putty/CHECKLST.txt

Checklists for PuTTY administrative procedures
==============================================

Locations of the licence
------------------------

The PuTTY copyright notice and licence are stored in quite a few
places. At the start of a new year, the copyright year needs
updating in all of them; and when someone sends a massive patch,
their name needs adding in all of them too.

The LICENCE file in the main source distribution:

 - putty/LICENCE

The resource files:

 - putty/pageant.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/puttygen.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/win_res.rc
    + the copyright date appears twice, once in the About box and
      once in the Licence box. Don't forget to change both!
 - putty/mac/mac_res.r

The documentation (both the preamble blurb and the licence appendix):

 - putty/doc/blurb.but
 - putty/doc/licence.but

The website:

 - putty-website/licence.html
 
Before tagging a release
------------------------

For a long time we got away with never checking the current version
number into CVS at all - all version numbers were passed into the
build system on the compiler command line, and the _only_ place
version numbers showed up in CVS was in the tag information.

Unfortunately, those halcyon days are gone, and we do need the
version number in CVS in a couple of places. These must be updated
_before_ tagging a new release.

The file used to generate the Unix snapshot version numbers (which
are <previousrelease>-<date> so that the Debian versioning system
orders them correctly with respect to releases):

 - putty/LATEST.VER

The Windows installer script:

 - putty/putty.iss

The Mac resource file (used to generate the binary bit of the 'vers'
resources -- the strings are supplied by the usual means):

 - putty/mac/version.r

The actual release procedure
----------------------------

This is the procedure I (SGT) currently follow (or _should_ follow
:-) when actually making a release, once I'm happy with the position
of the tag.

 - Write a release announcement (basically a summary of the changes
   since the last release). Squirrel it away in
   ixion:src/putty/local/announce-<ver> in case it's needed again
   within days of the release going out.

 - On my local machines, check out the release-tagged version of the
   sources.
    + Make sure to run mkfiles.pl _after_ this checkout, just in
      case.

 - Build the Windows/x86 release binaries. Don't forget to supply
   VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
   ensure that they really do report their version number correctly.

 - Acquire the Windows/alpha release binaries from Owen.
    + Verify the snapshot-key signatures on these, to ensure they're
      really the ones he built. If I'm going to snapshot-sign a zip
      file I make out of these, I'm damn well going to make sure the
      binaries that go _into_ it were snapshot-signed themselves.

 - Run Halibut to build the docs.

 - Build the .zip files.
    + The binary archive putty.zip just contains all the .exe files
      except PuTTYtel, and the .hlp and .cnt files.
    + The source archive putty-src.zip is built by puttysnap.sh (my
      cron script that also builds the nightly snapshot source
      archive).
    + The docs archive puttydoc.zip contains all the HTML files
      output from Halibut.

 - Build the installer.

 - Sign the release (gpg --detach-sign).
    + Sign the locally built x86 binaries, the locally built x86
      binary zipfile, and the locally built x86 installer, with the
      release keys.
    + The Alpha binaries should already have been signed with the
      snapshot keys. Having checked that, sign the Alpha binary
      zipfile with the snapshot keys too.
    + The source archive should be signed with the release keys.
      This was the most fiddly bit of the last release I did: the
      script that built the source archive was on ixion, so I had to
      bring the archive back to my local machine, check everything
      in it was untampered-with, and _then_ sign it. Perhaps next
      time I should arrange that puttysnap.sh can run on my local
      box; it'd be a lot easier.
    + Don't forget to sign with both DSA and RSA keys for absolutely
      everything.

 - Begin to pull together the release directory structure.
    + subdir `x86' containing the x86 binaries, x86 binary zip, x86
      installer, and all signatures on the above.
    + subdir `alpha' containing the Alpha binaries, Alpha binary
      zip, and all signatures on the above.
    + top-level dir contains the source zip (plus signatures),
      puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.

 - Create and sign md5sums files: one in the x86 subdir, one in the
   alpha subdir, and one in the parent dir of both of those.
    + The md5sums files need not list the .DSA and .RSA signatures,
      and the top-level md5sums need not list the other two.
    + Sign the md5sums files (gpg --clearsign). The Alpha md5sums
      should be signed with the snapshot keys, but the other two
      with the release keys (yes, the top-level one includes some
      Alpha files, but I think people will understand).

 - Now double-check by verifying all the signatures on all the
   files.

 - Create subdir `htmldoc' in the release directory, which should
   contain exactly the same set of HTML files that went into
   puttydoc.zip.

 - Now the whole release directory should be present and correct.
   Upload to ixion:www/putty/<ver>, upload to
   chiark:ftp/putty-<ver>, and upload to the:www/putty/<ver>.

 - Update the HTTP redirects.
    + Update the one at the:www/putty/htaccess which points the
      virtual subdir `latest' at the actual latest release dir. TEST
      THIS ONE - it's quite important.
    + ixion:www/putty/.htaccess has an individual redirect for each
      version number. Add a new one.

 - Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).

 - Update web site.
   + Adjust front page (`the latest version is <ver>').
   + Adjust filename of installer on links in Download page.
   + Adjust header text on Changelog page. (That includes changing
     `are new' in previous version to `were new'!)

 - Check the Docs page links correctly to the release docs. (It
   should do this automatically, owing to the `latest' HTTP
   redirect.)

 - Check that the web server attaches the right content type to .HLP
   and .CNT files.

 - Run webupdate, so that all the changes on ixion propagate to
   chiark. Important to do this _before_ announcing that the release
   is available.

 - Announce the release!
    + Mail the announcement to putty-announce.
    + Post it to comp.security.ssh.
    + Mention it in <TDHIS> on mono.

 - All done. Probably best to run `cvs up -A' now, or I'll only
   forget in a few days' time and get confused...
After the New Year copyright-dates fiasco, I think it's about time we had one or two official checklists. This file lists the locations of _all_ the copies of the licence and the copyright dates, all the files in CVS which need to know the current version number, and also lays out the release procedure since I always find it terribly fiddly to do it all in the right order. PLEASE KEEP THESE LISTS UP TO DATE, people! Anyone adds a new copy of the licence or the copyright notice, shout about it in here. Likewise any file that needs to know the current release number and can't get away with referencing LATEST.VER. [originally from svn r2589] 2003-01-14 17:19:35 +03:00			`Checklists for PuTTY administrative procedures`
			`==============================================`

			`Locations of the licence`
			`------------------------`

			`The PuTTY copyright notice and licence are stored in quite a few`
			`places. At the start of a new year, the copyright year needs`
			`updating in all of them; and when someone sends a massive patch,`
			`their name needs adding in all of them too.`

			`The LICENCE file in the main source distribution:`

			`- putty/LICENCE`

			`The resource files:`

			`- putty/pageant.rc`
			`+ the copyright date appears twice, once in the About box and`
			`once in the Licence box. Don't forget to change both!`
			`- putty/puttygen.rc`
			`+ the copyright date appears twice, once in the About box and`
			`once in the Licence box. Don't forget to change both!`
			`- putty/win_res.rc`
			`+ the copyright date appears twice, once in the About box and`
			`once in the Licence box. Don't forget to change both!`
			`- putty/mac/mac_res.r`

			`The documentation (both the preamble blurb and the licence appendix):`

			`- putty/doc/blurb.but`
			`- putty/doc/licence.but`

			`The website:`

			`- putty-website/licence.html`

			`Before tagging a release`
			`------------------------`

			`For a long time we got away with never checking the current version`
			`number into CVS at all - all version numbers were passed into the`
			`build system on the compiler command line, and the _only_ place`
			`version numbers showed up in CVS was in the tag information.`

			`Unfortunately, those halcyon days are gone, and we do need the`
			`version number in CVS in a couple of places. These must be updated`
			`_before_ tagging a new release.`

			`The file used to generate the Unix snapshot version numbers (which`
			`are <previousrelease>-<date> so that the Debian versioning system`
			`orders them correctly with respect to releases):`

			`- putty/LATEST.VER`

Add constants to mac_res.r to set the binary version number. Mention this in CHECKLST as a location where the version number has to be set. [originally from svn r2598] 2003-01-14 22:29:18 +03:00			`The Windows installer script:`
After the New Year copyright-dates fiasco, I think it's about time we had one or two official checklists. This file lists the locations of _all_ the copies of the licence and the copyright dates, all the files in CVS which need to know the current version number, and also lays out the release procedure since I always find it terribly fiddly to do it all in the right order. PLEASE KEEP THESE LISTS UP TO DATE, people! Anyone adds a new copy of the licence or the copyright notice, shout about it in here. Likewise any file that needs to know the current release number and can't get away with referencing LATEST.VER. [originally from svn r2589] 2003-01-14 17:19:35 +03:00
			`- putty/putty.iss`

Add constants to mac_res.r to set the binary version number. Mention this in CHECKLST as a location where the version number has to be set. [originally from svn r2598] 2003-01-14 22:29:18 +03:00			`The Mac resource file (used to generate the binary bit of the 'vers'`
			`resources -- the strings are supplied by the usual means):`

Move the 'vers' resources for Mac OS into their own file, to be shared by the various applications. [originally from svn r2843] 2003-02-13 15:30:10 +03:00			`- putty/mac/version.r`
Add constants to mac_res.r to set the binary version number. Mention this in CHECKLST as a location where the version number has to be set. [originally from svn r2598] 2003-01-14 22:29:18 +03:00
After the New Year copyright-dates fiasco, I think it's about time we had one or two official checklists. This file lists the locations of _all_ the copies of the licence and the copyright dates, all the files in CVS which need to know the current version number, and also lays out the release procedure since I always find it terribly fiddly to do it all in the right order. PLEASE KEEP THESE LISTS UP TO DATE, people! Anyone adds a new copy of the licence or the copyright notice, shout about it in here. Likewise any file that needs to know the current release number and can't get away with referencing LATEST.VER. [originally from svn r2589] 2003-01-14 17:19:35 +03:00			`The actual release procedure`
			`----------------------------`

			`This is the procedure I (SGT) currently follow (or _should_ follow`
			`:-) when actually making a release, once I'm happy with the position`
			`of the tag.`

			`- Write a release announcement (basically a summary of the changes`
			`since the last release). Squirrel it away in`
			`ixion:src/putty/local/announce-<ver> in case it's needed again`
			`within days of the release going out.`

			`- On my local machines, check out the release-tagged version of the`
			`sources.`
It's impossible to write a checklist from scratch without leaving one or two things out of the first version. [originally from svn r2590] 2003-01-14 18:01:18 +03:00			`+ Make sure to run mkfiles.pl _after_ this checkout, just in`
			`case.`
After the New Year copyright-dates fiasco, I think it's about time we had one or two official checklists. This file lists the locations of _all_ the copies of the licence and the copyright dates, all the files in CVS which need to know the current version number, and also lays out the release procedure since I always find it terribly fiddly to do it all in the right order. PLEASE KEEP THESE LISTS UP TO DATE, people! Anyone adds a new copy of the licence or the copyright notice, shout about it in here. Likewise any file that needs to know the current release number and can't get away with referencing LATEST.VER. [originally from svn r2589] 2003-01-14 17:19:35 +03:00
			`- Build the Windows/x86 release binaries. Don't forget to supply`
			`VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to`
			`ensure that they really do report their version number correctly.`

			`- Acquire the Windows/alpha release binaries from Owen.`
			`+ Verify the snapshot-key signatures on these, to ensure they're`
			`really the ones he built. If I'm going to snapshot-sign a zip`
			`file I make out of these, I'm damn well going to make sure the`
			`binaries that go _into_ it were snapshot-signed themselves.`

			`- Run Halibut to build the docs.`

			`- Build the .zip files.`
			`+ The binary archive putty.zip just contains all the .exe files`
			`except PuTTYtel, and the .hlp and .cnt files.`
			`+ The source archive putty-src.zip is built by puttysnap.sh (my`
			`cron script that also builds the nightly snapshot source`
			`archive).`
			`+ The docs archive puttydoc.zip contains all the HTML files`
			`output from Halibut.`

			`- Build the installer.`

			`- Sign the release (gpg --detach-sign).`
			`+ Sign the locally built x86 binaries, the locally built x86`
			`binary zipfile, and the locally built x86 installer, with the`
			`release keys.`
			`+ The Alpha binaries should already have been signed with the`
			`snapshot keys. Having checked that, sign the Alpha binary`
			`zipfile with the snapshot keys too.`
			`+ The source archive should be signed with the release keys.`
			`This was the most fiddly bit of the last release I did: the`
			`script that built the source archive was on ixion, so I had to`
			`bring the archive back to my local machine, check everything`
			`in it was untampered-with, and _then_ sign it. Perhaps next`
			`time I should arrange that puttysnap.sh can run on my local`
			`box; it'd be a lot easier.`
			`+ Don't forget to sign with both DSA and RSA keys for absolutely`
			`everything.`

			`- Begin to pull together the release directory structure.`
			+ subdir `x86' containing the x86 binaries, x86 binary zip, x86
			`installer, and all signatures on the above.`
			+ subdir `alpha' containing the Alpha binaries, Alpha binary
			`zip, and all signatures on the above.`
			`+ top-level dir contains the source zip (plus signatures),`
			`puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.`

			`- Create and sign md5sums files: one in the x86 subdir, one in the`
			`alpha subdir, and one in the parent dir of both of those.`
			`+ The md5sums files need not list the .DSA and .RSA signatures,`
			`and the top-level md5sums need not list the other two.`
			`+ Sign the md5sums files (gpg --clearsign). The Alpha md5sums`
			`should be signed with the snapshot keys, but the other two`
			`with the release keys (yes, the top-level one includes some`
			`Alpha files, but I think people will understand).`

			`- Now double-check by verifying all the signatures on all the`
			`files.`

			- Create subdir `htmldoc' in the release directory, which should
			`contain exactly the same set of HTML files that went into`
			`puttydoc.zip.`

			`- Now the whole release directory should be present and correct.`
			`Upload to ixion:www/putty/<ver>, upload to`
			`chiark:ftp/putty-<ver>, and upload to the:www/putty/<ver>.`

			`- Update the HTTP redirects.`
			`+ Update the one at the:www/putty/htaccess which points the`
			virtual subdir `latest' at the actual latest release dir. TEST
			`THIS ONE - it's quite important.`
			`+ ixion:www/putty/.htaccess has an individual redirect for each`
			`version number. Add a new one.`

			`- Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).`

			`- Update web site.`
			+ Adjust front page (`the latest version is <ver>').
			`+ Adjust filename of installer on links in Download page.`
			`+ Adjust header text on Changelog page. (That includes changing`
			`are new' in previous version to `were new'!)

			`- Check the Docs page links correctly to the release docs. (It`
			should do this automatically, owing to the `latest' HTTP
			`redirect.)`

			`- Check that the web server attaches the right content type to .HLP`
			`and .CNT files.`

It's impossible to write a checklist from scratch without leaving one or two things out of the first version. [originally from svn r2590] 2003-01-14 18:01:18 +03:00			`- Run webupdate, so that all the changes on ixion propagate to`
			`chiark. Important to do this _before_ announcing that the release`
			`is available.`

After the New Year copyright-dates fiasco, I think it's about time we had one or two official checklists. This file lists the locations of _all_ the copies of the licence and the copyright dates, all the files in CVS which need to know the current version number, and also lays out the release procedure since I always find it terribly fiddly to do it all in the right order. PLEASE KEEP THESE LISTS UP TO DATE, people! Anyone adds a new copy of the licence or the copyright notice, shout about it in here. Likewise any file that needs to know the current release number and can't get away with referencing LATEST.VER. [originally from svn r2589] 2003-01-14 17:19:35 +03:00			`- Announce the release!`
			`+ Mail the announcement to putty-announce.`
			`+ Post it to comp.security.ssh.`
			`+ Mention it in <TDHIS> on mono.`

			- All done. Probably best to run `cvs up -A' now, or I'll only
			`forget in a few days' time and get confused...`