These domains allow for the hosting of plain http and telnet servers
reachable from the outside. The change is designated for the goa
testbed.
Issue #5092
The argument was originally designated to restrict the reach of the
trace monitor but the idea remained unimplemented. It is now superseded
by the use of the trace-session label as trace-subject filter.
Issue #847
The sculpt manager views only launchers in the + menu that are not present in
the runtime already. However, this check was missing when finding the right
launcher on a click event inside that menu. This could cause the manager to
try deploying an already deployed launcher a again (without any effect)
instead of deploying the launcher that was actually clicked.
Ref #5064
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.
Issue #5008
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.
Fixes#5058
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.
Issue #5008
Feed the high-frequent fetchurl reports into a list model to speed up
the subsequent evaluation of the data.
Also limit the rate of state reporting during updates to visible changes
in percent such that most fetchurl reports do not cause any UI activity
(status updating) any longer.
This patch noticeably speeds up the installation of complex packages
(i.e., the morph browser) on the PinePhone.
Issue #5038
Component names can be larger than widget IDs, which are capped at 20
characters. To uniquely correlate the component depicted in the graph
with clicks, this patch uses a dedicated graph ID for each runtime
component instead.
Fixes#5034
This patch allows for the interactive assignment of the system-control role
to a new component via the resource dialog. This is useful for integrating
low-level components like the Intel frequency/power monitoring tool.
Fixes#5033
Commit "menu_view: ignore zero-sized widgets in box layout" introduces
zero-sized child widgets as a special case but defined zero-sized as
zero covered pixels (w*h == 0). However, for layouting, a widget with a
non-zero height and zero width is not zero-sized.
This patch refines the zero-size condition such that only widgets with
both zero width and zero height are considered as zero-sized.
It thereby solves the missing display of empty lines in the text_area
component.
This is a follow-up fix for commit "sculpt: apply Dialog API to diag,
panel, and graph", which happened to render the legacy dialogs (network
and settings) inaccessible.
The patch avoids the use of clack seq numbers for the 'popup_opened'
condition (which happens on click, not clack). It also overrides old
click information on the arrival of a new click, avoiding the evaluation
of stale click sequence numbers in distant_runtime.cc. Furthermore, it
reduces the rate of 'Distant_runtime::_try_handle_click_and_clack'.
Issue #5008
On WPA3 encrypted networks the AP picker does not indicate encryption
and does not prompt for a passphrase.
Also indicate an encrypted network when "protection=WPA3", remedying
both issues.
Fixes#5022
This change allows for the hosting of system-management components
in Sculpt's runtime. The special role must be declared either as
<launcher managing_system="yes"> attribute or in the deploy
configuration's <start managing_system="yes"> attribute.
Issue #5009
This patch partially converts the Sculpt manager to the dialog API.
At this stage, both the old utilities and the new dialog API are still
used simultaneously.
Issue #5008
The so-called 'Distant_runtime' implements GUI dialogs via menu_view
components hosted at a distant init instance as opposed to child
components (as implemented by the 'Sandboxed_runtime'). This is
particular the case in Sculpt OS where the sculpt manager is not the
parent of the menu_view instances.
Issue #5008
By renaming 'Dialog' to 'Deprecated_dialog', we become able to use the
name 'Dialog' for the new API while temporarily keeping the original
interface in tact.
Issue #5008
- Increase default timeout to one minute
- Ignore power-button events during display-driver startup to avoid
entering another forced blank when pressing the power button twice.
- Prevent wakeup from user activity except for the power button.
So the volume can be adjusted without leaving the screensaver.
Issue #4950
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.
Issue #5008
Each hover change of the character position within a label results in a
new hover report, which needs to be evaluated by the application. For
the common cases where labels are used as button texts or for presenting
passive information, the level of detail is not needed while the
recurring hover reports induce overhead at the application side.
This patch mitigates this overhead by excluding labels from the hover
reporting by default.
For use cases that actually depend of precise hover reporting of labels,
for example an editable text area, the hover reporting can be enabled by
setting the 'hover="yes"' attribute of the label.
The 'Widget::_version' attribute was meant to allow the deliberate
replacement of a widget by a same-named widget by changing the version
while keeping the name, thereby suppressing any geomety animation.
However, the implementation missed to populate the attribute with the
value provided by the dialog ROM, prompting the unconditional
re-creation of the widget whenever a 'version' attribute was specified.
Even though this had the (desired) effect of preventing geometry
animations, it could cause feedback loops between hover reports and
dialog ROMs because the 'hover_changed' condition in 'Menu_view::Main'
would always stay true while a versioned widget is hovered.
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.
Fixes#4987
The Depot Autopilot used to filter out tabs and color sequences before
forwarding the test log to the own log. This commit prevents this and further
cleans up the string-filters code.
Ref #4922
The new 'log_prefix' attribute is effective when used in a tests runtime in
<succeed> or <fail> tags that have a non-empty content string. When matching
the log against the pattern given in the affected <succeed> or <fail> tag, the
Depot Autopilot will consider only those test-log lines that start with the
given prefix.
Ref #4922
* Removes the <event> tag from all test package runtime files and replaces the
contained <timeout> and <log> sub-tags with the new tags <succeed> and
<fail>. If a <succeed> or <fail> tag has a content, it defines a log pattern
that should be recognized and render the test failed or successful. If a
<succeed> or <fail> tag has an attribute after_seconds that is not set to 0,
it defines a timeout after which the test should be rendered failed or
successful.
* Adapts the Depot Autopilot to support the new syntax in the test-package
runtime files. However, for now, the Depot Autopilot is kept compatible to
the old syntax as well. If the <events> tag is present, it is prioritized
over the new syntax.
Fixes#4922
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.
Issue #4927.
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.
Issue #4950
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.
As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.
Fixed#4932
* Removes all previous structs that represented an on-disc block layout
and were therfore subject to a number of layout restrictions (packed,
padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.
Ref #4819
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.
Fixes#4919
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.
Issue genodelabs#4866
* Use jitterentropy only if supported.
On certain targets like pbxa9 or zynq_qemu, the performance counter always
yields 0, which renders jitterentropy unusable. On these platforms, the
Tresor tests now use a static value as entropy source instead.
* Adds a new package test-file_vault_config_report_no_entropy that is used by
the Depot Autopilot on targets without jitterentropy support instead of
test-file_vault_config_report. The only difference between the two packages
is the value of the above described new config attribute of the File Vault.
* Circumvent alignment fault.
The Tresor lib for now has the deficiency of using on-disc data structures
directly in code instead of decoding them first to unpacked, naturally
aligned structures. This causes problems with memory-access alignment on
several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
this properly is a bit of work, the commit disables the tresor_tester and
file_vault_config_report test on the affected platforms in autopilot mode for
now.
* Further adjustments
* Make benchmarks optional
* Use a smaller tresor for rekeying
* Clean up image parameters
* No use implicit routes/resources
* Reduce ram consumption
* Reduce test timeout
* Raise cap quota, required for sel4 x86_64.
Ref #4819
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.
Ref #4819
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.
Issue #4861.
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.
The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.
The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.
Issue #4861.
* ARM support and detaching from Ada/SPARK
* Remove all CBE-related code - especially the Ada/SPARK-based CBE library.
* We have no means or motivation of further maintaining big projects in
Ada/SPARK (the core Genode team is native to C++).
* The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
important architecture for Genode. This would mean extra commitment in
Ada/SPARK.
* We realize that block encryption more and more becomes a fundamental
feature of Genode systems.
* Implement a new block encryption library named Tresor that is inspired by
the design and feature set of the former CBE library and that is entirely
C++ and part of the Genode gems repository.
* The Tresor block encryption is backwards-compatible with the on-disk
data layout of the former CBE block encryption.
* Except from the snapshot management and the "dump" tool, the Tresor
block encryption provides the same feature set as the former CBE block
encryption and accepts the same user requests at the level of the
Tresor library API.
* So far, the Tresor block encryption does not support the creation of
user-defined snapshots.
* In contrast to the former CBE, the Tresor ecosystem has
no "dump" tool beause with the CBE library it turned out to be rarely of
use.
* In contrast to the Block back-end of the CBE "init" tool, the Tresor
"init" tool uses a File System back-end.
* The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.
* The Tresor-VFS plugin in general is similar to the former CBE VFS but
has a slightly different API when it comes to re-keying and re-sizing.
Each of these operations now is controlled via two files. The first
file is named <operation> and the user writes the start command to it.
The user must then read this file once in order to drive the operation.
The read returns the result of the operation, once it is finished.
The second file is named <operation>_progress and can be watched and
read for obtaining the progress of the operation as percentage.
* The file vault is adapted to use the new Tresor ecosystem
instead of the former CBE ecosystem and thereby also gains ARM support.
* The former CBE tester and CBE VFS-tests are replaced by equivalent
Tresor variants and are now run on ARM as well (testing with a persistent
storage back-end is supported only when running on Linux).
* So far, the new Tresor block encryption has no internal cache for meta
data blocks like the former CBE.
* Add config/report user interface
* Add a second option for the administration front end to the file vault
named "config and report". With this front end the File Vault communicates
with the user via XML strings. A ROM session is requested for user input
and a Report session for user output. The front end type must be set at
startup via the component config and is a static setting. The graphical
front end that was used up to now is named "menu view" and remains the
default.
* The File Vault can now reflect its internal state and user input ("config
and report" mode only) at the LOG session via two new static config
attributes "verbose_state" and "verbose_ui_config" (both defaulting to
"no").
* The Shutdown button in "menu view" mode is replaced with a Lock button. The
new button doesn't terminate the File Vault but merely lock the encrypted
container and return to a cleared passphrase input. The same transition is
also provided in "config and report" mode.
* The file_vault.run script is replaced with file_vault_menu_view.run and
file_vault_cfg_report.run that address the two front end modes. In contrast
to the former script, which is interactive, the latter script is suitable
for automatic testing.
* There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
the same as file_vault_cfg_report.run but uses the File Vault package and
can be executed with the Depot Autopilot. The new test package is added to
the default test list of depot_autopilot.run
* The File Vault README is updated to the new version of the component and
has gained a chapter "functional description".
* Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault.
* The new Tresor software Trust Anchor has an optional deterministic mode in
which it replaces the normally randomized symmetric keys with 0. This mode
comes in handy for debugging. However, it should never be activated in
productive systems. When activated, the user is warned extensively on the
LOG that this system mode is insecure.
Ref #4819
This patch solves keyboard-focus issues with the wifi dialog that were
caused by making the focus update conditional. However, since the update
is not expensive, we can unconditionally re-evaluate the focus atfer
each user interaction.
Issue #4820Fixes#4856
This patch includes the system dialog in the global keyboard focus
handling, supports hovering of the "Edit" and "Add" buttons,
allows the use of the enter key to finish URL editing, and
triggers a re-scan of depot users after adding a new one.
Issue #4820
Should the selected depot user not be present in the depot - for example
after switching the sculpt partition to another - unfold the selection
of all present depot users so that the one can pick an existing one.
Issue #4820
We repeatedly experience issues with XHCI handoff in the USB host driver
at runtime on modern systems. Mostly, these issues manifest as
initialization delays with very high CPU load. Investigations show that
during this time the handoff MMIO write does not return, which hints the
firmware driver enters some spinning loop. I suspect the enabled IOMMU
does not play well with the firmware due to insufficient RMRR
information.
Therefore, we disable USB handoff in Sculpt via the driver manager (as
we do for dedicated devices already in other contexts). Note, UHCI and
EHCI handoff is still done in the platform driver and succeeds on all
our test hardware.
Issue #4820
Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault. The regression was
caused by new semantics in the vfs that did not allow for using the file
operation result as indicator for whether the unlock attempt failed or
succeeded. The correct and hereby applied approach is to check for the data
read from the file after having written the unlock command. The data reads
either "ok" or "failed".
This patch mitigates potential busy feedback effects when evaluating the
reports produced by 'depot_deploy' in a closed control loop. Reports
are now generated only if the deployment state has changed.
Issue #4818
This patch marks a child as incomplete if one of the ROM modules listed
in its blueprint is missing. This, in turn, triggers the update system
in Sculpt, which then tries to download the missing pieces.
Issue #4818
By managing downloads issued by the deploy subsystem via the
'Download_queue', failed downloads (e.g., due to HTTP error 404) are
properly tracked and don't cause infinite re-attempts.
Issue #4818
This patch replaces the former 'nic_drv' and 'nic_drv_dtb' functions
by a more general 'nic_driver_routes' function that can return one or
multiple platform-specific ROM routes for NIC-driver binaries and dtb
files. This allows for supplying customizations for the wifi driver
as well. E.g., on the PinePhone, this hook can be used to handle the
renaming of the 'wifi_drv' to 'a64_wifi_drv'.
Related to issue #4813 and issue genodelabs/genode-allwinner#17.
This commit updates the used firmware images for the iwlwifi device
to latest available ones (supported by the current 6.1.x driver).
It also removes old firmware images that by now are not used anymore.
Fixes#4807.
This patch equips the depot_download subsystem with the option to
explicitly skip the signature verification for downloads by specifying
the attribute 'verify="no"' for an <installation> item. This is useful
in scenarios where the lack of integrity of downloaded content does not
pose a risk, e.g., for untrusted applications that are rigidly
sandboxed, or during development.
Note that this option does not entirely discarge the signature checking.
Whenever an download has dependencies that are verifyable - for
which the public key exists in the depot - the dependencies are still
verified. This allows untrusted content to depend of verifyable content
while protecting the integrity the verifyable content.
Issue #4804
This patch adds the 'Verify' argument to all download-related interfaces
in order to control the checking of signatures for downloads. Note that
it does not change the sculpt_manager's existing built-in policy of
always checking signatures.
Issue #4804
This patch moves the interfaces needed for the interactive addition of runtime
components from the 'Popup_dialog' to the 'model/component.h'. So those
interfaces are no longer tied to one specific view implementation.
This free-standing function is meant to gradually replace
'Dialog::match_sub_dialog' interface, which relies on the caching of
the hover state. The new function is more flexible because dialogs do no
longer need to inherit 'Dialog'.
The missing else statements resulted in the addition of a
superfluous <archive> node when installing an <index>, causing
warning messages by the depot-download subsytem.
This patch adds the ability to specify an optional 'as' attribute in a
<rom> module declarion of a runtime file.
<runtime ...>
...
<content>
<rom label="camera-pinephone.dtb" as="dtb"/>
...
</content>
</runtime>
If specified, The depot-deploy tool uses the provided attribute value to
hand out the ROM 'camera-pinephone.dtb' under the label 'dtb' to the
subsystem.
Now, block_devices are reported earliest right after the devices ROM was
parsed and neither AHCI nor NVMe were found. If one or both devices were
found, the report is deferred after all expected reports arrived.
Issue #4791
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.
Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.
This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.
Issue #4706
The screenshot trigger displays a little red dot at the upper-left
corner of the screen. When touched or clicked-on, it generates an
artificial key-press-release sequence for the print key and disappears
for one second. In this time, a separate screenshot component can handle
the print key by capturing the screen without the red dot appearing in
the saved picture.
The touch-keyboard config accepts the new attributes 'opaque="yes"
and 'background=#112233' to control the dialog background. The
attributes are passed unmodified to embedded the menu view.
This patch add the support needed for implementing on-target
system-update functionality. The new 'empty' method is required for the
two-step procedure of updating image-index files - removing the old
index, followed by downloading the most current one. It is used to the
detect the completion of the first step.
Issue #4744
This patch reflects more details such as the percentage value for
downloads maintained in the download queue. This makes this information
easier to display at the GUI.
Issue #4744
This patch replaces the generic "In progress..." message by slightly
more concrete information about the type of operation. This is useful to
distinguish the two steps during the expansion of a partition.
This patch enhances the depot_download subsystem with support for
downloading and querying system images.
The installation ROM support the following two now download types:
<image_index path="<user>/image/index"/>
<image path="<user>/image/<name>"/>
Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:
<images user="..."/>
<image_index user="..."/>
If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.
The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.
Issue #4744
The 'scan' query for depot users used to list the names of depot users.
However, the URL and existence of a pubkey is useful to know when
assembling a GUI menu from this list.
Issue #4744
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.
This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.
Related to #4592
This patch simplifies the 'Deploy::update_managed_deploy_config'
interface by keeping an internal copy of the currently used deploy
template inside the 'Deploy' class. The template is updated whenever
the config/deploy file is modified.
This change weakens the coupling between the '_manual_deploy_rom' and
the '_deploy' subsystem, easing the upcoming implementation of the
switching between presets.
When writing the GPT header, the tool always wrote the GPT entries
belonging to the primary header to LBA following the header. Normally
this is LBA 2 as the header is located in LBA 1. The GPT allows for
up to 128 entries that all in all cover 16 KiB of storage space.
However, on some systems, e.g. ARM-based machines, the bootloader can
be stored in this region. For this reason the GPT entries may be moved
to a different LBA.
This commit changes the tool to adhere to then given GPE LBA in header
when writing out the modified GPT data.
Fixes#4720.
The old 'Io_response_handler::io_progress_response' interface has been
replaced by the 'Vfs::Env::User::wakeup_vfs_user' (issue #4697). The
remaining 'read_ready_response' method is now hosted in the
appropriately named 'Read_ready_response_handler'.
Issue #4706
This patch keeps driving the internal state machines until no progress
can be made. This required fixing the return values of several execute
functions, which used to report progress while being in complete state.
Along the way, the patch removes default switch cases to ensure that all
states are covered.
Issue #4706
By adding a 'write_ready' interface following the lines of the existing
'read_ready', VFS plugins become able to propagate the (de-)saturation
of I/O buffers to the VFS user. This information is important when using
a non-blocking file descriptor for writing into a TCP socket. Once the
application observes EAGAIN, it expects a subsequent 'select' call to
return as soon as new I/O buffer space becomes available.
Before this patch, the select call would always return under this
condition, causing an unnecessarily busy write loop.
Issue #4697
This patch removes the 'Insufficient_buffer' exception by returning the
WRITE_ERR_WOULD_BLOCK result value instead. It also eliminates the
superfluous WRITE_ERR_AGAIN and WRITE_ERR_INTERRUPT codes.
Issue #4697
This patch fosters the batching of network packets transferred by the
lwIP stack over the NIC connection. It replaces the eager submission of
the packet-stream's data-flow signals by explicit wakeup notifications.
The commit also increases the NIC session's buffer size from 128 to 1024
packets.
Issue #4697
This patch facilitates the batching of I/O operations in the VFS library
by replacing the implicit wakeup of remote peer (via the traditional
packet-stream interface like 'submit_packet') by explicit wakeup
signalling.
The wakeup signalling is triggered not before the VFS user settles down.
E.g., for libc-based applications, this is the case if the libc goes
idle, waiting for external I/O.
In the case of a busy writer to a non-blocking file descriptor or socket
(e.g., lighttpd), the remote peers are woken up once a write operation
yields an out-count of 0.
The deferring of wakeup signals is accommodated by the new 'Remote_io'
mechanism (vfs/remote_io.h) that is designated to be used by all VFS
plugins that interact with asynchronous Genode services for I/O.
Issue #4697
The commit "sculpt_manager: relax nic_drv policy label" introduced the use of
the "label_prefix" attribute instead of "label" for the uplink policy in the
NIC router. However, it missed an appropriate adaption of the lookup of that
attribute when the Sculpt manager has to decide which uplink is used in a
manually managed router config. This caused the uplink to disappear whenever a
user created a manually managed router config. This commit fixes the problem.
Issue #4660Fixes#4695
The platform driver configuration is missing the required 'info'
attribute that allows the 'vesa_fb_drv' to map the proper I/O
memory address of the framebuffer. In addition the driver requires
at least '2' more CAPs, so raise the quota to '110'.
Fixes#4668.
This patch makes the component graph better reusable for the phone
version of Sculpt. In the phone version, the '+' menu does not exist.
So we need to omit the corresponding button. Furthermore, the storage
dialog is presented in a dedicate section of the GUI instead of
presenting it inside the 'storage' graph node. The phone version
also does not offer the inspect view. So we need to omit the
corresponding buttons.
When using the newer genode_c_api uplink library, an uplink connection uses
the device name as label, which enables integrators to use different policies
resp. routes for different devices driven by one driver. The nic_drv policy
of the nic_roouter configuration generated by the sculpt_manager however uses
an empty label like: "nic_drv -> ". This is the way how existent NIC drivers,
like ipxe_nic_drv requested their uplink session. To support both driver
variants this commit relaxes the policy by checking for a prefix only.
Ref genodelabs/genode#4660
If `select_from_ports` is evaluated lazily, we might miss a port during
the dependency check. A way to prevent this is to use the `:=` operator.
Fixesgenodelabs/genode#4618
plain_decorator_theme.tar is not linked to the app but must be generated
as side effect. Therefore, use CUSTOM_TARGET_DEPS to trigger the
generation.
Fixes#4637
This patch removes the intermediate querying of the depot while the
installation of packages is in progress. This avoids misleading warning
messages and reduces superfluous file-system load during the
installation of large packages.
Issue #4631
This patch reflects both the pci_decode results and the platform
driver's aggregated device information in Sculpt's /report/drivers/ in
the form of pci_devices and devices files respectively.
Until now, the /config/system ROM was not handled by the sculpt manager
but solely managed by the user. Its main purpose was the ability to
reset or power-down the machine by manually modifying the 'state'
attribute. However, down the road, we'd like to enable the sculpt
manager to drive this state, e.g., to implement the multi-staged
loading of drivers, or to drive suspend-resume states.
The support such scenarios, the 'system' state has been moved from
/config/system to /config/managed/system.
This is a follow-up commit for "menu_view: configurable alpha channel
and bg color", which simplifies the code. The '_no_alpha' surface is not
needed because the 'Gui_buffer' provides a 0x0 alpha surface when using
the opaque mode.
This patch changes the access of pkg-archives files such that the file
read only once per pkg, not for each ROM module used by the package.
Issue #4611
By caching directory listings, the performance of depot_query is no
longer impeded by a massive amount of stat calls while searching for ROM
module locations.
Issue #4611
Upon closer inspection of real-world access patterns, it turns out that
the 'Stat_cache' and 'Cached_rom_query' are not as effective as hoped
for because cache hits are rare while querying pkg blueprints.
However, by increasing the initial size of the blueprint reporter from 4
KiB (default) to 64 KiB has a great effect. With the small default
report size, the querying of blueprints is repeated until the buffer
size suffices, incrementing the buffer size by 4 KiB in each iteration.
Issue #4611
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
This patch avoids repetitive depot queries at the start of the Sculpt
system.
We don't need to trigger a query unconditionally whenever the
managed/deploy changes because the call of 'handle_deploy' triggers a
query when needed.
We don't need to trigger a query once the prepare step is completed
because the depot_query component is spawned at this point. The initial
blueprint produced by the depot_query component, in turn, triggers the
'handle_deploy' mechanics in the sculpt manager.
The constructor of the Sculpt manager's 'Main' does not need to call
'depot_deploy' because the prepare step - which is a precondition for
the deployment - cannot be completed at this point anyway.
If provided with a config that does not include a `<static>` or
`<common_routes>` node, depot_deploy exits due to a `Nonexistent_sub_node`
exception. Instead, we should output a more useful warning.
Fixesgenodelabs/genode#4600
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
This style is used by the upcoming phone version of Sculpt for GUI
elements that are supposed to stand out a little bit more than the
regular frame style.
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.
The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.
The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.
Fixes#4592
This change increases the quota to allow the use of bigger fonts, and
tweaks the style such that the keyboard gets a decent appearance on the
PinePhone's 1440x720 display.
This patch adds principle support for using a USB-net modem as
mobile-data uplink. The change is motivated by the upcoming phone
manager for the PinePhone where the modem serves as the primary network
uplink. For the regular PC version of Sculpt, the feature is not needed
(hence remains disabled) because USB net can be deployed from a package
as described in:
https://genodians.org/jschlatow/2021-07-21-mobile-network
The patch also renames the "Local" network option to "Disconnected" to
be more intuitive.
By decoupling the network dialog's menu view from the 'Network' class,
we become able to host the network dialog in the same menu view instance
as other dialogs.
By using the new functions provided by the base API, this patch removes
the dependency of several components from include/decorator/xml_utils.h.
Issue #4584
Define custom analyses that can be imported into TraceCompass (>= 7.3)
for evaluating the traced component interactions and checkpoints.
genodelabs/genode#4352
The box layout evenly distributes the child widgets according to the
number of children. This is not desired in the special case where a
child widget has a size of zero. The patch changes the layout algorithm
such that zero-sized widgets are not taken into account for distributing
residual space.
This patch replaces the former implicit "phonyness" of the rule by an
explicit .PHONY and installs a symlink from the target's build directory
to bin/ as is the usual practice for regular targets.
Related to issue #3972
By declaring the generated menu_view_styles.tar archive as build
artifact, it is automatically picked up whenever menu_view appears as
build ingredient of sculpt.
build: app/menu_view
This patch simplifies the use of the menu_view in scenarios where no
absolute motion events but only touch events occur. Previously, such
scenarios required the creation of artificial absolute motion events
via the event filter.
Issue #4514
This patch fixes rare freezes of menu view instances, which could happen boot
time whenever the leitzentale GUI happens to get initialized before the display
driver finished setting up a reasonable mode. In this case, the resolution-
dependent font size can temporarily get almost zero, tripping up the glyph
renderer.
This patch reduces the response time of supposedly stuck situations like
an unresponsive part_block component. First, it reduces the heartbeat
rate from 1 to 2 seconds to make it consistent with the frequency of
state reports. Second, it allows up to four skipped heartbeats until
regarding the situation as stuck. With those changes, the prolonged
initialization sequence of a USB ZIP drive succeeds with Sculpt.
This patch handles the corner case of switching virtual desktops while
child views are visible. Examples of such child views are tool tips,
pull-down menus, or the graph of the top-view utility. The switch to
another virtual desktop would implicitely turn the child views into
top-level views of the root nitpicker GUI server until switching back
to the original virtual desktop.
The patch implements the expected behavior of hiding all child views
that belong to a disappearing top-level view.
The value of 50% as assigned by commit "sculpt: add basic support for
i.MX8 Quad EVK" leaves too little room for other components of the
runtime subsystem. With the adjustements of commit "sculpt: assign CPU
quotas" the sum exeedcs 100%. Hence this commit tunes down the value to
sensible 10%.
By assigning CPU budgets, base-hw's priorities come into effect.
Even though the chosen values are rather guessed than informed, they
yield a visibly improved responsiveness on the Pinephone.
* Switch from the legacy usb_host driver to the new PC version
in recipes and automated tests
* Update documentation snippets
* Remove outdated, unused usb_rndis run-script
Fixgenodelabs/genode#4416
Do not set '_mode' per default to MANANGED. Check if a manual config ROM
is present during construction and set '_mode' to MANUAL in case it is.
issue #4369
This patch makes Sculpt's leitzentrale GUI able to respond to touch events. It
formerly assumed that click/clack events are always preceded by hover reports
that identify the clicked-on widgets. For touch events, however, the most
up-to-date hover information referred to the previous click because there is no
motion without touching. So the GUI tended to identify the wrong widgets as
click targets.
The patch solved this problem by testing the freshness of the hover information
at the time of the click. If the hover information is older than the click, the
action is deferred until up-to-date hover information becomes available.
Fixes#4398
* retrieve Genode::Env from plugin, this way no mesa applications need to
be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.
issue #4380
When a <gpu> node is present in the VFS, the plugin opens a
Gpu::Connection for each open call to the 'gpu' node and installs a
completion signal handler. A read only to the fd returned only comes
back if a completion signal has been received between two read
transctions to the fd.
For now the Gpu::Connections can be retrieved by calling the
'vfs_gpu_connection(unsigned long id)' function. The id can be obtained
using 'stat' on the 'gpu' device and is located in the inode (st_ino)
field of the stat buffer.
issue #4380
This patch equips Sculpt with the ability to customize the system image
in very flexible ways.
All customizable aspects of the image have been relocated from the
former sculpt.run script and the accompanied gems/run/sculpt/ directory
to a new location - the sculpt/ directory - which can exist in any
repository. The directory at repos/gems/sculpt/ serves as reference.
The sculpt directory can host any number of <name>-<board>.sculpt files,
each containing a list of ingredients to be incorporated into the
Sculpt system image. The <name> can be specified to the sculpt.run
script. E.g., the following command refers to the 'default-pc.sculpt'
file:
make run/sculpt KERNEL=nova BOARD=pc SCULPT=default
If no 'SCULPT' argument is supplied, the value 'default' is used.
A .sculpt file refers to a selection of files found at various
subdirectries named after their respective purpose. In particular, There
exists a subdirectory for each file in Sculpt's config fs, like
nitpicker, drivers... The .sculpt file selects the alternative to use
by a simple tag-value notation.
drivers: pc
The supported tags are as follows.
