Introduce --link-module to ./configure #2497
Conversation
bmeck
commented
Aug 22, 2015
bmeck
commented
- Uses JS2C still, so basename collisions result in a compile error
- Allows specifying a _third_party_main outside of the node repository
- Allows embedders to create custom builtin modules outside of node's repository
- Allows specifying a _third_party_main outside of the node repository - Allows embedders to create custom builtin modules outside of node's repository
|
cc @nodejs/build @zcbenz Is this something that would help electron too? |
Fishrock123
added
the
semver-minor
|
I'm torn on this. While I can see how it can be useful, allowing third parties to embed their own modules in the binary can open up a number of portability issues. |
|
@jasnell there is already some history of this with |
|
Also, we personally use |
|
Yeah, that's largely why I'm torn on it.. I'm not a fan of encouraging such behavior ;-) That said, the fact that this would help bring just a bit more sanity is a good thing so I'm definitely not going to stand in the way. The change itself LGTM but it does make me nervous. |
|
@jasnell it is the first step in a long road towards having node build single binaries which overwhelms such things I think. I doubt most people will be wanting custom |
|
I'm in favor of stuff that helps embedders, so.. yeah. :P |
We override the gyp variables directly instead of calling the configure script, so it doesn't help on Electron's side, but I can see it would be helpful for users that do custom node builds. |
|
Will the modules have access to |
|
@thefourtheye yes they have same access as core modules. Though as stated, these generally would not be for creating random things to run 3rd party code. It could be locked down to avoid this, but would require (drastic) changes to the module system. |
Hmmm, I'm not so convinced that is good. |
|
@Fishrock123 @thefourtheye maybe I don't understand, we are talking about people running a CC compiler and handing an executable to others. If the concern is for security... well, thats long out the door at that point. If the concern is for support, we could add actual safety measures to core outside of the simplistic internal mechanism. |
It's not. The concern is those modules can directly access internal modules and such. (I mean, sure you can if you use
Not sure what you mean, is that basically the above? |
|
@Fishrock123 right now NativeModule is able to be punched via techniques like We could lock down the internal modules to a state where they are pass by reference rather than string lookup (that sometimes goes all the way through user require @_o), this would be much safer but a biig change. |
If it doesn't affect user modules, why not?
We broke graceful-fs and won, I'm not so concerned. The train is going, there are some terrible things people just need to stop doing. :/ |
|
I think this LGTM since as @bmeck explained to me, if you're doing things at compile-time anything's available to do anyways. I'd like another sign-off though. |
|
I'm ok with this. One thing that does need to be clarified tho is how this
|
|
I may be paranoid but I am worried about non-portable code in userland. |
|
@thefourtheye maybe you can clarify userland here, since this is during building of an executable, not about code used after that point. |
|
@jasnell If someone is essentially rolling their own distribution of Node, our liability should be pretty limited. |
|
@thefourtheye ... I share the concern over non-portable code. As @bmeck points out tho, there are already people doing this, so while there's definitely a risk, it's likely better to give a consistent hook point for it as opposed to just leaving it up to ad hoc solutions. |
|
Anything pending except questions about portable code? |
|
Don't believe so.
|
|
OS level compatibility portability concerns are kind of moot since this requires an end user to compile node themselves. As @cjihrig stated concern about support on the foundation side is minimal, especially since any use of this would not be distributed by the foundation distributions. As for incompatibility when referencing core libraries, this exists today. However, unlike In all, there is a clear point where our responsibility drops off, and there are now warning docs about internal module usage. I think we have majority that it is fine to land this, but don't want to say it when so many people are expressing concern. |
|
Yep. LGTM
|
|
So users link modules and redistribute as node? |
|
As an embedder, I'm super happy to see this. For 0.10.38, I had avoided changing node source by duplicated the node::Start function and calling my version which added my modules during startup. When I updated to 4.2.2 (a big jump), I found that was only possible if I changed function in node.cc to be non-static so I could call them from my code. This --link-module method is much, much better, since now I can take the unaltered node, build it as a library with my modules built in, and still have the single double-clickable app that I need. |
|
@ezavada would love to see how your workflow goes sometime. Are you using |
|
I’m not familiar with process._linkedBinding — i’ll look into that. I’ll have my changes (which are still in process) available in github hopefully later today, the project is here: https://github.com/ezavada/pdg https://github.com/ezavada/pdg Currently it has the 0.10.38 based version.
|
|
@ezavada Glad to hear. Let us know if there is anything we can do to make it easier to embed Node! :D |
|
@bmeck I sent you an email about some problems I'm having with --link-module, hope you can help |
8 participants
