]> git.ipfire.org Git - thirdparty/openssl.git/blame - dev/release.sh
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright year
[thirdparty/openssl.git] / dev / release.sh
CommitLineData
b0b0b6a4 1#! /bin/bash -e
a28d06f3 2# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
b0b0b6a4
RL		 3#
4# Licensed under the Apache License 2.0 (the "License"). You may not use
5# this file except in compliance with the License. You can obtain a copy
6# in the file LICENSE in the source distribution or at
7# https://www.openssl.org/source/license.html
8
9# This is the most shell agnostic way to specify that POSIX rules.
10POSIXLY_CORRECT=1
11
12usage () {
13 cat <<EOF
14Usage: release.sh [ options ... ]
15
16--alpha Start or increase the "alpha" pre-release tag.
17--next-beta Switch to the "beta" pre-release tag after alpha release.
18 It can only be given with --alpha.
19--beta Start or increase the "beta" pre-release tag.
20--final Get out of "alpha" or "beta" and make a final release.
21 Implies --branch.
22
23--branch Create a release branch 'openssl-{major}.{minor}.x',
24 where '{major}' and '{minor}' are the major and minor
25 version numbers.
26
64af3aec 27--reviewer=<id> The reviewer of the commits.
b0b0b6a4
RL		 28--local-user=<keyid>
29 For the purpose of signing tags and tar files, use this
30 key (default: use the default e-mail address’ key).
31
32--no-upload Don't upload to upload@dev.openssl.org.
33--no-update Don't perform 'make update'.
34--verbose Verbose output.
35--debug Include debug output. Implies --no-upload.
36
37--force Force execution
38
39--help This text
40--manual The manual
41
42If none of --alpha, --beta, or --final are given, this script tries to
43figure out the next step.
44EOF
45 exit 0
46}
47
48# Set to one of 'major', 'minor', 'alpha', 'beta' or 'final'
49next_method=
50next_method2=
51
52do_branch=false
53warn_branch=false
54
55do_clean=true
56do_upload=true
57do_update=true
58DEBUG=:
59VERBOSE=:
60git_quiet=-q
61
62force=false
63
64do_help=false
65do_manual=false
66
67tagkey=' -s'
68gpgkey=
64af3aec 69reviewers=
b0b0b6a4
RL		 70
71upload_address=upload@dev.openssl.org
72
73TEMP=$(getopt -l 'alpha,next-beta,beta,final' \
74 -l 'branch' \
75 -l 'no-upload,no-update' \
76 -l 'verbose,debug' \
77 -l 'local-user:' \
64af3aec 78 -l 'reviewer:' \
b0b0b6a4
RL		 79 -l 'force' \
80 -l 'help,manual' \
81 -n release.sh -- - "$@")
82eval set -- "$TEMP"
83while true; do
84 case $1 in
85 --alpha | --beta | --final )
86 next_method=$(echo "x$1" | sed -e 's|^x--||')
87 if [ -z "$next_method2" ]; then
88 next_method2=$next_method
89 fi
90 shift
91 if [ "$next_method" = 'final' ]; then
92 do_branch=true
93 fi
94 ;;
95 --next-beta )
96 next_method2=$(echo "x$1" | sed -e 's|^x--next-||')
97 shift
98 ;;
99 --branch )
100 do_branch=true
101 warn_branch=true
102 shift
103 ;;
104 --no-upload )
105 do_upload=false
106 shift
107 ;;
108 --no-update )
109 do_update=false
110 shift
111 ;;
112 --verbose )
113 VERBOSE=echo
114 git_quiet=
115 shift
116 ;;
117 --debug )
118 DEBUG=echo
119 do_upload=false
120 shift
121 ;;
122 --local-user )
123 shift
93bae03a 124 tagkey=" -u $1"
b0b0b6a4
