From d50c1c624c37205105ac9d2507d6b32e6395e900 Mon Sep 17 00:00:00 2001 From: simon Date: Tue, 26 Oct 2004 18:44:42 +0000 Subject: [PATCH] Reorder a couple of points on the wishlist, and also add a few helpful chunks of `sh' to make life easier next time I make a release. git-svn-id: svn://svn.tartarus.org/sgt/putty@4698 cda61777-01e9-0310-a592-d414129be87e --- CHECKLST.txt | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/CHECKLST.txt b/CHECKLST.txt index bceaae64..9a55504c 100644 --- a/CHECKLST.txt +++ b/CHECKLST.txt @@ -142,6 +142,7 @@ of the tag. + The source archive should be signed with the release keys. + Don't forget to sign with both DSA and RSA keys for absolutely everything. + for i in ; do for t in DSA RSA; do gpg --load-extension=idea --detach-sign -u "Releases ($t)" -o $i.$t $i; done; done - Begin to pull together the release directory structure. + subdir `x86' containing the x86 binaries, x86 binary zip, x86 @@ -155,8 +156,11 @@ of the tag. - Create and sign md5sums files: one in the x86 subdir, one in the alpha subdir, and one in the parent dir of both of those. + The md5sums files need not list the .DSA and .RSA signatures, - and the top-level md5sums need not list the other two. + and the top-level md5sums need not list the other two. Easiest + thing is to run, in each directory, this command: + md5sum `\find * -name '*SA' -o -type f -print` > md5sums + Sign the md5sums files (gpg --clearsign). + for i in md5sums */md5sums; do for t in DSA RSA; do gpg --load-extension=idea --clearsign -u "Releases ($t)" -o $i.$t $i; done; done - Now double-check by verifying all the signatures on all the files, and running md5sum -c on all the md5sums files. @@ -169,8 +173,16 @@ of the tag. zipped form should be self-contained). - Now the whole release directory should be present and correct. - Upload to ixion:www/putty/, upload to - chiark:ftp/putty-, and upload to the:www/putty/. + Upload to ixion:www/putty/. + + - Do final checks on the release directory: + + verify all the signatures. In each directory: + for i in *.*SA; do case $i in md5sums*) gpg --verify $i;; *) gpg --verify $i `echo $i | sed 's/\..SA$//'`;; esac; done + + check the md5sums. In each directory: + md5sum -c md5sums + + - Having double-checked the release, copy it from ixion to + chiark:ftp/putty- and to the:www/putty/. - Check the permissions! Actually try downloading from the, to make sure it really works. @@ -205,6 +217,9 @@ of the tag. - Run webupdate, so that all the changes on ixion propagate to chiark. Important to do this _before_ announcing that the release is available. + * Don't forget to create the new directories on chiark - + ~/www/putty/{,/x86,/alpha,/htmldoc} - before running + webupdate. - After running webupdate, run update-rsync on chiark and verify that the rsync mirror package correctly identifies the new -- 2.11.0