Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Initiative: Single Executable Application #75

Open
6 tasks
jesec opened this issue Jun 14, 2022 · 6 comments
Open
6 tasks

Initiative: Single Executable Application #75

jesec opened this issue Jun 14, 2022 · 6 comments

Comments

@jesec
Copy link
Member

jesec commented Jun 14, 2022

Continuation of nodejs/node#42334 (comment).

Single Executable Application is one of the technical priorities:

Node.js often loses out to other runtimes/languages in cases where being able to package a single, executable application simplifies distribution and management of what needs to be delivered. While there are components/approaches for doing this, they need to be better documented and evangelized so that this is not seen as a barrier for using Node.js in these situations. This is important to support the expansion of where/when Node.js is used in building solutions.

Prior discussions:

Items (core):

  • Make it possible for the embedded script to overlay/override the fs.*, including for the internal modules that use them (e.g. loaders).
    • 3 commits at the moment, and they shouldn't affect functionality in any way.
  • Support parsing the header, loading the bake-in Node options, and loading the embedded script.
    • Prefer more discussions, especially the parts, when changed later, could be semver-major (e.g. header format).
    • We also have to figure out the info to pass to the embedded script (e.g. scriptPos, scriptSize), so the script can use the info to locate the VFS payload. and, how to pass them.

Items:

  • Source-less vm.Script. (and vm.Module?)
    • Involves changes to V8. Need to find an elegant way to bypass bytecode sanity checks in V8 for this case (pkg currently simply removes such checks unconditionally).
    • It is a public API, and extra consideration may be necessary. Proposed addition: sourceless: <boolean> = false in options.
  • More fine-grained way to load a native module from an offset in a file (the executable in our case). Some potential methods have to be implemented in the native (C++) land, so it might be better for Node.js to take over via something like process.dlopen(...[, offset]).
  • Allow post-build swap of intl variants (full-icu, small-icu, system-icu, no-intl).
    • No implementation yet, but definitely good-to-have since intl variant has a significant impact on binary size.
  • Fully static linuxstatic binaries for use cases that require extensive portability (e.g. embedded, industrial).

Out-of-scope, per discussions:

  • Virtual file system (VFS)
    • The embedded script should do this, and call the user's entrypoint. See pkg.
  • Dependency tracing
  • Bundling
  • Creation of the executable?
    • node compile is not planned, yet.

Edge cases:


Proof of concept (nodejs/node#42334 (comment)):

image

@btsimonh
Copy link

btsimonh commented Jul 7, 2022

"More fine-grained way to load a native module from an offset in a file (the executable in our case)."
In my use case, my VFS is compressed and encrypted. So load from a buffer would be better.
On windows, I looked into this in detail some time back, and it's as close to impossible, that it is certainly impractical, relying on undocumented and possibly fragile APIs (look up 'MS detours').

"Should the SEA behave as the bundled application in all scenarios" - In my nexe based implementation, I disable the command line except in debug builds. e.g. I don't want my customers to be able to run the node debugger on my somewhat-hidden code (especially the decrypt code!).

I also compress and encrypt the code inserted into Node (vfs and launch code). One issue with baking a pseudo-security facility into OSS is that there is no true code protection, so we have to rely on obscurity and difficult to debug code. If it was 'standard' code, that all disappears. nexe's code patching system facilitates the patching of the node c++ to achieve this, but the patches themselves should probably remain unique to users if they want this kind of facility?

targos referenced this issue in nodejs/node Jul 12, 2022
Refs: https://github.com/nodejs/node/issues/43432
Refs: #42334
Refs: https://github.com/nodejs/node/blob/main/doc/contributing/technical-priorities.md#single-executable-applications

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #43611
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos referenced this issue in nodejs/node Jul 20, 2022
Refs: https://github.com/nodejs/node/issues/43432
Refs: #42334
Refs: https://github.com/nodejs/node/blob/main/doc/contributing/technical-priorities.md#single-executable-applications

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #43611
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
targos referenced this issue in nodejs/node Jul 31, 2022
Refs: https://github.com/nodejs/node/issues/43432
Refs: #42334
Refs: https://github.com/nodejs/node/blob/main/doc/contributing/technical-priorities.md#single-executable-applications

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #43611
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
guangwong referenced this issue in noslate-project/node Oct 10, 2022
Refs: https://github.com/nodejs/node/issues/43432
Refs: nodejs/node#42334
Refs: https://github.com/nodejs/node/blob/main/doc/contributing/technical-priorities.md#single-executable-applications

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs/node#43611
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
@github-actions
Copy link

github-actions bot commented Jan 4, 2023

There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment.

For more information on how the project manages feature requests, please consult the feature request management document.

@ovflowd
Copy link
Member

ovflowd commented Jan 4, 2023

@RaisinTen can we remove the stale label from here?

@github-actions
Copy link

github-actions bot commented Jul 4, 2023

There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment.

For more information on how the project manages feature requests, please consult the feature request management document.

@piranna
Copy link

piranna commented Jul 4, 2023

This is not stale... or is it?

@RaisinTen
Copy link
Contributor

I'll transfer this to the single-executable repo, where it won't keep getting marked as stale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: In Progress
Development

No branches or pull requests

5 participants