Resending as the original one probably got blocked. --
Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 3rd April 2019 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: <https://community.openvpn.net/openvpn/wiki/Topics-2019-04-03> The next meeting is scheduled to Thursday 11th April 20:00 CEST. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> SUMMARY cron2, mattock, rozmansi and syzzer participated in this meeting. -- Planned the tap-windows6 release. Mattock will produce a test tap-windows6 driver which includes the following PRs from Jon and Selva: https://github.com/OpenVPN/tap-windows6/pull/48 https://github.com/OpenVPN/tap-windows6/pull/55 https://github.com/OpenVPN/tap-windows6/pull/56 https://github.com/OpenVPN/tap-windows6/pull/65 In addition a fix to a security vulnerabily will be included. If/when the tap-windows6 driver passes basic testing those PRs will be merged and signed driver and installers (9.23.1) will be produced for the following platforms: - Windows 7/8/8.1/Server 2012r2 - Windows 10 (including arm64) Windows Server 2016 will follow after that one. Mattock does have a physical Windows Server 2016 box he can use as a HLK test client. But it will take a few weeks before Stephen's patches can be reviewed, tested and merged, and before a WHQL-certified tap-windows6 driver can be released for that platform. As Windows Server 2016 users will have to use to the old (9.22.1) tap-windows6 driver a bit longer we will simply advise them to avoid using it on machines with untrusted people. -- Full chatlog attached.
(12:32:02) cron2: moin (12:34:59) cron2: theory says we have a meeting today, for the last time (and then, thursday evening next week) (12:35:24) mattock: hello! (12:35:41) mattock: not only theory, but also the invitation (12:35:58) mattock: now, who do we have here besides me and cron2? (12:36:10) mattock2 ha abbandonato la stanza (quit: Quit: IRC for Sailfish 0.9). (12:38:13) ***cron2 looks frustrated, but this reflects accurately on the general process (12:39:30) mattock: yeah unfortunately (12:39:40) cron2: so, as I have a lunch appointment at 12:15, maybe we should quickly cover the news? (12:39:45) mattock: yep (12:40:08) mattock: I now have a physical Windows Server 2016 box which can operate as a HLK test client (12:40:16) cron2: cool :) (12:40:37) mattock: that one has two VMs that can serve as the HLK openvpn server and as the "support machine" (12:40:52) mattock: if that approach does not work, those two VMs can be moved over to EC2 (12:41:09) syzzer: oops, almost forgot the meeting (12:41:10) cron2: I was about to wonder if that will work or fail in spectacular ways (12:41:13) mattock: I'm told that we do have an EV dongle we can use for EV-signing tap-windows6 (12:41:13) syzzer: present now :) (12:41:27) cron2: mattock1: cool. syzzer: hello again ;-) (12:41:29) mattock: yeah it could fail, but that would not be a catastrophe (12:41:32) mattock: hi syzzer! (12:41:39) mattock: now we have genuine meeting :) (12:42:17) mattock: also, I am supposed to be on vacation next week (unfortunate timing this tap-windows6 issue) (12:43:21) mattock: so it would probably make most sense to release for Windows 7/8/8.1 and Windows 10 first, followed by Windows Server 2016 (12:43:26) mattock: thoughts? (12:43:37) mattock: the first part would almost certainly be doable this week (12:44:51) ***rozmansi here now (12:45:29) mattock: hi rozmansi! (12:45:40) cron2: I still think that we should do this - release a fixed+signed Win10-compatible driver, if we can do that, and document the shortcomings of the current driver (= do not use on machines with untrusted people on it) (12:45:56) cron2: I'm sitting on the patch and could push it out any day :)) (12:46:15) mattock: now, should we release it as 9.21.2 + security fix for now? (12:46:23) cron2: yes (12:46:24) mattock: instead of trying to merge Stephen's work first (12:46:35) mattock: so 9.21.3 it would be (12:46:50) syzzer: +1 on not waiting anymore (12:46:54) cron2: Stephen's work will definitely take a few weeks - I have seen some of the patches, all the code looks good, but to truly understand what is changed takes time (12:47:12) cron2: mattock1: haven't we upped the version to 9.22.x already? (12:47:26) mattock: yes that was the broken driver (9.22.1) (12:47:35) cron2: so we do 9.22.2 then, not 9.21.3 (12:47:46) mattock: yeah you're correct (12:48:26) cron2: or maybe 9.23.1 to really communicate "this is new!" (12:48:30) rozmansi: will the 9.22.2 include ARM64 version too? (12:48:45) mattock: rozmansi: hmm, good question (12:49:00) mattock: we did receive tons of patches from Jon that enabled arm64 building (12:49:09) cron2: we should be able to... (12:49:14) mattock: yeah (12:49:18) rozmansi: but we haven't tested any ourself. :( (12:49:33) mattock: that is correct :) (12:49:43) cron2: rozmansi: no, but if you want an ARM laptop to test, just holler :-) (12:49:43) mattock: we can probably outsource the arm64 testing to Jon (12:49:44) mattock: for now (12:49:48) cron2: as well (12:50:14) rozmansi: mattock1: Can you compile ARM64 and sign it. I'd need it at least to start adding ARM64 support to MSI. (12:50:15) mattock: so, 9.23.1, with jon's arm64 patches, i386/amd64/arm64, no stephen stuff yet (12:50:24) cron2: yes (12:50:25) mattock: rozmansi: I shall (12:50:38) mattock: and this would an interim release (12:50:42) rozmansi: We don't need to advertise tap-windows6 ARM64 installer out loud yet. (12:50:44) cron2: yes (12:50:49) cron2: (and yes) (12:50:54) mattock: we'd make another release when Stephen's stuff is merged and HLK tests pass (12:51:30) mattock: hmm, I wonder how is NSIS ARM64 support... (12:51:33) cron2: yes, which would then be 9.24.1 ("this is really lots of changes"), so we *could* go back and do a 9.23.2 if we discover some minor bug and 9.24.x isn't working good enough yet (12:52:01) mattock: worst case with arm64 - we can just provide the driver files in a zip with instructions on how to install them (12:52:09) mattock: though (12:52:18) mattock: arm64 windows has i386 emulation layer... (12:52:28) mattock: anyways, let's see how it goes (12:52:32) cron2: yes, the userland should just work "if we can get it isntalled" (12:52:34) rozmansi: NSIS installer must be i386 in the end. (12:53:00) mattock: ok so this release will be my main priority for this week (12:53:02) rozmansi: Jon added PR for NSIS installer too. (12:53:21) mattock: have a link? (12:53:31) cron2: mattock1: so I push the bugfix, and we go public? or shall I wait until tomorrow-ish, etc? Who bumps the version number? (12:53:49) mattock: let's wait until I'm 100% sure I have everything I need to sign the builds (12:53:52) rozmansi: mattock1: https://github.com/OpenVPN/tap-windows6/pull/57 (12:53:54) mattock: =tomorrow (12:53:54) vpnHelper: Title: Add ARM64 files to installer by jkunkee · Pull Request #57 · OpenVPN/tap-windows6 · GitHub (at github.com) (12:54:00) cron2: mattock1: ok (12:54:27) cron2: just let me know. tomorrow during daytime I have to be at a customer site (and won't check IRC), but tomorrow evening/friday is good (12:54:49) mattock: oh, we still have Jon's PRs open (12:54:53) rozmansi: mattock1: I'm fine even if you don't provide the NSIS installer, as long as I get signed INF+SYS+CAB files. :) (12:55:00) cron2: mattock1: we do? (12:55:02) mattock: rozmansi: noted (12:55:07) mattock: https://github.com/OpenVPN/tap-windows6/pulls (12:55:08) vpnHelper: Title: Pull Requests · OpenVPN/tap-windows6 · GitHub (at github.com) (12:55:23) mattock: also one easy one from selva (12:55:37) mattock: 48, 55, 56, 57 (12:55:45) mattock: 65 (12:55:58) cron2: yep, looking at that right now. Haven't we ACKed all of them? (12:56:08) mattock: not sure, let's check (12:56:12) cron2: selva's definitely needs to go in to avoid confusions (12:56:31) mattock: yeah (12:56:42) mattock: it seems I promised to test it but got blocked/distracted (12:57:12) mattock: do we trust selva's code or should I still test it? (12:57:24) cron2: we do trust Selva's code, but you should still test it (12:57:49) mattock: maybe I'll merge all of that stuff into my own clone and test them as a whole (12:58:23) cron2: I think that was the original plan, last year, and then you got distracted. I think it might have been "family stuff" - that tends to cause such effects (12:58:28) rozmansi: actually, #48 from selva is mandatory - INF version and SYS (resource) versions must match. (12:58:38) rozmansi: there's a test in HKL that verifies this. (12:58:40) mattock: family, work, holidays, etc. (12:59:15) rozmansi: Thou, Windows will hapilly accept driver even on INF vs. SYS version mismatches (12:59:17) ***cron2 needs to talk to people at OpenVPN inc regarding the "holiday" time-waster... (12:59:23) mattock: lol (12:59:44) mattock: so I will produce a test installer with all those PRs (13:00:03) cron2: +1 (my patch should be in your mailbox, but I can just mail it again) (13:00:17) mattock: please mail it again - it is probably hidden somewhere (13:00:32) cron2: sent (13:00:34) mattock: ok, anything else on tap-windows6? (13:00:36) mattock: thanks! (13:00:55) ***cron2 <- happy with the path forward (13:01:59) mattock: and I'm looking forward to fighting with Authenticode signatures again :) (13:02:13) mattock: anyways, other topics? we have a couple of mins (13:02:37) cron2: syzzer: if you can find a bit of time, a review of my rate-limiting patches would be nice (13:02:59) syzzer: cron2: yeah, they're on my list, haven't forgotten about them (13:03:34) syzzer: but remembering me does increase the likelyhood of me picking it up :p (13:03:39) cron2: thanks :) - so, how many hundred other things are further up on that list? ;-) (13:04:10) cron2: (insert rant about "2 colleagues at $work quit, 3rd colleague is sick since 2.5 months now, and we get lots of EXTRA work to compensate...") (13:05:08) cron2: so... my next appointment just called in a bit early... and I'm off *now* :-) - *wave*, will read up what you come up with (13:05:09) syzzer: well, dayjob is kinda hectic, which mostly costs energy (rather than time), and $gf is complaining I should spend more time on arranging a wedding :p (13:05:46) syzzer: ok, ttyl! (13:06:33) mattock: ok let's conclude the meeting unless somebody else comes up with something (13:07:13) rozmansi: Excellent (13:07:13) ***rozmansi back to work now... (13:07:17) syzzer: I don't have any other topics to discuss now - jjk started an off-list discussion with me and dazo about the keygen options, but we'll get some consensus between us before we bring it back to the meeting and claim everyones time (13:09:17) mattock: ok sounds good (13:09:27) mattock: good meeting, and a short one! (13:09:47) syzzer: great, I'm off to lunch then :) (13:09:50) syzzer: thanks all :)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel