Re: [PATCH util/modular] Add gpg signing to release.sh
On Mon, Jun 09, 2014 at 12:10:48PM +0200, Stephen Kitt wrote:
> On Sun, 08 Jun 2014 21:48:52 -0400, Gaetan Nadon wrote:
> > On 14-06-07 03:57 PM, Stephen Kitt wrote:
> > >
> > > #--
> > > +# Function: sign_or_fail
> > > +#--
> > > +#
> > > +# Sign the given file, if any
> > > +# Output the name of the signature generated to stdout (all other output
> > > to +# stderr)
> > > +# Return 0 on success, 1 on fail
> > > +#
> > > +sign_or_fail() {
> > > +if [ -n "$1" ]; then
> > > + sig=$1.sig
> > > + rm -f $sig
> > > + $GPG -b $1 1>&2
> > > + if [ $? -ne 0 ]; then
> > > + echo "Error: failed to sign $1." >&2
> > > + return 1
> > > + fi
> > > + echo $sig
> > This echo statement does not appear for me. Perhaps because the function
> > is called from $(). I do get the gpg message:
> >
> > You need a passphrase to unlock the secret key for
> > user: "Gaetan Nadon "
> > 1024-bit DSA key, ID FB9EC9FC, created 2008-12-16
> >
> > Not a big deal,
>
> Thanks for the review!
>
> The output of the echo statement isn't supposed to appear, it's used to
> effectively provide the result of the function which then ends up in a
> variable for later use by the caller.
thanks, pushed with slight moving around for the other changes that I
accidentally pushed before merging this one in
2dc07d9..d53e5ec master -> master
Cheers,
Peter
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On Sun, 08 Jun 2014 21:48:52 -0400, Gaetan Nadon wrote:
> On 14-06-07 03:57 PM, Stephen Kitt wrote:
> >
> > #--
> > +# Function: sign_or_fail
> > +#--
> > +#
> > +# Sign the given file, if any
> > +# Output the name of the signature generated to stdout (all other output
> > to +# stderr)
> > +# Return 0 on success, 1 on fail
> > +#
> > +sign_or_fail() {
> > +if [ -n "$1" ]; then
> > + sig=$1.sig
> > + rm -f $sig
> > + $GPG -b $1 1>&2
> > + if [ $? -ne 0 ]; then
> > + echo "Error: failed to sign $1." >&2
> > + return 1
> > + fi
> > + echo $sig
> This echo statement does not appear for me. Perhaps because the function
> is called from $(). I do get the gpg message:
>
> You need a passphrase to unlock the secret key for
> user: "Gaetan Nadon "
> 1024-bit DSA key, ID FB9EC9FC, created 2008-12-16
>
> Not a big deal,
Thanks for the review!
The output of the echo statement isn't supposed to appear, it's used to
effectively provide the result of the function which then ends up in a
variable for later use by the caller.
Regards,
Stephen
signature.asc
Description: PGP signature
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On 14-06-07 03:57 PM, Stephen Kitt wrote:
> From 283b89da292ad8a5743222baf33393d964cff54b Mon Sep 17 00:00:00 2001
> From: Stephen Kitt
> Date: Sun, 1 Jun 2014 14:46:01 +0200
> Subject: [PATCH util/modular] Add gpg signing to release.sh
>
> gpg-sign the git tag and the generated tarballs, and upload the signatures
> along with the tarballs. Any existing tarball signatures are removed
> beforehand.
>
> Signed-off-by: Stephen Kitt
>
> Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
>
> Signed-off-by: Alan Coopersmith
> ---
> release.sh | 48 ++--
> 1 file changed, 46 insertions(+), 2 deletions(-)
>
> diff --git a/release.sh b/release.sh
> index a4a725d..6389bc6 100755
> --- a/release.sh
> +++ b/release.sh
> @@ -193,6 +193,29 @@ process_modules() {
> }
>
>
> #--
> +# Function: sign_or_fail
> +#--
> +#
> +# Sign the given file, if any
> +# Output the name of the signature generated to stdout (all other output to
> +# stderr)
> +# Return 0 on success, 1 on fail
> +#
> +sign_or_fail() {
> +if [ -n "$1" ]; then
> + sig=$1.sig
> + rm -f $sig
> + $GPG -b $1 1>&2
> + if [ $? -ne 0 ]; then
> + echo "Error: failed to sign $1." >&2
> + return 1
> + fi
> + echo $sig
This echo statement does not appear for me. Perhaps because the function
is called from $(). I do get the gpg message:
You need a passphrase to unlock the secret key for
user: "Gaetan Nadon "
1024-bit DSA key, ID FB9EC9FC, created 2008-12-16
Not a big deal,
Reviewed-by: Gaetan Nadon
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
Hi,
On Thu, 5 Jun 2014 10:05:15 +1000, Peter Hutterer
wrote:
> shouldn't we fail here if creating the detached sig fails?
