Tor Messenger Release Process (#17455)
- Bump the version of Tor Messenger in rbm.conf
- Ensure the HEAD on the build machines matches the master of the tor-messenger-build repository.
- Run make tor-messenger-release. The builds will be in release/$VERSION directory, along with the sha256sums.txt file.
- Compare the Linux build hashes (reproducible) with one other person, preferably building on a different machine.
- Test builds on all platforms:
- Create at least one XMPP account and make sure in-band works and the account connects.
- Initiate an OTR conversation with another instance. Verify the various authentication mechanisms.
- Check "Error Console" for errors, warnings or messages and try to fix them.
- Sign the sha256sums.txt file (gpg -abs). Currently the builds are signed with the 0xB297B391 key.
- Note about add-ons update: add-ons will only be updated if the version in install.rdf has changed. So for example for ctypes-otr, make sure if there are changes to be updated that the version number is bumped.
- Tag the release (git tag -s v$VERSION -m 'version $VERSION'). Before pushing tag, make sure HEAD adds the date to the changelog and is not some other commit. Push tag to git.torproject.org.
- Upload the signed builds to https://dist.torproject.org/tormessenger/
- Upload the builds to virustotal.com so that they have time to calm down with false positive reports. (See #17454)
- Increment the version number and update the links on https://trac.torproject.org/projects/tor/wiki/doc/TorMessenger
- Publish the blog post
- Email to tor-announce
Download in other formats: