(the source repo being one of `git@github.openssl.org:openssl/openssl.git`
or `git@github.openssl.org:openssl/premium.git`)
-### OpenSSL 3.0 and on
-
The release generating script is in the OpenSSL source checkout, and is
generally called like this:
- dev/release.sh --reviewer=NAME
+ $TOOLS/release-tools/release.sh --reviewer=NAME
This script has a multitude of other options that are useful for specific
cases, and is also self-documented:
- To get a quick usage reminder:
- dev/release.sh --help
+ $TOOLS/release-tools/release.sh --help
- To get a man-page:
- dev/release.sh --manual
-
-### OpenSSL before 3.0
-
-The release generating script is in the tools checkout, represented here
-with $TOOLS, and is generally called like this:
-
- $TOOLS/release-tools/mkrelease.pl --reviewer=NAME
-
-The manual for that script is found in `$TOOLS/release-tools/MKRELEASE.md`
+ $TOOLS/release-tools/release.sh --manual
## Update the release data locally
ls /srv/premium
*For OpenSSL 3.0 and on*, push your local changes to the appropriate source
-repo as instructed by `dev/release.sh`. You may want to sanity check the
-pushes by inserting the `-n` (dry-run) option.
+repo as instructed by `$TOOLS/release-tools/release.sh`. You may want to
+sanity check the pushes by inserting the `-n` (dry-run) option.
*For OpenSSL before 3.0*, simply push your local changes to the appropriate
source repo, and please do remember to push the release tags as well. You
+++ /dev/null
-# Documentation on the mkrelease.pl script
-
-**NOTE**: this script is unsuitable for OpenSSL 3.0 and on. Instead, use
-the `dev/release.sh` script found in the source. That script has a built
-in manual; `dev/release.sh --help` gives a quick usage summary, while
-`dev/release.sh --manual` displays a man-page.
-
-This file provides an overview of the mkrelease.pl script, and how to
-configure some of its parameters (by setting environment variables).
-It is normally run by following the process in README.md and should be
-run in a pristine directgory of the branch to be released, which must
-be a stable branch.
-
-The script handles most of the processes involved in making a release
-including:
-
-1. Doing `make update`
-2. Changing version numbers in various files
-3. Tagging release
-4. Making the tarballs, .md5, .sha1, .sha256 and .gpg files
-5. Creating the signed email announcement, including hashes of release
-6. Uploading files to dev.openssl.org
-7. Updating the version for next release
-
-If you plan to make an actual release make sure your GPG key is included
-in the [OMC list](https://www.openssl.org/community/omc.html) on the website
-and in the file doc/fingerprints.txt of *all* active branches.
-
-The script mkrelease.pl calls the files release-check.pl, release-date.pl,
-release-git.pl, release-update.pl and release-version.pl, which are expected
-to all be in the same directory.
-
-You are advised to clone a fresh repository. Unless you specify `--no-clean`
-the release process will run `git clean -x -d -f`
-*WARNING* this will delete ALL untracked files from the current branch.
-
-From the branch directory if you run:
-
- perl /path/to/mkrelease.pl --reviewer=name
-
-It should perform all of the above steps and commit changes locally. You can
-then sanity check these with `git log` before pushing them to the public repo.
-
-## Environment Variables
-
-- OPENSSL<br>
- Path to openssl utility to use. Default is `openssl`.
-
-- OPENSSL_TAR<br>
- The tar command to use when creating the tarball. Default is `tar`.
-
-- OPENSSL_GPG<br>
- The gpg command to use when signing a tarball or announcement.
- The default is `gpg` which will use gpg with the default key.
- If you wish to use a different, key set OPENSSL_GPG to include
- appropriate options.
-
-- OPENSSL_GPG_TAR<br>
- Command to use to sign a tarball.
- The default is: `$OPENSSL_GPG --use-agent -sba`
-
-- OPENSSL_GPG_ANNOUNCE<br>
- The command to use to sign a tarball.
- The default is: `$OPENSSL_GPG --use-agent -sta --clearsign`
-
-- OPENSSL_SCP<br>
- The command to use to upload files.
- The default is `scp`
-
-- OPENSSL_SCP_HOST<br>
- The host (and optional username) needed to upload files.
- The default is `dev.openssl.org`, but you might want to change this to
- `username@dev.openssl.org`
-
-- OPENSSL_SCP_DIR<br>
- The directory to upload files to.
- Normally this wont be changed from the default which is
- `$OPENSSL_SCP_HOST:~openssl/dist/new`
- This is a holding area on dev.openssl.org where distributions are uploaded
- temporarily before being moved to the web and ftp directories.
-
-For local testing, you can do something like this:
-
- export OPENSSL_SCP=cp
- export OPENSSL_SCP_DIR="$HOME/testdir"
-
-## Options
-
-- `--revert`<br>
- Remove all local changes from repository and delete any release tag. This
- returns the local tree to the same state as before a release attempt was
- made.
-
-- `--reviewer=name`<br>
- Add reviewer `name` to list of reviewers in commit message. Any valid
- name for checking OMC membership will work.
- This option may be used multiple times; at least one is required.
-
-- `--enter-pre`<br>
- Instead of making a full release enter pre-release state. This by itself
- will not produce a release it will just change version numbers and commit
- the changes. Subsequent releases on this branch will be pre-release
- versions. This option should NOT be used if the branch is already in
- pre-release state.
-
-- `--leave-pre`<br>
- For a branch in pre-release state, leave pre-release and make a full release.
-
-- `--label=label`<br>
- Add the textual label `label` to the version string, where `label` must be
- one of `alpha` or `beta`. While in pre-release state a label *must* be
- provided.
-
-- `--no-upload`<br>
- Do not attempt to upload release files to dev.openssl.org
-
-- `--no-clean`<br>
- Do not clean untracked files from directory. Warning: if you use this option
- you can end up with extraneous files in the distribution tarball.
-
-- `--no-update`<br>
- Do not perform a `make update`.
-
-- `--verbose`<br>
- Be more verbose at what is going on
-
-- `--debug`<br>
- Include debug output to describe all actions in detail
-
-- `--git-info`<br>
- Just print out details of all git branch information and exit
-
-- `--git-branch-info`<br>
- Print out details of the currently detected branch and exit
-
-- `--branch-version=version`<br>
- Use branch `version` instead of the one autodetected for the current branch.
- This option is not normally needed.
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# OpenSSL release generation script.
-
-use strict;
-use warnings;
-use File::Basename;
-use lib dirname(__FILE__);
-use Module::Load::Conditional qw(can_load);
-can_load(modules => { 'OpenSSL::Query::DB' => undef });
-use OpenSSL::Query::REST;
-
-require "release-check.pl";
-require "release-date.pl";
-require "release-git.pl";
-require "release-update.pl";
-require "release-version.pl";
-
-my @public_bversions = qw( 1.1.1 );
-my @premium_bversions = qw( 1.0.2 );
-
-our $debug = 0;
-our $verbose = 0;
-my @reviewers;
-my @openssl_branches;
-my $revert;
-my $pre;
-my $info_only;
-my $branch_info_only;
-my $no_clean;
-my $no_update;
-my $no_release;
-my $no_upload;
-my $bversion;
-my $ok;
-my $label;
-my $premium_password;
-
-#Determine include path
-our $includepath;
-if ( -e "crypto/opensslv.h" ) {
- $includepath = "crypto";
-}
-else {
- $includepath = "include/openssl";
-}
-
-sub print_git_info {
- my ( $rinfo, $branch, $s ) = @_;
- my $version = openssl_git_expected_version( $rinfo, $branch );
- my $last = openssl_git_last_release( $rinfo, $branch );
- my $last_full = openssl_git_last_release( $rinfo, $branch, 1, 1 );
-
- # Auto detect pre release if we haven't forced it.
- $pre = $version =~ /-pre/ unless defined $pre;
- my $next = openssl_version_next( $version, $pre );
-
- print "${s}Branch version: $branch\n";
- print "${s}Last release: $last\n";
- print "${s}Last full release: $last_full\n";
- print "${s}Current version: $version\n";
- print "${s}Next release: $next\n";
-}
-
-sub print_branch_info {
- my ($rinfo) = @_;
- my ( $rtags, $rbranches ) = @$rinfo;
- print "All Branch details:\n";
- foreach (@$rbranches) {
- print "\n";
- print_git_info( $rinfo, $_, "\t" );
- }
- print "\n";
-}
-
-# Initialise git version tables, OMC database.
-my $gitinfo = openssl_git_init();
-my $query = OpenSSL::Query->new();
-
-foreach (@ARGV) {
- if (/^--git-info$/) {
- $info_only = 1;
- } elsif (/^--branch-version=(.*)$/) {
- $bversion = $1;
- } elsif (/^--git-branch-info/) {
- $branch_info_only = 1;
- } elsif (/^--no-clean/) {
- $no_clean = 1;
- } elsif (/^--no-release/) {
- $no_release = 1;
- } elsif (/^--no-update/) {
- $no_update = 1;
- } elsif (/^--no-upload/) {
- $no_upload = 1;
- } elsif (/^--revert/) {
- $revert = 1;
- } elsif (/^--leave-pre/) {
- $pre = 0;
- } elsif (/^--enter-pre/) {
- $pre = 1;
- } elsif (/^--premium-password=(.*)$/) {
- $premium_password = $1;
- } elsif (/^--debug/) {
- $debug = 1;
- $verbose = 1;
- } elsif (/^--verbose/) {
- $verbose = 1;
- } elsif (/^--reviewer=(.*)$/) {
- my $r = $1;
- my $rname = $query->find_person_tag($r, 'rev');
- die "Unknown reviewer $1" unless $rname;
- push @reviewers, $rname;
- } elsif (/^--label=(.*)$/) {
- $label = $1;
- if ( $label ne "alpha" && $label ne "beta" ) {
- die "Invalid label";
- }
- } else {
- print "Uknown option $_\n";
- exit 1;
- }
-}
-
-$_ = openssl_git_current_branch();
-die "The OpenSSL branch $_ isn't supported by this script, try dev/release.sh instead\n"
- unless /OpenSSL_[0-9]+_[0-9]+_[0-9]+-stable/;
-
-if ($revert) {
- print "Reverting to repository version for $_\n";
- system("git reset --hard origin/$_");
- die "Error reverting!!" if $?;
- openssl_git_delete_local_tags($_);
- exit 0;
-}
-
-$bversion = openssl_git_branch_version() unless defined $bversion;
-
-if ($info_only) {
- print_git_info( $gitinfo, $bversion, "" );
- exit 0;
-}
-
-if ($branch_info_only) {
- print_branch_info($gitinfo);
- exit 0;
-}
-
-die "No reviewer set!" unless @reviewers;
-die "No premium password given!"
- if ((grep { $_ eq $bversion } @premium_bversions) && !$premium_password);
-
-print "Current branch version is $bversion\n";
-
-if ( openssl_git_check_changes() ) {
- print "ERROR: unstaged changes in current branch!\n";
- exit 1;
-}
-
-my $expected_version = openssl_git_expected_version( $gitinfo, $bversion );
-
-# If this is first pre release there will be no releases from this branch
-# So set expected version to pre1-dev as we can't detect this from
-# tags.
-
-if ( $expected_version !~ /-pre/ && openssl_check_first_pre() ) {
- $expected_version =~ s/-dev/-pre1-dev/;
-}
-
-# Auto detect pre release if we haven't forced it.
