- - On my local machines, check out the release-tagged version of the
- sources.
- + Make sure to run mkfiles.pl _after_ this checkout, just in
- case.
-
- - Build the Windows/x86 release binaries. Don't forget to supply
- VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
- ensure that they really do report their version number correctly.
- + Save the release link maps. Currently I keep these on ixion,
- in src/putty/local/maps-<version>.
-
- - Acquire the Windows/alpha release binaries from Owen.
- + Verify the snapshot-key signatures on these, to ensure they're
- really the ones he built. If I'm going to snapshot-sign a zip
- file I make out of these, I'm damn well going to make sure the
- binaries that go _into_ it were snapshot-signed themselves.
- + Make sure Owen has kept the Alpha release link maps somewhere
- useful.
-
- - Run Halibut to build the docs.
-
- - Build the .zip files.
- + The binary archive putty.zip just contains all the .exe files
- except PuTTYtel, and the .hlp and .cnt files.
- + The source archive putty-src.zip is built by puttysnap.sh (my
- cron script that also builds the nightly snapshot source
- archive).
- + The docs archive puttydoc.zip contains all the HTML files
- output from Halibut.
-
- - Build the installer.
-
- - Sign the release (gpg --detach-sign).
- + Sign the locally built x86 binaries, the locally built x86
- binary zipfile, and the locally built x86 installer, with the
- release keys.
- + The Alpha binaries should already have been signed with the
- snapshot keys. Having checked that, sign the Alpha binary
- zipfile with the snapshot keys too.
- + The source archive should be signed with the release keys.
- This was the most fiddly bit of the last release I did: the
- script that built the source archive was on ixion, so I had to
- bring the archive back to my local machine, check everything
- in it was untampered-with, and _then_ sign it. Perhaps next
- time I should arrange that puttysnap.sh can run on my local
- box; it'd be a lot easier.
- + Don't forget to sign with both DSA and RSA keys for absolutely
- everything.
-
- - Begin to pull together the release directory structure.
- + subdir `x86' containing the x86 binaries, x86 binary zip, x86
- installer, and all signatures on the above.
- + subdir `alpha' containing the Alpha binaries, Alpha binary
- zip, and all signatures on the above.
- + top-level dir contains the source zip (plus signatures),
- puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.
-
- - Create and sign md5sums files: one in the x86 subdir, one in the
- alpha subdir, and one in the parent dir of both of those.
- + The md5sums files need not list the .DSA and .RSA signatures,
- and the top-level md5sums need not list the other two.
- + Sign the md5sums files (gpg --clearsign). The Alpha md5sums
- should be signed with the snapshot keys, but the other two
- with the release keys (yes, the top-level one includes some
- Alpha files, but I think people will understand).
-
- - Now double-check by verifying all the signatures on all the
- files.
-
- - Create subdir `htmldoc' in the release directory, which should
- contain exactly the same set of HTML files that went into
- puttydoc.zip.
+ - Build the release: `bob putty-0.XX RELEASE=0.XX'. This should
+ generate a basically valid release directory as
+ `build.out/putty', and provide link maps and sign.sh alongside
+ that in build.out.
+
+ - Do a bit of checking that the release binaries basically work,
+ report their version numbers accurately, and so on. Test the
+ installer and the Unix source tarball.
+
+ - Save the link maps. Currently I keep these on atreus, in
+ src/putty/local/maps-<version>.
+
+ - Sign the release: in the `build.out' directory, type `./sign.sh
+ putty Releases', and enter the passphrases a lot of times.