Adds Sectigo RSA Domain, Extended, and Organization cert subjects
to ca_certs.ini. These are the new names for the old Comodo CA
certs that are already trusted.
Some of these were using 660 permissions which meant that other users
in the "users" group could connect to anon's service processes.
Let's tighten things up by not allowing that. :^)
This adds test pages for border-radius, CSS custom properties and
flexboxes to the default page in the Browser.
I used those files to develop said features and they can be of use
when debugging in the future or just to showcase those features.
https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/
V1_chap08.html
TMPDIR This variable shall represent a pathname of a directory made
available for programs that need a place to create temporary
files.
Ports like PHP benefit from having this environment variable set, and
there exist a lot of scripts that assume the presence of such an
environment variable.
Previously, we only used bright colors when the bold attribute was set.
We now have the option to set it via escape sequences. We also needed to
make the bold text behavior optional, as some color schemes do weird
things with it. For example, Solarized uses it for various shades of
gray, so bold green would turn into a light shade of gray.
The following new escape sequences are supported:
- `CSI 90;m` to `CSI 97;m`: set bright foreground color
- `CSI 100;m` to `CSI 107;m`: set bright background color
This commit introduces color scheme support to Terminal. These are found
in `/res/terminal_colors` and the default color scheme can be set in
`~/.config/Terminal.ini`. Furthermore, a combo box is added for
setting the color scheme at runtime.
The previously used default color scheme has been added to
`/res/terminal-colors/Default.ini`.
To make the implementation more compatible with other color schemes,
`TerminalWidget` now supports overriding the default foreground and
background colors.
This changes the .port_include.sh script so that ports can more easily
create more than one launcher by making the install_launcher function
available to the port's package.sh script.
This creates launchers for the stpuzzles port in the Games/Puzzles
category.
Since this program is setuid-root, it should be as simple as possible.
To that end, remove `/etc/plsusers` and use filesystem permissions to
achieve the same thing. `/bin/pls` is now only executable by `root` or
members of the `wheel` group.
Also remove all the logic that went to great lengths to `unveil()` a
minimal set of filesystem paths that may be used for the command.
The complexity-to-benefit ratio did not seem justified, and I think
we're better off keeping this simple.
Finally, remove pledge promises the moment they are no longer needed.
Models that contain UV co-ordinates are now supported,
and will display with a texture wrapped around it, provided
a `bmp` with the same name as the object is in the same
directory as the 3D Model.
This impl is *extremely* simple, and is missing a lot of things, it's
also not particularly spec-compliant in some places, but it's definitely
a start :^)
When building userland with UBSAN enabled (#7434), we were getting
spammed to death by unaligned access errors.
Fix these by adding 2 bytes of padding to the FontFileHeader struct,
and adjusting all our font files to match the new format. :^)
Change run-tests-and-shutdown.sh to output a dead simple results file
that just records how many tests failed.
In the CI script, mount the _disk_image after running tests and verify
that the number of failed tests is 0. Otherwise, fail the build :^)
While we're here, bump the timeout for the tests up to 30 minutes, to
make sure that less powerful runners don't fail the job unecessarily.
Changes to the system font settings are now persisted in /etc.
Note that you still need to restart the system for changes to fully
apply in all programs.
Uncomment the tests that were disabled due to frequent freezes when
running without KVM. This also adds a new github actions group for
every single test, which makes it easier to browse test boundaries
during test runs.
Move catting the serial output log back to its own step, so that it
has higher visibility. The previous solution was also shown to not
actually cat the log in the case of a failed boot and timeout :^(.
Previously accept() would copy the listener socket's cloexec and
non-blocking flag. With that fixed however TCPServer and LocalServer
now leak file descriptors into child processes and are blocking.
These all looked out of place both when used on a regular button (e.g.
in the SoundPlayer application) and a toolbar action button (e.g. in the
GameOfLife application). This makes them a bit smaller (hand-drawn, not
scaled down).
This service daemon will act as an intermediary between the Inspector
program and the inspectable programs it wants to inspect.
Programs can make themselves available for inspection by connecting
to /tmp/portal/inspectables using the Core::EventLoop RPC protocol.
This commit is the start of LibPDF, and introduces some basic structure
objects. This emulates LibJS's Value structure, where Value is a simple
class that can contain a pointer to a more complex Object class with
more data. All of the basic PDF objects have a representation.
Every GL library needs an implementation of this!
Currently drawn with "pixel vomit" colours as we don't
yet support lighting via the GL library.
This also ships with a super basic Wavefront OBJ loader.
After looking closely at this, I realized that we've been running
all the service processes under separate user accounts even though
there's actually no need to.
Since we already use pledge() and unveil() to limit the scope and
access of these programs, separating them to another UID doesn't
achieve anything meaningful. So let's bring them back to the "anon"
user account and simplify things.
Programs affected:
- ImageDecoder
- RequestServer
- WebContent
- WebSocket
Longer term, I'd like for all of these to get spawned for the current
desktop user somehow, possibly by some kind of session manager, or
perhaps by the Browser program itself. But for now they remain under
SystemServer's control.
I can't say I like starting yet another thing on boot... but now that
LookupServer provides mDNS (and optionaly DNS) services to other hosts,
we have to start it on boot, not when the first local client connects.
Windows that are marked as modified will now have another (themable)
close button. This gives an additional visual clue that some action
will be required by the user before the window gets closed.
The default window-close-modified icon is an "X" with "..." underneath,
building on the established use of "..." in menus to signify that
additional user input will be required before an action is completed.
The glyph for the letter `Shin` (U+05E9) looks a bit wonky because the
width of the font is too small. Unfortunately it doesn't look like the
FontEditor is capable of changing the width of an existing font, so if
that option will be added in the future this glyph can be fixed.