*Optional* selection of /config files. If not specified, those files are
omitted, which prompts Sculpt to manage those configurations
automatically or via the Leitzentrale GUI:
fonts
nic_router
event_filter
wifi
runtime
gpu_drv
Selection of mandatory /config files. If not specified, the respective
'default' alternative will be used.
nitpicker
deploy
fb_drv
clipboard
drivers
numlock_remap
leitzentrale
usb
system
ram_fs
Furthermore, the .sculpt file supports the optional selection of
supplemental content such as a set of launchers.
launches: nano3d system_shell
Another type of content are the set of blessed pubkey/download files
used for installing and verifying software on target.
With the new version, it has become possible to supply a depot with the
the system image. The depot content is assembled according to the 'pkg'
attributes found in launcher files and the selected deploy config.
The resulting depot is incorporated into the system image as 'depot.tar'
archive. It can be supplied to the Sculpt system by mounting it into the
ram fs as done by the 'ram_fs/depot' configuration for the ram fs.
It is possible to add additional boot modules to the system image. There
are two options.
build: <list of targets>
This tag prompts the sculpt.run script to build the specified targets
directly using the Genode build system and add the created artifacts
into the system image as boot modules.
import: <list of depot src or pkg archives>
This tag instructs Sculpt to supply the specifid depot-archive content
as boot modules to the system image. This change eliminates the need for
board-specific pkg/sculpt-<board> archives. The board-specific
specializations can now be placed directly into the respective .sculpt
files by using 'import:'.
To make the use of Sculpt as testbed during development more convenient,
the log output of the drivers, leitzentrale, and runtime subsystems
can be redirected to core using the optional 'LOG=core' argument, e.g.,
make run/sculpt KERNEL=linux BOARD=linux LOG=core
The former pkg/sculpt-installation and pkg/sculpt-installation-pc
archives have been replaced by pkg/sculpt_distribution-pc, which
references the generic pkg/sculpt_distribution archive. Those pkgs are
solely used for publishing / distribution purposes.
Fixes#4369
- Consider 'sdl' as source of input events in the event-filter
configuration as generated by the sculpt manager
- Supply an artificial 'platform_info' ROM as requested by the
sculpt manager to obtain the affinity-space information
- Substitute 'fs_rom' for 'cached_fs_rom' as a workaround for the
lack of support for managed dataspaces on Linux
Fixes#4362
This patch improves the robustness of the CPU-affinity handling.
- The types in base/affinity.h received the accessors
'Location::within(space)' and 'Affinity::valid', which alleviates
the fiddling with coordinates when sanity checking the values,
in init or core.
- The 'Affinity::Location::valid' method got removed because its
meaning was too vague. For sanity checks of affinity configurations,
the new 'within' method is approriate. In cases where only the x,y
values are used for selecting a physical CPU (during thread creation),
the validity check (width*height > 0) was not meaningful anyway.
- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
as argument because a location always relates to the bounds of
a specific space. This function now implements the selection of
whole rows or columns, which has previously a feature of the
sandbox library only.
- Whenever the sandbox library (init) encounters an invalid affinity
configuration, it prints a warning message as a diagnostic aid.
- A new 'Affinity::unrestricted' function constructs an affinity that
covers the whole affinity space. The named functions clarifies
the meaning over the previous use of the default constructor.
- Core's CPU service denies session requests with an invalid
affinity parameter. Previously, it would fall back to an
unrestricted affinity.
Issue #4300
Similar to other devices allow for selecting a graphics device as
well. This is currently only useful on iMX8-based systems like
iMX8Q-EVK and MNT Reform2 where the driver is explicitly started
from a pkg.
Fixes#4342.
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.
To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.
Issue #4324
This patch adds a missing call of '_handle_decorator_margins' at
construction time. Up to commit "report_rom: versioning and explicit
notification" this problem was masked by an unconditional signal, which
implicitely triggered the call.
Issue #4274Fixes#4306
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.
Issue #4176
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.
Issue #4176
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.
Fixes#4295
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:
[init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0
Issue #4281
Warning!
The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!
The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.
Fixes#4032
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.
Ref #4032
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.
Ref #4032
