App packaging #251
Comments
|
I'm not very positive on adding it, since anyway you would have to ship DLLs and resources files along with the exe file, and it won't prevent users unzip and change your source code. |
|
At least it would be harder, for many people it's enough to just give up. So, current packagin will stay the same? I mean is there a plans for improving it or adding features? P.s. Personally, I'm ok with not embedding .dlls, main requerst is to embed resources and source code. |
|
How about unzipping the |
|
This might have problems with clean-up if main process crashes or closes in a way that makes clean-up hard or impossible. There is possible to workaround this, but it still not optimal IMO. What are main problems with embedding resources in executable and accessing them with a pseudo-protocol like app://index.html ? This need some kind of internal routing though(for relative paths in css for example), but seems more reliable and probably faster (since you don't have to unpack resources). |
|
Embedding resources into executable is only possible on Windows, to make it cross-platform we have to compress resources into zip and concatenate it to the executable, and then unzip them from the executable latter. However packaging the resources into an external file and then use custom protocol to access the resources would possible, it also seems like a proper solution for app packaging to me. |
|
When you saying " then unzip them from the executable latter", what will be destination of unzipping? If it is some temp folder, this is not far better then node-webkit approach. Is it possible to concatenate resources without compressing so you don't have to unpack them anywhere? |
The destination of unzipping is some temporary directory, and this is exactly the node-webkit approach, it is just in node-webkit the package system is implemented with C++ and the progress of unzipping is hidden from users.
In theory, yes, but with lots of efforts. And concatenating all resources to executable would make things slower because operating system need to read the whole executable into memory. Support packaging resources into an external file is what I plan to implement, if what you want is to hide source code from users and read resources without unpacking, it should be enough. |
|
Ok, thanks, better than nothing. |
|
If I understood you correctly, there will be executable, and resource container, so when app starts, it will look for resources there, right? no packing/unpacking? |
|
Almost yes, except that developers still need to pack the resources into one file. |
|
I think the or is the hierarchy of the app events like this? |
|
I was trying to say that packing in terms off splitting runtime and resources is fine (e.g. external file with resources). Problem with packing is in terms of compressing (zip files, archives of any type). This is problematic because it requires some temporary directory to unpack to, and clean-up after app closes. If that would be the case in future, events should not be changed I think, because there is no additional unpacking phase. |
|
Bump |
|
I have done some research on the packaging format, here is the result: Requirements of packaging format:
Candidates:1. xarhttps://code.google.com/p/xar/ Very ideal for our use cases but don't support Windows and require libxml 2. cdb and its variantshttp://www.corpit.ru/mjt/tinycdb.html Don't support Windows and file systems. 3. duplicityhttp://duplicity.nongnu.org/index.html No Windows support and relies on librsync, also targets for incremental backup. 4. gzip/bzip2 compressed formatsNo random access support, users have to read the whole file to build index first. 5. zip archiveLocating a file is not fast, symbol links are not supported. 6. tarballNo random access support. 7. DARToo heavy for our use case. |
|
After the research I think developing our own package format is a better choice, the file format is similar to The format of json header is something like: {
"name": "/",
"files": [
{
"name": "tmp/",
"files": []
},
{
"name": "usr/",
"files": [
{
"name": "bin/",
"files": [
{
"name": "ls",
"size": "512",
"offset": "0",
"executable": true
},
{
"name": "cd",
"size": "724",
"offset": "512",
"executable": true
},
{
"name": "chrome",
"symbolLink": "/opt/chrome/chrome-browser"
}
]
},
{
"name": "share/",
"files": []
}
]
}
]
}The |
|
Sounds great! Build tool should be pretty simple. Not sure how symlinks can apply, but I hope You got the idea. |
|
Flat structure is fine for URL requests, but I also plan to make Node's The utility to create packages has been created at https://github.com/atom/asar. |
|
So, I assume node modules will work as if they were just in folder with atom executable, right? |
|
One more question: are you going to use packaging in atom editor? I'm not sure but I think it can speed-up app launch since it will actually access only one file. |
|
cc @kevinsawicki as he has some ideas about improving Atom's startup time through preprocessing the JS. |
|
One possible problem is with installing/removing packages/themes. This will require partial updates of package and header, or if packaging is fast we can just recreate it each time. |
I'm not sure too but it definitely worths a try.
Packages are installed under |
|
@zcbenz would love to have a chat about this as we are working on some stuff in node core that might cause conflicts |
|
@bmeck My timezone is quite opposite to yours so I think it is hard for us to find a suitable time to chat 😸 , but I'll share some of my ideas in that thread. Or you can wait until December when I'll move to San Francisco. |
|
@zcbenz its not landing in 0.12.x so we have time to discuss in December. |
|
@zcbenz, Congratulations on your upcoming move and I'd like to say THANK YOU for all of the extremely hard and technical work that you are doing to make Atom-Shell absolutely fantastically AWESOME! THANK YOU SO MUCH and safe travels to you!!!!!!!! |
|
@zcbenz I don't understand the benefit of asar, or really understand the point. Is it supposed to prevent users from viewing the source code of an atom shell app? It doesn't have compression so it doesn't make the app smaller. Would love to understand the point. 😸 |
|
@reggi: the average person can't look into these files (don't confuse this with security of any kind) and it can speed up installation (because you have a lot less files). Also there are plans for an atom-shell-runtime and this would (edit: probably) be the app-format of choice. |
|
@bwin Is there any way to hide my source code? I have a |
|
First thing I can think of right now, would be a grunt (or gulp or whatever) task, that replaces this line before release. (You would have to make a copy of your working dir for releases to not overwrite your "original" package.json; I would anyway suggest a release-dir). About encryption: since the encrypted file has to be decrypted on the user's machine, the key/password would also have to be on the users machine. So having this info even in an encrypted state would still be dangerous. So maybe stripping this info beforehand is the better solution. Edit: I'm not sure (never had private lib dependencies), but wouldn't ssh access to github with a key also solve your problem? (But maybe you just don't want that.) |
On WIndows this is most likely a huge benefit, file operations on Windows are much slower than on Linux (because Windows supports way more features); writing 10000 1KB files is going to be orders of magnitude slower than writing one 10MB file, even though it's the same amount of data. |
|
Doing a ton of file reads to load a large JS app is also a performance killer. One of our startup time speedup strategies in Atom involves concatting files for this reason. |
|
I'd love to get on a call about this as it is a different format than my archive loader and we can discuss things. Particularly I have concerns with implementing a fake I can be awake during Asia's daylight hours if that helps. |
|
As my comments on asar were referenced above - I'll qualify them by saying a few things 1 - obfuscation/code-hiding is mostly pointless - if someone wants your code, they'll find a way to get it. If this is a problem, you're using the wrong tools (CSS/HTML/JS) entirely. 2 - runtime performance isn't a huge deal either - you shouldn't be storing a large amount of data inside a distribution archive, there are many, many better places to store data and code is generally small enough that read/write performance isn't an issue (and again, the tools aren't really "performance" focussed)?? 3 - whatever archive format you use should support dynamic read/write from the app itself so that the app can download/update it's own archive (auto-update) as slickly as possible(*) 4 - it would help if it built on WIndows without a lot of dodgy dealing with age-old libraries ;0 (*) for Node Webkit I built a thing which downloads GitHub releases and re-packs them as package.nw files (without needing to write anything to disk other than the final result - it's all streamed/piped in-memory) The app then restarts itself and it's auto-updated!! - I'm not sure I could do that with an asar at this point? |
I mostly agree with you, asar could be better, but hey, we need to start somewhere. |
|
3 relies on there being an asar library which enables that sort of thing - right now, asar seems to be limited to archiving files already on-disk - it needs (and wouldn't be hard to give it I guess) pipe/streaming support? 4 relates to an issue I raised in the asar repo - it's not an easy thing to install on WIndows (I've yet to actually get it working properly without hackery) - it's also non-native but then so are most zip/tar/gzip tools I guess... |
|
3 Looking at asar archive structure, I think yes, you need files to be on disk at archive creation time, so yes, if you want to convert github release .zip into .asar, you need to do it manually, which, I agree, is not great. |
|
I am also thinking if monkey-patching node's |
Support configuring a cookie delegate
Support configuring a cookie delegate
|
Except that ZIP does support all the above, is extremely efficient for random access, does have symlinks, custom attrs, and zillions of tools that support that. I use it all the time for the exact use case you're describing including having it utilize a binary search to locate files, directories etc with NO requirement to pre-sort on load. ZIP can be located any position within a binary (front, middle, back). That, and sqlite together are components of EFS supporting versioning, replication, and single binary deployment. Use with "https://github.com/richgel999/miniz" for efficient single file "C" (or has a header only) implementation. |
It would be awesome to get packaging support with embedding resourses to executable file
Discussed a lot here: nwjs/nw.js#151 don't get confused with issue title btw
The text was updated successfully, but these errors were encountered: