]> git.decadent.org.uk Git - dak.git/blobdiff - dak/new_security_install.py
projects / dak.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ask before installing security updates
[dak.git] / dak / new_security_install.py
diff --git a/dak/new_security_install.py b/dak/new_security_install.py
index 0fd13983f0c327b3d836221c6da4b4e5e09af4e0..3de9823eabfb2076ced37c5c0d0aff61ad0cc778 100755 (executable)
--- a/dak/new_security_install.py
+++ b/dak/new_security_install.py
@@ -87,31 +87,42 @@ def sudo(arg, fn, exit):
 def do_Approve(): sudo("A", _do_Approve, True)
 def _do_Approve():
     # 1. use process-policy to go through the COMMENTS dir
-    spawn("dak process-policy embargo")
-    spawn("dak process-policy disembargo")
+    spawn("dak process-policy embargoed")
+    spawn("dak process-policy unembargoed")
     newstage=get_policy_queue('newstage')
 
     # 2. sync the stuff to ftpmaster
     print "Sync stuff for upload to ftpmaster"
     spawn("rsync -a -q %s/. /srv/queued/ftpmaster/." % (newstage.path))
 
-    # 3. Now run process-upload in the newstage dir
-    print "Now put it into the security archive"
-    spawn("dak process-upload -a -d %s" % (newstage.path))
-
-    # 4. Run all the steps that are needed to publish the changed archive
-    print "Domination"
-    spawn("dak dominate")
-    print "Generating filelist for apt-ftparchive"
-    spawn("dak generate-filelist")
-    print "Updating Packages and Sources files... This may take a while, be patient"
-    spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh")
-    spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
-    print "Updating Release files..."
-    spawn("dak generate-releases")
-    print "Triggering security mirrors..."
-    spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh")
-    spawn("sudo -u archvsync -H /home/archvsync/signal_security")
+    print "Locking unchecked"
+    lockfile='/srv/security-master.debian.org/lock/unchecked.lock'
+    spawn("lockfile -r8 {0}".format(lockfile))
+
+    try:
+        # 3. Now run process-upload in the newstage dir
+        print "Now put it into the security archive"
+        spawn("dak process-upload -a -d %s" % (newstage.path))
+
+        # 4. Run all the steps that are needed to publish the changed archive
+        print "Domination"
+        spawn("dak dominate")
+        #    print "Generating filelist for apt-ftparchive"
+        #    spawn("dak generate-filelist")
+        print "Updating Packages and Sources files... This may take a while, be patient"
+        spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh")
+        #    spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
+        spawn("dak generate-packages-sources2")
+        print "Updating Release files..."
+        spawn("dak generate-releases")
+        print "Triggering security mirrors... (this may take a while)"
+        spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh")
+        spawn("sudo -u archvsync -H /home/archvsync/signal_security")
+        print "Triggering metadata export for packages.d.o and other consumers"
+        spawn("/srv/security-master.debian.org/dak/config/debian-security/export.sh")
+    finally:
+        os.unlink(lockfile)
+        print "Lock released."
 
 ########################################################################
 ########################################################################
@@ -153,7 +164,7 @@ def main():
         Options["Sudo"] = ""
 
     if not Options["Sudo"] and not Options["No-Action"]:
-        Logger = daklog.Logger(cnf.Cnf, "security-install")
+        Logger = daklog.Logger("security-install")
 
     session = DBConn().session()
 
@@ -167,14 +178,27 @@ def main():
 
     # Yes, we could do this inside do_Approve too. But this way we see who exactly
     # called it (ownership of the file)
-    dbchange=get_dbchange(os.path.basename(changes[0]), session)
-    acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, dbchange.version)
+
+    acceptfiles={}
+    for change in changes:
+        dbchange=get_dbchange(os.path.basename(change), session)
+        # strip epoch from version
+        version=dbchange.version
+        version=version[(version.find(':')+1):]
+        acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, version)
+        acceptfiles[acceptfilename]=1
+
+    print "Would create %s now and then go on to accept this package, if you allow me to." % (acceptfiles.keys())
     if Options["No-Action"]:
-        print "Would create %s now and then go on to accept this package, but No-Action is set" % (acceptfilename)
         sys.exit(0)
-    accept_file = file(acceptfilename, "w")
-    accept_file.write("OK\n")
-    accept_file.close()
+    else:
+        raw_input("Press Enter to continue")
+
+    for acceptfilename in acceptfiles.keys():
+        accept_file = file(acceptfilename, "w")
+        accept_file.write("OK\n")
+        accept_file.close()
+
     do_Approve()
 
 
dak changes to support and test code signing