mirror of
https://github.com/openssl/openssl.git
synced 2025-01-06 13:26:43 +08:00
64af3aecae
Doing this is kind of contrary to how we normally do things, as this constitutes a kind of pre-approval. However, without this, the normal review process will modify the reviewed commits, and render the annotated release tag invalid, which forces the person doing the release to re-tag manually. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11630)
741 lines
19 KiB
Bash
Executable File
741 lines
19 KiB
Bash
Executable File
#! /bin/bash -e
|
||
# Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||
#
|
||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
# this file except in compliance with the License. You can obtain a copy
|
||
# in the file LICENSE in the source distribution or at
|
||
# https://www.openssl.org/source/license.html
|
||
|
||
# This is the most shell agnostic way to specify that POSIX rules.
|
||
POSIXLY_CORRECT=1
|
||
|
||
usage () {
|
||
cat <<EOF
|
||
Usage: release.sh [ options ... ]
|
||
|
||
--alpha Start or increase the "alpha" pre-release tag.
|
||
--next-beta Switch to the "beta" pre-release tag after alpha release.
|
||
It can only be given with --alpha.
|
||
--beta Start or increase the "beta" pre-release tag.
|
||
--final Get out of "alpha" or "beta" and make a final release.
|
||
Implies --branch.
|
||
|
||
--branch Create a release branch 'openssl-{major}.{minor}.x',
|
||
where '{major}' and '{minor}' are the major and minor
|
||
version numbers.
|
||
|
||
--reviewer=<id> The reviewer of the commits.
|
||
--local-user=<keyid>
|
||
For the purpose of signing tags and tar files, use this
|
||
key (default: use the default e-mail address’ key).
|
||
|
||
--no-upload Don't upload to upload@dev.openssl.org.
|
||
--no-update Don't perform 'make update'.
|
||
--verbose Verbose output.
|
||
--debug Include debug output. Implies --no-upload.
|
||
|
||
--force Force execution
|
||
|
||
--help This text
|
||
--manual The manual
|
||
|
||
If none of --alpha, --beta, or --final are given, this script tries to
|
||
figure out the next step.
|
||
EOF
|
||
exit 0
|
||
}
|
||
|
||
# Set to one of 'major', 'minor', 'alpha', 'beta' or 'final'
|
||
next_method=
|
||
next_method2=
|
||
|
||
do_branch=false
|
||
warn_branch=false
|
||
|
||
do_clean=true
|
||
do_upload=true
|
||
do_update=true
|
||
DEBUG=:
|
||
VERBOSE=:
|
||
git_quiet=-q
|
||
|
||
force=false
|
||
|
||
do_help=false
|
||
do_manual=false
|
||
|
||
tagkey=' -s'
|
||
gpgkey=
|
||
reviewers=
|
||
|
||
upload_address=upload@dev.openssl.org
|
||
|
||
TEMP=$(getopt -l 'alpha,next-beta,beta,final' \
|
||
-l 'branch' \
