7 export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
10 # And use one locale, no matter what the caller has set
14 report=$queuedir/REPORT
15 reportdis=$queuedir/REPORT.disembargo
16 timestamp=$(date "+%Y-%m-%d %H:%M")
19 LOCKFILE="$lockdir/unchecked.lock"
21 # So first we should go and see if any process-policy action is done
22 dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
23 dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
25 # Now, if this really did anything, we can then sync it over. Files
26 # in newstage mean they are (late) accepts of security stuff, need
27 # to sync to ftp-master
33 if ! lockfile -r8 "$LOCKFILE"; then
34 echo "aborting cron.unchecked because $LOCKFILE has already been locked"
39 for queue in embargoed; do
40 echo "$timestamp: processing ${queue}" >> ${report}
41 dak process-policy ${queue} >> ${report}
42 accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
43 if [ -n "${accepted}" ]; then
49 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
50 if [ -n "$changes" ]; then
52 echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report
53 dak process-upload -a -d "$unchecked" >> $report
57 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
59 if [ -n "$changes" ]; then
61 echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis
62 dak process-upload -a -d "$disembargo" >> $reportdis
65 # sync accepted files to ftpmaster
67 find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
69 # export policy queues
70 for queue in embargoed; do
71 cd ${queuedir}/${queue}
74 dak export -q ${queue} -d export.new --all
75 rsync -a --delete export.new/. export/.
80 if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
81 echo "$timestamp": Nothing to do >> $report
86 dak manage-build-queues -a
87 dak generate-packages-sources2 -a build-queues
88 dak generate-releases -a build-queues >/dev/null
90 # export build queues in old format
91 # XXX: This should be removed later.
92 for suite in stable testing; do
93 overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }')
94 rm -rf ${incoming}/${suite}.new
95 mkdir ${incoming}/${suite}.new
96 dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new
98 cd ${incoming}/${suite}.new
99 apt-ftparchive packages . ${overridedir}/override.${overridecodename}.all3 >Packages
100 gzip -9c --rsyncable <Packages >Packages.gz
101 apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3 >Sources
102 gzip -9c --rsyncable <Sources >Sources.gz
106 apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite security" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release
108 gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release
110 mv ${suite}.Release ${suite}.new/Release
111 mv ${suite}.Release.gpg ${suite}.new/Release.gpg
113 if [ -d ${suite} ]; then
114 mv ${suite} ${suite}.old
116 mv ${suite}.new ${suite}
120 if [ "x${dopolicy}x" = "xtruex" ]; then
121 # We had something approved from a policy queue, push out new archive
123 #dak generate-filelist
126 #apt-ftparchive generate apt.conf
127 dak generate-packages-sources2 -a security
128 dak generate-releases -a security
129 /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
130 sudo -u archvsync -H /home/archvsync/signal_security
136 $configdir/cron.buildd