The sculpt manager used to defer the initialization of the GUI until
nitpicker's first display report became ready. This way, Sculpt was able
to run headlessly even if the framebuffer driver failed to start up.
Thanks to #3827, nitpicker no longer depends on a working framebuffer
driver. So the sculpt manager is safe to rely on nitpicker in any case,
simplifying the code.
Issue #3827
* enable all common warnings through default value of CC_ADA_WARN
* treat warnings like errors through default value of CC_ADA_WARN_STRICT
* enable almost all style checks through default value of CC_ADA_WARN_STRICT
* style fixes for aes_cbc_4k
* disable strict warnings and style checks for libsparkcrypto and spark lib
Ref #3848
This patch prevents nitpicker from requesting a framebuffer and input
session by default because the regular use of nitpicker relies on the
capture-session and event-session interfaces by now.
For supporting the nested use of nitpicker via the gui_fb component, it
is still possible to enable the traditional behavior by explicitely
setting the 'request_input' and 'request_framebuffer' config attributes
to "yes".
Issue #3812
This commit applies the transition from the "Input" session to the "Event"
session to the event-filtering mechansim. The functionality of the
input_filter is now provided by the event_filter. The event filter
requests only one "Event" session as destination for the filter result,
which is usually routed to the nitpicker GUI server. It provides an
"Event" service to which any number of event sources can connect.
The configuration of the filter chain remains almost the same. Only the
declaration of the <input> nodes is no longer needed. Instead, the
configuration must specify <policy> nodes, which define the mapping of
"Event" clients (event sources) to the inputs used in the filter chain.
The patch adjusts all uses of the nitpicker GUI server accordingly such
that the event filter reports events to nitpicker's event service
instead of having nitpicker request an "Input" session. This dissolves
the dependency of nitpicker from input drivers.
Issue #3827
This patch replaces the use of the "Framebuffer" session interface by
the new "Capture" session interface in all framebuffer drivers. Thanks
to this change, those drivers have become mere clients of the nitpicker
GUI server now, and are no longer critical for the liveliness of the GUI
server.
The patch touches the following areas:
- The actual driver components. The new versions of all drivers have
been tested on the respective hardware. Generally, the drivers
have become simpler.
- The drivers_interactive packages for various boards. The drivers
subsystem no longer provides a "Framebuffer" service but needs a
valid route to the "Capture" service provided by nitpicker.
- The driver manager of Sculpt OS.
- This patch changes the role of the test-framebuffer component from a
framebuffer client to a capture server so that drivers (capture clients)
can be directly connected to the test component without the nitpicker
server.
- Framebuffer driver no longer support the unbuffered mode.
- The fb_bench.run script is no longer very meaningful because it
interplays solely with nitpicker, not with the driver directly.
- All run scripts for graphical scenarios and the related depot
archives got adapted to the change.
Fixes#3813
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.
The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.
Fixes#3784
This commit fixes the 'Out_of_caps' handling. The previous version
mistakenly upgraded the RAM instead the caps as response. The problem
could be triggered by the 'decorator_stress.run' script.
- Since Genode::strncpy is not 100% compatible with the POSIX
strncpy function, better use a distinct name.
- Remove bogus return value from the function, easing the potential
enforcement of mandatory return-value checks later.
Fixes#3752
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.
Fixes#3756
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.
The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.
The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.
Fixes#3750
- don't use 'qemu -serial mon:stdio' anymore as it no longer works as
expected
- use "bash -l" with [terminal] to read user's profile configuration,
e.g., PATH settings
- added missing boot modules and cap quotas
config_0.xml.tmp:26: element config: Schemas validity error :
Element 'config': Character content other than whitespace is
not allowed because the content type is 'element-only'
Issue #3612
This patch increases the default limit of the maximum number of open
file descriptors to the hard limit of the system. This is needed for
complex scenarios, which require more FDs than the default of 1024
at core.
Related to issue #3581Fixes#3721
This commit fixes a regression introduced by "window_layouter: add
dynamic screen handling", rendering the sub-division of screens in
columns and row unusable. The said commit removed a condition needed
for the correct window placement. This patch restores the condition.
Issues #3646
When the last writer closes the pipe, we must trigger the I/O progress
handler to deliver the final EOF to the client (READ_OK with out count
of 0).
Fixes#3697
This patch replaces the former Noux instance by a sub init that hosts
the combination of VFS + fs_rom + bash. If bash exits, the whole sub
init exits, which implicitly tears down the terminal session used by the
sub init. The latter is expected by the test sequence.
Issue #3696
This depot package is the runtime for rtc_drv and system_rtc server with
coordinated update of system and hardware RTC via reports. It replaces
drivers_rtc which was never freestanding drivers package and, therefore,
has to be accompanied with a running platform_drv etc.
Fixes#3680
This patch increases the Sculpt version to avoid the risk of binary
compatibility clashes with index files published for the just-released
Sculpt 20.02 version.
Without this patch, the text area would mistakenly delete the characters
types after placing the cursor with the mouse as soon as shift is used
as modifier.
- Don't reset sculpt partition on USB changes whenever ram fs is
selected for use.
- Reconfigure runtime immediately when plugging USB devices.
This prevents the usb-block driver and part_block from
dangling in the graph. They disappear immediately now.
This patch restores the anchoring of the popup menu to the original
behavior, placing the popup to the right of the '+' button. The
anchoring got lost due to the recent structural changes of the GUI,
which affect the hover XML structure.
Be less rigid when checking for available network to support
setups where the uplink or depot repositories are provided by
another source than "wired" or "wifi" NIC services,
e.g., a virtual machine with pass-through network device.
The new text_area component is able to view and edit files.
Internally, it employs a menu_view for the graphics output.
Only basic notepad-like text-editing functions are supported.
At the current time, it is solely meant as a companion of the Sculpt
manager.
Issue #3650
This patch improves the robustness of menu_view when encounting missing
textures, which can happen during development when using styled buttons
and frames. With the patch, menu_view outputs diagnostic messages,
pinpointing the problem.
The patch also updates the texture handling to use the 'File_content'
utility and the VFS for obtaining PNG images.
Issue #3629
This patch allows for the customization of the text color and alpha
value of the label widget by the means of a style-definition file.
The mechanism is exemplified with the new "invisible" label style
that sets the alpha value to zero.
Issue #3629
This commit adds dynamic switching in between different defined
screens via keyboard shortcuts, or by editing the rules file.
In the window_layouter package it defines per default ten screens,
reachable by pressing the screen key along with numbers 0-9.
Fix#3646
This new attribute can be used to enforce a minimum width in the unit of
the size of the character 'x'. Furthermore, the patch sets the minimum
height of a label to 0 if no 'text' attribute is present. By combining
both features, the label becomes usable as a horizontal spacer.
Issue #3629
This patch refines the hover handling such that a float widget never
responds to hovering unless a child is hovered. This way, it becomes
possible to stack multiple float widgets within one frame and still
reach all child widgets.
Issue #3629
Similarly to the way of how a <cursor> can be defined for a <label>
widget, a selection can be expressed as follows:
<label ...>
<selection at="2" length="12"/>
</label>
Issue #3607
Issue #3629
When setting the <dialog> attribute 'hover_details' to "yes", the hover
report features the character position of a hovered label.
Issue #3607
Issue #3629
This patch equips the label widget with the ability to display a text
cursor, as illustrated by the following example:
<label text="...">
<cursor at="10"/>
</label>
Issue #3607
Issue #3629
The value range supported by the 'Animated_rect' utility is constrained
to 2^11 by the used 32-bit integer type. The interpolation is performed
on fixpoint numbers with a fractional precision of 10 bits. The
non-linear interpolation as performed by the 'Lazy_value' utility
involves squaring the values. Hence, the interpolated integral values
must not exceed 2^11 (2*11 bits for the square plus 10 bit for the
fractional part require 32 bits). This range is too small for
high-resolution displays. Hence this patch replaces the 32-bit integer
type by a 64-bit integer type.
Fixes#3627
The wm used to remember the last pointer position when observing a leave
event. With such a stale pointer position, the wm would eventually
wrongly create an artifical motion event when a supposedly hovered
window changes its position (during an animated move). This can lead to
the propagation of the stale pointer position to the wm client, which,
in turn, may interpret the outdated position (e.g., the menu view would
report a wrong hover state).
This patch removes the stale state by resetting the '_pointer_pos' when
observing a leave event.
Fixes#3632
Instead of listening for new TCP/IP connections only,
the TCP terminal connects to a server when an IP address is
configured in the policy for a terminal client.
Fix#3619
Replace return values with appropiate bool and document two-staged
publickey authentication. This fixes a bug where wrong authentication
attempts are not properly denied.
Issue #3590.
server.h:51:12: warning: ‘int write_avail_cb(socket_t, int, void*)’
declared ‘static’ but never defined [-Wunused-function]
This patch fixes the warning by moving the user of 'write_avail_cb' to
the compliation unit that defines it.
From the man page of expect:
> Both expect and interact will detect when the current process exits
> and implicitly do a close. But if you kill the process by, say, "exec
> kill $pid", you will need to explicitly call close.
Fixes#3569
This patch is a follow-up fix for "ttf_font: prevent out-of-bounds
access", which produced sporadic single-pixel artifacts with large font
sizes, e.g., with the monospaced font set to 24px in Sculpt.
The artifacts occurred only for some horizontal sub-pixel positions, in
combination with the font cache, and after the rendering of '>'
characters. They were ultimately caused by the missed clearning of the
first pixel of a glyph where x0 is 1 (e.g., the character 'd'). In this
case, a pixel from the previously evicted cache entry (the '>') shined
through. The patch fixes the problem by clearing the glyph starting from
the first, not the x0's, pixel.
Fixes#3567
This test covers the situation where depot_query evaluates depot content
that is incompletely extracted. In particular, if the 'archives' file
already exists but has a size of zero, depot_query would produce a
page fault. This situation can be manually provoked by deliberately
creating a zero-sized archives file for any otherwise correct pkg.
This patch also fixes the success indicator of the test. It wrongly
matched an early line of the log output.
Issue #3557
* The log history of a test is stored as a whole for the lifetime of the test.
* Matching of the log history against log patterns is done correctly now
(previously, a pattern like "AAB" on an input like "AAAB" wouldn't have
triggered).
* Use memcmp, memcpy, memmove instead of the former character-wise operations.
* Sanitizing of log input and log patterns now works more generic through the
new Filter class for all replacements/removals.
* Sanitizing is done as soon as a string is available and remains for the
lifetime of the test.
* Sanitizing doesn't interfer with the matching algorithm.
* Decomposing into small clearly named functions.
Ref #3555
When copying config/managed/deploy to config/deploy, the latter may
temporarily result in an empty configuration. Such an intermediate
state should be ignored to keep the currently running scenario in tact
instead of restarting it.
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.
In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.
The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.
Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.
Fix#2303
Nowadays, we use standard command-line tools like vim to edit init
configurations dynamically, which alleviates the need for a custom CLI.
The CLI-monitor component was too limited for use cases like Sculpt
anyway.
The patch also removes the ancient (and untested for long time)
terminal_mux.run script, which used to be the only remaining user of the
CLI monitor.
Issue #3512
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:
- Distinction between continuous and transactional files (Node_type)
(issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
replacing the former 'mode' bits
(issue #3030)
The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.
This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
Moving the handling into the input-session clients enables more
sophisticated implementations (like Qt5) to apply key-symbol based
handling of those modifiers like correct CTRL-A with QWERTY and AZERTY
layouts and distinction of CTRL-J and Return.
Issue #3483
With the added modification-time support in the libc, the extract tool
requires a timer session, which is not plausible for the purpose of the
program.
This behavior stems from the fact that the libc implicitly writes the
mtime when closing a written file. For this update, it implicitly calls
'clock_gettime', which in turn initializes the timer subsystem within
the libc (creating a timer session).
For the extract tool, the implicitly updated mtime is useless because
the extract tool overwrites this modification time with the mtime stored
in the archive anyway. However, the dependency from a timer service
remains.
This patch explicitly disables the libc's implicit updating of the
file-modification when closing a written file.
Issue #1784
This adds complete character-generator configurations for English (US),
German (Germany and Switzerland), and French (France and Switzerland).
The configs are manually amended and stripped-down versions of
xkb2ifcfg generated configs.
Issue #3483
This patch handles the situation where the usb_block_drv exits for any
reason, in particular when the driver fails to initialize the device. In
such cases, the usb_block_drv used to stay stale in the system,
effectively preventing the device from being passed to a VM. With the
patch, the USB storage device gets flagged as failed, the usb_block_drv
is removed from the runtime, and the condition is reflected at the user
interface.
This situation occurred on the attempt to access an iomega zip drive
with a version of the usb_block_drv without support for the START-STOP
command, but it may potentially also occur in other circumstances.
Fixes#3468
This commit implements the ssh exec channel request. It also handles
some shortcommings on the interactive channel like exit and concurrent
session establishments.
Pipes into the channel do not work yet. E.g.:
echo foobar | ssh noux@localhost -p 5555 "cat > /rw/test.txt"
The issue described with FIXME in Ssh::Server::incoming_connection()
could not be reproduced and might have been fixed with the improved
file descriptor handling.
Fixes#3401
To enable the clipboard for a VM, add the following node to the
<Hardware> sub node of your machine.vbox configuration:
<Clipboard mode="Bidirectional"/>
Issue #3437
The triggering of a new depot query can happen more than once per
activation of the sculpt manager if multiple conditions call for updated
information about the depot. When this happens, the depot-query
component produces intermediate results, which are not consumed by the
sculpt manager. By deferring depot queries for a few milliseconds, we
avoid such intermediate queries, relieving the workload of the
depot-query component at system boot time.
Issue #3436
The diagnostic messages presented in the runtime dialog lacked the name
if the subsystem was created from a launcher, e.g., the 'vm'. Instead of
determining the subsystem name from the start-XML-node (a launcher has
no 'name' attribute but the name corresponds to the launcher's file
name), the name is now passed as a dedicated argument.
The labels of clipboard ROM and clipboard report sessions of WM clients
must be consistent with the client's nitpicker label. Hence, we must
route those sessions through the window manager, analogously to the
approach taken for shape reports in #3165.
Issue #3437
This patch introduces two caches to the depot-query tool.
- A stat cache remembers the results of 'Directory::file_exists'
calls.
- The 'Cached_rom_query' caches the result of scanning the depot
for a given ROM module and pkg path. To elminates the need to
parse 'archive' files of pkgs referenced from other pkgs or
for the repeated instantation of the same pkg.
Both caches are bypassed whenever referring to the 'local' depot user.
Fixes#3427
When resizing windows of clients that respond very slowly to resize
requests, the window's size sometimes snapped back to its original size
immediately after finishing the drag operation.
The problem was caused by the interplay of the layout rules (obtained
via the 'rules' ROM, generated by the 'rules' report) and the
temporary interactive state that occurs during drag operations.
The rules are updated only at the time of releasing the button to keep
the overhead while dragging the window low. However, when releasing the
mouse, the (now outdated) rules kicked back into effect, triggering
resize requests for the window to its old size.
The patch solves this problem by decoupling the dragged state of a
window from the physical release of the button. The button release
triggers a transition from a DRAGGING to a SETTLING state and programs
a timer. In the SETTLING state, the windows behave as in DRAGGING state,
giving the interactive geometry precedence over the rules-dictated
geometry. During this state, further responses of window-resize requests
may come in and are handled like dragging was still in progress. After a
timeout, however, the current window layout is conserved as a new rules
report and the state goes back to IDLE.
For clients that takes a very long time (in particular, VirtualBox when
resizing the desktop, which takes sometimes multiple seconds), the
snap-back artifact can still occur, but the effect is reduced.
This problem surfaced with the new tool chain that changes the stack
layout. A pointer to the the config XML data was kept in the main object
but pointed to a stack variable. This patch fixes it by removing the
pointer.
Fixes#3416
This patch adds the missing propagation of the maximized state from the
layout rules to the internal representation of a window. Without this
patch this state could be toggled by clicking on the maximizer button
only.
The decorator's detection of the hovered window element was inaccurate,
which resulted in "jumping" windows in some situations, ultimately
caused by a combination of three different mechanisms.
First, when moving the pointer into the area of a window, the decorator
would detect the hovering of the left border whenever the distance of
the pointer from the border was less than the half of the theme texture
(e.g., 64x64 pixels for the default theme). However, if the left border
margin is set to a small value (e.g., 1), there is an overlap of the
sensitive resize border area and the content. Hence, chances were quite
high that - when moving the pointer from the left into the window - the
hover report would contain the hovering of the left border.
Second, the window manager tries to hide pointer movements from the
decorator if possible. It informs the decorator of the pointer position
if any decoration is hovered or if a new window is hovered. But it does
not expose pointer movements within a window to the decorator. For this
reason, the decorator would not update the hover report as long as the
pointer stays within a once hovered window. In the situation described
above, the hover report would still contain the stale information about
the hovering of the left resize border.
Third, when the user clicks on the window, the decorator examines the
most recent hover report and - in the situation described above - finds
the left border hovered. Consequently, it initiates a window-drag
operation. While resizing the window with the left border, the window
layouter pins the right border of the window to its current position.
All window-size changes of the client will be applied towards the left
(dragged) border. In the case of the top view, which continuously
resizes the window by itself, the window would "jump". In reality, it
actually tries to respond an interactive resize operation. The window
layouter cannot guess that the client is not responding to window
layouter's resize request but is acting independently.
This patch fixes the jumping window problem for the case where the
pointer hovers the overlapping area of the resize border and the
content. However, when trying the to interactively resize the top window
via the bottom-left corner, the "jumping" can still be observed.
Fixes#3303
By decoupling the leitzentrale from the (contended) boot CPU, the fading
on F12 interferes much less with animations like nano3d deployed in the
runtime.
Fixes#3268
There are still nightly tests like test-tcp_bulk_lxip on sel4 x86_64 qemu
that manage to hit the test timeout of the run script although the test was
successful. So, raise the extra time added by the run script to 30 seconds.
Ref #3411
Some platforms (sel4 imx6/imx7) cannot manage to execute all tests in a single
boot. Thus, we re-boot them periodically after a given maximum number of tests
to avoid that arbitrary tests always fail due to the long uptime and not due to
the tests themselves.
If the maximum number of tests is set to 0, no limit is applied.
Fixes#3411
The terminal now got a configurable palette for 16 colors (8 normal, 8
bright/bold).
<config>
<palette>
<color index="0" value="#000000"/> <!-- black is real black -->
<color index="8" value="#101010"/> <!-- bright black stands out a bit -->
</palette>
</config>
Note, the old (undocumented) <color index="..." bg="..."> configuration
scheme is no longer supported.
Also, this commit adds a pleasing default palette that ensures
readability of ViM's standard hightlighting.
Fixes#3406
It might happen, in CPU intensive tests (like TCP bulk lxip), or when
printing debugging output after a failed test (as done currently on
staging), that the run script on the host gives up and reboots the
platform too early. Thus, we raise the buffer time. A reboot should
be necessary only in rare cases anyway.
Fixes#3387
* Make package buildable for ARM too
* Move usb library to src targets for explicitly named targets
* adapt remaining run-scripts to use the correctly named usb drivers
Ref #2190
This patch fixes the corner case where an animated geometry changes its
destination mid-way while an animation is already in progress. The
'_trigger_animated_geometry' method used to back out early in this case,
which was intended as an optimization.
Fixes#3296
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.
Fixes#3208
As a preparatory step for introducing the new block-client API, we have
to turn the 'Block::Connection' into a class template. The template
argument will be used to tie an application-defined job type to the
block connection.
Issue #3283
This patch replaces the formerly fixed 2 KiB data alignment within the
packet-stream buffer by a server-defined alignment. This has two
benefits.
First, when using block servers that provide small block sizes like 512
bytes, we avoid fragmenting the packet-stream buffer, which occurs when
aligning 512-byte requests at 2 KiB boundaries. This reduces meta data
costs for the packet-stream allocator and also allows fitting more
requests into the buffer.
Second, block drivers with alignment constraints dictated by the
hardware can now pass those constraints to the client, thereby easing
the use of zero-copy DMA directly into the packet stream.
The alignment is determined by the Block::Session_client at construction
time and applied by the Block::Session_client::alloc_packet method.
Block-session clients should always use this method, not the 'alloc_packet'
method of the packet stream (tx source) directly. The latter merely
applies a default alignment of 2 KiB.
At the server side, the alignment is automatically checked by
block/component.h (old API) and block/request_stream.h (new API).
Issue #3274
This patch modernizes the 'Block::Session::info' interface. Instead of
using out parameters, the 'init' RPC function returns a compound 'Info'
object now. The rather complicated 'Operations' struct is replaced by
a 'writeable' attribute in the 'Info' object.
Fixes#3275
The 'aes_cbc_4k' library is simple wrapper around libsparkcrypto to
serve as a backend for storage encryption. It operates on data chunks of
4 KiB and uses AES-CBC while incorporating the block number and the
private key as salt values.
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.
Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.
These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.
Fix#3257
The '_currently_constructed' pointer caches the information about which
'Launched_child' is currently configured in the menu. When discarding
the runtime (e.g., when un-using a file system) at this point, this
cached pointer was not invalidated while all 'Launched_child' objects
would be freed (including the currently constructed one). On the next
attempt to construct a new child, the sculpt manager attempted to
destruct the 'Launched_child' referred by the (now outdated)
'_currently_constructed' again.
Fixes#3240
This commit handles the corner case where a package could be installed
successfully but the package's runtime definition is inconsistent with
the content delivered by the package's dependencies, i.e., the <content>
of the runtime file lists ROM modules that do not exist.
With this patch, the '+' menu shows the message "installed but
incomplete" whenever a package is in such a state.
Issue #3241
The "Vfs::Vfs_handle" type should not contain any public members that
can be initialized by the VFS internally and by the application, so
remove inheritance from the "Genode::list::Element" class. The VFS
plugins must instead use lists of "Vfs::Vfs_handle" sub-classes, the
lifetime of which are always managed by the plugin.
Ref #3036