X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.unchecked;h=7baf55ac10cd8b6f45b2afa38de905f52c1b881d;hb=50349d329a1a6453b7fbe158bcb22a2f71f60b98;hp=4918c18b3a385bd10869a02ef6ea5281d21a409a;hpb=883c05418a2987751597e906ec2c63b1f5425df6;p=dak.git diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index 4918c18b..7baf55ac 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -1,36 +1,88 @@ -#! /bin/sh +#! /bin/bash set -e -export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars +set -o pipefail +set -u + +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS +# And use one locale, no matter what the caller has set +export LANG=C +export LC_ALL=C + report=$queuedir/REPORT reportdis=$queuedir/REPORT.disembargo timestamp=$(date "+%Y-%m-%d %H:%M") doanything=false +dopolicy=false +LOCKFILE="$lockdir/unchecked.lock" + +# So first we should go and see if any process-policy action is done +dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org +dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org + +# Now, if this really did anything, we can then sync it over. Files +# in newstage mean they are (late) accepts of security stuff, need +# to sync to ftp-master + +cleanup() { + rm -f "$LOCKFILE" +} + +if ! lockfile -r8 "$LOCKFILE"; then + echo "aborting cron.unchecked because $LOCKFILE has already been locked" + exit 0 +fi +trap cleanup EXIT + +cd $newstage +changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) +if [ -n "$changes" ]; then + dopolicy=true + echo "$timestamp": ${changes:-"Nothing to do in newstage"} >> $report + rsync -a -q $newstage/. /srv/queued/ftpmaster/. + dak process-upload -a -d "$newstage" >> $report +fi cd $unchecked changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) if [ -n "$changes" ]; then - doanything=true - echo "$timestamp": "$changes" >> $report - dak process-unchecked -a $changes >> $report - echo "--" >> $report + doanything=true + echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report + dak process-upload -a -d "$unchecked" >> $report fi cd $disembargo changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) if [ -n "$changes" ]; then - doanything=true - echo "$timestamp": "$changes" >> $reportdis - dak process-unchecked -a $changes >> $reportdis - echo "--" >> $reportdis + doanything=true + echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis + dak process-upload -a -d "$disembargo" >> $reportdis fi -if ! $doanything; then - echo "$timestamp": Nothing to do >> $report - exit 0 +if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then + echo "$timestamp": Nothing to do >> $report + exit 0 fi -sh $masterdir/cron.buildd +dak manage-build-queues -a + +if [ "x${dopolicy}x" = "xtruex" ]; then + # We had something approved from a policy queue, push out new archive + dak dominate + #dak generate-filelist + cd $configdir + $configdir/map.sh + #apt-ftparchive generate apt.conf + dak generate-packages-sources2 + dak generate-releases + /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh + sudo -u archvsync -H /home/archvsync/signal_security +fi + +cleanup +trap - EXIT + +$configdir/cron.buildd