RL		 125 gpgkey=" -u $1"
126 shift
127 ;;
64af3aec
RL		 128 --reviewer )
129 reviewers="$reviewers $1=$2"
130 shift
131 shift
132 ;;
b0b0b6a4
RL		 133 --force )
134 force=true
135 shift
136 ;;
137 --help )
138 usage
139 exit 0
140 ;;
141 --manual )
142 sed -e '1,/^### BEGIN MANUAL/d' \
143 -e '/^### END MANUAL/,$d' \
144 < "$0" \
145 | pod2man \
146 | man -l -
147 exit 0
148 ;;
149 -- )
150 shift
151 break
152 ;;
153 * )
154 echo >&2 "Unknown option $1"
155 shift
156 exit 1
157 ;;
158 esac
159done
160
161$DEBUG >&2 "DEBUG: \$next_method=$next_method"
162$DEBUG >&2 "DEBUG: \$next_method2=$next_method2"
163
164$DEBUG >&2 "DEBUG: \$do_branch=$do_branch"
165
166$DEBUG >&2 "DEBUG: \$do_upload=$do_upload"
167$DEBUG >&2 "DEBUG: \$do_update=$do_update"
168$DEBUG >&2 "DEBUG: \$DEBUG=$DEBUG"
169$DEBUG >&2 "DEBUG: \$VERBOSE=$VERBOSE"
170$DEBUG >&2 "DEBUG: \$git_quiet=$git_quiet"
171
172case "$next_method+$next_method2" in
173 major+major | minor+minor )
174 # These are expected
175 ;;
176 alpha+alpha | alpha+beta | beta+beta | final+final | + | +beta )
177 # These are expected
178 ;;
179 * )
180 echo >&2 "Internal option error ($next_method, $next_method2)"
181 exit 1
182 ;;
183esac
184
185# Verbosity feed for certain commands
186VERBOSITY_FIFO=/tmp/openssl-$$.fifo
187mkfifo -m 600 $VERBOSITY_FIFO
188( cat $VERBOSITY_FIFO | while read L; do $VERBOSE "> $L"; done ) &
189exec 42>$VERBOSITY_FIFO
190trap "exec 42>&-; rm $VERBOSITY_FIFO" 0 2
191
192# Setup ##############################################################
193
194# Make sure we're in the work directory
195cd $(dirname $0)/..
196HERE=$(pwd)
197
198# Check that we have the scripts that define functions we use
199found=true
200for fn in "$HERE/dev/release-aux/release-version-fn.sh" \
201 "$HERE/dev/release-aux/release-state-fn.sh"; do
202 if ! [ -f "$fn" ]; then
203 echo >&2 "'$fn' is missing"
204 found=false
205 fi
206done
207if ! $found; then
208 exit 1
209fi
210
211# Load version functions
212. $HERE/dev/release-aux/release-version-fn.sh
213. $HERE/dev/release-aux/release-state-fn.sh
214
215# Make sure it's a branch we recognise
216orig_branch=$(git rev-parse --abbrev-ref HEAD)
217if (echo "$orig_branch" \
218 | grep -E -q \
219 -e '^master$' \
220 -e '^OpenSSL_[0-9]+_[0-9]+_[0-9]+[a-z]*-stable$' \
221 -e '^openssl-[0-9]+\.[0-9]+\.x$'); then
222 :
223elif $force; then
224 :
225else
226 echo >&2 "Not in master or any recognised release branch"
227 echo >&2 "Please 'git checkout' an approprite branch"
228 exit 1
229fi
4588f35b 230orig_HEAD=$(git rev-parse HEAD)
b0b0b6a4
RL		 231
232# Initialize #########################################################
233
234echo "== Initializing work tree"
235
236get_version
237
238# Generate a cloned directory name
4588f35b 239release_clone="$orig_branch-release-tmp"
b0b0b6a4
RL		 240
241echo "== Work tree will be in $release_clone"
242
243# Make a clone in a subdirectory and move there
244if ! [ -d "$release_clone" ]; then
245 $VERBOSE "== Cloning to $release_clone"
4588f35b 246 git clone $git_quiet -b "$orig_branch" -o parent . "$release_clone"
b0b0b6a4
RL		 247fi
248cd "$release_clone"
249
250get_version
251
4588f35b
RL		 252# Branches we will work with. The release branch is where we make the
253# changes for the release, the update branch is where we make the post-
254# release changes
255update_branch="$orig_branch"
256release_branch="openssl-$SERIES.x"
b0b0b6a4 257
4588f35b
RL		 258# among others, we only create a release branch if the patch number is zero
259if [ "$update_branch" = "$release_branch" ] || [ $PATCH -ne 0 ]; then
260 if $do_branch && $warn_branch; then
261 echo >&2 "Warning! We're already in a release branch; --branch ignored"
262 fi
263 do_branch=false
264fi
265
266if ! $do_branch; then
267 release_branch="$update_branch"
268fi
269
270# Branches we create for PRs
271branch_version="$VERSION${PRE_LABEL:+-$PRE_LABEL$PRE_NUM}"
272tmp_update_branch="OSSL--$update_branch--$branch_version"
273tmp_release_branch="OSSL--$release_branch--$branch_version"
274
275# Check that we're still on the same branch as our parent repo, or on a
276# release branch
277current_branch=$(git rev-parse --abbrev-ref HEAD)
278if [ "$current_branch" = "$update_branch" ]; then
b0b0b6a4 279 :
4588f35b 280elif [ "$current_branch" = "$release_branch" ]; then
b0b0b6a4
RL		 281 :
282else
4588f35b
RL		 283 echo >&2 "The cloned sub-directory '$release_clone' is on a branch"
284 if [ "$update_branch" = "$release_branch" ]; then
285 echo >&2 "other than '$update_branch'."
286 else
287 echo >&2 "other than '$update_branch' or '$release_branch'."
b0b0b6a4 288 fi
4588f35b
RL		 289 echo >&2 "Please 'cd \"$(pwd)\"; git checkout $update_branch'"
290 exit 1
b0b0b6a4
RL		 291fi
292
293SOURCEDIR=$(pwd)
294$DEBUG >&2 "DEBUG: Source directory is $SOURCEDIR"
295
296# Release ############################################################
297
298# We always expect to start from a state of development
299if [ "$TYPE" != 'dev' ]; then
300 echo >&2 "Not in a development branch"
301 echo >&2 "Have a look at the git log in $release_clone, it may be that"
302 echo >&2 "a previous crash left it in an intermediate state and that"
303 echo >&2 "need to drop the top commit:"
304 echo >&2 ""
305 echo >&2 "(cd $release_clone; git reset --hard HEAD^)"
306 echo >&2 "# WARNING! LOOK BEFORE YOU ACT"
307 exit 1
308fi
309
b0b0b6a4
RL		 310# Update the version information. This won't save anything anywhere, yet,
311# but does check for possible next_method errors before we do bigger work.
312next_release_state "$next_method"
313
4588f35b
RL		 314# Create our temporary release branch
315$VERBOSE "== Creating a local release branch: $tmp_release_branch"
316git checkout $git_quiet -b "$tmp_release_branch"
b0b0b6a4
RL		 317
318echo "== Configuring OpenSSL for update and release. This may take a bit of time"
319
320./Configure cc >&42
321
322$VERBOSE "== Checking source file updates"
323
324make update >&42
325
326if [ -n "$(git status --porcelain)" ]; then
327 $VERBOSE "== Committing updates"
328 git add -u
329 git commit $git_quiet -m 'make update'
64af3aec
RL		 330 if [ -n "$reviewers" ]; then
331 addrev --nopr $reviewers
332 fi
b0b0b6a4
RL		 333fi
334
4588f35b
RL		 335# Create our temporary update branch, if it's not the release branch.
336# This is used in post-release below
337if $do_branch; then
338 $VERBOSE "== Creating a local update branch: $tmp_update_branch"
339 git branch $git_quiet "$tmp_update_branch"
340fi
341
b0b0b6a4
RL		 342# Write the version information we updated
343set_version
344
345if [ -n "$PRE_LABEL" ]; then
346 release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
347 release_text="$SERIES$BUILD_METADATA $PRE_LABEL $PRE_NUM"
348 announce_template=openssl-announce-pre-release.tmpl
349else
350 release="$VERSION$BUILD_METADATA"
351 release_text="$release"
352 announce_template=openssl-announce-release.tmpl
353fi
354tag="openssl-$release"
355$VERBOSE "== Updated version information to $release"
356
357$VERBOSE "== Updating files with release date for $release : $RELEASE_DATE"
358for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do
359 file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-release\.pl$||')"
360 $VERBOSE "> $file"
361 RELEASE="$release" RELEASE_TEXT="$release_text" RELEASE_DATE="$RELEASE_DATE" \
362 perl -pi $fixup $file
363done
364
365$VERBOSE "== Comitting updates and tagging"
366git add -u
367git commit $git_quiet -m "Prepare for release of $release_text"
64af3aec
RL		 368if [ -n "$reviewers" ]; then
369 addrev --nopr $reviewers
370fi
b0b0b6a4
RL		 371echo "Tagging release with tag $tag. You may need to enter a pass phrase"
372git tag$tagkey "$tag" -m "OpenSSL $release release tag"
373
374tarfile=openssl-$release.tar
375tgzfile=$tarfile.gz
376announce=openssl-$release.txt
377
378echo "== Generating tar, hash and announcement files. This make take a bit of time"
379
380$VERBOSE "== Making tarfile: $tgzfile"
381# Unfortunately, util/mktar.sh does verbose output on STDERR... for good
382# reason, but it means we don't display errors unless --verbose
383./util/mktar.sh --tarfile="../$tarfile" 2>&1 \
384 | while read L; do $VERBOSE "> $L"; done
385
386if ! [ -f "../$tgzfile" ]; then
387 echo >&2 "Where did the tarball end up? (../$tgzfile)"
388 exit 1
389fi
390
391$VERBOSE "== Generating checksums: $tgzfile.sha1 $tgzfile.sha256"
392openssl sha1 < "../$tgzfile" | \
393 (IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha1"
394openssl sha256 < "../$tgzfile" | \
395 (IFS='='; while read X H; do echo $H; done) > "../$tgzfile.sha256"
396length=$(wc -c < "../$tgzfile")
397sha1hash=$(cat "../$tgzfile.sha1")
398sha256hash=$(cat "../$tgzfile.sha256")
399
400$VERBOSE "== Generating announcement text: $announce"
401# Hack the announcement template
402cat "$HERE/dev/release-aux/$announce_template" \
403 | sed -e "s|\\\$release_text|$release_text|g" \
404 -e "s|\\\$release|$release|g" \
405 -e "s|\\\$series|$SERIES|g" \
406 -e "s|\\\$label|$PRE_LABEL|g" \
407 -e "s|\\\$tarfile|$tgzfile|" \
408 -e "s|\\\$length|$length|" \
409 -e "s|\\\$sha1hash|$sha1hash|" \
410 -e "s|\\\$sha256hash|$sha256hash|" \
411 | perl -p "$HERE/dev/release-aux/fix-title.pl" \
412 > "../$announce"
413
414$VERBOSE "== Generating signatures: $tgzfile.asc $announce.asc"
415rm -f "../$tgzfile.asc" "../$announce.asc"
416echo "Signing the release files. You may need to enter a pass phrase"
417gpg$gpgkey --use-agent -sba "../$tgzfile"
418gpg$gpgkey --use-agent -sta --clearsign "../$announce"
419
4588f35b
RL		 420# Push everything to the parent repo
421$VERBOSE "== Push what we have to the parent repository"
422git push --follow-tags parent HEAD
b0b0b6a4
RL		 423
424if $do_upload; then
425 (
426 if [ "$VERBOSE" != ':' ]; then
427 echo "progress"
428 fi
429 echo "put ../$tgzfile"
430 echo "put ../$tgzfile.sha1"
431 echo "put ../$tgzfile.sha256"
432 echo "put ../$tgzfile.asc"
433 echo "put ../$announce.asc"
434 ) \
435 | sftp "$upload_address"
436fi
437
438# Post-release #######################################################
439
4588f35b
RL		 440$VERBOSE "== Reset all files to their pre-release contents"
441git reset $git_quiet HEAD^ -- .
442git checkout -- .
443
b0b0b6a4
RL		 444prev_release_text="$release_text"
445prev_release_date="$RELEASE_DATE"
446
447next_release_state "$next_method2"
448set_version
449
450release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
451release_text="$VERSION$BUILD_METADATA"
452if [ -n "$PRE_LABEL" ]; then
453 release_text="$SERIES$BUILD_METADATA $PRE_LABEL $PRE_NUM"
454fi
455$VERBOSE "== Updated version information to $release"
456
457$VERBOSE "== Updating files for $release :"
458for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
459 file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
460 $VERBOSE "> $file"
461 RELEASE="$release" RELEASE_TEXT="$release_text" \
462 PREV_RELEASE_TEXT="$prev_release_text" \
463 PREV_RELEASE_DATE="$prev_release_date" \
464 perl -pi $fixup $file
465done
466
467$VERBOSE "== Comitting updates"
468git add -u
469git commit $git_quiet -m "Prepare for $release_text"
64af3aec
RL		 470if [ -n "$reviewers" ]; then
471 addrev --nopr $reviewers
472fi
b0b0b6a4 473
4588f35b
RL		 474# Push everything to the parent repo
475$VERBOSE "== Push what we have to the parent repository"
476git push parent HEAD
477
b0b0b6a4 478if $do_branch; then
4588f35b
RL		 479 $VERBOSE "== Going back to the update branch $tmp_update_branch"
480 git checkout $git_quiet "$tmp_update_branch"
b0b0b6a4
RL		 481
482 get_version
483 next_release_state "minor"
484 set_version
485
486 release="$VERSION-$PRE_RELEASE_TAG$BUILD_METADATA"
487 release_text="$SERIES$BUILD_METADATA"
488 $VERBOSE "== Updated version information to $release"
489
490 $VERBOSE "== Updating files for $release :"
491 for fixup in "$HERE/dev/release-aux"/fixup-*-postrelease.pl; do
492 file="$(basename "$fixup" | sed -e 's|^fixup-||' -e 's|-postrelease\.pl$||')"
493 $VERBOSE "> $file"
494 RELEASE="$release" RELEASE_TEXT="$release_text" \
495 perl -pi $fixup $file
496 done
497
498 $VERBOSE "== Comitting updates"
499 git add -u
500 git commit $git_quiet -m "Prepare for $release_text"
64af3aec
RL		 501 if [ -n "$reviewers" ]; then
502 addrev --nopr $reviewers
503 fi
b0b0b6a4
RL		 504fi
505
4588f35b
RL		 506# Push everything to the parent repo
507$VERBOSE "== Push what we have to the parent repository"
508git push parent HEAD
509
b0b0b6a4
RL		 510# Done ###############################################################
511
512$VERBOSE "== Done"
513
4588f35b 514cd $HERE
b0b0b6a4
RL		 515cat <<EOF
516
517======================================================================
4588f35b
RL		 518The release is done, and involves a few files and commits for you to
519deal with. Everything you need has been pushed to your repository,
520please see instructions that follow.
521======================================================================
522
b0b0b6a4 523EOF
b0b0b6a4
RL		 524
525if $do_release; then
526 cat <<EOF
527
4588f35b
RL		 528The following files were uploaded to $upload_address, please ensure they
529are dealt with appropriately:
b0b0b6a4 530
4588f35b
RL		 531 $tgzfile
532 $tgzfile.sha1
533 $tgzfile.sha256
534 $tgzfile.asc
535 $announce.asc
b0b0b6a4
RL		 536EOF
537fi
538
539cat <<EOF
540
4588f35b 541----------------------------------------------------------------------
b0b0b6a4 542EOF
4588f35b 543
b0b0b6a4
RL		 544if $do_branch; then
545 cat <<EOF
4588f35b
RL		 546You need to prepare the main repository with a new branch, '$release_branch'.
547That is done directly in the server's bare repository like this:
548
549 git branch $release_branch $orig_HEAD
550
551Two additional release branches have been added to your repository.
552Push them to github, make PRs from them and have them approved:
553
554 $tmp_update_branch
555 $tmp_release_branch
556
557When merging them into the main repository, do it like this:
558
a1fc4642 559 git push openssl-git@git.openssl.org:openssl.git \\
4588f35b
RL		 560 $tmp_release_branch:$release_branch
561 git push openssl-git@git.openssl.org:openssl.git \\
562 $tmp_update_branch:$update_branch
a1fc4642
RL		 563 git push openssl-git@git.openssl.org:openssl.git \\
564 $tag
4588f35b
RL		 565EOF
566else
567cat <<EOF
568One additional release branch has been added to your repository.
569Push it to github, make a PR from it and have it approved:
570
571 $tmp_release_branch
572
573When merging it into the main repository, do it like this:
574
a1fc4642 575 git push openssl-git@git.openssl.org:openssl.git \\
4588f35b 576 $tmp_release_branch:$release_branch
a1fc4642
RL		 577 git push openssl-git@git.openssl.org:openssl.git \\
578 $tag
b0b0b6a4
RL		 579EOF
580fi
581
582cat <<EOF
4588f35b
RL		 583
584----------------------------------------------------------------------
b0b0b6a4
RL		 585EOF
586
587cat <<EOF
4588f35b
RL		 588
589When everything is done, or if something went wrong and you want to start
590over, simply clean away temporary things left behind:
591
592The release worktree:
b0b0b6a4
RL		 593
594 rm -rf $release_clone
4588f35b
RL		 595EOF
596
597if $do_branch; then
598 cat <<EOF
b0b0b6a4 599
4588f35b
RL		 600The additional release branches:
601
602 git branch -D $tmp_release_branch
603 git branch -D $tmp_update_branch
604EOF
605else
606 cat <<EOF
607
608The temporary release branch:
609
610 git branch -D $tmp_release_branch
b0b0b6a4 611EOF
4588f35b 612fi
b0b0b6a4
RL		 613
614exit 0
615
616# cat is inconsequential, it's only there to fend off zealous shell parsers
617# that parse all the way here.
618cat <<EOF
619### BEGIN MANUAL
620=pod
621
622=head1 NAME
623
624release.sh - OpenSSL release script
625
626=head1 SYNOPSIS
627
628B<release.sh>
629[
630B<--alpha> |
631B<--next-beta> |
632B<--beta> |
633B<--final> |
634B<--branch> |
635B<--local-user>=I<keyid> |
64af3aec 636B<--reviewer>=I<id> |
b0b0b6a4
RL		 637B<--no-upload> |
638B<--no-update> |
639B<--verbose> |
640B<--debug> |
641B<--help> |
642B<--manual>
643]
644
645=head1 DESCRIPTION
646
647B<release.sh> creates an OpenSSL release, given current worktree conditions.
648It will refuse to work unless the current branch is C<master> or a release
649branch (see L</RELEASE BRANCHES AND TAGS> below for a discussion on those).
650
651B<release.sh> tries to be smart and figure out the next release if no hints
652are given through options, and will exit with an error in ambiguous cases.
653
4588f35b
RL		 654B<release.sh> finishes off with instructions on what to do next. When
655finishing commands are given, they must be followed exactly.
656
657B<release.sh> leaves behind a clone of the local workspace, as well as one
658or two branches in the local repository. These will be mentioned and can
659safely be removed after all instructions have been successfully followed.
b0b0b6a4
RL		 660
661=head1 OPTIONS
662
663=over 4
664
665=item B<--alpha>, B<--beta>
666
667Set the state of this branch to indicate that alpha or beta releases are
668to be done.
669
670B<--alpha> is only acceptable if the I<PATCH> version number is zero and
671the current state is "in development" or that alpha releases are ongoing.
672
673B<--beta> is only acceptable if the I<PATCH> version number is zero and
674that alpha or beta releases are ongoing.
675
676=item B<--next-beta>
677
678Use together with B<--alpha> to switch to beta releases after the current
679release is done.
