Firmware release procedures: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
Line 48: Line 48:
-----BEGIN PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Version: GnuPG v1.4.5 (MingW32)

iD8DBQBFTxvGmfQ2bFM/BesRAoKzAJ0RNczipB+pul5sEUR+wCYIQvt+/wCguqrV
iD8DBQBFTxvGmfQ2bFM/BesRAoKzAJ0RNczipB+pul5sEUR+wCYIQvt+/wCguqrV
5GRPVDpdH155fwsDwnu7B4M=
5GRPVDpdH155fwsDwnu7B4M=

Revision as of 04:24, 12 November 2006

Release procedure

Here is a draft of a BIOS release procedure.

Stage one: EC:

  • Quanta e-mails EC release and changelog to the OLPC BIOS contact, signed and encrypted with PGP
    • see notes below
  • Quanta and OLPC test this version of EC

Stage two: Buildrom:

  • Pull EC release from http://dev.laptop.org/pub/ec/, check hashes
  • Update buildrom changelog and tag for release
  • Update SPI flash version string in buildrom binary
  • Create buildrom SRPM
  • Build two flavors of binary RPM for the two RAM variants

Stage three: Testing:

  • announce build to BIOS team and Ray, release candidate testing begins
  • test on a 256M board
  • install the binary RPMs on Tinderbox machines
  • >12 hours of burn-in warm reboot testing on Tinderbox
  • cold boot tests
    • we need a cold boot solution; X10 doesn't seem to like the power at OLPC
  • After automated tests, send "Who has tested?" mail asking for problem reports
  • Release after twelve hours if no problem reports

Stage four: Release:

  • Release builds kept in a separate directory
  • Update the version number in LB from release candidate to final
  • Announce new build and hashes to devel-boards@ (requires moderation).

Using PGP for EC code

For first release only: This is already done

Download and install GPG4Win from http://www.gpg4win.org/download.html

Create a PGP key and get dwmw2 to sign it to verify that it is Quanta's.

For subsequent releases

Right-click on the EC binary and select the option to create a "detached signature", in plain text. It should create a separate file like 'ECv21.bin.asc', which looks something like this:

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQBFTxvGmfQ2bFM/BesRAoKzAJ0RNczipB+pul5sEUR+wCYIQvt+/wCguqrV
5GRPVDpdH155fwsDwnu7B4M=
=URby
-----END PGP SIGNATURE-----

Send the EC binary as you normally would, and _also_ attach the separate signature file which is used to verify the binary.