Add Miscellenous index and moved sop_eol, sop_fedora_media_writer

Signed-off-by: Samyak Jain <samyak.jn11@gmail.com>
2023-04-12 12:30:06 +05:30 · 2023-04-12 12:30:06 +05:30 · b1384ac17d
commit b1384ac17d
parent 96d9c091f1
5 changed files with 28 additions and 141 deletions
--- a/modules/release_guide/pages/sop.adoc
+++ b/modules/release_guide/pages/sop.adoc
@ -1,48 +0,0 @@
-[[sop]]
-== Fedora Release Engineering Standard Operating Procedures
-
-This page documents the Standard Operating Procedures for Fedora Release
-Engineering.
-
-=== Purpose
-
-The SOP section contains a list of tasks Fedora Release Engineering team
-provides for the project. Current Fedora Release Engineering team
-members would can add tasks they know about and list steps to complete
-the task as well as issues to consider. This is a great way to make sure
-that individuals aren't the only ones that can fix a problem.
-
-=== The Community
-
-The SOP section is left in the public because it is our hope that others
-in the community will add common problems, fix our steps and just in
-general look over what we're doing and help us when we're doing
-something stupid. We encourage anyone interested to go over our
-processes with a fine tooth comb. It'll make us better and we'll
-probably learn something in the process. Therefore please open a
-https://pagure.io/releng/pull-requests[pull request] to suggest
-improvements.
-
-=== Procedures
-
-Needed: #. Composing an official release #. Making a composed release
-publicly available
-
-=== Standard Operating Procedures
-
-sop_adding_build_targets sop_adding_content_generator
-sop_adding_new_release_engineer sop_adding_new_branch_sla
-sop_adding_packages_compose_artifact sop_adding_side_build_targets
-sop_branch_freeze sop_branching sop_breaking_development_freeze
-sop_composing_fedora sop_clean_amis sop_create_release_signing_key
-sop_deprecate_ftbfs_packages sop_end_of_life sop_eol_change
-sop_mass_branching sop_bodhi_activation sop_mass_rebuild_packages
-sop_mass_rebuild_modules sop_file_ftbfs sop_generating_openh264_composes
-sop_package_blocking sop_package_unblocking
-sop_process_dist_git_requests sop_promoting_container_content
-sop_signing_builds sop_pushing_updates sop_release_package_signing
-sop_remote_dist_git_branches sop_requesting_task_automation_users
-sop_retire_orphaned_packages sop_sigul_client_setup
-sop_stage_final_release_for_mirrors sop_unretire sop_update_critpath
-sop_update_releng_docs sop_updating_comps sop_fedora_media_writer
-sop_find_module_info sop_release_container_base_image
--- a/modules/release_guide/pages/sop_eol_change.adoc
+++ b/modules/release_guide/pages/sop_eol_change.adoc
@ -1,98 +0,0 @@
-== Adjust EOLs and SLs on branches
-
-[NOTE]
-.Note
-====
-This SOP is about adjust EOLs and SLs on so-called "arbitrary" branches.
-Unretiring a package _also_ involves changing the EOL on a branch, but
-you won't find information on that here. See the unretirement SOP for
-more info there.
-====
-
-=== Description
-
-With "arbitrary branching", modules can include streams for an RPM that
-are not directly associated with a Fedora release. Modules _themselves_
-can have branches not directly associated with a Fedora release. For
-instance, our [.title-ref]#python3# module has a [.title-ref]#3.6#
-branch. The SLs on that module branch all go EOL on 2018-06-01.
-*@torsava*, one of the
-https://src.fedoraproject.org/modules/python3k[python3 module
-maintainers], may request that this branch have its EOL extended until
-2018-12-01.
-
-When a maintainer wants to change EOL on a rpm, module, or container
-branch, they need to file a https://pagure.io/releng/issues[releng
-ticket] requesting it. They have no way to do it on their own. Releng
-must review the request, and then process it.
-
-=== Policy
-
-Here are some _policy_ guidelines to help you (releng) make decisions
-about these tickets
-
-* Clarify. Does the maintainer want the EOL lengthed for an rpm? Or for
-a module? Or for a container? If they just say "increase the EOL for
-[.title-ref]#httpd#, please", it is not clear which thing they're really
-talking about.
