summaryrefslogtreecommitdiffstats
path: root/HACKING
blob: 3bd2e09443852dc60655030e469ea1460b403476 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
The guidelines in this file are the ideals; it's better to send a
not-fully-following-guidelines patch than no patch at all, though.  We
can always polish it up.

Mailing list
===

The D-BUS mailing list is message-bus-list@freedesktop.org; discussion
of patches, etc. should go there.

Security
===

Most of D-BUS is security sensitive.  Guidelines related to that:

 - avoid memcpy(), sprintf(), strlen(), snprintf, strlcat(),
   strstr(), strtok(), or any of this stuff. Use DBusString. 
   If DBusString doesn't have the feature you need, add it 
   to DBusString. 

   There are some exceptions, for example
   if your strings are just used to index a hash table 
   and you don't do any parsing/modification of them, perhaps
   DBusString is wasteful and wouldn't help much. But definitely 
   if you're doing any parsing, reallocation, etc. use DBusString.

 - do not include system headers outside of dbus-memory.c, 
   dbus-sysdeps.c, and other places where they are already 
   included. This gives us one place to audit all external 
   dependencies on features in libc, etc.

 - do not use libc features that are "complicated" 
   and may contain security holes. For example, you probably shouldn't
   try to use regcomp() to compile an untrusted regular expression.
   Regular expressions are just too complicated, and there are many 
   different libc's out there.

 - we need to design the message bus daemon (and any similar features)
   to use limited privileges, run in a chroot jail, and so on.

http://vsftpd.beasts.org/ has other good security suggestions.

Coding Style
===

 - The C library uses GNU coding conventions, with GLib-like
   extensions (e.g. lining up function arguments). The
   Qt wrapper uses KDE coding conventions.

 - Write docs for all non-static functions and structs and so on. try
   "doxygen Doxyfile" prior to commit and be sure there are no
   warnings printed.

 - All external interfaces (network protocols, file formats, etc.)
   should have documented specifications sufficient to allow an
   alternative implementation to be written. Our implementation should
   be strict about specification compliance (should not for example
   heuristically parse a file and accept not-well-formed
   data). Avoiding heuristics is also important for security reasons;
   if it looks funny, ignore it (or exit, or disconnect).

Making a release
===

To make a release of D-BUS, do the following:

 - check out a fresh copy from CVS

 - increment the version number in configure.in

 - verify that the libtool versioning/library soname is 
   changed if it needs to be, or not changed if not

 - update the file NEWS based on the ChangeLog

 - add a ChangeLog entry containing the version number 
   you're releasing ("Released 0.3" or something)
   so people can see which changes were before and after
   a given release.

 - "make distcheck" (DO NOT just "make dist" - pass the check!)

 - if make distcheck fails, fix it.

 - once distcheck succeeds, "cvs commit"

 - if someone else made changes and the commit fails, 
   you have to "cvs up" and run "make distcheck" again

 - once the commit succeeds, "cvs tag DBUS_X_Y_Z" where 
   X_Y_Z map to version X.Y.Z

 - check out the "web" module, copy the tarball to 
   web/content/software/dbus/releases, "cvs add -kb dbus-x.y.z.tar.gz"

 - update web/content/software/dbus/main.in with a pointer to the 
   tarball
  
 - post to message-bus-list@freedesktop.org announcing the release.
 

Environment variables
===

These are the environment variables that are used by the D-BUS client library

DBUS_VERBOSE=1
Turns on printing verbose messages. This only works if D-BUS has been
compiled with --enable-verbose-mode

DBUS_MALLOC_FAIL_NTH=n
Can be set to a number, causing every nth call to dbus_alloc or
dbus_realloc to fail. This only works if D-BUS has been compiled with
--enable-tests.

DBUS_MALLOC_FAIL_GREATER_THAN=n
Can be set to a number, causing every call to dbus_alloc or
dbus_realloc to fail if the number of bytes to be allocated is greater
than the specified number. This only works if D-BUS has been compiled with
--enable-tests.

Tests
===

These are the test programs that are built if dbus is compiled using
--enable-tests.

dbus/dbus-test
This is the main unit test program that tests all aspects of the D-BUS
client library.

dbus/bus-test
This it the unit test program for the message bus.

test/break-loader
A test that tries to break the message loader by passing it randomly
created invalid messages.

"make check" runs all the deterministic test programs (i.e. not break-loader).

"make check-coverage" is available if you configure with --enable-gcov and 
gives a complete report on test suite coverage. You can also run 
"test/decode-gcov foo.c" on any source file to get annotated source, 
after running make check with a gcov-enabled tree.