Guillem Jover [Sun, 17 Jan 2016 01:08:12 +0000 (02:08 +0100)]
Add support for detached upstream signatures
Upstream tarballs usually come with detached signatures, which would be
useful to have in the source package, as an additional check that could
be performed to verify its integrity and provenance.
stable-proposed-updates is called "proposed-updates" in projectb, so
that's what we pass to the byhand script. It shouldn't be turned into
"proposed-updates-proposed-updates".
Ansgar Burchardt [Sat, 16 Jan 2016 14:23:39 +0000 (15:23 +0100)]
Add option to forbid source and/or binary uploads to a suite
This is intended to be used to forbid uploads to policy queues and build
queues which would result in confusing results. While we already have a
"reject" option in the dak.conf's SuiteMappings, having the option in
the database means we don't have to edit dak.conf when configuring new
suites.
Another usecase will be the "unstable" suite for Debian Ports: here we
want to import the source packages (and arch:all) from the main archive
and only accept binary uploads. Additional source packages must go into
the "unreleased-*" suites. This was not possible via SuiteMappings.
Ansgar Burchardt [Sat, 16 Jan 2016 14:07:47 +0000 (15:07 +0100)]
Check for debug suite for upload suite, not override suite
Debug packages are exempt from NEW if the target suite has a seperate
debug suite. However the code checked if the target's override suite
had a debug suite... For the Debian archive this went unnoticed as
experimental's override suite is unstable and both suites have a
seperate debug suite.
Joerg Jaspert [Sat, 2 Jan 2016 13:04:55 +0000 (14:04 +0100)]
Entirely make cronscript magic
There is no longer a defined list of arguments it can handle.
Instead the arguments are defined in the var file, whose location
defaults to the FTPMaster location - but can be overriden using an
environment variable.
To be able to have specific types of cronscripts run pre/post actions,
we now check for the existance of preconscript and postcronscript
functions, and if they exist, they are run as the first/last thing
before/after anything listed in the .task file
Joerg Jaspert [Fri, 1 Jan 2016 21:39:55 +0000 (22:39 +0100)]
Only hardcode path to config if variable isn't set
That way we can just set the variable in the crontab file (or users
environment), and do not need to change cronscript (eg. when run on the
security archive)
Joerg Jaspert [Wed, 30 Dec 2015 13:17:00 +0000 (14:17 +0100)]
Various
- reorder global variables
- use UTF-8 locale by default
- declare osme variables readonly
- a bit more comments
- remove dangling logfile symlinks at end of cronscript
- indentation fixups
Joerg Jaspert [Tue, 29 Dec 2015 23:42:34 +0000 (00:42 +0100)]
Loadsa changes to make new cronscript way work
- Move functions so they are seen,
- Emit logs not only when called by dinstall
- Use correct variables (TMPFILES, not TEMPFILES)
- Define used variables
- create a scriptname link to the logfiles with datebased names
- in the logdir, not in the configdir
- move linkmorgue from daily to weekly
- remove nonexistant tasks
- make purgeempty and fixsymlinks work on all archives, not just main
- all weekly tasks run in parallel
Ansgar Burchardt [Sun, 20 Dec 2015 13:06:28 +0000 (14:06 +0100)]
Add option to not check arch:all rdeps
This is useful when removing packages on some architectures that have
many arch:all rdeps. We know these will break, but listing them
obscures which arch-dep packages will be broken.
Of course we will still break the possibly arch-dep packages of the
arch:all packages that will no longer be installable...
Ansgar Burchardt [Sat, 19 Dec 2015 10:52:38 +0000 (11:52 +0100)]
Include all source packages in index
Previously we required that either an override is present or the
source is an "extra source" introduced via Built-Using. However as we
now include all binary packages (see previous commit), we should also
include all source packages to treat both in a consistent way.
Ansgar Burchardt [Sat, 19 Dec 2015 10:50:25 +0000 (11:50 +0100)]
Use Priority/Section from package as a fallback
This change makes generage-packages-sources2 use the Section and
Priority values provided by the package in case no override is
present.
With this change, automatic override packages do not require manual
override handling. It is also useful for testing purposes or possibly
users with other workflows than Debian's.
Preparing for phasing out SHA1 means first and for most eliminating hard
dependencies on it, so lets include SHA256 hashes in .diff/Index as new
fields as this keeps backward compatibility.
Signed-off-by: David Kalnischkies <david@kalnischkies.de>
include hashsum for compressed patch file in .diff/Index
APT prefers to download files it has hashes for to check it actually got
the file it wanted instead of some man-in-the-middled file (by an attacker
or simply by a webportal returning a login mask for every request).
Giving it the hash of the compressed file saves APT from needing to
uncompress the patch before being able to verify its integrity.
Signed-off-by: David Kalnischkies <david@kalnischkies.de> Signed-off-by: Joerg Jaspert <joerg@debian.org>