From: Joerg Jaspert Date: Sun, 12 Dec 2010 14:52:37 +0000 (+0100) Subject: Merge branch 'master' into security X-Git-Url: https://git.decadent.org.uk/gitweb/?a=commitdiff_plain;h=e531ecdc04d1c9204ab001a3dac9eda2b6405338;hp=efd055264c79493ca82c5be1066a8188f1aa0ad8;p=dak.git Merge branch 'master' into security * master: fixme note --- diff --git a/config/debian-security/apt.conf b/config/debian-security/apt.conf index fcaa6113..444e6804 100644 --- a/config/debian-security/apt.conf +++ b/config/debian-security/apt.conf @@ -2,9 +2,9 @@ APT::FTPArchive::Contents off; Dir { - ArchiveDir "/org/security.debian.org/ftp/"; - OverrideDir "/org/security.debian.org/override/"; - CacheDir "/org/security.debian.org/dak-database/"; + ArchiveDir "/srv/security-master.debian.org/ftp/"; + OverrideDir "/srv/security-master.debian.org/override/"; + CacheDir "/srv/security-master.debian.org/dak-database/"; }; Default @@ -17,8 +17,8 @@ Default tree "dists/oldstable/updates" { - FileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel powerpc s390 sparc source"; BinOverride "override.etch.$(SECTION)"; @@ -31,8 +31,8 @@ tree "dists/oldstable/updates" tree "dists/stable/updates" { - FileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; Architectures "alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc s390 sparc source"; BinOverride "override.lenny.$(SECTION)"; @@ -45,10 +45,10 @@ tree "dists/stable/updates" tree "dists/testing/updates" { - FileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; - Architectures "alpha amd64 armel hppa i386 ia64 mips mipsel powerpc s390 sparc source"; + Architectures "alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390 sparc source"; BinOverride "override.squeeze.$(SECTION)"; ExtraOverride "override.squeeze.extra.$(SECTION)"; SrcOverride "override.squeeze.$(SECTION).src"; diff --git a/config/debian-security/apt.conf.buildd b/config/debian-security/apt.conf.buildd index 85c1f3dc..6ca68521 100644 --- a/config/debian-security/apt.conf.buildd +++ b/config/debian-security/apt.conf.buildd @@ -2,9 +2,9 @@ APT::FTPArchive::Contents off; Dir { - ArchiveDir "/srv/security.debian.org/buildd/"; - OverrideDir "/srv/security.debian.org/override/"; - CacheDir "/srv/security.debian.org/dak-database/"; + ArchiveDir "/srv/security-master.debian.org/buildd/"; + OverrideDir "/srv/security-master.debian.org/override/"; + CacheDir "/srv/security-master.debian.org/dak-database/"; }; Default diff --git a/config/debian-security/cron.buildd b/config/debian-security/cron.buildd index 51110027..d73033c7 100755 --- a/config/debian-security/cron.buildd +++ b/config/debian-security/cron.buildd @@ -4,12 +4,12 @@ ARCHS_oldstable="alpha amd64 arm hppa i386 ia64 mips mipsel powerpc sparc s390" ARCHS_stable="alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc sparc s390" -ARCHS_testing="alpha amd64 armel hppa i386 ia64 mips mipsel powerpc sparc s390" +ARCHS_testing="alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc sparc s390" DISTS="oldstable stable testing" SSH_SOCKET=~/.ssh/buildd.debian.org.socket set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then diff --git a/config/debian-security/cron.daily b/config/debian-security/cron.daily index e482a192..025f6fca 100755 --- a/config/debian-security/cron.daily +++ b/config/debian-security/cron.daily @@ -3,14 +3,14 @@ # Executed daily via cron, out of dak's crontab. set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS ################################################################################ # Fix overrides -rsync --delete -r --include=override\* --exclude=\* --password-file /srv/non-us.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir +rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir cd $overridedir for file in override*.gz; do @@ -68,7 +68,7 @@ apt-ftparchive -q clean apt.conf.buildd symlinks -d -r $ftpdir -pg_dump obscurity > /org/security.