You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a PGP-signed git tag for the version, e.g., for dangerzone v0.1.0:
git tag -s v0.1.0
git push origin v0.1.0
Note: release candidates are suffixed by -rcX.
macOS Release
Releasing and Signing
Verify and install the latest supported Python version from python.org (do not use the one from
brew as it is known to cause issues)
In case of a new Python installation or minor version upgrade, e.g., from
3.11 to 3.12 , reinstall Poetry with python3 -m pip install poetry
You can verify the correct Python version is used with poetry debug info
Verify and checkout the git tag for this release
Run poetry install --sync
On the silicon mac, build the container image:
python3 ./install/common/build-image.py
```, and copy the `share/container.tar.gz` to the assets folder on `dangerzone-$VERSION-arm64.tar.gz`, along with the `share/image-id.txt` file.
Copy the container image to the assets folder on dangerzone-$VERSION-i686.tar.gz.
Run poetry run ./install/macos/build-app.py; this will make dist/Dangerzone.app
Make sure that the build application works with the containerd graph
driver (see #933)
Run poetry run ./install/macos/build-app.py --only-codesign; this will make dist/Dangerzone.dmg
You need to run this command as the account that has access to the code signing certificate
You must run this command from the MacOS UI, from a terminal application.
You need to change the <email> in the above command with the email
associated with the Apple Developer ID.
This command assumes that you have created, and stored in the Keychain, an
application password associated with your Apple Developer ID, which will be
used specifically for notarytool.
Wait for it to get approved:
If it gets rejected, you should be able to see why with the same command
(or use the log option for a more verbose JSON output)
You will also receive an update in your email.
After it's approved, staple the ticket: xcrun stapler staple dist/Dangerzone.dmg
I had to do it again for the mac m1 machine, as the first iteration of the produced .dmg didn't include the pymupdf binaries, and as a result, the produced .dmg and .app were not working.
Windows Release
Releasing and Signing
Verify and checkout the git tag for this release
Run poetry install --sync
Copy the container image into the VM
[!IMPORTANT]
Instead of running python .\install\windows\build-image.py in the VM, run the build image script on the host (making sure to build for linux/amd64). Copy share/container.tar.gz and share/image-id.txt from the host into the share folder in the VM.
Also, don't forget to add the supplementary image ID (see #933) in share/image-id.txt)
Run poetry run .\install\windows\build-app.bat
When you're done you will have dist\Dangerzone.msi
Rename Dangerzone.msi to Dangerzone-$VERSION.msi.
Linux release
Debian / Ubuntu
Fedora
Qubes
Publishing the Release
Create an archive of the Dangerzone source in tar.gz format:
Release instructions
poetry lock
version
inpyproject.toml
share/version.txt
install/linux/dangerzone.spec
debian/changelog
README.md
, if necessarydocs/templates/release-notes
QA
0.8.1
branch passes the CI tests.agreed to the latest Apple terms (see macOS release
section).
the new image.
the new image.
the new image.
as of writing this) and make sure it works:
the new image.
writing this) and make sure it works:
the new image.
Not doing Qubes QA, as it's not impacted.
Release
Create a PGP-signed git tag for the version, e.g., for dangerzone
v0.1.0
:Note: release candidates are suffixed by
-rcX
.macOS Release
Releasing and Signing
python.org (do not use the one from
brew as it is known to cause issues)
3.11 to 3.12 , reinstall Poetry with
python3 -m pip install poetry
poetry debug info
poetry install --sync
Copy the container image to the assets folder on
dangerzone-$VERSION-i686.tar.gz
.poetry run ./install/macos/build-app.py
; this will makedist/Dangerzone.app
driver (see #933)
poetry run ./install/macos/build-app.py --only-codesign
; this will makedist/Dangerzone.dmg
xcrun notarytool submit --wait --apple-id "<email>" --keychain-profile "dz-notarytool-release-key" dist/Dangerzone.dmg
<email>
in the above command with the emailassociated with the Apple Developer ID.
application password associated with your Apple Developer ID, which will be
used specifically for
notarytool
.(or use the
log
option for a more verbose JSON output)xcrun stapler staple dist/Dangerzone.dmg
I had to do it again for the mac m1 machine, as the first iteration of the produced
.dmg
didn't include the pymupdf binaries, and as a result, the produced .dmg and .app were not working.Windows Release
Releasing and Signing
poetry install --sync
poetry run .\install\windows\build-app.bat
dist\Dangerzone.msi
Rename
Dangerzone.msi
toDangerzone-$VERSION.msi
.Linux release
Publishing the Release
Create an archive of the Dangerzone source in
tar.gz
format:You can use the following command:
Run container scan on the produced container images (some time may have passed since the artifacts were built)
Collect the assets in a single directory, calculate their SHA-256 hashes, and sign them.
./dev_scripts/sign-assets.py
, if you want to automate thistask.
Create a new draft release on GitHub and upload the macOS and Windows installers.
docs/templates/release-notes
./dev_scripts/upload-asset.py
, if you want to upload an assetusing an access token.
Upload the
container-$VERSION-i686.tar.gz
andcontainer-$VERSION-arm64.tar.gz
images that were created in the previous stepImportant: Make sure that it's the same container image as the ones that
are shipped in other platforms (see our Pre-release section)
Upload the detached signatures (.asc) and checksum file.
Update the Dangerzone website to link to the new installers.
Update the brew cask release of Dangerzone with a PR like this one
Update version and download links in
README.md
Post-release
check_repos.yml
CI test for the newly added platformsThe text was updated successfully, but these errors were encountered: