3 The guidelines in this file are the ideals; it's better to send a
4 not-fully-following-guidelines patch than no patch at all, though. We
5 can always polish it up.
9 The D-Bus mailing list is dbus@lists.freedesktop.org; discussion
10 of patches, etc. should go there.
14 If you find a security vulnerability that is not known to the public,
15 please report it privately to dbus-security@lists.freedesktop.org
16 or by reporting a freedesktop.org bug that is marked as
17 restricted to the "D-BUS security group".
19 Most of D-Bus is security sensitive. Guidelines related to that:
21 - avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
22 strstr(), strtok(), or any of this stuff. Use DBusString.
23 If DBusString doesn't have the feature you need, add it
26 There are some exceptions, for example
27 if your strings are just used to index a hash table
28 and you don't do any parsing/modification of them, perhaps
29 DBusString is wasteful and wouldn't help much. But definitely
30 if you're doing any parsing, reallocation, etc. use DBusString.
32 - do not include system headers outside of dbus-memory.c,
33 dbus-sysdeps.c, and other places where they are already
34 included. This gives us one place to audit all external
35 dependencies on features in libc, etc.
37 - do not use libc features that are "complicated"
38 and may contain security holes. For example, you probably shouldn't
39 try to use regcomp() to compile an untrusted regular expression.
40 Regular expressions are just too complicated, and there are many
41 different libc's out there.
43 - we need to design the message bus daemon (and any similar features)
44 to use limited privileges, run in a chroot jail, and so on.
46 http://vsftpd.beasts.org/ has other good security suggestions.
50 - The C library uses GNU coding conventions, with GLib-like
51 extensions (e.g. lining up function arguments). The
52 Qt wrapper uses KDE coding conventions.
54 - Write docs for all non-static functions and structs and so on. try
55 "doxygen Doxyfile" prior to commit and be sure there are no
58 - All external interfaces (network protocols, file formats, etc.)
59 should have documented specifications sufficient to allow an
60 alternative implementation to be written. Our implementation should
61 be strict about specification compliance (should not for example
62 heuristically parse a file and accept not-well-formed
63 data). Avoiding heuristics is also important for security reasons;
64 if it looks funny, ignore it (or exit, or disconnect).
68 D-Bus uses Git as its version control system. The main repository is
69 hosted on freedesktop.org. To clone D-Bus, execute one of the
72 git clone https://anongit.freedesktop.org/git/dbus/dbus.git
73 git clone git://anongit.freedesktop.org/dbus/dbus
74 git clone ssh://git.freedesktop.org/git/dbus/dbus
76 The last form is the one that allows pushing, but it also requires
77 an SSH account on the server. The other forms allow anonymous
80 D-Bus development happens in two branches in parallel: the current
81 stable branch, with an even minor number (like 1.0, 1.2 and 1.4), and
82 the next development branch, with the next odd number.
84 The stable branch is named after the version number itself (dbus-1.2,
85 dbus-1.4), whereas the development branch is simply known as "master".
87 When making a change to D-Bus, do the following:
89 - check out the earliest branch of D-Bus that makes sense to have
90 your change in. If it's a bugfix, it's normally the current stable
91 branch; if it's a feature, it's normally the "master" branch. If
92 you have an important security fix, you may want to apply to older
96 if you're developing a new, large feature, it's recommended
97 to create a new branch and do your development there. Publish
98 your branch at a suitable place and ask others to help you
99 develop and test it. Once your feature is considered finalised,
100 you may merge it into the "master" branch.
103 . make your change to the source code
104 . execute tests to guarantee that you're not introducing a
105 regression. For that, execute: make check
106 (if possible, add a new test to check the fix you're
108 . commit your change using "git commit"
109 in the commit message, write a short sentence describing what
110 you did in the first line. Then write a longer description in
111 the next paragraph(s).
112 . repeat the previous steps if necessary to have multiple commits
114 - extract your patches and send to the D-Bus mailing list for
115 review or post them to the D-Bus Bugzilla, attaching them to a bug
116 report. To extract the patches, execute:
117 git format-patch origin/master
119 - once your code has been reviewed, you may push it to the Git
121 git push origin my-branch:remote
123 git push origin dbus-X.Y
125 git push origin master
126 (consult the Git manual to know which command applies)
128 - (Optional) if you've not worked on "master", merge your changes to
129 that branch. If you've worked on an earlier branch than the current
130 stable, merge your changes upwards towards the stable branch, then
131 from there into "master".
133 . execute: git checkout master
134 . ensure that you have the latest "master" from the server, update
136 . execute: git merge dbus-X.Y
137 . if you have any conflicts, resolve them, git add the conflicted
138 files and then git commit
139 . push the "master" branch to the server as well
141 Executing this merge is recommended, but not necessary for all
142 changes. You should do this step if your bugfix is critical for the
143 development in "master", or if you suspect that conflicts will arise
144 (you're usually the best person to resolve conflicts introduced by
145 your own code), or if it has been too long since the last merge.
150 To make a release of D-Bus, do the following:
152 - check out a fresh copy from Git
154 - verify that the libtool versioning/library soname is
155 changed if it needs to be, or not changed if not
157 - update the file NEWS based on the git history
159 - verify that the version number of dbus-specification.xml is
160 changed if it needs to be; if changes have been made, update the
161 release date in that file
163 - update the AUTHORS file with "make update-authors" if necessary
165 - the version number should have major.minor.micro, even
166 if micro is 0, i.e. "1.0.0" and "1.2.0" not "1.0"/"1.2"; the micro
167 version should be even for releases, and odd for intermediate snapshots
169 - "make distcheck" (DO NOT just "make dist" - pass the check!)
171 - if make distcheck fails, fix it.
173 - once distcheck succeeds, "git commit -a". This is the version
174 of the tree that corresponds exactly to the released tarball.
176 - tag the tree with "git tag -s -m 'Released X.Y.Z' dbus-X.Y.Z"
177 where X.Y.Z is the version of the release. If you can't sign
178 then simply created an unsigned annotated tag:
179 "git tag -a -m 'Released X.Y.Z' dbus-X.Y.Z".
181 - bump the version number up in configure.ac (so the micro version is odd),
182 and commit it. Make sure you do this *after* tagging the previous
183 release! The idea is that git has a newer version number
184 than anything released. Similarly, bump the version number of
185 dbus-specification.xml and set the release date to "(not finalized)".
187 - merge the branch you've released to the chronologically-later
188 branch (usually "master"). You'll probably have to fix a merge
189 conflict in configure.ac (the version number).
191 - push your changes and the tag to the central repository with
192 git push origin master dbus-X.Y dbus-X.Y.Z
194 - scp your tarball to freedesktop.org server and copy it to
195 dbus.freedesktop.org:/srv/dbus.freedesktop.org/www/releases/dbus/dbus-X.Y.Z.tar.gz.
196 This should be possible if you're in group "dbus"
198 - Update the online documentation with `make -C doc maintainer-upload-docs`.
200 - update the wiki page http://www.freedesktop.org/Software/dbus by
201 adding the new release under the Download heading. Then, cut the
202 link and changelog for the previous that was there.
204 - update the wiki page
205 http://www.freedesktop.org/Software/DbusReleaseArchive pasting the
206 previous release. Note that bullet points for each of the changelog
207 items must be indented three more spaces to conform to the
208 formatting of the other releases there.
210 - post to dbus@lists.freedesktop.org announcing the release.
213 ## Making a ".0" stable release
215 We create a branch for each stable release. The branch name should be
216 dbus-X.Y which is a branch that has releases versioned X.Y.Z;
217 changes on a stable branch should be limited to significant bug fixes.
219 Because we won't make minor changes like keeping up with the latest
220 deprecations on a stable branch, stable branches should turn off the
221 gcc warning for deprecated declarations (e.g. see commit 4ebb275ab7).
223 Be extra-careful not to merge master (or any branch based on master) into a
230 and upload the branch tag to the server:
232 git push origin dbus-X.Y
234 To develop in this branch:
236 git checkout dbus-X.Y
238 ## Environment variables
240 These are the environment variables that are used by the D-Bus client library
244 Turns on printing verbose messages. This only works if D-Bus has been
245 compiled with --enable-verbose-mode
247 * `DBUS_MALLOC_FAIL_NTH=n`
249 Can be set to a number, causing every nth call to dbus_alloc or
250 dbus_realloc to fail. This only works if D-Bus has been compiled with
253 * `DBUS_MALLOC_FAIL_GREATER_THAN=n`
255 Can be set to a number, causing every call to dbus_alloc or
256 dbus_realloc to fail if the number of bytes to be allocated is greater
257 than the specified number. This only works if D-Bus has been compiled with
260 * `DBUS_TEST_MALLOC_FAILURES=n`
262 Many of the D-Bus tests will run over and over, once for each malloc
263 involved in the test. Each run will fail a different malloc, plus some
264 number of mallocs following that malloc (because a fair number of bugs
265 only happen if two or more mallocs fail in a row, e.g. error recovery
266 that itself involves malloc). This env variable sets the number of
269 Here's why you care: If set to 0, then the malloc checking is skipped,
270 which makes the test suite a heck of a lot faster. Just run with this
271 env variable unset before you commit.
275 These are the test programs that are built if dbus is compiled using
280 This is the main unit test program that tests all aspects of the D-Bus
285 This it the unit test program for the message bus.
287 * `test/break-loader`
289 A test that tries to break the message loader by passing it randomly
290 created invalid messages.
294 This is a suite of programs which are run with a temporary session bus.
295 If your test involves multiple processes communicating, your best bet
296 is to add a test in here.
298 "make check" runs all the deterministic test programs (i.e. not break-loader).
300 "make lcov-check" is available if you configure with --enable-compiler-coverage
301 and gives a complete report on test suite coverage.
305 Please file them at http://bugzilla.freedesktop.org under component
306 dbus, and also post to the mailing list for discussion. The commit
309 - for fixes that don't affect API or protocol, they can be committed
310 if any one qualified reviewer other than patch author
313 - for fixes that do affect API or protocol, two people
314 in the reviewer group have to review and approve the commit, and
315 posting to the list is definitely mandatory
317 - if there's a live unresolved controversy about a change,
318 don't commit it while the argument is still raging.
320 - at their discretion, members of the reviewer group may also commit
321 branches/patches under these conditions:
323 - the branch does not add or change API, ABI or wire-protocol
325 - the branch solves a known problem and is covered by the regression tests
327 - there are no objections from the rest of the review group within
328 a week of the patches being attached to Bugzilla
330 - the committer gets a positive review on Bugzilla from someone they
331 consider qualified to review the change (e.g. a colleague with D-Bus
332 experience; not necessarily a member of the reviewer group)
334 - regardless of reviews, to commit a patch:
335 - make check must pass
336 - the test suite must be extended to cover the new code
337 as much as reasonably feasible (see Tests above)
338 - the patch has to follow the portability, security, and
340 - the patch should as much as reasonable do one thing,
341 not many unrelated changes
342 No reviewer should approve a patch without these attributes, and
343 failure on these points is grounds for reverting the patch.
345 The reviewer group that can approve patches:
347 Havoc Pennington <hp@pobox.net>
348 Michael Meeks <michael.meeks@novell.com>
349 Alexander Larsson <alexl@redhat.com>
350 Zack Rusin <zack@kde.org>
351 Joe Shaw <joe@assbarn.com>
352 Mikael Hallendal <micke@imendio.com>
353 Richard Hult <richard@imendio.com>
354 Owen Fraser-Green <owen@discobabe.net>
355 Olivier Andrieu <oliv__a@users.sourceforge.net>
356 Colin Walters <walters@verbum.org>
357 Thiago Macieira <thiago@kde.org>
358 John Palmieri <johnp@redhat.com>
359 Scott James Remnant <scott@netsplit.com>
360 Will Thompson <will.thompson@collabora.co.uk>
361 Simon McVittie <simon.mcvittie@collabora.co.uk>
362 David Zeuthen <davidz@redhat.com>
366 As a freedesktop.org project, dbus follows the Contributor Covenant,
367 found at: https://www.freedesktop.org/wiki/CodeOfConduct
369 Please conduct yourself in a respectful and civilised manner when
370 interacting with community members on mailing lists, IRC, or bug
371 trackers. The community represents the project as a whole, and abusive
372 or bullying behaviour is not tolerated by the project.