# Design
Our current standard practice is to provide a patch or series (or
-multiple patches or series), such `master`, as well as all currently
+multiple patches or series), such as `master`, as well as all currently
supported versions under security support, will have fixes which apply
via `git am`.
This tool introduces the concept of a *recipe*. Each supported
release will have its own recipe. The recipe will include the
-specific tree it's targetet at, the *baseline* in `stable-${v}` on
+specific tree it's targeted at, the *baseline* in `stable-${v}` on
which it's applied, as well as any XSA prerequisites. The recipe
-would ideally be both machine- and human-readiable, and live in
+would ideally be both machine- and human-readable, and live in
`xsa.git`.
Which in turns leads us to the next thing: rather than having to
The actual creation and manipulation of the patches will be highly
context-dependent and developer-driven; to that end the standard will
be to create branches with a specific naming scheme in the various
-trees, which developers can then manipuate. xsatool will have
+trees, which developers can then manipulate. xsatool will have
commands to 'sync' between the trees.
# Data files
- Modify the working tree (including `git clean -ffdx`)
-- Discard uncommited changes (e.g., `checkout -f`)
+- Discard uncommitted changes (e.g., `checkout -f`)
- Modify `HEAD`
- Create, delete, or modify branches matching `xsa/*`
-- "Fetch" from master and stable-* branches
+- "Fetch" from master and stable-\* branches
## Branch names
`xsatool global update`
If this is run and `xsa.git/global.meta` doesn't exist, it will create
-the file. It firsts asks what the oldest supported Xen version is.
+the file. It first asks what the oldest supported Xen version is.
It then goes through `xen.git` and looks for `RELEASE-M.m.p` tags, and
marks each version greater than or equal to the specified version as
supported.
Using XSA 213 as an example.
-Make sure your staging and staging-* branches are up to date:
+Make sure your staging and staging-\* branches are up to date:
`xsatool repo update`
recipe for version `${v}+1`. If the `git am` fails, the current
patches are not redundant and move on to the next version.
- - Compare a hash of the two trees (generated with `git rev-partse
+ - Compare a hash of the two trees (generated with `git rev-parse
$branch:`). If they match, replace the recipe `${v}` with the
recipe for `${v}+1`. Otherwise, leave it as it is.
For example, if the patches were made by a colleague.
-Make sure your master and stable-* branches are up to date:
+Make sure your master and stable-\* branches are up to date:
`xsatool repo update`
## Marking XSAs as published
To mark an XSA as published (i.e., to remove XSAs from the list of
-"default prerequisites" for new XSAs), edit `global.meta` and
+"default prerequisites" for new XSAs), edit `global.meta`.
## Adding a new Xen release to support
## 'Canonicalizing' metadata files
After editing metadata files by hand or with other JSON-parsing tools,
-the order of fields may be signicantly different. You can run
+the order of fields may be significantly different. You can run
`xsatool NNN canonicalize`
- Sort maps according to lexographical order (golang canon)
- Sort elements that correspond do structures according to structure order
(golang canon)
- - Sort versions in SupportedVersions in decending order (xsatool canon).
+ - Sort versions in SupportedVersions in descending order (xsatool canon).
- Remove unknown or obsolete elements. NB this includes the "XenVersion"
element in older recipes.
# Open issues
-# Inter-tree dependcies
+# Inter-tree dependencies
Do we need to worry about inter-tree dependencies? For example, could
it ever be the case that xsa 251, for xen.git, depends on xsa250,
projects / people / gdunlap / xsatool / commitdiff