Difference between revisions of "Bering-uClibc 6.x - Developer Guide - The Release Process"

From bering-uClibc
Jump to: navigation, search
(Upload files to SF FRS)
(Sign Packages with GPG maintainer key)
 
(8 intermediate revisions by the same user not shown)
Line 21: Line 21:
  
 
To compile build environments and packages for all supported architectures in one go, the shell script <code class="filename">build_all_archs.sh</code> has been added in the ''tools'' directory.
 
To compile build environments and packages for all supported architectures in one go, the shell script <code class="filename">build_all_archs.sh</code> has been added in the ''tools'' directory.
To save time, it is also possible to blacklist packages that are known not to build or only necessaryfor special tasks (e.g. <code class="filename">valgrind.lrp<code>.
+
To save time, it is also possible to blacklist packages that are known fail to build or only necessary for special tasks (e.g. <code class="filename">valgrind.lrp</code>).
  
==Sign packages with GPG maintainer key==
+
==Sign Packages with GPG maintainer key==
tbd
+
Starting with LEAF Bering-uClibc 6.2.2 we do provide gpg-signed Packages.
 +
 
 +
The Packages are signed with a maintainer key.
 +
The available and valid keys are collected in <code class="filename">/root/.gnupg/LEAF_sigkeys.gpg</code>.
 +
 
 +
<code class="filename">initrd.lrp</code> has to be signed with an external signature, all other Packages are signed with an inline signature.
 +
 
 +
To accomplish that task, run:
 +
#/bin/sh
 +
 +
if [ -z "$1" ]
 +
then                                                                                                                           
 +
echo 'missing architecture e.g. i486-unknown-linux-uclibc'
 +
exit
 +
fi
 +
 +
PROG=$0
 +
PROGPATH=$( dirname $0 )
 +
 +
USERID=[yourGPGShortKeyID]
 +
 +
# sign initrd.lrp with detached signature
 +
gpg  --passphrase "$PASSPHRASE" -u $USERID -b $PROGPATH/package/$1/initrd.lrp
 +
 +
#sign the remaining files and move the gpg-signed version to *.lrp
 +
for i in $(ls $PROGPATH/package/$1/*.lrp)
 +
do
 +
[ $i = $PROGPATH/package/$1/initrd.lrp ] && continue
 +
gpgv --keyring ~/.gnupg/LEAF_sigkeys.gpg --quiet $i > /dev/null 2>&1 &&
 +
continue
 +
echo signing package $i
 +
gpg --passphrase "$PASSPHRASE" -u $USERID --sign $i
 +
mv $i.gpg $i
 +
done
 +
 +
rm -f $PROGPATH/package/$1/sha*sum.list
 +
sha512sum $PROGPATH/package/$1/* > $PROGPATH/package/$1/sha512sum.list
  
 
==Create images and source tarball==
 
==Create images and source tarball==
Line 48: Line 84:
 
  [path to git]/leaf/bering-uclibc# git push origin v6.0.0-nn
 
  [path to git]/leaf/bering-uclibc# git push origin v6.0.0-nn
  
==Create README and Announcement==
+
==Create Readme (and Announcement)==
 +
This should be obvious.
 +
Announcements are not made on a regular basis though. We do have a Changelog in this wiki, and when releasing at SF a note will be send to subscribed users if a new release is available..
 +
 
 
==Upload files to SF FRS==
 
==Upload files to SF FRS==
  
Line 58: Line 97:
  
 
==Commit Packages to SF SCM with release-to-git.sh==
 
==Commit Packages to SF SCM with release-to-git.sh==
tbd
+
To make the release available for the  <code class="filename">upgrade</code> utility it has finally added to the Packages repository.
 +
 
 +
Therefor copy <code class="filename">release_to_git.sh</code> from the directory [Packages repository]/tools to your build directory and run:
 +
 
 +
./release-to-git.sh -p /opt/leaf/git/packages -r 6.0.0 -b /leaf/master/
 +
 
 +
The options are:
 +
: -p -- path to git Packages repository
 +
: -r -- release version
 +
: -b -- path to your build directory  containing the (signed) Packages in <code class="filename">package[toolchain]/</code>
 +
 
 +
Finally switch to your Packages repository  and push the new version:
 +
 +
git push origin 6.0.0
  
 +
Done!
 
