X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian%2Fcron.daily;h=0b822bc5148d06b0bc90ee1739ef5f399090866b;hb=5fd1e87ecc948980add7e9b41da71f69a3be9844;hp=5b4335684f6c97eaca0cd6e5a4f3b98dffec378f;hpb=bd60878070f0ab4d7c808c0a5b6d047beab9f287;p=dak.git diff --git a/config/debian/cron.daily b/config/debian/cron.daily index 5b433568..0b822bc5 100755 --- a/config/debian/cron.daily +++ b/config/debian/cron.daily @@ -1,8 +1,9 @@ -#!/bin/sh +#! /bin/bash # # Run daily via cron, out of dak's crontab. set -e +set -o pipefail set -u export SCRIPTVARS=/srv/ftp-master.debian.org/dak/config/debian/vars . $SCRIPTVARS @@ -13,26 +14,73 @@ export SCRIPTVARS=/srv/ftp-master.debian.org/dak/config/debian/vars ################################################################################ TMPFILE=$( mktemp -p ${TMPDIR} ) +TMPCNTB=$( mktemp -p ${TMPDIR} ) function cleanup { ERRVAL=$? - rm -f ${TMPFILE} + rm -f ${TMPFILE} ${TMPCNTB} exit ${ERRVAL} } trap cleanup SIGHUP SIGINT SIGPIPE SIGTERM EXIT ERR # log to dinstall's logfile instead of sending email PROGRAM="cron.daily" -LOGFILE="$logdir/dinstall.log" +# Start logging +NOW=`date "+%Y.%m.%d-%H:%M:%S"` +LOGFILE="$logdir/daily_${NOW}.log" exec >> "$LOGFILE" 2>&1 # get the latest list of wnpp bugs and their source packages -wget -q -O${TMPFILE} http://qa.debian.org/data/bts/wnpp_rm +wget -q -O${TMPFILE} --ca-directory=/etc/ssl/ca-debian https://qa.debian.org/data/bts/wnpp_rm chmod go+r ${TMPFILE} mv ${TMPFILE} /srv/ftp-master.debian.org/scripts/masterfiles/wnpp_rm +# Push files over to security +# The key over there should have the following set for the ssh key: +# command="/usr/bin/xzcat | /usr/bin/psql -1 -c 'DELETE FROM external_files; COPY external_files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) FROM STDIN' obscurity" +psql -c 'COPY files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) TO STDOUT' projectb | \ + xz -3 | \ + ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 \ + -i ${base}/s3kr1t/push_external_files dak@security-master.debian.org sync + +# Update wanna-build dump +log "Update wanna-build database dump" +$base/dak/scripts/nfu/get-w-b-db + reports clean_debbugs +# Generate list of override disparities +dak override-disparity | gzip -9 > ${webdir}/override-disparity.gz + +# Generate stats about the new queue +dak stats new ${webdir}/NEW-stats.yaml 2> /dev/null + +# Generate the contributor data +# FIXME: In a day or three, when this worked from cron without +# failure, redirect its output to dev/null. Alternatively until then +# enrico added a --quiet and we use that. +log "Submitting data to contributors" +REQUESTS_CA_BUNDLE=/etc/ssl/ca-debian/ca-certificates.crt dc-tool --mine="${configdir}/contributor.source" --auth-token @"${base}/s3kr1t/contributor.auth" --source ftp.debian.org --json > ${TMPCNTB} + +# Post with curl as a workaround for #801506 +# See https://wiki.debian.org/ServicesSSL#curl +dir=/etc/ssl/ca-debian +test -d $dir && capath="--capath $dir" +curl -s $capath https://contributors.debian.org/contributors/post \ + -F source=ftp.debian.org \ + -F auth_token="$(cat ${base}/s3kr1t/contributor.auth)" \ + -F data=@${TMPCNTB} > ${TMPCNTB}.result +cat ${TMPCNTB}.result +rm -f ${TMPCNTB}.result + + +${scriptsdir}/link_morgue.sh + ################################################################################ + +log "Finally, all is done, compressing logfile" +exec > /dev/null 2>&1 + +bzip2 -9 "$LOGFILE"