I'm attaching a new version which fails if gpg fails to sign for any reason.
Regards,
Stephen
From 283b89da292ad8a5743222baf33393d964cff54b Mon Sep 17 00:00:00 2001
From: Stephen Kitt
Date: Sun, 1 Jun 2014 14:46:01 +0200
Subject: [PATCH util/modular] Add gpg signing to release.sh
gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs. Any existing tarball signatures are removed
beforehand.
Signed-off-by: Stephen Kitt
Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
Signed-off-by: Alan Coopersmith
---
release.sh | 48 ++--
1 file changed, 46 insertions(+), 2 deletions(-)
diff --git a/release.sh b/release.sh
index a4a725d..6389bc6 100755
--- a/release.sh
+++ b/release.sh
@@ -193,6 +193,29 @@ process_modules() {
}
#--
+# Function: sign_or_fail
+#--
+#
+# Sign the given file, if any
+# Output the name of the signature generated to stdout (all other output to
+# stderr)
+# Return 0 on success, 1 on fail
+#
+sign_or_fail() {
+if [ -n "$1" ]; then
+ sig=$1.sig
+ rm -f $sig
+ $GPG -b $1 1>&2
+ if [ $? -ne 0 ]; then
+ echo "Error: failed to sign $1." >&2
+ return 1
+ fi
+ echo $sig
+fi
+return 0
+}
+
+#--
# Function: process_module
#--
# Code 'return 0' on success to process the next module
@@ -299,6 +322,19 @@ process_module() {
return 1
fi
+gpgsignerr=0
+siggz="$(sign_or_fail ${targz})"
+gpgsignerr=$((${gpgsignerr} + $?))
+sigbz2="$(sign_or_fail ${tarbz2})"
+gpgsignerr=$((${gpgsignerr} + $?))
+sigxz="$(sign_or_fail ${tarxz})"
+gpgsignerr=$((${gpgsignerr} + $?))
+if [ ${gpgsignerr} -ne 0 ]; then
+echo "Error: unable to sign at least one of the tarballs."
+cd $top_src
+return 1
+fi
+
# Obtain the top commit SHA which should be the version bump
# It should not have been tagged yet (the script will do it later)
local_top_commit_sha=`git rev-list --max-count=1 HEAD`
@@ -354,7 +390,7 @@ process_module() {
else
# Tag the top commit with the tar name
if [ x"$DRY_RUN" = x ]; then
- git tag -m $tar_name $tar_name
+ git tag -s -m $tar_name $tar_name
if [ $? -ne 0 ]; then
echo "Error: unable to tag module with \"$tar_name\"."
cd $top_src
@@ -501,7 +537,7 @@ process_module() {
# Upload to host using the 'scp' remote file copy program
if [ x"$DRY_RUN" = x ]; then
echo "Info: uploading tarballs to web server:"
- scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+ scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz $USER_NAME$hostname:$srv_path
if [ $? -ne 0 ]; then
echo "Error: the tarballs uploading failed."
cd $top_src
@@ -627,6 +663,14 @@ if [ "x$GREP" = "x" ] ; then
fi
fi
+# Find path for GnuPG v2
+if [ "x$GPG" = "x" ] ; then
+if [ -x /usr/bin/gpg2 ] ; then
+ GPG=/usr/bin/gpg2
+else
+ GPG=gpg
+fi
+fi
# Set the default make tarball creation command
MAKE_DIST_CMD=distcheck
--
2.0.0.rc2
signature.asc
Description: PGP signature
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
Hi Peter,
On Thu, 5 Jun 2014 10:05:15 +1000, Peter Hutterer
wrote:
> On Sun, Jun 01, 2014 at 03:13:13PM +0200, Stephen Kitt wrote:
> > +[ -n "$targz" ] && rm -f ${targz}.sig && $GPG -b $targz &&
> > siggz=${targz}.sig || true
> > +[ -n "$tarbz2" ] && rm -f ${tarbz2}.sig && $GPG -b $tarbz2 &&
> > sigbz2=${tarbz2}.sig || true
> > +[ -n "$tarxz" ] && rm -f ${tarxz}.sig && $GPG -b $tarxz &&
> > sigxz=${tarxz}.sig || true
>
> shouldn't we fail here if creating the detached sig fails?
My initial intent was to make gpg signing a "best effort" thing, so if the
tarballs can be gpg-signed so much the better, but if they can't the release
can proceed anyway. But you're right, this patch turns gpg into a hard
requirement because of the signed git tag ("git tag -s" fails if gpg can't
sign the tag), so failing to create the detached sig could justifiably fail
the release.
I'll rework the patch by Saturday...
Regards,
Stephen
signature.asc
Description: PGP signature
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On Sun, Jun 01, 2014 at 03:13:13PM +0200, Stephen Kitt wrote:
> From 7d967b5ec2122a3f85730587be6d8a424fac9cdc Mon Sep 17 00:00:00 2001
> From: Stephen Kitt
> Date: Sun, 1 Jun 2014 14:46:01 +0200
> Subject: [PATCH util/modular] Add gpg signing to release.sh
>
> gpg-sign the git tag and the generated tarballs, and upload the signatures
> along with the tarballs. Any existing tarball signatures are removed
> beforehand.
>
> Signed-off-by: Stephen Kitt
>
> Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
>
> Signed-off-by: Alan Coopersmith
> ---
> release.sh | 16 ++--
> 1 file changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/release.sh b/release.sh
> index a4a725d..a2879ad 100755
> --- a/release.sh
> +++ b/release.sh
> @@ -299,6 +299,10 @@ process_module() {
> return 1
> fi
>
> +[ -n "$targz" ] && rm -f ${targz}.sig && $GPG -b $targz &&
> siggz=${targz}.sig || true
> +[ -n "$tarbz2" ] && rm -f ${tarbz2}.sig && $GPG -b $tarbz2 &&
> sigbz2=${tarbz2}.sig || true
> +[ -n "$tarxz" ] && rm -f ${tarxz}.sig && $GPG -b $tarxz &&
> sigxz=${tarxz}.sig || true
shouldn't we fail here if creating the detached sig fails?
Cheers,
Peter
> +
> # Obtain the top commit SHA which should be the version bump
> # It should not have been tagged yet (the script will do it later)
> local_top_commit_sha=`git rev-list --max-count=1 HEAD`
> @@ -354,7 +358,7 @@ process_module() {
> else
> # Tag the top commit with the tar name
> if [ x"$DRY_RUN" = x ]; then
> - git tag -m $tar_name $tar_name
> + git tag -s -m $tar_name $tar_name
> if [ $? -ne 0 ]; then
> echo "Error: unable to tag module with \"$tar_name\"."
> cd $top_src
> @@ -501,7 +505,7 @@ process_module() {
> # Upload to host using the 'scp' remote file copy program
> if [ x"$DRY_RUN" = x ]; then
> echo "Info: uploading tarballs to web server:"
> - scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
> + scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz
> $USER_NAME$hostname:$srv_path
> if [ $? -ne 0 ]; then
> echo "Error: the tarballs uploading failed."
> cd $top_src
> @@ -627,6 +631,14 @@ if [ "x$GREP" = "x" ] ; then
> fi
> fi
>
> +# Find path for GnuPG v2
> +if [ "x$GPG" = "x" ] ; then
> +if [ -x /usr/bin/gpg2 ] ; then
> + GPG=/usr/bin/gpg2
> +else
> + GPG=gpg
> +fi
> +fi
>
> # Set the default make tarball creation command
> MAKE_DIST_CMD=distcheck
> --
> 2.0.0.rc2
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On 06/ 1/14 06:13 AM, Stephen Kitt wrote: And I'm attaching an updated version which includes your modifications and deletes the signatures if any before re-generating them. Thanks - I'll try that for my next release, and if it works, go ahead and push it, since I've seen no one object to us starting to do this. I don't know what the X.org release signing policy is, I haven't found anything in the wiki; the patch as-is works fine if people just use their default key for signing, but if role keys are planned then it might be worth adding an option to specify the key id to use. Perhaps that can come later, it seems to me that the benefit of getting signed releases (which can then be automatically checked, as is done in Debian) outweighs the benefit of key id selection. I've always just used my default key - we have no written policy or role keys. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - http://blogs.oracle.com/alanc ___ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On Sat, 31 May 2014 16:49:56 -0700, Alan Coopersmith
wrote:
> On 05/20/14 01:49 PM, Stephen Kitt wrote:
> > Peter Hutterer suggested I send this here; it's a patch to add gpg
> > signing to release.sh, both for the git tag and the generated tarballs.
