From bec35cdf1e8d4b78f0cd539660b6a469100b12d2 Mon Sep 17 00:00:00 2001 From: Anthony Towns Date: Tue, 15 Jan 2008 07:19:42 +0000 Subject: [PATCH] sync debian-security config from klecker --- config/debian-security/apt.conf | 32 ++++---- config/debian-security/apt.conf.buildd | 21 +++-- config/debian-security/cron.buildd | 101 ++++++++++++++----------- config/debian-security/cron.daily | 45 +++++------ config/debian-security/cron.unchecked | 2 +- config/debian-security/dak.conf | 48 ++++++------ 6 files changed, 128 insertions(+), 121 deletions(-) diff --git a/config/debian-security/apt.conf b/config/debian-security/apt.conf index a231affe..41b10ef1 100644 --- a/config/debian-security/apt.conf +++ b/config/debian-security/apt.conf @@ -1,3 +1,5 @@ +APT::FTPArchive::Contents off; + Dir { ArchiveDir "/org/security.debian.org/ftp/"; @@ -7,8 +9,8 @@ Dir Default { - Packages::Compress ". gzip"; - Sources::Compress "gzip"; + Packages::Compress ". gzip bzip2"; + Sources::Compress "gzip bzip2"; DeLinkLimit 0; FileMode 0664; } @@ -18,10 +20,10 @@ tree "dists/oldstable/updates" FileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list"; SourceFileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; - Architectures "alpha arm hppa i386 ia64 mips mipsel m68k powerpc s390 sparc source"; - BinOverride "override.woody.$(SECTION)"; - ExtraOverride "override.woody.extra.$(SECTION)"; - SrcOverride "override.woody.$(SECTION).src"; + Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel m68k powerpc s390 sparc source"; + BinOverride "override.sarge.$(SECTION)"; + ExtraOverride "override.sarge.extra.$(SECTION)"; + SrcOverride "override.sarge.$(SECTION).src"; Contents " "; }; @@ -30,11 +32,13 @@ tree "dists/stable/updates" FileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list"; SourceFileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; - Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel m68k powerpc s390 sparc source"; - BinOverride "override.sarge.$(SECTION)"; - ExtraOverride "override.sarge.extra.$(SECTION)"; - SrcOverride "override.sarge.$(SECTION).src"; + Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel powerpc s390 sparc source"; + BinOverride "override.etch.$(SECTION)"; + ExtraOverride "override.etch.extra.$(SECTION)"; + SrcOverride "override.etch.$(SECTION).src"; Contents " "; + Packages::Compress "gzip bzip2"; + Sources::Compress "gzip bzip2"; }; tree "dists/testing/updates" @@ -42,10 +46,10 @@ tree "dists/testing/updates" FileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list"; SourceFileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; - Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel m68k powerpc s390 sparc source"; - BinOverride "override.etch.$(SECTION)"; - ExtraOverride "override.etch.extra.$(SECTION)"; - SrcOverride "override.etch.$(SECTION).src"; + Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel powerpc s390 sparc source"; + BinOverride "override.lenny.$(SECTION)"; + ExtraOverride "override.lenny.extra.$(SECTION)"; + SrcOverride "override.lenny.$(SECTION).src"; Contents " "; Packages::Compress "gzip bzip2"; Sources::Compress "gzip bzip2"; diff --git a/config/debian-security/apt.conf.buildd b/config/debian-security/apt.conf.buildd index e021791f..0285236e 100644 --- a/config/debian-security/apt.conf.buildd +++ b/config/debian-security/apt.conf.buildd @@ -1,8 +1,10 @@ +APT::FTPArchive::Contents off; + Dir { - ArchiveDir "/org/security.debian.org/buildd/"; - OverrideDir "/org/security.debian.org/override/"; - CacheDir "/org/security.debian.org/dak-database/"; + ArchiveDir "/srv/security.debian.org/buildd/"; + OverrideDir "/srv/security.debian.org/override/"; + CacheDir "/srv/security.debian.org/dak-database/"; }; Default @@ -20,19 +22,21 @@ bindirectory "etch" Contents " "; BinOverride "override.etch.all3"; + SrcOverride "override.etch.all3.src"; BinCacheDB "packages-accepted-etch.db"; PathPrefix ""; Packages::Extensions ".deb .udeb"; }; -bindirectory "woody" +bindirectory "lenny" { - Packages "woody/Packages"; - Sources "woody/Sources"; + Packages "lenny/Packages"; + Sources "lenny/Sources"; Contents " "; - BinOverride "override.woody.all3"; - BinCacheDB "packages-accepted-woody.db"; + BinOverride "override.lenny.all3"; + SrcOverride "override.lenny.all3.src"; + BinCacheDB "packages-accepted-lenny.db"; PathPrefix ""; Packages::Extensions ".deb .udeb"; }; @@ -44,6 +48,7 @@ bindirectory "sarge" Contents " "; BinOverride "override.sarge.all3"; + SrcOverride "override.sarge.all3.src"; BinCacheDB "packages-accepted-sarge.db"; PathPrefix ""; Packages::Extensions ".deb .udeb"; diff --git a/config/debian-security/cron.buildd b/config/debian-security/cron.buildd index 7aa42e8a..96607e48 100755 --- a/config/debian-security/cron.buildd +++ b/config/debian-security/cron.buildd @@ -2,8 +2,8 @@ # # Executed after cron.unchecked -ARCHS_oldstable="alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc s390" -ARCHS_stable="$ARCHS_oldstable" +ARCHS_oldstable="alpha arm hppa i386 ia64 m68k mips mipsel powerpc sparc s390 amd64" +ARCHS_stable="alpha amd64 arm hppa i386 ia64 mips mipsel powerpc sparc s390" ARCHS_testing="$ARCHS_stable" DISTS="oldstable stable testing" SSH_SOCKET=~/.ssh/buildd.debian.org.socket @@ -12,56 +12,65 @@ set -e export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars . $SCRIPTVARS -if [ ! -e $ftpdir/Archive_Maintenance_In_Progress ]; then - cd $masterdir - for d in $DISTS; do - eval SOURCES_$d=`stat -c "%Y" $base/buildd/$d/Sources.gz` - eval PACKAGES_$d=`stat -c "%Y" $base/buildd/$d/Packages.gz` - done - apt-ftparchive -qq generate apt.conf.buildd-security - dists= - for d in $DISTS; do - eval NEW_SOURCES_$d=`stat -c "%Y" $base/buildd/$d/Sources.gz` - eval NEW_PACKAGES_$d=`stat -c "%Y" $base/buildd/$d/Packages.gz` - old=SOURCES_$d - new=NEW_$old - if [ ${!new} -gt ${!old} ]; then - if [ -z "$dists" ]; then - dists="$d" - else - dists="$dists $d" - fi - continue +if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then + exit 0 +fi + +cd $masterdir +for d in $DISTS; do + eval SOURCES_$d=`stat -c "%Y" $base/buildd/$d/Sources.gz` + eval PACKAGES_$d=`stat -c "%Y" $base/buildd/$d/Packages.gz` +done + +apt-ftparchive -qq -o APT::FTPArchive::Contents=off generate apt.conf.buildd +dists= +for d in $DISTS; do + eval NEW_SOURCES_$d=`stat -c "%Y" $base/buildd/$d/Sources.gz` + eval NEW_PACKAGES_$d=`stat -c "%Y" $base/buildd/$d/Packages.gz` + old=SOURCES_$d + new=NEW_$old + if [ ${!new} -gt ${!old} ]; then + if [ -z "$dists" ]; then + dists="$d" + else + dists="$dists $d" fi - old=PACKAGES_$d - new=NEW_$old - if [ ${!new} -gt ${!old} ]; then - if [ -z "$dists" ]; then - dists="$d" - else - dists="$dists $d" - fi - continue + continue + fi + old=PACKAGES_$d + new=NEW_$old + if [ ${!new} -gt ${!old} ]; then + if [ -z "$dists" ]; then + dists="$d" + else + dists="$dists $d" fi + continue + fi +done + +if [ ! -z "$dists" ]; then + # setup ssh master process + ssh buildd@buildd -S $SSH_SOCKET -MN 2> /dev/null & + SSH_PID=$! + while [ ! -S $SSH_SOCKET ]; do + sleep 1 done - if [ ! -z "$dists" ]; then - # setup ssh master process - ssh buildd@buildd -S $SSH_SOCKET -MN 2> /dev/null & - SSH_PID=$! - while [ ! -S $SSH_SOCKET ]; do - sleep 1 - done - trap 'kill -TERM $SSH_PID' 0 - for d in $dists; do - archs=ARCHS_$d - ARCHS=${!archs} - cd /org/security.debian.org/buildd/$d + trap 