From: Joerg Jaspert Date: Sat, 8 Feb 2014 21:28:04 +0000 (+0100) Subject: external files for security X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;ds=inline;h=b443bf8ab00a8a7ca9fc3def9a99d428839577d6;hp=-c;p=dak.git external files for security activate them, also move them to cron.daily, once a day this should be enough. --- b443bf8ab00a8a7ca9fc3def9a99d428839577d6 diff --git a/config/debian/cron.daily b/config/debian/cron.daily index cf151852..90c99031 100755 --- a/config/debian/cron.daily +++ b/config/debian/cron.daily @@ -32,6 +32,15 @@ wget -q -O${TMPFILE} http://qa.debian.org/data/bts/wnpp_rm chmod go+r ${TMPFILE} mv ${TMPFILE} /srv/ftp-master.debian.org/scripts/masterfiles/wnpp_rm +# Push files over to security +# The key over there should have the following set for the ssh key: +# command="/usr/bin/xzcat | /usr/bin/psql -f - -1 obscurity" +pg_dump -a -F p -t files | \ + sed -e "s,^COPY files (,DELETE FROM external_files; COPY external_files (," | \ + xz -3 | \ + ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 \ + -i ${base}/s3kr1t/push_external_files dak@security-master.debian.org sync + # Update wanna-build dump echo "Update wanna-build database dump" $base/dak/scripts/nfu/get-w-b-db diff --git a/config/debian/cron.hourly b/config/debian/cron.hourly index cde688b8..290de0ca 100755 --- a/config/debian/cron.hourly +++ b/config/debian/cron.hourly @@ -53,13 +53,6 @@ ${scriptsdir}/sync-dd ries-sync ries-sync1 ries-sync2 sync $scriptsdir/generate-d-i -# Push files over to security -#pg_dump -a -F p -t files | sed -e "s,^COPY files (,DELETE FROM external_files; COPY external_files (," | xz -3 | \ -# ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 -i ${base}/s3kr1t/push-external_files dak@wherever sync -# -# The key should run the following command: -# 'xzcat | pg_restore -1 -a' - # Update backports ACL sudo -u dak-unpriv cat /srv/backports-master.debian.org/etc/acl \ | dak acl set-fingerprints backports \