> >
> > This version tries to use gpg unconditionnally, it might be more useful
> > with a parameter to switch the behaviour...
>
> Thanks for doing this - we keep talking about it, but never got the changes
> made.
You're welcome! I noticed the announcement emails were being properly
gpg-signed, but not the tarballs.
> I'd modified my copy locally to add -m to the git tag flags a couple months
> ago, and that seems to have worked fine for me for the few releases I've
> done since then.
>
> The only problem I see with this patch for me is that on the systems I use
> (Solaris 12.0 & 11.x development branches) GnuPG 2.x is installed as gpg2,
> not gpg, so would appreciate having some way to override the exact path.
>
> So I dropped my patch, applied yours, and tweaked it to allow setting the
> GPG path, and it seemed to work fine for the xcursorgen release I just
> pushed, so there are now xcursorgen-1.0.6.tar.bz2.sig &
> xcursorgen-1.0.6.tar.gz.sig files the script uploaded alongside the
> released tarballs.
Excellent!
> The one issue I did see is that I made a mistake on the first run (forgot to
> push the version changing commit first), so the script aborted and re-ran,
> and after re-running make distcheck to create new tarballs, I was then
> prompted:
>
> File `xcursorgen-1.0.6.tar.gz.sig' exists. Overwrite? (y/N) y
> File `xcursorgen-1.0.6.tar.bz2.sig' exists. Overwrite? (y/N) y
>
> Should those files be automatically deleted after rebuilding the tarballs?
I think so, otherwise we risk uploading invalid signatures...
> I've attached my modified form of your patch for further review/discussion.
And I'm attaching an updated version which includes your modifications and
deletes the signatures if any before re-generating them.
I don't know what the X.org release signing policy is, I haven't found
anything in the wiki; the patch as-is works fine if people just use their
default key for signing, but if role keys are planned then it might be worth
adding an option to specify the key id to use. Perhaps that can come later,
it seems to me that the benefit of getting signed releases (which can then be
automatically checked, as is done in Debian) outweighs the benefit of key id
selection.
Regards,
Stephen
From 7d967b5ec2122a3f85730587be6d8a424fac9cdc Mon Sep 17 00:00:00 2001
From: Stephen Kitt
Date: Sun, 1 Jun 2014 14:46:01 +0200
Subject: [PATCH util/modular] Add gpg signing to release.sh
gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs. Any existing tarball signatures are removed
beforehand.
Signed-off-by: Stephen Kitt
Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
Signed-off-by: Alan Coopersmith
---
release.sh | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/release.sh b/release.sh
index a4a725d..a2879ad 100755
--- a/release.sh
+++ b/release.sh
@@ -299,6 +299,10 @@ process_module() {
return 1
fi
+[ -n "$targz" ] && rm -f ${targz}.sig && $GPG -b $targz && siggz=${targz}.sig || true
+[ -n "$tarbz2" ] && rm -f ${tarbz2}.sig && $GPG -b $tarbz2 && sigbz2=${tarbz2}.sig || true
+[ -n "$tarxz" ] && rm -f ${tarxz}.sig && $GPG -b $tarxz && sigxz=${tarxz}.sig || true
+
# Obtain the top commit SHA which should be the version bump
# It should not have been tagged yet (the script will do it later)
local_top_commit_sha=`git rev-list --max-count=1 HEAD`
@@ -354,7 +358,7 @@ process_module() {
else
# Tag the top commit with the tar name
if [ x"$DRY_RUN" = x ]; then
- git tag -m $tar_name $tar_name
+ git tag -s -m $tar_name $tar_name
if [ $? -ne 0 ]; then
echo "Error: unable to tag module with \"$tar_name\"."
cd $top_src
@@ -501,7 +505,7 @@ process_module() {
# Upload to host using the 'scp' remote file copy program
if [ x"$DRY_RUN" = x ]; then
echo "Info: uploading tarballs to web server:"
- scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+ scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz $USER_NAME$hostname:$srv_path
if [ $? -ne 0 ]; then
echo "Error: the tarballs uploading failed."
cd $top_src
@@ -627,6 +631,14 @@ if [ "x$GREP" = "x" ] ; then
fi
fi
+# Find path for GnuPG v2
+if [ "x$GPG" = "x" ] ; then
+if [ -x /usr/bin/gpg2 ] ; then
+ GPG=/usr/bin/gpg2
+else
+ GPG=gpg
+fi
+fi
# Set the default make tarball creation command
MAKE_DIST_CMD=distcheck
--
2.0.0.rc2
signature.asc
Description: PGP signature
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
Re: [PATCH util/modular] Add gpg signing to release.sh
On 05/20/14 01:49 PM, Stephen Kitt wrote:
Hi,
Peter Hutterer suggested I send this here; it's a patch to add gpg signing to
release.sh, both for the git tag and the generated tarballs.
This version tries to use gpg unconditionnally, it might be more useful with
a parameter to switch the behaviour...
Thanks for doing this - we keep talking about it, but never got the changes
made.
I'd modified my copy locally to add -m to the git tag flags a couple months ago,
and that seems to have worked fine for me for the few releases I've done since
then.
The only problem I see with this patch for me is that on the systems I use
(Solaris 12.0 & 11.x development branches) GnuPG 2.x is installed as gpg2,
not gpg, so would appreciate having some way to override the exact path.
So I dropped my patch, applied yours, and tweaked it to allow setting the GPG
path, and it seemed to work fine for the xcursorgen release I just pushed, so
there are now xcursorgen-1.0.6.tar.bz2.sig & xcursorgen-1.0.6.tar.gz.sig files
the script uploaded alongside the released tarballs.
The one issue I did see is that I made a mistake on the first run (forgot to
push the version changing commit first), so the script aborted and re-ran, and
after re-running make distcheck to create new tarballs, I was then prompted:
File `xcursorgen-1.0.6.tar.gz.sig' exists. Overwrite? (y/N) y
File `xcursorgen-1.0.6.tar.bz2.sig' exists. Overwrite? (y/N) y
Should those files be automatically deleted after rebuilding the tarballs?
I've attached my modified form of your patch for further review/discussion.
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
From 361334a313e7fd2239480438e309433e26ca8a04 Mon Sep 17 00:00:00 2001
From: Stephen Kitt
Date: Tue, 20 May 2014 22:49:06 +0200
Subject: [PATCH:modular] Add gpg signing to release.sh
gpg-sign the git tag and the generated tarballs, and upload the signatures
along with the tarballs.
Signed-off-by: Stephen Kitt
Modified by Alan Coopersmith to handle gpg vs. gpg2 paths for Solaris.
Signed-off-by: Alan Coopersmith
---
release.sh | 16 ++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/release.sh b/release.sh
index a4a725d..852299e 100755
--- a/release.sh
+++ b/release.sh
@@ -299,6 +299,10 @@ process_module() {
return 1
fi
+[ -n "$targz" ] && $GPG -b $targz && siggz=${targz}.sig || true
+[ -n "$tarbz2" ] && $GPG -b $tarbz2 && sigbz2=${tarbz2}.sig || true
+[ -n "$tarxz" ] && $GPG -b $tarxz && sigxz=${tarxz}.sig || true
+
# Obtain the top commit SHA which should be the version bump
# It should not have been tagged yet (the script will do it later)
local_top_commit_sha=`git rev-list --max-count=1 HEAD`
@@ -354,7 +358,7 @@ process_module() {
else
# Tag the top commit with the tar name
if [ x"$DRY_RUN" = x ]; then
- git tag -m $tar_name $tar_name
+ git tag -s -m $tar_name $tar_name
if [ $? -ne 0 ]; then
echo "Error: unable to tag module with \"$tar_name\"."
cd $top_src
@@ -501,7 +505,7 @@ process_module() {
# Upload to host using the 'scp' remote file copy program
if [ x"$DRY_RUN" = x ]; then
echo "Info: uploading tarballs to web server:"
- scp $targz $tarbz2 $tarxz $USER_NAME$hostname:$srv_path
+ scp $targz $tarbz2 $tarxz $siggz $sigbz2 $sigxz
$USER_NAME$hostname:$srv_path
if [ $? -ne 0 ]; then
echo "Error: the tarballs uploading failed."
cd $top_src
@@ -627,6 +631,14 @@ if [ "x$GREP" = "x" ] ; then
fi
fi
+# Find path for GnuPG v2
+if [ "x$GPG" = "x" ] ; then
+if [ -x /usr/bin/gpg2 ] ; then
+ GPG=/usr/bin/gpg2
+else
+ GPG=gpg
+fi
+fi
# Set the default make tarball creation command
MAKE_DIST_CMD=distcheck
--
1.7.9.2
___
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
