Difference between revisions of "Bering-uClibc 6.x - Developer Guide - The Release Process"
(→Create README (and Announcement)) |
(→Sign Packages with GPG maintainer key) |
||
(6 intermediate revisions by the same user not shown) | |||
Line 21: | Line 21: | ||
To compile build environments and packages for all supported architectures in one go, the shell script <code class="filename">build_all_archs.sh</code> has been added in the ''tools'' directory. | To compile build environments and packages for all supported architectures in one go, the shell script <code class="filename">build_all_archs.sh</code> has been added in the ''tools'' directory. | ||
− | To save time, it is also possible to blacklist packages that are known | + | To save time, it is also possible to blacklist packages that are known fail to build or only necessary for special tasks (e.g. <code class="filename">valgrind.lrp</code>). |
− | ==Sign | + | ==Sign Packages with GPG maintainer key== |
− | + | Starting with LEAF Bering-uClibc 6.2.2 we do provide gpg-signed Packages. | |
+ | |||
+ | The Packages are signed with a maintainer key. | ||
+ | The available and valid keys are collected in <code class="filename">/root/.gnupg/LEAF_sigkeys.gpg</code>. | ||
+ | |||
+ | <code class="filename">initrd.lrp</code> has to be signed with an external signature, all other Packages are signed with an inline signature. | ||
+ | |||
+ | To accomplish that task, run: | ||
+ | #/bin/sh | ||
+ | |||
+ | if [ -z "$1" ] | ||
+ | then | ||
+ | echo 'missing architecture e.g. i486-unknown-linux-uclibc' | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | PROG=$0 | ||
+ | PROGPATH=$( dirname $0 ) | ||
+ | |||
+ | USERID=[yourGPGShortKeyID] | ||
+ | |||
+ | # sign initrd.lrp with detached signature | ||
+ | gpg --passphrase "$PASSPHRASE" -u $USERID -b $PROGPATH/package/$1/initrd.lrp | ||
+ | |||
+ | #sign the remaining files and move the gpg-signed version to *.lrp | ||
+ | for i in $(ls $PROGPATH/package/$1/*.lrp) | ||
+ | do | ||
+ | [ $i = $PROGPATH/package/$1/initrd.lrp ] && continue | ||
+ | gpgv --keyring ~/.gnupg/LEAF_sigkeys.gpg --quiet $i > /dev/null 2>&1 && | ||
+ | continue | ||
+ | echo signing package $i | ||
+ | gpg --passphrase "$PASSPHRASE" -u $USERID --sign $i | ||
+ | mv $i.gpg $i | ||
+ | done | ||
+ | |||
+ | rm -f $PROGPATH/package/$1/sha*sum.list | ||
+ | sha512sum $PROGPATH/package/$1/* > $PROGPATH/package/$1/sha512sum.list | ||
==Create images and source tarball== | ==Create images and source tarball== | ||
Line 61: | Line 97: | ||
==Commit Packages to SF SCM with release-to-git.sh== | ==Commit Packages to SF SCM with release-to-git.sh== | ||
− | + | To make the release available for the <code class="filename">upgrade</code> utility it has finally added to the Packages repository. | |
+ | |||
+ | Therefor copy <code class="filename">release_to_git.sh</code> from the directory [Packages repository]/tools to your build directory and run: | ||
+ | |||
+ | ./release-to-git.sh -p /opt/leaf/git/packages -r 6.0.0 -b /leaf/master/ | ||
+ | |||
+ | The options are: | ||
+ | : -p -- path to git Packages repository | ||
+ | : -r -- release version | ||
+ | : -b -- path to your build directory containing the (signed) Packages in <code class="filename">package[toolchain]/</code> | ||
+ | |||
+ | Finally switch to your Packages repository and push the new version: | ||
+ | |||
+ | git push origin 6.0.0 | ||
+ | Done! | ||
---- | ---- | ||
{| summary="Navigation footer" width="100%" | {| summary="Navigation footer" width="100%" |
Latest revision as of 13:07, 1 September 2019
The Release Process | ||
---|---|---|
Prev | Bering-uClibc 6.x - Developer Guide |
Contents
Introduction
The target audience for this page are LEAF maintainers and admins.
The page describes the release process, mostly as reminder. Note: Various steps require (different) administrator privileges.
Rebuild new release from source
It is recommended to do a completly fresh build from the sources. Use the command:
./buildtool distclean
Compile the build environment and all packages.
./tools/buildall.sh
To compile build environments and packages for all supported architectures in one go, the shell script build_all_archs.sh
has been added in the tools directory.
To save time, it is also possible to blacklist packages that are known fail to build or only necessary for special tasks (e.g. valgrind.lrp
).
Sign Packages with GPG maintainer key
Starting with LEAF Bering-uClibc 6.2.2 we do provide gpg-signed Packages.
The Packages are signed with a maintainer key.
The available and valid keys are collected in /root/.gnupg/LEAF_sigkeys.gpg
.
initrd.lrp
has to be signed with an external signature, all other Packages are signed with an inline signature.
To accomplish that task, run:
#/bin/sh if [ -z "$1" ] then echo 'missing architecture e.g. i486-unknown-linux-uclibc' exit fi PROG=$0 PROGPATH=$( dirname $0 ) USERID=[yourGPGShortKeyID] # sign initrd.lrp with detached signature gpg --passphrase "$PASSPHRASE" -u $USERID -b $PROGPATH/package/$1/initrd.lrp #sign the remaining files and move the gpg-signed version to *.lrp for i in $(ls $PROGPATH/package/$1/*.lrp) do [ $i = $PROGPATH/package/$1/initrd.lrp ] && continue gpgv --keyring ~/.gnupg/LEAF_sigkeys.gpg --quiet $i > /dev/null 2>&1 && continue echo signing package $i gpg --passphrase "$PASSPHRASE" -u $USERID --sign $i mv $i.gpg $i done rm -f $PROGPATH/package/$1/sha*sum.list sha512sum $PROGPATH/package/$1/* > $PROGPATH/package/$1/sha512sum.list
Create images and source tarball
Create the images:
fakeroot ./buildimage.pl --kernel-arch geode --image-type syslinux --variant serial fakeroot ./buildimage.pl --kernel-arch i486 --image-type isolinux --variant vga fakeroot ./buildimage.pl --kernel-arch i486 --image-type syslinux --variant serial fakeroot ./buildimage.pl --kernel-arch i486 --image-type syslinux --variant vga fakeroot ./buildimage.pl --kernel-arch i686 --image-type syslinux --variant vga fakeroot ./buildimage.pl --kernel-arch i686 --image-type isolinux --variant vga ...
It is a good idea to finally test the newly build version with qemu:
qemu-system-i386 -enable-kvm -m 512 -cdrom image/Bering-uClibc_6.0.0-nn_i486_isolinux_vga.iso
Create the sources tarball as required by SF policy:
cd [path to git]bering-uclibc$ git archive --format=tgz -9 HEAD -o [your/upload-dir]/Bering-uClibc_6.0.0-nn_src.tgz
Tag release in LEAF Bering-uClibc git repository
[path to git]/leaf/bering-uclibc# git tag -a -m "Release of LEAF Bering-uClibc 6.0.0-nn" v6.0.0-nn [path to git]/leaf/bering-uclibc# git push origin v6.0.0-nn
Create Readme (and Announcement)
This should be obvious. Announcements are not made on a regular basis though. We do have a Changelog in this wiki, and when releasing at SF a note will be send to subscribed users if a new release is available..
Upload files to SF FRS
Login to SF FRS
Create New Folder, named with the release version.
Change to the created folder and upload Readme, the Images and the source tarball.
Commit Packages to SF SCM with release-to-git.sh
To make the release available for the upgrade
utility it has finally added to the Packages repository.
Therefor copy release_to_git.sh
from the directory [Packages repository]/tools to your build directory and run:
./release-to-git.sh -p /opt/leaf/git/packages -r 6.0.0 -b /leaf/master/
The options are:
- -p -- path to git Packages repository
- -r -- release version
- -b -- path to your build directory containing the (signed) Packages in
package[toolchain]/
Finally switch to your Packages repository and push the new version:
git push origin 6.0.0
Done!
Prev | Up |