-
Notifications
You must be signed in to change notification settings - Fork 7
/
CHECKLST.txt
274 lines (216 loc) · 11.4 KB
/
CHECKLST.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
Checklists for PuTTY administrative procedures
==============================================
Going into pre-release stabilisation
------------------------------------
When we begin to work towards a release and want to enable
pre-releases on the website:
- Make a branch whose tip will be the current state of the
pre-release. Regardless of whether the branch is from main or
from a prior release branch, the name of the branch must now be in
the form 'pre-X.YZ', or else the website will fail to link to it
properly in gitweb and the build script will check out the wrong
thing.
- Edit ~/adm/puttysnap.sh on my build machine to set $prerelver correctly.
- Edit ~/adm/puttysnap.sh on the master machine to enable pre-release
builds, by changing the 'if false' to 'if true'.
- Wait for a nightly build to run, so that the first pre-release
snapshot actually exists.
- Put the website into pre-release mode, by defining prerel_version()
in components/Base.mc to return the upcoming version number. Also
add a news announcement in components/news. (Previous naming
convention has been to name it in the form 'X.YZ-pre.mi'.)
- Optionally: write an announcement email for the availability of
pre-releases, and send it out to <putty-announce@lists.tartarus.org>.
Things to do during the branch-stabilisation period:
- Go through the source (including the documentation), and the
website, and review anything tagged with a comment containing the
word XXX-REVIEW-BEFORE-RELEASE. (Any such comments should state
clearly what needs to be done.)
- Test the Unix build with Address Sanitiser. In particular, any
headline features for the release should get a workout with memory
checking enabled!
- Test the Windows build with Address Sanitiser too (as of VS 2022).
+ In the course of that, give a recent Windows pterm a try, to
make sure that still works.
- Test building and running on old platforms:
+ build on Debian stretch (containing CMake 3.7, the earliest
CMake we claim support for)
+ build with all three major versions of GTK
+ build the old-Windows binaries and test-run them on Win95 (PuTTY
proper even without WinSock2)
- Check Coverity is happy.
- Check the side-channel tester is happy.
- Check all the non-SSH network backends still basically work.
Making a release candidate build
--------------------------------
- Make a directory to hold all the release paraphernalia. I usually
call it ~/src/putty/X.YZ (where X.YZ will stand throughout for the
version number).
- Inside that directory, clone the PuTTY git repository to a
subdirectory ~/src/putty/X.YZ/putty. Here you can make release-
related commits and tags tentatively, and keep them out of the way
of any 'git push' you might still be doing in other checkouts.
- Double-check that we have removed anything tagged with a comment
containing the words XXX-REMOVE-BEFORE-RELEASE or
XXX-REVIEW-BEFORE-RELEASE. ('git grep XXX-RE' should only show up
hits in this file itself.)
- Now update the version numbers and the transcripts in the docs, by
checking out the release branch in the release-specific checkout
and running
./release.pl --version=X.YZ --setver
Then check that the resulting automated git commit has updated the
version number in the following places:
* putty/LATEST.VER
* putty/doc/plink.but
* putty/doc/pscp.but
and also check that it has reset the definition of 'Epoch' in
Buildscr.
- Make the release tag, pointing at the version-update commit we just
generated.
- Make a release-candidate build from the release tag, and put the
build.out and build.log files somewhere safe. Normally I store
these inside the ~/src/putty/X.YZ directory, alongside the git
checkout at ~/src/putty/X.YZ/putty, so I'll sit in that checkout
directory and run a command like
bob -o ../build-X.YZ-rcN.out -l ../build-X.YZ-rcN.log -c X.YZ . RELEASE=X.YZ
This should generate a basically valid release directory as
`build-X.YZ-rcN.out/putty', and provide link maps and sign.sh
alongside that.
- Double-check in build-X.YZ-rcN.log that the release was built from
the right git commit.
- Make a preliminary gpg signature, but don't run the full release-
signing procedure. (We use the presence of a full set of GPG
signatures to distinguish _abandoned_ release candidates from the
one that ended up being the release.) In the 'build.X.YZ-rcN.out'
directory, run
sh sign.sh -r -p putty
which will generate a clearsigned file called
sha512sums-preliminary.gpg _outside_ the 'putty' subdirectory.
- For my own safety, make the release candidate build read-only.
chmod -R a-w build-X.YZ-rcN.{out,log}
- Now do some checking of the release binaries, and pass them to the
rest of the team to do some as well. Do at least these things:
* make sure they basically work
* check they report the right version number
* if there's any easily observable behaviour difference between
the release branch and main, arrange to observe it
* test that the Windows installer installs successfully
+ on x86 and Arm, and test that putty.exe runs in both cases
* test that the Unix source tarball unpacks and builds
+ on at least a reasonably current stable Linux distro, and
also try Debian sid
+ test-build with all of GTK 1, 2 and 3
+ test-build with -DNOT_X_WINDOWS
* test that the Windows source builds with Visual Studio (just in
case there's an unguarded clangism that would prevent it)
* quick check of the outlying network protocols (Telnet, SUPDUP
etc)
* feed the release-candidate source to Coverity and make sure it
didn't turn up any last-minute problems
* make sure we have a clean run of testsc
* do some testing on a system with a completely clean slate (no
prior saved session data)
Preparing to make the release
-----------------------------
- Write a release announcement (basically a summary of the changes
since the last release). Check the draft version into the putty-aux
repository, so the whole team can help wordsmith it if they want to.
- Update the website, in a local checkout:
* Write a release file in components/releases which identifies the
new version, a section for the Changes page, and a news
announcement for the front page.
+ The one thing this can't yet contain is the release date;
that has to be put in at the last minute, when the release
goes live. Fill in 'FIXME', for the moment.
* Disable the pre-release sections of the website (if previously
enabled), by editing prerel_version() in components/Base.mc to
return undef.
- Update the wishlist, in a local checkout:
* If there are any last-minute wishlist entries (e.g. security
vulnerabilities fixed in the new release), write entries for
them.
* If any other bug fixes have been cherry-picked to the release
branch (so that the wishlist mechanism can't automatically mark
them as fixed in the new release), add appropriate Fixed-in
headers for those.
- Sign the release in full. In the `build-X.YZ-rcN.out' directory,
re-verify that the preliminary signed checksums file has a correct
signature on it and also matches the files you're about to sign for real:
gpg -d sha512sums-preliminary.gpg | (cd putty; grep -vF ' (installer version)' | grep . | sha512sum -c)
If the combined output of that pipeline reports both a good
signature (from the release key) and a successful verification of
all the sha512sums, then all is well and you can do the full
signing (not forgetting that the directory will have been readonly
during the last-minute testing period):
chmod -R u+w putty
sh sign.sh -r putty # and enter the release key passphrase
chmod -R a-w putty
The actual release procedure
----------------------------
Once all the above preparation is done and the release has been built
locally, this is the procedure for putting it up on the web.
- Make a final adjustment to your local website changes, filling in
the release date in components/releases/X.YZ.mi.
- Upload the release itself and its link maps to everywhere it needs
to be, by running this in the build-X.YZ-rcN.out directory:
../putty/release.pl --version=X.YZ --upload
- Check that downloads via version-numbered URLs all work:
../putty/release.pl --version=X.YZ --precheck
- Switch the 'latest' links over to the new release:
* Update the HTTP redirect at the:www/putty/htaccess .
- Now verify that downloads via the 'latest' URLs are all redirected
correctly and work:
../putty/release.pl --version=X.YZ --postcheck
- If the release is on a branch (which I expect it generally will
be), merge that branch to main, so that the 'update version number'
change appears on main and the snapshots start announcing
themselves as post-X.YZ.
- Push all the git repositories:
* run 'git push' in the website checkout
* run 'git push' in the wishlist checkout
* push from the main PuTTY checkout. Typically this one will be
pushing both the release tag and the merge we just made to the
main branch, plus removing the pre-release branch, so you'll
want some
commands along these lines:
git push origin main # update the main branch
git push origin --tags # should push the new release tag
git push origin :pre-X.YZ # delete the pre-release branch
- Run ~/adm/puttyweb.sh on thyestes to update the website after all
those git pushes.
- Check that the unpublished website on thyestes looks sensible.
- Run webupdate, so that all the changes on thyestes propagate to
chiark. Important to do this _before_ announcing that the release
is available.
- After running webupdate, run update-rsync on chiark and verify that
the rsync mirror package (~/ftp/putty-website-mirror) contains a
subdirectory for the new version and that the links from its
latest.html point into that subdirectory.
- Start the process of updating our Windows Store entry:
+ log into partner.microsoft.com and go to Partner Center
+ start editing the existing app submission, which should
automatically create a new submission
* provide a new set of installer URLs, then click "save all"
which actually uploads them
+ be careful to use URLs without "latest" in the pathname!
Just copying from the links on the download page is wrong.
Change "latest" to the version number, and test-download
via those URLs to check you didn't make a typo.
* change the "what's new in this release" text in the store
listing
* upload revised screenshots, if necessary
* update the URL in the "Applicable license terms" box
+ press Publish to submit that to the actual upload process
- Announce the release!
+ Construct a release announcement email whose message body is the
announcement written above, and which includes the following
headers:
* Reply-To: <putty@projects.tartarus.org>
* Subject: PuTTY X.YZ is released
+ Mail that release announcement to
<putty-announce@lists.tartarus.org>.
+ Post it to comp.security.ssh.
+ Mention it in <TDHTT> on mono.
- Edit the master ~/adm/puttysnap.sh to disable pre-release builds,
if they were previously enabled.
- Relax (slightly).