[systemd-devel] [RFC 3/6] proxy-discoveryd: Add PAC support through duktape js engine

Marcel Holtmann marcel at holtmann.org
Mon Apr 13 08:43:32 PDT 2015 

Hi Zbyszek,

>>>> --- a/Makefile.am
>>>> +++ b/Makefile.am
>>>> @@ -5895,12 +5895,19 @@ rootlibexec_PROGRAMS += \
>>>>        systemd-proxy-discoveryd
>>>> 
>>>> systemd_proxy_discoveryd_SOURCES = \
>>>> +       src/proxy-discovery/duktape.h \
>>>> +       src/proxy-discovery/duktape.c \
>>> These files are not included in the patch, how do you intend to ship them?
>> 
>> I figured this could be included as a separate commit, when it will
>> be time to commit proxy-discoveryd someday.
>> Those 2 files represent more than 2 megabytes, so I did not want to
>> flood the ml.
> duktape should not be embedded in systemd. It's a separate project,
> which gets updates and has a life of its own.
> 
> Preferably, duktape would be packaged by distributions and we would
> use it like any other external library. If that is not possible, we'll
> have to look for some other option, but only then. For example,
> git submodule is still better than embedding of a snapshot.

that is not how this actually works with duktape. The release versions are building a single duktape.[ch] that you can only find in the releases. Otherwise you have to stitch that manually. It is pretty much designed to be included into other project as a copy. That is why nobody has actually packages this so far.

So while I get that including copies of other libraries is generally bad for security update reasons, but this one would qualify as an exception. It is just that we have to monitor duktape upstream releases and with that also update the duktape version in systemd.

It is something that is not the greatest solution, but something that is feasible. Keep in mind that embedding your JS engine right into your application allows for optimizations that you really want. We have build PACrunner against V8 and MozJS and these are two really painful experiences. For anybody wanting to build a small system, dealing with these two upstream packages is a nightmare. It sort of works in a large distribution like Fedora, but anything small it is not an option.

Regards

Marcel

More information about the systemd-devel mailing list