minimal change to correctly publish auto-accepted security stuff even without an...

[dak.git] / config / debian-security / cron.unchecked

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index e6ccf82446492e7d7b85f404ce81ef92878f1e62..d8ae45342bd82971a3c95d4e0198b3801d06b2a6 100755 (executable)
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -15,6 +15,7 @@ reportdis=$queuedir/REPORT.disembargo
 timestamp=$(date "+%Y-%m-%d %H:%M")
 doanything=false
 dopolicy=false
+LOCKFILE="$lockdir/unchecked.lock"
 
 # So first we should go and see if any process-policy action is done
 dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
@@ -24,6 +25,16 @@ dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically ac
 # in newstage mean they are (late) accepts of security stuff, need
 # to sync to ftp-master
 
+cleanup() {
+    rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r8 "$LOCKFILE"; then
+    echo "aborting cron.unchecked because $LOCKFILE has already been locked"
+    exit 0
+fi
+trap cleanup EXIT
+
 cd $newstage
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
 if [ -n "$changes" ]; then
@@ -50,9 +61,9 @@ if [ -n "$changes" ]; then
     dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
-if ! $doanything; then
-  echo "$timestamp": Nothing to do >> $report
-  exit 0
+if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
+    echo "$timestamp": Nothing to do >> $report
+    exit 0
 fi
 
 dak manage-build-queues -a
@@ -70,4 +81,7 @@ if [ "x${dopolicy}x" = "xtruex" ]; then
     sudo -u archvsync -H /home/archvsync/signal_security
 fi
 
+cleanup
+trap - EXIT
+
 $configdir/cron.buildd