Working with 0.5.2 and similar backport releases



When we make a backport release such as 0.5.2 we must git cherry-pick -x all commits from develop and never add a commit that is unique to this branch. Otherwise we will need to forward port that to develop and it will get messy.

It happened for a few commits in the preparation of 0.5.2, that is all the commits with a leading + below.

$ git --no-pager  log --no-merges --oneline --cherry-mark --right-only origin/develop...origin/release/0.5.2
+ b2484519 SecureDrop 0.5.2
+ 1ddfba21 Provide updated path for tor_version artifact
+ 967f58f8 Add an apt safe-upgrade for tor apt testing
+ 38fcffe9 Address flake8 issues in testinfra skip logic
+ 61f8a097 CI grab back tor_version string
+ 732c8dad CI - build for tor-apt-test in release branches
+ f898877f SecureDrop 0.5.2~rc1
= ac500524 Reimplements Ansible fail-fast playbook options
= 03ecd344 Fixes broken ansible-config tests
+ c4114d56 Merge pull request #2886 from freedomofpress/use-xenial-gettext
= afa4a291 CI - Temporarily skip junit for test script calls
= a5272d0a Fix syntax on application tests pytest command
= d2e1ed49 CI - Potential fix for Circle to parse errors
= bdf075d3 CI - also dump raw artifacts in test-with-rebase
= 54cdbb16 CI - Add app/testinfra results into combinedf junit
= 652b2742 Dump raw application and testinfra output in CI
= b8587362 CI - Break-out test XML cleanup/merge from script
= 71305939 Docs: Remove Travis CI from developer documentation.
= 55dfaa5d Remove Travis CI and run pages-layout tests on Circle CI
+ 4227c99c Use Xenial to install gettext 0.19.*
= 07d99bba REVERTME -- Temporary testing region in branch
= 99a05b39 CI - Do not skip ec2 tear-down if keypair rm dies
= b800faa7 Remove regular staging-test in bid to keep complexity down
= 314a7737 Closes #2927, do not fail CI on vulnerable package :(. This change is TEMPORARY until Ansible in `securedrop/requirements/` is upgraded to 2.4
= 116230d1 Implements any_errors_fatal in all playbooks
= 7e0b4756 Adds test for any_errors_fatal Ansible option
= ffd8596f Removes unused "upgrade" playbook
= d8f8569a Implements max_fail_percentage in all playbooks
= 45dfba74 Adds Makefile target "ansible-config-lint"
= 67fac928 Adds test for max_fail_percentage Ansible option
= 70c980f1 Reenables OSSEC connectivity config test
= 0ae8af11 Clean-up systems with multiple agents
= 484c40d1 Purge existing agents from app + mon
= 6d1156ea Make registration detection less stringent
= b594833c Configure Postfix after OSSEC
= d9d98ac7 Add temporary iptables to the top of the chain
= dc6c9632 Add fix for iptables OSSEC monitor temporary rules
= 8690efe2 Updates playbooks with new OSSEC role logic
= 478a9a0c Creates combined "ossec" role for both hosts
= d36c056f Creates "ossec-register" common workflow
= 05a58189 Ports OSSEC pubkey import to "become" pragma
= 4a871323 Breaks out postfix config into discrete role
= 7e31b606 Partial implementation of OSSEC iptables fix
= 84f55d19 Replace aging PyCrypto library with PyCryptodome
= 9f5e80f3 i18n: add new languages securedrop-confiure.yml
+ e4fded23 SecureDrop 0.5
+ 3906f5e4 Tests: Remove 'ar' from test_render_locales
+ 31ac7411 Fix tests after pulling out Arabic translations
+ c6cc6f58 l18n: arabic is postponed to the next version
+ a426c2a9 SecureDrop 0.5-rc6
+ 1799e4c4 l10n: sync ar de_DE es_ES fr_FR nb_NO nl pt_BR translations

We can safely ignore the last commits (e4fded23 SecureDrop 0.5 and below, they come from a faulty merge from 0.5.1 that was dealt with and this is only a trace of that event). The following remain:

I suggest all commits from are cherry-picked into a new pull request against develop and merged. The other two commits can probably be cherry-picked and proposed in the one pull request: they are the only difference between 0.5.2 and develop and will make for a clean history. Use Xenial to install gettext 0.19. was cherry-picked from develop but a conflict had to be resolved, reason why it has a different patch-id and shows with a +, there is no need for action on this one.

How does that sound @mike ?


Yeah I like that plan. It’s not ideal but I think it would help us resolve faster.


That sounds reasonable to me