The resource files:
- - putty/pageant.rc
+ - putty/windows/pageant.rc
+ the copyright date appears twice, once in the About box and
once in the Licence box. Don't forget to change both!
- - putty/puttygen.rc
+ - putty/windows/puttygen.rc
+ the copyright date appears twice, once in the About box and
once in the Licence box. Don't forget to change both!
- - putty/win_res.rc
+ - putty/windows/win_res.rc
+ the copyright date appears twice, once in the About box and
once in the Licence box. Don't forget to change both!
- putty/mac/mac_res.r
+ + the copyright date appears twice, once in the About box and
+ once in the Licence box. Don't forget to change both!
+ - putty/mac/macpgen.r
+ + the copyright date appears twice, once in the About box and
+ once in the Licence box. Don't forget to change both!
- putty/unix/gtkdlg.c
+ the copyright date appears twice, once in the About box and
once in the Licence box. Don't forget to change both!
Before tagging a release
------------------------
+ - First of all, go through the source and remove anything tagged
+ with a comment containing the word XXX-REMOVE-BEFORE-RELEASE.
+
For a long time we got away with never checking the current version
-number into CVS at all - all version numbers were passed into the
-build system on the compiler command line, and the _only_ place
-version numbers showed up in CVS was in the tag information.
+number in at all - all version numbers were passed into the build
+system on the compiler command line, and the _only_ place version
+numbers showed up in the source files was in the tag information.
Unfortunately, those halcyon days are gone, and we do need the
-version number in CVS in a couple of places. These must be updated
+version number checked in in a couple of places. These must be updated
_before_ tagging a new release.
The file used to generate the Unix snapshot version numbers (which
- putty/LATEST.VER
-The Windows installer script:
+The Windows installer script (_three_ times, on consecutive lines):
- - putty/putty.iss
+ - putty/windows/putty.iss
The Mac resource file (used to generate the binary bit of the 'vers'
resources -- the strings are supplied by the usual means):
version numbers - we have a couple of transcripts showing the help
text from the command-line tools, and it would be nice to ensure the
whole transcripts (certainly including the version numbers) are up
-to date.
+to date. Sometimes these are marked in between releases as `0.XX', so
+it's worth grepping for that too.
- putty/doc/pscp.but
- putty/doc/plink.but
:-) when actually making a release, once I'm happy with the position
of the tag.
+ - Double-check that we have removed anything tagged with a comment
+ containing the word XXX-REMOVE-BEFORE-RELEASE.
+
- Write a release announcement (basically a summary of the changes
since the last release). Squirrel it away in
ixion:src/putty/local/announce-<ver> in case it's needed again
within days of the release going out.
- On my local machines, check out the release-tagged version of the
- sources.
+ sources. Do this in a _clean_ directory; don't depend on my usual
+ source dir.
+ Make sure to run mkfiles.pl _after_ this checkout, just in
case.
+ - Build the source archives now, while the directory is still
+ pristine.
+ + run ./mksrcarc.sh to build the Windows source zip.
+ + run `./mkunxarc.sh X.YZ' to build the Unix tarball.
+
- Build the Windows/x86 release binaries. Don't forget to supply
VER=/DRELEASE=<ver>. Run them, or at least one or two of them, to
ensure that they really do report their version number correctly.
in src/putty/local/maps-<version>.
- Acquire the Windows/alpha release binaries from Owen.
- + Verify the snapshot-key signatures on these, to ensure they're
- really the ones he built. If I'm going to snapshot-sign a zip
- file I make out of these, I'm damn well going to make sure the
- binaries that go _into_ it were snapshot-signed themselves.
+ + Verify the signatures on these, to ensure they're really the
+ ones he built. If I'm going to sign a zip file I make out of
+ these, I'm damn well going to make sure the binaries that go
+ _into_ it are signed themselves.
+ Make sure Owen has kept the Alpha release link maps somewhere
useful.
- - Run Halibut to build the docs.
+ - Run Halibut to build the docs. Define VERSION on the make command
+ line to override the version strings, since Subversion revision
+ numbers are less meaningful on a tag.
+ + make -C doc VERSION="PuTTY release 0.XX"
+
+ - Build the binary archives putty.zip (one for each architecture):
+ each one just contains all the .exe files except PuTTYtel, and
+ the .hlp and .cnt files.
+ + zip -k putty.zip `ls *.exe | grep -v puttytel` putty.hlp putty.cnt
+ + same again for Alpha.
- - Build the .zip files.
- + The binary archive putty.zip just contains all the .exe files
- except PuTTYtel, and the .hlp and .cnt files.
- + The source archive putty-src.zip is built by puttysnap.sh (my
- cron script that also builds the nightly snapshot source
- archive).
- + The docs archive puttydoc.zip contains all the HTML files
- output from Halibut.
+ - Build the docs archive puttydoc.zip: it contains all the HTML
+ files output from Halibut.
+ + zip puttydoc.zip *.html
- Build the installer.
binary zipfile, and the locally built x86 installer, with the
release keys.
+ The Alpha binaries should already have been signed with the
- snapshot keys. Having checked that, sign the Alpha binary
- zipfile with the snapshot keys too.
+ release keys. Having checked that, sign the Alpha binary
+ zipfile with the release keys too.
+ The source archive should be signed with the release keys.
- This was the most fiddly bit of the last release I did: the
- script that built the source archive was on ixion, so I had to
- bring the archive back to my local machine, check everything
- in it was untampered-with, and _then_ sign it. Perhaps next
- time I should arrange that puttysnap.sh can run on my local
- box; it'd be a lot easier.
+ Don't forget to sign with both DSA and RSA keys for absolutely
everything.
+ for i in <filenames>; do for t in DSA RSA; do gpg --load-extension=idea --detach-sign -u "Releases ($t)" -o $i.$t $i; done; done
- Begin to pull together the release directory structure.
+ subdir `x86' containing the x86 binaries, x86 binary zip, x86
installer, and all signatures on the above.
+ subdir `alpha' containing the Alpha binaries, Alpha binary
zip, and all signatures on the above.
- + top-level dir contains the source zip (plus signatures),
+ + top-level dir contains the Windows source zip (plus
+ signatures), the Unix source tarball (plus signatures),
puttydoc.txt, the .hlp and .cnt files, and puttydoc.zip.
+ - Create subdir `htmldoc' in the release directory, which should
+ contain exactly the same set of HTML files that went into
+ puttydoc.zip.
+ + It also needs a copy of sitestyle.css, because the online
+ versions of the HTML docs will link to this (although the
+ zipped form should be self-contained).
+
- Create and sign md5sums files: one in the x86 subdir, one in the
alpha subdir, and one in the parent dir of both of those.
+ The md5sums files need not list the .DSA and .RSA signatures,
- and the top-level md5sums need not list the other two.
- + Sign the md5sums files (gpg --clearsign). The Alpha md5sums
- should be signed with the snapshot keys, but the other two
- with the release keys (yes, the top-level one includes some
- Alpha files, but I think people will understand).
+ and the top-level md5sums need not list the other two. Easiest
+ thing is to run, in each directory, this command:
+ md5sum `\find * -name '*SA' -o -type f -print` > md5sums
+ + Sign the md5sums files (gpg --clearsign).
+ for i in md5sums */md5sums; do for t in DSA RSA; do gpg --load-extension=idea --clearsign -u "Releases ($t)" -o $i.$t $i; done; done
- Now double-check by verifying all the signatures on all the
- files.
-
- - Create subdir `htmldoc' in the release directory, which should
- contain exactly the same set of HTML files that went into
- puttydoc.zip.
+ files, and running md5sum -c on all the md5sums files.
- Now the whole release directory should be present and correct.
- Upload to ixion:www/putty/<ver>, upload to
- chiark:ftp/putty-<ver>, and upload to the:www/putty/<ver>.
+ Upload to ixion:www/putty/<ver>.
+
+ - Do final checks on the release directory:
+ + verify all the signatures. In each directory:
+ for i in *.*SA; do case $i in md5sums*) gpg --verify $i;; *) gpg --verify $i `echo $i | sed 's/\..SA$//'`;; esac; done
+ + check the md5sums. In each directory:
+ md5sum -c md5sums
+
+ - Having double-checked the release, copy it from ixion to
+ chiark:ftp/putty-<ver> and to the:www/putty/<ver>.
+
+ - Check the permissions! Actually try downloading from the, to make
+ sure it really works.
- Update the HTTP redirects.
+ Update the one at the:www/putty/htaccess which points the
- Update web site.
+ Adjust front page (`the latest version is <ver>').
- + Adjust filename of installer on links in Download page.
+ + Adjust Download page similarly.
+ + Adjust filenames of installer and Unix tarball on links in
+ Download page.
+ Adjust header text on Changelog page. (That includes changing
`are new' in previous version to `were new'!)
+ - Update the wishlist. This can be done without touching individual
+ items by editing the @releases array in control/bugs2html.
+
- Check the Docs page links correctly to the release docs. (It
should do this automatically, owing to the `latest' HTTP
redirect.)
- Run webupdate, so that all the changes on ixion propagate to
chiark. Important to do this _before_ announcing that the release
is available.
+ * Don't forget to create the new directories on chiark -
+ ~/www/putty/<ver>{,/x86,/alpha,/htmldoc} - before running
+ webupdate.
+
+ - After running webupdate, run update-rsync on chiark and verify
+ that the rsync mirror package correctly identifies the new
+ version.
- Announce the release!
+ Mail the announcement to putty-announce.
+ Post it to comp.security.ssh.
- + Mention it in <TDHIS> on mono.
+ + Mention it in <TDHTT> on mono.
+
+ - Relax (slightly).
+
+After the release
+-----------------
+
+The following want doing some time soon after a release has been made:
- - All done. Probably best to run `cvs up -A' now, or I'll only
- forget in a few days' time and get confused...
+ - If the release was made from a branch, make sure the version number
+ on the _trunk_ is up to date in all the locations listed above, so
+ that (e.g.) Unix snapshots come out right.