680
681=item B<--final>
682
683Set the state of this branch to indicate that regular releases are to be
684done. This is only valid if alpha or beta releases are currently ongoing.
685
686This implies B<--branch>.
687
688=item B<--branch>
689
690Create a branch specific for the I<SERIES>.x release series, if it doesn't
691already exist, and switch to it. The exact branch name will be
692C<< openssl-I<SERIES>.x >>.
693
694=item B<--no-upload>
695
696Don't upload the produced files.
697
698=item B<--no-update>
699
700Don't run C<make update>.
701
702=item B<--verbose>
703
704Verbose output.
705
706=item B<--debug>
707
708Display extra debug output. Implies B<--no-upload>
709
710=item B<--local-user>=I<keyid>
711
712Use I<keyid> as the local user for C<git tag> and for signing with C<gpg>.
713
714If not given, then the default e-mail address' key is used.
715
64af3aec
RL		 716=item B<--reviewer>=I<id>
717
718Add I<id> to the set of reviewers for the commits performed by this script.
719Multiple reviewers are allowed.
720
721If no reviewer is given, you will have to run C<addrev> manually, which
722means retagging a release commit manually as well.
723
b0b0b6a4
RL		 724=item B<--force>
725
726Force execution. Precisely, the check that the current branch is C<master>
727or a release branch is not done.
728
729=item B<--help>
730
731Display a quick help text and exit.
732
733=item B<--manual>
734
735Display this manual and exit.
736
737=back
738
739=head1 RELEASE BRANCHES AND TAGS
740
741Prior to OpenSSL 3.0, the release branches were named
742C<< OpenSSL_I<SERIES>-stable >>, and the release tags were named
743C<< OpenSSL_I<VERSION> >> for regular releases, or
744C<< OpenSSL_I<VERSION>-preI<n> >> for pre-releases.
745
746From OpenSSL 3.0 ongoing, the release branches are named
747C<< openssl-I<SERIES>.x >>, and the release tags are named
748C<< openssl-I<VERSION> >> for regular releases, or
749C<< openssl-I<VERSION>-alphaI<n> >> for alpha releases
750and C<< openssl-I<VERSION>-betaI<n> >> for beta releases.
751
752B<release.sh> recognises both forms.
753
754=head1 VERSION AND STATE
755
756With OpenSSL 3.0, all the version and state information is in the file
036cbb6b 757F<VERSION.dat>, where the following variables are used and changed:
b0b0b6a4
RL		 758
759=over 4
760
761=item B<MAJOR>, B<MINOR>, B<PATCH>
762
763The three part of the version number.
764
765=item B<PRE_RELEASE_TAG>
766
767The indicator of the current state of the branch. The value may be one pf:
768
769=over 4
770
771=item C<dev>
772
773This branch is "in development". This is typical for the C<master> branch
774unless there are ongoing alpha or beta releases.
775
776=item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
777
778This branch has alpha releases going on. C<< alphaI<n>-dev >> is what
779should normally be seen in the git workspace, indicating that
780C<< alphaI<n> >> is in development. C<< alphaI<n> >> is what should be
781found in the alpha release tar file.
782
783=item C<< alphaI<n> >> or C<< alphaI<n>-dev >>
784
785This branch has beta releases going on. The details are otherwise exactly
786as for alpha.
787
788=item I<no value>
789
790This is normally not seen in the git workspace, but should always be what's
791found in the tar file of a regular release.
792
793=back
794
795=item B<RELEASE_DATE>
796
797This is normally empty in the git workspace, but should always have the
798release date in the tar file of any release.
799
800=back
801
802=head1 COPYRIGHT
803
a28d06f3 804Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
b0b0b6a4
RL		 805
806Licensed under the Apache License 2.0 (the "License"). You may not use
807this file except in compliance with the License. You can obtain a copy
808in the file LICENSE in the source distribution or at
809L<https://www.openssl.org/source/license.html>.
810
811=cut
812### END MANUAL
813EOF
A mirror of the official openssl repository