@@ -177,24 +177,51 @@ library though.
177177The PSA-Crypto repository provides a reference implementation of the
178178PSA cryptography API through its main branch.
179179
180- The main branch is updated against the head of the Mbed TLS development branch
181- according to the following sequence where \< mbedtls-commit-id> is the identifier
182- of the head of the Mbed TLS development branch, \< mbedtls-pr\> is the number
183- of the last PR merged into the Mbed TLS development branch and
184- \< psa-crypto-commit-id\> is the identifier of the head of the development
185- branch of this repository used for the update. Just the first nine characters
186- of the commit identifiers are used.
187-
188- * Checkout the Mbed TLS branch https://github.com/ronald-cron-arm/mbedtls/tree/psa-crypto-repository .
189- This branch should have been rebased beforehand on top of the head of the
190- Mbed TLS development branch we want to update against.
180+ The main branch head is built from a commit of the PSA-Crypto development
181+ branch and a commit of the Mbed TLS development branch. Updating the main
182+ branch consists in moving its head to be based on more recent commits of the
183+ PSA-Crypto and Mbed TLS development branches. In the following,
184+ \< mbedtls-commit-id\> is the identifier of the commit of the Mbed TLS
185+ development branch used to update the main branch, \< mbedtls-pr\> is
186+ the number of the last PR merged into this commit, \< psa-crypto-commit-id\> is
187+ the identifier of the commit of the development branch of this repository used
188+ for the update and \< psa-crypto-pr\> the number of the last PR merged into that
189+ commit. Just the first nine characters of the commit identifiers are used.
190+
191+ An update follows the following flow:
192+
193+ * A base-for-psa-crypto-PR\< psa-crypto-pr\> branch is created in
194+ https://github.com/ronald-cron-arm/mbedtls/tree/psa-crypto-repository . The
195+ branch is the Mbed TLS commit we want to update against plus a few additional
196+ commits. This specific branch is created to keep track of those few
197+ additional commits.
198+ * Checkout locally the base-for-psa-crypto-PR\< psa-crypto-pr\> branch.
199+
200+ Build what we want to become the new head of the main branch:
191201* cd path/to/my/psa/crypto/repo
192- * git checkout -b update-against- \< mbedtls-commit-id \> -PR \< mbedtls-pr \> -with- \< psa-crypto-commit-id \>
193- development
194- * ./scripts/psa_crypto.py --mbedlts path/to/the/mbedtls/branch
202+ * git checkout -b new-main development
203+ * git clean -fdx
204+ * ./scripts/psa_crypto.py --mbedtls path/to/the/mbedtls/branch/checked/out/above
195205* git add --all
196- * git commit -s -m"Update against \< mbedtls-commit-id\> (PR \< mbedtls-pr\> ) with \< psa-crypto-commit-id\> "
197- * Create a PR against the main branch with the branch that has just been created.
206+ * git commit -s -m"New main head"
207+
208+ Create the branch for the update pull request from current main head, merge
209+ into it the PSA-Crypto development branch to get its last version (not necessary
210+ if the PSA-Crypto development branch has not changed since the last update)
211+ and then update the PSA cryptography implementation by applying the patch to
212+ end up with the same tree as the new-main branch.
213+ * git checkout -b update-against-\< mbedtls-commit-id\> -PR\< mbedtls-pr\> -with-\< psa-crypto-commit-id\> -PR\< psa-crypto-pr\> main
214+ * git merge development -m"Merge \< psa-crypto-commit-id\> -PR\< psa-crypto-pr\> "
215+ * git diff HEAD new-main > patch.file
216+ * git apply patch.file
217+ * rm patch.file
218+ * git add --all
219+ * git commit -s -m"Update against \< mbedtls-commit-id\> (PR \< mbedtls-pr\> )"
220+
221+ Clean-up
222+ * git branch -D new-main
223+
224+ * Create a PR against the main branch with the update branch created above.
198225* Merge the PR which completes the update.
199226
200227## Comparison with the Mbed TLS cryptography library
0 commit comments