Replace `RELEASE.md' with issue template #9828
Conversation
| ### Windows Dependencies <a id="windows-dependencies"></a> | ||
|
|
||
| In contrast to Linux, the bundled Windows dependencies | ||
| (at least Boost and OpenSSL) aren't updated automatically. | ||
| (Neither by Icinga administrators, nor at package build time.) | ||
|
|
||
| To ensure the upcoming Icinga release ships the latest (i.e. most secure) dependencies on Windows: | ||
|
|
||
| #### Update packages.icinga.com | ||
|
|
||
| Add the latest Boost and OpenSSL versions to | ||
| https://packages.icinga.com/windows/dependencies/ like this: | ||
|
|
||
| ``` | ||
| localhost:~$ ssh aptly.vm.icinga.com | ||
| aptly:~$ sudo -i | ||
| aptly:~# cd /var/www/html/aptly/public/windows/dependencies | ||
| aptly:dependencies# wget https://master.dl.sourceforge.net/project/boost/boost-binaries/1.76.0/boost_1_76_0-msvc-14.2-64.exe | ||
| aptly:dependencies# wget https://master.dl.sourceforge.net/project/boost/boost-binaries/1.76.0/boost_1_76_0-msvc-14.2-32.exe | ||
| aptly:dependencies# wget https://slproweb.com/download/Win64OpenSSL-1_1_1k.exe | ||
| aptly:dependencies# wget https://slproweb.com/download/Win32OpenSSL-1_1_1k.exe | ||
| ``` | ||
|
|
||
| #### Ensure Compatibility | ||
|
|
||
| Preferably on a fresh Windows VM (not to accidentally build Icinga | ||
| with old dependency versions) setup a dev environment using the new dependency versions: | ||
|
|
||
| 1. Download [doc/win-dev.ps1](doc/win-dev.ps1) | ||
| 2. Edit your local copy, adjust the dependency versions | ||
| 3. Ensure there are 35 GB free space on C: | ||
| 4. Run the following in an administrative Powershell: | ||
| 1. `Enable-WindowsOptionalFeature -FeatureName "NetFx3" -Online` | ||
| (reboot when asked!) | ||
| 2. `powershell -NoProfile -ExecutionPolicy Bypass -File "${Env:USERPROFILE}\Downloads\win-dev.ps1"` | ||
| (will take some time) | ||
|
|
||
| Actually clone and build Icinga using the new dependency versions as described | ||
| [here](https://github.com/Icinga/icinga2/blob/master/doc/21-development.md#tldr). | ||
| Fix incompatibilities if any. | ||
|
|
||
| #### Update Build Server, CI/CD and Documentation | ||
|
|
||
| * https://git.icinga.com/infra/ansible-windows-build | ||
| (don't forget to provision!) | ||
| * [doc/21-development.md](doc/21-development.md) | ||
| * [doc/win-dev.ps1](doc/win-dev.ps1) | ||
| (also affects CI/CD) | ||
| * [tools/win32/configure.ps1](tools/win32/configure.ps1) | ||
| * [tools/win32/configure-dev.ps1](tools/win32/configure-dev.ps1) | ||
|
|
||
| #### Re-provision Build Server | ||
|
|
||
| Even if there aren't any new releases of dependencies with versions | ||
| hardcoded in the repos and files listed above (Boost, OpenSSL). | ||
| There may be new build versions of other dependencies (VS, MSVC). | ||
| Our GitHub actions (tests) use the latest ones automatically, | ||
| but the GitLab runner (release packages) doesn't. |
There was a problem hiding this comment.
This section is mostly up-to-date, except maybe the section "Ensure Compatibility", as I'd just build it in GitHub Actions for that check. The other sections contain non-obvious details and should remain written down somewhere.
There was a problem hiding this comment.
except maybe the section "Ensure Compatibility"
Yes... and no. A sub-point of this is Fix incompatibilities if any. which we shall actually do if necessary. This is done of course Preferably on a fresh Windows VM with a dev environment using the new dependency versions. OK, admittedly in a real world we do 1) GHA 2) GHA complains :( 3) Ensure Compatibility, but this is fine (at least another construction area) IMAO.
There was a problem hiding this comment.
The other sections contain non-obvious details and should remain written down somewhere.
But yes, in general you're absolutely right, see:
- RELEASE.md: save disk space on build server and packages.icinga.com #9762
- Release issue template: Harden OpenSSL Defaults #9826
And our somewhere can stay the very same file, no need to change a running system.
There was a problem hiding this comment.
These are tasks that are exclusive to us. On top of that, private infrastructure is documented. So it's really not the right place to document this here. I would move this to our Windows packaging repo, which is undocumented at the moment. Then I would move #9762 there as well.
Apart from the Windows-related notes, all instructions are common to our releases and therefore do not need to be explicitly listed here. In addition, most of the information was severely outdated, especially with respect to how our packaging works.
We have dedicated repositories for packages, so this stuff is already fragmented into visible and invisible. The docs can be fragmented the same way. But then everything about this repo should be documented in this repo, too. This just re-adds docs about the publicly visible stuff. Ex. the last section, but it is easy to miss, so it's here.
Apart from the Windows-related notes, all instructions are common to our releases and therefore do not need to be explicitly listed here. In addition, most of the information was severely outdated, especially with respect to how our packaging works.