The libseccomp Release Process

https://github.com/seccomp/libseccomp

This is the process that should be followed when creating a new libseccomp release.

1. Verify that all issues assigned to the release milestone have been resolved

  • https://github.com/seccomp/libseccomp/milestones

2. Verify that the syntax/style meets the guidelines

# make check-syntax

3. Verify that the bundled test suite runs without error

# ./autogen.sh
# ./configure --enable-python
# make check
# (cd tests; ./regression -T live)

4. Verify that the packaging is correct

# make distcheck

5. Verify that there are no outstanding defects from Coverity

# make coverity-tarball
<submit tarball manually>

... or ...

# git push -f coverity-scan
<leverage existing Travis CI infrastructure>

6. Perform any distribution test builds

  • Fedora Rawhide
  • Red Hat Enterprise Linux
  • etc.

7. If any problems were found up to this point that resulted in code changes, restart the process

8. Update the CREDITS file with any new contributors

# ./doc/credits_updater > CREDITS

... the results can be sanity checked with the following git command:

# git log --pretty=format:"%aN <%aE>" | sort -u

9. Update the CHANGELOG file with significant changes since the last release

10. If this is a new major/minor release, create new 'release-X.Y' branch

# stg branch -c "release-X.Y"

... or ...

# git branch "release-X.Y"

11. Update the version number in configure.ac AC_INIT(...) macro

12. Tag the release in the local repository with a signed tag

# git tag -s -m "version X.Y.Z" vX.Y.Z

13. Build final release tarball

# make clean
# ./autogen.sh
# make dist-gzip

14. Verify the release tarball in a separate directory

<unpack the release tarball in a temporary directory>
# ./configure --enable-python
# make check
# (cd tests; ./regression -T live)

15. Generate a checksum for the release tarball

# sha256sum <tarball> > libseccomp-X.Y.Z.tar.gz.SHA256SUM

16. GPG sign the release tarball and checksum using the maintainer's key

# gpg --armor --detach-sign libseccomp-X.Y.Z.tar.gz
# gpg --clearsign libseccomp-X.Y.Z.tar.gz.SHA256SUM

17. Push the release tag to the main GitHub repository

# git push <repo> vX.Y.Z

18. Create a new GitHub release using the associated tag; added the relevant section from the CHANGELOG file, and upload the following files

  • libseccomp-X.Y.Z.tar.gz
  • libseccomp-X.Y.Z.tar.gz.asc
  • libseccomp-X.Y.Z.tar.gz.SHA256SUM
  • libseccomp-X.Y.Z.tar.gz.SHA256SUM.asc

19. Update the GitHub release notes for older releases which are now unsupported

The following Markdown text is suggested at the top of the release note, see old GitHub releases for examples.

***This release is no longer supported upsteam, please use a more recent release***