Hi, Here's the summary of the IRC meeting.
--- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 17th April 2019 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: <https://community.openvpn.net/openvpn/wiki/Topics-2019-04-17> The next meeting is scheduled to Thursday 25th April 20:00 CEST. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> SUMMARY cron2, dazo, mattock, ordex, plaisthos and syzzer participated in this meeting. -- Planned the tap-windows6 release. Mattock provided tap-windows6 (9.23.1) test installers a while back. During the somewhat limited testing they behaved as intended (Windows 7, Server 2012r2, Windows 10). The installers included all the important, open PRs from Jon and Selva plus the security fix. Those have now been merged with tap-windows6. Mattock has improved the tap-window6 build process with further automation and documentation and will provide tap-windows6 installers for Windows 7/8/8.1/Server 2012r2 and Windows 10 (including arm64) later today (unless blocked). On Friday he'll release updated OpenVPN 2.4 installers with the new tap-windows6 driver. Windows Server 2016/HLK work will commence for real next week. -- Agreed that the Powershell scripts used to sign tap-windows6 drivers and installer packages could be merged into the main tap-windows6 repository. The scripts are here: https://github.com/mattock/sign-tap6 Mattock will open a PR. -- Talked about the OpenVPN "mini-hackathons". Agreed that the first hackathon should be on May 3rd and last the "whole day". Also agreed that these hackathons should be on a regular schedule, e.g. biweekly, and pre-announced along with the monthly meeting invitations. -- Talked about the ARM64 Windows 10 device offer Jon had for us. Agreed that at least mattock and rozmansi need those devices. Cron2 would benefit as well. Mattock contacted Jon already, asking for a device. Mattock's test device won't probably arrive for time for the next tap-windows6 release which is due this Friday, but given that existing (x86/x64) users are not affected that is not a big deal. -- Did some preliminary patch review which will continue later today. -- Full chatlog attached. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
(12:35:44) mattock: ok let's start (12:36:22) mattock: topic list is pretty spartan: https://community.openvpn.net/openvpn/wiki/Topics-2019-04-17 (12:36:24) vpnHelper: Title: Topics-2019-04-17 – OpenVPN Community (at community.openvpn.net) (12:36:42) mattock: let's cover tap-windows6 quickly (12:37:14) mattock: I provided test installer a while ago (12:38:03) mattock: apparently they worked fine, but the platform coverage was not perfect - if I recall correctly tests were run on Windows 7, Server 2012r2 and 10 (12:38:15) ordex: hay hay (12:38:31) mattock: now all the important tap-windows6 PRs have been merged and I've produced the Windows 7 installer already (12:38:42) mattock: documenting and automating while I do it (12:38:51) mattock: Windows 10 is next in line after this meeting (12:38:54) ***cron2 likes that (12:39:29) mattock: then, probably next week I will move on to Windows Server 2016 + HLK (12:39:48) mattock: I've had a physical (hosted) Windows Server 2016 instance that I can use as a HLK client (12:40:11) mattock: I hope the HLK tests don't beat that instance to death, because that seemed to happen with some of the EC2-based HLK clients (12:40:16) ***dazo is here too :) (12:40:19) mattock: hi dazo! (12:40:25) cron2: nice. HLK will still fail, but we can at least see that we can get Stephen's patches merged, tested, and see what breaks and how to fudge it (12:40:31) mattock: yep (12:41:09) mattock: I have one question though: anyone opposed in merging the powershell signing scripts (https://github.com/mattock/sign-tap6) with tap-windows6 repo? (12:41:10) vpnHelper: Title: GitHub - mattock/sign-tap6: A Powershell script for signing or adding signatures to tap-windows6 drivers (at github.com) (12:41:27) mattock: I mean, you really need those scripts nowadays to produce anything beyond a test installer (12:41:29) cron2: so what's the plan for "release all platforms but server 2016"? Do you plan to put out a test installer, and then a regular openvpn-I60x installer? or "both, right away"? (12:41:38) mattock: well (12:41:48) plaisthos: mattock1: sure merge them (12:42:01) mattock: if we release just the tap-windows6 installers only a few will ever test them (12:42:10) cron2: mattock1: this is new scripts that really should go into tap-windows6, right? (12:42:17) mattock: yeah, I think so (12:42:24) mattock: they _can_ be separate, but it is an extra step (12:42:35) mattock: in the build/signing process (12:42:37) cron2: then, please open a PR against tap-windows6 so I can click the green button :-) (12:42:39) mattock: ok (12:42:44) ordex: mattock1: if they make your life easier and you use them anyway, then I think we can/should merge (12:42:54) mattock: sounds good (12:43:14) cron2: (actually, the github PR / merge workflow *is* nice, if this is the sole place where your repo lives and you don't mind merge commits) (12:43:30) ordex: yap (12:43:34) mattock: you can actually get rid of the merge commits (12:43:36) mattock: nowadays (12:43:51) ordex: well, you only have to rebase for that ;p (12:43:51) mattock: we don't have merge commits in openvpn-gui (12:44:00) ordex: but GH probably does it for you (12:44:02) mattock: there's the merge strategy or something you can choose (12:44:13) ordex: yap (12:44:24) cron2: mattock1: I tried in tap-windows6, and some commits nicely worked with rebase/commit, while the other PR totally exploded, but "merge" worked fine (12:44:37) mattock: yeah that is my experience as well with command-line git commands (12:44:52) mattock: rebase is not as smart as merge for some reason (12:45:13) ordex: I dare to say that it depends on whether you know what you are doing :-P (12:45:23) ordex: hehe but we can talk about git another time (12:45:50) mattock: anyways, I will be in a car most of tomorrow, so I suggest we release the official tap-windows6 installers today and new openvpn installers on Friday (12:45:57) cron2: my wife managed to totally hose up a CVS commit yesterday... and I so wished for a simple rebase... :-) (12:46:14) cron2: mattock1: sounds good (12:46:32) mattock: that might give Jon some time to test the ARM64 version as well (12:46:35) dazo: cron2: you need to educate your wife to use git :-P (12:46:55) cron2: we do have (at least one) an open ticket about tap6 signatures... so these people might be actually willing to test... (12:47:07) mattock: anyone have a link? (12:47:10) cron2: dazo: that's what she said "with git, this would not have happened!" (12:47:26) dazo: \o/ (12:47:27) cron2: #592 (12:47:27) mattock: using CVS is probably not usually a personal choice :D (12:47:57) mattock: will add that ticket link to my release ticket (12:47:59) dazo: mattock1: there's a git interface for using CVS backends, iirc :-P (12:48:05) cron2: dazo: the problem is "this is an existing project, and she was tasked with 'please add this new side functionality' not 'clean up the whole mess of a 22-year-old HTML/CGI thingie, living in CVS' (12:48:21) dazo: yikes (12:48:26) ordex: lol (12:48:32) mattock: done (12:48:46) cron2: but after I cleaned up the CVS mishap, I seriously considered to invest half a day to move over to a 2019-style git workflow :) (12:49:29) mattock: did we cover CVS adequately already :D? (12:49:34) cron2: "this software is older than our trainees"... (it's the leased line documentation tool... basically, dirt simple SQL tables + search/add/update frontend, but it grew lots of nice tricks...) (12:49:39) cron2: mattock1: yes :) (12:49:49) mattock: \o/ (12:50:02) mattock: mini-hackathons? not in the topic list but still (12:50:14) mattock: did you/we decide on when? (12:50:25) dazo: yeah, lets try to schedule this properly (12:50:47) cron2: May 3 rd? (12:51:00) cron2: next week is holiday and kids and grandma birthday and chas (12:51:02) cron2: chaos (12:51:20) mattock: I suppose this week is chaos as well due to Easter? (12:51:44) cron2: 9 full-time employees normally in the network group. 2 have quit, 1 is long-time ill, 3 are on vacation. (12:51:48) cron2: you do the counting :) (12:51:59) mattock: for me it is mostly "eat, clean up, wait 1 hour, start preparing meal, eat, clean up, wait 1 hours, etc" (12:52:06) dazo: yeah, at least on my side, this week is tricky .... Next Wed I'm also travelling back home (12:52:25) mattock: May 3rd starts sounding reasonable (12:52:31) mattock: and from there on on a weekly basis? (12:53:02) cron2: I cannot promise weekly, but you do not need me at all times anyway (12:53:17) mattock: yeah (12:53:21) mattock: time? (12:53:32) cron2: "all day" (12:53:35) mattock: ah ok (12:53:43) cron2: I'll show up around 8, when kids are in school (12:53:49) mattock: in understand the reluctance to commit to a weekly session now :D (12:54:08) mattock: I hope _I_ am not needed every time :P (12:54:21) mattock: at least as an active participant (12:54:29) cron2: I think first thing we need to do is collect money to get you an IRC bouncer :) (12:54:37) mattock: I hope money could solve that problem (12:54:47) mattock: well maybe it would work now if I retried (12:54:51) syzzer: I can't make May 3rd (and can't really promise anything during workdays) (12:55:01) mattock: ZNC+Pidgin+Freenode's new authentication was a really tricky combo (12:55:03) syzzer: but I'll try to schedule any openvpn work to Fridays (12:55:04) dazo: mattock1: I'm sure Andrew can grant you a DO box which can run a bouncer for you ;-) (12:55:25) mattock: well I have a bouncer, but the problem is configuring it with the combo of software listed above (12:55:34) cron2: syzzer: good enough. What we'll try to do is to speed up the "patch, review, v2, review" cycles (12:55:40) cron2: so not everybody needs to be here (12:56:01) dazo: mattock1: we can have a look at ZNC later on ... I'm using ZNC+hexchat ... but with auth properly working (12:56:12) mattock: shall we aim for a every other week cycle? (12:56:30) mattock: dazo: you could do a PoC for me using ZNC+Pidgin :) (12:56:32) dazo: that's a good starter ... and if it's a fixed weekday, it's easier to plan (12:56:50) mattock: yeah, and I can add the mini-hackathons to the monthly meeting invitation email (12:57:00) mattock: less chance of us "forgetting" about the hackathons (12:57:04) dazo: yeah (12:57:13) mattock: make it official (12:57:27) plaisthos: mattock1: didn't Microsoft offer us an ARM based windows tablet to test the windows drivers? And are we following up on that offer? (12:57:46) mattock: plaisthos: they did offer that, yes, but we have not (yet) followed up (12:57:55) mattock: but I'm not overly concerned about arm64 now - nobody expects it (12:58:07) plaisthos: okay (12:58:14) mattock: so I would consider it beta anyways (12:58:17) mattock: until proven otherwise (12:58:27) mattock: but yeah, we should get hardware for testing that (12:59:25) mattock: rozmansi and I should have arm64 windows devices (12:59:29) mattock: eventually (12:59:34) cron2: I'd take up microsoft on that offer, yes (12:59:36) mattock: yep (12:59:44) mattock: I can't recall if the devices were loaners or not (13:00:03) cron2: microsoft wants arm, and if we can do a bit of nice PR with it "look, openvpn is the first VPN solution on ARM64!", why not :-) (13:00:18) mattock: yeah (13:00:28) cron2: mattock1: no details were mentioned (loan/donation, what sort of hardware exactly, ...) (13:00:34) mattock: ok (13:00:34) plaisthos: mattock1: does not really matter if they are loaners or not, right? (13:00:51) mattock: plaisthos: optimally we'd like to test every release, not just the initial arm64 releases (13:01:03) cron2: if they feel they need more testing, they can send me one as well ;-) - but mattock and rozmansi are the crucial builders (13:01:12) mattock: _but_ maybe openvpn inc would be interested for having their own arm64 windows device that other teams could test on as well (13:01:25) mattock: assuming getting remote access to one is possible (13:01:46) plaisthos: remote testing with network and VPN does not work well :) (13:01:54) plaisthos: unless you connect a KVM to it (13:02:31) cron2: rdesktop via VPN on a different device, NATting to fe80::%lan addresses *duck* (13:02:32) mattock: yeah something like that probably (13:03:01) mattock: if the devices are affordable enough then having multiple is not a big deal (13:03:17) mattock: I can actually check the pricing and ask the bossman (13:03:31) plaisthos: then again at https://geizhals.de/?cat=nbtabl&xf=2174_Qualcomm~2187_Windows~3325_2018 (13:03:34) vpnHelper: Title: Tablets mit CPU-Hersteller: Qualcomm, Betriebssystem: Windows, Gelistet seit: ab 2018 Preisvergleich Geizhals Deutschland (at geizhals.de) (13:03:41) plaisthos: so 700 EUR (13:03:44) plaisthos: and there is only one (13:04:24) mattock: let me open the discussion with Jon about this again - I'm sure he has ideas about which device to use (13:04:25) cron2: I think there's a Surface one as well (13:04:30) mattock: use/get (13:04:30) cron2: yep (13:04:36) plaisthos: cron2: nope (13:04:42) cron2: nope? (13:04:44) cron2: okay (13:04:48) plaisthos: I have the Surface Go, which you probably think, that is Intel based (13:05:04) mattock: I hope we are not targeting just one device with ARM64 lol :D (13:05:19) plaisthos: there are the old Windows RT Surfaces that were ARM based (13:05:56) mattock: let us consult Jon (13:06:09) mattock: he must have used _something_ while writing his code (13:06:23) mattock: enough of tap-windows6/arm64? (13:06:26) cron2: ARM64 emulator running on a $1M supercomputer :) (13:06:34) mattock: :) (13:06:57) cron2: enough, yes :) (13:07:08) mattock: openvpn 2.5? (13:07:22) mattock: or just "need to work on stuff to eventually get it out"? (13:07:30) cron2: need to work on stuff to eventually get it out! (13:07:34) mattock: good summary (13:07:41) mattock: next topic (13:07:41) mattock: ? (13:07:47) cron2: (with the may3 date, we might actually make progress here) (13:07:53) mattock: agreed (13:08:37) mattock: anything else for today? (13:09:58) cron2: anyone up for a quick round of patch review assignment? (13:10:21) cron2: if I say "volunteers!" now, I can see you all declare "lunch time, sorry, have to go!" :) (13:10:41) syzzer: I already had lunch :) (13:10:46) cron2: plaisthos, dazo: could you fight the --genkey thing out and come to a decision? ;-) (13:11:07) ***dazo is ready for a fight! :) (13:11:08) syzzer: looking into ilya's reported "base64 missing ignored" thingy (13:11:13) cron2: syzzer: could you ave a quick view on https://patchwork.openvpn.net/patch/713/ (13:11:14) vpnHelper: Title: [Openvpn-devel,PATCHv2] openssl: Fix compilation without deprecated OpenSSL 1.1 APIs - Patchwork (at patchwork.openvpn.net) (13:11:44) cron2: oh yes, the base64 thing (plus "mbedtls") - if we fail, we should fail, not declare success :-) (13:11:53) plaisthos: I can also take that one (13:11:57) cron2: or maybe skip the test if base64 is not available (13:12:15) cron2: plaisthos: yours :) (13:12:43) cron2: I think that one supersedes 705, but I'm not sure (13:12:47) cron2: https://patchwork.openvpn.net/patch/705/ (13:12:49) vpnHelper: Title: [Openvpn-devel] openssl: Replace not[Before/After] functions with get0 variants - Patchwork (at patchwork.openvpn.net) (13:13:35) syzzer: cron2: currently just making it fail if base64 is missing (13:13:49) cron2: good first step (13:15:29) syzzer: the fix might be specific to the various shell implementations (13:15:45) plaisthos: cron2: I agree with syzzer reasoning and also thing that changing --genkey secret from generating a file called secret to outputting a secret key on stdout is not a good idea (13:15:49) syzzer: so the patch would need testing on multiple platforms (13:16:03) cron2: syzzer: can you push to mattock's repo? (13:16:32) cron2: (buildbot is nowadays feeding from a non-public repo that at least ordex is regularily pushing to... so you get at least buildbot coverage) (13:16:35) syzzer: cron2: if I can, probably not from the work office (13:16:50) cron2: mattock1: can syzzer push to your repo? (13:19:05) cron2: dazo: #577 sits on your lap (since a few months...) (13:19:15) cron2: https://patchwork.openvpn.net/patch/577/ (13:19:17) vpnHelper: Title: [Openvpn-devel,v2] cmocka: use relative paths - Patchwork (at patchwork.openvpn.net) (13:19:55) dazo: huh!? whoops (13:20:35) dazo: Hmm ... I recall this vaguely, I'll pull it up later today (13:21:32) cron2: there's enough in patchwork that smells like "cron2" (plus those that have been actually delegated already)... (13:21:49) cron2: trying to cover the windows stuff, pushing crypto and build stuff to you folks (13:24:43) mattock: I finally found the email about ARM64 devices (13:25:00) mattock: so Jon just asked to send GPG-encrypted email to him with the shipping address (13:25:18) mattock: from openvpn.net address, but I guess that is negotiatible (13:25:49) mattock: I just sent the request for hardware to Jon (13:27:57) dazo: syzzer, plaisthos: should we agree on the --genkey stuff a bit later today? (13:28:23) ***dazo has lunch arriving and a tiny "daughter is upset" challenge (13:28:41) plaisthos: yeah (13:28:42) syzzer: dazo: yeah, let's try that (13:28:53) plaisthos: go tame your little dragon (13:28:55) dazo: 1.5 hour or so? (13:29:04) dazo: 14:00 (13:29:23) ***dazo likes round numbers :-P (13:31:18) cron2: nice. Go feed your dragons, and I await your mails :-) (13:42:34) syzzer: cron2: base64 behaves differently on various platforms, should I just hardcode a (long) string instead and avoid the dependency? (13:42:48) syzzer: feels ugly, but it is robust... (13:44:11) cron2: syzzer: on openssl builds, one could do "openssl base64"... is there an mbedtls equivalent? (13:44:49) syzzer: cron2: not sure, but that also assumes mbedtls is installed (not just libmbedtls) (13:45:09) syzzer: but I think we assume having openssl anyway (13:45:15) syzzer: so that might be a good way out (13:46:03) syzzer: hm, we don't (13:46:57) ordex: can we assume we have python ? that may have some easy-to-use base64 functionality (13:47:40) syzzer: ordex: we don't use python anywhere in the test framework yet (13:48:17) ordex: grumble grumble ok (13:48:46) cron2: we cannot truly assume anything but C and "a SSL library" (13:49:35) syzzer: okay, I'll just bardcode the string (13:49:46) ordex: yeah (13:49:48) cron2: good enough for a test module :) (13:50:06) cron2: whatever bardcoding is, it looks very melodic (13:50:08) ordex: the hardcoded string will work also if the library breaks :p
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel