X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.unchecked;h=130922dc40a88a3978b93b8830c2417b92806dd4;hb=f601bd71e61c6c265b5fa1f296a5258385e6f154;hp=c7baa6e6ad0aa92d90e87e7fc46b44d9ee215c95;hpb=9f25fd36ea9cef49c01c40e90f7a783dfc73c8e8;p=dak.git diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index c7baa6e6..130922dc 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -18,14 +18,6 @@ doanything=false dopolicy=false LOCKFILE="$lockdir/unchecked.lock" -# So first we should go and see if any process-policy action is done -dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org -dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org - -# Now, if this really did anything, we can then sync it over. Files -# in newstage mean they are (late) accepts of security stuff, need -# to sync to ftp-master - cleanup() { rm -f "$LOCKFILE" } @@ -36,17 +28,6 @@ if ! lockfile -r8 "$LOCKFILE"; then fi trap cleanup EXIT -for queue in embargoed; do - cd ${queuedir}/${queue}/COMMENTS - comments=$(find . -maxdepth 1 -mindepth 1 -type f '(' -name "ACCEPT.*.changes" -o -name "REJECT.*.changes" ')' | sed -e "s,./,," | xargs) - if [ -n "$comments" ]; then - dopolicy=true - echo "$timestamp": ${comments:-"Nothing to do for ${queue}"} >> $report - dak process-policy ${queue} >> ${report} - find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + - fi -done - cd $unchecked changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) if [ -n "$changes" ]; then @@ -57,13 +38,36 @@ fi cd $disembargo changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) - if [ -n "$changes" ]; then doanything=true echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis dak process-upload -a -d "$disembargo" >> $reportdis fi +for queue in embargoed unembargoed; do + echo "$timestamp: processing ${queue}" >> ${report} + dak process-policy ${queue} | mail -a "X-Debian: DAK" -e -s "Automatically accepted from ${queue}" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org +done +accepted=$(find ${queuedir}/accepted -type f -name "*.changes") +if [ -n "${accepted}" ]; then + dopolicy=true +fi + +# sync accepted files to ftpmaster +cd ${base} +find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + + +# export policy queues +for queue in embargoed; do + cd ${queuedir}/${queue} + rm -rf export.new + mkdir export.new + dak export -q ${queue} -d export.new --all + rsync -a --delete export.new/. export/. + rm -rf export.new + cd ${base} +done + if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then echo "$timestamp": Nothing to do >> $report exit 0 @@ -73,30 +77,34 @@ fi dak manage-build-queues -a dak generate-packages-sources2 -a build-queues dak generate-releases -a build-queues >/dev/null +${scriptsdir}/update-buildd-archive ${base}/build-queues ${incoming}/debian-security-buildd # export build queues in old format # XXX: This should be removed later. -for suite in stable testing; do +for suite in oldstable stable; do overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }') rm -rf ${incoming}/${suite}.new + mkdir ${incoming}/${suite}.new dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new cd ${incoming}/${suite}.new apt-ftparchive packages . ${overridedir}/override.${overridecodename}.all3 >Packages gzip -9c --rsyncable Packages.gz - apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3.src >Sources + apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3 >Sources gzip -9c --rsyncable Sources.gz rm -f Release cd ${incoming} - apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite incoming" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release + apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite security" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release - gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release + gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release mv ${suite}.Release ${suite}.new/Release mv ${suite}.Release.gpg ${suite}.new/Release.gpg - mv ${suite} ${suite}.old + if [ -d ${suite} ]; then + mv ${suite} ${suite}.old + fi mv ${suite}.new ${suite} rm -rf ${suite}.old done @@ -107,7 +115,6 @@ if [ "x${dopolicy}x" = "xtruex" ]; then #dak generate-filelist cd $configdir $configdir/map.sh - #apt-ftparchive generate apt.conf dak generate-packages-sources2 -a security dak generate-releases -a security /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh