s]     Downloading:[38.2MB/67.57s]     Downloading:[38.5MB/67.72s]     Downloading:[38.8MB/68.02s]     Downloading:[39.1MB/68.28s]     Downloading:[39.3MB/68.43s]     Downloading:[39.6MB/68.66s]     Downloading:[39.9MB/68.91s]     Downloading:[40.2MB/69.07s]     Downloading:[40.4MB/69.34s]     Downloading:[40.7MB/69.58s]     Downloading:[41.0MB/69.82s]     Downloading:[41.3MB/70.10s]     Downloading:[41.5MB/70.41s]     Downloading:[41.8MB/70.70s]     Downloading:[42.1MB/70.98s]     Downloading:[42.4MB/71.28s]     Downloading:[42.6MB/71.54s]     Downloading: 90%[42.9MB/71.84s]     Downloading:[43.2MB/72.09s]     Downloading:[43.2MB/72.13s]     Downloading: 100%[43.2MB/72.13s] 
[37.7MB/79.99s] 
[37.7MB/80.01s]   - Installing doctrine/common (2.3.0)
[37.7MB/80.01s] [37.7MB/81.07s]     Downloading: 0%[37.7MB/81.07s]              [37.7MB/81.20s]     Downloading:[37.7MB/81.23s]     Downloading:[37.8MB/81.31s]     Downloading:[37.8MB/81.31s]     Downloading:[37.8MB/81.39s]     Downloading:[37.8MB/81.40s]     Downloading:[37.8MB/81.44s]     Downloading:[37.8MB/81.47s]     Downloading:[37.8MB/81.48s]     Downloading:[37.9MB/81.52s]     Downloading:[37.9MB/81.52s]     Downloading:[37.9MB/81.55s]     Downloading:[37.9MB/81.60s]     Downloading:[37.9MB/81.61s]     Downloading:[37.9MB/81.63s]     Downloading:[37.9MB/81.63s]     Downloading:[37.9MB/81.64s]     Downloading: 100%[37.9MB/81.64s] 
[37.7MB/82.17s] 
[37.7MB/82.69s]   - Installing doctrine/dbal (2.3.3)
[37.7MB/82.70s] [37.7MB/83.82s]     Downloading: 0%[37.7MB/83.82s]              [37.7MB/84.06s]     Downloading:[37.8MB/84.12s]     Downloading:[37.8MB/84.20s]     Downloading:[37.8MB/84.22s]     Downloading:[37.8MB/84.36s]     Downloading:[37.9MB/84.37s]     Downloading:[37.9MB/84.52s]     Downloading:[37.9MB/84.53s]     Downloading:[37.9MB/84.61s]     Downloading:[38.0MB/84.62s]     Downloading:[38.0MB/84.69s]     Downloading:[38.0MB/84.76s]     Downloading:[38.0MB/84.77s]     Downloading:[38.0MB/84.84s]     Downloading:[38.1MB/84.85s]     Downloading:[38.1MB/84.92s]     Downloading:[38.1MB/84.93s]     Downloading:[38.1MB/85.00s]     Downloading: 95%[38.1MB/85.01s]     Downloading: 100%[38.1MB/85.02s] 
[37.7MB/85.61s] 
[37.7MB/85.63s]   - Installing symfony/console (v2.2.1)
[37.7MB/85.63s] [37.7MB/86.83s]     Downloading: 0%[37.7MB/86.83s]              [37.7MB/86.99s]     Downloading:[37.8MB/87.02s]     Downloading:[37.8MB/87.10s]     Downloading:[37.8MB/87.15s]     Downloading:[37.8MB/87.15s]     Downloading: 100%[37.8MB/87.15s] 
[37.7MB/87.50s] 
[37.7MB/87.53s]   - Installing doctrine/orm (2.3.3)
[37.7MB/87.53s] [37.7MB/88.60s]     Downloading: 0%[37.7MB/88.61s]              [37.8MB/88.85s]     Downloading:[37.8MB/88.93s]     Downloading:[37.9MB/89.01s]     Downloading:[37.9MB/89.09s]     Downloading:[38.0MB/89.14s]     Downloading:[38.0MB/89.22s]     Downloading:[38.1MB/89.26s]     Downloading:[38.1MB/89.33s]     Downloading:[38.2MB/89.40s]     Downloading:[38.3MB/89.46s]     Downloading:[38.3MB/89.50s]     Downloading:[38.4MB/89.57s]     Downloading:[38.4MB/89.65s]     Downloading:[38.5MB/89.72s]     Downloading:[38.5MB/89.76s]     Downloading:[38.6MB/89.82s]     Downloading:[38.6MB/89.89s]     Downloading:[38.7MB/89.95s]     Downloading: 90%[38.7MB/90.00s]     Downloading:[38.8MB/90.06s]     Downloading:[38.8MB/90.06s]     Downloading: 100%[38.8MB/90.06s] 
[37.7MB/91.28s] 
[37.7MB/91.31s]   - Installing doctrine/doctrine-module (0.7.1)
[37.7MB/91.31s] [37.7MB/92.42s]     Downloading: 0%[37.7MB/92.42s]              [37.7MB/92.58s]     Downloading:[37.8MB/92.75s]     Downloading:[37.8MB/92.78s]     Downloading:[37.8MB/92.83s]     Downloading:[37.8MB/92.86s]     Downloading: 100%[37.8MB/92.86s] 
[37.7MB/93.24s] 
[37.7MB/93.27s]   - Installing doctrine/doctrine-orm-module (0.7.0)
[37.7MB/93.27s] [37.7MB/94.42s]     Downloading: 0%[37.7MB/94.43s]              [37.7MB/94.58s]     Downloading:[37.7MB/94.62s]     Downloading:[37.8MB/94.85s]     Downloading:[37.8MB/94.85s]     Downloading:[37.8MB/94.85s]     Downloading:[37.8MB/94.93s]     Downloading:[37.9MB/95.09s]     Downloading:[37.9MB/95.10s]     Downloading:[37.9MB/95.10s]     Downloading:[37.9MB/95.10s]     Downloading: 100%[37.9MB/95.10s] 
[37.7MB/95.30s] 
[17.8MB/96.57s] zendframework/zendframework suggests installing ircmaxell/random-lib (Fallback random byte generator for Zend\Math\Rand if OpenSSL/Mcrypt extensions are unavailable)
[17.8MB/96.58s] zendframework/zendframework suggests installing pecl-weakref (Implementation of weak references for Zend\Stdlib\CallbackHandler)
[17.8MB/96.59s] zendframework/zendframework suggests installing zendframework/zendpdf (ZendPdf for creating PDF representations of barcodes)
[17.8MB/96.60s] zendframework/zendframework suggests installing zendframework/zendservice-recaptcha (ZendService\ReCaptcha for rendering ReCaptchas in Zend\Captcha and/or Zend\Form)
[17.8MB/96.61s] doctrine/orm suggests installing symfony/yaml (If you want to use YAML Metadata Mapping Driver)
[17.8MB/96.62s] doctrine/doctrine-module suggests installing doctrine/data-fixtures (Data Fixtures if you want to generate test data or bootstrap data for your deployments)
[17.8MB/96.63s] doctrine/doctrine-orm-module suggests installing zendframework/zend-developer-tools (zend-developer-tools if you want to profile operations executed by the ORM during development)
[17.8MB/96.64s] doctrine/doctrine-orm-module suggests installing doctrine/migrations (doctrine migrations if you want to keep your schema definitions versioned)
[17.9MB/96.75s] Writing lock file
[17.9MB/96.75s] Generating autoload files
Memory usage: 17.9MB (peak: 48.73MB), time: 96.77s

