blob: 805fd2e00de22cfbef8f1ffdd73529abc60ac009 [file] [log] [blame]
The guidelines in this file are the ideals; it's better to send a
not-fully-following-guidelines patch than no patch at all, though. We
can always polish it up.
Mailing list
===
The D-Bus mailing list is dbus@lists.freedesktop.org; discussion
of patches, etc. should go there.
Security
===
Most of D-Bus is security sensitive. Guidelines related to that:
- avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
strstr(), strtok(), or any of this stuff. Use DBusString.
If DBusString doesn't have the feature you need, add it
to DBusString.
There are some exceptions, for example
if your strings are just used to index a hash table
and you don't do any parsing/modification of them, perhaps
DBusString is wasteful and wouldn't help much. But definitely
if you're doing any parsing, reallocation, etc. use DBusString.
- do not include system headers outside of dbus-memory.c,
dbus-sysdeps.c, and other places where they are already
included. This gives us one place to audit all external
dependencies on features in libc, etc.
- do not use libc features that are "complicated"
and may contain security holes. For example, you probably shouldn't
try to use regcomp() to compile an untrusted regular expression.
Regular expressions are just too complicated, and there are many
different libc's out there.
- we need to design the message bus daemon (and any similar features)
to use limited privileges, run in a chroot jail, and so on.
http://vsftpd.beasts.org/ has other good security suggestions.
Coding Style
===
- The C library uses GNU coding conventions, with GLib-like
extensions (e.g. lining up function arguments). The
Qt wrapper uses KDE coding conventions.
- Write docs for all non-static functions and structs and so on. try
"doxygen Doxyfile" prior to commit and be sure there are no
warnings printed.
- All external interfaces (network protocols, file formats, etc.)
should have documented specifications sufficient to allow an
alternative implementation to be written. Our implementation should
be strict about specification compliance (should not for example
heuristically parse a file and accept not-well-formed
data). Avoiding heuristics is also important for security reasons;
if it looks funny, ignore it (or exit, or disconnect).
Development
===
D-Bus uses Git as its version control system. The main repository is
hosted at git.freedesktop.org/dbus/dbus. To clone D-Bus, execute the
following command:
git clone git://git.freedesktop.org/dbus/dbus
OR
git clone git.freedesktop.org:dbus/dbus
The latter form is the one that allows pushing, but it also requires
an SSH account on the server. The former form allows anonymous
checkouts.
D-Bus development happens in two branches in parallel: the current
stable branch, with an even minor number (like 1.0, 1.2 and 1.4), and
the next development branch, with the next odd number.
The stable branch is named after the version number itself (dbus-1.2,
dbus-1.4), whereas the development branch is simply known as "master".
When making a change to D-Bus, do the following:
- check out the earliest branch of D-Bus that makes sense to have
your change in. If it's a bugfix, it's normally the current stable
branch; if it's a feature, it's normally the "master" branch. If
you have an important security fix, you may want to apply to older
branches too.
- for large changes:
if you're developing a new, large feature, it's recommended
to create a new branch and do your development there. Publish
your branch at a suitable place and ask others to help you
develop and test it. Once your feature is considered finalised,
you may merge it into the "master" branch.
- for small changes:
. make your change to the source code
. execute tests to guarantee that you're not introducing a
regression. For that, execute: make check
(if possible, add a new test to check the fix you're
introducing)
. commit your change using "git commit"
in the commit message, write a short sentence describing what
you did in the first line. Then write a longer description in
the next paragraph(s).
. repeat the previous steps if necessary to have multiple commits
- extract your patches and send to the D-Bus mailing list for
review or post them to the D-Bus Bugzilla, attaching them to a bug
report. To extract the patches, execute:
git format-patch origin/master
- once your code has been reviewed, you may push it to the Git
server:
git push origin my-branch:remote
OR
git push origin dbus-X.Y
OR
git push origin master
(consult the Git manual to know which command applies)
- (Optional) if you've not worked on "master", merge your changes to
that branch. If you've worked on an earlier branch than the current
stable, merge your changes upwards towards the stable branch, then
from there into "master".
. execute: git checkout master
. ensure that you have the latest "master" from the server, update
if you don't
. execute: git merge dbus-X.Y
. if you have any conflicts, resolve them, git add the conflicted
files and then git commit
. push the "master" branch to the server as well
Executing this merge is recommended, but not necessary for all
changes. You should do this step if your bugfix is critical for the
development in "master", or if you suspect that conflicts will arise
(you're usually the best person to resolve conflicts introduced by
your own code), or if it has been too long since the last merge.
Making a release
===
To make a release of D-Bus, do the following:
- check out a fresh copy from Git
- verify that the libtool versioning/library soname is
changed if it needs to be, or not changed if not
- update the file NEWS based on the git history
- verify that the version number of dbus-specification.xml is
changed if it needs to be; if changes have been made, update the
release date in that file
- update the AUTHORS file with "make update-authors" if necessary
- the version number should have major.minor.micro, even
if micro is 0, i.e. "1.0.0" and "1.2.0" not "1.0"/"1.2"; the micro
version should be even for releases, and odd for intermediate snapshots
- "make distcheck" (DO NOT just "make dist" - pass the check!)
- if make distcheck fails, fix it.
- once distcheck succeeds, "git commit -a". This is the version
of the tree that corresponds exactly to the released tarball.
- tag the tree with "git tag -s -m 'Released X.Y.Z' dbus-X.Y.Z"
where X.Y.Z is the version of the release. If you can't sign
then simply created an unsigned annotated tag:
"git tag -a -m 'Released X.Y.Z' dbus-X.Y.Z".
- bump the version number up in configure.ac (so the micro version is odd),
and commit it. Make sure you do this *after* tagging the previous
release! The idea is that git has a newer version number
than anything released. Similarly, bump the version number of
dbus-specification.xml and set the release date to "(not finalized)".
- merge the branch you've released to the chronologically-later
branch (usually "master"). You'll probably have to fix a merge
conflict in configure.ac (the version number).
- push your changes and the tag to the central repository with
git push origin master dbus-X.Y dbus-X.Y.Z
- scp your tarball to freedesktop.org server and copy it to
dbus.freedesktop.org:/srv/dbus.freedesktop.org/www/releases/dbus/dbus-X.Y.Z.tar.gz.
This should be possible if you're in group "dbus"
- Update the online documentation with `make -C doc maintainer-upload-docs`.
- update the wiki page http://www.freedesktop.org/Software/dbus by
adding the new release under the Download heading. Then, cut the
link and changelog for the previous that was there.
- update the wiki page
http://www.freedesktop.org/Software/DbusReleaseArchive pasting the
previous release. Note that bullet points for each of the changelog
items must be indented three more spaces to conform to the
formatting of the other releases there.
- post to dbus@lists.freedesktop.org announcing the release.
Making a ".0" stable release
===
We create a branch for each stable release. The branch name should be
dbus-X.Y which is a branch that has releases versioned X.Y.Z;
changes on a stable branch should be limited to significant bug fixes.
Because we won't make minor changes like keeping up with the latest
deprecations on a stable branch, stable branches should turn off the
gcc warning for deprecated declarations (e.g. see commit 4ebb275ab7).
Be extra-careful not to merge master (or any branch based on master) into a
stable branch.
To branch:
git branch dbus-X.Y
and upload the branch tag to the server:
git push origin dbus-X.Y
To develop in this branch:
git checkout dbus-X.Y
Environment variables
===
These are the environment variables that are used by the D-Bus client library
DBUS_VERBOSE=1
Turns on printing verbose messages. This only works if D-Bus has been
compiled with --enable-verbose-mode
DBUS_MALLOC_FAIL_NTH=n
Can be set to a number, causing every nth call to dbus_alloc or
dbus_realloc to fail. This only works if D-Bus has been compiled with
--enable-tests.
DBUS_MALLOC_FAIL_GREATER_THAN=n
Can be set to a number, causing every call to dbus_alloc or
dbus_realloc to fail if the number of bytes to be allocated is greater
than the specified number. This only works if D-Bus has been compiled with
--enable-tests.
DBUS_TEST_MALLOC_FAILURES=n
Many of the D-Bus tests will run over and over, once for each malloc
involved in the test. Each run will fail a different malloc, plus some
number of mallocs following that malloc (because a fair number of bugs
only happen if two or more mallocs fail in a row, e.g. error recovery
that itself involves malloc). This env variable sets the number of
mallocs to fail.
Here's why you care: If set to 0, then the malloc checking is skipped,
which makes the test suite a heck of a lot faster. Just run with this
env variable unset before you commit.
Tests
===
These are the test programs that are built if dbus is compiled using
--enable-tests.
dbus/dbus-test
This is the main unit test program that tests all aspects of the D-Bus
client library.
dbus/bus-test
This it the unit test program for the message bus.
test/break-loader
A test that tries to break the message loader by passing it randomly
created invalid messages.
test/name-test/*
This is a suite of programs which are run with a temporary session bus.
If your test involves multiple processes communicating, your best bet
is to add a test in here.
"make check" runs all the deterministic test programs (i.e. not break-loader).
"make lcov-check" is available if you configure with --enable-compiler-coverage
and gives a complete report on test suite coverage.
Patches
===
Please file them at http://bugzilla.freedesktop.org under component
dbus, and also post to the mailing list for discussion. The commit
rules are:
- for fixes that don't affect API or protocol, they can be committed
if any one qualified reviewer other than patch author
reviews and approves
- for fixes that do affect API or protocol, two people
in the reviewer group have to review and approve the commit, and
posting to the list is definitely mandatory
- if there's a live unresolved controversy about a change,
don't commit it while the argument is still raging.
- at their discretion, members of the reviewer group may also commit
branches/patches under these conditions:
- the branch does not add or change API, ABI or wire-protocol
- the branch solves a known problem and is covered by the regression tests
- there are no objections from the rest of the review group within
a week of the patches being attached to Bugzilla
- the committer gets a positive review on Bugzilla from someone they
consider qualified to review the change (e.g. a colleague with D-Bus
experience; not necessarily a member of the reviewer group)
- regardless of reviews, to commit a patch:
- make check must pass
- the test suite must be extended to cover the new code
as much as reasonably feasible (see Tests above)
- the patch has to follow the portability, security, and
style guidelines
- the patch should as much as reasonable do one thing,
not many unrelated changes
No reviewer should approve a patch without these attributes, and
failure on these points is grounds for reverting the patch.
The reviewer group that can approve patches:
Havoc Pennington <hp@pobox.net>
Michael Meeks <michael.meeks@novell.com>
Alexander Larsson <alexl@redhat.com>
Zack Rusin <zack@kde.org>
Joe Shaw <joe@assbarn.com>
Mikael Hallendal <micke@imendio.com>
Richard Hult <richard@imendio.com>
Owen Fraser-Green <owen@discobabe.net>
Olivier Andrieu <oliv__a@users.sourceforge.net>
Colin Walters <walters@verbum.org>
Thiago Macieira <thiago@kde.org>
John Palmieri <johnp@redhat.com>
Scott James Remnant <scott@netsplit.com>
Will Thompson <will.thompson@collabora.co.uk>
Simon McVittie <simon.mcvittie@collabora.co.uk>
David Zeuthen <davidz@redhat.com>