-$pre = $expected_version =~ /-pre/ unless defined $pre;
-
-if ( !$pre && defined $label ) {
- die "Not a pre-release but a label has been defined";
-}
-if ( $pre && !defined $label ) {
- die "This is a pre-release but a label has not been defined";
-}
-
-my $last_version = openssl_git_last_release( $gitinfo, $bversion, 1, 1 );
-my $last_branch_release = openssl_git_last_release( $gitinfo, $bversion, 1 );
-my $next_version = openssl_version_next( $expected_version, $pre );
-
-print "Branch feature version: $bversion\n";
-print "Last release on this branch: $last_branch_release\n";
-print "Current branch version $expected_version\n";
-print "Next release version $next_version\n";
-print "Last full release version $last_version\n";
-
-$ok = openssl_check_all( $expected_version, $last_version );
-
-print "Branch sanity check: " . ( $ok ? "OK" : "NOT OK" ) . "\n";
-
-if ( $ok == 0 ) {
- print "Sanity check failed, cannot continue\n";
- exit 1;
-}
-
-if ( !$no_clean ) {
- print "Cleaning directory\n";
- system("git clean -x -d -f");
- die "Error cleaning directory" if $?;
-}
-
-openssl_git_make_update(@reviewers) unless $no_update;
-
-$expected_version = openssl_version_next( $expected_version, $pre );
-
-my $date = openssl_current_date() unless $expected_version =~ /-pre1-dev/;
-
-print "Updating versions to $expected_version\n";
-
-openssl_update_all( $expected_version, $date, $label );
-
-$ok = openssl_check_all( $expected_version, $last_version, $date );
-
-print "Changes sanity check: " . ( $ok ? "OK" : "NOT OK" ) . "\n";
-
-if ( $ok == 0 ) {
- print "Release sanity check failed, cannot continue\n";
- exit 1;
-}
-
-print "Committing changes:\n";
-
-# If we changed from -dev to -pre1-dev a dev version is
-# entering pre release. Just commit changes without a release.
-
-if ( $expected_version =~ /pre1-dev/ ) {
- my $main_version = $expected_version;
- $main_version =~ s/-pre1-dev//;
- openssl_git_commit( "OpenSSL $main_version is now in pre release",
- @reviewers );
- die "Error comitting changes!" if $?;
- print "Version set to $expected_version, exiting\n";
- exit 0;
-}
-
-openssl_git_commit( "Prepare for $expected_version release", @reviewers );
-die "Error comitting release changes!" if $?;
-
-my $tag = "OpenSSL_$expected_version";
-my $tagkey =
- defined( $ENV{OPENSSL_GPG_KEYID} ) ? " -u $ENV{OPENSSL_GPG_KEYID}" : " -s";
-
-$tag =~ tr/\./_/;
-
-print
- "Tagging release with tag $tag (you will need to provide a pass phrase)\n";
-
-system("git tag$tagkey -m \"OpenSSL $expected_version release tag\" $tag");
-die "Error tagging release!" if $?;
-
-my $TAR = defined( $ENV{OPENSSL_TAR} ) ? "TAR=$ENV{OPENSSL_TAR}" : "";
-
-if ( !$no_release ) {
- print "Generating release tarball.\n";
- my $openssl = $ENV{"OPENSSL"} // "openssl";
- my $gpgkeyid =
- defined( $ENV{OPENSSL_GPG_KEYID} ) ? " -u $ENV{OPENSSL_GPG_KEYID}" : "";
- my $gpg = $ENV{"OPENSSL_GPG"} // "gpg$gpgkeyid";
- my $gpgtar = $ENV{"OPENSSL_GPG_TAR"} // "$gpg --use-agent -sba";
- my $gpgann = $ENV{"OPENSSL_GPG_ANNOUNCE"}
- // "$gpg --use-agent -sta --clearsign";
- my $tarfile = "openssl-${expected_version}.tar.gz";
- system("(./config; make $TAR tar) >../$tarfile.log 2>&1");
- die "Error generating release!" if $?;
- die "Can't find tarball!!" unless -f "../$tarfile";
-
- my $length = -s "../$tarfile";
- print "Creating hash files\n";
- my $sha1hash = `$openssl sha1 < ../$tarfile`;
- chomp $sha1hash;
- $sha1hash =~ s/^.*=\s//;
- die "invalid hash" unless $sha1hash =~ /[0-9a-f]{20}/;
- my $sha256hash = `$openssl sha256 < ../$tarfile`;
- chomp $sha256hash;
- $sha256hash =~ s/^.*=\s//;
- die "invalid hash" unless $sha256hash =~ /[0-9a-f]{20}/;
- open OUT, ">../$tarfile.sha1";
- print OUT $sha1hash . "\n";
- close OUT;
- open OUT, ">../$tarfile.sha256";
- print OUT $sha256hash . "\n";
- close OUT;
- print "Creating PGP signature:\n";
- unlink("../${tarfile}.asc");
- system("$gpgtar ../$tarfile");
- die "Error creating signature" if $?;
-
- my $anntxt = "../openssl-${expected_version}.txt";
-
- open OUT, ">$anntxt";
- if ( $expected_version =~ /-pre/ ) {
-
- # Note the variable name is the same length as the real
- # version so the announcement can be made to look pretty.
- # If we ever go to pre10 it will be one character longer...
- my $openssl_ver = $expected_version;
- $openssl_ver =~ s/^(.*)-pre(\d+)$/$1 pre release $2/;
- my $fvers = $expected_version;
- $fvers =~ s/-pre\d+//;
- print OUT <<EOF;
-
- OpenSSL version $openssl_ver ($label)
- ===========================================
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- https://www.openssl.org/
-
- OpenSSL $fvers is currently in $label. OpenSSL $openssl_ver has now
- been made available. For details of changes and known issues see the
- release notes at:
-
- https://www.openssl.org/news/openssl-$bversion-notes.html
-
- Note: This OpenSSL pre-release has been provided for testing ONLY.
- It should NOT be used for security critical purposes.
-
- The $label release is available for download via HTTP and FTP from the
- following master locations (you can find the various FTP mirrors under
- https://www.openssl.org/source/mirror.html):
-
- * https://www.openssl.org/source/
- * ftp://ftp.openssl.org/source/
-
- The distribution file name is:
-
- o $tarfile
- Size: $length
- SHA1 checksum: $sha1hash
- SHA256 checksum: $sha256hash
-
- The checksums were calculated using the following commands:
-
- openssl sha1 $tarfile
- openssl sha256 $tarfile
-
- Please download and check this $label release as soon as possible.
- To report a bug, open an issue on GitHub:
-
- https://github.com/openssl/openssl/issues
-
- Please check the release notes and mailing lists to avoid duplicate
- reports of known issues. (Of course, the source is also available
- on GitHub.)
-
- Yours,
-
- The OpenSSL Project Team.
-
-EOF
- } elsif (grep { $bversion eq $_ } @public_bversions) {
- ###### PUBLIC RELEASE TEMPLATE ######
-
- # Using $avers so its length is similar to a real version
- # length so it's easier to make the announcement look pretty.
- my $avers = $expected_version;
-
- my $title = "OpenSSL version $avers released";
- my $underline = "=" x length($title);
- print OUT <<EOF;
-
- $title
- $underline
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- https://www.openssl.org/
-
- The OpenSSL project team is pleased to announce the release of
- version $avers of our open source toolkit for SSL/TLS. For details
- of changes and known issues see the release notes at:
-
- https://www.openssl.org/news/openssl-$bversion-notes.html
-
- OpenSSL $avers is available for download via HTTP and FTP from the
- following master locations (you can find the various FTP mirrors under
- https://www.openssl.org/source/mirror.html):
-
- * https://www.openssl.org/source/
- * ftp://ftp.openssl.org/source/
-
- The distribution file name is:
-
- o $tarfile
- Size: $length
- SHA1 checksum: $sha1hash
- SHA256 checksum: $sha256hash
-
- The checksums were calculated using the following commands:
-
- openssl sha1 $tarfile
- openssl sha256 $tarfile
-
- Yours,
-
- The OpenSSL Project Team.
-
-EOF
-
- } else {
- ###### PREMIUM RELEASE TEMPLATE ######
-
- # Using $avers so its length is similar to a real version
- # length so it's easier to make the announcement look pretty.
- my $avers = $expected_version;
-
- my $title = "OpenSSL version $avers released";
- my $underline = "=" x length($title);
- print OUT <<EOF;
-
- $title
- $underline
-
- OpenSSL - The Open Source toolkit for SSL/TLS
- https://www.openssl.org/
-
- The OpenSSL project team is pleased to announce the release of
- version $avers of our open source toolkit for SSL/TLS.
-
- OpenSSL $avers is available for download via SFTP from the
- following location:
-
- * Server: ftp.openssl.org
- * Username: premium
- * Password: $premium_password
-
- The distribution file name is:
-
- o $tarfile
- Size: $length
- SHA1 checksum: $sha1hash
- SHA256 checksum: $sha256hash
-
- The checksums were calculated using the following commands:
-
- openssl sha1 $tarfile
- openssl sha256 $tarfile
-
- Yours,
-
- The OpenSSL Project Team.
-
-EOF
-
- }
-
- close OUT;
- unlink("${anntxt}.asc");
- system("$gpgann $anntxt");
- die "Cannot sign announcement file!" if $?;
- die "Signature file not found!" unless -f "$anntxt.asc";
-
- if ( !$no_upload ) {
- my $scp = $ENV{OPENSSL_SCP} // "scp";
- my $scphost = $ENV{OPENSSL_SCP_HOST} // "dev.openssl.org";
- my $scpdir = $ENV{OPENSSL_SCP_DIR} // "$scphost:~openssl/dist/new";
- print "Uploading release files\n";
- system(
-"$scp ../$tarfile ../$tarfile.sha1 ../$tarfile.sha256 ../$tarfile.asc $anntxt.asc ${scpdir}"
- );
- die "Error uploading release files" if $?;
- }
-
-}
-
-$last_version = $expected_version unless $pre;
-$expected_version = openssl_version_next( $expected_version, $pre );
-
-print "Updating versions to $expected_version\n";
-
-openssl_update_all($expected_version);
-
-$ok = openssl_check_all( $expected_version, $last_version );
-
-print "Sanity check: " . ( $ok ? "OK" : "NOT OK" ) . "\n";
-
-if ( $ok == 0 ) {
- print "Sanity check failed, cannot continue\n";
- exit 1;
-}
-
-openssl_git_commit( "Prepare for $expected_version", @reviewers );
-die "Error comitting release changes!" if $?;
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use strict;
-
-sub check_str {
- my ( $message, $expected, $value, $pok ) = @_;
- die "Bad checkstr values for $message"
- if !defined $value || !defined $expected;
- if ( $value ne $expected ) {
- print
- "$message: check failed, expecting \"$expected\", got \"$value\"!!\n";
- $$pok = 0;
- } elsif ($main::debug) {
- print "$message: checking \"$value\" against \"$expected\"\n";
- }
-}
-
-# Check syntax of README file.