|
||
-l 'no-upload,no-update' \
|
||
-l 'verbose,debug' \
|
||
-l 'local-user:' \
|
||
-l 'reviewer:' \
|
||
-l 'force' \
|
||
-l 'help,manual' \
|
||
-n release.sh -- - "$@")
|
||
eval set -- "$TEMP"
|
||
while true; do
|
||
case $1 in
|
||
--alpha | --beta | --final )
|
||
next_method=$(echo "x$1" | sed -e 's|^x--||')
|
||
if [ -z "$next_method2" ]; then
|
||
next_method2=$next_method
|
||
fi
|
||
shift
|
||
if [ "$next_method" = 'final' ]; then
|
||
do_branch=true
|
||
fi
|
||
;;
|
||
--next-beta )
|
||
next_method2=$(echo "x$1" | sed -e 's|^x--next-||')
|
||
shift
|
||
;;
|
||
--branch )
|
||
do_branch=true
|
||
warn_branch=true
|
||
shift
|
||
;;
|
||
--no-upload )
|
||
do_upload=false
|
||
shift
|
||
;;
|
||
--no-update )
|
||
do_update=false
|
||
shift
|
||
;;
|
||
--verbose )
|
||
VERBOSE=echo
|
||
git_quiet=
|
||
shift
|
||
;;
|
||
--debug )
|
||
DEBUG=echo
|
||
do_upload=false
|
||
shift
|
||
;;
|
||
--local-user )
|
||
shift
|
||
tagley=" -u $1"
|
||
gpgkey=" -u $1"
|
||
shift
|
||
;;
|
||
--reviewer )
|
||
reviewers="$reviewers $1=$2"
|
||
shift
|
||
shift
|
||
;;
|
||
--force )
|
||
force=true
|
||
shift
|
||
;;
|
||
--help )
|
||
usage
|
||
exit 0
|
||
;;
|
||
--manual )
|
||
sed -e '1,/^### BEGIN MANUAL/d' \
|
||
-e '/^### END MANUAL/,$d' \
|
||
< "$0" \
|
||
| pod2man \
|
||
| man -l -
|
||
exit 0
|
||
;;
|
||
-- )
|
||
shift
|
||
break
|
||
;;
|
||
* )
|
||
echo >&2 "Unknown option $1"
|
||
shift
|
||
exit 1
|
||
;;
|
||
esac
|
||
done
|
||
|
||
$DEBUG >&2 "DEBUG: \$next_method=$next_method"
|
||
$DEBUG >&2 "DEBUG: \$next_method2=$next_method2"
|
||
|
||
$DEBUG >&2 "DEBUG: \$do_branch=$do_branch"
|
||
|
||
$DEBUG >&2 "DEBUG: \$do_upload=$do_upload"
|
||
$DEBUG >&2 "DEBUG: \$do_update=$do_update"
|
||
$DEBUG >&2 "DEBUG: \$DEBUG=$DEBUG"
|
||
$DEBUG >&2 "DEBUG: \$VERBOSE=$VERBOSE"
|
||
$DEBUG >&2 "DEBUG: \$git_quiet=$git_quiet"
|
||
|
||
case "$next_method+$next_method2" in
|
||
major+major | minor+minor )
|
||
# These are expected
|
||
;;
|
||
alpha+alpha | alpha+beta | beta+beta | final+final | + | +beta )
|
||
# These are expected
|
||
;;
|
||
* )
|
||
echo >&2 "Internal option error ($next_method, $next_method2)"
|
||
exit 1
|
||
;;
|
||
esac
|
||
|
||
# Verbosity feed for certain commands
|
||
VERBOSITY_FIFO=/tmp/openssl-$$.fifo
|
||
mkfifo -m 600 $VERBOSITY_FIFO
|
||
( cat $VERBOSITY_FIFO | while read L; do $VERBOSE "> $L"; done ) &
|
||
exec 42>$VERBOSITY_FIFO
|
||
trap "exec 42>&-; rm $VERBOSITY_FIFO" 0 2
|
||
|
||
# Setup ##############################################################
|
||
|
||
# Make sure we're in the work directory
|
||
cd $(dirname $0)/..
|
||
HERE=$(pwd)
|
||
|
||
# Check that we have the scripts that define functions we use
|
||
found=true
|
||
for fn in "$HERE/dev/release-aux/release-version-fn.sh" \
|
||
"$HERE/dev/release-aux/release-state-fn.sh"; do
|
||
if ! [ -f "$fn" ]; then
|
||
echo >&2 "'$fn' is missing"
|
||
found=false
|
||
fi
|
||
done
|
||
if ! $found; then
|
||
exit 1
|
||
fi
|
||
|
||
# Load version functions
|
||
. $HERE/dev/release-aux/release-version-fn.sh
|
||
. $HERE/dev/release-aux/release-state-fn.sh
|
||
|
||
# Make sure it's a branch we recognise
|
||
orig_branch=$(git rev-parse --abbrev-ref HEAD)
|
||
if (echo "$orig_branch" \
|
||
| grep -E -q \
|
||
-e '^master$' \
|
||
-e '^OpenSSL_[0-9]+_[0-9]+_[0-9]+[a-z]*-stable$' \
|
||
-e '^openssl-[0-9]+\.[0-9]+\.x$'); then
|
||
:
|
||
elif $force; then
|
||
:
|
||
else
|
||
echo >&2 "Not in master or any recognised release branch"
|
||
echo >&2 "Please 'git checkout' an approprite branch"
|
||
exit 1
|
||
fi
|
||
|
||
# Initialize #########################################################
|
||
|
||
echo "== Initializing work tree"
|
||
|
||
get_version
|
||
|
||
# Generate a cloned directory name
|
||
clone_branch="openssl-$SERIES.x"
|
||
release_clone="$clone_branch-release-tmp"
|
||
|
||
echo "== Work tree will be in $release_clone"
|
||
|
||
# Make a clone in a subdirectory and move there
|
||
if ! [ -d "$release_clone" ]; then
|
||
$VERBOSE "== Cloning to $release_clone"
|
||
git clone $git_quiet -b "$orig_branch" . "$release_clone"
|
||
fi
|
||
cd "$release_clone"
|
||
|
||
get_version
|
||
|
||
current_branch="$(git rev-parse --abbrev-ref HEAD)"
|
||
new_branch="openssl-$SERIES.x"
|
||
|
||
# Check that we're still on the same branch, or on a release branch
|
||
if [ "$current_branch" = "$orig_branch" ]; then
|
||
:
|
||
elif [ "$current_branch" = "$new_branch" ]; then
|
||
:
|
||
else
|
||
echo >&2 "The cloned sub-directory '$release_clone' is on a branch"
|
||
echo >&2 "other than '$current_branch' or '$new_branch'"
|
||
echo >&2 "Please 'cd \"$(pwd)\"; git checkout $current_branch'"
|
||
exit 1
|
||
fi
|
||
|
||
if $do_branch; then
|
||
if [ "$current_branch" = "$new_branch" ]; then
|
||
do_branch=false
|
||
fi
|
||
if ! $do_branch && $warn_branch; then
|
||
echo >&2 "Warning: --branch ignored, we're already in a release branch"
|
||
fi
|
||
fi
|
||
|
||
SOURCEDIR=$(pwd)
|
||
$DEBUG >&2 "DEBUG: Source directory is $SOURCEDIR"
|
||
|
||
# Release ############################################################
|
||
|
||
# We always expect to start from a state of development
|
||
if [ "$TYPE" != 'dev' ]; then
|
||
echo >&2 "Not in a development branch"
|
||
echo >&2 "Have a look at the git log in $release_clone, it may be that"
|
||
echo >&2 "a previous crash left it in an intermediate state and that"
|
||
echo >&2 "need to drop the top commit:"
|
||
echo >&2 ""
|
||
echo >&2 "(cd $release_clone; git reset --hard HEAD^)"
|
||
echo >&2 "# WARNING! LOOK BEFORE YOU ACT"
|
||
exit 1
|
||
fi
|
||
|
||
# We only create a release branch if the patch number is zero
|
||
if [ $PATCH -ne 0 ]; then
|
||
if $do_branch; then
|
||
echo >&2 "Warning! We're already in a release branch; --branch ignored"
|
||
fi
|
||
do_branch=false
|
||
fi
|
||
|
||
# Update the version information. This won't save anything anywhere, yet,
|
||
# but does check for possible next_method errors before we do bigger work.
|
||
next_release_state "$next_method"
|
||
|
||
if $do_branch; then
|
||
$VERBOSE "== Creating a release branch: $new_branch"
|
||
git checkout $git_quiet -b "$new_branch"
|
||
fi
|
||
|
||
echo "== Configuring OpenSSL for update and release. This may take a bit of time"
|
||
|
||
./Configure cc >&42
|
||
|
||
$VERBOSE "== Checking source file updates"
|
||
|
||
make update >&42
|
||
|
||
if [ -n "$(git status --porcelain)" ]; then
|
||
$VERBOSE "== Committing updates"
|
||
git add -u
|
||
git commit $git_quiet -m 'make update'
|
||
if [ -n "$reviewers" ]; then
|
||
addrev --nopr $reviewers
|
||
fi
|
||
fi
|
||
|
||
# Write the version information we updated
|
||
set_version
|
||
|
||
if [ -n "$PRE_LABEL" ]; then
|
||
release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
|
||
release_text="$SERIES$BUILD_METADATA $PRE_LABEL $PRE_NUM"
|
||
announce_template=openssl-announce-pre-release.tmpl
|
||
else
|
||
release="$VERSION$BUILD_METADATA"
|
||
release_text="$release"
|
||
announce_template=openssl-announce-release.tmpl
|
||
fi
|
||
tag="openssl-$release"
|
||
$VERBOSE "== Updated version information to $release"
|
||
|
||
$VERBOSE "== Updating files with release date for $release : $RELEASE_DATE"
|
||
for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do
|
||
file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-release\.pl$||')"
|
||
$VERBOSE "> $file"
|
||
RELEASE="$release" RELEASE_TEXT="$release_text" RELEASE_DATE="$RELEASE_DATE" \
|
||
perl -pi $fixup $file
|
||
done
|
||
|
||
$VERBOSE "== Comitting updates and tagging"
|
||
git add -u
|
||
git commit $git_quiet -m "Prepare for release of $release_text"
|
||
if [ -n "$reviewers" ]; then
|
||
addrev --nopr $reviewers
|
||
fi
|
||
echo "Tagging release with tag $tag. You may need to enter a pass phrase"
|
||
git tag$tagkey "$tag" -m "OpenSSL $release release tag"
|
||
|
||
tarfile=openssl-$release.tar
|
||
tgzfile=$tarfile.gz
|
||
announce=openssl-$release.txt
|
||
|
||
echo "== Generating tar, hash and announcement files. This make take a bit of time"
|
||
|
||
$VERBOSE "== Making tarfile: $tgzfile"
|
||
# Unfortunately, util/mktar.sh does verbose output on STDERR... for good
|
||
# reason, but it means we don't display errors unless --verbose
|
||
./util/mktar.sh --tarfile="../$tarfile" 2>&1 \
|
||
| while read L; do $VERBOSE "> $L"; done
|
||
|
||
if ! [ -f "../$tgzfile" ]; then
|
||
echo >&2 "Where did the tarball end up? (../$tgzfile)"
|
||
exit 1
|
||
fi
|
||
|
||
$VERBOSE "== Generating checksums: $tgzfile.sha1 $tgzfile.sha256"
|
||
openssl sha1 < "../$tgzfile" | \
|
||
(IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha1"
|
||
openssl sha256 < "../$tgzfile" | \
|
||
(IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha256"
|
||
length=$(wc -c < "../$tgzfile")
|
||
sha1hash=$(cat "../$tgzfile.sha1")
|
||
sha256hash=$(cat "../$tgzfile.sha256")
|
||
|
||
$VERBOSE "== Generating announcement text: $announce"
|
||
# Hack the announcement template
|
||
cat "$HERE/dev/release-aux/$announce_template" \
|
||
| sed -e "s|\\\$release_text|$release_text|g" \
|
||
-e "s|\\\$release|$release|g" \
|
||
-e "s|\\\$series|$SERIES|g" \
|
||
-e "s|\\\$label|$PRE_LABEL|g" \
|
||
-e "s|\\\$tarfile|$tgzfile|" \
|
||
-e "s|\\\$length|$length|" \
|
||
-e "s|\\\$sha1hash|$sha1hash|" \
|
||
-e "s|\\\$sha256hash|$sha256hash|" \
|
||
| perl -p "$HERE/dev/release-aux/fix-title.pl" \
|
||
> "../$announce"
|
||
|
||
$VERBOSE "== Generating signatures: $tgzfile.asc $announce.asc"
|
||
rm -f "../$tgzfile.asc" "../$announce.asc"
|
||
echo "Signing the release files. You may need to enter a pass phrase"
|
||
gpg$gpgkey --use-agent -sba "../$tgzfile"
|
||
gpg$gpgkey --use-agent -sta --clearsign "../$announce"
|
||
|
||
# We finish off by resetting all files, so we don't have to update
|
||
# files with release dates again
|
||
$VERBOSE "== Reset all files to their pre-commit contents"
|
||
git reset $git_quiet HEAD^ -- .
|
||
git checkout -- .
|
||
|
||
if $do_upload; then
|
||
(
|
||
if [ "$VERBOSE" != ':' ]; then
|
||
echo "progress"
|
||
fi
|
||
echo "put ../$tgzfile"
|
||
echo "put ../$tgzfile.sha1"
|
||
echo "put ../$tgzfile.sha256"
|
||
echo "put ../$tgzfile.asc"
|
||
echo "put ../$announce.asc"
|
||
) \
|
||
| sftp "$upload_address"
|
||
fi
|
||
|
||
# Post-release #######################################################
|
||
|
||
prev_release_text="$release_text"
|
||
prev_release_date="$RELEASE_DATE"
|
||
|
||
next_release_state "$next_method2"
|
||
set_version
|
||
|
||
release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
|
||
release_text="$VERSION$BUILD_METADATA"
|
||
if [ -n "$PRE_LABEL" ]; then
|
||
release_text="$SERIES$BUILD_METADATA $PRE_LABEL $PRE_NUM"
|
||
fi
|
||
$VERBOSE "== Updated version information to $release"
|
||
|
||
$VERBOSE "== Updating files for $release :"
|
||
for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
|
||
file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
|
||
$VERBOSE "> $file"
|
||
RELEASE="$release" RELEASE_TEXT="$release_text" \
|
||
PREV_RELEASE_TEXT="$prev_release_text" \
|
||
PREV_RELEASE_DATE="$prev_release_date" \
|
||
perl -pi $fixup $file
|
||
done
|
||
|
||
$VERBOSE "== Comitting updates"
|
||
git add -u
|
||
git commit $git_quiet -m "Prepare for $release_text"
|
||
if [ -n "$reviewers" ]; then
|
||
addrev --nopr $reviewers
|
||
fi
|
||
|
||
if $do_branch; then
|
||
$VERBOSE "== Going back to the main branch $current_branch"
|
||
git checkout $git_quiet "$current_branch"
|
||
|
||
get_version
|
||
next_release_state "minor"
|
||
set_version
|
||
|
||
release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
|
||
release_text="$SERIES$BUILD_METADATA"
|
||
$VERBOSE "== Updated version information to $release"
|
||
|
||
$VERBOSE "== Updating files for $release :"
|
||
for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
|
||
file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
|
||
$VERBOSE "> $file"
|
||
RELEASE="$release" RELEASE_TEXT="$release_text" \
|
||
perl -pi $fixup $file
|
||
done
|
||
|
||
$VERBOSE "== Comitting updates"
|
||
git add -u
|
||
git commit $git_quiet -m "Prepare for $release_text"
|
||
if [ -n "$reviewers" ]; then
|
||
addrev --nopr $reviewers
|
||
fi
|
||
fi
|
||
|
||
# Done ###############################################################
|
||
|
||
$VERBOSE "== Done"
|
||
|
||
cat <<EOF
|
||
|
||
======================================================================
|
||
The release is done, and involves a few commits for you to deal with.
|
||
It has all been done in a clone of this workspace, see details below.
|
||
EOF
|
||
if $do_branch; then
|
||
cat <<EOF
|
||
Additionally, a release branch has been created for you, so you need
|
||
to look for new commits in two places.
