2
0

release.sh 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828
  1. #! /bin/bash -e
  2. # Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. #
  4. # Licensed under the Apache License 2.0 (the "License"). You may not use
  5. # this file except in compliance with the License. You can obtain a copy
  6. # in the file LICENSE in the source distribution or at
  7. # https://www.openssl.org/source/license.html
  8. # This is the most shell agnostic way to specify that POSIX rules.
  9. POSIXLY_CORRECT=1
  10. # Force C locale because some commands (like date +%b) relies
  11. # on the current locale.
  12. export LC_ALL=C
  13. usage () {
  14. cat <<EOF
  15. Usage: release.sh [ options ... ]
  16. --alpha Start or increase the "alpha" pre-release tag.
  17. --next-beta Switch to the "beta" pre-release tag after alpha release.
  18. It can only be given with --alpha.
  19. --beta Start or increase the "beta" pre-release tag.
  20. --final Get out of "alpha" or "beta" and make a final release.
  21. Implies --branch.
  22. --branch Create a release branch 'openssl-{major}.{minor}',
  23. where '{major}' and '{minor}' are the major and minor
  24. version numbers.
  25. --reviewer=<id> The reviewer of the commits.
  26. --local-user=<keyid>
  27. For the purpose of signing tags and tar files, use this
  28. key (default: use the default e-mail address’ key).
  29. --no-upload Don't upload to upload@dev.openssl.org.
  30. --no-update Don't perform 'make update' and 'make update-fips-checksums'.
  31. --verbose Verbose output.
  32. --debug Include debug output. Implies --no-upload.
  33. --force Force execution
  34. --help This text
  35. --manual The manual
  36. If none of --alpha, --beta, or --final are given, this script tries to
  37. figure out the next step.
  38. EOF
  39. exit 0
  40. }
  41. # Set to one of 'major', 'minor', 'alpha', 'beta' or 'final'
  42. next_method=
  43. next_method2=
  44. do_branch=false
  45. warn_branch=false
  46. do_clean=true
  47. do_upload=true
  48. do_update=true
  49. DEBUG=:
  50. VERBOSE=:
  51. git_quiet=-q
  52. force=false
  53. do_help=false
  54. do_manual=false
  55. tagkey=' -s'
  56. gpgkey=
  57. reviewers=
  58. upload_address=upload@dev.openssl.org
  59. TEMP=$(getopt -l 'alpha,next-beta,beta,final' \
  60. -l 'branch' \
  61. -l 'no-upload,no-update' \
  62. -l 'verbose,debug' \
  63. -l 'local-user:' \
  64. -l 'reviewer:' \
  65. -l 'force' \
  66. -l 'help,manual' \
  67. -n release.sh -- - "$@")
  68. eval set -- "$TEMP"
  69. while true; do
  70. case $1 in
  71. --alpha | --beta | --final )
  72. next_method=$(echo "x$1" | sed -e 's|^x--||')
  73. if [ -z "$next_method2" ]; then
  74. next_method2=$next_method
  75. fi
  76. shift
  77. if [ "$next_method" = 'final' ]; then
  78. do_branch=true
  79. fi
  80. ;;
  81. --next-beta )
  82. next_method2=$(echo "x$1" | sed -e 's|^x--next-||')
  83. shift
  84. ;;
  85. --branch )
  86. do_branch=true
  87. warn_branch=true
  88. shift
  89. ;;
  90. --no-upload )
  91. do_upload=false
  92. shift
  93. ;;
  94. --no-update )
  95. do_update=false
  96. shift
  97. ;;
  98. --verbose )
  99. VERBOSE=echo
  100. git_quiet=
  101. shift
  102. ;;
  103. --debug )
  104. DEBUG=echo
  105. do_upload=false
  106. shift
  107. ;;
  108. --local-user )
  109. shift
  110. tagkey=" -u $1"
  111. gpgkey=" -u $1"
  112. shift
  113. ;;
  114. --reviewer )
  115. reviewers="$reviewers $1=$2"
  116. shift
  117. shift
  118. ;;
  119. --force )
  120. force=true
  121. shift
  122. ;;
  123. --help )
  124. usage
  125. exit 0
  126. ;;
  127. --manual )
  128. sed -e '1,/^### BEGIN MANUAL/d' \
  129. -e '/^### END MANUAL/,$d' \
  130. < "$0" \
  131. | pod2man \
  132. | man -l -
  133. exit 0
  134. ;;
  135. -- )
  136. shift
  137. break
  138. ;;
  139. * )
  140. echo >&2 "Unknown option $1"
  141. shift
  142. exit 1
  143. ;;
  144. esac
  145. done
  146. $DEBUG >&2 "DEBUG: \$next_method=$next_method"
  147. $DEBUG >&2 "DEBUG: \$next_method2=$next_method2"
  148. $DEBUG >&2 "DEBUG: \$do_branch=$do_branch"
  149. $DEBUG >&2 "DEBUG: \$do_upload=$do_upload"
  150. $DEBUG >&2 "DEBUG: \$do_update=$do_update"
  151. $DEBUG >&2 "DEBUG: \$DEBUG=$DEBUG"
  152. $DEBUG >&2 "DEBUG: \$VERBOSE=$VERBOSE"
  153. $DEBUG >&2 "DEBUG: \$git_quiet=$git_quiet"
  154. case "$next_method+$next_method2" in
  155. major+major | minor+minor )
  156. # These are expected
  157. ;;
  158. alpha+alpha | alpha+beta | beta+beta | final+final | + | +beta )
  159. # These are expected
  160. ;;
  161. * )
  162. echo >&2 "Internal option error ($next_method, $next_method2)"
  163. exit 1
  164. ;;
  165. esac
  166. # Verbosity feed for certain commands
  167. VERBOSITY_FIFO=/tmp/openssl-$$.fifo
  168. mkfifo -m 600 $VERBOSITY_FIFO
  169. ( cat $VERBOSITY_FIFO | while read L; do $VERBOSE "> $L"; done ) &
  170. exec 42>$VERBOSITY_FIFO
  171. trap "exec 42>&-; rm $VERBOSITY_FIFO" 0 2
  172. # Setup ##############################################################
  173. # Make sure we're in the work directory
  174. cd $(dirname $0)/..
  175. HERE=$(pwd)
  176. # Check that we have the scripts that define functions we use
  177. found=true
  178. for fn in "$HERE/dev/release-aux/release-version-fn.sh" \
  179. "$HERE/dev/release-aux/release-state-fn.sh"; do
  180. if ! [ -f "$fn" ]; then
  181. echo >&2 "'$fn' is missing"
  182. found=false
  183. fi
  184. done
  185. if ! $found; then
  186. exit 1
  187. fi
  188. # Load version functions
  189. . $HERE/dev/release-aux/release-version-fn.sh
  190. . $HERE/dev/release-aux/release-state-fn.sh
  191. # Make sure it's a branch we recognise
  192. orig_branch=$(git rev-parse --abbrev-ref HEAD)
  193. if (echo "$orig_branch" \
  194. | grep -E -q \
  195. -e '^master$' \
  196. -e '^OpenSSL_[0-9]+_[0-9]+_[0-9]+[a-z]*-stable$' \
  197. -e '^openssl-[0-9]+\.[0-9]+$'); then
  198. :
  199. elif $force; then
  200. :
  201. else
  202. echo >&2 "Not in master or any recognised release branch"
  203. echo >&2 "Please 'git checkout' an appropriate branch"
  204. exit 1
  205. fi
  206. orig_HEAD=$(git rev-parse HEAD)
  207. # Initialize #########################################################
  208. echo "== Initializing work tree"
  209. get_version
  210. # Generate a cloned directory name
  211. release_clone="$orig_branch-release-tmp"
  212. echo "== Work tree will be in $release_clone"
  213. # Make a clone in a subdirectory and move there
  214. if ! [ -d "$release_clone" ]; then
  215. $VERBOSE "== Cloning to $release_clone"
  216. git clone $git_quiet -b "$orig_branch" -o parent . "$release_clone"
  217. fi
  218. cd "$release_clone"
  219. get_version
  220. # Branches we will work with. The release branch is where we make the
  221. # changes for the release, the update branch is where we make the post-
  222. # release changes
  223. update_branch="$orig_branch"
  224. release_branch="openssl-$SERIES"
  225. # among others, we only create a release branch if the patch number is zero
  226. if [ "$update_branch" = "$release_branch" ] || [ $PATCH -ne 0 ]; then
  227. if $do_branch && $warn_branch; then
  228. echo >&2 "Warning! We're already in a release branch; --branch ignored"
  229. fi
  230. do_branch=false
  231. fi
  232. if ! $do_branch; then
  233. release_branch="$update_branch"
  234. fi
  235. # Branches we create for PRs
  236. branch_version="$VERSION${PRE_LABEL:+-$PRE_LABEL$PRE_NUM}"
  237. tmp_update_branch="OSSL--$update_branch--$branch_version"
  238. tmp_release_branch="OSSL--$release_branch--$branch_version"
  239. # Check that we're still on the same branch as our parent repo, or on a
  240. # release branch
  241. current_branch=$(git rev-parse --abbrev-ref HEAD)
  242. if [ "$current_branch" = "$update_branch" ]; then
  243. :
  244. elif [ "$current_branch" = "$release_branch" ]; then
  245. :
  246. else
  247. echo >&2 "The cloned sub-directory '$release_clone' is on a branch"
  248. if [ "$update_branch" = "$release_branch" ]; then
  249. echo >&2 "other than '$update_branch'."
  250. else
  251. echo >&2 "other than '$update_branch' or '$release_branch'."
  252. fi
  253. echo >&2 "Please 'cd \"$(pwd)\"; git checkout $update_branch'"
  254. exit 1
  255. fi
  256. SOURCEDIR=$(pwd)
  257. $DEBUG >&2 "DEBUG: Source directory is $SOURCEDIR"
  258. # Release ############################################################
  259. # We always expect to start from a state of development
  260. if [ "$TYPE" != 'dev' ]; then
  261. echo >&2 "Not in a development branch"
  262. echo >&2 "Have a look at the git log in $release_clone, it may be that"
  263. echo >&2 "a previous crash left it in an intermediate state and that"
  264. echo >&2 "need to drop the top commit:"
  265. echo >&2 ""
  266. echo >&2 "(cd $release_clone; git reset --hard HEAD^)"
  267. echo >&2 "# WARNING! LOOK BEFORE YOU ACT"
  268. exit 1
  269. fi
  270. # Update the version information. This won't save anything anywhere, yet,
  271. # but does check for possible next_method errors before we do bigger work.
  272. next_release_state "$next_method"
  273. # Create our temporary release branch
  274. $VERBOSE "== Creating a local release branch: $tmp_release_branch"
  275. git checkout $git_quiet -b "$tmp_release_branch"
  276. echo "== Configuring OpenSSL for update and release. This may take a bit of time"
  277. ./Configure cc >&42
  278. $VERBOSE "== Checking source file updates and fips checksums"
  279. make update >&42
  280. # As long as we're doing an alpha release, we can have symbols without specific
  281. # numbers assigned. In a beta or final release, all symbols MUST have an
  282. # assigned number.
  283. if [ "$next_method" != 'alpha' ]; then
  284. make renumber >&42
  285. fi
  286. make update-fips-checksums >&42
  287. if [ -n "$(git status --porcelain)" ]; then
  288. $VERBOSE "== Committing updates"
  289. git add -u
  290. git commit $git_quiet -m $'make update\n\nRelease: yes'
  291. if [ -n "$reviewers" ]; then
  292. addrev --release --nopr $reviewers
  293. fi
  294. fi
  295. # Create our temporary update branch, if it's not the release branch.
