Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release proposal: v1.6.4 #1340

Closed
Fishrock123 opened this issue Apr 3, 2015 · 39 comments
Closed

Release proposal: v1.6.4 #1340

Fishrock123 opened this issue Apr 3, 2015 · 39 comments
Labels
meta Issues and PRs related to the general management of the project.

Comments

@Fishrock123
Copy link
Contributor

This is primarily to get [email protected] (#1337) in somewhat quick, as it fixes a bug with installing private git deps (#1323), and contains some security fixes.

It may also be possible to get some of @indutny's timer unref fixes in from #1330 if everything proves stable.

/cc @rvagg

@Fishrock123 Fishrock123 added the meta Issues and PRs related to the general management of the project. label Apr 3, 2015
@Fishrock123
Copy link
Contributor Author

Hmm, changelog maker is a little confused because the last tag is somehow on an orphaned commit.

[email protected] landed in the last release, 1.6.3.

Edit: fixed manually..

@Fishrock123
Copy link
Contributor Author

Update: Both #1337 and #1323 have landed.

@rvagg Should we make changelog-maker truncate names?

  • [65d4d25f52] - build: default to armv7+vfpv3 for android (Giovanny Andres Gongora Granada) #1307

@Fishrock123
Copy link
Contributor Author

Also worth noting:

@iojs/collaborators please don't merge anything semver-minor until this goes out. :)

@shigeki
Copy link
Contributor

shigeki commented Apr 4, 2015

I will merge #1325 after releasing this.

@shigeki
Copy link
Contributor

shigeki commented Apr 4, 2015

@Fishrock123 I've just merge #1325. Please add them to the list.

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

@Fishrock123 can you do a git fetch origin to get the tag from the last release please, that should fix your commit list. I've been updating the original comment in each of these releases with a new commit list throughout the proposal period too fwiw.

And no, don't truncate names, that's a little disrespectful IMO

Next job: craft the changelog entry that goes above the commit list and iterate on it in here. I'm +1 on moving this out fairly quickly given that we have a decent sized list and the npm bugfix is worth getting in to people's hands.

@Fishrock123
Copy link
Contributor Author

Jeremiah Senkpiel can you do a git fetch origin to get the tag from the last release please, that should fix your commit list. I've been updating the original comment in each of these releases with a new commit list throughout the proposal period too fwiw.

Already done that once :)

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

@Fishrock123 do you have the latest changelog-maker? I'm constantly tweaking it to adapt to new conditions in the commit log in io.js. My commit list from changelog-maker --group:

  • [3a69b7689b] - benchmark: add rsa/aes-gcm performance test (Shigeki Ohtsu) #1325
  • [1c709f3aa9] - benchmark: add/remove hash algorithm (Shigeki Ohtsu) #1325
  • [a081c7c522] - benchmark: fix chunky client benchmark execution (Brian White) #1257
  • [65d4d25f52] - build: default to armv7+vfpv3 for android (Giovanny Andres Gongora Granada) #1307
  • [6a134f7d70] - build: avoid passing private flags from pmake (Johan Bergström) #1334
  • [5094a0fde3] - build: Pass BSDmakefile args to gmake (Johan Bergström) #1298
  • [f782824d48] - deps: refactor openssl.gyp (Shigeki Ohtsu) #1325
  • [21f4fb6215] - deps: update gyp to e1c8fcf7 (Shigeki Ohtsu) #1325
  • [dac903f9b6] - deps: make node-gyp work with io.js (cjihrig) #990
  • [5eb983e0b3] - deps: upgrade npm to 2.7.5 (Forrest L Norvell) #1337
  • [008078862e] - deps: check in gtest, add util unit test (Ben Noordhuis) #1199
  • [87053e8aee] - doc: add back quote to boolean variable 'true' (Kohei TAKATA) #1338
  • [634e9629a0] - doc: add TC meeting minutes 2015-03-04 (Rod Vagg) #1123
  • [245ba1d658] - doc: fix util.isObject documentation (Jeremiah Senkpiel) #1295
  • [ad937752ee] - doc,src: remove references to --max-stack-size (Aria Stewart) #1327
  • [15f058f609] - gyp: fix build with python 2.6 (Fedor Indutny) #1325
  • [4dc6ae2181] - lib: remove unused variables (Brian White) #1290
  • [b6e22c4bd5] - src: setup cluster workers before preloading (Ali Ijaz Sheikh) #1314
  • [4a801c211c] - src: drop homegrown thread pool, use libplatform (Ben Noordhuis) #1329
  • [f1e5a13516] - src: wrap MIN definition in infdef (Johan Bergström) #1322
  • [6f72d87c27] - test: add test for a unref'ed timer leak (Fedor Indutny) #1330
  • [416499c872] - timers: remove redundant code (Fedor Indutny) #1330
  • [d22b2a934a] - timers: do not restart the interval after close (Fedor Indutny) #1330
  • [cca5efb086] - timers: don't close interval timers when unrefd (Julien Gilli)
  • [0e061975d7] - timers: fix unref() memory leak (Trevor Norris) #1330
  • [eb459c8151] - tools: fix gyp to work on MacOSX without XCode (Shigeki Ohtsu) #1325
  • [382bd9d2e0] - v8: back-port openbsd/amd64 build fix (Ben Noordhuis) #1318
  • [efadffe861] - win,node-gyp: optionally allow node.exe/iojs.exe to be renamed (Bert Belder) #1266

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

oh sorry, I see that [email protected] commit isn't in your list now, must have fixed it on your end already

@Fishrock123
Copy link
Contributor Author

@rvagg I keep having to remove it by hand. The git is going to be weird until the next tag, apparently.

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

@Fishrock123 maybe git fetch origin; git checkout origin/v1.x; git branch -D v1.x; git checkout -b v1.x (I'm sure there's a shortcut for that!). This discrepancy is a concern, if there's something off with your commit log then you may not be releasing the same thing as the rest of us have.

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

Here's the git command it should be running to get the list:

git log --pretty=full --since="$(git show -s --format=%ad `git rev-list --max-count=1 --tags`)" --until="

It'll manually prune the two commits at the beginning from the last release.

@Fishrock123
Copy link
Contributor Author

I have an alias setup to do !git remote update -p; git merge --ff-only @{u}, has always worked fine before.. Hmmm

@Fishrock123
Copy link
Contributor Author

@rvagg that command stalls for me, but I got the one from the releases doc to work earlier. I thought we used changelog-maker for this..?

@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

changelog-maker runs the above git command internally

@Fishrock123
Copy link
Contributor Author

Sorry, I had been running changelog-maker --group --start-ref=245ba1d658 iojs io.js | pbcopy because the 1.6.3 tag is on an orphaned commit.
(see the commit at: https://github.com/iojs/io.js/releases/tag/v1.6.3)

Perhaps it is tagged right (but incorrectly) on your end?

See: https://gist.github.com/Fishrock123/f01006c81762364d376e

Starefossen pushed a commit to Starefossen/docker-iojs that referenced this issue Apr 4, 2015
Related: nodejs/node#1340

Signed-off-by: Hans Kristian Flaatten <[email protected]>
Starefossen pushed a commit to Starefossen/docker-iojs that referenced this issue Apr 4, 2015
PR-URL: nodejs#49
Related: nodejs/node#1340

Signed-off-by: Hans Kristian Flaatten <[email protected]>
@rvagg
Copy link
Member

rvagg commented Apr 4, 2015

OK, I don't understand what's going on, perhaps one of the git geniuses from @iojs/tc can help explain. It's very possible that I messed 1.6.3 up somehow, it was done in a hurry but it's still pretty straight-forward so I can't see how, I also can't find evidence of a force push that would mess things up.

e5d1a42 is the commit I tagged and was used for release and apparently orphaned.

4845f9c is identical and on v1.x and not the tagged one.

@Fishrock123 changelog-maker is still working for me because it works on tag date, see it on a fresh clone here: https://gist.github.com/rvagg/d865c151ef31cb5d4457

@iojs/tc should I delete that tag and re-tag 4845f9c so it's on v1.x? It appears to be identical.

