Version 3 (modified by 18 months ago) (diff) | ,
---|
Introduction
This page outlines the release process for OpenVPN 2.x. It also works as a release checklist.
Pre-release checklist
Notifying external entities
OpenVPN Inc marketing
OpenVPN, Inc. marketing people should be notified 7 days prior to a new major release is about to be released. At minimum, allow for 48 hours.
Access Server team
OpenVPN Inc. Access server team should be notified prior to a release that affects the Access Server. This means primarily releases with security fixes.
Package maintainers
Downstream package maintainers (Debian, Ubuntu, Red Hat, etc) should be notified about releases with major security fixes. This is easiest to do via the oss-security mailing list.
Release checklist
Sync repositories
Merge pull requests and rebase your local clones for repositories affected by the release:
- tap-windows6
- openvpnserv2
- openvpn-build
- openvpn-gui
Prepare dependencies
- tap-windows6
- Build
- Cross-sign for Windows 7
- Produce signed CAB files for attestation signing
- Send CABs to Microsoft signing services
- Wait 15-30 minutes
- Download signed driver files
- Copy signed driver files to tap-windows6 building/signing computer
- Produce MSM packages
- openvpnserv2
- Build
- Put new version to build.openvpn.net
- Put GPG signature (ASC file) to build.openvpn.net
- openvpn-gui
- Generate and upload a source tarball and an ASCII GPG signature to build.openvpn.net with openvpn-release-scripts
- sbuild-wrapper
- Generate changelog with openvpn-release-scripts
- Update version.conf
- Add changelogs to the Git repository
- Build tarballs
- Publish tar.gz on build.openvpn.net
Package
- Build Windows installers with openvpn-build/windows-msi
- Build Debian packages
Smoketest packages
- Windows installer
- Debian packages
Update online documentation
- Copy changelog generated by openvpn-release-scripts to Trac wiki (currently ChangesInOpenvpn25)
- Copy man-page generated by openvpn-release-scripts to build.openvpn.net (currently https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html)
Publish packages
GPG-sign tarballs and Windows installers
Push Debian packages to apt repositories
Copy release files to build.openvpn.net
Copy release files to swupdate S3 bucket
Update community downloads page (needs corp-vpn)
Update links to latest release (not done as build dot openvpn dot net will be replaced soon)
Release announcements:
Mailing lists (attach changelog)
Forums
Twitter (optional)
Security announcement (as needed)
After release
Tag release and push tags to Git for all repositories that changed:
- tap-windows6 (when needed)
- openvpnserv2 (when needed)
- openvpn-gui
- openvpn-build
- sbuild-wrapper
Misc:
- Use PRODUCT_VERSION 2.5.0xx for release/2.5 and 2.5.1xx for release/2.6+
- Remove GitHub? tokens if you pushed to Git from winsigning.openvpn.in