+sign:schnorr crashes on `=(0 sk)`, so the bounds checking code is not
exercised for sk=0. It also crashes on `(gte sk n.domain.c)`, which is
redundant with the size check on sk, so we remove that.
- only store metadata in the persistent map. just enough to support
(eventual) thread cancellation and output mark lookup.
- try to delete thread state at other failure points not covered by
%kick.
- reflect back the passed output mark rather than form.dais. not sure
about this one yet.
de-xml parser fails when xml content node contains doublequotes (`doq` rule), this PR proposes to remove this restriction as high-level javascript APIs that operate on DOM don't entitize/encode doublequotes by default.
+wake had accumulated several layers of abstractions which were later
rendered unnecessary. This removes those abstractions and should have
no semantic effect.
This adds support for tombstoned files to clay. It does not include any
way to actually tombstone them; that is left for later.
This allows tombstoning at the level of a file. Precisely, this expands
+blob:clay by adding a %dead case:
+$ blob :: fs blob
$% [%delta p=lobe q=[p=mark q=lobe] r=page] :: delta on q
[%direct p=lobe q=page] :: immediate
[%dead p=lobe ~] :: tombstone
== ::
Thus, we maintain the invariant that every lobe corresponds to a blob,
but now a blob may be an explicit tombstone.
Details:
- This has not been tested at all, except that it compiles and boots.
- This does not have a state adapter from master. The only state change
is the definition of +cach.
- Additionally, out-of-date ships may unexpectedly receive a %dead blob
from a foreign clay which would interfere with their ability to download
that desk. No code changes necessary, but sponsors should avoid
tombstoning files in %base for a while so their children can get the
update.
- A merge will only fail if the tombstoned file conflicts with another
change. Note that as written, merging from a past desk *can* bring a
tombstoned file to the head of a desk. Possibly this shouldn't be
allowed.
This also includes a couple refactors that were made possible by ford
fusion (since everything is synchronous now) but never got done. In
both cases we get to remove a monad, which simplifies the code
considerably.
- refactor +merge's error handling to use !!/mule instead of threading
through errors
- refactor all +read-* functions and related parts of +try-fill-sub to
eagerly convert lobes to cages.
We also add support reading %a/b/c/e/f/r/x from past and foreign desks,
when possible. Apologies that all of these are in one commit, it was
all a single chunk of work.
This is a draft until we have a way to tombstone. I suspect we'll want
to have a mechanism of keeping track of gc roots and trace to remove,
but this PR doesn't suggest any particular strategy.
Jael needs to be reconfigured to listen to the new aagent for azimuth
events, and the old app needs to be shut down. We do this in
/app/azimuth's +on-init.
Additionally, we make sure that jael doesn't crash when it (as expected)
loses its subscription to the old agent.
Render `@p` shorthands correctly for short moon names. Fixes#5318.
This also changes galaxy and star moons to render as `~parent^` instead of some
longer variation.
When you loaded an app with an error, then fixed the error, it would
create the main gall %mult subscription at a time in the past. Then,
clay would never fill the subscription since it couldn't get the old %a
entries for the apps.
This fixes the issue in two ways: first, don't subscribe in the past.
Second, if clay can't get the old versions, just fire the subscription
anyway.
Previously, if trying to bind to an endpoint that was already bound to,
eyre would reject it. This doesn't play very nicely in a softdist world
where uninstalled apps might not get a chance to clean up, and apps
might re-bind simply for being re-installed.
Here we change eyre to overwrite an existing binding if it conflicts
with the new one to be added.
And reject paths ending in empty segments.
The following cases were being parsed incorrectly:
- `/` represents the empty path, `~`. This was being parsed into `[~. ~]`
- `/x/` is not valid. This was being parsed into `[~.x ~. ~]`
This happens because `urs:ab` has no problem parsing the empty string.
For some supported cases, like `//x` (`[~. ~.x ~]`), this is actually desired
behavior, but it results in trailing empty segments for paths ending in `/`.
Here we apply a `+sear` on top of the existing parser, that transform the `/`
case to produce `~`, and ensures the absence of a trailing empty segment in
all other cases.
Note that we change `(more fas urs:ab)` to `(most fas urs:ab)`. Since `urs:ab`
parses the empty string, this doesn't actually make a difference, but it does
make it more obvious that the `+rear` call will never crash.
Alternative approaches I attempted all resulted in much more complicated
parser, so the dumb `+sear` seems preferable.
We do eat the performance cost of an additional list traversal (in `+rear`)
with this change, but that is probably not the end of the world.
Fixes#1501.
This reverts d96d50199 because +ad is incredibly opaque, and +ergo's
sitting right there anyway. It looks like it was intended to abstract
over +endo, +elbo, and +ergo, but only +ergo was every implemented. I
don't doubt the others could be as well, but then they would be just as
inscrutable.