@Fishrock123
Copy link
Contributor Author

It says what branch the commit is on at the bottom above the author/commiter:

screen shot 2015-04-04 at 9 49 17 am

screen shot 2015-04-04 at 9 49 33 am

And the tagged commit is most certainly not on any branch.
(Here, or in my clone. I also think I heard someone else notice this in irc a few days ago.)

@bnoordhuis
Copy link
Member

@rvagg I say delete and retag.

@rvagg
Copy link
Member

rvagg commented Apr 5, 2015

I'll do that then.

@Fishrock123 don't let this hold up a release. One thing to be aware of when promoting the builds--you'll get some permission errors, these are inconsequential and can be ignored, they are related to cleaning out the staging directory and don't impact promotion. They are kind of noisy and make it look bad but they are not a big deal.

@rvagg
Copy link
Member

rvagg commented Apr 5, 2015

re-tagged v1.6.3

@Fishrock123
Copy link
Contributor Author

Jeremiah Senkpiel don't let this hold up a release

I sorta had been because of

This discrepancy is a concern, if there's something off with your commit log then you may not be releasing the same thing as the rest of us have.


re-tagged v1.6.3

Ok, I'll try to get a changelog out here today, but family things may be happening, so if I don't and someone else has more time that'd be great.

Speaking of which, how do we compile NPM's changelog?

@Fishrock123
Copy link
Contributor Author

CI: https://jenkins-iojs.nodesource.com/view/iojs/job/iojs+any-pr+multi/443/

Also, changelog-maker is working fine with the fixed tag.

@Fishrock123
Copy link
Contributor Author

Anyone have better wording for this?

timers: a minor memory leak when timers are unreferenced was fixed, which should solve the last of the memory leak reported in #1075, alongside some related timers issues #1330 (Fedor Indutny).

(I can re-add #1075 as an existing issue, but I believe we can confidently say it isn't anymore.)
(Edit: updated, see below..)

@Fishrock123
Copy link
Contributor Author

2015-03-31, Version 1.6.4, @Fishrock123

Notable changes

  • npm: upgrade npm to 2.7.5. See npm CHANGELOG.md for details. Includes two important security fixes. Summary:
    • 300834e
      [email protected]: Normalize symbolic links that point to targets outside the
      extraction root. This prevents packages containing symbolic links from
      overwriting targets outside the expected paths for a package. Thanks to Tim
      Cuthbertson
      and the team at Lift
      Security
      for working with the npm team to identify
      this issue. (@othiym23)
    • 0dc6875
      [email protected]: Package versions can be no more than 256 characters long.
      This prevents a situation in which parsing the version number can use
      exponentially more time and memory to parse, leading to a potential denial of
      service. Thanks to Adam Baldwin at Lift Security for bringing this to our
      attention. (@isaacs)
    • eab6184
      #7766 One last tweak to ensure that
      GitHub shortcuts work with private repositories.
      (@iarna)
    • a840a13
      #7746 Only fix up git URL paths when
      there are paths to fix up. (@othiym23)
  • deps: preliminary work has been done for an upcoming upgrade to OpenSSL 1.0.2a #1325 (Shigeki Ohtsu). See #589 for additional details.
  • timers: a minor memory leak when timers are unreferenced was fixed, alongside some related timers issues #1330 (Fedor Indutny). This appears to have fixed the remaining leak reported in #1075.
  • build: it is now possible to compile io.js for Android and related devices #1307 (Giovanny Andres Gongora Granada).

Known issues

  • Some problems with unreferenced timers running during beforeExit are still to be resolved. See #1264.
  • Surrogate pair in REPL can freeze terminal #690
  • Not possible to build io.js as a static library #686
  • process.send() is not synchronous as the docs suggest, a regression introduced in 1.0.2, see #760 and fix in #774
  • Calling dns.setServers() while a DNS query is in progress can cause the process to crash on a failed assertion #894

Commits

@Fishrock123
Copy link
Contributor Author

This is new on win2008r2.. windows config issue maybe?

=== release test-debug-port-from-cmdline ===
Path: parallel/test-debug-port-from-cmdline
c:\workspace\iojs+any-pr+multi\nodes\iojs-win2008r2\test\parallel\test-debug-port-from-cmdline.js:19
    process._debugProcess(child.pid);
            ^
Error: Access is denied.
    at Error (native)
    at ChildProcess.onChildMsg (c:\workspace\iojs+any-pr+multi\nodes\iojs-win2008r2\test\parallel\test-debug-port-from-cmdline.js:19:13)
    at emitTwo (events.js:87:13)
    at ChildProcess.emit (events.js:169:7)
    at handleMessage (child_process.js:306:10)
    at Pipe.channel.onread (child_process.js:334:11)
Command: c:\workspace\iojs+any-pr+multi\nodes\iojs-win2008r2\Release\iojs.exe c:\workspace\iojs+any-pr+multi\nodes\iojs-win2008r2\test\parallel\test-debug-port-from-cmdline.js

Building a nightly: https://jenkins-iojs.nodesource.com/job/iojs+release+nightly/126/

@rvagg
Copy link
Member

rvagg commented Apr 6, 2015

@Fishrock123 I've been putting deps at the bottom of the list of notable changes, and can I suggest you change the openssl one to be prefixed with **openssl**: rather than **deps**:, you could do the same for **Android**:, I've been doing this from a user-perspective while the commit messages are for internal consumption.

I think I've seen that win2008 failure before so I wouldn't let it hold you up. Here's another run I just did for another purpose where it's passed just fine: https://jenkins-iojs.nodesource.com/job/iojs+any-pr+multi/444/nodes=iojs-win2008r2/console

@Fishrock123
Copy link
Contributor Author

I've been putting deps at the bottom of the list of notable changes

Sure, but here they are the important bits..

**openssl** (..)

Yup, will do.


@rvagg how do you feel about this bit in particular, and in terms of removing #1075 from "known issues"?

timers: a minor memory leak when timers are unreferenced was fixed, alongside some related timers issues #1330 (Fedor Indutny). This appears to have fixed the remaining leak reported in #1075.

@jbergstroem
Copy link
Member

Can we perhaps get #1350 in (assuming others want it) so we don't grow the tarball for "no" reason?

@rvagg
Copy link
Member

rvagg commented Apr 6, 2015

@Fishrock123 yeah that timers bit sounds fine, I'd err on the side of caution and still report possible leak in Known issues _but_ it seems like we may be close enough to remove it so it's a judgement call for you to make since this is your release.

@jbergstroem there's enough LGTM's in there so it's up to @shigeki as to whether he can land it in time but I'd suggest that this release is ready to roll so could be pushed out right now so #1350 may have to wait till the next release.

@jbergstroem
Copy link
Member

(#1350 just landed)

@Fishrock123
Copy link
Contributor Author

@gabeio
Copy link

gabeio commented Apr 6, 2015

I don't know if this is relevant but, node-gyp rebuild failed on my osx with v1.6.4 (I installed using nvm):

gyp ERR! stack Error: 404 status code downloading tarball

@Fishrock123
Copy link
Contributor Author

@gabeio it's not promoted yet, please stand by. (yay gpg subkey fun!)

@gabeio
Copy link

gabeio commented Apr 6, 2015

ah ok sorry wasn't sure I just nvm installed and it pulled iojs-v1.6.4

@Fishrock123
Copy link
Contributor Author

Yeah, it (possibly erroneously) updates the /latest/ dist folder somewhat pre-emptively.

@Fishrock123
Copy link
Contributor Author

@gabeio It should work now. (note: armv6 takes much longer to build and will be uploaded later.)

@gabeio
Copy link

gabeio commented Apr 6, 2015

yup thanks!

@Fishrock123
Copy link
Contributor Author

Whoops, thanks @silverwind!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
meta Issues and PRs related to the general management of the project.
Projects
None yet
Development

No branches or pull requests

7 participants