wiki:Openvpn2ReleaseProcess

Version 1 (modified by Samuli Seppänen, 17 months ago) (diff)

Partially sanitized version of OpenVPN 2.x release process

Introduction

This page outlines the release process for OpenVPN 2.x. It also works as a release checklist.

Pre-release checklist

Notifying external entities

OpenVPN Inc marketing

OpenVPN, Inc. marketing people should be notified 7 days prior to a new major release is about to be released. At minimum, allow for 48 hours.

Access Server team

OpenVPN Inc. Access server team should be notified prior to a release that affects the Access Server. This means primarily releases with security fixes.

Package maintainers

Downstream package maintainers (Debian, Ubuntu, Red Hat, etc) should be notified about releases with major security fixes. This is easiest to do via the oss-security mailing list.

Release checklist

Update repositories

  • tap-windows6 (when needed)
    • Merge pull requests
    • Rebase local tap-windows6 clone with latest upstream code
  • openvpnserv2 (when needed)
    • Merge pull requests
    • Rebase with upstream
  • openvpn-gui
    • Merge pull requests
  • openvpn-build
    • Merge pull requests
    • Rebase local clone with upstream

Update release dependencies

  • tap-windows6 (when updated)
    • Build
    • Cross-sign for Windows 7
    • Produce signed CAB files for attestation signing
    • Send CABs to Microsoft signing services
    • Wait 15-30 minutes
    • Download signed driver files
    • Copy signed driver files to tap-windows6 building/signing computer
    • Produce MSM packages
    • Tag release
    • Push changes and tags to Git
  • openvpnserv2 (when needed)
    • Build
    • Put new version to build.openvpn.net
    • Put GPG signature (ASC file) to build.openvpn.net
    • Tag the release
    • Push changes and tags to Git
  • openvpn-gui
    • Merge pull requests
    • Use openvpn-release-scripts to generate and upload a source tarball and GPG signature to build.openvpn.net
    • Push changes and tags to Git
  • openvpn-build
    • Tag the release

Use PRODUCT_VERSION 2.5.0xx for release/2.5 and 2.5.1xx for release/2.6+

  • Push changes and tags to Git
  • Push changes to Git
  • sbuild-wrapper
    • Generate changelog with [

Add changelog (auto-generated by openvpn-release-scripts)

Update version.conf

Push changes to Git

Prepare for packaging

Build tarballs

Publish tar.gz on build.openvpn.net

Package:

Build Windows installers

Build Debian packages

Smoketest packages:

Windows installer

Debian packages

Update documentation:

Man-page on build.openvpn.net

Changelog on Trac

Publish packages:

GPG-sign tarballs and Windows installers

Push Debian packages to apt repositories

Copy release files to build.openvpn.net

Copy release files to swupdate S3 bucket

Update community downloads page (needs corp-vpn)

Update links to latest release (not done as build dot openvpn dot net will be replaced soon)

Release announcements:

Mailing lists (attach changelog)

Forums

Twitter (optional)

Security announcement (as needed)

Misc:

Remove GitHub? tokens if you pushed to Git from winsigning.openvpn.in