  296. # This is used in post-release below
  297. if $do_branch; then
  298. $VERBOSE "== Creating a local update branch: $tmp_update_branch"
  299. git branch $git_quiet "$tmp_update_branch"
  300. fi
  301. # Write the version information we updated
  302. set_version
  303. if [ -n "$PRE_LABEL" ]; then
  304. release="$VERSION$_PRE_RELEASE_TAG$_BUILD_METADATA"
  305. release_text="$SERIES$_BUILD_METADATA $PRE_LABEL $PRE_NUM"
  306. announce_template=openssl-announce-pre-release.tmpl
  307. else
  308. release="$VERSION$_BUILD_METADATA"
  309. release_text="$release"
  310. announce_template=openssl-announce-release.tmpl
  311. fi
  312. tag="openssl-$release"
  313. $VERBOSE "== Updated version information to $release"
  314. $VERBOSE "== Updating files with release date for $release : $RELEASE_DATE"
  315. for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do
  316. file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-release\.pl$||')"
  317. $VERBOSE "> $file"
  318. RELEASE="$release" RELEASE_TEXT="$release_text" RELEASE_DATE="$RELEASE_DATE" \
  319. perl -pi $fixup $file
  320. done
  321. $VERBOSE "== Committing updates and tagging"
  322. git add -u
  323. git commit $git_quiet -m "Prepare for release of $release_text"$'\n\nRelease: yes'
  324. if [ -n "$reviewers" ]; then
  325. addrev --release --nopr $reviewers
  326. fi
  327. echo "Tagging release with tag $tag. You may need to enter a pass phrase"
  328. git tag$tagkey "$tag" -m "OpenSSL $release release tag"
  329. tarfile=openssl-$release.tar
  330. tgzfile=$tarfile.gz
  331. announce=openssl-$release.txt
  332. echo "== Generating tar, hash and announcement files. This make take a bit of time"
  333. $VERBOSE "== Making tarfile: $tgzfile"
  334. # Unfortunately, util/mktar.sh does verbose output on STDERR... for good
  335. # reason, but it means we don't display errors unless --verbose
  336. ./util/mktar.sh --tarfile="../$tarfile" 2>&1 \
  337. | while read L; do $VERBOSE "> $L"; done
  338. if ! [ -f "../$tgzfile" ]; then
  339. echo >&2 "Where did the tarball end up? (../$tgzfile)"
  340. exit 1
  341. fi
  342. $VERBOSE "== Generating checksums: $tgzfile.sha1 $tgzfile.sha256"
  343. openssl sha1 < "../$tgzfile" | \
  344. (IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha1"
  345. openssl sha256 < "../$tgzfile" | \
  346. (IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha256"
  347. length=$(wc -c < "../$tgzfile")
  348. sha1hash=$(cat "../$tgzfile.sha1")
  349. sha256hash=$(cat "../$tgzfile.sha256")
  350. $VERBOSE "== Generating announcement text: $announce"
  351. # Hack the announcement template
  352. cat "$HERE/dev/release-aux/$announce_template" \
  353. | sed -e "s|\\\$release_text|$release_text|g" \
  354. -e "s|\\\$release|$release|g" \
  355. -e "s|\\\$series|$SERIES|g" \
  356. -e "s|\\\$label|$PRE_LABEL|g" \
  357. -e "s|\\\$tarfile|$tgzfile|" \
  358. -e "s|\\\$length|$length|" \
  359. -e "s|\\\$sha1hash|$sha1hash|" \
  360. -e "s|\\\$sha256hash|$sha256hash|" \
  361. | perl -p "$HERE/dev/release-aux/fix-title.pl" \
  362. > "../$announce"
  363. $VERBOSE "== Generating signatures: $tgzfile.asc $announce.asc"
  364. rm -f "../$tgzfile.asc" "../$announce.asc"
  365. echo "Signing the release files. You may need to enter a pass phrase"
  366. gpg$gpgkey --use-agent -sba "../$tgzfile"
  367. gpg$gpgkey --use-agent -sta --clearsign "../$announce"
  368. # Push everything to the parent repo
  369. $VERBOSE "== Push what we have to the parent repository"
  370. git push --follow-tags parent HEAD
  371. if $do_upload; then
  372. (
  373. if [ "$VERBOSE" != ':' ]; then
  374. echo "progress"
  375. fi
  376. echo "put ../$tgzfile"
  377. echo "put ../$tgzfile.sha1"
  378. echo "put ../$tgzfile.sha256"
  379. echo "put ../$tgzfile.asc"
  380. echo "put ../$announce.asc"
  381. ) \
  382. | sftp "$upload_address"
  383. fi
  384. # Post-release #######################################################
  385. $VERBOSE "== Reset all files to their pre-release contents"
  386. git reset $git_quiet HEAD^ -- .
  387. git checkout -- .
  388. prev_release_text="$release_text"
  389. prev_release_date="$RELEASE_DATE"
  390. next_release_state "$next_method2"
  391. set_version
  392. release="$VERSION$_PRE_RELEASE_TAG$_BUILD_METADATA"
  393. release_text="$VERSION$_BUILD_METADATA"
  394. if [ -n "$PRE_LABEL" ]; then
  395. release_text="$SERIES$_BUILD_METADATA $PRE_LABEL $PRE_NUM"
  396. fi
  397. $VERBOSE "== Updated version information to $release"
  398. $VERBOSE "== Updating files for $release :"
  399. for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
  400. file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
  401. $VERBOSE "> $file"
  402. RELEASE="$release" RELEASE_TEXT="$release_text" \
  403. PREV_RELEASE_TEXT="$prev_release_text" \
  404. PREV_RELEASE_DATE="$prev_release_date" \
  405. perl -pi $fixup $file
  406. done
  407. $VERBOSE "== Committing updates"
  408. git add -u
  409. git commit $git_quiet -m "Prepare for $release_text"$'\n\nRelease: yes'
  410. if [ -n "$reviewers" ]; then
  411. addrev --release --nopr $reviewers
  412. fi
  413. # Push everything to the parent repo
  414. $VERBOSE "== Push what we have to the parent repository"
  415. git push parent HEAD
  416. if $do_branch; then
  417. $VERBOSE "== Going back to the update branch $tmp_update_branch"
  418. git checkout $git_quiet "$tmp_update_branch"
  419. get_version
  420. next_release_state "minor"
  421. set_version
  422. release="$VERSION$_PRE_RELEASE_TAG$_BUILD_METADATA"
  423. release_text="$SERIES$_BUILD_METADATA"
  424. $VERBOSE "== Updated version information to $release"
  425. $VERBOSE "== Updating files for $release :"
  426. for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
  427. file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
  428. $VERBOSE "> $file"
  429. RELEASE="$release" RELEASE_TEXT="$release_text" \
  430. perl -pi $fixup $file
  431. done
  432. $VERBOSE "== Committing updates"
  433. git add -u
  434. git commit $git_quiet -m "Prepare for $release_text"$'\n\nRelease: yes'
  435. if [ -n "$reviewers" ]; then
  436. addrev --release --nopr $reviewers
  437. fi
  438. fi
  439. # Push everything to the parent repo
  440. $VERBOSE "== Push what we have to the parent repository"
  441. git push parent HEAD
  442. # Done ###############################################################
  443. $VERBOSE "== Done"
  444. cd $HERE
  445. cat <<EOF
  446. ======================================================================
  447. The release is done, and involves a few files and commits for you to
  448. deal with. Everything you need has been pushed to your repository,
  449. please see instructions that follow.
  450. ======================================================================
  451. EOF
  452. if $do_release; then
  453. cat <<EOF
  454. The following files were uploaded to $upload_address, please ensure they
  455. are dealt with appropriately:
  456. $tgzfile
  457. $tgzfile.sha1
  458. $tgzfile.sha256
  459. $tgzfile.asc
  460. $announce.asc
  461. EOF
  462. fi
  463. cat <<EOF
  464. ----------------------------------------------------------------------
  465. EOF
  466. if $do_branch; then
  467. cat <<EOF
  468. You need to prepare the main repository with a new branch, '$release_branch'.
  469. That is done directly in the server's bare repository like this:
  470. git branch $release_branch $orig_HEAD
  471. Two additional release branches have been added to your repository.
  472. Push them to github, make PRs from them and have them approved:
  473. $tmp_update_branch
  474. $tmp_release_branch
  475. When merging them into the main repository, do it like this:
  476. git push git@github.openssl.org:openssl/openssl.git \\
  477. $tmp_release_branch:$release_branch
  478. git push git@github.openssl.org:openssl/openssl.git \\
  479. $tmp_update_branch:$update_branch
  480. git push git@github.openssl.org:openssl/openssl.git \\
  481. $tag
  482. EOF
  483. else
  484. cat <<EOF
  485. One additional release branch has been added to your repository.
  486. Push it to github, make a PR from it and have it approved:
  487. $tmp_release_branch
  488. When merging it into the main repository, do it like this:
  489. git push git@github.openssl.org:openssl/openssl.git \\
  490. $tmp_release_branch:$release_branch
  491. git push git@github.openssl.org:openssl/openssl.git \\
  492. $tag
  493. EOF
  494. fi
  495. cat <<EOF
  496. ----------------------------------------------------------------------
  497. EOF
  498. cat <<EOF
  499. When everything is done, or if something went wrong and you want to start
  500. over, simply clean away temporary things left behind:
  501. The release worktree:
  502. rm -rf $release_clone
  503. EOF
  504. if $do_branch; then
  505. cat <<EOF
  506. The additional release branches:
  507. git branch -D $tmp_release_branch
  508. git branch -D $tmp_update_branch
  509. EOF
  510. else
  511. cat <<EOF
  512. The temporary release branch:
  513. git branch -D $tmp_release_branch
  514. EOF
  515. fi
  516. exit 0
  517. # cat is inconsequential, it's only there to fend off zealous shell parsers
  518. # that parse all the way here.
  519. cat <<EOF
  520. ### BEGIN MANUAL
  521. =pod
  522. =head1 NAME
  523. release.sh - OpenSSL release script
  524. =head1 SYNOPSIS
  525. B<release.sh>
  526. [
  527. B<--alpha> |
  528. B<--next-beta> |
  529. B<--beta> |
  530. B<--final> |
  531. B<--branch> |
  532. B<--local-user>=I<keyid> |
  533. B<--reviewer>=I<id> |
  534. B<--no-upload> |
  535. B<--no-update> |
  536. B<--verbose> |
  537. B<--debug> |
  538. B<--help> |
  539. B<--manual>
  540. ]
  541. =head1 DESCRIPTION
  542. B<release.sh> creates an OpenSSL release, given current worktree conditions.
  543. It will refuse to work unless the current branch is C<master> or a release
  544. branch (see L</RELEASE BRANCHES AND TAGS> below for a discussion on those).
  545. B<release.sh> tries to be smart and figure out the next release if no hints
  546. are given through options, and will exit with an error in ambiguous cases.
  547. B<release.sh> finishes off with instructions on what to do next. When
  548. finishing commands are given, they must be followed exactly.
  549. B<release.sh> leaves behind a clone of the local workspace, as well as one
  550. or two branches in the local repository. These will be mentioned and can
  551. safely be removed after all instructions have been successfully followed.
  552. =head1 OPTIONS
  553. =over 4
  554. =item B<--alpha>, B<--beta>
  555. Set the state of this branch to indicate that alpha or beta releases are
  556. to be done.
  557. B<--alpha> is only acceptable if the I<PATCH> version number is zero and
  558. the current state is "in development" or that alpha releases are ongoing.
  559. B<--beta> is only acceptable if the I<PATCH> version number is zero and
  560. that alpha or beta releases are ongoing.
  561. =item B<--next-beta>
  562. Use together with B<--alpha> to switch to beta releases after the current
  563. release is done.
