NSS/Release Management: Difference between revisions

Jump to navigation Jump to search

NSS/Release Management (view source)

Revision as of 14:06, 25 July 2016

287 bytes removed ,  25 July 2016
updated
(started release management doc)
 
(updated)
Line 22: Line 22:
# <span style="color:#FF0000"> Also, we usually discuss on the nss-dev list when we freeze nspr/nss.Someone should have sent a note to the list, announcing that a new NSS release is being worked on, and that the NSS tree is frozen.</span>
# <span style="color:#FF0000"> Also, we usually discuss on the nss-dev list when we freeze nspr/nss.Someone should have sent a note to the list, announcing that a new NSS release is being worked on, and that the NSS tree is frozen.</span>
# <span style="color:#FF0000"> Please send email to the "nss-dev" list saying "The NSS trunk is open for 3.27 development" after finishing the process.</span>
# <span style="color:#FF0000"> Please send email to the "nss-dev" list saying "The NSS trunk is open for 3.27 development" after finishing the process.</span>
# After the release is done:
## Please send email to nss-dev, saying that the NSS release has been uploaded to FTP/S3.
## Ask for the list of changes in the release, and ask who will send the announcement.
## Send the announcement to the dev-tech-crypto mailing list https://lists.mozilla.org/listinfo/dev-tech-crypto


===== Verify correctness =====
===== Verify correctness =====
Line 60: Line 64:


===== Create the NSS release archive =====
===== Create the NSS release archive =====
Make sure you have a stage directory.
# Make sure you have a stage directory next to the NSS dir.
#: <code>$ mkdir stage</code>
# Go to the NSS dir
#: <code>$ cd /your/path/to/nss</code>
# In 4.12 be the required NSPR version
# Make sure that the NSPR release archive file is contained in your stage directory. (Download it, if you don't have it.)
# Run the following command to create two release archive files (<code>nss-3.26.tar.gz</code> and <code>nss-3.26-with-nspr-4.12.tar.gz</code>) and two files SHA1SUMS and SHA256SUMS in <code>/your/path/to/stage/NSS_3_26_RTM/src/</code>.
#: <code>$ python automation/release/nss-release-helper.py create_nss_release_archive 3.26 NSS_3_26_RTM 4.12 ../stage</code>


$ mkdir /home/username/nss-nspr-workdir/stage
===== Some additional check one may want to perform =====
This section is only for the paranoid, only in case you want to double-check that the created file is correct.


# Extract it the archive
# Check that all files inside the directory use the following two prefix dirs:
#: <code>nss-3.26/nss/</code>
#: <code>nss-3.26/nspr/</code>
# Check that file <code>nss-3.26/nss/.hg_archival.txt</code> mentions <code>tag: NSS_3_26_RTM</code>
# You could double-check that the three version number files have all <code>_BETA</code> flags set to <code>PR_FALSE</code> and no version string line <code>_VERSION</code> contains Beta.
# Remove the extracted directory, to ensure you won't upload the individual files.


You should still be inside the nspr directory.
===== Upload release to public ftp/amazon s3. =====
 
When running the following command ensure that you use the directory name NSS_3_26_RTM twice, both in source and in destination.
$ cd /home/username/nss-nspr-workdir/nss
$ cd /your/path/to/stage
 
$ find NSS_3_26_RTM
 
You must know what is the correct NSPR version required for the NSS release.
In our example, it's 4.12
 
It's necessary that the NSPR release archive file is contained in your
stage directory. Download it, if you don't have it.
 
Run:
$ python ../nss-release-helper-v2.py \
  create_nss_release_archive 3.26 NSS_3_26_RTM 4.12 ../stage
 
This will create two release archive files
mkdir /home/username/nss-nspr-workdir/stage/NSS_3_26_RTM/src/nss-3.26.tar.gz
mkdir /home/username/nss-nspr-workdir/stage/NSS_3_26_RTM/src/nss-3.26-with-nspr-
4.12.tar.gz
and also two files SHA1SUMS and SHA256SUMS.
 
 
(l)
This section is only for paranoia, only in case you want to doublecheck
the created file is correct. If you want to check, extract it somewhere else.
 
Check that all files inside the directory use the following two prefix dirs:
nss-3.26/nss/
nss-3.26/nspr/
 
Check that file nss-3.26/nss/.hg_archival.txt mentions
tag: NSS_3_26_RTM
 
You could doublecheck that the three version number files have all _BETA
flags set to PR_FALSE and no version string line _VERSION contains Beta.
 
IMPORTANT:
Remove the extracted directory, to ensure you won't upload the individual files.
 
 
(m)
Upload to public ftp/amazon s3.
 
In the following command, ensure that you use the directory name NSS_3_26_RTM
twice, both in source and in destination.
 
$ cd /home/username/nss-nspr-workdir/stage
 
$ find NSS_3_26_RTM
 
expected output:
expected output:
NSS_3_26_RTM/
NSS_3_26_RTM/
NSS_3_26_RTM/src
NSS_3_26_RTM/src
NSS_3_26_RTM/src/nss-3.26.tar.gz
NSS_3_26_RTM/src/nss-3.26.tar.gz
NSS_3_26_RTM/src/nss-3.26-with-nspr-4.12.tar.gz
NSS_3_26_RTM/src/nss-3.26-with-nspr-4.12.tar.gz
NSS_3_26_RTM/src/SHA256SUMS
NSS_3_26_RTM/src/SHA256SUMS
NSS_3_26_RTM/src/SHA1SUMS
NSS_3_26_RTM/src/SHA1SUMS


Look at https://ftp.mozilla.org/pub/security/nss/releases/
# Check that there's no NSS_3_26_RTM directory at https://ftp.mozilla.org/pub/security/nss/releases/.
Directory NSS_3_26_RTM should NOT be there yet.
# Ensure you have aws command installed.
# <span style="color:#FF0000"> more infos on aws</span>
# Upload the release
#: <code>$ aws s3 cp NSS_3_26_RTM s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM --recursive</code>
# Check https://ftp.mozilla.org/pub/security/nss/releases/ (can be delayed!)
# Check upload:
#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/</code>
#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM/</code>
#: <code>$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM/src/</code>


Ensure you have the aws command installed.
===== Upgrading mozilla-central =====
 
# Someone should approve the upgrade.
I will forward you three emails, which describe my knowledge around aws.
# For the upgrade task, we have docs https://developer.mozilla.org/en/docs/Updating_NSPR_or_NSS_in_mozilla-central Go to a mozilla-inbound checkout and run the following.
 
#: <code>$ python client.py update_nss NSS_3_26_RTM</code>
$ aws s3 cp NSS_3_26_RTM \
#: <code>$ hg commit -m "Bug 1216283, land NSS_3_26_RTM, r=the-reviewer-name"</code>
  s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/NSS_3_26_RTM \
#: <code>$ hg push</code>
  --recursive
# If we must land into branches, like aurora or beta, we must get approvals, etc. Note that we don't do patches for branch landing. We use a placeholder attachment
 
with the command to be executed. The reason is, that the state of those dependency files might be different between branches (where we upgrade or remove newlines as necessary, to trigger full rebuilds). By using the upgrade script, this is handled automatically.
 
After a few moments the upload will be completed.
 
Check https://ftp.mozilla.org/pub/security/nss/releases/ again,
however, that display is delayed !
 
If you want to doublecheck more quickly how your upload looks like:
 
$ aws s3 ls s3://net-mozaws-prod-delivery-contrib/pub/security/nss/releases/
$ aws s3 ls s3://net-mozaws-prod-delivery-
contrib/pub/security/nss/releases/NSS_3_26_RTM/
$ aws s3 ls s3://net-mozaws-prod-delivery-
contrib/pub/security/nss/releases/NSS_3_26_RTM/src/
 
 
(n)
Please send email to nss-dev, saying that the NSS release has been uploaded to
FTP/S3.
Ask for the list of changes in the release, and ask who will send the
announcement.
 
Someone then needs to send the announcement to the dev-tech-crypto mailing list.
https://lists.mozilla.org/listinfo/dev-tech-crypto
 
A developer should do that. Or a developer should prepare the list of changes,
and you could announce it.
 
 
(o)
We need to upgrade mozilla-central to the new NSS version.
 
If we think someone should approve the upgrade, someone else from the team
should grant an r+. Here is an example bug where this was done:
https://bugzilla.mozilla.org/show_bug.cgi?id=1216283
 
For the upgrade task, we have docs already:
https://developer.mozilla.org/en/docs/Updating_NSPR_or_NSS_in_mozilla-central
 
Note that step 3 is automated since Firefox 17.
 
Pull inbound again, to avoid having to merge/rebase.
 
$ hg commit -m "Bug 1216283, land NSS_3_26_RTM, r=the-reviewer-name"
$ hg push
 
 
(p)
If we must land into branches, like aurora or beta, we must get approvals, etc.
 
Note we don't do patches for branch landing. We use a placeholder attachment
with the command to be executed.
 
The reason is, that the state of those dependency files might be different
between branches (where we upgrade or remove newlines as necessary,
to trigger full rebuilds). By using the upgrade script, this is handled
automatically.
Franziskus
71

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1141065"

Navigation menu