FontForge gains ability to reuse OpenType rules for different fonts

FontForge is the long standing libre font development tool: it can be used to design glyphs, import glyphs of many formats (svg, ps, pdf, …), write OpenType lookups or integrate Adobe feature files, and produce binary fonts (OTF, TTF, WOFF, …). It has excellent scripting abilities, especially Python library to manipulate fonts; which I extensively use in producing & testing fonts.

When I wrote advanced definitive OpenType shaping rules for Malayalam and build scripts based on FontForge, I also wanted to reuse the comprehensive shaping rules in all the fonts RIT develop. The challenge in reusing the larger set of rules in a ‘limited’ character set font was that FontForge would (rightly) throw errors that such-and-such glyph does not exist in the font and thus the lookup is invalid. For instance, the definitive OTL shaping rules for Malayalam has nearly 950 glyphs and lookup rules; but a limited character set font like ‘Ezhuthu’ has about 740 glyphs.

One fine morning in 2020, I set out to read FontForge’s source code to study if functionality to safely skip lookups that do not apply to a font (because the glyphs specified in the lookup are not present in the font, for instance) can be added. Few days later, I have modified the core functionality and adapted the Python interface (specifically, the Font.mergeFeature method) to do exactly that, preserving backward compatibility.

Next, it was also needed to expose the same functionality in the graphical interface (via File→Merge Feature info menu). FontForge uses its own GUI toolkit (neither GTK nor Qt); but with helpful pointers from Fredrick Brennan, I have developed the GUI to take a flag (default ‘off’ to retain backward compatibility) that allows the users to try skipping lookup rules that do not apply to the current font. In the process, I had to touch the innards of FontForge’s low-level code and learn about it.

Fig. 1: Fontforge now supports skipping non-existent glyphs when merging a comprehensive OpenType feature file.

This worked fine for our use case, typically ignoring the GSUB lookups of type sub glyph1 glyph2 by glyph3 where glyph3 does not exist in the font. But it did not properly handle the cases when glyph1 or glyph2 were non-existent. I’ve tried to fix the issue but then was unable to spend more time to finish it as Real Life™ caught up; c’est la vie. It was later attempted as part of Free Software Camp mentoring program in 2021 but that didn’t bear fruit.

A couple of weeks ago, Fred followed up now that this functionality is found very useful; so I set aside time again to finish the feature. With fresh eyes, I was able to fix remaining issues quickly, rebase the changes to current master and update the pull request.

The merge request has landed in FontForge master branch this morning. There’s a follow up pull request to update the Python scripting documentation as well. I want to thank Fredrick Brennan and Jeremy Tan for the code reviews and suggestions, and KH Hussain and CVR for sharing the excitement.

This functionality added to FontForge helps immensely in reusing the definitive Malayalam OpenType shaping rules without any modification for all the fonts! 🎉

Releasing new libre Malayalam font ‘Karuna’

Today, on the auspicious day of Malayalam new year (ചിങ്ങം ൧), I am pleased to announce the release of a new libre font for Malayalam script ‘Karuna’ by Rachana Institute of Typography. Karuna is a display typeface suitable for titling and headlines.

Here are some beautiful posters designed in Karuna by Narayana Bhattathiri.

Karuna is designed by renowned calligrapher Narayana Bhattathiri, font development is done by KH Hussain, font engineering is done by me (Rajeesh KV) in collaboration with CV Radhakrishnan.

Bhattathiri explains that the font was inspired by style of CN Karunakaran (1940–2013), an acclaimed painter, illustrator & art director from Kerala. Inspired by and as a homage to his style of titling and designs; Bhattathiri designed the shapes for Karuna. Karuna brings a unique design to the growing collection of high-quality open fonts maintained by Rachana Institute of Typography. In KH Hussain’s words:

മലയാളത്തിന്റെ ടൈറ്റിലിംഗിലും കവർ ഡിസൈനിംഗിലും സി.എൻ.കരുണാകരൻ ആയിരത്തിത്തൊള്ളായിരത്തി എഴുപതുകളിൽ കൊണ്ടുവന്ന മാറ്റം വിപ്ലവാത്മകമായിരുന്നു. എ.എസ്സിന്റെയും നമ്പൂതിരിയുടെയും സമകാലീനനായിരിക്കുമ്പോൾ തന്നെ ചിത്രീകരണങ്ങളിലും അക്ഷര രൂപകല്പനയിലും കരുണാകരൻ പൂർവ്വഗാമികളിൽ നിന്നു വ്യക്തമായ അകലവും വ്യത്യസ്തതയും പുലർത്തി.

അരനൂറ്റാണ്ടിനു ശേഷം നാരയണ ഭട്ടതിരി കരുണ ഡിസൈൻ ചെയ്യുമ്പോൾ വെറുമൊരു പകർത്തലല്ലാതായി അത് മാറുന്നുണ്ട്. കരുണാകരൻ മലയാള അക്ഷരങ്ങളിൽ കാണിച്ച അതേ സ്വാതന്ത്ര്യം കരുണാകരന്റെ അക്ഷരങ്ങളിൽ ഭട്ടതിരിയും എടുക്കുന്നു. മലയാളം ടൈപോഗ്രഫിയിലെ ഏറ്റവും അനന്യമായ ഫോണ്ടായി കരുണ മാറുകയാണ്. ഇന്നിപ്പോൾ ആസ്കിയിലും യൂണികോഡിലും ഉപയോഗത്തിലുള്ള മറ്റെല്ലാ ഫോണ്ടുകൾക്കും മലയാളത്തിലും റോമനിലുമൊക്കെ ചാർച്ചകൾ കണ്ടെത്താൻ കഴിയും. കരുണയ്ക്കു കഴിയില്ല.

1977 ൽ തടവറക്കവിതകൾക്കു വേണ്ടി കരുണാകരൻ ഡിസൈൻ ചെയ്ത പുറംചട്ടയിൽ കരുണാകരന്റെ കാലിഗ്രാഫിയുടെ പ്രത്യേകതകൾ ദർശിക്കാൻ കഴിയും. അടിയന്തിരാവസ്ഥയിൽ കൊടിയ മർദ്ദനങ്ങൾക്കിരയായി തടവറയിൽ കിടന്ന് നക്സലൈറ്റുകൾ എഴുതിയ കവിതകളുടെ സമാഹാരമായിരുന്നു ആ പുസ്തകം. അടിയന്തിരാവസ്ഥയുടെ നൃശംസതകൾ ആ കവർ ചിത്രത്തിലെ അക്ഷരങ്ങളിൽ വിറങ്ങലിപ്പായി നിഴലിക്കുന്നു. കരുണ ഫോണ്ട് അതിന്റെയൊരു പകർന്നാട്ടമായി മാറുന്നു.

Title designed by CN Karunakaran in 1977. Source: KH Hussain.

Karuna follows the traditional orthography of Malayalam script (neither reformed script, nor re-reformed script) and has precise OTL shaping rules required for advanced script layout. The font is licensed and made available for public use under Open Font License (OFL). You may download it at Rachana website. Font sources are available at the GitLab repository.

Digitally signing PDF documents in Linux: with hardware token & Okular

We are living in 2022. And it is now possible to digitally sign a PDF document using libre software. This is a love letter to libre software projects, and also a manual.

For a long time, one of the challenges in using libre software in ‘enterprise’ environments or working with Government documents is that one will eventually be forced to use a proprietary software that isn’t even available for a libre platform like GNU/Linux. A notorious use-case is digitally signing PDF documents.

Recently, Poppler (the free software library for rendering PDF; used by Evince and Okular) and Okular in particular has gained a lot of improvements in displaying digital signature and actually signing a PDF document digitally (see this, this, this, this, this and this). When the main developer Albert asked for feedback on what important functionality would the community like to see incorporated as part this effort; I had asked if it would be possible to use hardware tokens for digital signature. Turns out, poppler uses nss (Network Security Services, a Mozilla project) for managing the certificates, and if the token is enrolled in NSS database, Okular should be able to just use it.

This blog post written a couple of years ago about using hardware token in GNU/Linux is still actively referred by many users. Trying to make the hardware token work with Okular gave me some more insights. With all the other prerequisites (token driver installation etc.) in place, follow these steps to get everything working nicely.

Howto

1. There are 2 options to manage NSSDB: (i) manually by setting up $HOME/.pki/nssdb, or (ii) use the one automatically created by Firefox if you already use it. Assuming the latter, the nssdb would be located in the default profile directory $HOME/.mozilla/firefox/<random.dirname>/ (check for existence of the file pkcs11.txt in that directory to be sure).
2. Open Okular and go to Settings → Configure backend → PDF and choose/set the correct certificate database path, if not already set by default.

Fig. 1: Okular PDF certificate database configuration.

3. Start the smart card service (usually auto-started, you won’t have to do this): either pcsc_wd.service (for WatchData keys) or pcscd.service.
4. Plug in the hardware token.
5. Open a PDF in Okular. Add digitial signature using menu Tools → Digitally Sign
6. This should prompt for the hardware token password.

Fig. 2: Digital token password prompt when adding digital sign in the PDF document.

7. Click & drag a square area where you need to place the signature and choose the certificate. Note that, since Poppler 22.03, it is also possible to insert signature in a designated field.

Fig. 3: Add digital signature by drawing a rectangle.

8. Signature will be placed on a new PDF file (with suffix -signed) and it will open automatically.

Fig. 4: Digitally signed document.

9. You can also see the details of the hardware token in PDF backend settings.

Fig. 5: Signature present in hardware token visible on the PDF backend settings.

Thanks to the free software projects & developers who made this possible.