I'm always cautions of APIs that take a target buffer and no buffer size - while not bulletproof the latter is at least a reminder to the user to obtain the size.
By using void* we loose the type safety that we have with other Mir APIs. Can you provide some justification for this design choice? E.g. will this function be primarily for clients that obtained the cookie from a non-Mir API?
Nits to fix and questions:
CookieFactory looks less and less like a "factory" interface. Would "CookieAuthority" be a better name?
~~~~
+ virtual bool attest_ timestamp( MirCookie const* cookie) = 0;
This is the only place in the interface MirCookie is mentioned. Should we simply lose this function and require the user to call the other overload?
~~~~
+void mir_input_ event_copy_ cookie( MirInputEvent const* ev, void* cookie);
I'm always cautions of APIs that take a target buffer and no buffer size - while not bulletproof the latter is at least a reminder to the user to obtain the size.
~~~~
+void mir_surface_ raise_with_ cookie( MirSurface* surface, void const* cookie);
By using void* we loose the type safety that we have with other Mir APIs. Can you provide some justification for this design choice? E.g. will this function be primarily for clients that obtained the cookie from a non-Mir API?
~~~~
- * Copyright © 2015 Canonical Ltd.
+ * Copyright © 2016 Canonical Ltd.
Don't remove the 2015 copyright claim. (I know these headers are legally unnecessary and PITA, but let's try to do it right.)
~~~~
+ /* No mac == no size! */
+ return 0;
It should be a precondition that there's a MAC. I.e. the function should begin with something like:
mir: :require( mir_input_ event_has_ cookie( ev));
~~~~
+#include "mir/cookie.h" factory. h"
#include "mir/cookie_
The first include of the source file should be the corresponding header (to ensure it compiles by itself).