Commit graph

6 commits

Author SHA1 Message Date
Caolán McNamara
35fd4bb744 copy CA certificates to jail
for curl >= 8.3.0 which removed the nss backend, requiring the
certs with the OpenSSL backend.

DeepL access doesn't work otherwise.

Use the same list and order as used in core:

see: similar to https://gerrit.libreoffice.org/c/core/+/158915
and: https://www.happyassassin.net/posts/2015/01/12/a-note-about-ssltls-trusted-certificate-stores-and-platforms/
Signed-off-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Change-Id: Ic9de1e926977f63592146ac17df42704c8d86ccd
2023-11-14 17:01:49 +00:00
Ashod Nakashian
829ad12045 systemplate: include /lib/*/nss
It seems the location of the NSS dynamic
libraries have changed recently. This is
true on Ubuntu 22.04 and it seems on
Clear Linux.

We expected to find them in /usr/lib but
they are now in /lib. We support both
now, so the systemplate should work on
both new and old systems.

The symptom of not having the NSS libs
is failure to open password-protected
documents. The tests failed, which
helped to reproduce and debug.

Change-Id: Ifb4cbc4e2c852464ffcdcc19801689ea60355042
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2022-11-05 21:45:24 +00:00
Tor Lillqvist
8bd276976e Downloaded fonts don't need to be visible to Kit processes any longer
After recent changes in core, it is only the ForKit process that opens
such files.

Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I69ce1c4caf229b34e42799c525a1f1461a1841e0
2022-10-13 17:02:08 +03:00
Tor Lillqvist
97a18768d7 Avoid using only "real" paths for the tmpfont thing
If I have used a path with symlinks in it when changing directory to
my build directory, what gets put in config.status as ac_pwd is that
path, not a realpath version. That then propagates to
ac_abs_to_builddir and to SYSTEMPLATE_PATH, which is what Makefile.am
passes for the --o:sys_template_path option to coolwsd.

To be on the safe side, do the tmpfonts dance both for the systemplate
path that might include symlinks and for one that has been realpathed.

Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I7575120090986e6207497c5ce740aedd6075e48f
2022-04-26 13:59:29 +03:00
Tor Lillqvist
f98900c73c Add a remote font download feature
The coolwsd.xml file can now contain a URI of a JSON file on some
server that contains URIs of fonts. These fonts are downloaded to the
coolwsd server. Just like the remote configuration thing, the URIs are
checked once a minute and the JSON or the fonts mentioned in it are
re-downloaded if their contents has changed.

If a font has been removed from the JSON file then the corresponding
downloaded could be removed, too. But there is no way to remove it
from core without restarting the whole COOL server, so we don't
bother.

We need to put the font in such a place so that its pathname is the
same both in the ForKit process (outside any chroot jail) and in a Kit
process (inside its own jail(), because even if it is in the ForKit
process that we call the LO core vcl API to load a "temporary" font,
code elsewhere in LO core re-opens the font file later, naturally
using the same pathname, when it is needed (see
FreetypeFontFile::Map() in vcl/unx/generic/glyphs/freetype_glyphcache.cxx).

Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: If78058ddff5ed05c7a82d7ea465a7a414fd0d861
2022-04-15 17:32:41 +03:00
Andras Timar
4788696cbe rename: loolwsd-systemplate-setup -> coolwsd-systemplate-setup - part2
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I2f34f0caa52302c58f7101f49c8bb9ca9bd13482
2021-11-18 08:07:23 +01:00
Renamed from loolwsd-systemplate-setup (Browse further)