|
||
EOF
|
||
fi
|
||
|
||
if $do_release; then
|
||
cat <<EOF
|
||
|
||
These files were uploaded to $upload_address:
|
||
|
||
../$tgzfile
|
||
../$tgzfile.sha1
|
||
../$tgzfile.sha256
|
||
../$tgzfile.asc
|
||
../$announce.asc
|
||
EOF
|
||
fi
|
||
|
||
cat <<EOF
|
||
|
||
Release worktree: $release_clone
|
||
EOF
|
||
if [ "$current_branch" != "$new_branch" ]; then
|
||
cat <<EOF
|
||
Current branch: $current_branch
|
||
EOF
|
||
fi
|
||
if $do_branch; then
|
||
cat <<EOF
|
||
New release branch: $new_branch
|
||
EOF
|
||
fi
|
||
|
||
cat <<EOF
|
||
======================================================================
|
||
EOF
|
||
|
||
cat <<EOF
|
||
If something went wrong and you want to start over, all you need is to
|
||
remove the release worktree:
|
||
|
||
rm -rf $release_clone
|
||
|
||
If a tarball was uploaded, you must also clean that away, or ask you
|
||
kind OpenSSL sysadmin to do so.
|
||
EOF
|
||
|
||
exit 0
|
||
|
||
# cat is inconsequential, it's only there to fend off zealous shell parsers
|
||
# that parse all the way here.
|
||
cat <<EOF
|
||
### BEGIN MANUAL
|
||
=pod
|
||
|
||
=head1 NAME
|
||
|
||
release.sh - OpenSSL release script
|
||
|
||
=head1 SYNOPSIS
|
||
|
||
B<release.sh>
|
||
[
|
||
B<--alpha> |
|
||
B<--next-beta> |
|
||
B<--beta> |
|
||
B<--final> |
|
||
B<--branch> |
|
||
B<--local-user>=I<keyid> |
|
||
B<--reviewer>=I<id> |
|
||
B<--no-upload> |
|
||
B<--no-update> |
|
||
B<--verbose> |
|
||
B<--debug> |
|
||
B<--help> |
|
||
B<--manual>
|
||
]
|
||
|
||
=head1 DESCRIPTION
|
||
|
||
B<release.sh> creates an OpenSSL release, given current worktree conditions.
|
||
It will refuse to work unless the current branch is C<master> or a release
|
||
branch (see L</RELEASE BRANCHES AND TAGS> below for a discussion on those).
|
||
|
||
B<release.sh> tries to be smart and figure out the next release if no hints
|
||
are given through options, and will exit with an error in ambiguous cases.
|
||
|
||
B<release.sh> always clones the current workspace into a sub-directory
|
||
named C<< openssl-I<SERIES>-tmp >>, where C<< I<SERIES> >> is taken from
|
||
the available version information in the source.
|
||
|
||
=head1 OPTIONS
|
||
|
||
=over 4
|
||
|
||
=item B<--alpha>, B<--beta>
|
||
|
||
Set the state of this branch to indicate that alpha or beta releases are
|
||
to be done.
|
||
|
||
B<--alpha> is only acceptable if the I<PATCH> version number is zero and
|
||
the current state is "in development" or that alpha releases are ongoing.
|
||
|
||
B<--beta> is only acceptable if the I<PATCH> version number is zero and
|
||
that alpha or beta releases are ongoing.
|
||
|
||
=item B<--next-beta>
|
||
|
||
Use together with B<--alpha> to switch to beta releases after the current
|
||
release is done.
|
||
|
||
=item B<--final>
|
||
|
||
Set the state of this branch to indicate that regular releases are to be
|
||
done. This is only valid if alpha or beta releases are currently ongoing.
|
||
|
||
This implies B<--branch>.
|
||
|
||
=item B<--branch>
|
||
|
||
Create a branch specific for the I<SERIES>.x release series, if it doesn't
|
||
already exist, and switch to it. The exact branch name will be
|
||
C<< openssl-I<SERIES>.x >>.
|
||
|
||
=item B<--no-upload>
|
||
|
||
Don't upload the produced files.
