Skip to content
aerique edited this page Jun 14, 2019 · 59 revisions

4.2 and up, dnsdist 1.3.3 and up

Note: compared to 4.1.x and below a build can now take up to 5 or 6 hours! (and for Raspbian it's 5 to 6 hours per release!)

Mostly like below, but use these builders

  • build-authoritative-pdns-builder
  • build-authoritative-pdns-builder-armhf
  • build-dnsdist-pdns-builder
  • build-dnsdist-pdns-builder-armhf
  • build-recursor-pdns-builder
  • build-recursor-pdns-builder-armhf

4.0 and up and dnsdist

Before

  1. Write changelogs
    • To get a list of all the merged PRs since the previous version do:
      • git log --merges --oneline «previous-version»..«current-version»
      • example: git log --merges --oneline rec-4.1.0..master
    • Now create the changelog: ./build-scripts/changelog-from-pr.py PR# PR# PR#
    • Or for PR in (cat ~/merges.txt); echo $PR; ./build-scripts/changelog-from-pr.py --access_token «your GitHub API access token» $PR >> ~/changes.rst ; end where merges has one PR (without the # prepended) per line
    • Don't forget to change the XXXX's
  2. Update secpoll zonefile (do not forget to update the SOA serial!)
  3. Write draft blogpost

Building the tarballs and packages

  1. Tag the commit git tag -a dnsdist-X.Y.Z (tag prereleases as dnsdist-X.Y.Z-{alpha,beta,rc})
    • Do a git tag -n to see what the previous messages look like and make a similar one
    • Tag the commit before the changelog and secpoll update, otherwise users will get a secpoll upgrade notice while there's no release available yet
  2. Push the tag with git push --tags
  3. Login to the webinterface at builder.powerdns.com
  4. "Builds >> Builders >> create-dnsdist-tar-bz2"
  5. (top right) "force-create-dnsdist-tar-bz2"
  6. Fill in the tag at "revision", check the "is_release"-checkbox (this enables special version name processing)
  7. Hit "Start build"
  8. wait for tarballs and packages to be created
  9. wait for all downstream tests to pass

Uploading and signing the tarball

  1. (on download1.powerdns.com) Copy the tarball to /releases. e.g. cp /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/$PRODUCT-$VERSION.tar.bz2 /srv/www/downloads.powerdns.com/releases
  2. Copy the tarball to your local system for signing (e.g. rsync download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/$PRODUCT-$VERSION.tar.bz2 .)
  3. Sign the tarball with your gpg key with your powerdns.com address on it. Both --detach-sign and --detach-sign --armor
  4. Upload the signature files to the right place on downloads.powerdns.com (e.g. rsync *.tar.bz2.* download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/)
  5. In the case of CVEs, move the minimal patches to download1:/srv/www/downloads.powerdns.com/patches/ (the minimal patches are send in an e-mail by Remi to customers

Publishing packages (releases)

  1. (on repo1.powerdns.com, in your homedir) mkdir $PRODUCT-$VERSION
  2. (on download1.powerdns.com, use ssh -A) rsync -a --progress /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/ repo.powerdns.com:$PRODUCT-$VERSION \;
  3. (on repo1.powerdns.com) Extract all the tarballs with packages: cd $PRODUCT-$VERSION; /home/pieter/move_pkgs.sh
  4. (on repo1.powerdns.com) Become the user repo: sudo -u repo -i and start bash
  5. (on repo1.powerdns.com, as repo) Copy the dir from your homedir. rsync ~YOU/$PRODUCT-$VERSION /srv/repo/upload
    • For some reason this never worked for me, so I did: cp -a $YOU/$PRODUCT-$VERSION /srv/repo/upload/
  6. (on repo1.powerdns.com, as repo) Publish the CentOS RPMs: for x in 6 7; do createrepo_wrapper centos $x $PRODUCT-$VERSION_REPO $PRODUCT-VERSION-centos-$x-x86_64/*.rpm; done
  7. (if auth < 4.2) (on repo1.powerdns.com, as repo) Publish the SLES RPMs: createrepo_wrapper sles 12.1 auth-40 sles-121-x86_64/*.rpm
  8. (on repo1.powerdns.com, as repo) Publish the Ubuntu debs: for x in trusty xenial bionic; do reprepro -b /srv/repo/ubuntu/ includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-ubuntu-$x-amd64/*.deb ; done
  9. (on repo1.powerdns.com, as repo) Publish the Debian debs: for x in jessie stretch; do reprepro -b /srv/repo/debian/ includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-debian-$x-amd64/*.deb; done
  10. (on repo1.powerdns.com, as repo) Publish the Raspbian debs: reprepro -b /srv/repo/raspbian/ includedeb jessie-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-raspbian-jessie-armhf/*.deb

Publishing packages (prereleases)

NOTE not yet updated!

All on download1.powerdns.com

  1. mkdir pdns-recursor-4.0.5-rc1
  2. cd pdns-recursor-4.0.5-rc1
  3. find /srv/www/downloads.powerdns.com/autobuilt/recursor/ -name 'pdns-recursor*4.0.5*rc*' -exec cp {} . \;
  4. ~pieter/move_pkgs.sh
  5. find . -type f -name 'pdns-recursor*4.0.5*rc*' | sort | xargs sha256sum > sha256sums
  6. Sign the sha256sums file (both --detach-sign and --detach-sign --armor)
  7. cd ..
  8. mv pdns-recursor-4.0.5-rc1 /srv/www/downloads.powerdns.com/releases/packages

Testing

Packages

  1. docker pull centos:$OS_VERSION or docker pull debian:$OS_VERSION or docker pull ubuntu:$OS_VERSION
  2. docker run -it $OS_FROM_PREVIOUS_LINE:$VERSION /bin/bash
  3. Follow instructions on https://repo.powerdns.com/

For the Raspberry Pi packages there's a physical RPi in the office. (Docker can be tried but never worked for me.)

Secpoll

  1. dig @pdns-public-ns1.powerdns.com TXT $PRODUCT-$VERSION.security-status.secpoll.powerdns.com +norec +short

Announce

  1. post on blog - this will also announce to twitter and facebook
  2. send out SIGNED announcements to pdns-dev/pdns-announce/pdns-users
  3. announce on G+, linkedin - do this for RCs too, to all sites!
  4. for final releases:
    • if this is a final release, update www.powerdns.com too (git show dfe82b25d2ffa53ab2ff00c465c4a0bd3aa998b5)
    • update wikipedia and irc topic (for final releases)
    • #dns on freenode update (send a PR and ping Peter van Dijk)