]> git.decadent.org.uk Git - dak.git/blob - config/debian-security/cron.buildd
projects / dak.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
cron.buildd
[dak.git] / config / debian-security / cron.buildd
1 #! /bin/bash
2 #
3 # Executed after cron.unchecked
4
5 set -e
6 set -u
7
8 export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
9 . $SCRIPTVARS
10 SSH_SOCKET=~/.ssh/buildd.debian.org.socket
11 DISTS=$(dak admin s list)
12
13 if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then
14     exit 0
15 fi
16
17 for dist in $DISTS; do
18     eval SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
19     eval PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
20 done
21
22 cd $configdir
23 apt-ftparchive -qq -o APT::FTPArchive::Contents=off generate apt.conf.buildd
24
25 cd  ${base}/buildd
26 for dist in $DISTS; do
27     rm -f $dist/Release*
28     archs=$(dak admin s-a list-arch $dist | tr '\n' ' ')
29     apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $dist security" -o APT::FTPArchive::Release::Architectures="${archs}" release $dist > Release
30     gpg --secret-keyring ${base}/s3kr1t/dot-gnupg/secring.gpg --keyring ${base}/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 55BE302B --detach-sign -o Release.gpg Release
31     mv Release* $dist/.
32 done
33
34 dists=
35
36
37 for dist in $DISTS; do
38     eval NEW_SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
39     eval NEW_PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
40     old=SOURCES_$dist
41     new=NEW_$old
42     if [ ${!new} -gt ${!old} ]; then
43         if [ -z "$dists" ]; then
44             dists="$dist"
45         else
46             dists="$dists $dist"
47         fi
48         continue
49     fi
50     old=PACKAGES_$dist
51     new=NEW_$old
52     if [ ${!new} -gt ${!old} ]; then
53         if [ -z "$dists" ]; then
54             dists="$dist"
55         else
56             dists="$dists $dist"
57         fi
58         continue
59     fi
60 done
61
62 if [ ! -z "$dists" ]; then
63     # setup ssh master process
64     ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null &
65     SSH_PID=$!
66     while [ ! -S $SSH_SOCKET ]; do
67         sleep 1
68     done
69     trap 'kill -TERM $SSH_PID' 0
70     for d in $dists; do
71         ssh wbadm@buildd -S $SSH_SOCKET trigger.security $d
72     done
73 fi
dak changes to support and test code signing