'kill -TERM $SSH_PID' 0 + for d in $dists; do + archs=ARCHS_$d + ARCHS=${!archs} + cd /org/security.debian.org/buildd/$d + if [ "$d" != "oldstable" ]; then + # disabled for oldstable-security by ajt 2008-01-01 for a in $ARCHS; do quinn-diff -a /org/security.debian.org/buildd/Packages-arch-specific -A $a 2>/dev/null | ssh buildd@buildd -S $SSH_SOCKET wanna-build -d $d-security -b $a/build-db --merge-partial-quinn + ssh buildd@buildd -S $SSH_SOCKET wanna-build -d $d-security -A $a -b $a/build-db --merge-packages < Packages done - done - fi + else + ssh buildd@bester.farm.ftbfs.de -i ~/.ssh/id_bester sleep 1 + fi + done fi -ssh buildd@bester.farm.ftbfs.de -i ~/.ssh/id_bester sleep 1 diff --git a/config/debian-security/cron.daily b/config/debian-security/cron.daily index 6a1dbcae..dbc34b6a 100644 --- a/config/debian-security/cron.daily +++ b/config/debian-security/cron.daily @@ -10,31 +10,18 @@ export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars # Fix overrides -rsync -ql ftp-master::indices/override\* $overridedir +# disabled by ajt 2008-01-01: requires auth +#rsync -ql ftp-master::indices/override\* $overridedir cd $overridedir find . -name override\*.gz -type f -maxdepth 1 -mindepth 1 | xargs gunzip -f -find . -type l -maxdepth 1 -mindepth 1 | xargs rm - -rm -fr non-US -mkdir non-US -cd non-US -rsync -ql non-us::indices/override\* . -find . -name override\*.gz -type f -maxdepth 1 -mindepth 1 | xargs gunzip -find . -type l -maxdepth 1 -mindepth 1 | xargs rm -for i in *; do - if [ -f ../$i ]; then - cat $i >> ../$i; - fi; -done -cd .. -rm -fr non-US +find . -type l -maxdepth 1 -mindepth 1 | xargs --no-run-if-empty rm for suite in $suites; do case $suite in - oldstable) override_suite=woody;; - stable) override_suite=sarge;; - testing) override_suite=etch;; + oldstable) override_suite=sarge;; + stable) override_suite=etch;; + testing) override_suite=lenny;; *) echo "Unknown suite type ($suite)"; exit 1;; esac for component in $components; do @@ -47,19 +34,18 @@ for suite in $suites; do # XXX RUN AFUCKINGAWAY if [ "$override_type" = "udeb" ]; then if [ ! "$component" = "main" ]; then - continue; + continue fi if [ "$suite" = "unstable" ]; then dak control-overrides -q -S -t $override_type -s $suite -c updates/$component < override.$override_suite.$component$type fi else - dak control-overrides -q -S -t $override_type -s $suite -c updates/$component < override.$override_suite.$component$type + # XXX removed 2007-08-16 ajt + #dak control-overrides -q -S -t $override_type -s $suite -c updates/$component < override.$override_suite.$component$type + true fi case $suite in oldstable) - if [ ! "$override_type" = "udeb" ]; then - dak control-overrides -q -a -t $override_type -s $suite -c updates/$component < override.sarge.$component$type - fi dak control-overrides -q -a -t $override_type -s $suite -c updates/$component < override.sid.$component$type ;; stable) @@ -75,15 +61,18 @@ for suite in $suites; do done # Generate .all3 overides for the buildd support -for dist in woody sarge etch; do +for dist in sarge etch lenny; do rm -f override.$dist.all3 components="main contrib non-free"; if [ -f override.$dist.main.debian-installer ]; then - components="$components main.debian-installer"; + components="$components main.debian-installer" fi for component in $components; do - cat override.$dist.$component >> override.$dist.all3; - done; + cat override.$dist.$component >> override.$dist.all3 + if [ -e "override.$dist.$component.src" ]; then + cat override.$dist.$component.src >> override.$dist.all3.src + fi + done done ################################################################################ diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index 9f91e688..641f8bfb 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -33,4 +33,4 @@ if ! $doanything; then exit 0 fi -sh $masterdir/cron.buildd-security +sh $masterdir/cron.buildd diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf index 0af66820..fb219e5e 100644 --- a/config/debian-security/dak.conf +++ b/config/debian-security/dak.conf @@ -1,12 +1,12 @@ Dinstall { GPGKeyring { - "/org/keyring.debian.org/keyrings/debian-keyring.gpg"; - "/org/keyring.debian.org/keyrings/debian-keyring.pgp"; + "/org/keyring.debian.org/keyrings/debian-keyring.gpg"; + "/org/keyring.debian.org/keyrings/debian-keyring.pgp"; }; SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"; SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; - SigningKeyIds "2D230C5F"; + SigningKeyIds "6070D3A1"; SendmailCommand "/usr/sbin/sendmail -odq -oi -t"; MyEmailAddress "Debian Installer "; MyAdminAddress "ftpmaster@debian.org"; @@ -16,6 +16,7 @@ Dinstall PackagesServer "packages.debian.org"; LockFile "/org/security.debian.org/dak/lock"; Bcc "archive@ftp-master.debian.org"; + // GroupOverrideFilename "override.group-maint"; FutureTimeTravelGrace 28800; // 8 hours PastCutoffYear "1984"; SkipTime 300; @@ -30,14 +31,14 @@ Dinstall }; SecurityQueueHandling "true"; SecurityQueueBuild "true"; - DefaultSuite "Testing"; + DefaultSuite "oldstable"; SuiteSuffix "updates"; OverrideMaintainer "dak@security.debian.org"; StableDislocationSupport "false"; LegacyStableHasNoSections "false"; }; -Process-Unchecked +Process-New { AcceptedLockFile "/org/security.debian.org/lock/unchecked.lock"; }; @@ -53,9 +54,9 @@ Queue-Report { Directories { - byhand; - new; - accepted; + // byhand; + // new; + unembargoed; }; }; @@ -123,7 +124,8 @@ Suite { source; all; - alpha; + alpha; + amd64; arm; hppa; i386; @@ -136,12 +138,12 @@ Suite sparc; }; Announce "dak@security.debian.org"; - Version "3.0"; + Version "3.1"; Origin "Debian"; Label "Debian-Security"; - Description "Debian 3.0 Security Updates"; - CodeName "woody"; - OverrideCodeName "woody"; + Description "Debian 3.1 Security Updates"; + CodeName "sarge"; + OverrideCodeName "sarge"; CopyDotDak "/org/security.debian.org/queue/done/"; }; @@ -157,13 +159,12 @@ Suite { source; all; - alpha; amd64; + alpha; arm; hppa; i386; ia64; - m68k; mips; mipsel; powerpc; @@ -171,12 +172,12 @@ Suite sparc; }; Announce "dak@security.debian.org"; - Version "3.1"; + Version ""; Origin "Debian"; Label "Debian-Security"; - Description "Debian 3.1 Security Updates"; - CodeName "sarge"; - OverrideCodeName "sarge"; + Description "Debian 4.0 Security Updates"; + CodeName "etch"; + OverrideCodeName "etch"; CopyDotDak "/org/security.debian.org/queue/done/"; }; @@ -198,7 +199,6 @@ Suite hppa; i386; ia64; - m68k; mips; mipsel; powerpc; @@ -210,11 +210,10 @@ Suite Origin "Debian"; Label "Debian-Security"; Description "Debian testing Security Updates"; - CodeName "etch"; - OverrideCodeName "etch"; + CodeName "lenny"; + OverrideCodeName "lenny"; CopyDotDak "/org/security.debian.org/queue/done/"; }; - }; SuiteMappings @@ -223,7 +222,7 @@ SuiteMappings "silent-map stable-security stable"; // JT - FIXME, hackorama // "silent-map testing-security stable"; - "silent-map etch-secure testing"; + "silent-map etch-secure stable"; "silent-map testing-security testing"; }; @@ -251,6 +250,7 @@ Dir New "/org/security.debian.org/queue/new/"; Reject "/org/security.debian.org/queue/reject/"; Unchecked "/org/security.debian.org/queue/unchecked/"; + ProposedUpdates "/does/not/exist/"; // XXX fixme Embargoed "/org/security.debian.org/queue/embargoed/"; Unembargoed "/org/security.debian.org/queue/unembargoed/"; -- 2.39.2