StableReleaseCadence

Differences between revisions 30 and 31
Revision 30 as of 2011-02-28 16:41:02
Size: 16090
Editor: brad-figg
Comment:
Revision 31 as of 2011-03-11 16:59:43
Size: 16389
Comment:
Deletions are marked like this. Additions are marked like this.
Line 158: Line 158:
 Clarification:
 QA Test Engineer should be the one to tag tracking bug as verification-done only after:
     1. HW Cert Team done (only for Lucid & Maverick)
     1. QA Team done (All releases: Dapper, Hardy, Karmic, Lucid, Maverick)
 Only then, should the Archive Admin publish the kernel.

Stable Kernel Release Cadence

Goals

The Kernel Stable Cadence was arrived at during discussions before and during Natty Narwhal Developer Summit in Orlando. The Blueprint from the UDS sessions may be found here. The new process has a number of goals which are designed to improve some problems with the old process. These goals are:

  1. Reduce the maximum time between valid fixed are applied and verified and their delivery to the end user.
  2. Assure that every bug fix is verified to solve the problem while the kernel is in -proposed testing.
  3. Increase kernel quality by applying comprehensive regression and certification testing to all stable kernels before release.
  4. Reduce the time until non-critical and non-embargoed security fixes are applied and released.
  5. Reduce the impact that critical and embargoed security updates have on the normal stable release schedule.
  6. Reduce the amount of time it takes for upstream stable kernel updates to reach users.
  7. Avoid kernel updates which contain a very large number of updates.
  8. Provide more predictability of when a fix that's been applied to the source repository will be released.

Implementation

Whenever possible, Stable kernels will now be released on a short cadence. The cycle consists of two phases - the verification phase, and the testing phase. The intended complete cycle length is two weeks, with one week for each phase. The cycle immediately repeats every two weeks, with the exception of holidays, UDS weeks, and other considerations. An attempt will be made to synchronize the schedule with the the Ubuntu platform schedule.

The cycle begins upon publication of a new kernel to the -proposed archive which contains all accumulated fixes.

Patches will be divided into the following classes:

Non-Security Patches

  • Stable Upstream Patches
    • Stable updates from upstream (GregKH's repos) will be accepted without testing of individual functionality.
  • Other Patches
    • No patch will be accepted for a bug if we don't have the hardware to test it or high confidence that it will be tested by the community.

      These patches are required to be verified during the verification phase, and if not verified, will be reverted before the testing phase begins.

Security (CVE) Patches

  • With the faster release cycle, most CVEs can be released faster as part of the normal stable kernel cycle than if we created a special security release. Critical security fixes are those which must be released as soon as possible, generally because they involve a trivially exploitable privilege escalation vulnerability or something similar. N.B. embargoed CVEs are not necessarily critical.
  • Non-Critical CVEs
    • Non-critical CVE patches will be applied directly to the master branch of the affected git repository and will be part of the next -proposed upload. An out-of-cycle -security upload will not be required for these patches.
  • Non-embargoed Critical CVEs
    • If it arrives during the verification phase we will:

    • Take the last kernel which was released (from -updates or -security), make the security fix on that, then push it through whatever testing that the security team does and certification testing, and release that to -security and -updates.
    • Place all the changes which were currently in verification back onto this new kernel, and accept that any which have been verified are still valid passes for verification, and continue the verification cycle using this kernel with the security fix.
    • This may extend the verification phase a little, but not much, and we would then enter testing phase.

      If it arrives during the testing phase we will:

    • Already have reverted all non-verified fixes from the verification phase
    • Apply the security fix
    • Begin the testing phase, restarting it if needed
    • Notify the security team to perform any testing they require.
  • Embargoed CVEs
    • These are handled the same as Non-embargoed Critical CVEs, but we may have to adjust the actual release date. This will be handled on a case-by-case basis.

Testing

  • There are 3 types of required testing: verification, certification, and regression. Verification testing happens during the verification phase of the cycle, and certification and regression testing occur during the testing phase.

  • Verification testing is the assurance that a bug is actually fixed by the proposed kernel, and is the responsibility of the bug reporter. Tags used for tracking verification are verification-needed-<releasename>, verification-done-<releasename>, and verification-failed-<releasename>. NOTE: The addition of <releasename> to these tags was recently decided, and will be phased in asap.

