Fedora Release Process


Note on examples: the commands below use 2.4.4 as the example version and <active-fedora> as a placeholder for the Fedora branch (e.g. f42, f43, rawhide). Substitute the version you are releasing and the branch you are targeting.

Release order — read first. The canonical sequence is:

  1. Tag and generate the source tarball locally (DS section below).
  2. Push the tag upstream (see DS - Push the updates and the tag).
  3. Create the GitHub release and attach the tarball as a release asset (see DS - GitHub release).
  4. Build Fedora Rawhide using the tarball downloaded from the GitHub release — do not regenerate a fresh tarball at this point. The GH release artifact is the canonical source for everything downstream (Fedora and lib389), so all consumers install the same bytes.
  5. Repeat the Fedora build on each stable branch (f43, f42, …) using the same GH release tarball, then submit Bodhi updates.
  6. Publish lib389 to PyPI (howto) once the GH release exists and Fedora Rawhide is in.

Prerequisites

DS = 389-ds-base source code repo

mkdir -p /home/$USER/source/ds389; cd /home/$USER/source/ds389
git clone git@github.com:389ds/389-ds-base.git

Fedora = 389-ds-base dist-git repo which contains the specfile

mkdir -p /home/$USER/source/fedora; cd /home/$USER/source/fedora
fedpkg clone 389-ds-base

DS - Using an existing branch

DS - GitHub release

Once the tag has been pushed upstream, publish the GitHub release before uploading anything to Fedora dist-git. The tarball attached here is the canonical source artifact: Fedora Rawhide, the stable Fedora branches, and lib389 on PyPI all consume the same bytes from this GH release.

Then download the published tarball locally — the rest of this document assumes the Fedora fedpkg new-sources / fedpkg upload step uses this file, not a freshly regenerated one. Re-download jemalloc-*.tar.bz2 the same way only if it was refreshed for this release; otherwise the existing copy in the lookaside cache is reused.

    GH_TAG=389-ds-base-2.4.4
    cd /home/$USER/source/ds389/389-ds-base
    curl -L -O https://github.com/389ds/389-ds-base/releases/download/$GH_TAG/$GH_TAG.tar.bz2

Fedora - Dist-Git - New release

In general, when we do a new build, we push changes to rawhide first, so that the development branch has the newest bits, then to currently supported Fedora releases. The fedpkg commands below use <active-fedora> as a placeholder for the target branch (rawhide, f42, f43, …); start with rawhide, then repeat the same steps on each stable branch you need to update.

Use the GH release tarball. Both fedpkg new-sources and fedpkg upload below must point at the tarball downloaded from the GitHub release in the previous section, not a locally regenerated one. This is what guarantees Fedora and PyPI ship matching artifacts.

lib389 PyPI (after the GH release and Fedora Rawhide)

Publish lib389 to PyPI after the GitHub release exists and the Fedora Rawhide build has gone in. The order matters: the GH release defines the canonical tarball, Fedora Rawhide is the first downstream consumer of those bytes, and lib389 is the third — releasing PyPI first or skipping ahead of Rawhide breaks the “everyone installs the same artifact” guarantee.

You do not need to wait for Bodhi to reach stable, or for the rebuilds on stable Fedora branches — the trigger is “GH release published + Rawhide built”. See How to lib389 PyPI release for the full procedure.

Fedora - Dist-Git Option 2 - Test build with patches

Assume the rawhide branch contains some fixes that are partial (or broken) and you want to do a rawhide build with a crafted list of patches

DS - Push the updates and the tag

NOTE: Do not push the tag until the local make -f rpm.mk dist-bz2 build has completed successfully (per the release-order overview, the tag push happens before the GitHub release and the Koji builds). Once you push a tag, you cannot change it - if you need to make a change to fix a build problem, you will essentially have to repeat all of the steps again, since this will involve a new source version.

NOTE: Do not git push --tags - you may inadvertently push tags you did not intend - push tags specifically by name

    cd /home/$USER/source/ds389/389-ds-base
    git push origin 389-ds-base-2.2
    git push origin refs/tags/389-ds-base-2.2.2

Update The Wiki (internal use only)

Ghostwriter is useful for previewing markdown file changes.

Last modified on 5 June 2026