Difference between revisions of "OpenVPN/Developer documentation"

From Secure Computing Wiki
Jump to: navigation, search
m (Feature deprecation)
m
 
(30 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= Introduction =
+
{{OpenVPN_Menu}}
 
+
'''NOTE:''' As of 23th Apr 2010 this content has been moved to https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation
Most of the content here is the result of the [[OpenVPN/IRC_meetings|the weekly IRC discussions]].
+
 
+
= Development processes =
+
 
+
== General workflow ==
+
 
+
The basic development process we follow is outlined in [http://users.utu.fi/sjsepp/openvpn/getting_code_to_openvpn.png this diagram]. So, in a nutshell:
+
 
+
* All patches must be sent to "openvpn-devel" mailing list for review.  The subject should preferably be prefixed with '''<nowiki>[PATCH]</nowiki>'''
+
* All patches need to be reviewed and accepted (ACK) by at least one other developer to make sure they meet our quality criteria
+
* All accepted patches go to the OpenVPN "testing" tree (Git) first
+
* Code is moved to the OpenVPN "stable" tree (SVN) after initial testing
+
* All official releases are based on the "stable" (SVN) tree and go through a feature freeze and a Beta/RC process
+
 
+
If someone maintains their modifications in a git tree already, those git trees can be pulled as long as it will not cause any conflicts against the master/SVN development branch. However, the author must send a pull request to the devel mailing list, including a description in plain English of the changes.  This is so to open up for a public discussion of the changes, and to allow the ACK process to work.  Changes in git trees needs to get ACKed as well, just like patches.  Pull requests to the mailing list should preferably be prefixed with '''<nowiki>[GIT PULL]</nowiki>'''.
+
 
+
'''NOTE:''' Patches or "git pull requests" sent ''directly'' to a development tree ("stable" or "testing") maintainer will be rejected. ''All patches and contents of git pull requests must be public and must be discussed in public.''
+
 
+
== Feature deprecation ==
+
 
+
Feature deprecation process described here serves two purposes:
+
 
+
* Maintain backwards compatibility and minimize the impact of feature removal (for users)
+
* Keeping the codebase clean and understandable (for developers)
+
 
+
The initial process was drafted in the [[OpenVPN/IRC_meetings|IRC meeting]] on 18th Feb 2010. It has since been discussed in detail on the  [http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel devel mailinglist] in the ''"[PATCH v2] Do not randomize resolving of IP addresses in getaddr()"'' thread.
+
 
+
Currently the process looks like this:
+
 
+
# '''Ask users if they are depending on a feature considered for deprecation''' (e.g. using the openvpn-users mailing list)
+
#* If users complain, discuss the issue and possible solutions with them
+
#* If there are no complaints, proceed to 2
+
# '''Warn the user about feature deprecation on application startup'''. The deprecated code itself can also output a warning itself, depending on how often it's triggered. The warning can be a simple log message (e.g. "WARNING: this feature is being deprecated and will be removed soon"). The deprecated code will still be enabled by default. The deprecated code should probably be #ifdef'd at this point to find it easily during next steps.
+
#* If users complain now, discuss the issue and possible solutions with them
+
#* If there are no complaints, proceed to 3
+
# '''Make the feature disabled by default, but allow enabling it at compile-time''' (use #ifdef's).
+
#* If users complain now, discuss the issue and possible solutions with them
+
#* If there are no complaints, proceed to 4
+
# '''Remove the feature entirely from the code'''
+
#* If users complain now, discuss the issue and possible solutions with them
+
#* If there are no complaints, proceed to 5
+
# '''Finished.''' The feature was not really important to anyone and is not cluttering the code anymore.
+
 
+
Each feature could be kept around in "deprecated" mode in the first stable release, disabled but available in the second and removed in the third release. This will give users plenty of time to reach, depending on the release cycle.
+
 
+
It is also necessary that each feature deprecation / removal needs is documented visibly in the release notes of each stable release.
+
 
+
= Code quality =
+
 
+
All patches need to meet certain generic quality criteria before being accepted:
+
 
