cleanup ssh config, remove unused keys

[dak.git] / config / debian-security / cron.unchecked

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index e6ccf82446492e7d7b85f404ce81ef92878f1e62..7baf55ac10cd8b6f45b2afa38de905f52c1b881d 100755 (executable)
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -1,6 +1,7 @@
 #! /bin/bash
 
 set -e
+set -o pipefail
 set -u
 
 export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
@@ -15,6 +16,7 @@ reportdis=$queuedir/REPORT.disembargo
 timestamp=$(date "+%Y-%m-%d %H:%M")
 doanything=false
 dopolicy=false
+LOCKFILE="$lockdir/unchecked.lock"
 
 # So first we should go and see if any process-policy action is done
 dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
@@ -24,6 +26,16 @@ dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically ac
 # in newstage mean they are (late) accepts of security stuff, need
 # to sync to ftp-master
 
+cleanup() {
+    rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r8 "$LOCKFILE"; then
+    echo "aborting cron.unchecked because $LOCKFILE has already been locked"
+    exit 0
+fi
+trap cleanup EXIT
+
 cd $newstage
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
 if [ -n "$changes" ]; then
@@ -50,9 +62,9 @@ if [ -n "$changes" ]; then
     dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
-if ! $doanything; then
-  echo "$timestamp": Nothing to do >> $report
-  exit 0
+if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
+    echo "$timestamp": Nothing to do >> $report
+    exit 0
 fi
 
 dak manage-build-queues -a
@@ -70,4 +82,7 @@ if [ "x${dopolicy}x" = "xtruex" ]; then
     sudo -u archvsync -H /home/archvsync/signal_security
 fi
 
+cleanup
+trap - EXIT
+
 $configdir/cron.buildd