|
| 1 | +Scope of this document |
| 2 | +====================== |
| 3 | + |
| 4 | +Explain how to update Zephyr's fork of Mbed TLS to align with a newer upstream |
| 5 | +release. |
| 6 | +This document talks about Mbed TLS, but the very same applies also to |
| 7 | +TF-PSA-Crypto that, starting from Mbed TLS release 4.0, will be part of the |
| 8 | +Mbed TLS project. |
| 9 | + |
| 10 | +Upstream Mbed TLS branches and tags |
| 11 | +=================================== |
| 12 | + |
| 13 | +- Working branch name: `development` |
| 14 | +- 1 or more LTS branches named as `mbedtls-<major>.<minor>` (ex: `mbedtls-3.6`) |
| 15 | +- Tag at every release with format `v<major>.<minor>.<patch>` (ex: `v3.6.4`) |
| 16 | + |
| 17 | +Proposed approach |
| 18 | +================= |
| 19 | + |
| 20 | +Let's say that a new Mbed TLS release is announced and that its release tag |
| 21 | +is for example `v3.6.5`. |
| 22 | +On the Zephyr fork: |
| 23 | +1. Create a new branch named `zephyr-mbedtls-v3.6.5` which is located exactly at |
| 24 | + the upstream release tag. |
| 25 | +2. Make a PR by cherry-picking all the Zephyr extra patches that are still valid |
| 26 | + for the new branch [1]. For this PR set the target merge branch to the newly |
| 27 | + created `zephyr-mbedtls-v3.6.5`. [2] |
| 28 | +3. Wait for the PR to be merged. |
| 29 | +4. Set the repo `default` branch to `zephyr-mbedtls-v3.6.5`. |
| 30 | + |
| 31 | +[1]: Likely all the `[zep fromtree]` (and perhaps `[zep fromlist]`) should be |
| 32 | + discarded as they should already be included in the new upstream release. |
| 33 | + Others (i.e. `[zep noup]`) might no more be valid or might require an |
| 34 | + update. In general each Zephyr extra patch should be checked individually. |
| 35 | + |
| 36 | +[2]: With this approach the PR in GitHub will show only Zephyr extra commits |
| 37 | + on top of the upstream release tag, so it will be easier to review. |
0 commit comments