Question
· Jun 17, 2023

Hide or make routines binary?

Sorry, somewhat of novice here, but how is a mac or a routine created into a binary or is there a way to hide your routines so that no other user can edit them?  Like remove source code and have an executable?

I would like to do this MAC and CSP pages

$ZV: Cache for UNIX (Red Hat Enterprise Linux for x86-64) 2015.2.3 (Build 855_0_17370 )
Discussion (8)2
Log in or sign up to continue

For routines (*.int and *.mac)
- first, this is ABSOLUTE necessary, EXPORT your routines (to an file, to source-control-system, etc)
  for example: do $system.OBJ.Export(...)
- compile the routinies (which will be already done)
- delete the *.int and *.mac routinies keeping the *.obj

For classes (*.cls)
- first, this is ABSOLUTE necessary, EXPORT your classes (to an file, to source-control-system, etc)
  for example: do $system.OBJ.Export(...) do $system.OBJ.ExportPackage(...)
- compile the class(es) (which will be already done)
- put the class in deployed mode
  do $system.OBJ.MakeClassDeployed(...)
  
That's all. But DO NOT forget for the export, in elsecase you have to start over with your routines and classes by zero!

Its not mindless, its so a customer can't steal or change your code.    

You can do this with PHP using

https://www.ioncube.com/php_encoder.php

It encrypts the code so it can't be changed or stolen.  Esp. When storing keys in the code to decrypt Credit Card data.

I was hoping intersystems had something like this built in.   If there is not a way t hide the source code (from a customer) I could go the route and try and put as much of my Cache scripting in my CSP pages in a mac file and pull from the CSP Page.  

CSP pages are at the beginning of a long compilation pipeline

CSP + CSR -> Cls + inc -> Mac -> Int -> Obj

So anticipate CSP can be similar case to handling classes but with the attention on the target package name configured for class generation.

For a webserver extension handler (for csp, cls) it can be configured to skip check for the existence of physical CSP file. In CSP application configuration the "check for recompilation" option can be disabled.

Alternatively CSP pages can be implemented directly as classes that extend %CSP.Page with web requests going to " [classname] .cls " instead.

Check out utility method :

Do $SYSTEM.OBJ.MakeClassDeployed(.classes, qspec, fulldeploy)

Another avenue for consideration are legacy utilities: %RIMF and %ROMF can load and export respectively, compiled obj byte code (pcode)

You also can manage it if you deploy your solution as an IPM package.

Here is an example of IPM manifest to deploy code without source:

<?xml version="1.0" encoding="UTF-8"?>
<Export generator="Cache" version="25">
<Document name="demo.ZPM">
<Module>
  <Name>demo</Name>
  <Version>1.0.0</Version>
  <Description>DEMO.</Description>
  <Keywords>demo</Keywords>
  <SourcesRoot>src</SourcesRoot>
  <Resource Name="Sample.Demo.PKG" Deploy="true"/>
</Module>
</Document>
</Export>

Here are the release notes on introducing the feature.

Regarding CSP - I agree with @Alex Woodhead, you better convert your CSP to CLS classes derived from %CSP with %OnPage() where you have all your HTML, and thus you can deploy without code.

And you can refer to this CSP classes similar as you refer to CSP pages. 

Thanks @Evgeny Shvarov , this is the optimal approach. As on reading the documentation it suggests you can target different IRIS builds (with the help of docker code compiling hosts) and the IPM repository can host the same module version for different $ZVersion IRIS targets transparently.

Is there intention to support code signing, and with pre-install validation, to ensure code cannot be modified at rest, between being uploaded to a repo and then downloaded to a third-party instance?

Wondering practically about an IRIS upgrade process. Should the IPM client have ability to:

  • List installed modules that have a previous IPM bytecode install
  • List installed modules that would be affected by an IRIS upgrade. Is the newer source code even available in registered repos? (Postpone the IRIS upgrade)
  • Provide a batch upgrade option, to upgrade installed modules to the SAME module version but with the newer version of IRIS $ZVersion Byte code

Hi @Alexander.Woodhead!

  • List installed modules that have a previous IPM bytecode install

Having IPM client in place you can check the installed modules and its versions. The newly installed module will replace the old one.

  • List installed modules that would be affected by an IRIS upgrade. Is the newer source code even available in registered repos? (Postpone the IRIS upgrade)

I'm not sure I understand correctly what you are asking here. Anyway, one can setup their own IPM registry to supply its customers/clients with IPM modules. and this private IPM registry has the list of all the versions available and the stats of installations if this is set up. So any client that has access to this registry can install any desired version or just the latest if the version is omitted.

  • Provide a batch upgrade option, to upgrade installed modules to the SAME module version but with the newer version of IRIS $ZVersion Byte code

I'm not sure this functionality exists. It's better to have a newly published module version with the upgraded IRIS $zversion bytecode.

But if this functionality is in need please submit an issue.