----
 
----
 
{| summary="Navigation footer" width="100%"
 
{| summary="Navigation footer" width="100%"

Latest revision as of 13:07, 1 September 2019

The Release Process
Prev Bering-uClibc 6.x - Developer Guide

Introduction

The target audience for this page are LEAF maintainers and admins.

The page describes the release process, mostly as reminder. Note: Various steps require (different) administrator privileges.

Rebuild new release from source

It is recommended to do a completly fresh build from the sources. Use the command:

./buildtool distclean

Compile the build environment and all packages.

./tools/buildall.sh

To compile build environments and packages for all supported architectures in one go, the shell script build_all_archs.sh has been added in the tools directory. To save time, it is also possible to blacklist packages that are known fail to build or only necessary for special tasks (e.g. valgrind.lrp).

Sign Packages with GPG maintainer key

Starting with LEAF Bering-uClibc 6.2.2 we do provide gpg-signed Packages.

The Packages are signed with a maintainer key. The available and valid keys are collected in /root/.gnupg/LEAF_sigkeys.gpg.

initrd.lrp has to be signed with an external signature, all other Packages are signed with an inline signature.

To accomplish that task, run:

#/bin/sh

if [ -z "$1" ]
then                                                                                                                            
echo 'missing architecture e.g. i486-unknown-linux-uclibc' 
exit
fi

PROG=$0
PROGPATH=$( dirname $0 )

USERID=[yourGPGShortKeyID]

# sign initrd.lrp with detached signature
gpg  --passphrase "$PASSPHRASE" -u $USERID -b $PROGPATH/package/$1/initrd.lrp

#sign the remaining files and move the gpg-signed version to *.lrp
for i in $(ls $PROGPATH/package/$1/*.lrp)
do
[ $i = $PROGPATH/package/$1/initrd.lrp ] && continue
gpgv --keyring ~/.gnupg/LEAF_sigkeys.gpg --quiet $i > /dev/null 2>&1 &&
continue
echo signing package $i
gpg --passphrase "$PASSPHRASE" -u $USERID --sign $i
mv $i.gpg $i
done

rm -f $PROGPATH/package/$1/sha*sum.list
sha512sum $PROGPATH/package/$1/* > $PROGPATH/package/$1/sha512sum.list

Create images and source tarball

Create the images:

fakeroot ./buildimage.pl --kernel-arch geode --image-type syslinux --variant serial
fakeroot ./buildimage.pl --kernel-arch i486  --image-type isolinux --variant vga
fakeroot ./buildimage.pl --kernel-arch i486  --image-type syslinux --variant serial
fakeroot ./buildimage.pl --kernel-arch i486  --image-type syslinux --variant vga
fakeroot ./buildimage.pl --kernel-arch i686  --image-type syslinux --variant vga
fakeroot ./buildimage.pl --kernel-arch i686  --image-type isolinux --variant vga
...

It is a good idea to finally test the newly build version with qemu:

qemu-system-i386 -enable-kvm -m 512 -cdrom image/Bering-uClibc_6.0.0-nn_i486_isolinux_vga.iso 

Create the sources tarball as required by SF policy:

cd [path to git]bering-uclibc$ 
git archive --format=tgz -9 HEAD -o [your/upload-dir]/Bering-uClibc_6.0.0-nn_src.tgz

Tag release in LEAF Bering-uClibc git repository

[path to git]/leaf/bering-uclibc# git tag -a -m "Release of LEAF Bering-uClibc 6.0.0-nn" v6.0.0-nn
[path to git]/leaf/bering-uclibc# git push origin v6.0.0-nn

Create Readme (and Announcement)

This should be obvious. Announcements are not made on a regular basis though. We do have a Changelog in this wiki, and when releasing at SF a note will be send to subscribed users if a new release is available..

Upload files to SF FRS

Login to SF FRS

Create New Folder, named with the release version.

Change to the created folder and upload Readme, the Images and the source tarball.

Commit Packages to SF SCM with release-to-git.sh

To make the release available for the upgrade utility it has finally added to the Packages repository.

Therefor copy release_to_git.sh from the directory [Packages repository]/tools to your build directory and run:

./release-to-git.sh -p /opt/leaf/git/packages -r 6.0.0 -b /leaf/master/

The options are:

-p -- path to git Packages repository
-r -- release version
-b -- path to your build directory containing the (signed) Packages in package[toolchain]/

Finally switch to your Packages repository and push the new version:

git push origin 6.0.0

Done!


Prev Up