config/debian-security/cron.unchecked: calling process-policy once per queue is enough

[dak.git] / config / debian-security / cron.unchecked

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index bd750d4a022e1eca4df3d7765d1e04821428bc2d..784ac371f127fe7086f62e1788ad2840f4b77e72 100755 (executable)
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -18,14 +18,6 @@ doanything=false
 dopolicy=false
 LOCKFILE="$lockdir/unchecked.lock"
 
-# So first we should go and see if any process-policy action is done
-dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
-dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
-
-# Now, if this really did anything, we can then sync it over. Files
-# in newstage mean they are (late) accepts of security stuff, need
-# to sync to ftp-master
-
 cleanup() {
     rm -f "$LOCKFILE"
 }
@@ -36,14 +28,14 @@ if ! lockfile -r8 "$LOCKFILE"; then
 fi
 trap cleanup EXIT
 
-for queue in embargoed; do
+for queue in embargoed unembargoed; do
     echo "$timestamp: processing ${queue}" >> ${report}
-    dak process-policy ${queue} >> ${report}
-    accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
-    if [ -n "${accepted}" ]; then
-       dopolicy=true
-    fi
+    dak process-policy ${queue} | mail -a "X-Debian: DAK" -e -s "Automatically accepted from ${queue}" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
 done
+accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
+if [ -n "${accepted}" ]; then
+    dopolicy=true
+fi
 
 cd $unchecked
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
@@ -62,6 +54,21 @@ if [ -n "$changes" ]; then
     dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
+# sync accepted files to ftpmaster
+cd ${base}
+find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+
+# export policy queues
+for queue in embargoed; do
+    cd ${queuedir}/${queue}
+    rm -rf export.new
+    mkdir export.new
+    dak export -q ${queue} -d export.new --all
+    rsync -a --delete export.new/. export/.
+    rm -rf export.new
+    cd ${base}
+done
+
 if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
     echo "$timestamp": Nothing to do >> $report
     exit 0
@@ -77,6 +84,7 @@ dak generate-releases -a build-queues >/dev/null
 for suite in stable testing; do
     overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }')
     rm -rf ${incoming}/${suite}.new
+    mkdir ${incoming}/${suite}.new
     dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new
 
     cd ${incoming}/${suite}.new
@@ -94,14 +102,15 @@ for suite in stable testing; do
     mv ${suite}.Release ${suite}.new/Release
     mv ${suite}.Release.gpg ${suite}.new/Release.gpg
 
-    mv ${suite} ${suite}.old
+    if [ -d ${suite} ]; then
+       mv ${suite} ${suite}.old
+    fi
     mv ${suite}.new ${suite}
     rm -rf ${suite}.old
 done
 
 if [ "x${dopolicy}x" = "xtruex" ]; then
     # We had something approved from a policy queue, push out new archive
-    find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
     dak dominate
     #dak generate-filelist
     cd $configdir