]> git.decadent.org.uk Git - dak.git/blob - config/debian-security/dak.conf
projects / dak.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add (incomplete) configuration for signing code for linux
[dak.git] / config / debian-security / dak.conf
1 Dinstall
2 {
3    // was non-us.d.o path before
4    SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
5    SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
6    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
7    MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
8    MyAdminAddress "ftpmaster@debian.org";
9    MyHost "debian.org";  // used for generating user@my_host addresses in e.g. manual_reject()
10    MyDistribution "Debian"; // Used in emails
11    BugServer "bugs.debian.org";
12    PackagesServer "packages.debian.org";
13    Bcc "archive@ftp-master.debian.org";
14    // GroupOverrideFilename "override.group-maint";
15    SkipTime 300;
16    CloseBugs "false";
17    OverrideDisparityCheck "false";
18    BXANotify "false";
19    DefaultSuite "stable";
20    SuiteSuffix "updates/";
21    OverrideMaintainer "dak@security.debian.org";
22    LegacyStableHasNoSections "false";
23    AllowSourceOnlyUploads "true";
24 };
25
26 Process-New
27 {
28   DinstallLockFile "/srv/security-master.debian.org/lock/processnew.lock";
29   LockDir "/srv/security-master.debian.org/lock/new/";
30 };
31
32 Process-Policy
33 {
34   CopyDir "/srv/security-master.debian.org/queue/accepted";
35 };
36
37 Import-Users-From-Passwd
38 {
39   ValidGID "Debian";
40   // Comma separated list of users who are in Postgres but not the passwd file
41   KnownPostgres "postgres,dak,www-data,udmsearch,repuser,debian-backup";
42 };
43
44 Queue-Report
45 {
46   Directories
47   {
48     byhand;
49     new;
50     unembargoed;
51     embargoed;
52   };
53 };
54
55 Import-LDAP-Fingerprints
56 {
57   LDAPDn "ou=users,dc=debian,dc=org";
58   LDAPServer "db.debian.org";
59   CACertFile "/etc/ssl/ca-debian/ca-certificates.crt";
60   ExtraKeyrings
61   {
62     "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
63     "/srv/keyring.debian.org/keyrings/removed-keys.gpg";
64     "/srv/keyring.debian.org/keyrings/extra-keys.pgp";
65   };
66   KeyServer "wwwkeys.eu.pgp.net";
67 };
68
69 Check-Overrides
70 {
71   OverrideSuites
72   {
73     Stable
74     {
75       Process "0";
76     };
77
78     Testing
79     {
80       Process "0";
81     };
82
83   };
84 };
85
86 Clean-Queues
87 {
88   Options
89   {
90     Days 14;
91   };
92  MorgueSubDir "queue";
93 };
94
95 Rm
96 {
97   Options
98   {
99     Suite "unstable";
100   };
101
102   MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
103   LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
104 };
105
106 Clean-Suites
107 {
108   MorgueSubDir "pool";
109 };
110
111 SuiteMappings
112 {
113  "silent-map stable-security stable";
114  "silent-map stable-kfreebsd-security stable-kfreebsd";
115  "silent-map oldstable-security oldstable";
116  "silent-map oldoldstable-security oldoldstable";
117   "silent-map testing-security testing";
118   "silent-map squeeze-security oldoldstable";
119   "silent-map wheezy-security oldstable";
120   "silent-map jessie-security stable";
121   "silent-map jessie-kfreebsd-security stable-kfreebsd";
122   "silent-map stretch-security testing";
123
124   "reject oldoldstable";
125 };
126
127 AutomaticByHandPackages
128 {
129   "linux-code-sign" {
130     Source "linux";
131     Section "byhand";
132     Extension "tar.xz";
133     Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
134   };
135 };
136
137 Dir
138 {
139   Base "/srv/security-master.debian.org/";
140   Root "/srv/security-master.debian.org/ftp/";
141   Pool "/srv/security-master.debian.org/ftp/pool/";
142   Export "/srv/security-master.debian.org/export/";
143   Dak "/srv/security-master.debian.org/dak/";
144   Templates "/srv/security-master.debian.org/dak/templates/";
145   Override "/srv/security-master.debian.org/override/";
146   Lock "/srv/security-master.debian.org/lock/";
147   Cache "/srv/security-master.debian.org/database/";
148   Lists "/srv/security-master.debian.org/dak-database/dists/";
149   Log "/srv/security-master.debian.org/dak-log/";
150   Morgue "/srv/security-master.debian.org/morgue/";
151   Override "/srv/security-master.debian.org/scripts/override/";
152   Upload "/srv/queued/ftpmaster/";
153   TempPath "/srv/security-master.debian.org/tmp";
154   Done "/srv/security-master.debian.org/queue/done/";
155   Reject "/srv/security-master.debian.org/queue/reject/";
156
157   Queue
158   {
159     Embargoed "/srv/security-master.debian.org/queue/embargoed/";
160     Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
161     Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
162   };
163 };
164
165 DB
166 {
167   Service "obscurity";
168   // PoolSize should be at least ThreadCount + 1
169   PoolSize 5;
170   // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize
171   MaxOverflow 13;
172   // should be false for encoding == SQL_ASCII
173   Unicode "false"
174 };
175
176 ComponentMappings
177 {
178  "main updates/main";
179  "contrib updates/contrib";
180  "non-free updates/non-free";
181 };
182
183 Urgency
184 {
185   Default "low";
186   Valid
187   {
188     low;
189     medium;
190     high;
191     emergency;
192     critical;
193   };
194 };
dak changes to support and test code signing