When we make a backport release such as 0.5.2 we must git cherry-pick -x all commits from develop and never add a commit that is unique to this branch. Otherwise we will need to forward port that to develop and it will get messy.
It happened for a few commits in the preparation of 0.5.2, that is all the commits with a leading + below.
$ git --no-pager log --no-merges --oneline --cherry-mark --right-only origin/develop...origin/release/0.5.2 + b2484519 SecureDrop 0.5.2 + 1ddfba21 Provide updated path for tor_version artifact + 967f58f8 Add an apt safe-upgrade for tor apt testing + 38fcffe9 Address flake8 issues in testinfra skip logic + 61f8a097 CI grab back tor_version string + 732c8dad CI - build for tor-apt-test in release branches + f898877f SecureDrop 0.5.2~rc1 = ac500524 Reimplements Ansible fail-fast playbook options = 03ecd344 Fixes broken ansible-config tests + c4114d56 Merge pull request #2886 from freedomofpress/use-xenial-gettext = afa4a291 CI - Temporarily skip junit for test script calls = a5272d0a Fix syntax on application tests pytest command = d2e1ed49 CI - Potential fix for Circle to parse errors = bdf075d3 CI - also dump raw artifacts in test-with-rebase = 54cdbb16 CI - Add app/testinfra results into combinedf junit = 652b2742 Dump raw application and testinfra output in CI = b8587362 CI - Break-out test XML cleanup/merge from script = 71305939 Docs: Remove Travis CI from developer documentation. = 55dfaa5d Remove Travis CI and run pages-layout tests on Circle CI + 4227c99c Use Xenial to install gettext 0.19.* = 07d99bba REVERTME -- Temporary testing region in branch = 99a05b39 CI - Do not skip ec2 tear-down if keypair rm dies = b800faa7 Remove regular staging-test in bid to keep complexity down = 314a7737 Closes #2927, do not fail CI on vulnerable package :(. This change is TEMPORARY until Ansible in `securedrop/requirements/ansible.in` is upgraded to 2.4 = 116230d1 Implements any_errors_fatal in all playbooks = 7e0b4756 Adds test for any_errors_fatal Ansible option = ffd8596f Removes unused "upgrade" playbook = d8f8569a Implements max_fail_percentage in all playbooks = 45dfba74 Adds Makefile target "ansible-config-lint" = 67fac928 Adds test for max_fail_percentage Ansible option = 70c980f1 Reenables OSSEC connectivity config test = 0ae8af11 Clean-up systems with multiple agents = 484c40d1 Purge existing agents from app + mon = 6d1156ea Make registration detection less stringent = b594833c Configure Postfix after OSSEC = d9d98ac7 Add temporary iptables to the top of the chain = dc6c9632 Add fix for iptables OSSEC monitor temporary rules = 8690efe2 Updates playbooks with new OSSEC role logic = 478a9a0c Creates combined "ossec" role for both hosts = d36c056f Creates "ossec-register" common workflow = 05a58189 Ports OSSEC pubkey import to "become" pragma = 4a871323 Breaks out postfix config into discrete role = 7e31b606 Partial implementation of OSSEC iptables fix = 84f55d19 Replace aging PyCrypto library with PyCryptodome = 9f5e80f3 i18n: add new languages securedrop-confiure.yml + e4fded23 SecureDrop 0.5 + 3906f5e4 Tests: Remove 'ar' from test_render_locales + 31ac7411 Fix tests after pulling out Arabic translations + c6cc6f58 l18n: arabic is postponed to the next version + a426c2a9 SecureDrop 0.5-rc6 + 1799e4c4 l10n: sync ar de_DE es_ES fr_FR nb_NO nl pt_BR translations
We can safely ignore the last commits (e4fded23 SecureDrop 0.5 and below, they come from a faulty merge from 0.5.1 that was dealt with and this is only a trace of that event). The following remain:
I suggest all commits from https://github.com/freedomofpress/securedrop/pull/2941 are cherry-picked into a new pull request against
develop and merged. The other two commits can probably be cherry-picked and proposed in the one pull request: they are the only difference between 0.5.2 and develop and will make for a clean history. Use Xenial to install gettext 0.19. was cherry-picked from
develop but a conflict had to be resolved, reason why it has a different patch-id and shows with a +, there is no need for action on this one.
How does that sound @mike ?