Hi,
Here's the summary of today's IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on irc.freenode.net
Date: Monday 14th November 2016
Time: 20:00 CET (19:00 UTC)
Planned meeting topics for this meeting were here:
<https://community.openvpn.net/openvpn/wiki/Topics-2016-11-14>
The next meeting has not been scheduled yet.
Your local meeting time is easy to check from services such as
<http://www.timeanddate.com/worldclock>
SUMMARY
cron, dazo, mattock and syzzer participated in this meeting.
---
Discussed the OpenVPN 2.4_beta1 release:
<https://community.openvpn.net/openvpn/wiki/StatusOfOpenvpn24>
The original deadline (Wed 16th) is still doable and we will aim for it.
Agreed that deprecating "key-method 1" makes sense for OpenVPN 2.4.
Actually removing the method will take place in 2.5.
Several 2.4 patches were discussed, reviewed and ACKed during the meeting.
--
Mattock ran his Powershell testsuite against Selva's openvpnserv2, which
is able to gracefully shutdown OpenVPN instances:
<https://github.com/xkjyeah/openvpnserv2/issues/10>
<https://github.com/selvanair/openvpnserv2/tree/exit-event>
The tests succeeded now, so patched openvpnserv2 will likely make it to
OpenVPN 2.4_beta1.
--
Discussed the OpenVPN 2.3.14 release. Agreed that making the release the
upcoming week with a few more patches makes sense.
--
Full chatlog has been attached to this email.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
(21:01:28) cron2: so. dazo is late, syzzer is late, mattock was too early and
fell asleep
(21:01:48) mattock: hi
(21:02:08) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2016-11-14
(21:02:10) vpnHelper: Title: Topics-2016-11-14 – OpenVPN Community (at
community.openvpn.net)
(21:04:37) mattock: so the others are indeed a bit late
(21:05:15) cron2: what I can say so far is that we're either not making the
beta1 deadline, or tls-crypt won't go in...
(21:06:31) cron2: (beta1 deadline is now, 2/5 is waiting for confirmation from
plaisthos, 4/5 v2 from dazo)
(21:06:57) mattock: ok, so reasonably far anyways
(21:07:17) cron2: 5/5 is somewhat straightforward if 2/5+4/5 are in - "if it
passes the cmocka test, it's good"
(21:07:31) cron2: (as it does not touch actual openpvn code)
(21:12:09) ***dazo is here ... let's see how long the calm lasts at home :)
(21:12:20) cron2: cool
(21:12:37) cron2: I'm about to merge argv 1-3 - ok with you?
(21:12:47) cron2: (the patch page says so :-))
(21:13:07) dazo: :) ... Let me have a quick look, I don't recall all patches
I've looked at lately
(21:13:32) cron2: 1-3 is pure shuffling around + cmocka tests, no actual changes
(21:16:19) cron2: well, 1 is shuffling around, 2 is argv_new(), 3 is system_str
(21:16:24) dazo: agreed, I'd probably also pull in patch 4, tbh .... it's a bit
more invasive, but it cleans up odd things. I've tested 1-4 without the
others, and that did work ... and makes the gap smaller if we get more
confidence in patch 5-7 to get into final 2.4
(21:16:49) cron2: ok, I'll start with 1-3 now...
(21:17:15) cron2: (I've already done a cursory review of those, 4 next)
(21:17:24) dazo: yeah, probably a good idea to get that to the buildbots, and
the we can see what happens with 4 ... if it breaks things, I'm fine with a
revert
(21:18:00) cron2: what's the "git diff" command that shows moves?
(21:18:23) dazo: git blame -w -M -C
(21:18:28) dazo: git blame -w -M -C $file
(21:18:42) dazo: that shows where things came from
(21:18:48) ***cron2 looks
(21:18:57) cron2: cool
(21:19:34) cron2: well
(21:19:42) dazo: but you can also play with git diff
--diff-algorithm={patience|minimal|histogram|myers} .... I used that a lot on
these patches, as it doesn't make the patch as minimal as possible (meyers)
(21:20:32) cron2: it's a bit over-eager... finding bits and pieces in argv.c
coming from buffer.c... might have been, initially
(21:20:59) cron2: a different "diff" won't help, as it's, well, a diff :)
(21:21:08) syzzer: evening :)
(21:21:38) mattock: evening!
(21:21:46) syzzer: catching up...
(21:21:57) cron2: dazo: could you have a look at
(21:21:58) cron2: Subject: [Openvpn-devel] [PATCH 4/5 v2] Move private file
access checks to
(21:22:02) cron2: (v2)
(21:22:14) ***dazo looks
(21:23:55) syzzer: applying 4/5 before 2/5 will require changes in 2/5 (and
some conflict resolution), but that's fine, I have to do a 2/5v2 anyway
(21:24:29) cron2: I don't actually want that, but having an ACK on 4/5 would
avoid further delay if plaisthos resurfaces
(21:25:37) dazo: I can give 4/5v2 an ACK, that looks good now ... but yeah, we
can't add it before 2/5
(21:25:49) dazo: (well, by removing two lines from the patch we can)
(21:26:05) cron2: if it's that easy...
(21:26:16) syzzer: yes, that :)
(21:26:23) cron2: wait until argv is in, otherwise it gets messy
(21:26:42) dazo: line 2900-2901 in the patched file, if I'm not mistaken
(21:28:57) mattock: I will run Selva's openvpnserv2 + exit-event patch through
my Powershell scripts
(21:29:27) cron2: mmmh, why did I not see these?
(21:32:19) L'account è disconnesso e non sei più in questa chat. Sarai
reinserito in questa chat alla riconnessione dell'account.
(21:32:24) L'argomento di #openvpn-meeting è: Meeting 2016-08-22 1900 UTC:
Agenda at https://community.openvpn.net/openvpn/wiki/Topics-2016-08-22
(21:32:24) L'argomento per #openvpn-meeting è stato impostato da
valdikss!~valdikss@2a02:7aa0:1619::2c32:9c23 a 21:38:35 su 22/08/2016
(21:33:34) cron2: All 3 tests passed
(21:33:46) cron2: argv[1]...argv[3], t_client on linux
(21:34:04) ***dazo need to head back to a childrens bedroom :/ .... brb
(21:34:18) cron2: dazo: patience be with you :)
(21:35:18) syzzer: cron2: I see that 1/7 from heiko got applied, should I send
my fixups as an official patch now?
(21:36:29) cron2: syzzer: gah. I read those, but forgot. Please do
(21:36:45) cron2: 1-3 being buildbotted now...
(21:37:18) cron2: syzzer: shall I just use the patch in your mail?
(21:37:29) syzzer: Yeah, that's fine
(21:37:40) syzzer: I would otherwise just resend it with slightly more text and
a signed-off-by
(21:37:47) cron2: how you prefer
(21:37:53) cron2: yeah
(21:37:57) cron2: sounds better
(21:38:33) syzzer: ah, damn, more work for me :p No, it's better so I'll
resend it
(21:40:02) ***dazo is back
(21:40:57) cron2: mattock: ubuntu1204 is still unhappy with the directory name
(21:41:45) mattock: cron2: ok
(21:41:48) mattock: let's see
(21:42:17) mattock: I just launched the powershell test suite for selva-patched
openvpnserv2, looks good so far
(21:42:32) cron2: cool
(21:43:16) cron2: the argv change set needs a test run with openvpn.exe without
service (so it can exec netsh.exe / route.exe)
(21:44:08) cron2: fnord... the windows buildslave cannot download
pkcs11-helper-1.11.tar.bz2, so fails building
(21:46:28) mattock: that is probably just a network glitch
(21:46:33) mattock: I will trigger a build manually
(21:47:59) cron2: wait :)
(21:48:23) mattock: too late
(21:48:29) mattock: I can cancel though
(21:48:36) cron2: nah
(21:48:54) cron2: it's ok so we have two snapshots, one with argv 1-3, one with
argv 4 + fixup
(21:49:43) cron2: freebsd 7.4 buildbot failure is because I messed with the
machine while it was running t_client - not the patch's fault
(21:50:06) syzzer: so, can I claim you for the topic I tried to get into last
meeting too: deprecating --key-method 1
(21:50:27) ***cron2 has no idea about this crypto stuff :)
(21:50:39) cron2: seriously: what is this used for?
(21:50:55) syzzer: msg-id <54fc26bb.2000...@karger.me>
(21:51:25) syzzer: http://thread.gmane.org/gmane.network.openvpn.user/35632
(21:51:26) vpnHelper: Title: Gmane Loom (at thread.gmane.org)
(21:51:28) cron2: am I right, nobody responded?
(21:51:38) mattock: indeed, the pkcs11-helper thing is not just a glitch
(21:51:39) cron2: oh
(21:51:40) mattock: another failure
(21:52:28) cron2: syzzer: from the discussion (that I had already forgotten) it
looks like "nobody seriously objected"
(21:52:52) mattock: hmm, or maybe it what just a persistent glitch... running
the wget command manually works
(21:52:55) syzzer: good, I'll send a deprecation patch for 2.4, and removal as
soon as 2.4 branched out
(21:53:10) syzzer: (for the then-master branch)
(21:53:19) cron2: makes sense
(21:53:44) syzzer: since its a bit short before release to remove more features
I think
(21:54:28) cron2: dazo, mattock?
(21:54:31) dazo: syzzer: I'd be willing to accept that, but it's nice to make
it clear in the log files "this will go away"
(21:55:44) dazo: in a 2.4 release, before taking it out in 2.5
(21:55:44) mattock: reaading the email thread on key-method
(21:57:13) mattock: so if there is no warning about key-method going away, I
would say we first print a warning in logs, then in 2.5 remove it
(21:57:17) dazo: on a related note ... we have --compat-names and --tls-remote
on the list of options to remove too .... they've been listed as deprecated in
the log files since 2.3 ... man page promises 2.4 or 2.5
(21:57:51) dazo: mattock: you're way too nice ... removing reasons for flame
fests on the -users ML! ;-)
(21:59:08) syzzer: ah, damn, this needs a Changes.rst entry :/
(21:59:15) syzzer: wait for it...
(21:59:18) dazo: lol :)
(21:59:19) cron2: haha :)
(21:59:32) cron2: dazo: feel free to apply 4/5 v2 "with two lines removed" in
the meantime :)
(21:59:39) ***cron2 is done for the moment with applying and pushing
(22:01:05) mattock: dazo: I am just following the policies we set in like 2010
:D
(22:02:38) dazo: mattock: oh, I've been ignoring those as James completely
skipped them with a few other features after we agreed on that :-P
(22:03:04) mattock: well james has james style
(22:03:05) mattock: :P
(22:03:27) dazo: ;-)
(22:05:19) mattock: windows buildslave finally managed to download
pkcs11-helper, and the build succeeded
(22:05:29) cron2: good
(22:06:08) cron2: syzzer: can you open a trac with milestone 2.5 "remove
key-method 1 for good"?
(22:06:19) syzzer: cron2: will do
(22:06:23) mattock: selva seems to have solved the exit event:
https://github.com/selvanair/openvpnserv2/tree/exit-event
(22:06:24) cron2: (so it won't be forgotten, and then we remember on the day
2.5_beta1 is due...)
(22:06:25) vpnHelper: Title: GitHub - selvanair/openvpnserv2 at exit-event (at
github.com)
(22:06:33) mattock: just passed all the tests
(22:07:13) cron2: syzzer: uh, are you sending a v2 of that patch, with
Changes.rst?
(22:07:18) mattock: it still requires some code-review, but I think we can get
properly operating openvpnserv2.exe to 2.4_beta1
(22:07:32) syzzer: cron2: already on the list
(22:07:46) cron2: sleep(5)
(22:08:04) dazo: signal(SIGALRM,...)
(22:08:12) cron2: Subject: [Openvpn-devel] [PATCH v2] Deprecate key-method 1
(22:08:15) cron2: \o/
(22:08:29) mattock: that said, we need to fix IPv6 netsh calls, so that even if
openvpn is killed forcibly netsh does not fail due to existing route
(22:08:30) cron2: dazo: shall I wait for you, or just quickly push this out?
(22:09:05) dazo: cron2: I can take both ... I'm just verifying I don't break
anything with "picking out those two lines"
(22:09:40) cron2: in that case, it's yours to take :) - the mail-archive URL is
(22:09:41) cron2:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13054.html
(22:09:43) vpnHelper: Title: [Openvpn-devel] [PATCH v2] Deprecate key-method 1
(at www.mail-archive.com)
(22:09:43) dazo: syzzer: is it needed to add --key-method 2, or isn't that the
default if not provided?
(22:10:06) syzzer: dazo: that's the default if not provided
(22:10:42) dazo: syzzer: maybe rather recommend people _not_ to use the
--key-method option at all?
(22:10:53) dazo: now it sounds like it is needed, in Changes.rst
(22:11:07) syzzer: dazo: good point, can you fix that on the fly?
