X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.unchecked;h=d519b20962d5660b4cce79834e9b1fc3ef88f739;hb=ec257c02a5d62fd27844c70814acd9616b24b4c8;hp=5b2800865c7daa1091e20cc5c73cc16cf9f387b9;hpb=17cec6a95a357324d0292155242310aed6757ebf;p=dak.git

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index 5b280086..d519b209 100755
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -1,22 +1,70 @@
-#! /bin/sh
+#! /bin/bash
 
 set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
 . $SCRIPTVARS
 
-cd $unchecked
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
 
-changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
 report=$queuedir/REPORT
+reportdis=$queuedir/REPORT.disembargo
 timestamp=$(date "+%Y-%m-%d %H:%M")
+doanything=false
+dopolicy=false
+
+# So first we should go and see if any process-policy action is done
+dak process-policy embargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftonaster@ftp-master.debian.org
+dak process-policy disembargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftonaster@ftp-master.debian.org
+
+# Now, if this really did anything, we can then sync it over. Files
+# in newstage mean they are (late) accepts of security stuff, need
+# to sync to ftp-master
+
+cd $newstage
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+    dopolicy=true
+    echo "$timestamp": ${changes:-"Nothing to do in newstage"}  >> $report
+    rsync -a -q $newstage/. /srv/queued/ftpmaster/.
+    dak process-upload -a -d "$newstage" >> $report
+fi
+
+cd $unchecked
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+    doanything=true
+    echo "$timestamp": ${changes:-"Nothing to do in unchecked"}  >> $report
+    dak process-upload -a -d "$unchecked" >> $report
+fi
+
+cd $disembargo
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+
+if [ -n "$changes" ]; then
+    doanything=true
+    echo "$timestamp": ${changes:-"Nothing to do in disembargo"}  >> $reportdis
+    dak process-upload -a -d "$disembargo" >> $reportdis
+fi
 
-if [ -z "$changes" ]; then
+if ! $doanything; then
   echo "$timestamp": Nothing to do >> $report
-  exit 0;
-fi;
+  exit 0
+fi
 
-echo "$timestamp": "$changes"  >> $report
-dak process-unchecked -a $changes >> $report
-echo "--" >> $report
+if [ "x${dopolicy}x" = "xtruex" ]; then
+    # We had something approved from a policy queue, push out new archive
+    dak dominate
+    dak generate-filelist
+    cd $configdir
+    $configdir/map.sh
+    apt-ftparchive generate apt.conf
+    dak generate-releases
+    /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+    sudo -u archvsync -H /home/archvsync/signal_security
+fi
 
-sh $masterdir/cron.buildd-security
+$configdir/cron.buildd