StableReleaseCadence

Differences between revisions 13 and 14
Revision 13 as of 2010-12-01 16:20:04
Size: 12939
Editor: ACaen-151-1-69-195
Comment:
Revision 14 as of 2010-12-01 16:58:01
Size: 13140
Editor: pool-98-108-155-157
Comment:
Deletions are marked like this. Additions are marked like this.
Line 112: Line 112:
      * Note: This bug is created by a script the kernel team created (create-tracking-bug) which can be found in the kteam-tools git repository. The created bug is tagged with "kernel-tracking-bug".

Stable Kernel Release Cadence

Goals

The Kernel Stable Cadence was arrived at during discussions before and during Natty Narwhal Developer Summit in Orlando. The Blueprint from the UDS sessions may be found here. The new process has a number of goals which are designed to improve some problems with the old process. These goals are:

  1. Reduce the maximum time between valid fixed are applied and verified and their delivery to the end user.
  2. Assure that every bug fix is verified to solve the problem while the kernel is in -proposed testing.
  3. Increase kernel quality by applying comprehensive regression and certification testing to all stable kernels before release.
  4. Reduce the time until non-critical and non-embargoed security fixes are applied and released.
  5. Reduce the impact that critical and embargoed security updates have on the normal stable release schedule.
  6. Reduce the amount of time it takes for upstream stable kernel updates to reach users.
  7. Avoid kernel updates which contain a very large number of updates.
  8. Provide more predictability of when a fix that's been applied to the source repository will be released.

Implementation

Whenever possible, Stable kernels will now be released on a short cadence. The cycle consists of two phases - the verification phase, and the testing phase. The intended complete cycle length is two weeks, with one week for each phase. The cycle immediately repeats every two weeks, with the exception of holidays, UDS weeks, and other considerations. An attempt will be made to synchronize the schedule with the the Ubuntu platform schedule.

The cycle begins upon publication of a new kernel to the -proposed archive which contains all accumulated fixes.

Patches will be divided into the following classes:

Non-Security Patches

  • Stable Upstream Patches
    • Stable updates from upstream (GregKH's repos) will be accepted without testing of individual functionality.
  • Other Patches
    • No patch will be accepted for a bug if we don't have the hardware to test it or high confidence that it will be tested by the community.

      These patches are required to be verified during the verification phase, and if not verified, will be reverted before the testing phase begins.

Security (CVE) Patches

  • With the faster release cycle, most CVEs can be released faster as part of the normal stable kernel cycle than if we created a special security release. Critical security fixes are those which must be released as soon as possible, generally because they involve a remotely exploitable vulnerability or something similar. Embargoed CVEs are not necessarily critical.
  • Non-Critical CVEs
    • Non-critical CVE patches will be applied directly to the master branch of the affected git repository and will be part of the next -proposed upload. A special -security upload will not be required for these patches.
  • Non-embargoed Critical CVEs
    • If it arrives during the verification phase we will:

    • Take the last kernel which was released (from -updates or -security), make the security fix on that, then push it through whatever testing that the security team does and certification testing, and release that to -security and -updates.
    • Place all the changes which were currently in verification back onto this new kernel, and accept that any which have been verified are still valid passes for verification, and continue the verification cycle using this kernel with the security fix.
    • This may extend the verification phase a little, but not much, and we would then enter testing phase.

      If it arrives during the testing phase we will:

    • Already have reverted all non-verified fixes from the verification phase
    • Apply the security fix
    • Begin the testing phase, restarting it if needed
    • Notify the security team to perform any testing they require.
  • Embargoed Critical CVEs
    • These are handled the same as Non-embargoed Critical CVEs, but we may have to adjust the actual release date. This will be handled on a case-by-case basis.

Testing

  • There are 3 types of required testing: verification, certification, and regression. Verification testing happens during the verification phase of the cycle, and certification and regression testing occur during the testing phase.

  • Verification testing is the assurance that a bug is actually fixed by the proposed kernel, and is the responsibility of the bug reporter. Tags used for tracking verification are verification-needed-<releasename>, verification-done-<releasename>, and verification-failed-<releasename>. NOTE: The addition of <releasename> to these tags was recently decided, and will be phased in asap.

  • Certification is assurance that the kernel passes certification tests on specific hardware, and is the responsibility of the Platform Services, certification QA team.
  • Regression testing is testing to assure that no bugs have been re-introduced by the proposed kernel, and is the responsibility of the Platform QA team.
  • For certification and regression testing, a tracking bug will be created and associated with each stable kernel in order to track status and completion of testing. See details in 'Tracking Bug Procedure' below
    • This tracking bug number will be included in announcements sent when a new kernel is ready for testing after reverts have been made
    • Setting the tag "verification-done" on this tracking bug will signify that the kernel has passed testing and may be released
  • All tracking bugs associated with upstream stable patch sets will be set to verification-done QA when the kernel has passed testing.

Details

  • Changes from bug reports will only be considered if we have the hardware and resources to test the fix, or a very high confidence that the bug reporter will test the proposed release.
  • At the beginning of the two-week cycle, bug fixes, upstream stable patches, and non-embargoed security fixes will be applied, and the kernel uploaded to proposed.
  • At the end of the first week, any bug fixes which have not been verified as fixed by the reporter or by internal testing will have the patches reverted, and the associated bugs set to "incomplete". A tag of "stable-reverted-<release>" will be added at this time (where <release> is [lucid | maverick . . .]). A comment will be added to the bug describing how to request reapplication of the fix.

  • After reverting unverified fixes, a Testing Tracking Bug will be created to be used during the upcoming testing phase, and this bug will be added to the changelog. This bug will be provided/assigned to the cert and QA testing teams, signifying that the testing phase has started. NOTE: Creation of the bug and addition to the changelog is currently a manual step, and will be automated soon.
  • During the second week, certification and regression testing will be performed to insure that the kernel is functional. Minimum testing will insure that the kernels boots, networking operates, X starts (for workstations), and updates can be performed. Certification tests will not include the entire set of manually executed tests, but will include an automated set of tests. Testing will be a joint effort by the QA and certification teams. The exact testing to be performed is To Be Determined.
  • Proposed releases will be tracked with a tracking bug opened by the stable kernel team, and linked via an entry in the changelog. This bug tracked on the kernel bug dashboard. The bug will be set to verified when all QA and Cert testing has passed (See procedure below)
  • Security kernels which are critical or embargoed will also receive the same tests required for proposed kernels.

Tracking Bug Procedure

For certification and regression testing, a tracking bug will be created and associated with each stable kernel in order to track status and completion of testing.

  1. Create the tracking bug
    • This report is filed by the Kernel Team _before_ uploading the new kernel to -proposed.

      • Note: This bug is created by a script the kernel team created (create-tracking-bug) which can be found in the kteam-tools git repository. The created bug is tagged with "kernel-tracking-bug".
    • Once the bug is created, be sure that the changelog references the SRU bug number using the 'LP: #NNNNNN' convention

    • The description tracking bug must contains the exact version of the kernel it is tracking.

    • The report is nominated for the appropriate Ubuntu release

    • The status of development task (main task) is set to 'Fix Released'

    • Subscribe ubuntu-sru to the bug report.

  2. Publication to -proposed
    • The publication to -proposed will follow the Stable Release Updates procedure.

    • The report is tag with verification-needed

    • The sru-verification Team is subscribed to the report. The members of the QA Team responsible of the verification are notified when this team is subscribed.

    • The status is 'Fix Committed'

  3. SRU Tracking
    1. Certification Testing
      • The QA Team (sru-verification members)
        • Assigns the report to the HW Cert Team (LP Team or person ?)

        • Set the Status to 'Incomplete'

      • The HW Cert Team
        • Set the status to 'In Progress'

        • Runs the tests
        • Update the report with the results of the test.

      • If the tests pass:

        • Set the status of the report back to 'Triaged'

        • Unassign itself
      • If the tests fail:

        • Set the tag to 'verification-failed'

        • Set the status to 'Triaged'

        • Assign the report to the Kernel Team (ubuntu-kernel-team)

    2. Regression Testing (If the Certification testing passes)
      • the QA Team assigns the report to the member of sru-verification who will run the regression tests

      • the QA Team set the status to 'In Progress'

      • Runs the tests
      • Update the report with the result of the test
      • If the tests pass:

        • Set the tag to 'verification-done'

        • Set the status to 'Fix Committed'

      • If the tests fail:

        • Set the tag to 'verification-failed'

        • Set the status to 'Triaged'

        • Assign the report to the Kernel Team (ubuntu-kernel-team)

  4. Publication to -updates
    • If the report is in state 'Fix Committed' and the tag is 'verification-done', and all the other reports are verified (or revert if unverified) then the kernel is published to -updates
    • The report will be closed (status 'Fix Released') automatically on publication of the newest kernel if the bug number is correctly set in the changelog.

Reconsideration of reverted fixes

When fixes are reverted due to lack of verification, they may be proposed for reconsideration by performing the following:

  • Update the bug with a firm commitment to verify the fix during the next stable kernel release cycle (usually this will begin one week after the fix is reverted). Change the "stable-reverted-<release>" tag to "stable-reapply-<release>" (where <release> is [lucid | maverick . . .]).

Initial Implementation Schedule

The initial cycles will adhere as much as possible to the two-week cadence, with adjustments for holidays.

Text for bugs

When a kernel is released to -proposed, the following text will be added as a comment:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

If verification is not done by Thursday, November 11, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

When a fix is not verified by the deadline and is reverted, the following text will be added as a comment:

Verification that this bug is fixed has not been completed by the deadline for the current stable kernel release cycle.
The change will be reverted and this bug is being set to incomplete.

In order to have this fix considered for reapplication to the kernel, please follow the process documented here:

https://wiki.ubuntu.com/Kernel/StableReleaseCadence

Discussions about the new process tend to take place in #ubuntu-kernel on IRC, so please contribute to the discussion there if you would like.

Thank you!

Kernel/StableReleaseCadence (last edited 2019-03-14 10:47:54 by anthonywong)