On Jan 9, 2008 11:49 AM, Steffen Mueller <[EMAIL PROTECTED]> wrote: > Roderich Schupp wrote: > > So I'm all for making it a run-time option, environment variable preferred: > > PAR_DEBUG is already taken, what about PAR_PERL_DEBUG or > > PAR_DEBUG_PERL? > > > perhaps I'm not getting something, so please bear with me. > > This means that we'd enable debugging for all builds and have the loader > check all /-d.*/ arguments to the packaged binary if that env. var is in > effect? I though you (and I agree) rejected this out of hand because of > security considerations?
I changed my mind on the security issue :) It's a little effort, but you can still run a packed binary under the perl debugger even today (or your -d:DProf hack wouldn't have worked): - run the executable once to unpack itself - go into the cache directory and run the executable there (essentially a special purpose perl executable which does accept -d... options), you just have to set up all expected environment variable by hand So my new scheme works like this: - at build-time: enable "debuggable packed excutables" (probably on by default, but could be disabled by the paranoid, same as your DProf hack could be enabled at build time) - at run-time: an executable packed by a debug-enabled PAR::Packer recognizes the environment variable PAR_PERL_DEBUG (should match /^-d/) by passing it down to the special purpose perl), no run-time arguments are needed; if the debug module that is requested via $PAR_PERL_DEBUG is not packed (or otherwise available) the program will obviously fail - at packing-time: new option for pp to include debug modules in to the packed executable > Now, if we want all builds to have debugging support, we need to be able > to disable it somehow at packaging time because if we rely on run-time > only, it's a security issue. The most straightforward way would be to > build the loader twice as explained previously and choose the one with > or without debugging support according to a pp option. Is there another > way? I don't think so because this all happens in the loader (C) code. That's gonna be real messy, a tried for an hour to get this "build it twice" to have sane semantics and failed miserably. The main problem is that main.o (that's where we would have debug disabled/enabled versions) "taints" almost every file that gets installed except for the pure perl ones). Cheers, Roderich
