BuildingReleases

4.2 and up, dnsdist 1.3.3 and up

Note: compared to 4.1.x and below a build can now take up to 5 or 6 hours! (and for Raspbian it's 5 to 6 hours per release!)

Mostly like below, but use these builders

• build-authoritative-pdns-builder
• build-authoritative-pdns-builder-armhf
• build-dnsdist-pdns-builder
• build-dnsdist-pdns-builder-armhf
• build-recursor-pdns-builder
• build-recursor-pdns-builder-armhf

4.0 and up and dnsdist

Before (write but do not merge yet!)

1. Write changelogs
   • To get a list of all the merged PRs since the previous version do:
     • git log --merges --oneline «previous-version»..«current-version»
     • example: git log --merges --oneline rec-4.1.0..master
   • Now create the changelog: ./build-scripts/changelog-from-pr.py PR# PR# PR#
   • Or for PR in (cat ~/merges.txt); echo $PR; ./build-scripts/changelog-from-pr.py --access_token «your GitHub API access token» $PR >> ~/changes.rst ; end where merges has one PR (without the # prepended) per line
   • Don't forget to change the XXXX's
2. Update secpoll zonefile (do not forget to update the SOA serial!)
3. Write draft blogpost

Building the tarballs and packages

1. After the last commit to be included, wait for the corresponding build to succeed before tagging, to avoid having to create a new tag if an error slipped in after all.
2. Tag the commit git tag -s -a dnsdist-X.Y.Z (tag prereleases as dnsdist-X.Y.Z-{alpha,beta,rc}N)
   • Do a git tag -n to see what the previous messages look like and make a similar one
   • Tag, build and publish the release before merging the changelog and secpoll update, otherwise users will get a secpoll upgrade notice while there's no release available yet
3. Push the tag with git push <remote> <tagname>
4. Login to the webinterface at builder.powerdns.com
5. "Builds >> Builders >> create-dnsdist-tar-bz2"
6. (top right) "force-create-dnsdist-tar-bz2"
7. Fill in the tag at "revision", check the "is_release"-checkbox (this enables special version name processing)
8. Hit "Start build"
9. wait for tarballs and packages to be created
10. wait for all downstream tests to pass

Uploading and signing the tarball

1. (on download1.powerdns.com) Copy the tarball to /releases. e.g. cp /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/$PRODUCT-$VERSION.tar.bz2 /srv/www/downloads.powerdns.com/releases
2. Copy the tarball to your local system for signing (e.g. rsync download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/$PRODUCT-$VERSION.tar.bz2 .)
3. Sign the tarball with your gpg key with your powerdns.com address on it. Both --detach-sign and --detach-sign --armor
4. Upload the signature files to the right place on downloads.powerdns.com (e.g. rsync *.tar.bz2.* download1.powerdns.com:/srv/www/downloads.powerdns.com/releases/)
5. In the case of CVEs, move the minimal patches to download1:/srv/www/downloads.powerdns.com/patches/ (the minimal patches are send in an e-mail by Remi to customers

Publishing packages (releases)

1. (on repo1.powerdns.com, in your homedir) mkdir $PRODUCT-$VERSION
2. (on download1.powerdns.com, use ssh -A) rsync -a --progress /srv/www/downloads.powerdns.com/autobuilt/$PRODUCT/$VERSION/ repo.powerdns.com:$PRODUCT-$VERSION
3. (on repo1.powerdns.com) Extract all the tarballs with packages: cd $PRODUCT-$VERSION; /home/pieter/move_pkgs.sh
4. (on repo1.powerdns.com) Become the user repo: sudo -u repo -i and start bash
5. (on repo1.powerdns.com, as repo) Copy the dir from your homedir. rsync -a ~YOU/$PRODUCT-$VERSION /srv/repo/upload
6. (on repo1.powerdns.com, as repo) Publish the CentOS RPMs: for x in 6 7 8; do createrepo_wrapper centos $x $PRODUCT-$VERSION_REPO $PRODUCT-VERSION-centos-$x-x86_64/*.rpm; done
7. (if auth < 4.2) (on repo1.powerdns.com, as repo) Publish the SLES RPMs: createrepo_wrapper sles 12.1 auth-40 sles-121-x86_64/*.rpm
8. (on repo1.powerdns.com, as repo) Publish the Ubuntu debs: for x in trusty xenial bionic; do reprepro -b /srv/repo/ubuntu/ --ignore=extension includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-ubuntu-$x-amd64/*.deb ; done
9. (on repo1.powerdns.com, as repo) Publish the Debian debs: for x in jessie stretch; do reprepro -b /srv/repo/debian/ --ignore=extension includedeb $x-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-debian-$x-amd64/*.deb; done
10. (on repo1.powerdns.com, as repo) Publish the Raspbian debs: reprepro -b /srv/repo/raspbian/ includedeb jessie-$PRODUCT-$VERSION_REPO $PRODUCT-$VERSION-raspbian-jessie-armhf/*.deb

Publishing packages (prereleases)

NOTE not yet updated!

All on download1.powerdns.com

1. mkdir pdns-recursor-4.0.5-rc1
2. cd pdns-recursor-4.0.5-rc1
3. find /srv/www/downloads.powerdns.com/autobuilt/recursor/ -name 'pdns-recursor*4.0.5*rc*' -exec cp {} . \;
4. ~pieter/move_pkgs.sh
5. find . -type f -name 'pdns-recursor*4.0.5*rc*' | sort | xargs sha256sum > sha256sums
6. Sign the sha256sums file (both --detach-sign and --detach-sign --armor)
7. cd ..
8. mv pdns-recursor-4.0.5-rc1 /srv/www/downloads.powerdns.com/releases/packages

Testing

Before testing, merge the changelog and secpoll PR, so that the test packages see the right secpoll DNS records.

Secpoll

1. dig @pdns-public-ns1.powerdns.com TXT $PRODUCT-$VERSION.security-status.secpoll.powerdns.com +norec +short

Packages

1. docker pull centos:$OS_VERSION or docker pull debian:$OS_VERSION or docker pull ubuntu:$OS_VERSION
2. docker run -it $OS_FROM_PREVIOUS_LINE:$VERSION /bin/bash
3. Follow instructions on https://repo.powerdns.com/

For the Raspberry Pi packages there's a physical RPi in the office. (Docker can be tried but never worked for me.)

Announce

1. post on blog - this will also announce to Twitter and Facebook
2. send out SIGNED announcements to pdns-dev/pdns-announce/pdns-users
   • please see internal OX wiki for whom else to notify by e-mail
3. announce on LinkedIn: do this for RCs too
4. for final releases:
   • update www.powerdns.com
   • update wikipedia and IRC topic
   • #dns on freenode update (send a PR and ping Peter van Dijk)