Then:

$ php composer.phar update --profile
[3.2MB/0.90s] Loading composer repositories with package information
[3.5MB/1.52s] Updating dependencies (including require-dev)
[38.6MB/65.96s]   - Installing zendframework/zend-developer-tools (dev-master 3994622)
[38.6MB/65.99s]     Cloning 3994622761f496b666a143156b4d21f19205aa66
[38.6MB/67.64s] 
[17.6MB/68.84s] zendframework/zend-developer-tools suggests installing bjyoungblood/bjy-profiler (Version: dev-master, allows the usage of the (Zend) Db collector.)
[17.9MB/69.30s] Writing lock file
[17.9MB/69.31s] Generating autoload files
Memory usage: 17.64MB (peak: 38.7MB), time: 69.37s

And finally

$ php composer.phar update --profile
[3.2MB/0.43s] Loading composer repositories with package information
[3.5MB/0.81s] Updating dependencies (including require-dev)
[39.0MB/58.74s] Nothing to install or update
[18.3MB/60.22s] Generating autoload files
Memory usage: 18.02MB (peak: 39.02MB), time: 60.3s

Is this expected behaviour to take roughly 60 seconds to determine whether there is updates, even if there are no actual updates? I notice in htop that php has very high CPU usage during this time (90-100%)

I don't suspect a problem with network connectivity or slowness:

$ wget https://packagist.org/p/packages-2013-04.json--2013-04-17 14:58:05--  https://packagist.org/p/packages-2013-04.json
Resolving packagist.org (packagist.org)... 37.59.4.156
Connecting to packagist.org (packagist.org)|37.59.4.156|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/json]
Saving to: `packages-2013-04.json'

    [  <=>                                                                                      ] 1,029,324   2.87M/s   in 0.3s    

2013-04-17 14:58:06 (2.87 MB/s) - `packages-2013-04.json' saved [1029324]

Downloading this JSON from packagist took 0.3s. I just did a speedtest.net check, we have 15ms ping, 73 Mbps down and 32 Mbps up.

The environment I'm running in is Ubuntu 12.04 server, running in a VM on ESX servers, 1 CPU with 2GB RAM.

[Seldaek]

On my laptop I get 18seconds first run and then 10seconds with a warm cache (json files from packagist are cached). So if it's not network (i.e. if you run it twice in a row and it's still as slow) then I guess it's CPU bound. Not sure what to do about that (of course there might be improvements we can do, but nothing major I'm afraid).

Thing is though, you should run update on dev machines which hopefully have decent CPU/ram, and then commit your composer.lock file and run install from that on prod servers. Install from lock is almost instant no matter the machine.

[asgrim]

Thanks for your response - I ran it off the VM (on my laptop directly) and I got 18 seconds first run and 6 seconds following, so I'd agree it's CPU. I also ran the same on my Linode VM and got 25 seconds then 18 seconds.

This is clearly related to my VM performance so is not a Composer issue.

Out of interest, what is Composer actually doing in that initial "Installing dependencies" bit? It seems very CPU intensive. Does it multithread or is it single threaded?

[Seldaek]

It's checking all the requirements of your package and your dependencies to try and find a solution to install. Since it does this in a fairly advanced way unlike some other package manager that took more simple approaches, it can take quite a bit of computing power. Unfortunately php can't do multi-threading, and to be honest I don't know if the problem at hand would be easy to parallelize even if we could.

[asgrim]

Thanks for your time @Seldaek - much appreciated :)

[dsbaars]

Is there any way to disable these checks? I have the same problem on Ubuntu 12.04 x86-64 in a KVM virtual machine (Quad-Core Xeon 2.4 GHz, 4 GB).
The process never (well, not within 3 hours) ends, even on a clean "install" command (Situation: Deploying a Symfony 2.3 project with 14 added bundles)

[stof]

@dsbaars resolving the dependencies is the main feature of composer. So no, we cannot disable it while keeping composer functional

[kalenjordan]

I read the thread and understand that resolving dependencies a fundamentally time consuming process, and I get that.

I have a somewhat related question though. In my local environment for my dependencies which are pretty simple, I'm seeing an install time of 1.29s vs. 128.91s in my staging environment. The staging environment's hardware is faster than my local environment, and in both cases I've already cloned down the latest repositories, so it should just be performing checkouts.

composer install --no-dev --profile
[11.4MB/0.10s] Loading composer repositories with package information
[12.1MB/0.14s] Installing dependencies from lock file
[13.2MB/0.22s]   - Updating magento-hackathon/magento-composer-installer (dev-master a58dd87 => 1.3)
[13.2MB/0.23s]     Checking out 1.3
[13.3MB/0.77s] 
[13.6MB/0.82s]   - Updating kalenjordan/avatax dev-master (137caac => 8c3b2fa)
[13.7MB/0.82s]     Checking out 8c3b2fa03099ce12b0497168ae5468579c671510
[13.7MB/1.26s] 
[13.2MB/1.29s] Generating autoload files
Memory usage: 13.23MB (peak: 13.76MB), time: 1.29s

And here's staging:

composer install --no-dev --profile
[10.4MB/0.03s] Loading composer repositories with package information
[11.3MB/0.04s] Installing dependencies from lock file
[11.3MB/0.04s] Warning: The lock file is not up to date with the latest changes in composer.json. You may be getting outdated dependencies. Run update to update them.
[12.4MB/0.05s]   - Updating magento-hackathon/magento-composer-installer (dev-master a58dd87 => 1.3)
[12.5MB/0.05s]     Checking out 1.3
[12.5MB/64.53s] 
[12.9MB/64.54s]   - Updating kalenjordan/avatax dev-master (137caac => 8c3b2fa)
[12.9MB/64.54s]     Checking out 8c3b2fa03099ce12b0497168ae5468579c671510
[12.9MB/128.91s] 
[12.2MB/128.91s] Generating autoload files
Memory usage: 12.23MB (peak: 13.04MB), time: 128.92s
[www-data@acc1 .microcloud ~/staging] 

My question is - are there any composer settings that would be significantly affecting the speed of the install in one environment versus another? It almost seems like my local is working off of a "warmed cache" so to speak, and staging is doing a whole lot of checks over the network.

[kalenjordan]

Okay, I figured out how to get more verbose output using the -vvv parameter, and I see that it's a git fetch that's taking a long time in my staging environment for some reason.

I guess it would be nice though if composer could avoid a remote fetch if/when the dependencies are already satisfied by the local repository.

[Seldaek]

I guess we could make it check if the commit exists before fetching, but
in most cases if you update and get a new commit it's not one that you
already had in the repo when you first cloned it I guess.

