Only move accepted files in cron.unchecked

This avoids triggering the taint check in spawn().

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index f55315c5028de92ce927db75ed48e1afcba9b4cb..8685f34deb3c0cc3c272c085e6c3a13bfb69b55f 100755 (executable)
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -62,6 +62,10 @@ if [ -n "$changes" ]; then
     dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
+# sync accepted files to ftpmaster
+cd ${base}
+find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+
 if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
     echo "$timestamp": Nothing to do >> $report
     exit 0
@@ -113,7 +117,6 @@ done
 
 if [ "x${dopolicy}x" = "xtruex" ]; then
     # We had something approved from a policy queue, push out new archive
-    find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
     dak dominate
     #dak generate-filelist
     cd $configdir

diff --git a/dak/new_security_install.py b/dak/new_security_install.py
index 8bd86fbea792edf0505b39826f7bedd3f14c4943..4f718b457e1cbb19b2712edae111f0a0b6ef83e7 100755 (executable)
--- a/dak/new_security_install.py
+++ b/dak/new_security_install.py
@@ -100,10 +100,6 @@ def _do_Approve():
         for queue in ("embargoed",):
             spawn("dak process-policy {0}".format(queue))
 
-        # 2. sync the stuff to ftpmaster
-        print "Sync stuff for upload to ftpmaster"
-        spawn("find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +")
-
         # 3. Run all the steps that are needed to publish the changed archive
         print "Domination"
         spawn("dak dominate")