Release v0.9.1

[aschmahmann]

Waiting for review + tagging + release notes before merging

This release fixes:

• CID bafkqaaa causes error: cannot detect content-type: EOF #8230
• v0.9.0 panics on OpenBSD #8211
• Excessive CPU usage with QUIC #8256
• Memory leak of TCP connections #8219
• Fix close of closed channel libp2p/go-libp2p-pubsub#427 and fix goroutine build up from connected notifications libp2p/go-libp2p-pubsub#430
• Some WebUI bugs https://github.com/ipfs/ipfs-webui/releases/tag/v2.12.4
• The snap builder having an out of date version of Go: bump snap to build with Go 1.16 #8212

@Stebalien @lidel @marten-seemann let me know if I've missed anything

Patch Release Checklist

This process handles patch releases from version vX.Y.Z to vX.Y.Z+1 assuming that vX.Y.Z is the latest released version of go-ipfs.

• Fork a new branch (release-vX.Y.Z) from release and cherry-pick the relevant commits from master (or custom fixes) onto this branch
• Make a minimal changelog update tracking the relevant fixes to CHANGELOG.
• version string in version.go has been updated (in the release-vX.Y.Z+1 branch).
• Make a PR merging release-vX.Y.Z+1 into the release branch
• tag the merge commit in the release branch with vX.Y.Z+1
• upload to dist.ipfs.io
  1. Build: https://github.com/ipfs/distributions#usage.
  2. Pin the resulting release.
  3. Make a PR against ipfs/distributions with the updated versions, including the new hash in the PR comment.
  4. Ask the infra team to update the DNSLink record for dist.ipfs.io to point to the new distribution.
• cut a release on github and upload the result of the ipfs/distributions build in the previous step.
• Announce the Release:
  • On IRC/Matrix (both #ipfs and #ipfs-dev)
  • On discuss.ipfs.io
• Release published
  • to dist.ipfs.io
  • to npm-go-ipfs
  • to chocolatey (will handle as part of Automated publishing to Chocolatey #8252)
  • to snap
  • to github
  • to arch (flag it out of date)
• Cut a new ipfs-desktop release
• Merge the release branch back into master, ignoring the changes to version.go (keep the -dev version from master).

[Stebalien]

That's everything I'm aware of (that's critical, at least). I'd say ship it!

[marten-seemann]

LGTM.

Optional: Include the libp2p update (#8270), which does nothing more than update go-tcp-transport.

Reminder: We need to make sure to build this with Go 1.16.6, to include the crypto/tls fix.

[aschmahmann]

Added a minimal changelog. Decided to skip the mkreleaselog steps here. Seem reasonable @Stebalien?

[Stebalien]

Seems reasonable. (although I'd still consider including contributors).

Also note: I assume mkreleaslog is going to be pretty small.

[aschmahmann]

I updated it, it's pretty long actually because of QUIC related things. WDYT?

[marten-seemann]

Can we get v0.14.4 in (see #8267 (review)), mostly to avoid confusion later on which version we were actually running?

[aschmahmann]

It seems like the only thing added, aside from the TCP bump, was libp2p/go-libp2p#1115.

@Stebalien are you happy letting that into the patch release, or do you think we're better off just waiting on it?

[Stebalien]

I'd really rather not include that. I've mostly convinced myself it won't cause problems, but still.

[aschmahmann]

No worries, let's just leave it alone for now and we'll catch it in the next release

[aschmahmann]

@marten-seemann the diff here is huge, is it a bug in the releaselog generator or is this basically because of how we do the qtls versioning to track different versions of Go?

[marten-seemann]

In terms of LOC, the diff should be around 5 lines. In terms of commits it's huge because of the way I maintain qtls: it's basically one branch with ~40 commits, which I rebase on top of Go releases of crypto/tls every time there's a new Go release.

Really, it doesn't make a lot of sense to list those commits here, just

- update qtls to include the crypto/tls fix of Go 1.16.6 / 1.15.14

would more accurately reflect what changed.

[aschmahmann]

Would it be safe to say that we should generally exclude the qtls libraries from the release log since they're mostly noise?

[marten-seemann]

That sounds reasonable.

[BigLep]

Moving back to in-progress since there is remaining work for the release.