  • Certification is assurance that the kernel passes certification tests on specific hardware, and is the responsibility of the Platform Services, certification QA team.
  • Regression testing is testing to assure that no bugs have been re-introduced by the proposed kernel, and is the responsibility of the Platform QA team.
  • For certification and regression testing, a tracking bug will be created and associated with each stable kernel in order to track status and completion of testing. See details in 'Tracking Bug Procedure' below
    • This tracking bug number will be included in announcements sent when a new kernel is ready for testing after reverts have been made
    • Setting the tag "verification-done-<releasename>" on this tracking bug will signify that the kernel has passed testing and may be released

  • All tracking bugs associated with upstream stable patch sets will be set to verification-done-<releasename> QA when the kernel has passed testing.

Details

  • Changes from bug reports will only be considered if we have the hardware and resources to test the fix, or a very high confidence that the bug reporter will test the proposed release.
  • At the beginning of the two-week cycle, bug fixes, upstream stable patches, and non-embargoed security fixes will be applied, and the kernel published to -proposed.
  • At the end of the first week, any bug fixes which have not been verified as fixed by the reporter or by internal testing will have the patches reverted, and the associated bugs set to "incomplete". A tag of "stable-reverted-<release>" will be added at this time (where <release> is [lucid | maverick . . .]). A comment will be added to the bug describing how to request reapplication of the fix.

  • After reverting unverified fixes, a Testing Tracking Bug will be created to be used during the upcoming testing phase, and this bug will be added to the changelog. This bug will be provided/assigned to the cert and QA testing teams, signifying that the testing phase has started. NOTE: Creation of the bug and addition to the changelog is currently a manual step, and will be automated soon.
  • During the second week, certification and regression testing will be performed to insure that the kernel is functional. Minimum testing will insure that the kernels boots, networking operates, X starts (for workstations), and updates can be performed. Certification tests will not include the entire set of manually executed tests, but will include an automated set of tests. Testing will be a joint effort by the QA and certification teams. The exact testing to be performed is To Be Determined.
  • Proposed releases will be tracked with a tracking bug opened by the stable kernel team, and linked via an entry in the changelog. This bug tracked on the kernel bug dashboard. The bug will be set to verified when all QA and Cert testing has passed (See procedure below)
  • Security kernels which are critical or embargoed will also receive the same tests required for proposed kernels.

Tracking Bug Procedure

For tracking and triggering process steps including certification and regression testing, as well as archive admin operations, a tracking bug will be created and associated with each stable kernel in order to track status and completion of testing.

  1. Create the tracking bug
    • This report is filed by the Kernel Team _before_ uploading the new kernel to -proposed.

      • Note: This bug is created by a script the kernel team created (create-tracking-bug) which can be found in the kteam-tools git repository. The created bug is tagged with "kernel-release-tracking-bug".
    • Once the bug is created, be sure that the changelog references the SRU bug number using the 'LP: #NNNNNN' (SRU) convention

    • The description tracking bug must contains the exact version of the kernel it is tracking.

    • The report is nominated for the appropriate Ubuntu release

    • The status of development task (main task) is set to 'Fix Released'

    • Subscribe ubuntu-sru to the bug report.

    • The publication to -proposed will follow the Stable Release Updates procedure.

    • The report is tagged with verification-needed-<releasename>

  2. Publication to -proposed for the Verification Phase
    • After the kernels are built in the kernel PPA, ubuntu-sru-team will be subscribed to the tracking bugs, with a comment in those bugs requesting that the kernels be copied to the -proposed pocket.
  3. After the Verification Phase is complete
    • If any patches have been reverted, new kernels will be uploaded and built, and the ubuntu-sru-team will again be asked to copy them to proposed.
    • The sru-verification-<releasename> Team is subscribed to the report. The members of the QA Team responsible of the verification are notified when this team is subscribed. It is this subscription that signifies that the Testing Phase has begun.

    • The status is 'Fix Committed'

  4. SRU Tracking
    1. Certification Testing
      • The QA Team (sru-verification members)
        • Assigns the report to the HW Cert Team (LP Team or person ?)

        • Set the Status to 'Incomplete'

      • The HW Cert Team
        • Set the status to 'In Progress'

        • Runs the tests
        • Update the report with the results of the test.

      • If the tests pass:

        • Set the status of the report back to 'Triaged'

        • Unassign itself
      • If the tests fail:

        • Set the tag to 'verification-failed-<releasename>'

        • Set the status to 'Triaged'

        • Assign the report to the Kernel Team (ubuntu-kernel-team)

    2. Regression Testing (If the Certification testing passes)
      • the QA Team assigns the report to the member of sru-verification-<releasename> who will run the regression tests

      • the QA Team set the status to 'In Progress'

      • Runs the tests
      • Update the report with the result of the test
      • If the tests pass:

        • Set the tag to 'verification-done-<releasename>'

        • Set the status to 'Fix Committed'

      • If the tests fail:

        • Set the tag to 'verification-failed-<releasename>'

        • Set the status to 'Triaged'

        • Assign the report to the Kernel Team (ubuntu-kernel-team)

    Clarification: QA Test Engineer should be the one to tag tracking bug as verification-done only after:
    1. HW Cert Team done (only for Lucid & Maverick)

    2. QA Team done (All releases: Dapper, Hardy, Karmic, Lucid, Maverick)
    Only then, should the Archive Admin publish the kernel.
  5. Publication
    • The packages are published to -updates
    • If the report is in state 'Fix Committed' and the tag is 'verification-done-<releasename>', and all the other reports are verified (or revert if unverified) then the kernel is published to -updates

    • The report will be closed (status 'Fix Released') automatically on publication of the newest kernel if the bug number is correctly set in the changelog.
    • For a kernel containing any security CVE fixes:
      • The packages are published to -security (along with any ABI-tracked packages)
      • The Security Team will generate a USN for the included CVEs.

Reconsideration of reverted fixes

When fixes are reverted due to lack of verification, they may be proposed for reconsideration by performing the following:

  • Update the bug with a firm commitment to verify the fix during the next stable kernel release cycle (usually this will begin one week after the fix is reverted). Change the "stable-reverted-<release>" tag to "stable-reapply-<release>" (where <release> is [lucid | maverick . . .]).

Initial Implementation Schedule

The initial cycles will adhere as much as possible to the two-week cadence, with adjustments for holidays.

Text for bugs

When a kernel is released to -proposed, the following text will be added as a comment:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-<releasename>' to 'verification-done-<releasename>'.

If verification is not done by Thursday, November 11, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

When a fix is not verified by the deadline and is reverted, the following text will be added as a comment:

Verification that this bug is fixed has not been completed by the deadline for the current stable kernel release cycle.
The change will be reverted and this bug is being set to incomplete.

In order to have this fix considered for reapplication to the kernel, please follow the process documented here:

https://wiki.ubuntu.com/Kernel/StableReleaseCadence

Discussions about the new process tend to take place in #ubuntu-kernel on IRC, so please contribute to the discussion there if you would like.

Thank you!

Build PPA and process for pocket copying

According to the new process, regular stable kernel releases may now contain security CVE fixes along with normal fixes. Any kernel containing security fixes must be delivered to the -security pocket, and must therefore only be built against components which are delivered through -security, and not anything newer which may come from -updates.

In order to accomplish this, the following steps are taken to upload kernel packages:

  1. If one does not exist, set up a dedicated ppa:
    • Set up the build ppa as native (done)
    • Set up the ppa as building with only the security pocket enabled (ie, not with updates or proposed) (done)
  2. If the update has embargoed CVEs or high priority updates that will supersede the proposed kernel process, use -security in the changelog and hand it off to the security team and you are done
  3. Otherwise, upload to the ppa with -proposed in the changelog
  4. When all architectures are done building, pocket copy to -proposed for testing (must be performed by an archive admin)

  5. When testing is complete, pocket copy from -proposed to -updates. If has public CVE fixes, also pocket copy to -security and alert the ubuntu-security team (archive admin task)
  6. Once a package is copied to the -proposed pocket, it can be deleted from the PPA.

In order to upload -proposed kernels to this PPA, you need to set up a configuration for it in your .dput.cf file. The section for this ppa should look like this:

[kernelteam]
fqdn=ppa.launchpad.net
method=ftp
incoming=~canonical-kernel-team/ubuntu/%(kernelteam)s
login=anonymous
allow_unsigned_uploads = 0

Then when you upload, you must include the release name like this:

dput kernelteam:hardy ./<hardy-kernel-version>_source.changes

Kernel/StableReleaseCadence (last edited 2019-03-14 10:47:54 by anthonywong)