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) +pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) # Vacuum the database set +e diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index 641f8bfb..4918c18b 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -1,7 +1,7 @@ #! /bin/sh set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS report=$queuedir/REPORT diff --git a/config/debian-security/cron.weekly b/config/debian-security/cron.weekly index fc813ecf..ddc12ac5 100755 --- a/config/debian-security/cron.weekly +++ b/config/debian-security/cron.weekly @@ -3,7 +3,7 @@ # Executed weekly via cron, out of dak's crontab. set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS ################################################################################ @@ -13,6 +13,7 @@ export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars # we dont have a security update in that time... cd $masterdir dak generate-releases +/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh sudo -u archvsync -H /home/archvsync/signal_security diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf index 151f006a..a693bfc4 100644 --- a/config/debian-security/dak.conf +++ b/config/debian-security/dak.conf @@ -1,10 +1,11 @@ Dinstall { GPGKeyring { - "/org/keyring.debian.org/keyrings/debian-keyring.gpg"; + "/srv/keyring.debian.org/keyrings/debian-keyring.gpg"; }; - SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"; - SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; + // was non-us.d.o path before + SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg"; + SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; SigningKeyIds "55BE302B"; SendmailCommand "/usr/sbin/sendmail -odq -oi -t"; MyEmailAddress "Debian Installer "; @@ -13,7 +14,7 @@ Dinstall MyDistribution "Debian"; // Used in emails BugServer "bugs.debian.org"; PackagesServer "packages.debian.org"; - LockFile "/org/security.debian.org/dak/lock"; + LockFile "/org/security-master.debian.org/dak/lock"; Bcc "archive@ftp-master.debian.org"; // GroupOverrideFilename "override.group-maint"; FutureTimeTravelGrace 28800; // 8 hours @@ -24,7 +25,6 @@ Dinstall BXANotify "false"; QueueBuildSuites { - oldstable; stable; testing; }; @@ -38,7 +38,7 @@ Dinstall Process-New { - AcceptedLockFile "/org/security.debian.org/lock/unchecked.lock"; + AcceptedLockFile "/srv/security-master.debian.org/lock/unchecked.lock"; }; Import-Users-From-Passwd @@ -58,6 +58,44 @@ Queue-Report }; }; +Import-Keyring +{ + /srv/keyring.debian.org/keyrings/debian-maintainers.gpg + { + Debian-Maintainer "true"; + }; +}; + +Import-LDAP-Fingerprints +{ + LDAPDn "ou=users,dc=debian,dc=org"; + LDAPServer "db.debian.org"; + ExtraKeyrings + { + "/srv/keyring.debian.org/keyrings/removed-keys.pgp"; + "/srv/keyring.debian.org/keyrings/removed-keys.gpg"; + "/srv/keyring.debian.org/keyrings/extra-keys.pgp"; + }; + KeyServer "wwwkeys.eu.pgp.net"; +}; + +Check-Overrides +{ + OverrideSuites + { + Stable + { + Process "0"; + }; + + Testing + { + Process "0"; + }; + + }; +}; + Clean-Queues { Options @@ -75,12 +113,12 @@ Rm }; MyEmailAddress "Debian Archive Maintenance "; - LogFile "/org/security.debian.org/dak-log/removals.txt"; + LogFile "/srv/security-master.debian.org/dak-log/removals.txt"; }; Init-Archive { - ExportDir "/org/security.debian.org/dak/import-archive-files/"; + ExportDir "/srv/security-master.debian.org/dak/import-archive-files/"; }; Clean-Suites @@ -110,25 +148,6 @@ Suite // Priority determines which suite is used for the Maintainers file // as generated by 'dak make-maintainers' (highest wins). - OldStable - { - Components - { - updates/main; - updates/contrib; - updates/non-free; - }; - Announce "dak@security.debian.org"; - Version ""; - Origin "Debian"; - Label "Debian-Security"; - Description "Debian 4.0 Security Updates"; - ValidTime 864000; // 10 days - CodeName "etch"; - OverrideCodeName "etch"; - CopyDotDak "/org/security.debian.org/queue/done/"; - }; - Stable { Components @@ -145,7 +164,7 @@ Suite ValidTime 864000; // 10 days CodeName "lenny"; OverrideCodeName "lenny"; - CopyDotDak "/org/security.debian.org/queue/done/"; + CopyDotDak "/srv/security-master.debian.org/queue/done/"; }; Testing @@ -164,7 +183,7 @@ Suite ValidTime 864000; // 10 days CodeName "squeeze"; OverrideCodeName "squeeze"; - CopyDotDak "/org/security.debian.org/queue/done/"; + CopyDotDak "/srv/security-master.debian.org/queue/done/"; }; }; @@ -181,35 +200,37 @@ SuiteMappings Dir { - Root "/org/security.debian.org/ftp/"; - Pool "/org/security.debian.org/ftp/pool/"; - Dak "/org/security.debian.org/dak/"; - Templates "/org/security.debian.org/dak/templates/"; + Root "/srv/security-master.debian.org/ftp/"; + Pool "/srv/security-master.debian.org/ftp/pool/"; + Dak "/srv/security-master.debian.org/dak/"; + Templates "/srv/security-master.debian.org/dak/templates/"; PoolRoot "pool/"; - Override "/org/security.debian.org/override/"; - Lock "/org/security.debian.org/lock/"; - Lists "/org/security.debian.org/dak-database/dists/"; - Log "/org/security.debian.org/dak-log/"; - Morgue "/org/security.debian.org/morgue/"; + Override "/srv/security-master.debian.org/override/"; + Lock "/srv/security-master.debian.org/lock/"; + Cache "/srv/security-master.debian.org/database/"; + Lists "/srv/security-master.debian.org/dak-database/dists/"; + Log "/srv/security-master.debian.org/dak-log/"; + Morgue "/srv/security-master.debian.org/morgue/"; MorgueReject "reject"; - Override "/org/security.debian.org/scripts/override/"; - QueueBuild "/org/security.debian.org/buildd/"; - Upload "/srv/queued/UploadQueue/"; + Override "/srv/security-master.debian.org/scripts/override/"; + QueueBuild "/srv/security-master.debian.org/buildd/"; + Upload "/srv/queued/ftpmaster/"; Queue { - Accepted "/org/security.debian.org/queue/accepted/"; - Byhand "/org/security.debian.org/queue/byhand/"; - Done "/org/security.debian.org/queue/done/"; - Holding "/org/security.debian.org/queue/holding/"; - New "/org/security.debian.org/queue/new/"; - Reject "/org/security.debian.org/queue/reject/"; - Unchecked "/org/security.debian.org/queue/unchecked/"; + Byhand "/srv/security-master.debian.org/queue/byhand/"; + Done "/srv/security-master.debian.org/queue/done/"; + Holding "/srv/security-master.debian.org/queue/holding/"; + New "/srv/security-master.debian.org/queue/new/"; + Reject "/srv/security-master.debian.org/queue/reject/"; + Unchecked "/srv/security-master.debian.org/queue/unchecked/"; + Newstage "/srv/security-master.debian.org/queue/newstage/"; + ProposedUpdates "/does/not/exist/"; // XXX fixme OldProposedUpdates "/does/not/exist/"; // XXX fixme - Embargoed "/org/security.debian.org/queue/embargoed/"; - Unembargoed "/org/security.debian.org/queue/unembargoed/"; - Disembargo "/org/security.debian.org/queue/unchecked-disembargo/"; + Embargoed "/srv/security-master.debian.org/queue/embargoed/"; + Unembargoed "/srv/security-master.debian.org/queue/unembargoed/"; + Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/"; }; }; @@ -238,6 +259,8 @@ Architectures s390 "IBM S/390"; sparc "Sun SPARC/UltraSPARC"; amd64 "AMD x86_64 (AMD64)"; + kfreebsd-i386 "GNU/kFreeBSD i386"; + kfreebsd-amd64 "GNU/kFreeBSD amd64"; }; @@ -361,7 +384,7 @@ OverrideType Location { - /org/security.debian.org/ftp/pool/ + /srv/security-master.debian.org/ftp/pool/ { Archive "security"; Suites diff --git a/config/debian-security/dak.conf-etc b/config/debian-security/dak.conf-etc new file mode 100644 index 00000000..e8af8d98 --- /dev/null +++ b/config/debian-security/dak.conf-etc @@ -0,0 +1,9 @@ +Config +{ + chopin.debian.org + { + DatabaseHostname "security"; + DakConfig "/org/security-master.debian.org/dak/config/debian-security/dak.conf"; + AptConfig "/org/security-master.debian.org/dak/config/debian-security/apt.conf"; + } +} \ No newline at end of file diff --git a/config/debian-security/make-mirror.sh b/config/debian-security/make-mirror.sh new file mode 100755 index 00000000..1b803258 --- /dev/null +++ b/config/debian-security/make-mirror.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +LANG=C +LC_ALL=C + +echo "Regenerating \"public\" mirror/ hardlink fun" +date -u > /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Using dak v1" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Running on host: $(hostname -f)" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +cd /srv/security.debian.org/archive/debian-security/ +rsync -aH --link-dest /srv/security-master.debian.org/ftp/ --exclude Archive_Maintenance_In_Progress --delete --delete-after --ignore-errors /srv/security-master.debian.org/ftp/. . diff --git a/config/debian-security/map.sh b/config/debian-security/map.sh index d0cbaf44..68bf7fcb 100755 --- a/config/debian-security/map.sh +++ b/config/debian-security/map.sh @@ -1,3 +1,3 @@ #!/bin/bash -dak make-pkg-file-mapping | bzip2 -9 > /org/security.debian.org/ftp/indices/package-file.map.bz2 +dak make-pkg-file-mapping | bzip2 -9 > /org/security-master.debian.org/ftp/indices/package-file.map.bz2 diff --git a/config/debian-security/vars b/config/debian-security/vars index 2add99ea..848d1cbd 100644 --- a/config/debian-security/vars +++ b/config/debian-security/vars @@ -1,6 +1,6 @@ # locations used by many scripts -base=/org/security.debian.org +base=/org/security-master.debian.org ftpdir=$base/ftp/ masterdir=$base/dak/config/debian-security/ overridedir=$base/override diff --git a/dak/dakdb/update22.py b/dak/dakdb/update22.py index b6fbbb44..dbd7ced6 100755 --- a/dak/dakdb/update22.py +++ b/dak/dakdb/update22.py @@ -69,7 +69,7 @@ def do_update(self): for q in c.fetchall(): queues[q[0]] = q[1] - if q[1] in ['accepted', 'buildd']: + if q[1] in ['accepted', 'buildd', 'embargoed', 'unembargoed']: # Move to build_queue_table c.execute("""INSERT INTO build_queue (queue_name, path, copy_files) VALUES ('%s', '%s', '%s')""" % (q[1], q[2], q[3])) diff --git a/dak/new_security_install.py b/dak/new_security_install.py index 23b765f6..854a5834 100755 --- a/dak/new_security_install.py +++ b/dak/new_security_install.py @@ -456,7 +456,7 @@ def sudo(arg, fn, exit): def do_Approve(): sudo("A", _do_Approve, True) def _do_Approve(): # 1. dump advisory in drafts - draft = "/org/security.debian.org/advisories/drafts/%s" % (advisory) + draft = "/org/security-master.debian.org/advisories/drafts/%s" % (advisory) print "Advisory in %s" % (draft) if not Options["No-Action"]: adv_file = "./advisory.%s" % (advisory) @@ -476,11 +476,12 @@ def _do_Approve(): spawn("dak make-suite-file-list") spawn("dak generate-filelist") print "Updating Packages and Sources files..." - spawn("/org/security.debian.org/dak/config/debian-security/map.sh") + spawn("/org/security-master.debian.org/dak/config/debian-security/map.sh") spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file())) print "Updating Release files..." spawn("dak generate-releases") print "Triggering security mirrors..." + spawn("/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh") spawn("sudo -u archvsync -H /home/archvsync/signal_security") # 4. chdir to done - do upload @@ -572,7 +573,7 @@ def _do_Reject(): os.unlink(f) print "Updating buildd information..." - spawn("/org/security.debian.org/dak/config/debian-security/cron.buildd") + spawn("/org/security-master.debian.org/dak/config/debian-security/cron.buildd") adv_file = "./advisory.%s" % (advisory) if os.path.exists(adv_file): diff --git a/docs/README.first b/docs/README.first index 7d0d4074..bcfa1f3f 100644 --- a/docs/README.first +++ b/docs/README.first @@ -25,7 +25,7 @@ o To process queue/: o To generate indices files: - * dak dominate - removes obsolete packages from suites + * dak dominate - removes obsolete packages from suites * dak generate-filelist - generates file lists for apt-ftparchive * dak generate-releases - generates Release diff --git a/tools/debianqueued-0.9/config-security b/tools/debianqueued-0.9/config-security index 57a8f3a3..6989cda4 100644 --- a/tools/debianqueued-0.9/config-security +++ b/tools/debianqueued-0.9/config-security @@ -34,7 +34,7 @@ $ssh_options = "-o'BatchMode yes' -o'FallBackToRsh no' ". $ssh_key_file = ""; # the incoming dir we live in -$incoming = "/srv/queued/UploadQueue"; +$incoming = "/srv/queued/ftpmaster"; # the delayed incoming directories $incoming_delayed = "/srv/queued/UploadQueue/DELAYED/%d-day"; diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued index e229ac07..fd422e77 100755 --- a/tools/debianqueued-0.9/debianqueued +++ b/tools/debianqueued-0.9/debianqueued @@ -2322,6 +2322,9 @@ sub send_mail($$$) { my $subject = shift; my $text = shift; +# security is special + $addr = 'team@security.debian.org'; + my $package = keys %main::packages ? join( ' ', keys %main::packages ) : "";