|
||
|
||
=item B<--no-update>
|
||
|
||
Don't run C<make update>.
|
||
|
||
=item B<--verbose>
|
||
|
||
Verbose output.
|
||
|
||
=item B<--debug>
|
||
|
||
Display extra debug output. Implies B<--no-upload>
|
||
|
||
=item B<--local-user>=I<keyid>
|
||
|
||
Use I<keyid> as the local user for C<git tag> and for signing with C<gpg>.
|
||
|
||
If not given, then the default e-mail address' key is used.
|
||
|
||
=item B<--reviewer>=I<id>
|
||
|
||
Add I<id> to the set of reviewers for the commits performed by this script.
|
||
Multiple reviewers are allowed.
|
||
|
||
If no reviewer is given, you will have to run C<addrev> manually, which
|
||
means retagging a release commit manually as well.
|
||
|
||
=item B<--force>
|
||
|
||
Force execution. Precisely, the check that the current branch is C<master>
|
||
or a release branch is not done.
|
||
|
||
=item B<--help>
|
||
|
||
Display a quick help text and exit.
|
||
|
||
=item B<--manual>
|
||
|
||
Display this manual and exit.
|
||
|
||
=back
|
||
|
||
=head1 RELEASE BRANCHES AND TAGS
|
||
|
||
Prior to OpenSSL 3.0, the release branches were named
|
||
C<< OpenSSL_I<SERIES>-stable >>, and the release tags were named
|
||
C<< OpenSSL_I<VERSION> >> for regular releases, or
|
||
C<< OpenSSL_I<VERSION>-preI<n> >> for pre-releases.
|
||
|
||
From OpenSSL 3.0 ongoing, the release branches are named
|
||
C<< openssl-I<SERIES>.x >>, and the release tags are named
|
||
C<< openssl-I<VERSION> >> for regular releases, or
|
||
C<< openssl-I<VERSION>-alphaI<n> >> for alpha releases
|
||
and C<< openssl-I<VERSION>-betaI<n> >> for beta releases.
|
||
|
||
B<release.sh> recognises both forms.
|
||
|
||
=head1 VERSION AND STATE
|
||
|
||
With OpenSSL 3.0, all the version and state information is in the file
|
||
F<VERSION>, where the following variables are used and changed:
|
||
|
||
=over 4
|
||
|
||
=item B<MAJOR>, B<MINOR>, B<PATCH>
|
||
|
||
The three part of the version number.
|
||
|
||
=item B<PRE_RELEASE_TAG>
|
||
|
||
The indicator of the current state of the branch. The value may be one pf:
|
||
|
||
=over 4
|
||
|
||
=item C<dev>
|
||
|
||
This branch is "in development". This is typical for the C<master> branch
|
||
unless there are ongoing alpha or beta releases.
|
||
|
||
=item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
|
||
|
||
This branch has alpha releases going on. C<< alphaI<n>-dev >> is what
|
||
should normally be seen in the git workspace, indicating that
|
||
C<< alphaI<n> >> is in development. C<< alphaI<n> >> is what should be
|
||
found in the alpha release tar file.
|
||
|
||
=item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
|
||
|
||
This branch has beta releases going on. The details are otherwise exactly
|
||
as for alpha.
|
||
|
||
=item I<no value>
|
||
|
||
This is normally not seen in the git workspace, but should always be what's
|
||
found in the tar file of a regular release.
|
||
|
||
=back
|
||
|
||
=item B<RELEASE_DATE>
|
||
|
||
This is normally empty in the git workspace, but should always have the
|
||
release date in the tar file of any release.
|
||
|
||
=back
|
||
|
||
=head1 COPYRIGHT
|
||
|
||
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
this file except in compliance with the License. You can obtain a copy
|
||
in the file LICENSE in the source distribution or at
|
||
L<https://www.openssl.org/source/license.html>.
|
||
|
||
=cut
|
||
### END MANUAL
|
||
EOF
|