[kalenjordan]

Right, that's a good point! I ended up implementing something in my deploy script that basically creates a copy of the entire codebase, runs composer install against it, then swaps it out, so that the entire operation is essentially atomic.

Maybe an option in composer itself to do that kind of thing would be good.

[stof]

@kalenjordan I don't think this is something Composer should do

• composer is not a deployment script
• making a deployment atomic is not only a matter of making the composer update atomic. you can have other changes (like dumping assets and so on or changing the files of the project itself)

The easiest way to make a deployment atomic is probably to deploy in a sibling folder of the previous deployment, and have the webserver document root be a symlink to the live version. Then, all the deployment is independant and the atomic operation is changing the symlink. This is what Capifony does for instance.
In such scenario, you can copy the vendor folder from the previous deployment to avoid reinstalling all vendors each time but only get the difference (this is what the copy_vendors option does in Capifony)

[kalenjordan]

I see what you mean, and yes that's the deploy strategy that I ended up going with. I'm still pretty new to composer, so probably not in the best position to suggest what's in scope for the project.

But I guess I think of it similarly to Git. Git isn't a deploy tool and other things have to happen in conjunction with a git checkout in order to complete a proper deploy.

But, a git checkout is still safe to perform in a production environment. If the repository in question is down or if the fetch takes several seconds or minutes, the file system won't ever be in an unstable intermediate state (well maybe for a split second but for all intents and purposes, it's safe to do and widely used).

It would be kind of cool if the same were true of composer. Maybe that would be as simple as performing all of the fetches up front and then performing all of the checkouts in quick succession after that, so that composer would essentially be at least as production-friendly as git itself.

[stof]

@kalenjordan the difference is that checkout is a fully local operation (fetch is a different operation in git, which does not touch the working directory at all). I suspect it is not fully atomic either, but the only way to see it would be a failure of the local filesystem in the middle, and you have more issues with your production site in this case anyway.

And this is not as simple as that anyway: in case of packages installed from an archive, composer has to delete the existing folder and then install the new zipball. So we cannot make it atomic at the composer level.

[kalenjordan]

Okay cool, thanks for the explanation. Hopefully at some point soon I'll dig in further into composer and better understand the architecture.

[panique]

Similar stuff here: Setting up Symfony2 via the official Symfony2 composer command takes forever in a Ubuntu 12.04 Vagrant machine (no shared folder / NFS issue btw). Weird. Can be reproduced.

Btw there's a StackOverflow question about that, having more than 3000 hits: http://stackoverflow.com/questions/13413788/composer-is-very-very-slow

UPDATE: Interesting stuff from the comments:

Installing Twig via Composer originally took me around 30 minutes. I gave up installing Doctrine after it took more than an hour. I upgraded to 5.4.17 (using this PPA https://launchpad.net/~ondrej/+archive/php5) and installing Doctrine was done in a matter of seconds.

[kalenjordan]

By the way my sysadmin ended up finding that there was some kind of block at the network level related to this. Might have been a firewall rule or something, not totally sure.

[phong-do]

I add

"require-dev": {
"zendframework/zend-developer-tools": "dev-master"
}

to composer.json and i run

composer update and it throw this exception:

Loading composer repositories with package information
Updating dependencies (including require-dev)

• Installing zendframework/zend-developer-tools (dev-master 23bcd78)
  Cloning 23bcd78e80bd963f08b125d80587a640ad7a237d

  [RuntimeException]
  Failed to clone https://github.com/zendframework/ZendDeveloperTools.git, gi
  t was not found, check that it is installed and in your PATH env.

  'git' is not recognized as an internal or external command,
  operable program or batch file.

Please help me install it. Thanks

[asgrim]

@mrstormcs try installing git (e.g. apt-get install git). Also this is not even remotely related to this issue (which wasn't even an issue), not sure why you posted this here ;)

[phong-do]

@asgrim Thank you for your help.

[ivnlabs]

MY SOLUTION WINDOWS 10 x 64 bits WAMP user with Laravel,
after weeks of slow composer update and composer require

you need a thing called cacert.pem

https://curl.haxx.se/docs/caextract.html

then paste that file in your wamp main directory
C:\wamp64\cacert.pem

then in the search tab search for php.ini open all the files with that name on sublime or any text editor

find a line called
curl.cainfo and openssl.cafile

PUT YOUR PATH TO THIS FILE - see the example on my case:

curl.cainfo="C:\wamp64\cacert.pem"

and

openssl.cafile="C:\wamp64\cacert.pem"

do this on all the php.ini files you search before, in all the files!

OKAY RESTART SERVER that works for me, hope for you
I wish someone before would make this comment! so I would not spend 2 weeks fixing it

I think this solves the problem because you need to match HTTPS with HTTPS communication, I think.... each time I run composer Update got the 60ERROR called no SSL so hope this helps someone