]> git.decadent.org.uk Git - dak.git/blob - config/debian-security/cron.buildd
projects / dak.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
cron.buildd
[dak.git] / config / debian-security / cron.buildd
1 #! /bin/bash
2 #
3 # Executed after cron.unchecked
4
5 set -e
6 set -u
7
8 export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
9 . $SCRIPTVARS
10 SSH_SOCKET=~/.ssh/buildd.debian.org.socket
11 DISTS=$(dak admin s list)
12
13 if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then
14         exit 0
15 fi
16
17 for dist in $DISTS; do
18         eval SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
19         eval PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
20 done
21
22 cd $configdir
23 apt-ftparchive -qq -o APT::FTPArchive::Contents=off generate apt.conf.buildd
24
25 cd  ${base}/buildd
26 for dist in $DISTS; do
27     rm -f $dist/Release*
28     archs=$(dak admin s-a list-arch $dist | tr '\n' ' ')
29     apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $dist security" -o APT::FTPArchive::Release::Architectures="${archs}" release $dist > Release
30     gpg --secret-keyring ${base}/s3kr1t/dot-gnupg/secring.gpg --keyring ${base}/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 55BE302B --detach-sign -o Release.gpg Release
31     mv Release* $dist/.
32 done
33
34 dists=
35
36
37 for dist in $DISTS; do
38         eval NEW_SOURCES_$dist=`stat -c "%Y" $base/buildd/$dist/Sources.gz`
39         eval NEW_PACKAGES_$dist=`stat -c "%Y" $base/buildd/$dist/Packages.gz`
40         old=SOURCES_$dist
41     new=NEW_$old
42     if [ ${!new} -gt ${!old} ]; then
43                 if [ -z "$dists" ]; then
44                         dists="$dist"
45                 else
46                         dists="$dists $dist"
47                 fi
48                 continue
49         fi
50         old=PACKAGES_$dist
51         new=NEW_$old
52     if [ ${!new} -gt ${!old} ]; then
53                 if [ -z "$dists" ]; then
54                         dists="$dist"
55                 else
56                         dists="$dists $dist"
57                 fi
58                 continue
59         fi
60 done
61
62 if [ ! -z "$dists" ]; then
63         # setup ssh master process
64         ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null &
65         SSH_PID=$!
66         while [ ! -S $SSH_SOCKET ]; do
67                 sleep 1
68         done
69         trap 'kill -TERM $SSH_PID' 0
70         for d in $dists; do
71                 ssh wbadm@buildd -S $SSH_SOCKET trigger.security $d
72         done
73 fi
dak changes to support and test code signing