(22:11:13) dazo: syzzer: sure can do!
(22:11:18) syzzer: great!
(22:12:49) dazo: I'll send a patch removing --compat-names and --tls-remote as
well today
(22:13:06) cron2: with Changes.rst :)
(22:13:12) syzzer: haha
(22:13:22) dazo: haha ... yeah, I'll try to remember that!
(22:24:07) mattock: how far are we in our ACK/patchfest?
(22:24:33) cron2: dazo has two more to go, then we wait for syzzer 2/5 v2 and
plaisthos to ACK that
(22:25:48) cron2: (which implies postponing beta1 by a few days)
(22:28:24) syzzer: beta1 was aimed for Wednesday, right?
(22:28:27) syzzer: still possible...
(22:28:29) cron2: today :)
(22:28:37) cron2: ah, no
(22:28:44) cron2: Nov 16 is what the page says
(22:28:53) cron2: wednesday it is!
(22:29:32) mattock: yes, wednesday
(22:29:51) syzzer: so, this other patch of mine (or actually, my colleagues),
the CRL refactoring. what do we need to get that in?
(22:30:08) mattock: if you guys get the patches done by Wed noon (CET) I should
be able to make the release on Wed
(22:30:20) cron2: I'll see that I can have a look at the CRL patch tomorrow,
and maybe fiddle a bit with the DHCP option stuff (but that could be "minor
change between beta1 and beta2")
(22:30:37) cron2: syzzer: dazo wants an extra review as he does not trust
perfect code
(22:30:46) cron2: so, next time, please add some typo to a comment or such
(22:31:05) syzzer: yeah, I know, but nobody has volunteered. hence the poking
;)
(22:31:22) syzzer: but great :)
(22:31:30) cron2: whee, ACK!
(22:31:40) cron2: (can't process that yet, waiting for dazo to merge+push)
(22:32:14) syzzer: I hope to have a better look at dazo's AUTH_FAILED patches
tomorrow
(22:33:12) syzzer: need to fiddle a bit to see if I can come up with something
nicer than shoving around a struct context
(22:33:32) cron2: wrt to 2.3.14 - everything I had on my list as "must go in!"
is in, but I'm not in a hurry to push that out. So we can just drop this of
today's agenda (or consider it "covered!")
(22:33:51) syzzer: "covered!"
(22:35:14) mattock: let's release 2.3.14 next week?
(22:35:32) dazo: syzzer: cool, thx!
(22:35:59) mattock: the meeting summary will probably be the shortest ever
(22:36:01) ***dazo is looking careful at the "remove two lines" as it didn't
apply so smoothly :/
(22:36:11) cron2: mattock: please remind me, is your track account "mattock" or
"samuli"?
(22:36:24) cron2: ah, samuli
(22:36:26) mattock: samuli
(22:36:52) cron2: mattock: I'll go and have a go at some of the open tickets
for 2.3... so "next week" sounds good
(22:37:26) mattock: cron2: ok
(22:37:48) cron2: #745 needs looking-at with brains, and that should go into
2.4 and 2.3.14 (bugfix)
(22:39:35) syzzer: mattock: I'd like to check out cron2's 'poor-mans NCP
patch' before 2.3.14, because that would be great to get out to users asap
(22:40:06) mattock: syzzer: so next week good for you too?
(22:40:16) cron2: syzzer: that is master/2.4 material, on the client side you
just need the --setenv
(22:40:28) syzzer: cron2: oh, right. nvm then :)
(22:40:52) cron2: (--cipher foo --setenv UV_WANT_CIPHER foo --push-peer-info
-> server sets up "cipher foo" for that client instance)
(22:41:07) cron2: but it would be useful to have in 2.4 :)
(22:41:08) syzzer: patch is small enough to fit into the 'minor' category, so
I'll focus on AUTH_FAILED first
(22:41:12) cron2: ok
(22:44:40) cron2: I'm calling it a day now... kids will wake me up early (and I
think we all know what to do next :) )
(22:45:04) dazo: I'll have some updates to the git tree in a little while
(22:45:10) cron2: cool
(22:45:35) mattock: yeah, let's call it a day
(22:45:39) mattock: wed is still doable
(22:47:02) syzzer: exciting times!
(22:47:29) dazo: cool! very thankful for wed :)
(22:53:45) mattock: ok, good night all!
------------------------------------------------------------------------------
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
