The old release script that exists in another repository has aged, and
risks becoming messy beyond maintainability if it's made to deal with
multiple OpenSSL version schemes.
A solution, which has been seen in other projects, is to have the
release script as part of the versioned source tree, and ensure it's
adapted for the ongoing version scheme in that source tree.
This introduces dev/, a directory of OpenSSL developer "stuff". We
may expand it with other practical scripts to easy development setup
and other similar things that developers may need. For now, it's the
release script dev/release.sh, with auxilliary files in dev/release-aux/.
The script is self describing, the manual is available by running the
command `./dev/release.sh --manual`.
The dev/ directory shall never appear in a source distribution.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11516)
When creating a tarball, it's pointless to include scripts that assume
a git workspace.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7696)
Since recently, OpenSSL tarballs are produced with 'make tar' rather
than 'make dist', as the latter has turned out to be more troublesome
than useful.
The next step to look at is why we would need to configure at all to
produce a Makefile just to produce a tarball. After all, the tarball
should now only contain source files that are present even without
configuring.
Furthermore, the current method for producing tarballs is a bit
complex, and can be greatly simplified with the right tools. Since we
have everything versioned with git, we might as well use the tool that
comes with it.
Added: util/mktar.sh, a simple script to produce OpenSSL tarballs. It
takes the options --name to modify the prefix of the distribution, and
--tarfile tp modify the tarball file name specifically.
This also adds a few entries in .gitattributes to specify files that
should never end up in a distribution tarball.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7692)
Originally PKCS#12 subroutines treated password strings as ASCII.
It worked as long as they were pure ASCII, but if there were some
none-ASCII characters result was non-interoperable. But fixing it
poses problem accessing data protected with broken password. In
order to make asscess to old data possible add retry with old-style
password.
Reviewed-by: Richard Levitte <levitte@openssl.org>
