X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.unchecked;h=d3403ca172d1c08d0d4d1725fa6c185001731928;hb=7461bfcbebaba6b6734c5b568e49f256bd0bb41c;hp=100e5878dde1ad65817ad7bd7995ef86cf3c8aac;hpb=50db22ea5f288daa39f81138a41a509d9a41cc3e;p=dak.git diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index 100e5878..d3403ca1 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -1,6 +1,7 @@ #! /bin/bash set -e +set -o pipefail set -u export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars @@ -15,23 +16,23 @@ reportdis=$queuedir/REPORT.disembargo timestamp=$(date "+%Y-%m-%d %H:%M") doanything=false dopolicy=false +LOCKFILE="$lockdir/unchecked.lock" -# So first we should go and see if any process-policy action is done -dak process-policy embargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org -dak process-policy disembargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org +last_changed() { + psql -qAtc "SELECT MAX(last_changed) FROM suite WHERE archive_id=(SELECT id FROM archive WHERE name='$1')" +} -# Now, if this really did anything, we can then sync it over. Files -# in newstage mean they are (late) accepts of security stuff, need -# to sync to ftp-master +cleanup() { + rm -f "$LOCKFILE" +} -cd $newstage -changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) -if [ -n "$changes" ]; then - dopolicy=true - echo "$timestamp": ${changes:-"Nothing to do in newstage"} >> $report - rsync -a -q $newstage/. /srv/queued/ftpmaster/. - dak process-upload -a -d "$newstage" >> $report +if ! lockfile -r8 "$LOCKFILE"; then + echo "aborting cron.unchecked because $LOCKFILE has already been locked" + exit 0 fi +trap cleanup EXIT + +old_last_changed=$(last_changed security) cd $unchecked changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) @@ -43,28 +44,64 @@ fi cd $disembargo changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) - if [ -n "$changes" ]; then doanything=true echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis dak process-upload -a -d "$disembargo" >> $reportdis fi -if ! $doanything; then - echo "$timestamp": Nothing to do >> $report - exit 0 +for queue in embargoed unembargoed; do + echo "$timestamp: processing ${queue}" >> ${report} + dak process-policy ${queue} | mail -a "X-Debian: DAK" -e -s "Automatically accepted from ${queue}" -a "From: Debian FTP Masters " team@security.debian.org +done +accepted=$(find ${queuedir}/accepted -type f -name "*.changes") +if [ -n "${accepted}" ]; then + dopolicy=true +fi + +# sync accepted files to ftpmaster +cd ${base} +find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + + +# export policy queues +for queue in embargoed; do + cd ${queuedir}/${queue} + rm -rf export.new + mkdir export.new + dak export -q ${queue} -d export.new --all + rsync -a --delete export.new/. export/. + rm -rf export.new + cd ${base} +done + +if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then + echo "$timestamp": Nothing to do >> $report + exit 0 fi -if [ "x${dopolicy}x" = "xtruex" ]; then +# Update stable-kfreebsd +dak update-suite stable stable-kfreebsd + +# manage build queues +dak manage-build-queues -a +dak generate-packages-sources2 -a build-queues +dak generate-releases -a build-queues >/dev/null +${scriptsdir}/update-buildd-archive ${base}/build-queues ${incoming}/debian-security-buildd + +new_last_changed=$(last_changed security) + +if [[ "${old_last_changed}" != "${new_last_changed}" ]]; then # We had something approved from a policy queue, push out new archive dak dominate - dak generate-filelist cd $configdir $configdir/map.sh - apt-ftparchive generate apt.conf - dak generate-releases - /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh + dak generate-packages-sources2 -a security + dak generate-releases -a security >/dev/null + /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh >/dev/null sudo -u archvsync -H /home/archvsync/signal_security fi +cleanup +trap - EXIT + $configdir/cron.buildd