+
* All patches should be useful and beneficial for several OpenVPN users. This way we avoid spoiling the code base with features which is only requested for very special conditions.
+
* All patches must contain an argumentation ''why'' this patch should be included and ''how'' it solves the issue in plain English.
+
* Everyone who has contributed to this patch should be mentioned, with at least a valid e-mail address, preferably with full name in addition. This is to give credit to contributors.
+
* All patches must be against the SVN development branch or git master branch, at least until a feature branch is created.
+
* The patch should apply cleanly, without merge conflicts.
+
* All initial patches must be sent as unified diff (diff -u)
+
* New features need to make use of #ifdef's so that they can be disabled at compile-time. This is to enable better support for embedded systems and to track which code belongs to which feature.
+
* Patch needs to respect our [[#Coding Conventions|coding conventions]] to keep the codebase understandable and maintainable.
+
 
+
= Coding conventions =
+
 
+
This is work in progress, but will include things like
+
 
+
* Code indenting
+
* Scratch memory handling with "gc"
+
 
+
= Code repositories =
+
 
+
== Old CVS repository ==
+
 
+
There is an old CVS repository hosted in SF.net. This is not used for any development.
+
 
+
== Stable (SVN) repository ==
+
 
+
The OpenVPN project makes use of two code repositories. The ''Stable'' SVN repository is maintained by James Yonan and hosted at ''openvpn.net''. Instructions for using it can be found [http://www.openvpn.net/index.php/open-source/documentation/miscellaneous/subversion-repository.html here]. Currently (Feb 2010) only James has write access to this repository, but anonymous read-only access is available.
+
 
+
Code from this repository should be used if stability is important for you, but the official releases are missing some essential piece of functionality.
+
 
+
== Testing (Git) repository ==
+
 
+
The ''Testing'' repository is maintained by David Sommerseth and uses Git. This repository is hosted by SF.net under the [http://sourceforge.net/projects/openvpn OpenVPN project].  The master branch in the git tree is based on the openvpn/branches/BETA21 SVN branch.
+
 
+
There are several branches in the Git tree, each of which tracks the different patches/contributions separately. There's also one branch that contains all the available patches:
+
 
+
    master      -- Should be identical to James' stable SVN development branch
+
    bugfix2.1    -- Contains only bugfixes for OpenVPN 2.1
+
    {featureX}  -- Contains only patches for feature X
+
    {featureY}  -- Contains only patches for feature Y
+
    {featureZ}  -- Contains only patches for feature Z
+
    allmerged    -- All branches above merged
+
 
+
This gives James a possibility to only include/merge in the features and bugfixes which he wants to include into his "stable" development branch.
+
 
+
It is expected that each contributor which have received a feature branch makes sure it merges cleanly against the development branch at
+
any time. The same applies to maintainers of external development Git trees. Also, the development of the feature branch is the author's responsibility - "testing" tree maintainer only collects the patches and makes sure all features and bugfixes play nicely together to catch conflicts as early as possible (and of course do sanity review of all patches).
+
 
+
Generic instructions for using Git in SF.net can be found [http://sourceforge.net/apps/trac/sourceforge/wiki/Git here]. Generic usage instructions for OpenVPN project's Git repository can be found [http://sourceforge.net/projects/openvpn/develop here]. To fetch the latest development code, use
+
 
+
git clone git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn-testing.git
+
 
+
You will here get a openvpn-testing directory.  When entering this directory, you will get the 'master' branch by default.  To checkout the allmerged branch, use
+
 
+
git checkout -b allmerged origin/allmerged
+
 
+
To see all available branches, use
+
 
+
git branch -a
+
 
+
Use the code in the allmerged branch from this git tree if you want the latest and greatest features and you're willing to encounter problems. If you're unfamiliar with Git in general, take a look at these links:
+
 
+
* http://progit.org/book/
+
* http://www.kernel.org/pub/software/scm/git/docs/gittutorial.html
+
* http://git.or.cz/course/svn.html
+

Latest revision as of 14:55, 19 November 2010

OpenVPN Topics

GENERAL: RoutingRIP RoutingBridgingFAQFirewallVPN ChainingHigh-AvailabilityTroubleshootingDonationsIRC meetingsDeveloper DocsTester Docs
OS RELATED: FreeBSD Routed FreeBSD Bridged

NOTE: As of 23th Apr 2010 this content has been moved to https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation