|
|
|
|
|
1. For security sensitive releases:
|
|
|
* Make sure all customers and Turris team are ready for public disclosure.
|
|
|
* Coordinate unembargo date with [OSS distros mailing list](http://oss-security.openwall.org/wiki/mailing-lists/distros) and obtain CVE # from the list.
|
|
|
|
|
|
* Make sure all customers and Turris team are ready for public disclosure.
|
|
|
* Coordinate unembargo date with [OSS distros mailing list](http://oss-security.openwall.org/wiki/mailing-lists/distros) and obtain CVE # from the list.
|
|
|
|
|
|
1. Change version in `config.mk`
|
|
|
|
|
|
1. Update `NEWS`
|
|
|
|
|
|
1. Make sure the tests are passing (automatic), and check respiff report (manual)
|
|
|
2. Build packages in OBS (with debian symbols):
|
|
|
3. `./scripts/make-archive.sh`
|
|
|
3. `./scripts/make-distrofiles.sh -s`
|
|
|
3. `./scripts/build-in-obs.sh knot-resolver-devel`
|
|
|
2. Check package builds in [knot-resolver-devel](https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-devel) are successful. If they fail, examine build log and fix what's necessary (e.g. update debian symbols file).
|
|
|
2. Wait for packages to be published. This may take up to a few hours.
|
|
|
2. Verify packages are working when installed:
|
|
|
3. `cd distro/tests`
|
|
|
3. For each distro: `./test-distro.sh devel debian9` (return code is 0 on success)
|
|
|
2. Check docker: https://hub.docker.com/r/cznic/knot-resolver/builds/
|
|
|
1. Check that generated files are up to date.
|
|
|
```
|
|
|
rm etc/root.hints && make
|
|
|
```
|
|
|
|
|
|
1. Build test packages in OBS (with debian symbols):
|
|
|
|
|
|
```
|
|
|
./scripts/make-archive.sh
|
|
|
./scripts/make-distrofiles.sh -s
|
|
|
./scripts/build-in-obs.sh knot-resolver-testing
|
|
|
```
|
|
|
|
|
|
1. Check package builds in [knot-resolver-testing](https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-testing) are successful. If they fail, examine build log and fix what's necessary (e.g. update debian symbols file).
|
|
|
1. Wait for packages to be published. This may take up to a few hours.
|
|
|
1. Verify packages are working when installed:
|
|
|
|
|
|
1. `cd distro/tests`
|
|
|
1. For each distro: `./test-distro.sh devel debian9` (return code is 0 on success)
|
|
|
|
|
|
1. Check docker: https://hub.docker.com/r/cznic/knot-resolver/builds/
|
|
|
|
|
|
1. Check that generated files are up to date: `rm etc/root.hints && make`
|
|
|
1. Create a tag: `git -as vX.Y.Z[.alphatag]`, content `Knot Resolver X.Y.Z[.alphatag]`, signed with a developer's GPG key
|
|
|
1. Push the changes and tag
|
|
|
1. Copy the NEWS section to https://gitlab.labs.nic.cz/knot/knot-resolver/tags
|
|
|
1. Documentation should regenerate automatically: check http://readthedocs.org/projects/knot-resolver/builds/
|
|
|
1. DNS should get updated automatically from tags: check `kdig et.knot-resolver.cz. TXT +short`
|
|
|
|
|
|
* If the tag isn't there, try to trigger the webhook manually from `Settings -> Integration` (Test push tag events)
|
|
|
|
|
|
1. (deprecated step) DNS should get updated automatically from tags: check `kdig et.knot-resolver.cz. TXT +short`
|
|
|
1. Create a tarball with `./scripts/make-archive.sh`
|
|
|
1. Upload the tarball:
|
|
|
2. Use [sign-and-upload-knot-release](https://gitlab.labs.nic.cz/knot/knot-dns/snippets/63) script or following:
|
|
|
3. Generate signature using the Knot DNS signing key: `gpg --detach-sign --armor --digest-algo SHA512 knot-resolver-x.y.z.tar.xz`
|
|
|
3. Generate checksum file: `sha256sum knot-resolver-x.y.z.tar.xz > knot-resolver-x.y.z.tar.xz.sha256`
|
|
|
3. Upload the tarball, signature, and checksum to [secure.nic.cz](https://secure.nic.cz/files/knot-resolver/):
|
|
|
```
|
|
|
curl -u name.surname -n --basic -T {,https://public.nic.cz/files/knot-resolver/}knot-resolver-x.y.z.tar.xz
|
|
|
```
|
|
|
|
|
|
* Use [sign-and-upload-knot-release](https://gitlab.labs.nic.cz/knot/knot-dns/snippets/63) script or following:
|
|
|
|
|
|
1. Generate signature using the Knot DNS signing key: `gpg --detach-sign --armor --digest-algo SHA512 knot-resolver-x.y.z.tar.xz`
|
|
|
1. Generate checksum file: `sha256sum knot-resolver-x.y.z.tar.xz > knot-resolver-x.y.z.tar.xz.sha256`
|
|
|
1. Upload the tarball, signature, and checksum to [secure.nic.cz](https://secure.nic.cz/files/knot-resolver/): `curl -u name.surname -n --basic -T {,https://public.nic.cz/files/knot-resolver/}knot-resolver-x.y.z.tar.xz`
|
|
|
|
|
|
1. Trigger package build in OBS:
|
|
|
2. Make sure you've checked out the released version: `git checkout vx.y.z`
|
|
|
2. Make sure the release tarball `knot-resolver-x.y.z.tar.xz` is in git root
|
|
|
2. Prepare distro files (with symbols): `./scripts/make-distrofiles.sh -s`
|
|
|
2. Upload new files to [knot-resolver-latest](https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-latest): `./scripts/build-in-obs.sh knot-resolver-latest`
|
|
|
2. Check the builds have completed successfully (builds should be done in ~10mins and published within ~2 hours).
|
|
|
|
|
|
1. Make sure you've checked out the released version: `git checkout vx.y.z`
|
|
|
1. Make sure the release tarball `knot-resolver-x.y.z.tar.xz` is in git root
|
|
|
1. Prepare distro files (with symbols): `./scripts/make-distrofiles.sh -s`
|
|
|
1. Upload new files to [knot-resolver-latest](https://build.opensuse.org/project/show/home:CZ-NIC:knot-resolver-latest): `./scripts/build-in-obs.sh knot-resolver-latest`
|
|
|
1. Check the builds have completed successfully (builds should be done in ~10mins and published within ~2 hours).
|
|
|
|
|
|
1. Update the [Knot Resolver website](https://gitlab.labs.nic.cz/websites/knot-resolver.cz):
|
|
|
2. Create a branch in the web repo
|
|
|
2. Link to the sources in `content/pages/en/download.rst`
|
|
|
2. Copy NEWS into a file in `content/news/en/` (+ simple header)
|
|
|
2. Packages
|
|
|
2. Preview web locally:
|
|
|
```
|
|
|
git submodule update --init --recursive
|
|
|
virtualenv .
|
|
|
source bin/activate
|
|
|
pip install -r requirements.txt
|
|
|
make
|
|
|
make serve &
|
|
|
xdg-open http://localhost:8000
|
|
|
```
|
|
|
2. Push the branch and merge it via web to master, leading to immediate deployment to knot-resolver.cz.
|
|
|
|
|
|
1. Create a branch in the web repo
|
|
|
1. Link to the sources in `content/pages/en/download.rst`
|
|
|
1. Copy NEWS into a file in `content/news/en/` (+ simple header)
|
|
|
1. Preview web locally:
|
|
|
|
|
|
```
|
|
|
git submodule update --init --recursive
|
|
|
virtualenv -p python2 .
|
|
|
source bin/activate
|
|
|
pip install -r requirements.txt
|
|
|
make
|
|
|
make serve &
|
|
|
xdg-open http://localhost:8000
|
|
|
```
|
|
|
|
|
|
1. Push the branch and merge it via web to master, leading to immediate deployment to [knot-resolver.cz](https://knot-resolver.cz).
|
|
|
|
|
|
1. Write release e-mail to knot-resolver-announce@lists.nic.cz and knot-resolver-users@lists.nic.cz. Also send a Czech e-mail to internal mailing list. Optionally, also notify Bára and Vilém with information suitable for PR (like root.cz).
|
|
|
1. Post some short note to [Twitter](https://twitter.com/KnotDNS)
|
|
|
1. Update packages in distribution repositories (Fedora, EPEL) |
|
|
1. Update packages in distribution repositories (Fedora, EPEL, AUR) |