export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
+LOCKFILE="$lockdir/unchecked.lock"
+
################################################################################
# Fix overrides
cd $configdir
dak import-keyring -L /srv/keyring.debian.org/keyrings/debian-keyring.gpg
+
+cleanup() {
+ rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r100 "$LOCKFILE"; then
+ echo "Could not lock $LOCKFILE." >&2
+ exit 1
+fi
+trap cleanup EXIT
+
dak clean-queues
dak clean-queues -i $disembargo
dak clean-suites
+cleanup
+trap - EXIT
+
symlinks -d -r $ftpdir
pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S)
timestamp=$(date "+%Y-%m-%d %H:%M")
doanything=false
dopolicy=false
+LOCKFILE="$lockdir/unchecked.lock"
# So first we should go and see if any process-policy action is done
dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
# in newstage mean they are (late) accepts of security stuff, need
# to sync to ftp-master
+cleanup() {
+ rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r8 "$LOCKFILE"; then
+ echo "aborting cron.unchecked because $LOCKFILE has already been locked"
+ exit 0
+fi
+trap cleanup EXIT
+
cd $newstage
changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
if [ -n "$changes" ]; then
sudo -u archvsync -H /home/archvsync/signal_security
fi
+cleanup
+trap - EXIT
+
$configdir/cron.buildd
export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
+LOCKFILE="$lockdir/unchecked.lock"
+
################################################################################
# Weekly generation of release files, then pushing mirrors.
# Used as we have a "Valid-until" field in our release files of 10 days. In case
# we dont have a security update in that time...
cd $configdir
+
+cleanup() {
+ rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r100 "$LOCKFILE"; then
+ echo "Could not lock $LOCKFILE. Assuming resigning is not needed."
+ exit 0
+fi
+trap cleanup EXIT
+
dak generate-releases
+
+cleanup
+trap - EXIT
+
/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
sudo -u archvsync -H /home/archvsync/signal_security
print "Sync stuff for upload to ftpmaster"
spawn("rsync -a -q %s/. /srv/queued/ftpmaster/." % (newstage.path))
- # 3. Now run process-upload in the newstage dir
- print "Now put it into the security archive"
- spawn("dak process-upload -a -d %s" % (newstage.path))
-
- # 4. Run all the steps that are needed to publish the changed archive
- print "Domination"
- spawn("dak dominate")
-# print "Generating filelist for apt-ftparchive"
-# spawn("dak generate-filelist")
- print "Updating Packages and Sources files... This may take a while, be patient"
- spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh")
-# spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
- spawn("dak generate-packages-sources2")
- print "Updating Release files..."
- spawn("dak generate-releases")
- print "Triggering security mirrors... (this may take a while)"
- spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh")
- spawn("sudo -u archvsync -H /home/archvsync/signal_security")
- print "Triggering metadata export for packages.d.o and other consumers"
- spawn("/srv/security-master.debian.org/dak/config/debian-security/export.sh")
+ print "Locking unchecked"
+ lockfile='/srv/security-master.debian.org/lock/unchecked.lock'
+ spawn("lockfile -r8 {0}".format(lockfile))
+
+ try:
+ # 3. Now run process-upload in the newstage dir
+ print "Now put it into the security archive"
+ spawn("dak process-upload -a -d %s" % (newstage.path))
+
+ # 4. Run all the steps that are needed to publish the changed archive
+ print "Domination"
+ spawn("dak dominate")
+ # print "Generating filelist for apt-ftparchive"
+ # spawn("dak generate-filelist")
+ print "Updating Packages and Sources files... This may take a while, be patient"
+ spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh")
+ # spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
+ spawn("dak generate-packages-sources2")
+ print "Updating Release files..."
+ spawn("dak generate-releases")
+ print "Triggering security mirrors... (this may take a while)"
+ spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh")
+ spawn("sudo -u archvsync -H /home/archvsync/signal_security")
+ print "Triggering metadata export for packages.d.o and other consumers"
+ spawn("/srv/security-master.debian.org/dak/config/debian-security/export.sh")
+ finally:
+ os.unlink(lockfile)
+ print "Lock released."
########################################################################
########################################################################
projects / dak.git / commitdiff