  564. =item B<--final>
  565. Set the state of this branch to indicate that regular releases are to be
  566. done. This is only valid if alpha or beta releases are currently ongoing.
  567. This implies B<--branch>.
  568. =item B<--branch>
  569. Create a branch specific for the I<SERIES> release series, if it doesn't
  570. already exist, and switch to it. The exact branch name will be
  571. C<< openssl-I<SERIES> >>.
  572. =item B<--no-upload>
  573. Don't upload the produced files.
  574. =item B<--no-update>
  575. Don't run C<make update> and C<make update-fips-checksums>.
  576. =item B<--verbose>
  577. Verbose output.
  578. =item B<--debug>
  579. Display extra debug output. Implies B<--no-upload>
  580. =item B<--local-user>=I<keyid>
  581. Use I<keyid> as the local user for C<git tag> and for signing with C<gpg>.
  582. If not given, then the default e-mail address' key is used.
  583. =item B<--reviewer>=I<id>
  584. Add I<id> to the set of reviewers for the commits performed by this script.
  585. Multiple reviewers are allowed.
  586. If no reviewer is given, you will have to run C<addrev> manually, which
  587. means retagging a release commit manually as well.
  588. =item B<--force>
  589. Force execution. Precisely, the check that the current branch is C<master>
  590. or a release branch is not done.
  591. =item B<--help>
  592. Display a quick help text and exit.
  593. =item B<--manual>
  594. Display this manual and exit.
  595. =back
  596. =head1 RELEASE BRANCHES AND TAGS
  597. Prior to OpenSSL 3.0, the release branches were named
  598. C<< OpenSSL_I<SERIES>-stable >>, and the release tags were named
  599. C<< OpenSSL_I<VERSION> >> for regular releases, or
  600. C<< OpenSSL_I<VERSION>-preI<n> >> for pre-releases.
  601. From OpenSSL 3.0 ongoing, the release branches are named
  602. C<< openssl-I<SERIES> >>, and the release tags are named
  603. C<< openssl-I<VERSION> >> for regular releases, or
  604. C<< openssl-I<VERSION>-alphaI<n> >> for alpha releases
  605. and C<< openssl-I<VERSION>-betaI<n> >> for beta releases.
  606. B<release.sh> recognises both forms.
  607. =head1 VERSION AND STATE
  608. With OpenSSL 3.0, all the version and state information is in the file
  609. F<VERSION.dat>, where the following variables are used and changed:
  610. =over 4
  611. =item B<MAJOR>, B<MINOR>, B<PATCH>
  612. The three part of the version number.
  613. =item B<PRE_RELEASE_TAG>
  614. The indicator of the current state of the branch. The value may be one pf:
  615. =over 4
  616. =item C<dev>
  617. This branch is "in development". This is typical for the C<master> branch
  618. unless there are ongoing alpha or beta releases.
  619. =item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
  620. This branch has alpha releases going on. C<< alphaI<n>-dev >> is what
  621. should normally be seen in the git workspace, indicating that
  622. C<< alphaI<n> >> is in development. C<< alphaI<n> >> is what should be
  623. found in the alpha release tar file.
  624. =item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
  625. This branch has beta releases going on. The details are otherwise exactly
  626. as for alpha.
  627. =item I<no value>
  628. This is normally not seen in the git workspace, but should always be what's
  629. found in the tar file of a regular release.
  630. =back
  631. =item B<BUILD_METADATA>
  632. Extra build metadata to be used by anyone for their own purposes.
  633. =item B<RELEASE_DATE>
  634. This is normally empty in the git workspace, but should always have the
  635. release date in the tar file of any release.
  636. =back
  637. =head1 COPYRIGHT
  638. Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  639. Licensed under the Apache License 2.0 (the "License"). You may not use
  640. this file except in compliance with the License. You can obtain a copy
  641. in the file LICENSE in the source distribution or at
  642. L<https://www.openssl.org/source/license.html>.
  643. =cut
  644. ### END MANUAL
  645. EOF