BuildingReleases

aerique edited this page May 29, 2018 · 31 revisions

4.0 and up and dnsdist

Before

  1. Write changelogs
    • To get a list of all the merged PRs since the previous version do:
      • git log --merges --oneline «previous-version»..«current-version»
      • example: git log --merges --oneline rec-4.1.0..master
    • Now create the changelog: ./build-scripts/changelog-from-pr.py PR# PR# PR#
    • Don't forget to change the XXXX's
  2. Update secpoll zonefile (do not forget to update the SOA serial!)
  3. Write draft blogpost

Building the tarballs and packages

  1. Tag the commit git tag -a dnsdist-X.Y.Z (tag prereleases as dnsdist-X.Y.Z-{alpha,beta,rc})
    • Do a git tag -n to see what the previous messages look like and make a similar one
    • Tag the commit before the changelog and secpoll update, otherwise users will get a secpoll upgrade notice while there's no release available yet
  2. Push the tag with git push --tags
  3. Login to the webinterface at builder.powerdns.com
  4. "Builds >> Builders >> create-dnsdist-tar-bz2"
  5. (top right) "force-create-dnsdist-tar-bz2"
  6. Fill in the tag at "revision", check the "is_release"-checkbox (this enables special version name processing)
  7. Hit "Start build"
  8. wait for tarballs and packages to be created
  9. wait for all downstream tests to pass

Uploading and signing the tarball

  1. (on download1.powerdns.com) Copy the tarball to /releases. e.g. cp /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/$PRODUCT-$VERSION.tar.bz2 /srv/www/downloads.powerdns.com/releases
  2. Copy the tarball to your local system for signing (e.g. rsync download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/$PRODUCT-$VERSION.tar.bz2 .)
  3. Sign the tarball with your gpg key with your powerdns.com address on it. Both --detach-sign and --detach-sign --armor
  4. Upload the signature files to the right place on downloads.powerdns.com (e.g. rsync *.tar.bz2.* download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/)
  5. In the case of CVEs, move the minimal patches to download1:/srv/www/downloads.powerdns.com/patches/ (the minimal patches are send in an e-mail by Remi to customers

Publishing packages (releases)

  1. (on repo1.powerdns.com, in your homedir) mkdir $PRODUCT-$VERSION
  2. (on download1.powerdns.com, use ssh -A) rsync -a --progress /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/ repo.powerdns.com:$PRODUCT-$VERSION \;
  3. (on repo1.powerdns.com) Extract all the tarballs with packages: cd $PRODUCT-$VERSION; /home/pieter/move_pkgs.sh
  4. (on repo1.powerdns.com) Become the user repo: sudo -u repo -i and start bash
  5. (on repo1.powerdns.com, as repo) Copy the dir from your homedir. rsync ~YOU/$PRODUCT-$VERSION /srv/repo/upload
    • For some reason this never worked for me, so I did: cp -a $YOU/$PRODUCT-$VERSION /srv/repo/upload/
  6. (on repo1.powerdns.com, as repo) Publish the CentOS RPMs: for x in 6 7; do createrepo_wrapper centos $x $PRODUCT-$VERSION_REPO $PRODUCT-VERSION-centos-$x-x86_64/*.rpm; done
  7. (if auth) (on repo1.powerdns.com, as repo) Publish the SLES RPMs: createrepo_wrapper sles 12.1 auth-40 sles-121-x86_64/*.rpm
  8. (on repo1.powerdns.com, as repo) Publish the Ubuntu debs: for x in trusty xenial artful; do reprepro -b /srv/repo/ubuntu/ includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-ubuntu-$x-amd64/*.deb ; done
  9. (on repo1.powerdns.com, as repo) Publish the Debian debs: for x in jessie stretch; do reprepro -b /srv/repo/debian/ includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-debian-$x-amd64/*.deb; done
  10. (on repo1.powerdns.com, as repo) Publish the Raspbian debs: reprepro -b /srv/repo/raspbian/ includedeb jessie-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-raspbian-jessie-armhf/*.deb

Publishing packages (prereleases)

NOTE not yet updated!

All on download1.powerdns.com

  1. mkdir pdns-recursor-4.0.5-rc1
  2. cd pdns-recursor-4.0.5-rc1
  3. find /srv/www/downloads.powerdns.com/autobuilt/recursor/ -name 'pdns-recursor*4.0.5*rc*' -exec cp {} . \;
  4. ~pieter/move_pkgs.sh
  5. find . -type f -name 'pdns-recursor*4.0.5*rc*' | sort | xargs sha256sum > sha256sums
  6. Sign the sha256sums file (both --detach-sign and --detach-sign --armor)
  7. cd ..
  8. mv pdns-recursor-4.0.5-rc1 /srv/www/downloads.powerdns.com/releases/packages

Testing

Packages

  1. docker pull centos:$OS_VERSION or docker pull debian:$OS_VERSION or docker pull ubuntu:$OS_VERSION
  2. docker run -it $OS_FROM_PREVIOUS_LINE:$VERSION /bin/bash
  3. Follow instructions on https://repo.powerdns.com/

For the Raspberry Pi packages there's a physical RPi in the office. (Docker can be tried but never worked for me.)

Secpoll

  1. dig @pdns-public-ns1.powerdns.com TXT $PRODUCT-$VERSION.security-status.secpoll.powerdns.com +norec +short

Announce

  1. Post on blog - this will also announce to twitter and facebook
  2. If this is a final release, update www.powerdns.com too (git show dfe82b25d2ffa53ab2ff00c465c4a0bd3aa998b5)
  3. Send out SIGNED announcements to pdns-dev/pdns-announce/pdns-users
  4. announce on G+, linkedin - do this for RCs too, to all sites!
  5. update wikipedia and irc topic (for final releases)
  6. #dns on freenode update (send a PR)

pre 4.0

Auth

  1. Decide on a version number
  2. Wait for Jenkins to successfully build, test and package the release branch with the edits above
  3. tag it! git tag -a auth-3.3-rc1
  4. push it git push origin TAG-NAME
  5. do a build ( https://autotest.powerdns.com/job/auth-git/ or /recursor-git/ -> Build With Parameters), enter the tag (auth-3.3-rc1) (or from CLI: jenkins build auth-git -p PDNS_TAG=auth-3.4.0-rc2)
  6. Create a new release branch (rel/auth-3.3) from the current release branch or master for the next release
  7. while waiting for the build, write the release announcement
  8. update secpoll zone
  9. when the build is done, copy the packages and tar.bz2 to the right spots
  10. if this is a final release, update www.powerdns.com too (git show dfe82b25d2ffa53ab2ff00c465c4a0bd3aa998b5) send out announcements to pdns-dev/pdns-announce/pdns-users (gpg --clearsign -u netherlabs < announce-3.2-final > announce-3.2-final.signed)
  11. post on blog - this will also announce to twitter and facebook
  12. announce on G+, linkedin - do this for RCs too, to all sites!
  13. update wikipedia and irc topic (for final releases)
  14. #dns on freenode update (ask twkm)

Recursor

  1. Decide on a version number
  2. Update public suffix list in pdns/effective_tld_names.dat
  3. Wait for Jenkins to successfully build, test and package the release branch with the edits above ([rec] do a 1 million bulktest run with this build, check recursor.log for weird failures)
  4. tag it! git tag -a auth-3.3-rc1
  5. push it git push origin TAG-NAME
  6. do a build ( https://autotest.powerdns.com/job/auth-git/ or /recursor-git/ -> Build With Parameters), enter the tag (auth-3.3-rc1) (or from CLI: jenkins build auth-git -p PDNS_TAG=auth-3.4.0-rc2)
  7. Create a new release branch (rel/auth-3.3) from the current release branch or master for the next release
  8. do a build ( https://autotest.powerdns.com/job/auth-git/ or /recursor-git/ -> Build With Parameters), enter the tag (auth-3.3-rc1) (or from CLI: jenkins build auth-git -p PDNS_TAG=auth-3.4.0-rc2)
  9. while waiting for the build, write the release announcement
  10. update secpoll zone
  11. when the build is done, copy the packages and tar.bz2 to the right spots
  12. if this is a final release, update www.powerdns.com too (git show dfe82b25d2ffa53ab2ff00c465c4a0bd3aa998b5) send out announcements to pdns-dev/pdns-announce/pdns-users (gpg --clearsign -u netherlabs < announce-3.2-final > announce-3.2-final.signed)
  13. post on blog - this will also announce to twitter and facebook
  14. announce on G+, linkedin - do this for RCs too, to all sites!
  15. update wikipedia and irc topic (for final releases)
  16. #dns on freenode update (send PR to https://github.com/dns-channel/dns-channel.github.io or ask @Habbie who can just push)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.