1 The guidelines in this file are the ideals; it's better to send a
2 not-fully-following-guidelines patch than no patch at all, though. We
3 can always polish it up.
8 The D-Bus mailing list is dbus@lists.freedesktop.org; discussion
9 of patches, etc. should go there.
14 Most of D-Bus is security sensitive. Guidelines related to that:
16 - avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
17 strstr(), strtok(), or any of this stuff. Use DBusString.
18 If DBusString doesn't have the feature you need, add it
21 There are some exceptions, for example
22 if your strings are just used to index a hash table
23 and you don't do any parsing/modification of them, perhaps
24 DBusString is wasteful and wouldn't help much. But definitely
25 if you're doing any parsing, reallocation, etc. use DBusString.
27 - do not include system headers outside of dbus-memory.c,
28 dbus-sysdeps.c, and other places where they are already
29 included. This gives us one place to audit all external
30 dependencies on features in libc, etc.
32 - do not use libc features that are "complicated"
33 and may contain security holes. For example, you probably shouldn't
34 try to use regcomp() to compile an untrusted regular expression.
35 Regular expressions are just too complicated, and there are many
36 different libc's out there.
38 - we need to design the message bus daemon (and any similar features)
39 to use limited privileges, run in a chroot jail, and so on.
41 http://vsftpd.beasts.org/ has other good security suggestions.
46 - The C library uses GNU coding conventions, with GLib-like
47 extensions (e.g. lining up function arguments). The
48 Qt wrapper uses KDE coding conventions.
50 - Write docs for all non-static functions and structs and so on. try
51 "doxygen Doxyfile" prior to commit and be sure there are no
54 - All external interfaces (network protocols, file formats, etc.)
55 should have documented specifications sufficient to allow an
56 alternative implementation to be written. Our implementation should
57 be strict about specification compliance (should not for example
58 heuristically parse a file and accept not-well-formed
59 data). Avoiding heuristics is also important for security reasons;
60 if it looks funny, ignore it (or exit, or disconnect).
65 To make a release of D-Bus, do the following:
67 - check out a fresh copy from CVS
69 - verify that the libtool versioning/library soname is
70 changed if it needs to be, or not changed if not
72 - update the file NEWS based on the ChangeLog
74 - update the AUTHORS file based on the ChangeLog
76 - add a ChangeLog entry containing the version number
77 you're releasing ("Released 0.3" or something)
78 so people can see which changes were before and after
81 - the version number should have major.minor.micro even
82 if micro is 0, i.e. "1.0.0" and "1.2.0" not "1.0"/"1.2"
84 - "make distcheck" (DO NOT just "make dist" - pass the check!)
86 - if make distcheck fails, fix it.
88 - once distcheck succeeds, "git-commit -a". This is the version
89 of the tree that corresponds exactly to the released tarball.
91 - tag the tree with "git-tag -s -m 'Released X.Y.Z' dbus-X.Y.Z"
92 where X.Y.Z is the version of the release. If you can't sign
93 then simply created an unannotated tag: "git-tag dbus-X.Y.Z".
95 - bump the version number up in configure.in, and commit
96 it. Make sure you do this *after* tagging the previous
97 release! The idea is that git has a newer version number
98 than anything released.
100 - push your changes to the central repository
102 - scp your tarball to freedesktop.org server and copy it
103 to /srv/dbus.freedesktop.org/www/releases/dbus. This should
104 be possible if you're in group "dbus"
106 - update the wiki page http://www.freedesktop.org/Software/dbus by
107 adding the new release under the Download heading. Then, cut the
108 link and changelog for the previous that was there.
110 - update the wiki page
111 http://www.freedesktop.org/Software/DbusReleaseArchive pasting the
112 previous release. Note that bullet points for each of the changelog
113 items must be indented three more spaces to conform to the
114 formatting of the other releases there.
116 - post to dbus@lists.freedesktop.org announcing the release.
119 After making a ".0" stable release
122 After releasing, when you increment the version number in git, also
123 move the ChangeLog to ChangeLog.pre-X-Y where X-Y is what you just
124 released, e.g. ChangeLog.pre-1-0. Then create and cvs add a new empty
125 ChangeLog. The last entry in ChangeLog.pre-1-0 should be the one about
128 Add ChangeLog.pre-X-Y to EXTRA_DIST in Makefile.am.
130 We create a branch for each stable release; sometimes the branch is
131 not done immediately, instead it's possible to wait until someone has
132 a not-suitable-for-stable change they want to make and then branch to
133 allow committing that change.
135 The branch name should be dbus-X.Y-branch which is a branch that has
136 releases versioned X.Y.Z
138 To branch, add a tag to the common ancestor:
139 git tag dbus-X.Y-branchpoint
140 then create the branch:
141 git branch dbus-X.Y-branch
143 Note that dbus-X.Y-branchpoint may not tag the same revision as the
144 dbus-X.Y.0 release, since we may not branch immediately.
146 Environment variables
149 These are the environment variables that are used by the D-Bus client library
152 Turns on printing verbose messages. This only works if D-Bus has been
153 compiled with --enable-verbose-mode
155 DBUS_MALLOC_FAIL_NTH=n
156 Can be set to a number, causing every nth call to dbus_alloc or
157 dbus_realloc to fail. This only works if D-Bus has been compiled with
160 DBUS_MALLOC_FAIL_GREATER_THAN=n
161 Can be set to a number, causing every call to dbus_alloc or
162 dbus_realloc to fail if the number of bytes to be allocated is greater
163 than the specified number. This only works if D-Bus has been compiled with
166 DBUS_TEST_MALLOC_FAILURES=n
167 Many of the D-Bus tests will run over and over, once for each malloc
168 involved in the test. Each run will fail a different malloc, plus some
169 number of mallocs following that malloc (because a fair number of bugs
170 only happen if two or more mallocs fail in a row, e.g. error recovery
171 that itself involves malloc). This env variable sets the number of
173 Here's why you care: If set to 0, then the malloc checking is skipped,
174 which makes the test suite a heck of a lot faster. Just run with this
175 env variable unset before you commit.
180 These are the test programs that are built if dbus is compiled using
184 This is the main unit test program that tests all aspects of the D-Bus
188 This it the unit test program for the message bus.
191 A test that tries to break the message loader by passing it randomly
192 created invalid messages.
194 "make check" runs all the deterministic test programs (i.e. not break-loader).
196 "make check-coverage" is available if you configure with --enable-gcov and
197 gives a complete report on test suite coverage. You can also run
198 "test/decode-gcov foo.c" on any source file to get annotated source,
199 after running make check with a gcov-enabled tree.
204 Please file them at http://bugzilla.freedesktop.org under component
205 dbus, and also post to the mailing list for discussion. The commit
208 - for fixes that don't affect API or protocol, they can be committed
209 if any one qualified reviewer other than patch author
212 - for fixes that do affect API or protocol, two people
213 in the reviewer group have to review and approve the commit, and
214 posting to the list is definitely mandatory
216 - if there's a live unresolved controversy about a change,
217 don't commit it while the argument is still raging.
219 - regardless of reviews, to commit a patch:
220 - make check must pass
221 - the test suite must be extended to cover the new code
222 as much as reasonably feasible
223 - the patch has to follow the portability, security, and
225 - the patch should as much as reasonable do one thing,
226 not many unrelated changes
227 No reviewer should approve a patch without these attributes, and
228 failure on these points is grounds for reverting the patch.
230 The reviewer group that can approve patches: Havoc Pennington, Michael
231 Meeks, Alex Larsson, Zack Rusin, Joe Shaw, Mikael Hallendal, Richard
232 Hult, Owen Fraser-Green, Olivier Andrieu, Colin Walters, Thiago
233 Macieira, John Palmieri.