config/debian-security/cron.buildd

   1 #! /bin/bash
   2 #
   3 # Executed after cron.unchecked
   4
   5 set -e
   6 set -u
   7
   8 export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
   9 . $SCRIPTVARS
  10 SSH_SOCKET=~/.ssh/buildd.debian.org.socket
  11 DISTS=$(dak admin s list)
  12
  13 if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then
  14     exit 0
  15 fi
  16
  17 for dist in $DISTS; do
  18     eval SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
  19     eval PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
  20 done
  21
  22 cd $configdir
  23 apt-ftparchive -qq -o APT::FTPArchive::Contents=off generate apt.conf.buildd
  24
  25 cd  ${base}/buildd
  26 for dist in $DISTS; do
  27     rm -f $dist/Release*
  28     darchs=$(dak admin s-a list-arch $dist | tr '\n' ' ')
  29     codename=$(dak admin s show ${dist} | grep ^Codename | awk '{print $2}')
  30     apt-ftparchive -qq -o APT::FTPArchive::Release::Codename="${codename}" -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $dist security" -o APT::FTPArchive::Release::Architectures="${darchs}" release $dist > Release
  31     gpg --secret-keyring ${base}/s3kr1t/dot-gnupg/secring.gpg --keyring ${base}/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 55BE302B --detach-sign -o Release.gpg Release
  32     mv Release* $dist/.
  33 done
  34
  35 dists=
  36
  37
  38 for dist in $DISTS; do
  39     eval NEW_SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
  40     eval NEW_PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
  41     old=SOURCES_$dist
  42     new=NEW_$old
  43     if [ ${!new} -gt ${!old} ]; then
  44         if [ -z "$dists" ]; then
  45             dists="$dist"
  46         else
  47             dists="$dists $dist"
  48         fi
  49         continue
  50     fi
  51     old=PACKAGES_$dist
  52     new=NEW_$old
  53     if [ ${!new} -gt ${!old} ]; then
  54         if [ -z "$dists" ]; then
  55             dists="$dist"
  56         else
  57             dists="$dists $dist"
  58         fi
  59         continue
  60     fi
  61 done
  62
  63 if [ ! -z "$dists" ]; then
  64     # setup ssh master process
  65     ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null &
  66     SSH_PID=$!
  67     while [ ! -S $SSH_SOCKET ]; do
  68         sleep 1
  69     done
  70     trap 'kill -TERM $SSH_PID' 0
  71     for d in $dists; do
  72         case $d in
  73             oldstable)
  74                 send=lenny
  75                 ;;
  76             stable)
  77                 send=squeeze
  78                 ;;
  79             testing)
  80                 send=testing
  81                 ;;
  82             *)
  83                 send=unknown
  84                 ;;
  85         esac
  86
  87         ssh wbadm@buildd -S $SSH_SOCKET trigger.security $send
  88     done
  89 fi