X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=config%2Fdebian-security%2Fcron.unchecked;h=d519b20962d5660b4cce79834e9b1fc3ef88f739;hb=ec257c02a5d62fd27844c70814acd9616b24b4c8;hp=641f8bfb537ebbfb8be1bb293eb555b80d26383e;hpb=cae814a1ffbbb2944931693f35f73062a5ea99e7;p=dak.git

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index 641f8bfb..d519b209 100755
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -1,31 +1,53 @@
-#! /bin/sh
+#! /bin/bash
 
 set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
 . $SCRIPTVARS
 
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
+
 report=$queuedir/REPORT
 reportdis=$queuedir/REPORT.disembargo
 timestamp=$(date "+%Y-%m-%d %H:%M")
 doanything=false
+dopolicy=false
+
+# So first we should go and see if any process-policy action is done
+dak process-policy embargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftonaster@ftp-master.debian.org
+dak process-policy disembargo | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftonaster@ftp-master.debian.org
+
+# Now, if this really did anything, we can then sync it over. Files
+# in newstage mean they are (late) accepts of security stuff, need
+# to sync to ftp-master
+
+cd $newstage
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+    dopolicy=true
+    echo "$timestamp": ${changes:-"Nothing to do in newstage"}  >> $report
+    rsync -a -q $newstage/. /srv/queued/ftpmaster/.
+    dak process-upload -a -d "$newstage" >> $report
+fi
 
 cd $unchecked
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
 if [ -n "$changes" ]; then
-  doanything=true
-  echo "$timestamp": "$changes"  >> $report
-  dak process-unchecked -a $changes >> $report
-  echo "--" >> $report
+    doanything=true
+    echo "$timestamp": ${changes:-"Nothing to do in unchecked"}  >> $report
+    dak process-upload -a -d "$unchecked" >> $report
 fi
 
 cd $disembargo
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
 
 if [ -n "$changes" ]; then
-  doanything=true
-  echo "$timestamp": "$changes"  >> $reportdis
-  dak process-unchecked -a $changes >> $reportdis
-  echo "--" >> $reportdis
+    doanything=true
+    echo "$timestamp": ${changes:-"Nothing to do in disembargo"}  >> $reportdis
+    dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
 if ! $doanything; then
@@ -33,4 +55,16 @@ if ! $doanything; then
   exit 0
 fi
 
-sh $masterdir/cron.buildd
+if [ "x${dopolicy}x" = "xtruex" ]; then
+    # We had something approved from a policy queue, push out new archive
+    dak dominate
+    dak generate-filelist
+    cd $configdir
+    $configdir/map.sh
+    apt-ftparchive generate apt.conf
+    dak generate-releases
+    /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+    sudo -u archvsync -H /home/archvsync/signal_security
+fi
+
+$configdir/cron.buildd