-
-sub openssl_check_README {
- my ( $version, $indate ) = @_;
- my $ok = 1;
- my $date = openssl_date($indate);
- open( IN, "README" ) || die "Can't open README";
- while (<IN>) {
- if (/^.*OpenSSL\s+(\S+)\s+(\([[:alpha:]]+\)\s+)?(.*)$/) {
- check_str( "README version", $version, $1, \$ok );
- if ( defined $indate ) {
- check_str( "README date", $date, $3, \$ok );
- }
- close IN;
- return $ok;
- }
- }
- close IN;
- print STDERR "Invalid syntax in README\n";
- return 0;
-}
-
-sub openssl_check_NEWS {
- my ( $version, $prev, $indate ) = @_;
- my $date = openssl_date( $version =~ /-pre/ ? undef : $indate );
- my $ok = 1;
- if ( $date =~ /XXX/ ) {
- if ( $version =~ /-pre/ ) {
- $date = "in pre-release";
- } else {
- $date = "under development";
- }
- }
- $version =~ s/-dev$//;
- $version =~ s/-pre.*$//;
- open( IN, "NEWS" ) || die "Can't open NEWS";
-
- while (<IN>) {
- if (
-/^ Major changes between OpenSSL (\S+) and OpenSSL (\S+)\s+\[0?(.*)\]/
- )
- {
- check_str( "NEWS previous version", $prev, $1, \$ok );
- check_str( "NEWS version", $version, $2, \$ok );
- check_str( "NEWS date", $date, $3, \$ok );
- close IN;
- return $ok;
- }
- }
- close IN;
- print STDERR "Invalid syntax in NEWS\n";
- return 0;
-}
-
-sub openssl_check_CHANGES {
- my ( $version, $prev, $indate ) = @_;
- my $date = openssl_date( $version =~ /-pre/ ? undef : $indate );
- my $ok = 1;
- $version =~ s/-dev$//;
- $version =~ s/-pre.*$//;
- open( IN, "CHANGES" ) || die "Can't open CHANGES";
-
- while (<IN>) {
- if (/^ Changes between (\S+) and (\S+)\s+\[0?(.*)\]/) {
- check_str( "CHANGES previous version", $prev, $1, \$ok );
- check_str( "CHANGES version", $version, $2, \$ok );
- check_str( "CHANGES date", $date, $3, \$ok );
- close IN;
- return $ok;
- }
- }
- close IN;
- print STDERR "Invalid syntax in CHANGES\n";
- return 0;
-}
-
-sub openssl_check_version_h {
- my ( $version, $indate ) = @_;
- my ( $hex_done, $fips_done, $version_done );
- my $hexversion = openssl_version_hex($version);
- my $ok = 1;
- my $version_fips = $version . "-fips";
- $version_fips =~ s/-dev-fips/-fips-dev/;
- my $date = openssl_date($indate);
- open( IN, "$main::includepath/opensslv.h" ) || die "Can't open opensslv.h";
-
- while (<IN>) {
- if (/OPENSSL_VERSION_NUMBER\s+(0x[0-9a-f]+)L/) {
- check_str( "opensslv.h: HEX version", $hexversion, $1, \$ok );
- $hex_done = 1;
- } elsif (/OPENSSL_VERSION_TEXT\s+\"OpenSSL\s
- ([^-\s]+(?!-fips)(?:-[^-\s]*)*) # version without -fips
- \s+
- (\([[:alpha:]]+\)\s+)? # Possible lable
- (.*)\" # The rest (date)
- /x
- )
- {
- check_str( "opensslv.h: version", $version, $1, \$ok );
- check_str( "opensslv.h: date", $date, $3, \$ok );
- $version_done = 1;
- }
- if ( $hex_done && $version_done ) {
- close IN;
- return $ok;
- }
- }
- print STDERR "Invalid syntax in opensslv.h\n";
- close IN;
- return 0;
-}
-
-sub openssl_check_spec {
- my ($version) = @_;
- my $ok = 1;
- $version =~ s/-dev$//;
- $version =~ s/-pre.*$//;
- open( IN, "openssl.spec" ) || die "Can't open openssl.spec";
- while (<IN>) {
- if (/^Version:\s+(\S+)$/) {
- check_str( "openssl.spec version", $version, $1, \$ok );
- close IN;
- return $ok;
- }
- }
- close IN;
- print STDERR "Invalid syntax in README\n";
- return 0;
-}
-
-sub print_ok {
- my ( $file, $ok ) = @_;
- print "File: $file " . ( $ok ? "OK" : "NOT OK!!" ) . "\n"
- if ($main::verbose);
-}
-
-sub openssl_check_all {
- my ( $version, $last_version, $date ) = @_;
-
- my $readme_ok = openssl_check_README( $version, $date );
-
- print_ok( "README", $readme_ok );
-
- my $changes_ok = openssl_check_CHANGES( $version, $last_version, $date );
-
- print_ok( "CHANGES", $changes_ok );
-
- my $news_ok = openssl_check_NEWS( $version, $last_version, $date );
-
- print_ok( "NEWS", $news_ok );
-
- my $v_h_ok = openssl_check_version_h( $version, $date );
-
- print_ok( "opensslv.h", $v_h_ok );
-
- # Newer versions don't have openssl.spec
- my $spec_ok = 1;
- if ( -f "openssl.spec" ) {
- $spec_ok = openssl_check_spec($version);
-
- print_ok( "openssl.spec", $spec_ok );
- }
-
- return $readme_ok && $changes_ok && $news_ok && $v_h_ok && $spec_ok;
-}
-
-# If there are no tagged releases for the current version
-# and we are in pre release mode then either we are just entering
-# pre release and the next version will be pre1-dev or we are already
-# at pre1-dev and we need to do a release of pre1.
-# Check opensslv.h to determine which
-
-sub openssl_check_first_pre {
- open( IN, "$main::includepath/opensslv.h" ) || die "Can't open opensslv.h";
-
- while (<IN>) {
- if (/OPENSSL_VERSION_TEXT\s+\"OpenSSL \S*\s+.*\"/) {
- close IN;
-
- # Ignore -fips in string
- s/-fips//;
- return /pre1-dev/;
- }
- }
- close IN;
- die "Invalid sysntax in opensslv.h";
-}
-
-return 1;
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-# Return date into a form suitable for the FAQ, version file and
-# CHANGES file entries. Optionally can be passed date in the form
-# mm/dd/yyyy
-
-sub openssl_date {
- my ($datestr) = @_;
- my ( $mday, $mon, $year );
-
- if ( defined $datestr ) {
- if ( $datestr =~ /(\d+)\/(\d+)\/(\d+)/ ) {
- $mday = $1;
- $mon = $2;
- $year = $3;
- $mon--;
- } else {
- die "Invalid date syntax $datestr, expecting mm/dd/yyyy";
- }
- } else {
- return ( "xx XXX xxxx", undef, undef ) if wantarray;
- return "xx XXX xxxx";
- }
-
- my $mdsuff;
- if ( $mday % 10 > 0 && $mday % 10 <= 3 && ( $mday < 10 || $mday > 20 ) ) {
- my @mday_ord = qw(st nd rd);
- $mdsuff = $mday_ord[ $mday % 10 - 1 ];
- } else {
- $mdsuff = "th";
- }
-
- my @mnames =
- qw(January February March April May June July August September October November December);
-
- my $mname = $mnames[$mon];
- my $mname_short = substr $mname, 0, 3;
-
- my $date_ch = sprintf "%d %s %d", $mday, $mname_short, $year;
- return $date_ch unless wantarray;
- my $date_ab = sprintf "%s %d%s, %d", $mname_short, $mday, $mdsuff, $year;
- my $date_full = sprintf "%-9s %2d%s, %d", $mname, $mday, $mdsuff, $year;
-
- return ( $date_ch, $date_ab, $date_full );
-
-}
-
-# Return current date in dd/mm/yyyy format suitable to passing into
-# openssl_date().
-
-sub openssl_current_date {
- my ( $mday, $mon, $year ) = (localtime)[ 3 .. 5 ];
- $year += 1900;
- $mon++;
- return "$mday/$mon/$year";
-}
-
-return 1;
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use strict;
-use warnings;
-
-# OpenSSL git version utilities.
-
-# Retrieve list of branches and release tags in a reference usable by other
-# functions.
-
-sub openssl_git_init {
- my @tmpbranches =
- grep { chomp; s|^\s+origin/OpenSSL_(\w*\d)-stable$|$1|; } `git branch -r`;
- die "Error retrieving branch details!" if $?;
-
- # Create initial dev version entry: lowest possible version for
- # branch which will be accurate if no releases have take place.
- my @branches;
- foreach ( sort @tmpbranches ) {
- tr/_/\./;
- next if /^0/ && $_ ne "0.9.8";
- push @branches, $_;
- }
-
- # Create list of tags
- my @rtags = grep { chomp; s/OpenSSL_(\d.*)$/$1/; } `git tag`;
- die "Error retrieving tag details!" if $?;
- my @tags;
- foreach (@rtags) {
-
- # Skip if tag has - and it isn't pre
- next if ( /-/ && !/-pre\d+$/ );
- tr/_/\./;
- next if /^0/ && !/^0.9.8/;
- push @tags, $_;
- }
- my $aref = [ \@tags, \@branches ];
- return $aref;
-}
-
-# Return last release number on supplied branch.
-# If $nopre is set, skip pre releases, if $prev set
-# return last release on previous branch if no release
-# on current branch.
-
-sub openssl_git_last_release {
- my ( $rinfo, $branch, $nopre, $prev ) = @_;
- my ( $rtag, $rbranch ) = @$rinfo;
- my $brhex = openssl_version_branch_hex($branch);
- my $rv = "";
- my $rvhex = "";
- foreach (@$rtag) {
- next if ( $nopre && /-pre/ );
- my $taghex = openssl_version_hex($_);
- my $tagbhex = openssl_version_branch_hex($_);
-
- # Is tag for current branch?
- if ( $tagbhex ne $brhex ) {
-
- # Discard if only want current branch or greater
- # than current branch
- next if ( !$prev || $tagbhex gt $brhex );
- }
-
- # If release is later than last value replace.
- if ( $taghex gt $rvhex ) {
- $rv = $_;
- $rvhex = openssl_version_hex($rv);
- }
- }
- return $rv eq "" ? "none" : $rv;
-}
-
-sub openssl_git_current_branch {
-
- # Current branch
- $_ = `git rev-parse --abbrev-ref HEAD`;
- die "Can't get current branch!" if $?;
- chomp;
- return $_;
-}
-
-sub openssl_git_branch_version {
- ($_) = @_;
- $_ = openssl_git_current_branch() unless defined $_;
- die "Unexpected branch name $_" unless s/OpenSSL_//;
- tr /_/\./;
- die "Unexpected branch name $_" unless s/-stable$//;
- return $_;
-}
-
-sub openssl_git_expected_version {
- my ( $rinfo, $branch ) = @_;
- $branch = openssl_git_major_version() unless defined $branch;
- my $rv = openssl_git_last_release( $rinfo, $branch );
- return $branch .= "-dev" if $rv eq "none";
- return openssl_version_next($rv);
-}
-
-sub openssl_git_check_changes {
-
- # For some reason this is unreliable if you use --quiet ...
- system("git diff --exit-code >/dev/null");
- return 0 if $? == 0;
- return 1 if $? == 256;
- die "Unexpected status $?";
-}
-
-sub openssl_git_make_update {
- print "Configuring system\n";
- system("perl Configure gcc >/dev/null 2>&1");
- die "Error configuring system" if $?;
-
- print "Doing make update\n";
- system("make update >/dev/null 2>&1");
- die "make update error" if $?;
- if ( openssl_git_check_changes() ) {
- print "Source modified, committing changes\n";
- openssl_git_commit( "make update", @_ );
- die "Error committing update" if $?;
- } else {
- print "No changes\n";
- }
- system("find . -name Makefile.save -exec rm \\\{\\\} \\\;");
- die "Error removing Makefile.save files" if $?;
-}
-
-sub openssl_git_delete_local_tags {
- my ($branch) = @_;
- $branch =~ s/-stable//;
- my @tags = grep { chomp; } `git tag -l $branch\*`;
- my @rtags =
- grep { chomp; s|^.*refs/tags/||; } `git ls-remote --tags origin`;
- my %rtaghash;
- foreach (@rtags) {
- $rtaghash{$_} = 1;
- }
- foreach (@tags) {
- if ( !defined $rtaghash{$_} ) {
- print "Deleting local tag $_\n" if $main::verbose;
- system("git tag -d $_");
- }
- }
-}
-
-sub openssl_git_commit {
- my @args = ( "git", "commit", "-a" );
- my ( $message, @reviewers ) = @_;
- $message .= "\n\n";
- foreach (@reviewers) {
- $message .= "Reviewed-by: $_\n";
- }
- $message .= "Release: yes\n";
- push @args, "-m", "$message";
- system(@args);
- die "Error committing update" if $?;
-}
-
-return 1;
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use strict;
-use warnings;
-
-sub openssl_update_file {
- my $fref = pop @_;
- my $file = pop @_;
- my $file_new = $file . ".new";
- my $finished = 0;
- open( IN, "$file" ) || die "Can't open $file";
- open( OUT, ">$file_new" ) || die "Can't open $file_new";
- while (<IN>) {
- $finished = &$fref(@_) unless $finished;
- print OUT;
- }
- close IN;
- close OUT;
- unlink $file;
- rename $file_new, $file;
- print "Updated $file\n" if $main::verbose;
-}
-
-sub openssl_update_README {
- my ( $version, $indate, $label ) = @_;
- my $date = openssl_date($indate);
- my $update = sub {
- if (/^.*OpenSSL/) {
- $_ = " OpenSSL $version";
- $_ .= " $label" if ( defined $label );
- $_ .= " $date" if ( defined $indate );
- $_ .= "\n";
- return 1;
- }
- return 0;
- };
- openssl_update_file( @_, "README", $update );
-}
-
-sub openssl_update_CHANGES {
- my ( $version, $indate ) = @_;
- my $date = openssl_date($indate);
- $version =~ s/-dev//;
- my $update = sub {
- if (/^ Changes between \S+ and (\S+)\s+\[0?(.*)\]/) {
- my $chversion = $1;
- my $chdate = $2;
- if ( defined $indate ) {
- s/$chdate/$date/;
- } else {
- my $newchanges = <<END;
- Changes between $chversion and $version [xx XXX xxxx]
-
- *)
-
-END
- $_ = $newchanges . $_;
- }
- return 1;
- }
- return 0;
- };
- openssl_update_file( @_, "CHANGES", $update );
-}
-
-sub openssl_update_NEWS {
- my ( $version, $indate ) = @_;
- my $date;
- if ( $version =~ /-pre1-dev/ ) {
- $date = "in pre-release";
- $indate = "";
- } elsif ( $version =~ /-pre/ ) {
- return 1;
- } else {
- $date = openssl_date($indate);
- }
- $version =~ s/-dev//;
- my $update = sub {
- if (
-/^ Major changes between OpenSSL \S+ and OpenSSL (\S+)\s+\[0?(.*)\]/
- )
- {
- my $chversion = $1;
- my $chdate = $2;
- if ( defined $indate ) {
- s/$chdate/$date/;
- } else {
- my $newchanges = <<END;
- Major changes between OpenSSL $chversion and OpenSSL $version [under development]
-
- o
-
-END
- $_ = $newchanges . $_;
- }
- return 1;
- }
- return 0;
- };
- openssl_update_file( @_, "NEWS", $update );
-}
-
-sub openssl_update_version_h {
- my ( $version, $indate, $label ) = @_;
- my $hexversion = openssl_version_hex($version);
- my $date = openssl_date($indate);
- my $version_fips = $version . "-fips";
- $version_fips =~ s/-dev-fips/-fips-dev/;
- if ( !defined $label ) {
- $label = "";
- }
- my $update = sub {
- if (/(#\s*define\s+OPENSSL_VERSION_NUMBER\s+)/) {
- $_ = "${1}${hexversion}L\n";
- } elsif (/(#\s*define\s+OPENSSL_VERSION_TEXT\s+).*fips/) {
- $_ = "${1}\"OpenSSL $version_fips $label $date\"\n";
- } elsif (/(#\s*define\s+OPENSSL_VERSION_TEXT\s+)/) {
- $_ = "${1}\"OpenSSL $version $label $date\"\n";
- }
- return 0;
- };
- openssl_update_file( @_, "$main::includepath/opensslv.h", $update );
-}
-
-sub openssl_update_spec {
- my ($version) = @_;
- $version =~ s/-dev$//;
- my $update = sub {
- s/^Version:\s+(\S+)$/Version: $version/;
- };
- openssl_update_file( @_, "openssl.spec", $update );
-}
-
-sub openssl_update_all {
- my ( $version, $date, $label ) = @_;
- my $ispre = $version =~ /-pre/;
- if ( defined $label ) {
- $label = "($label)";
- }
- openssl_update_version_h( $version, $date, $label );
- openssl_update_spec($version) if ( !$ispre && -f "openssl.spec" );
- openssl_update_README( $version, $date, $label );
- openssl_update_CHANGES( $version, $date ) unless $ispre;
- openssl_update_NEWS( $version, $date );
-}
-
-return 1;
+++ /dev/null
-#! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
-#
-# Licensed under the OpenSSL license (the "License"). You may not use
-# this file except in compliance with the License. You can obtain a copy
-# in the file LICENSE in the source distribution or at
-# https://www.openssl.org/source/license.html
-
-use strict;
-use warnings;
-
-# OpenSSL version utility functions.
