1 Checklists for PuTTY administrative procedures
2 ==============================================
4 Locations of the licence
5 ------------------------
7 The PuTTY copyright notice and licence are stored in quite a few
8 places. At the start of a new year, the copyright year needs
9 updating in all of them; and when someone sends a massive patch,
10 their name needs adding in all of them too.
12 The LICENCE file in the main source distribution:
18 - putty/windows/pageant.rc
19 + the copyright date appears twice, once in the About box and
20 once in the Licence box. Don't forget to change both!
21 - putty/windows/puttygen.rc
22 + the copyright date appears twice, once in the About box and
23 once in the Licence box. Don't forget to change both!
24 - putty/windows/win_res.rc2
25 + the copyright date appears twice, once in the About box and
26 once in the Licence box. Don't forget to change both!
27 - putty/windows/version.rc2
28 + the copyright date appears once only.
30 + the copyright date appears twice, once in the About box and
31 once in the Licence box. Don't forget to change both!
33 + the copyright date appears twice, once in the About box and
34 once in the Licence box. Don't forget to change both!
36 + the copyright date appears twice, once in the About box and
37 once in the Licence box. Don't forget to change both!
39 The documentation (both the preamble blurb and the licence appendix):
42 - putty/doc/licence.but
46 - putty-website/licence.html
48 Before tagging a release
49 ------------------------
51 - First of all, go through the source (including the documentation),
52 and the website, and review anything tagged with a comment
53 containing the word XXX-REVIEW-BEFORE-RELEASE.
54 (Any such comments should state clearly what needs to be done.)
56 For a long time we got away with never checking the current version
57 number in at all - all version numbers were passed into the build
58 system on the compiler command line, and the _only_ place version
59 numbers showed up in the source files was in the tag information.
61 Unfortunately, those halcyon days are gone, and we do need the
62 version number checked in in a couple of places. These must be updated
63 _before_ tagging a new release.
65 The file used to generate the Unix snapshot version numbers (which
66 are <previousrelease>-<date> so that the Debian versioning system
67 orders them correctly with respect to releases):
71 The Windows installer script (_four_ times, on consecutive lines):
73 - putty/windows/putty.iss
75 The Windows resource file (used to generate the binary bit of the
76 VERSIONINFO resources -- the strings are supplied by the usual means):
78 - putty/windows/version.rc2 (BASE_VERSION; NB, _comma_-separated)
80 The Mac resource file (used to generate the binary bit of the 'vers'
85 It might also be worth going through the documentation looking for
86 version numbers - we have a couple of transcripts showing the help
87 text from the command-line tools, and it would be nice to ensure the
88 whole transcripts (certainly including the version numbers) are up
89 to date. Sometimes these are marked in between releases as `0.XX', so
90 it's worth grepping for that too.
94 - putty/doc/psftp.but (in case it ever acquires a similar thing)
96 The actual release procedure
97 ----------------------------
99 This is the procedure I (SGT) currently follow (or _should_ follow
100 :-) when actually making a release, once I'm happy with the position
103 - Double-check that we have removed anything tagged with a comment
104 containing the word XXX-REMOVE-BEFORE-RELEASE.
106 - Write a release announcement (basically a summary of the changes
107 since the last release). Squirrel it away in
108 ixion:src/putty/local/announce-<ver> in case it's needed again
109 within days of the release going out.
111 - On my local machines, check out the release-tagged version of the
112 sources. Do this in a _clean_ directory; don't depend on my usual
114 + Make sure to run mkfiles.pl _after_ this checkout, just in
117 - Build the source archives now, while the directory is still
119 + run ./mksrcarc.sh to build the Windows source zip.
120 + run `./mkunxarc.sh X.YZ' to build the Unix tarball.
122 - Build the Windows/x86 release binaries. Don't forget to supply
123 VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
124 ensure that they really do report their version number correctly,
125 and sanity-check the version info reported on the files by Windows.
126 + Save the release link maps. Currently I keep these on ixion,
127 in src/putty/local/maps-<version>.
129 - Acquire the Windows/alpha release binaries from Owen.
130 + Verify the signatures on these, to ensure they're really the
131 ones he built. If I'm going to sign a zip file I make out of
132 these, I'm damn well going to make sure the binaries that go
133 _into_ it are signed themselves.
134 + Make sure Owen has kept the Alpha release link maps somewhere
137 - Run Halibut to build the docs. Define VERSION on the make command
138 line to override the version strings, since Subversion revision
139 numbers are less meaningful on a tag.
140 + change into the doc subdir
141 + run `make VERSION="PuTTY release 0.XX" chm', then run `hhc
142 putty.hhp' to build the .CHM
143 + then run `make mostlyclean' (destroys the hhc input files but
145 + then `make VERSION="PuTTY release 0.XX"'
147 - Build the binary archives putty.zip (one for each architecture):
148 each one just contains all the .exe files except PuTTYtel, and
149 the .hlp and .cnt files.