-* Expect that maintainers generally know _when_ their EOL should go
-until. You don't need to go and research upstream mailing lists to
-figure out what makes sense. Politely asking the maintainer for some
-background information on _why_ the EOL should be changed is good to
-record in the ticket for posterity. Bonus points if they can provide
-references to upstream discussions that make the request make sense.
-* EOLs should _almost always_ only be extended into the future.
-Shortening an EOL should only be done with care. There might be modules
-out there that depend on an rpm branch with a conflicting EOL of their
-own. If a _shorter_ EOL is requested for an rpm branch, you should
-verify that no modules that depend on it have a conflicting EOL. If a
-_shorter_ EOL is requested for a module branch, you should verify that
-no other modules require it that have a conflicting EOL.
-* EOLs should not be arbitrary dates. At Flock 2017, we
-https://pagure.io/fedrepo_req/issue/100[decided on using two standard
-dates] for EOLs to help make things less crazy. You should use December
-1st or June 1st of any given year for all EOL dates.
-* Many branches will _often_ have multiple SLs all with the _same_ EOL.
-I.e., the branch is fully supported until such time as it is totally
-retired. There is no gray area. However, it is _possible_ to have
-branches with piecemeal SLs and EOLs. A branch may support
-[.title-ref]#bug_fixes# until time X but will further support
-[.title-ref]#security_fixes# until time Y. This is nicely flexible for
-the maintainers, but also introduces complexity. If a maintainer
-requests piecemeal SL EOLs, ask to make sure they really want this kind
-of complexity.
-
-=== Action
-
-We have a script in the releng repo:
-
-....
-$ PYTHONPATH=scripts/pdc python3 scripts/pdc/adjust-eol.py -h
-....
-
-[NOTE]
-.Note
-====
-Run it with [.title-ref]#python3#. It imports [.title-ref]#fedrepo_req#
-which is python3 by default. Installing [.title-ref]#python2#
-dependencies should be possible when needed.
-====
-
-Here is an example of using it to increase the SL of the
-[.title-ref]#3.6# branch of the [.title-ref]#python3# module (not the
-rpm branch):
-
-....
-$ PYTHONPATH=scripts/pdc python3 scripts/pdc/adjust-eol.py \
-    fedora \
-    SOME_TOKEN \
-    python3 \
-    module \
-    3.6 \
-    2018-12-01
-Connecting to PDC args.server 'fedora' with token 'a9a1e4cbca122c21580d1fe4646e603a770c5280'
-Found 2 existing SLs in PDC.
-Adjust eol of (module)python3#3.6 security_fixes:2018-06-01 to 2018-12-01? [y/N]: y
-Adjust eol of (module)python3#3.6 bug_fixes:2018-06-01 to 2018-12-01? [y/N]: y
-Set eol to 2018-12-01 on ['(module)python3#3.6 security_fixes:2018-06-01', '(module)python3#3.6 bug_fixes:2018-06-01']
-....
--- a/modules/release_guide/pages/sop_fedora_media_writer.adoc
+++ b/modules/release_guide/pages/sop_fedora_media_writer.adoc
@ -1,156 +0,0 @@
-== Fedora Media Writer Building and Signing
-
-=== Description
-
-Whenever a new version of Fedora Media Writer is available, it is
-required to build and code sign it.
-
-=== Action
-
-==== Windows
-
-{empty}#. Get a windows code signing key from private ansible
-repository. It is in the ansible-private/files/code-signing/ directory
-
-. Convert the .cert formatted certificate to .pxf format:
-+
-....
-$ openssl pkcs12 -export -in code-signing.crt -inkey code-signing.key -out authenticode.pfx
-....
-. Clone the Fedora Media Writer git repo:
-+
-....
-$ git clone https://github.com/MartinBriza/MediaWriter.git
-....
-. Checkout the release tag for which the executable to be created:
-+
-....
-$ git checkout tags/<release_number>
-....
-. The script to build and sign the executable is available at
-dist/win/build.sh
-. Get the mingw-mediawriter from koji. Make sure the version is the one
-that needs building and signing.
