#! /bin/bash
set -e
+set -o pipefail
set -u
export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
fi
trap cleanup EXIT
-cd $newstage
-changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
-if [ -n "$changes" ]; then
- dopolicy=true
- echo "$timestamp": ${changes:-"Nothing to do in newstage"} >> $report
- rsync -a -q $newstage/. /srv/queued/ftpmaster/.
- dak process-upload -a -d "$newstage" >> $report
-fi
+for queue in embargoed; do
+ cd ${queuedir}/${queue}/COMMENTS
+ comments=$(find . -maxdepth 1 -mindepth 1 -type f '(' -name "ACCEPT.*.changes" -o -name "REJECT.*.changes" ')' | sed -e "s,./,," | xargs)
+ if [ -n "$comments" ]; then
+ dopolicy=true
+ echo "$timestamp": ${comments:-"Nothing to do for ${queue}"} >> $report
+ dak process-policy ${queue} >> ${report}
+ find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+ fi
+done
cd $unchecked
changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
dak process-upload -a -d "$disembargo" >> $reportdis
fi
-if ! $doanything; then
- echo "$timestamp": Nothing to do >> $report
- exit 0
+if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
+ echo "$timestamp": Nothing to do >> $report
+ exit 0
fi
+# manage build queues
dak manage-build-queues -a
+dak generate-packages-sources2 -a build-queues
+dak generate-releases -a build-queues >/dev/null
+
+# export build queues in old format
+# XXX: This should be removed later.
+for suite in stable testing; do
+ overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }')
+ rm -rf ${incoming}/${suite}.new
+ dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new
+
+ cd ${incoming}/${suite}.new
+ apt-ftparchive packages . ${overridedir}/override.${overridecodename}.all3 >Packages
+ gzip -9c --rsyncable <Packages >Packages.gz
+ apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3 >Sources
+ gzip -9c --rsyncable <Sources >Sources.gz
+ rm -f Release
+
+ cd ${incoming}
+ apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite security" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release
+
+ gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release
+
+ mv ${suite}.Release ${suite}.new/Release
+ mv ${suite}.Release.gpg ${suite}.new/Release.gpg
+
+ mv ${suite} ${suite}.old
+ mv ${suite}.new ${suite}
+ rm -rf ${suite}.old
+done
if [ "x${dopolicy}x" = "xtruex" ]; then
# We had something approved from a policy queue, push out new archive
cd $configdir
$configdir/map.sh
#apt-ftparchive generate apt.conf
- dak generate-packages-sources2
- dak generate-releases
+ dak generate-packages-sources2 -a security
+ dak generate-releases -a security
/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
sudo -u archvsync -H /home/archvsync/signal_security
fi
projects / dak.git / blobdiff