-
-# Convert string version to hex format
-# usage is version_hex($version_string, $tag)
-# where "tag" is 1 if the version comes from a git tag.
-# Return version in hex format.
-
-sub openssl_version_hex {
- my ( $version, $tag ) = @_;
- my $ov = $version;
- $tag = $version =~ /_/ unless defined $tag;
- $version =~ tr/_/\./ if $tag;
-
- # Separate version string into fields and convert each one.
-
- if ( !( $version =~ /([\d])\.([\d]+).([\d]+)(.*)$/ ) ) {
- die "Invalid version syntax \"$version\"";
- }
- my $M = $1;
- my $NN = sprintf "%02x", $2;
- my $FF = sprintf "%02x", $3;
- my $rest = $4;
-
- if ( length $M > 1 || length $NN > 2 || length $FF > 2 ) {
- die "Invalid version syntax";
- }
-
- my ( $PP, $S );
-
- if ( $rest eq "" ) {
- $PP = "00";
- $S = "f";
- } else {
- $S = "";
- if ( $rest =~ s/-dev$// ) {
- $S = "0";
- }
-
- # Note pre release development versions of the form -preX-dev
- # version is same for pre release and development versions
- # So check for -preX after we have stripped off any
- # -dev above.
- if ( $rest =~ s/-pre([\d]+)$// ) {
- $S = sprintf "%x", $1;
- }
-
- # No -dev or -pre, must be release
- $S = "f" if $S eq "";
-
- if ( $rest eq "" ) {
- $PP = "00";
- } elsif ( $rest =~ /^z([a-z]$)/ ) {
- $PP = sprintf "%02x", ord($1) - ord("a") + 26;
- } elsif ( $rest =~ /(^[a-z]$)/ ) {
- $PP = sprintf "%02x", ord($1) - ord("a") + 1;
- } else {
- die "Invalid version syntax: \"$ov\"";
- }
- }
-
- if ( length $S > 1 || length $PP > 2 ) {
- die "Invalid version syntax";
- }
-
- return "0x$M$NN$FF$PP$S";
-
-}
-
-# Convert hex format to string
-# Usage is version_str($hex_version), returns version as a string.
-
-sub openssl_version_str {
- my ($hexversion) = @_;
- my ( $chk, $M, $NN, $FF, $PP, $S ) = unpack "A2AA2A2A2A", $hexversion;
- die "Bad hex version $hexversion" if $chk ne "0x" || $S eq "";
- my $version_str = hex($M) . "." . hex($NN) . "." . hex($FF);
-
- if ( $PP ne "00" ) {
- my $hex_PP = hex($PP);
- if ( $hex_PP > 25 ) {
- $version_str .= "z";
- $hex_PP -= 25;
- }
- $version_str .= chr( $hex_PP + ord("a") - 1 );
- }
-
- if ( $S eq "0" ) {
- $version_str .= "-dev";
- } elsif ( $S ne "f" ) {
- $version_str .= "-pre" . hex($S);
- }
-
- return $version_str;
-
-}
-
-# Given a hex number work out the next version.
-# Usage is openssl_next_version($version, $pre, $dev)
-# $pre indicates whether we should use pre releases
-# $dev indicates we should use a development version.
-
-sub openssl_version_next {
- my ( $version, $pre, $dev ) = @_;
- my $hexversion = openssl_version_hex($version);
- my ( $chk, $M, $NN, $FF, $PP, $S ) = unpack "A2AA2A2A2A", $hexversion;
- die "Invalid syntax $version" if $S eq "";
-
- # If $pre or $dev not set work out what we want.
- $dev = $version !~ /-dev/ unless defined $dev;
- $pre = $version =~ /-pre/ unless defined $pre;
-
- # If we want a release then just need to get rid of "-dev" part.
- #
- if ( $dev == 0 ) {
- die "Expecting a development version!!" if $version !~ /-dev/;
-
- # NB version number is identical for pre and pre development.
- # So just strip out "-dev" part.
- $version =~ s/-dev//;
-
- # Special case: if we are going from X.Y.Z-dev and using pre releases
- # next version is X.Y.Z-pre1-dev and this wont be a release,
- # just changing version numbers for beginning of pre releases.
- $version .= "-pre1-dev" if $pre && $S eq "0";
-
- # If moving out of pre release return full release
- $version =~ s/-pre.*$// unless $pre;
- return $version;
- }
- die "Not expecting a development version!!" if $version =~ /-dev/;
-
- # If a pre release we need to increment the pre release portion
- if ( $pre != 0 ) {
-
- # Hex version can only handle 14 pre releases.
- die "Can't go past pre release 14!!" if ( $S eq "e" );
-
- # Must be a pre release or development version.
- die "Can't go from release to pre release!!" if $S eq "f";
- $S = sprintf "%x", hex($S) + 1;
- $hexversion =~ s/.$/$S/;
- $version = openssl_version_str($hexversion);
- $version .= "-dev" if $dev;
- return $version;
- }
-
- # If last version pre release and not doing pre releases any more then switch
- # to full release.
- return openssl_version_str("0x$M$NN$FF${PP}f") if ( $version =~ /pre/ );
-
- # Otherwise need to increment letter value if not a pre release.
- $PP = sprintf "%02x", hex($PP) + 1;
- die "Invalid letter version!!" if ( length $PP > 2 );
- return openssl_version_str("0x$M$NN$FF${PP}0");
-}
-
-# Return hex branch version belongs to.
-# So "1.0.1a-pre2-dev" returns hex of "1.0.1" for example.
-
-sub openssl_version_branch_hex {
- my ($version) = @_;
- my $hexversion = openssl_version_hex($version);
- my ( $chk, $M, $NN, $FF, $PP, $S ) = unpack "A2AA2A2A2A", $hexversion;
- die "Invalid syntax $version" if $S eq "";
- return "0x$M$NN${FF}00F";
-}
-
-return 1;