-. Install the remaining packages that are listed under PACKAGES variable
-in build.sh script.
-. Export CERTPATH to the location where the .pfx file is located and
-make sure its named as authenticode.pfx and export CERTPASS to the file
-that contains the password used in creating .pvk file.
-. Run the build.sh script:
-+
-....
-$ ./build.sh
-....
-
-=== Verification
-
-The FedoraMediaWriter-win32-<release_number>.exe is located under
-dist/win/ directory.
-
-==== OS X:
-
-==== Build:
-
-. install xcode 8.1 from apple store.
-. {blank}
-+
-install qt for mac from:::
-  http://download.qt.io/official_releases/qt/5.7/5.7.0/qt-opensource-mac-x64-clang-5.7.0.dmg
-. Open a terminal and run the following commands
-+
-::::
-  $ git clone https://github.com/MartinBriza/MediaWriter $ cd
-  MediaWriter $ mkdir build $ cd build $
-  $QT_PREFIX/$QT_VERSION/clang64/bin/qmake .. $ make $ cp
-  build/helper/mac/helper.app/Contents/MacOS/helper
-  build/app/FedoraMediaWriter.app/Contents/MacOS/ $ cd build/app $
-  $QT_PREFIX/$QT_VERSION/clang_64/bin/macdeployqt "Fedora Media
-  Writer.app" -executable="Fedora Media
-  Writer.app/Contents/MacOS/helper" -qmldir="../../app"
-
-==== Prepare certificates
-
-This only needs to happen once per build machine, and prepares the
-certificates by requesting them from Apple.
-
-. Install Xcode from the Mac App store
-. Start Xcode
-. Press Command-, (or in the menu bar click Xcode -> Preferences)
-. Go to Accounts tab
-. Click the plus button and sign in
-. Select the new account
-. Select the correct team
-. Click View Details
-. Under "Signing Identities", find "Developer ID Application"
-. Click Create
-. Wait until the button disappears
-. Done
-
-==== Sign and DMG
-
-. Open a terminal
-. cd to the root directory of the FMW project
-. Run the following bash script:
-+
-____
-....
-#/bin/bash
-
-security -v unlock-keychain login.keychain
-
-# First sign all dynamic libraries (dylib's)
-cd "build/app/Fedora Media Writer.app"
-for dylib in $(find  . -name "*dylib")
-do
-codesign -s "Developer ID Application: Fedora Gilmore" -v $dylib
-done
-# Now sign framework bundles
-for framework in $(find  . -name "*framework")
-do
-codesign -s "Developer ID Application: Fedora Gilmore" -v $framework
-done
-
-# Sign the two binaries
-codesign -s "Developer ID Application: Fedora Gilmore" -v Contents/MacOS/helper
-codesign -s "Developer ID Application: Fedora Gilmore" -v "Contents/MacOS/Fedora Media Writer"
-
-# Sign the app bundle
-codesign -s "Developer ID Application: Fedora Gilmore" -v .
-
-# Create the dmg
-cd ..
-rm -f FedoraMediaWriter-osx-*.dmg
-
-hdiutil create -srcfolder "Fedora Media Writer.app"  -format UDCO -imagekey zlib-level=9 -scrub \
-               -volname FedoraMediaWriter-osx FedoraMediaWriter-osx-$(git  describe --tags).dmg
-....
-____
-
-==== Account Email(OS X)
-
-____
-::::
-  releng@fedoraproject.org
-____
-
-==== Account Holders(OS X)
-
-. Primary: Dennis Gilmore(ausil)
-. Backup: Kevin Fenzi(kevin)
-. Manager/bill-payer: Paul Frields(pfrields)
-
-=== Sync binaries to the web
-
-copy both files to /srv/web/fmw on sundries01 create symlinks to the
-FedoraMediaWriter-win32-latest.exe and FedoraMediaWriter-osx-latest.dmg
-
-=== Consider Before Running
-
-Nothing yet.
-
-=== Issue with signing
-
-If the build is done but it is not signed then try editing the
-`build.sh` and add -askpass argument for all the osslsigncode commands
-and run the script, when it asks for the password you can enter the
-password that was used in creating .pvk file.