From b43ed3ff3738940ce46caa836d88b6937a76582c Mon Sep 17 00:00:00 2001 From: Archive Administrator Date: Sun, 21 Nov 2010 23:20:08 +0000 Subject: [PATCH] Local security-master changes --- config/debian-security/apt.conf | 20 +++--- config/debian-security/apt.conf.buildd | 6 +- config/debian-security/cron.buildd | 4 +- config/debian-security/cron.daily | 6 +- config/debian-security/cron.unchecked | 2 +- config/debian-security/cron.weekly | 3 +- config/debian-security/dak.conf | 96 ++++++++++++++++---------- config/debian-security/dak.conf-etc | 9 +++ config/debian-security/make-mirror.sh | 13 ++++ config/debian-security/map.sh | 2 +- config/debian-security/vars | 2 +- dak/new_security_install.py | 13 ++-- daklib/utils.py | 1 + templates/security-install.advisory | 13 +++- tools/debianqueued-0.9/config-security | 2 +- tools/debianqueued-0.9/debianqueued | 3 + 16 files changed, 128 insertions(+), 67 deletions(-) create mode 100644 config/debian-security/dak.conf-etc create mode 100755 config/debian-security/make-mirror.sh diff --git a/config/debian-security/apt.conf b/config/debian-security/apt.conf index fcaa6113..444e6804 100644 --- a/config/debian-security/apt.conf +++ b/config/debian-security/apt.conf @@ -2,9 +2,9 @@ APT::FTPArchive::Contents off; Dir { - ArchiveDir "/org/security.debian.org/ftp/"; - OverrideDir "/org/security.debian.org/override/"; - CacheDir "/org/security.debian.org/dak-database/"; + ArchiveDir "/srv/security-master.debian.org/ftp/"; + OverrideDir "/srv/security-master.debian.org/override/"; + CacheDir "/srv/security-master.debian.org/dak-database/"; }; Default @@ -17,8 +17,8 @@ Default tree "dists/oldstable/updates" { - FileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel powerpc s390 sparc source"; BinOverride "override.etch.$(SECTION)"; @@ -31,8 +31,8 @@ tree "dists/oldstable/updates" tree "dists/stable/updates" { - FileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; Architectures "alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc s390 sparc source"; BinOverride "override.lenny.$(SECTION)"; @@ -45,10 +45,10 @@ tree "dists/stable/updates" tree "dists/testing/updates" { - FileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list"; - SourceFileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list"; + FileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list"; Sections "main contrib non-free"; - Architectures "alpha amd64 armel hppa i386 ia64 mips mipsel powerpc s390 sparc source"; + Architectures "alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390 sparc source"; BinOverride "override.squeeze.$(SECTION)"; ExtraOverride "override.squeeze.extra.$(SECTION)"; SrcOverride "override.squeeze.$(SECTION).src"; diff --git a/config/debian-security/apt.conf.buildd b/config/debian-security/apt.conf.buildd index 85c1f3dc..6ca68521 100644 --- a/config/debian-security/apt.conf.buildd +++ b/config/debian-security/apt.conf.buildd @@ -2,9 +2,9 @@ APT::FTPArchive::Contents off; Dir { - ArchiveDir "/srv/security.debian.org/buildd/"; - OverrideDir "/srv/security.debian.org/override/"; - CacheDir "/srv/security.debian.org/dak-database/"; + ArchiveDir "/srv/security-master.debian.org/buildd/"; + OverrideDir "/srv/security-master.debian.org/override/"; + CacheDir "/srv/security-master.debian.org/dak-database/"; }; Default diff --git a/config/debian-security/cron.buildd b/config/debian-security/cron.buildd index 51110027..d73033c7 100755 --- a/config/debian-security/cron.buildd +++ b/config/debian-security/cron.buildd @@ -4,12 +4,12 @@ ARCHS_oldstable="alpha amd64 arm hppa i386 ia64 mips mipsel powerpc sparc s390" ARCHS_stable="alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc sparc s390" -ARCHS_testing="alpha amd64 armel hppa i386 ia64 mips mipsel powerpc sparc s390" +ARCHS_testing="alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc sparc s390" DISTS="oldstable stable testing" SSH_SOCKET=~/.ssh/buildd.debian.org.socket set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then diff --git a/config/debian-security/cron.daily b/config/debian-security/cron.daily index e482a192..025f6fca 100755 --- a/config/debian-security/cron.daily +++ b/config/debian-security/cron.daily @@ -3,14 +3,14 @@ # Executed daily via cron, out of dak's crontab. set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS ################################################################################ # Fix overrides -rsync --delete -r --include=override\* --exclude=\* --password-file /srv/non-us.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir +rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir cd $overridedir for file in override*.gz; do @@ -68,7 +68,7 @@ apt-ftparchive -q clean apt.conf.buildd symlinks -d -r $ftpdir -pg_dump obscurity > /org/security.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) +pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) # Vacuum the database set +e diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index 641f8bfb..4918c18b 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -1,7 +1,7 @@ #! /bin/sh set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS report=$queuedir/REPORT diff --git a/config/debian-security/cron.weekly b/config/debian-security/cron.weekly index fc813ecf..ddc12ac5 100755 --- a/config/debian-security/cron.weekly +++ b/config/debian-security/cron.weekly @@ -3,7 +3,7 @@ # Executed weekly via cron, out of dak's crontab. set -e -export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars +export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS ################################################################################ @@ -13,6 +13,7 @@ export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars # we dont have a security update in that time... cd $masterdir dak generate-releases +/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh sudo -u archvsync -H /home/archvsync/signal_security diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf index 6035bf01..31cd3de2 100644 --- a/config/debian-security/dak.conf +++ b/config/debian-security/dak.conf @@ -1,12 +1,13 @@ Dinstall { GPGKeyring { - "/org/keyring.debian.org/keyrings/debian-keyring.gpg"; - "/org/keyring.debian.org/keyrings/debian-keyring.pgp"; + "/srv/keyring.debian.org/keyrings/debian-keyring.gpg"; + "/srv/keyring.debian.org/keyrings/debian-keyring.pgp"; }; - SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg"; - SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; - SigningKeyIds "6070D3A1"; + // was non-us.d.o path before + SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg"; + SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; + SigningKeyIds "55BE302B"; SendmailCommand "/usr/sbin/sendmail -odq -oi -t"; MyEmailAddress "Debian Installer "; MyAdminAddress "ftpmaster@debian.org"; @@ -14,7 +15,7 @@ Dinstall MyDistribution "Debian"; // Used in emails BugServer "bugs.debian.org"; PackagesServer "packages.debian.org"; - LockFile "/org/security.debian.org/dak/lock"; + LockFile "/org/security-master.debian.org/dak/lock"; Bcc "archive@ftp-master.debian.org"; // GroupOverrideFilename "override.group-maint"; FutureTimeTravelGrace 28800; // 8 hours @@ -39,7 +40,7 @@ Dinstall Process-New { - AcceptedLockFile "/org/security.debian.org/lock/unchecked.lock"; + AcceptedLockFile "/srv/security-master.debian.org/lock/unchecked.lock"; }; Import-Users-From-Passwd @@ -76,12 +77,12 @@ Rm }; MyEmailAddress "Debian Archive Maintenance "; - LogFile "/org/security.debian.org/dak-log/removals.txt"; + LogFile "/srv/security-master.debian.org/dak-log/removals.txt"; }; Init-Archive { - ExportDir "/org/security.debian.org/dak/import-archive-files/"; + ExportDir "/srv/security-master.debian.org/dak/import-archive-files/"; }; Clean-Suites @@ -127,7 +128,7 @@ Suite ValidTime 864000; // 10 days CodeName "etch"; OverrideCodeName "etch"; - CopyDotDak "/org/security.debian.org/queue/done/"; + CopyDotDak "/srv/security-master.debian.org/queue/done/"; }; Stable @@ -146,7 +147,7 @@ Suite ValidTime 864000; // 10 days CodeName "lenny"; OverrideCodeName "lenny"; - CopyDotDak "/org/security.debian.org/queue/done/"; + CopyDotDak "/srv/security-master.debian.org/queue/done/"; }; Testing @@ -165,7 +166,7 @@ Suite ValidTime 864000; // 10 days CodeName "squeeze"; OverrideCodeName "squeeze"; - CopyDotDak "/org/security.debian.org/queue/done/"; + CopyDotDak "/srv/security-master.debian.org/queue/done/"; }; }; @@ -182,35 +183,35 @@ SuiteMappings Dir { - Root "/org/security.debian.org/ftp/"; - Pool "/org/security.debian.org/ftp/pool/"; - Dak "/org/security.debian.org/dak/"; - Templates "/org/security.debian.org/dak/templates/"; + Root "/srv/security-master.debian.org/ftp/"; + Pool "/srv/security-master.debian.org/ftp/pool/"; + Dak "/srv/security-master.debian.org/dak/"; + Templates "/srv/security-master.debian.org/dak/templates/"; PoolRoot "pool/"; - Override "/org/security.debian.org/override/"; - Lock "/org/security.debian.org/lock/"; - Lists "/org/security.debian.org/dak-database/dists/"; - Log "/org/security.debian.org/dak-log/"; - Morgue "/org/security.debian.org/morgue/"; + Override "/srv/security-master.debian.org/override/"; + Lock "/srv/security-master.debian.org/lock/"; + Lists "/srv/security-master.debian.org/dak-database/dists/"; + Log "/srv/security-master.debian.org/dak-log/"; + Morgue "/srv/security-master.debian.org/morgue/"; MorgueReject "reject"; - Override "/org/security.debian.org/scripts/override/"; - QueueBuild "/org/security.debian.org/buildd/"; - Upload "/srv/queued/UploadQueue/"; + Override "/srv/security-master.debian.org/scripts/override/"; + QueueBuild "/srv/security-master.debian.org/buildd/"; + Upload "/srv/queued/ftpmaster/"; Queue { - Accepted "/org/security.debian.org/queue/accepted/"; - Byhand "/org/security.debian.org/queue/byhand/"; - Done "/org/security.debian.org/queue/done/"; - Holding "/org/security.debian.org/queue/holding/"; - New "/org/security.debian.org/queue/new/"; - Reject "/org/security.debian.org/queue/reject/"; - Unchecked "/org/security.debian.org/queue/unchecked/"; + Accepted "/srv/security-master.debian.org/queue/accepted/"; + Byhand "/srv/security-master.debian.org/queue/byhand/"; + Done "/srv/security-master.debian.org/queue/done/"; + Holding "/srv/security-master.debian.org/queue/holding/"; + New "/srv/security-master.debian.org/queue/new/"; + Reject "/srv/security-master.debian.org/queue/reject/"; + Unchecked "/srv/security-master.debian.org/queue/unchecked/"; ProposedUpdates "/does/not/exist/"; // XXX fixme OldProposedUpdates "/does/not/exist/"; // XXX fixme - Embargoed "/org/security.debian.org/queue/embargoed/"; - Unembargoed "/org/security.debian.org/queue/unembargoed/"; - Disembargo "/org/security.debian.org/queue/unchecked-disembargo/"; + Embargoed "/srv/security-master.debian.org/queue/embargoed/"; + Unembargoed "/srv/security-master.debian.org/queue/unembargoed/"; + Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/"; }; }; @@ -239,6 +240,8 @@ Architectures s390 "IBM S/390"; sparc "Sun SPARC/UltraSPARC"; amd64 "AMD x86_64 (AMD64)"; + kfreebsd-i386 "GNU/kFreeBSD i386"; + kfreebsd-amd64 "GNU/kFreeBSD amd64"; }; @@ -290,31 +293,45 @@ ComponentMappings Section { admin; - base; + cli-mono; comm; + database; debian-installer; + debug; devel; doc; editors; - electronics; embedded; + electronics; + fonts; games; gnome; graphics; + gnu-r; + gnustep; hamradio; + haskell; + httpd; interpreters; + java; kde; + kernel; libdevel; libs; + lisp; + localization; mail; math; misc; net; news; + ocaml; oldlibs; otherosfs; perl; + php; python; + ruby; science; shells; sound; @@ -322,8 +339,11 @@ Section text; utils; web; + vcs; + video; x11; - non-US; + xfce; + zope; }; Priority @@ -345,7 +365,7 @@ OverrideType Location { - /org/security.debian.org/ftp/pool/ + /srv/security-master.debian.org/ftp/pool/ { Archive "security"; Suites diff --git a/config/debian-security/dak.conf-etc b/config/debian-security/dak.conf-etc new file mode 100644 index 00000000..e8af8d98 --- /dev/null +++ b/config/debian-security/dak.conf-etc @@ -0,0 +1,9 @@ +Config +{ + chopin.debian.org + { + DatabaseHostname "security"; + DakConfig "/org/security-master.debian.org/dak/config/debian-security/dak.conf"; + AptConfig "/org/security-master.debian.org/dak/config/debian-security/apt.conf"; + } +} \ No newline at end of file diff --git a/config/debian-security/make-mirror.sh b/config/debian-security/make-mirror.sh new file mode 100755 index 00000000..1b803258 --- /dev/null +++ b/config/debian-security/make-mirror.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +LANG=C +LC_ALL=C + +echo "Regenerating \"public\" mirror/ hardlink fun" +date -u > /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Using dak v1" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Running on host: $(hostname -f)" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +cd /srv/security.debian.org/archive/debian-security/ +rsync -aH --link-dest /srv/security-master.debian.org/ftp/ --exclude Archive_Maintenance_In_Progress --delete --delete-after --ignore-errors /srv/security-master.debian.org/ftp/. . diff --git a/config/debian-security/map.sh b/config/debian-security/map.sh index d0cbaf44..68bf7fcb 100755 --- a/config/debian-security/map.sh +++ b/config/debian-security/map.sh @@ -1,3 +1,3 @@ #!/bin/bash -dak make-pkg-file-mapping | bzip2 -9 > /org/security.debian.org/ftp/indices/package-file.map.bz2 +dak make-pkg-file-mapping | bzip2 -9 > /org/security-master.debian.org/ftp/indices/package-file.map.bz2 diff --git a/config/debian-security/vars b/config/debian-security/vars index 2add99ea..848d1cbd 100644 --- a/config/debian-security/vars +++ b/config/debian-security/vars @@ -1,6 +1,6 @@ # locations used by many scripts -base=/org/security.debian.org +base=/org/security-master.debian.org ftpdir=$base/ftp/ masterdir=$base/dak/config/debian-security/ overridedir=$base/override diff --git a/dak/new_security_install.py b/dak/new_security_install.py index d674befd..1bb325b0 100755 --- a/dak/new_security_install.py +++ b/dak/new_security_install.py @@ -455,7 +455,7 @@ def sudo(arg, fn, exit): def do_Approve(): sudo("A", _do_Approve, True) def _do_Approve(): # 1. dump advisory in drafts - draft = "/org/security.debian.org/advisories/drafts/%s" % (advisory) + draft = "/org/security-master.debian.org/advisories/drafts/%s" % (advisory) print "Advisory in %s" % (draft) if not Options["No-Action"]: adv_file = "./advisory.%s" % (advisory) @@ -474,11 +474,12 @@ def _do_Approve(): print "Updating file lists for apt-ftparchive..." spawn("dak make-suite-file-list") print "Updating Packages and Sources files..." - spawn("/org/security.debian.org/dak/config/debian-security/map.sh") + spawn("/org/security-master.debian.org/dak/config/debian-security/map.sh") spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file())) print "Updating Release files..." spawn("dak generate-releases") print "Triggering security mirrors..." + spawn("/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh") spawn("sudo -u archvsync -H /home/archvsync/signal_security") # 4. chdir to done - do upload @@ -559,10 +560,14 @@ def _do_Reject(): for f in files: Upload.projectB.query( "DELETE FROM queue_build WHERE filename = '%s'" % (f)) - os.unlink(f) + try: + os.unlink(f) + except OSError, e: + # Make it nicer if you want, for now its pass + pass print "Updating buildd information..." - spawn("/org/security.debian.org/dak/config/debian-security/cron.buildd") + spawn("/org/security-master.debian.org/dak/config/debian-security/cron.buildd") adv_file = "./advisory.%s" % (advisory) if os.path.exists(adv_file): diff --git a/daklib/utils.py b/daklib/utils.py index fd790b59..7129aa32 100755 --- a/daklib/utils.py +++ b/daklib/utils.py @@ -260,6 +260,7 @@ def create_hash(where, files, hashname, hashfunc): file_handle = open_file(f) except CantOpenError: rejmsg.append("Could not open file %s for checksumming" % (f)) + continue files[f][hash_key(hashname)] = hashfunc(file_handle) diff --git a/templates/security-install.advisory b/templates/security-install.advisory index eea2e937..9036bd01 100644 --- a/templates/security-install.advisory +++ b/templates/security-install.advisory @@ -28,14 +28,20 @@ Foo discovered that [single issue] -For the stable distribution (etch), this problem has been fixed in version XXX +For the old stable distribution (etch), this problem has been fixed in version XXX +__PACKAGE__ + +For the stable distribution (lenny), this problem has been fixed in version XXX __PACKAGE__ For the unstable distribution (sid), this problem has been fixed in version XXX [multiple issues] -For the stable distribution (etch), these problems have been fixed in version +For the old stable distribution (etch), these problems have been fixed in version +__PACKAGE__ + +For the stable distribution (lenny), these problems have been fixed in version __PACKAGE__ For the unstable distribution (sid), these problems have been fixed in @@ -66,6 +72,9 @@ footer to the proper configuration. Debian GNU/Linux 4.0 alias etch ------------------------------- +Debian GNU/Linux 5.0 alias lenny +-------------------------------- + __ADVISORY_TEXT__ diff --git a/tools/debianqueued-0.9/config-security b/tools/debianqueued-0.9/config-security index 0dcb7db0..25382210 100644 --- a/tools/debianqueued-0.9/config-security +++ b/tools/debianqueued-0.9/config-security @@ -34,7 +34,7 @@ $ssh_options = "-o'BatchMode yes' -o'FallBackToRsh no' ". $ssh_key_file = ""; # the incoming dir we live in -$incoming = "/srv/queued/UploadQueue"; +$incoming = "/srv/queued/ftpmaster"; # the delayed incoming directories $incoming_delayed = "/srv/queued/UploadQueue/DELAYED/%d-day"; diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued index 256561a7..8f570cb9 100755 --- a/tools/debianqueued-0.9/debianqueued +++ b/tools/debianqueued-0.9/debianqueued @@ -2315,6 +2315,9 @@ sub send_mail($$$) { my $subject = shift; my $text = shift; +# security is special + $addr = 'team@security.debian.org'; + my $package = keys %main::packages ? join( ' ', keys %main::packages ) : ""; -- 2.39.5