Add option to specify CAs to trust for LDAP connection over TLS

[dak.git] / config / debian-security / dak.conf

diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index e7509763f4c66d22f22f68f4bd3b7d0660767ad2..b1f8c4b8acf1936aaa8b8d45ec7b3f4ed7bc8670 100644 (file)
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -3,7 +3,6 @@ Dinstall
    // was non-us.d.o path before
    SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
    SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
-   SigningKeyIds "55BE302B";
    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
    MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
    MyAdminAddress "ftpmaster@debian.org";
@@ -11,22 +10,12 @@ Dinstall
    MyDistribution "Debian"; // Used in emails
    BugServer "bugs.debian.org";
    PackagesServer "packages.debian.org";
-   LockFile "/org/security-master.debian.org/dak/lock";
    Bcc "archive@ftp-master.debian.org";
    // GroupOverrideFilename "override.group-maint";
-   FutureTimeTravelGrace 28800; // 8 hours
-   PastCutoffYear "1984";
    SkipTime 300;
    CloseBugs "false";
    OverrideDisparityCheck "false";
    BXANotify "false";
-   QueueBuildSuites
-   {
-     stable;
-     testing;
-   };
-   SecurityQueueHandling "true";     
-   SecurityQueueBuild "true";     
    DefaultSuite "stable";
    SuiteSuffix "updates/";
    OverrideMaintainer "dak@security.debian.org";
@@ -40,6 +29,11 @@ Process-New
   LockDir "/srv/security-master.debian.org/lock/new/";
 };
 
+Process-Policy
+{
+  CopyDir "/srv/security-master.debian.org/queue/accepted";
+};
+
 Import-Users-From-Passwd
 {
   ValidGID "800";
@@ -58,18 +52,11 @@ Queue-Report
   };
 };
 
-Import-Keyring
-{
-  /srv/keyring.debian.org/keyrings/debian-maintainers.gpg
-    {
-      Debian-Maintainer "true";
-    };
-};
-
 Import-LDAP-Fingerprints
 {
   LDAPDn "ou=users,dc=debian,dc=org";
   LDAPServer "db.debian.org";
+  CACertFile "/etc/ssl/certs/spi-cacert-2008.pem";
   ExtraKeyrings
   {
     "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
@@ -120,7 +107,6 @@ Clean-Suites
 {
   // How long (in seconds) dead packages are left before being killed
   StayOfExecution 129600; // 1.5 days
-  QueueBuildStayOfExecution 86400; // 24 hours
   MorgueSubDir "pool";
   OverrideFilename "override.source-only";
 };
@@ -143,25 +129,6 @@ Suite
   // Priority determines which suite is used for the Maintainers file
   // as generated by 'dak make-maintainers' (highest wins).
 
-  OldStable
-  {
-       Components 
-       {
-         updates/main;
-         updates/contrib;
-         updates/non-free;
-       };
-       Announce "dak@security.debian.org";
-       Version "";
-       Origin "Debian";
-       Label "Debian-Security";
-       Description "Debian 5.0 Security Updates";
-       ValidTime 864000; // 10 days
-       CodeName "lenny";
-       OverrideCodeName "lenny";
-       CopyDotDak "/srv/security-master.debian.org/queue/done/";
-  };
-
   Stable
   {
        Components
@@ -205,24 +172,21 @@ SuiteMappings
 {
  "silent-map stable-security stable";
  "silent-map oldstable-security oldstable";
- // JT - FIXME, hackorama
- // "silent-map testing-security stable";
   "silent-map etch-secure oldstable";
-  "silent-map lenny-secure stable";
   "silent-map testing-security testing";
-  "silent-map lenny-security oldstable";
-  "silent-map squeeze-security stable";
-  "silent-map wheezy-security testing";
+  "silent-map squeeze-security oldstable";
+  "silent-map wheezy-security stable";
+  "silent-map jessie-security testing";
 };
 
 Dir
 {
+  Base "/srv/security-master.debian.org/";
   Root "/srv/security-master.debian.org/ftp/";
   Pool "/srv/security-master.debian.org/ftp/pool/";
   Export "/srv/security-master.debian.org/export/";
   Dak "/srv/security-master.debian.org/dak/";
   Templates "/srv/security-master.debian.org/dak/templates/";
-  PoolRoot "pool/";
   Override "/srv/security-master.debian.org/override/";
   Lock "/srv/security-master.debian.org/lock/";
   Cache "/srv/security-master.debian.org/database/";
@@ -230,16 +194,16 @@ Dir
   Log "/srv/security-master.debian.org/dak-log/";
   Morgue "/srv/security-master.debian.org/morgue/";
   Override "/srv/security-master.debian.org/scripts/override/";
-  QueueBuild "/srv/security-master.debian.org/buildd/";
   Upload "/srv/queued/ftpmaster/";
   TempPath "/srv/security-master.debian.org/tmp";
+  Holding "/srv/security-master.debian.org/queue/holding/";
+  Done "/srv/security-master.debian.org/queue/done/";
+  Reject "/srv/security-master.debian.org/queue/reject/";
+
   Queue
   {
     Byhand "/srv/security-master.debian.org/queue/byhand/";
-    Done "/srv/security-master.debian.org/queue/done/";
-    Holding "/srv/security-master.debian.org/queue/holding/";
     New "/srv/security-master.debian.org/queue/new/";
-    Reject "/srv/security-master.debian.org/queue/reject/";
     Unchecked "/srv/security-master.debian.org/queue/unchecked/";
     Newstage "/srv/security-master.debian.org/queue/newstage/";
 
@@ -386,11 +350,6 @@ Urgency
   };
 };
 
-Changelogs
-{
-  Export "/srv/security-master.debian.org/export/changelogs";
-}
-
 Generate-Releases
 {
   MD5Sum