150 + zip -k putty.zip `ls *.exe | grep -v puttytel` putty.hlp putty.cnt
151 + same again for Alpha.
153 - Build the docs archive puttydoc.zip: it contains all the HTML
154 files output from Halibut.
155 + zip puttydoc.zip *.html
157 - Build the installer.
159 - Sign the release (gpg --detach-sign).
160 + Sign the locally built x86 binaries, the locally built x86
161 binary zipfile, and the locally built x86 installer, with the
163 + The Alpha binaries should already have been signed with the
164 release keys. Having checked that, sign the Alpha binary
165 zipfile with the release keys too.
166 + The source archive should be signed with the release keys.
167 + Don't forget to sign with both DSA and RSA keys for absolutely
169 for i in <filenames>; do for t in DSA RSA; do gpg --load-extension=idea --detach-sign -u "Releases ($t)" -o $i.$t $i; done; done
171 - Begin to pull together the release directory structure.
172 + subdir `x86' containing the x86 binaries, x86 binary zip, x86
173 installer, and all signatures on the above.
174 + subdir `alpha' containing the Alpha binaries, Alpha binary
175 zip, and all signatures on the above.
176 + top-level dir contains the Windows source zip (plus
177 signatures), the Unix source tarball (plus signatures),
178 puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.
180 - Create subdir `htmldoc' in the release directory, which should
181 contain exactly the same set of HTML files that went into
183 + It also needs a copy of sitestyle.css, because the online
184 versions of the HTML docs will link to this (although the
185 zipped form should be self-contained).
187 - Create and sign md5sums files: one in the x86 subdir, one in the
188 alpha subdir, and one in the parent dir of both of those.
189 + The md5sums files need not list the .DSA and .RSA signatures,
190 and the top-level md5sums need not list the other two. Easiest
191 thing is to run, in each directory, this command:
192 md5sum `\find * -name '*SA' -o -type f -print` > md5sums
193 + Sign the md5sums files (gpg --clearsign).
194 for i in md5sums */md5sums; do for t in DSA RSA; do gpg --load-extension=idea --clearsign -u "Releases ($t)" -o $i.$t $i; done; done
196 - Now double-check by verifying all the signatures on all the
197 files, and running md5sum -c on all the md5sums files.
199 - Now the whole release directory should be present and correct.
200 Upload to ixion:www/putty/<ver>.
202 - Do final checks on the release directory:
203 + verify all the signatures. In each directory:
204 for i in *.*SA; do case $i in md5sums*) gpg --verify $i;; *) gpg --verify $i `echo $i | sed 's/\..SA$//'`;; esac; done
205 + check the md5sums. In each directory:
208 - Having double-checked the release, copy it from ixion to
209 chiark:ftp/putty-<ver> and to the:www/putty/<ver>.
211 - Check the permissions! Actually try downloading from the, to make
212 sure it really works.
214 - Update the HTTP redirects.
215 + Update the one at the:www/putty/htaccess which points the
216 virtual subdir `latest' at the actual latest release dir. TEST
217 THIS ONE - it's quite important.
218 + ixion:www/putty/.htaccess has an individual redirect for each
219 version number. Add a new one.
221 - Update the FTP symlink (chiark:ftp/putty-latest -> putty-<ver>).
224 + Adjust front page (`the latest version is <ver>').
225 + Adjust Download page similarly.
226 + Adjust filenames of installer and Unix tarball on links in
228 + Adjust header text on Changelog page. (That includes changing
229 `are new' in previous version to `were new'!)
230 + FOR NEXT RELEASE ONLY: update the docs page so that it links to
231 the release .chm as well as the release .hlp and .cnt. Remove
232 this checklist item after it's done; it won't need doing again
233 in the subsequent release.
235 - Update the wishlist. This can be done without touching individual
236 items by editing the @releases array in control/bugs2html.
238 - Check the Docs page links correctly to the release docs. (It
239 should do this automatically, owing to the `latest' HTTP
242 - Check that the web server attaches the right content type to .HLP
245 - Run webupdate, so that all the changes on ixion propagate to
246 chiark. Important to do this _before_ announcing that the release
248 * Don't forget to create the new directories on chiark -
249 ~/www/putty/<ver>{,/x86,/alpha,/htmldoc} - before running
252 - After running webupdate, run update-rsync on chiark and verify
253 that the rsync mirror package correctly identifies the new
256 - Announce the release!
257 + Mail the announcement to putty-announce.
258 * Set a Reply-To on the mail so that people don't keep
259 replying to my personal address.
260 + Post it to comp.security.ssh.
261 + Mention it in <TDHTT> on mono.
268 The following want doing some time soon after a release has been made:
270 - If the release was made from a branch, make sure the version number
271 on the _trunk_ is up to date in all the locations listed above, so
272 that (e.g.) Unix snapshots come out right.