Introduction

This page outlines the release process for OpenVPN 2.x. It also works as a release checklist.

Pre-release checklist

Notifying external entities

OpenVPN Inc marketing

OpenVPN, Inc. marketing people should be notified 7 days prior to a new major release is about to be released. At minimum, allow for 48 hours.

Access Server team

OpenVPN Inc. Access server team should be notified prior to a release that affects the Access Server. This means primarily releases with security fixes.

Package maintainers

Downstream package maintainers (Debian, Ubuntu, Red Hat, etc) should be notified about releases with major security fixes. This is easiest to do via the ​oss-security mailing list.

Release checklist

Sync repositories

Merge pull requests and rebase your local clones for repositories affected by the release:

• tap-windows6
• openvpnserv2
• openvpn-build
• openvpn-gui

Prepare dependencies

• tap-windows6
  • Build
  • Cross-sign for Windows 7
  • Produce signed CAB files for attestation signing
  • Send CABs to Microsoft signing services
  • Wait 15-30 minutes
  • Download signed driver files
  • Copy signed driver files to tap-windows6 building/signing computer
  • Produce MSM packages
• openvpnserv2
  • Build
  • Put new version to build.openvpn.net
  • Put GPG signature (ASC file) to build.openvpn.net
• openvpn-gui
  • Generate and upload a source tarball and an ASCII GPG signature to build.openvpn.net with ​openvpn-release-scripts
• sbuild-wrapper
  • Generate changelog with ​openvpn-release-scripts
  • Update version.conf
  • Add changelogs to the Git repository
  • Build tarballs
  • Publish tar.gz on build.openvpn.net

Package

• Build Windows installers with openvpn-build/windows-msi
• Build Debian packages

Smoketest packages

• Windows installer
• Debian packages

Update online documentation

• Copy changelog generated by ​openvpn-release-scripts to Trac wiki (currently ChangesInOpenvpn25)
• Copy man-page generated by ​openvpn-release-scripts to build.openvpn.net (currently ​https://build.openvpn.net/man/openvpn-2.5/openvpn.8.html)

Publish packages

GPG-sign tarballs and Windows installers

Push Debian packages to apt repositories

Copy release files to build.openvpn.net

Copy release files to swupdate S3 bucket

Update community downloads page (needs corp-vpn)

Update links to latest release (not done as build dot openvpn dot net will be replaced soon)

Release announcements:

Mailing lists (attach changelog)

Forums

Twitter (optional)

Security announcement (as needed)

After release

Tag release and push tags to Git for all repositories that changed:

• tap-windows6 (when needed)
• openvpnserv2 (when needed)
• openvpn-gui
• openvpn-build
• sbuild-wrapper

Misc:

• Use PRODUCT_VERSION 2.5.0xx for release/2.5 and 2.5.1xx for release/2.6+
• Remove GitHub? tokens if you pushed to Git from winsigning.openvpn.in