Hi, Here's the summary of the previous community meeting.
--- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday, 14th Oct 2010 Time: 18:00 UTC Planned meeting topics for this meeting were on this page: <https://community.openvpn.net/openvpn/wiki/Topics-2010-10-14> Next meeting will be announced in advance, but will be on the same weekday and at the same time. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> or with $ date -u SUMMARY Mattock gave a brief update on buildbot's current status. The idea was that a mail to openvpn-commits list would trigger a build on all buildslaves. Everything works fine, except that buildbot is (surprisingly) lacking a Git commit email parser. Mattock will try to write one based on existing ones and if that fails, he'll upgrade buildbot and use the new GitPoller instead. -- Mattock gave an update on status of the public test server. He received the credentials and already installed some software on it. Further work on it will be postponed until buildbot work is finished. -- Discussed the OpenVPN 2.1.3 installer for Windows 2000. There have been a few queries regarding it, and it's already available here: <http://secure.openvpn.net/win> It was decided earlier to support Win2k on OpenVPN 2.1.3 but not on subsequent releases: <http://thread.gmane.org/gmane.network.openvpn.devel/3927> Mattock asked jamesyonan to sign the installer so that it can be added to the official download page. -- Discussed the "Support SOCKS plain text authentication" patch: <https://community.openvpn.net/openvpn/ticket/62> Decided to merge the patch into the git repository. However, later the whole socks.c would require cleaning up, e.g. to replace the raw hex message codes with macros. -- Discussed the "HTTP/1.1 Host header" patch: <http://thread.gmane.org/gmane.network.openvpn.devel/4039> It has been ACK'd by several people and is on it's way to the git repository. -- Discussed the "dynamic-Iroute config option for automatic iroutes" patch: <http://thread.gmane.org/gmane.network.openvpn.devel/4059> There were a few concerns regarding this patch: a) Possibility of routing loops, e.g. if there are two mesh networks with a double-IP-used conflict, one could end up in endless "ip route add" / "ip route del" switching. b) The patch should be rebased against the bugfix2.1 branch c) It should be possible to #ifdef out the core dynamic-iroute code d) An extra argument is added to multi_get_instance_by_virtual_addr() It was suggested that if a), b) and c) are sorted out, this patch could go into it's own git branch and be tested there. Later it could be merged into main development code. Mattock agreed to contact the patch author about these issues. -- Discussed integrating Coverity code analysis tool into buildbot. Jamesyonan told that we have license to use their tools. Unlike many OSS projects, our license _is not_ tied to their "Scan" project: <http://scan.coverity.com/about.html> Jamesyonan agreed to send mattock the necessary details so that Coverity analysis can be integrated into the build process (or buildbot). --- Full chatlog as an attachment -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
(21:04:18) mattock: topic list is here: https://community.openvpn.net/openvpn/wiki/Topics-2010-10-14 (21:04:20) vpnHelper: Title: Topics-2010-10-14 â OpenVPN Community (at community.openvpn.net) (21:04:27) mattock: I'll mail james now (21:06:31) mattock: ok, sent (21:06:52) mattock: perhaps I'll give a brief update on buildbot and the public test server (21:06:53) mattock: ? (21:07:10) dazo: +1 (21:07:34) krzee: pls do (21:07:36) mattock: okey dokey (21:07:58) mattock: so buildbot first... I was thinking that I could make everything work smoothly by the end of this week (21:08:10) krzee: even windows? (21:08:25) mattock: the idea was that a mail to openvpn-commits would trigger a build on all buildslaves (21:08:38) cron2: +1 :) (21:08:39) mattock: krzee: no :) (21:09:07) mattock: so everything went fine, e.g. getting mail to the buildmaster account in correct format (21:09:20) mattock: then I noticed that there is no Git commit email parser in buildbot (21:09:43) mattock: modifying one of the existing ones (e.g. Bzr, launchpad) should be relatively easy (21:09:57) mattock: so I'll probably do that... sent mail to buildbot-devel about that (21:10:12) mattock: if that fails, I can update buildbot and use the s.c. GitPoller which polls the repository for changes (21:10:47) mattock: besides that, buildbot is ready for some real work (21:11:21) mattock: and then the test server (21:12:10) mattock: I got the credentials and started configuring it today... nothing fancy yet, just some software installs (21:12:44) mattock: I'll try to get one thing finished at a time (buildbot first, then test server, then windows build) (21:12:58) mattock: I guess that's all (21:13:05) cron2: sounds good (21:13:48) mattock: oh one thing... once the buildbot build triggers are configured we can build debian packages for each commit (or set of related commits) (21:13:58) mattock: and publish them automaticaly (21:14:00) mattock: lly (21:14:16) mattock: later perhaps push them to an apt repo all our enthuasists can use (21:14:41) mattock: shall we move on to the patches? (21:14:51) cron2: ah, I have something else for your TODO list... (21:14:58) mattock: cron2: excellent! :D (21:15:06) mattock: I was just running out of work, you know :) (21:15:16) cron2: mattock: could you find a way to make 2.1.3-win2k appear on the community software download page? (21:15:56) mattock: hmm... we could add a link to Trac... or I could ask James if it's ok to publish it on openvpn.net download page (21:16:21) dazo: we should get that package signed as well (21:16:49) cron2: well, since we are publishing 2.1.3-win there, and James did the extra work for the win2k package, it seems weird to no thave it there (21:17:14) dazo: I think the core reason for it missing is that his publish script didn't tackle that (21:17:17) mattock: cron2: have many people requested it? because only one guy (out of 2000) responded to my "Win2k support is being removed" mail (21:17:26) mattock: dazo: I think so too (21:17:41) dazo: (james got a script which does all the magic, including updating download page) (21:17:45) cron2: mattock: well, we have made it, it came up on the openvpn-devel list, and it seems (21:17:50) cron2: argh (21:18:05) cron2: we decided "we still support win2k in 2.1.x" (21:18:27) dazo: we decided 2.1.3 will be the last win2k (21:18:34) mattock: cron2: oh yes, then 2.1.3 for win2k should be in openvpn.net (21:19:00) cron2: dazo: well, what I remembered is "if we do security updates for 2.1, we will continue to support win2k, but not for 2.2 and further versions" (21:19:12) mattock: I'll mail James right way... meanwhile perhaps discuss this: https://community.openvpn.net/openvpn/ticket/62 (21:19:14) vpnHelper: Title: #62 (Support SOCKS plain text authentication) â OpenVPN Community (at community.openvpn.net) (21:20:03) cron2: I've briefly looked at the code and it looks sane - so "semi ACK" from me. The whole socks code is filled with magic constants, though :-( (buf[0] = '\5' stuff) (21:21:08) dazo: cron2: the ticket got updated some days ago, he claims to have fixed that (21:21:27) dazo: delroth: you around ... I'm presuming the SOCKS patch is yours ... (21:21:48) cron2: dazo: well, that's mostly a problem of the already-existing code, so the patch is not to blaim for that (21:21:48) ***dazo throws in a '?' in the sentence above (21:22:04) cron2: "pre?suming" looks weird (21:22:11) dazo: heh (21:22:17) cron2: that's where it landed!! (21:22:31) dazo: ;-) (21:22:47) dazo: your terrain was different ;-) (21:22:54) jamesyonan [~jamesy...@c-76-120-71-74.hsd1.co.comcast.net] è entrato nel canale. (21:22:54) modalità (+o jamesyonan) da ChanServ (21:23:44) CareBear\ [pe...@stuge.se] è entrato nel canale. (21:23:54) CareBear\: too late to push for the Host: patch? (21:24:00) dazo: CareBear\: nope (21:24:02) CareBear\: :) (21:24:11) mattock: ok, mail about win2k installer sent (21:24:12) cron2: it's on the agenda anyway (21:24:17) cron2: mattock: thanks (21:24:23) dazo: CareBear\: we're on the SOCKS patch (21:24:27) CareBear\: will stay quiet until you come to it. thanks! (21:25:40) dazo: I'm willing to give the SOCKS patch an ACK if it goes cleanly into the git tree ... I need to go through it once more to check that it don't do anything less obviously stupid ... but it looks sane to me as well (21:25:54) mattock: hi james! (21:25:58) jamesyonan: hi (21:26:15) mattock: great that you made it! (21:26:27) mattock: have you taken a look at the SOCKS patch: https://community.openvpn.net/openvpn/ticket/62 (21:26:29) vpnHelper: Title: #62 (Support SOCKS plain text authentication) â OpenVPN Community (at community.openvpn.net) (21:26:56) mattock: it has one semi-ACK and "one ACK after a second review" (21:27:15) mattock: you could trip it over to ACK :) (21:27:39) mattock: the latest patch is here: http://delroth.net/openvpn-socks-auth.patch (21:28:27) dazo: I would like to see a follow-up patch to this one, cleaning up all those \x05\x02\x00 stuff ... to use macros instead ... it would make the less obvious codes more readable, and less prone for bugs later on (21:28:48) cron2: +1 (21:29:54) mattock: is there anything else in the patch that needs to fixed? (21:30:05) mattock: or is it ACK after those changes? (21:30:28) dazo: I'm missing an error check on recv() (21:30:45) dazo: in the new socks_username_password_auth() function (21:31:14) dazo: I think I'd like to see that on the select() call as well (21:31:26) cron2: huh? (21:31:51) dazo: ahh ... select() had the error check later on ... (21:31:51) ***cron2 sees an error check on both (21:31:58) cron2: recv() also has (21:31:59) dazo: huh? (21:32:17) dazo: + if (size != 1) (21:32:25) dazo: ahh (21:32:27) dazo: I see it now (21:32:46) mattock: ok, so only \0x05\x02\x00 stuff needs fixing, then (21:32:48) cron2: it even says /* error? */ in the comment above that line :) (21:33:10) dazo: gee ... I need to sleep soon :) (21:33:57) mattock: cron2 or dazo: could you update the ticket #62 with the changes that should be done (21:34:56) dazo: mattock: the thing is that I'm struggling with enforcing it now, due to the same coding style exists in the current code base ... so I'd rather see that as a clean-up patch, either before or after this one (21:35:07) dazo: but I'd like to see both this patch and the clean-up (21:35:11) cron2: mattock: ticket #62 is ok as it stands - but afterwards the whole sock.c needs cleanup (21:35:19) cron2: +1 (21:35:57) mattock: I say merge it then, and fix the entire socks.c later (21:36:33) mattock: dazo: could you live with that? :) (21:36:48) dazo: yeah ... but that clean-up task needs to be written down somewhere :) (21:36:54) dazo: Yeah, I can live with that (21:37:03) cron2: let's put it on mattock's TODO list :-) *duck&run* (21:37:06) mattock: Trac would be a good place (21:37:19) dazo: yupp, but a new ticket (21:37:19) mattock: cron2: I could do that, but wouldn't guarantee good results :) (21:37:28) dazo: mattock: we will review it for you ;-) (21:37:36) mattock: :) (21:37:49) mattock: shall we move on to host headers? (21:37:56) cron2: ok (21:38:05) mattock: http://thread.gmane.org/gmane.network.openvpn.devel/4039 (21:38:07) vpnHelper: Title: Gmane Loom (at thread.gmane.org) (21:38:09) dazo: CareBear\: (21:38:27) mattock: this has got two ACKs I think (Peter Stuge + cron2?) (21:38:31) cron2: ACK (21:38:36) dazo: yeah (21:38:48) dazo: that's slated for inclusion already (21:39:02) mattock: ok, so it's almost there... just wanted to make sure it was not forgotten (21:39:18) mattock: anything else about that patch? (21:39:31) dazo: mattock: can you make a Trac ticket out of it (if it's not existing) ... and copy the patch over? (21:39:36) dazo: then I won't forget it for sure (21:39:40) mattock: dazo: ok (21:39:51) dazo: thx! (21:40:42) dazo: (I'm sorry for kicking such silly tasks to you ... it's just that I'm overloaded a lot nowadays, and I will forget things which is not written down) (21:41:26) dazo: I have nothing else in regards to that patch ... it looks good (21:41:29) mattock: dazo: no problem (21:41:42) mattock: ok, so next and final patch: http://thread.gmane.org/gmane.network.openvpn.devel/4059 (21:41:44) vpnHelper: Title: Gmane Loom (at thread.gmane.org) (21:41:45) dazo: are these two patches something we want to include into the 2.2 branch? (21:42:05) ***dazo postpones his question and changes 2 -> 3 (21:42:28) cron2: I wouldn't mind 2.2-beta4 (21:42:33) dazo: Can someone please tell me in a simple way what this patch does? (21:42:45) dazo: (dynamic-iroute) (21:43:15) cron2: dazo: these mesh people usually don't know which address will show up where. So the patch declares a network to be "this is dynamic stuff" (21:43:39) cron2: when openvpn/server sees an incoming packet from an IP address out of that range, it will auto-iroute this address to the client where it was seen (21:43:53) dazo: so, it's more like "if you don't know this route, you might find it in this tunnel" type of patch? (21:44:07) mattock: dazo: https://community.openvpn.net/openvpn/ticket/63 (21:44:11) vpnHelper: Title: #63 (HTTP/1.1 Host header) â OpenVPN Community (at community.openvpn.net) (21:44:25) dazo: mattock: thx! (21:44:27) cron2: other way round: if you see yet-unknown addresses from a client, don't drop the packets, but *learn* the address from there (21:44:42) cron2: it's triggered by reception of packets on a p2mp server (21:44:52) dazo: cron2: aha! okay, now I see it clearer ... thx! (21:45:23) cron2: I'm not sure if I fully understand all implications on the code, though (21:46:06) dazo: but that anyway means that the tunnel is either bridged or routed on the client side, or else it would never hit the tunnel ... but then again, this puts trust on the client side (21:46:16) mattock: jamesyonan: any comments on this patch? (21:46:28) cron2: dazo: on the client side, it's always either bridged or routed :-) (21:46:44) dazo: heh ... of course (21:46:47) vpnHelper: RSS Update - tickets: #63: HTTP/1.1 Host header <https://community.openvpn.net/openvpn/ticket/63> (21:46:55) dazo: I'm not drunk ... just getting quite tired :) (21:47:03) cron2: dazo: and yes, it's mesh networking "we don't know how the topology is going to look like in the end, it depends on which nodes are up and can see each other" (21:47:20) Busch ha abbandonato il canale (quit: Ping timeout: 265 seconds). (21:47:32) dazo: cron2: thx a lot! I now actually see the purpose of it :) (21:47:55) jamesyonan: The host patch seems fairly reasonable -- if it's what a browser would do, then we should probably do it also. (21:48:26) mattock: delroth: you patch upload to ticket #62 failed because akismet thought it was spam... it's given a few false positives already (21:48:36) mattock: jamesyonan: what about the mesh patch? (21:48:45) dazo: jamesyonan: the host patch is acked ... we're on the --dunamic-iroute patch .... http://thread.gmane.org/gmane.network.openvpn.devel/4059 (21:48:47) vpnHelper: Title: Gmane Loom (at thread.gmane.org) (21:50:56) mattock: btw. I have a couple things after --dynamic-iroute patch is taken care of (21:51:52) dazo: cron2: I just noticed this line in the --dynamic-iroute patch .... (21:51:53) dazo: struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */ (21:51:59) jamesyonan: what about the concern about routing loops that's expressed in the patch (21:51:59) dazo: is that coming from you? (21:52:17) cron2: dazo: huh, let me check again (21:52:42) jamesyonan: "Drawback: if there are e.g. two (21:52:42) jamesyonan: mesh networks with a double-IP-used conflict, you will end up in endless "ip (21:52:42) jamesyonan: route add" / "ip route del" switching. (21:52:44) cron2: ah, existing code. looks as if that code is based on "allmerged" or "feat_ipv6>_payload" (21:53:02) dazo: cron2: oki, thx (21:54:13) dazo: jamesyonan: yeah, that's concerning (21:55:45) mattock: could the patch be modified to get around that? I was thinking that perhaps this patch could get it's own "testing" git branch (21:55:57) mattock: if we can't include it safely right way (21:57:12) dazo: yeah, I'm willing to branch it out ... but I'd like to see it a branch from bugfix2.1 ... and then we'll have it in the allmerged for a while ... this is more openvpn-2.3 stuff (21:57:39) dazo: and I would like to see IPv6 support as well, if that makes sense ... cron2? (21:57:57) dazo: but that can come later on, when the branch is established (21:58:02) cron2: yep (21:58:03) ecrist: what about an ifdef? (21:58:16) ecrist: then it will make it to my dev snapshots (21:58:21) dazo: ecrist: definitely! thx for that reminder (21:58:33) cron2: that code is not really suited for #ifdef (21:58:42) mattock: cron2: is it "all over the place"? (21:58:57) mattock: =not isolated neatly (21:59:07) cron2: half of the patch is "adding an extra argument to multi_get_instance_by_virtual_addr()" (21:59:10) dazo: well, there are some established functions which are changed (21:59:12) ecrist: perhaps we NACK it and metion that it should be ifdef'able (21:59:43) dazo: it seems to need those API changes ... but the core dynamic-iroute code path is possible to if-def out (21:59:43) cron2: ecrist: that does not make sense (21:59:49) cron2: dazo: ack (22:00:22) cron2: the change inside multi_get_instance_by_virtual_addr() plus the options.c stuff (22:00:30) ***ecrist wanders to another terminal (22:00:53) dazo: yeah (22:01:09) mattock: ok, so what if we ask the author to add ifdefs where applicable and publish it in a separate git branch (22:01:23) cron2: sounds workable (22:01:27) dazo: mattock: yeah, and make base it on bugfix2.1 (22:01:43) mattock: ok, who'll respond to the author's mail? (22:02:16) mattock: volunteers? ;) (22:02:23) dazo: cron2: do you have capacity to do that? ... I'm afraid I won't be able to manage it in the very near future (22:03:15) cron2: dazo: not in the near future, sorry. (On thing, I'm developing a flu :(( - and we have workers in the house, remodellign the kitchen, so I'm short on time anyway (22:03:20) cron2: Solaris/tap first (22:03:35) dazo: cron2: fair enough :) (22:04:02) mattock: carebear? :) (22:04:09) dazo: mattock: I can do it, but it won't be before next meeting ... I'm really filled up with stuff to do already (22:04:21) dazo: too much stuff* (22:04:40) mattock: I can respond to the author privately and tell him we'll get back to him (22:04:47) mattock: but I don't try to fill in the details (22:04:57) cron2: mattock: you can point to the meeting logs (22:05:02) dazo: yeah (22:05:19) mattock: ok, let's do that then (22:05:40) mattock: ok, I had few questions / notices (22:06:10) mattock: so I setup TracNotifications (=emails when tickets change) (22:06:14) dazo: To sum it up ... great patch, rebase it on bugfix2.1 instead, add if-defs, what about IPv6 and what about avoiding routing-loops (22:06:15) mattock: have they worked properly? (22:06:40) mattock: do you get spam from Trac to your inbox? (22:06:49) ***dazo haven't noticed anything at all ... (22:07:28) cron2: mattock: I got a comment on #61, but the original reporter is a bit slow in answering, so nothing more since :) (22:08:00) mattock: ok, good enough... let's wait a little and recheck this (22:08:34) mattock: then an update on the OpenBSD buildslave we talked about a while back... fkr promised to provide us with one, and even started configuring it (22:09:16) mattock: then about integrating code analysis tools into build process / buildbot (22:09:26) cron2: all for it! :) (22:09:49) mattock: I checked out Coverity and they have this "Scan" project for OSS projects: http://scan.coverity.com/about.html (22:09:51) vpnHelper: Title: :: scan.coverity.com : Accelerating Open Source Quality :: (at scan.coverity.com) (22:10:26) mattock: in a nutshell, the commercial aspect of the project (=Access Server) _might_ be a problem if we need to join "Scan" (22:10:54) cron2: we don't talk about AS on IRC *duck* (22:11:05) dazo: :) (22:11:20) cron2: well. why not just try it and see what happens? (22:11:57) mattock: cron2: I thought about that, but I'm a sneaky bastard... wanted to verify if we have a license or something already (coming from pre-AS days) (22:12:10) mattock: so did not want to alarm them unnecessarily :D (22:12:16) cron2: and...? (22:12:29) mattock: jamesyonan: do we have access to some coverity software besides their "Scan" project? (22:12:41) mattock: cron2: james has all the knowledge about this (22:12:46) cron2: ah (22:13:43) jamesyonan: yeah, we do have an account-type with coverity that they grant to many other open source projects -- not sure if the capability goes beyond scan (22:14:40) mattock: ok, so how do I use it? any links? (22:15:02) jamesyonan: sorry, I'm multitasking with another meeting as well (22:15:07) mattock: no probs (22:15:30) mattock: jamesyonan: could you mail me the details? (22:15:34) jamesyonan: sure (22:15:38) mattock: excellent! (22:15:53) mattock: ok, I think I'm all out of topics (22:15:57) mattock: and so is the topic list (22:16:03) mattock: end of meeting already? (22:16:04) dazo: \o/ (22:16:15) dazo: yes please .... I feel I need to sleep soon :) (22:16:57) mattock: ok, it was fun having a meeting again! (22:17:04) dazo: indeed :) (22:17:11) cron2: good night (22:17:12) mattock: unless somebody else has anything, let's call this a day (22:17:31) mattock: I'll write the summary tomorrow and send Sven-Ola mail about his patch (22:17:43) dazo: g'night ... and thx! (22:17:45) mattock: see you guys later! (22:17:51) mattock: dazo: good night
