github
/
putty
зеркало из https://github.com/github/putty.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Release checklist updates post-0.72. 

Notable changes:
 - mentioned ASan, which now seems to be good enough to take over from
   valgrind as my first-choice memory debugging tool
 - release announcements now live in putty-aux
 - a couple of clarifications of which directory to be in for which
   commands, and adjusted relative paths appropriately
 - remove obsolete mention of entering the GPG release key passphrase
   numerous times (that was for GPG 1, without gpg-agent)
 - remind myself that in the final signing procedure, you have to undo
   the chmod you did for safety a couple of weeks earlier!
This commit is contained in:
Simon Tatham 2019-07-20 08:09:04 +01:00
Родитель 75cd6c8b27
Коммит 37bff968eb
1 изменённых файлов: 33 добавлений и 23 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

56
CHECKLST.txt
Просмотреть файл

@ -4,7 +4,7 @@ Checklists for PuTTY administrative procedures
Going into pre-release stabilisation Going into pre-release stabilisation
------------------------------------ ------------------------------------
When we begin to work towards a release and want to enabling When we begin to work towards a release and want to enable
pre-releases on the website: pre-releases on the website:
- Make a branch whose tip will be the current state of the - Make a branch whose tip will be the current state of the
@ -33,19 +33,21 @@ Things to do during the branch-stabilisation period:
- Do some testing of the Windows version with Minefield (you can - Do some testing of the Windows version with Minefield (you can
build a Minefield version using 'bob . XFLAGS=-DMINEFIELD'), and of build a Minefield version using 'bob . XFLAGS=-DMINEFIELD'), and of
the Unix version with valgrind. In particular, any headline the Unix version with valgrind and/or Address Sanitiser. In
features for the release should get a workout with memory checking particular, any headline features for the release should get a
enabled! workout with memory checking enabled!
Making a release candidate build Making a release candidate build
-------------------------------- --------------------------------
- Make a directory to hold all the release paraphernalia. I usually - Make a directory to hold all the release paraphernalia. I usually
call it ~/src/putty/X.YZ (where X.YZ will stand throughout for the call it ~/src/putty/X.YZ (where X.YZ will stand throughout for the
version number). In that directory, make a git clone of the PuTTY version number).
repository, where you can make release-related commits and tags
tentatively, and keep them out of the way of any 'git push' you - Inside that directory, clone the PuTTY git repository to a
might still be doing in other checkouts. subdirectory ~/src/putty/X.YZ/putty. Here you can make release-
related commits and tags tentatively, and keep them out of the way
of any 'git push' you might still be doing in other checkouts.
- Double-check that we have removed anything tagged with a comment - Double-check that we have removed anything tagged with a comment
containing the words XXX-REMOVE-BEFORE-RELEASE or containing the words XXX-REMOVE-BEFORE-RELEASE or
@ -75,9 +77,13 @@ Making a release candidate build
be), merge that branch to master. be), merge that branch to master.
- Make a release-candidate build from the release tag, and put the - Make a release-candidate build from the release tag, and put the
build.out and build.log dfiles somewhere safe. Normally I store build.out and build.log files somewhere safe. Normally I store
these in an adjacent directory, so I'll run a command like these inside the ~/src/putty/X.YZ directory, alongside the git
bob -o ../X.YZ/build-X.YZ-rcN.out -l ../X.YZ/build-X.YZ-rcN.log -c X.YZ . RELEASE=X.YZ checkout at ~/src/putty/X.YZ/putty, so I'll sit in that checkout
directory and run a command like
bob -o ../build-X.YZ-rcN.out -l ../build-X.YZ-rcN.log -c X.YZ . RELEASE=X.YZ
This should generate a basically valid release directory as This should generate a basically valid release directory as
`build-X.YZ-rcN.out/putty', and provide link maps and sign.sh `build-X.YZ-rcN.out/putty', and provide link maps and sign.sh
alongside that. alongside that.
@ -91,12 +97,11 @@ Making a release candidate build
one that ended up being the release.) In the 'build.X.YZ-rcN.out' one that ended up being the release.) In the 'build.X.YZ-rcN.out'
directory, run directory, run
sh sign.sh -r -p putty sh sign.sh -r -p putty
and you should only have to enter the release key passphrase once,
which will generate a clearsigned file called which will generate a clearsigned file called
sha512sums-preliminary.gpg _outside_ the 'putty' subdirectory. sha512sums-preliminary.gpg _outside_ the 'putty' subdirectory.
- For my own safety, make the release candidate build read-only. - For my own safety, make the release candidate build read-only.
chmod -R a-w build-X.YZ-rcN.out build-X.YZ-rcN.log chmod -R a-w build-X.YZ-rcN.{out,log}
- Now do some checking of the release binaries, and pass them to the - Now do some checking of the release binaries, and pass them to the
rest of the team to do some as well. Do at least these things: rest of the team to do some as well. Do at least these things:
@ -111,9 +116,8 @@ Preparing to make the release
----------------------------- -----------------------------
- Write a release announcement (basically a summary of the changes - Write a release announcement (basically a summary of the changes
since the last release). Squirrel it away in since the last release). Check the draft version into the putty-aux
thyestes:src/putty-local/announce-<ver> in case it's needed again repository, so the whole team can help wordsmith it if they want to.
within days of the release going out.
- Update the website, in a local checkout: - Update the website, in a local checkout:
* Write a release file in components/releases which identifies the * Write a release file in components/releases which identifies the
@ -138,12 +142,18 @@ Preparing to make the release
- Sign the release in full. In the `build-X.YZ-rcN.out' directory, - Sign the release in full. In the `build-X.YZ-rcN.out' directory,
re-verify that the preliminary signed checksums file has a correct re-verify that the preliminary signed checksums file has a correct
signature on it and also matches the files you're about to sign for real: signature on it and also matches the files you're about to sign for real:
gpg -d sha512sums-preliminary.gpg | (cd putty; grep -vF ' (installer version)' | grep . | sha512sum -c) gpg -d sha512sums-preliminary.gpg | (cd putty; grep -vF ' (installer version)' | grep . | sha512sum -c)
If the combined output of that pipeline reports both a good If the combined output of that pipeline reports both a good
signature (from the release key) and a successful verification of signature (from the release key) and a successful verification of
all the sha512sums, then all is well, so now run all the sha512sums, then all is well and you can do the full
sh sign.sh -r putty signing (not forgetting that the directory will have been readonly
and enter the release key passphrase a lot of times. during the last-minute testing period):
chmod -R u+w putty
sh sign.sh -r putty # and enter the release key passphrase
chmod -R a-w putty
The actual release procedure The actual release procedure
---------------------------- ----------------------------
@ -155,11 +165,11 @@ locally, this is the procedure for putting it up on the web.
the release date in components/releases/X.YZ.mi. the release date in components/releases/X.YZ.mi.
- Upload the release itself and its link maps to everywhere it needs - Upload the release itself and its link maps to everywhere it needs
to be, by running this in the build.out directory: to be, by running this in the build-X.YZ-rcN.out directory:
../release.pl --version=X.YZ --upload ../putty/release.pl --version=X.YZ --upload
- Check that downloads via version-numbered URLs all work: - Check that downloads via version-numbered URLs all work:
../release.pl --version=X.YZ --precheck ../putty/release.pl --version=X.YZ --precheck
If this has trouble accessing chiark's ftp server, that is If this has trouble accessing chiark's ftp server, that is
unfortunately normal; add --no-ftp and try again. unfortunately normal; add --no-ftp and try again.
@ -169,7 +179,7 @@ locally, this is the procedure for putting it up on the web.
- Now verify that downloads via the 'latest' URLs are all redirected - Now verify that downloads via the 'latest' URLs are all redirected
correctly and work: correctly and work:
../release.pl --version=X.YZ --postcheck ../putty/release.pl --version=X.YZ --postcheck
- Push all the git repositories: - Push all the git repositories:
* run 'git push' in the website checkout * run 'git push' in the website checkout