X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.daily;h=9417a8569e8495a778582637e5cc20e8cf0bc9e9;hb=398966bc13bbe130698d236e5be2d05fa181b40f;hp=32a459567c411906c92a6136ddb8a5dbbb7b94db;hpb=59fd5aa2a8be3b76dbc968429c457f096adfa472;p=dak.git diff --git a/config/debian-security/cron.daily b/config/debian-security/cron.daily old mode 100644 new mode 100755 index 32a45956..9417a856 --- a/config/debian-security/cron.daily +++ b/config/debian-security/cron.daily @@ -1,112 +1,83 @@ -#! /bin/sh +#!/bin/bash # -# Executed daily via cron, out of katie's crontab. +# Executed daily via cron, out of dak's crontab. set -e -export SCRIPTVARS=/org/security.debian.org/katie/vars-security +set -o pipefail +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS +LOCKFILE="$lockdir/unchecked.lock" + ################################################################################ # Fix overrides -rsync -ql ftp-master::indices/override\* $overridedir +rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir cd $overridedir -find . -name override\*.gz -type f -maxdepth 1 -mindepth 1 | xargs gunzip -f -find . -type l -maxdepth 1 -mindepth 1 | xargs rm - -rm -fr non-US -mkdir non-US -cd non-US -rsync -ql non-us::indices/override\* . -find . -name override\*.gz -type f -maxdepth 1 -mindepth 1 | xargs gunzip -find . -type l -maxdepth 1 -mindepth 1 | xargs rm -for i in *; do - if [ -f ../$i ]; then - cat $i >> ../$i; - fi; +for file in override*.gz; do + zcat -- "$file" > "${file%.gz}" done -cd .. -rm -fr non-US +find . -maxdepth 1 -mindepth 1 -type l -delete -for suite in $suites; do +for suite in oldstable stable testing; do case $suite in - oldstable) override_suite=woody;; - stable) override_suite=sarge;; - testing) override_suite=etch;; - *) echo "Unknown suite type ($suite)"; exit 1;; + oldstable) override_suite=wheezy ;; + stable) override_suite=jessie ;; + testing) override_suite=stretch ;; + *) echo "Unknown suite type ($suite)"; exit 1;; esac for component in $components; do - for override_type in $override_types; do - case $override_type in - deb) type="" ;; - dsc) type=".src" ;; - udeb) type=".debian-installer" ;; - esac - # XXX RUN AFUCKINGAWAY - if [ "$override_type" = "udeb" ]; then - if [ ! "$component" = "main" ]; then - continue; - fi - if [ "$suite" = "unstable" ]; then - $masterdir/natalie -q -S -t $override_type -s $suite -c updates/$component < override.$override_suite.$component$type - fi - else - $masterdir/natalie -q -S -t $override_type -s $suite -c updates/$component < override.$override_suite.$component$type - fi - case $suite in - oldstable) - if [ ! "$override_type" = "udeb" ]; then - $masterdir/natalie -q -a -t $override_type -s $suite -c updates/$component < override.sarge.$component$type + for override_type in $override_types; do + case $override_type in + deb) type="" ;; + dsc) type=".src" ;; + udeb) type=".debian-installer" ;; + esac + + if [ "$override_type" = "udeb" ]; then + if [ ! "$component" = "main" ]; then + continue fi - $masterdir/natalie -q -a -t $override_type -s $suite -c updates/$component < override.sid.$component$type - ;; - stable) - $masterdir/natalie -q -a -t $override_type -s $suite -c updates/$component < override.sid.$component$type - ;; - testing) - $masterdir/natalie -q -a -t $override_type -s $suite -c updates/$component < override.sid.$component$type - ;; - *) echo "Unknown suite type ($suite)"; exit 1;; - esac - done - done -done + fi -# Generate .all3 overides for the buildd support -for dist in woody sarge etch; do - rm -f override.$dist.all3 - components="main contrib non-free"; - if [ -f override.$dist.main.debian-installer ]; then - components="$components main.debian-installer"; - fi - for component in $components; do - cat override.$dist.$component >> override.$dist.all3; - done; + OFILE="override.$override_suite.$component$type.gz" + if [ -r "$OFILE" ]; then + zcat "$OFILE" | dak control-overrides -q -a -t $override_type -s $suite -c updates/$component + fi + done + done done ################################################################################ -# Freshen Packages-Arch-Specific +cd $configdir +dak import-keyring -L /srv/keyring.debian.org/keyrings/debian-keyring.gpg -wget -qN http://buildd.debian.org/quinn-diff/Packages-arch-specific -O $base/buildd/Packages-arch-specific +cleanup() { + rm -f "$LOCKFILE" +} -################################################################################ +if ! lockfile -r100 "$LOCKFILE"; then + echo "Could not lock $LOCKFILE." >&2 + exit 1 +fi +trap cleanup EXIT -cd $masterdir -shania -rhona -apt-ftparchive -q clean apt.conf-security -apt-ftparchive -q clean apt.conf.buildd-security +dak clean-queues -i ${unchecked} +dak clean-queues -i $disembargo +dak clean-suites + +cleanup +trap - EXIT symlinks -d -r $ftpdir -pg_dump obscurity > /org/security.debian.org/katie-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) +pg_file="${base}/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S)" +pg_dump obscurity > "${pg_file}" +nice xz -9 "${pg_file}" -# Vacuum the database -set +e -echo "VACUUM; VACUUM ANALYZE;" | psql obscurity 2>&1 | egrep -v "^NOTICE: Skipping \"pg_.*only table or database owner can VACUUM it$|^VACUUM$" -set -e +find "${base}/dak-backup" -mtime +30 \! -name '.nobackup' -delete ################################################################################