On the QEMU microvm machine type, it became apparent that the BIOS was
not setting the i8042 controller to function as expected. To ensure that
the controller is always outputting correct scan codes, set it to scan
code 2 and enable first port translation to ensure all scan codes are
translated to scan code set 1. This is the expected behavior when using
SeaBIOS, but on qboot (the BIOS for the QEMU microvm machine type), the
firmware doesn't take care of this so we need to do this ourselves.
31ca48e made this default to paths, but now that we have a few sensible
ways to complete things, let's make those work too.
For instance, prior to this `kill <tab>` would've suggested paths, but
now it will suggest processes.
Setting 'allow_commit_without_listing' to false will now make LibLine
show the suggestion before actually committing to it; this is useful for
completions that will replace all the user input, where mistakes can go
unnoticed without some visual cue.
Now that we can resolve these correctly and they're per-suggestion, we
can finally use them for their intended purpose of letting suggestions
overwrite stuff in the buffer.
The shell now expects a JSON object of the form {"kind":<kind>,...} per
line in the standard output of the completion process, where 'kind' is
one of:
- "plain": Just a plain suggestion.
- "program": Prompts the shell to complete a program name starting with
the given "name".
- "proxy": Prompts the shell to act as if a completion for "argv" was
requested.
- "path": Prompts the shell to complete a path given the "base" and
"part" (same as completing part in cwd=base).
We previously allowed globs as match pattern, but for more complex
matching needs, it's nice to have regular expressions.
And as the existing "name a part of the match" concept maps nicely to
named capture groups, we can simply reuse the same code and make groups
with names available in the match body.
We would have to fclose() it to be clean and nice, but that would close
the fd; instead just duplicate it and write through that, this makes it
actually write to the file.
This is to simplify the code, as Color, Alignment, Flag, Metric and Path
RoleModel classes looked exactly the same.
Additionally, I've added a try_create() function for error propagation.
:^)
For now, EventLoop and Application still have a make_inspectable
parameter, so that when working on an application you can temporarily
hard-code it to be inspectable rather than having to set the env var
each time.
Subject alternative name entries containing IP addresses will now be
parsed and added to the list of SANs. This should allow for certificate
verification when accessing IP addresses directly.
Root and intermediate CA certificates should have these extensions set
to indicate that they are allowed to sign other certificates. The values
reported in these extensions is now also checked by `verify_chain` to
make sure no non-CA certificates are used to sign another certificate.
The certificate parser now also aborts when a critical extension is
detected which is unsupported, as is required by the specification.
The ASN.1 decoder was originally using AK::BitmapView for decoded
BitStrings, however the specification requires that the bits are stored
in a byte from the most significant to the least significant.
Storing three bits '110' would result in a byte '1100 0000', i.e. 0xC0.
However, AK::BitmapView expects the bits to be stored at the bottom like
'0000 0110', i.e. 0x06. For the current uses the data was always a
multiple of eight bits, resulting in complete bytes, which could
directly be interpreted correctly.
For the implementation of the key usage extension of certificates the
correct implementation of the BitString is required.
ASN.1 encodes booleans as false is zero and true is non-zero. The
decoder currently returned true when the boolean was zero.
Since this decoder was barely used it did not cause any problems,
however for support of other certificate extensions the correct version
is required.
The wildcard specified in a certificates subject can only match a single
level of subdomains. Originally, this function could match multiple
levels of subdomains with a single "*.".
As an example, https://wrong.host.badssl.com/ should fail to load, as
the certificate provided by the server only specifies "*.badssl.com".
However this was correctly matching anyway. With this change this page
now correctly fails to load.
