-#! /bin/sh
+#! /bin/bash
set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+set -o pipefail
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
+
report=$queuedir/REPORT
reportdis=$queuedir/REPORT.disembargo
timestamp=$(date "+%Y-%m-%d %H:%M")
doanything=false
+dopolicy=false
+LOCKFILE="$lockdir/unchecked.lock"
+
+# So first we should go and see if any process-policy action is done
+dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
+dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
+
+# Now, if this really did anything, we can then sync it over. Files
+# in newstage mean they are (late) accepts of security stuff, need
+# to sync to ftp-master
+
+cleanup() {
+ rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r8 "$LOCKFILE"; then
+ echo "aborting cron.unchecked because $LOCKFILE has already been locked"
+ exit 0
+fi
+trap cleanup EXIT
+
+for queue in embargoed; do
+ cd ${queuedir}/${queue}/COMMENTS
+ comments=$(find . -maxdepth 1 -mindepth 1 -type f '(' -name "ACCEPT.*.changes" -o -name "REJECT.*.changes" ')' | sed -e "s,./,," | xargs)
+ if [ -n "$comments" ]; then
+ dopolicy=true
+ echo "$timestamp": ${comments:-"Nothing to do for ${queue}"} >> $report
+ dak process-policy ${queue} >> ${report}
+ find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+ fi
+done
cd $unchecked
changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
if [ -n "$changes" ]; then
- doanything=true
- echo "$timestamp": "$changes" >> $report
- dak process-unchecked -a $changes >> $report
- echo "--" >> $report
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report
+ dak process-upload -a -d "$unchecked" >> $report
fi
cd $disembargo
changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
if [ -n "$changes" ]; then
- doanything=true
- echo "$timestamp": "$changes" >> $reportdis
- dak process-unchecked -a $changes >> $reportdis
- echo "--" >> $reportdis
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis
+ dak process-upload -a -d "$disembargo" >> $reportdis
+fi
+
+if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
+ echo "$timestamp": Nothing to do >> $report
+ exit 0
fi
-if ! $doanything; then
- echo "$timestamp": Nothing to do >> $report
- exit 0
+dak manage-build-queues -a
+
+if [ "x${dopolicy}x" = "xtruex" ]; then
+ # We had something approved from a policy queue, push out new archive
+ dak dominate
+ #dak generate-filelist
+ cd $configdir
+ $configdir/map.sh
+ #apt-ftparchive generate apt.conf
+ dak generate-packages-sources2 -a security
+ dak generate-releases -a security
+ /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+ sudo -u archvsync -H /home/archvsync/signal_security
fi
-sh $masterdir/cron.buildd
+cleanup
+trap - EXIT
+
+$configdir/cron.buildd
projects / dak.git / blobdiff