config/debian-security/dak.conf

   1 Dinstall
   2 {
   3    GPGKeyring {
   4      "/srv/keyring.debian.org/keyrings/debian-keyring.gpg";
   5    };
   6    // was non-us.d.o path before
   7    SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
   8    SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
   9    SigningKeyIds "55BE302B";
  10    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
  11    MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
  12    MyAdminAddress "ftpmaster@debian.org";
  13    MyHost "debian.org";  // used for generating user@my_host addresses in e.g. manual_reject()
  14    MyDistribution "Debian"; // Used in emails
  15    BugServer "bugs.debian.org";
  16    PackagesServer "packages.debian.org";
  17    LockFile "/org/security-master.debian.org/dak/lock";
  18    Bcc "archive@ftp-master.debian.org";
  19    // GroupOverrideFilename "override.group-maint";
  20    FutureTimeTravelGrace 28800; // 8 hours
  21    PastCutoffYear "1984";
  22    SkipTime 300;
  23    CloseBugs "false";
  24    OverrideDisparityCheck "false";
  25    BXANotify "false";
  26    QueueBuildSuites
  27    {
  28      stable;
  29      testing;
  30    };
  31    SecurityQueueHandling "true";
  32    SecurityQueueBuild "true";
  33    DefaultSuite "stable";
  34    SuiteSuffix "updates/";
  35    OverrideMaintainer "dak@security.debian.org";
  36    LegacyStableHasNoSections "false";
  37 };
  38
  39 Process-New
  40 {
  41   DinstallLockFile "/srv/security-master.debian.org/lock/processnew.lock";
  42   LockDir "/srv/security-master.debian.org/lock/new/";
  43 };
  44
  45 Import-Users-From-Passwd
  46 {
  47   ValidGID "800";
  48   // Comma separated list of users who are in Postgres but not the passwd file
  49   KnownPostgres "postgres,dak,www-data,udmsearch";
  50 };
  51
  52 Queue-Report
  53 {
  54   Directories
  55   {
  56     byhand;
  57     new;
  58     unembargoed;
  59     embargoed;
  60   };
  61 };
  62
  63 Import-Keyring
  64 {
  65   /srv/keyring.debian.org/keyrings/debian-maintainers.gpg
  66     {
  67       Debian-Maintainer "true";
  68     };
  69 };
  70
  71 Import-LDAP-Fingerprints
  72 {
  73   LDAPDn "ou=users,dc=debian,dc=org";
  74   LDAPServer "db.debian.org";
  75   ExtraKeyrings
  76   {
  77     "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
  78     "/srv/keyring.debian.org/keyrings/removed-keys.gpg";
  79     "/srv/keyring.debian.org/keyrings/extra-keys.pgp";
  80   };
  81   KeyServer "wwwkeys.eu.pgp.net";
  82 };
  83
  84 Check-Overrides
  85 {
  86   OverrideSuites
  87   {
  88     Stable
  89     {
  90       Process "0";
  91     };
  92
  93     Testing
  94     {
  95       Process "0";
  96     };
  97
  98   };
  99 };
 100
 101 Clean-Queues
 102 {
 103   Options
 104   {
 105     Days 14;
 106   };
 107  MorgueSubDir "queue";
 108 };
 109
 110 Rm
 111 {
 112   Options
 113   {
 114     Suite "unstable";
 115   };
 116
 117   MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
 118   LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
 119 };
 120
 121 Init-Archive
 122 {
 123   ExportDir "/srv/security-master.debian.org/dak/import-archive-files/";
 124 };
 125
 126 Clean-Suites
 127 {
 128   // How long (in seconds) dead packages are left before being killed
 129   StayOfExecution 129600; // 1.5 days
 130   QueueBuildStayOfExecution 86400; // 24 hours
 131   MorgueSubDir "pool";
 132   OverrideFilename "override.source-only";
 133 };
 134
 135 Security-Install
 136 {
 137   ComponentMappings
 138   {
 139     main "ftp-master.debian.org:/pub/UploadQueue";
 140     contrib "ftp-master.debian.org:/pub/UploadQueue";
 141     non-free "ftp-master.debian.org:/pub/UploadQueue";
 142     non-US/main "non-us.debian.org:/pub/UploadQueue";
 143     non-US/contrib "non-us.debian.org:/pub/UploadQueue";
 144     non-US/non-free "non-us.debian.org:/pub/UploadQueue";
 145   };
 146 };
 147
 148 Suite
 149 {
 150   // Priority determines which suite is used for the Maintainers file
 151   // as generated by 'dak make-maintainers' (highest wins).
 152
 153   OldStable
 154   {
 155         Components
 156         {
 157           updates/main;
 158           updates/contrib;
 159           updates/non-free;
 160         };
 161         Announce "dak@security.debian.org";
 162         Version "";
 163         Origin "Debian";
 164         Label "Debian-Security";
 165         Description "Debian 5.0 Security Updates";
 166         ValidTime 864000; // 10 days
 167         CodeName "lenny";
 168         OverrideCodeName "lenny";
 169         CopyDotDak "/srv/security-master.debian.org/queue/done/";
 170   };
 171
 172   Stable
 173   {
 174         Components
 175         {
 176           updates/main;
 177           updates/contrib;
 178           updates/non-free;
 179         };
 180         Announce "dak@security.debian.org";
 181         Version "";
 182         Origin "Debian";
 183         Label "Debian-Security";
 184         Description "Debian 6.0 Security Updates";
 185         ValidTime 864000; // 10 days
 186         CodeName "squeeze";
 187         OverrideCodeName "squeeze";
 188         CopyDotDak "/srv/security-master.debian.org/queue/done/";
 189   };
 190
 191   Testing
 192   {
 193         Components
 194         {
 195           updates/main;
 196           updates/contrib;
 197           updates/non-free;
 198         };
 199         Announce "dak@security.debian.org";
 200         Version "";
 201         Origin "Debian";
 202         Label "Debian-Security";
 203         Description "Debian testing Security Updates";
 204         ValidTime 864000; // 10 days
 205         CodeName "wheezy";
 206         OverrideCodeName "wheezy";
 207         CopyDotDak "/srv/security-master.debian.org/queue/done/";
 208   };
 209 };
 210
 211 SuiteMappings
 212 {
 213  "silent-map stable-security stable";
 214  "silent-map oldstable-security oldstable";
 215  // JT - FIXME, hackorama
 216  // "silent-map testing-security stable";
 217   "silent-map etch-secure oldstable";
 218   "silent-map lenny-secure stable";
 219   "silent-map testing-security testing";
 220   "silent-map lenny-security oldstable";
 221   "silent-map squeeze-security stable";
 222   "silent-map wheezy-security testing";
 223 };
 224
 225 Dir
 226 {
 227   Root "/srv/security-master.debian.org/ftp/";
 228   Pool "/srv/security-master.debian.org/ftp/pool/";
 229   Export "/srv/security-master.debian.org/export/";
 230   Dak "/srv/security-master.debian.org/dak/";
 231   Templates "/srv/security-master.debian.org/dak/templates/";
 232   PoolRoot "pool/";
 233   Override "/srv/security-master.debian.org/override/";
 234   Lock "/srv/security-master.debian.org/lock/";
 235   Cache "/srv/security-master.debian.org/database/";
 236   Lists "/srv/security-master.debian.org/dak-database/dists/";
 237   Log "/srv/security-master.debian.org/dak-log/";
 238   Morgue "/srv/security-master.debian.org/morgue/";
 239   MorgueReject "reject";
 240   Override "/srv/security-master.debian.org/scripts/override/";
 241   QueueBuild "/srv/security-master.debian.org/buildd/";
 242   Upload "/srv/queued/ftpmaster/";
 243   TempPath "/srv/security-master.debian.org/tmp";
 244   Queue
 245   {
 246     Byhand "/srv/security-master.debian.org/queue/byhand/";
 247     Done "/srv/security-master.debian.org/queue/done/";
 248     Holding "/srv/security-master.debian.org/queue/holding/";
 249     New "/srv/security-master.debian.org/queue/new/";
 250     Reject "/srv/security-master.debian.org/queue/reject/";
 251     Unchecked "/srv/security-master.debian.org/queue/unchecked/";
 252     Newstage "/srv/security-master.debian.org/queue/newstage/";
 253
 254     ProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme
 255     OldProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme
 256
 257     Embargoed "/srv/security-master.debian.org/queue/embargoed/";
 258     Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
 259     Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
 260   };
 261 };
 262
 263 DB
 264 {
 265   Service "obscurity";
 266   // PoolSize should be at least ThreadCount + 1
 267   PoolSize 5;
 268   // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize
 269   MaxOverflow 13;
 270   // should be false for encoding == SQL_ASCII
 271   Unicode "false"
 272 };
 273
 274 Architectures
 275 {
 276
 277   source "Source";
 278   all "Architecture Independent";
 279   alpha "DEC Alpha";
 280   hppa "HP PA RISC";
 281   arm "ARM";
 282   armel "ARM EABI";
 283   i386 "Intel ia32";
 284   ia64 "Intel ia64";
 285   mips "MIPS (Big Endian)";
 286   mipsel "MIPS (Little Endian)";
 287   powerpc "PowerPC";
 288   s390 "IBM S/390";
 289   sparc "Sun SPARC/UltraSPARC";
 290   amd64 "AMD x86_64 (AMD64)";
 291   kfreebsd-i386 "GNU/kFreeBSD i386";
 292   kfreebsd-amd64 "GNU/kFreeBSD amd64";
 293
 294 };
 295
 296 Archive
 297 {
 298
 299   security
 300   {
 301     OriginServer "security.debian.org";
 302     PrimaryMirror "security.debian.org";
 303     Description "Security Updates for the Debian project";
 304   };
 305
 306 };
 307
 308 Component
 309 {
 310
 311   updates/main
 312   {
 313         Description "Main (updates)";
 314         MeetsDFSG "true";
 315   };
 316
 317   updates/contrib
 318   {
 319         Description "Contrib (updates)";
 320         MeetsDFSG "true";
 321   };
 322
 323   updates/non-free
 324   {
 325         Description "Software that fails to meet the DFSG";
 326         MeetsDFSG "false";
 327   };
 328
 329 };
 330
 331 ComponentMappings
 332 {
 333  "main updates/main";
 334  "contrib updates/contrib";
 335  "non-free updates/non-free";
 336  "non-US/main updates/main";
 337  "non-US/contrib updates/contrib";
 338  "non-US/non-free updates/non-free";
 339 };
 340
 341 Section
 342 {
 343   admin;
 344   cli-mono;
 345   comm;
 346   database;
 347   debian-installer;
 348   debug;
 349   devel;
 350   doc;
 351   editors;
 352   embedded;
 353   electronics;
 354   fonts;
 355   games;
 356   gnome;
 357   graphics;
 358   gnu-r;
 359   gnustep;
 360   hamradio;
 361   haskell;
 362   httpd;
 363   interpreters;
 364   java;
 365   kde;
 366   kernel;
 367   libdevel;
 368   libs;
 369   lisp;
 370   localization;
 371   mail;
 372   math;
 373   misc;
 374   net;
 375   news;
 376   ocaml;
 377   oldlibs;
 378   otherosfs;
 379   perl;
 380   php;
 381   python;
 382   ruby;
 383   science;
 384   shells;
 385   sound;
 386   tex;
 387   text;
 388   utils;
 389   web;
 390   vcs;
 391   video;
 392   x11;
 393   xfce;
 394   zope;
 395 };
 396
 397 Priority
 398 {
 399   required 1;
 400   important 2;
 401   standard 3;
 402   optional 4;
 403   extra 5;
 404   source 0; // i.e. unused
 405 };
 406
 407 OverrideType
 408 {
 409   deb;
 410   udeb;
 411   dsc;
 412 };
 413
 414 Location
 415 {
 416   /srv/security-master.debian.org/ftp/pool/
 417     {
 418       Archive "security";
 419       Suites
 420         {
 421           OldStable;
 422           Stable;
 423           Testing;
 424         };
 425       Type "pool";
 426     };
 427 };
 428
 429 Urgency
 430 {
 431   Default "low";
 432   Valid
 433   {
 434     low;
 435     medium;
 436     high;
 437     emergency;
 438     critical;
 439   };
 440 };
 441
 442 Changelogs
 443 {
 444   Export "/srv/security-master.debian.org/export/changelogs";
 445 }
 446
 447 Generate-Releases
 448 {
 449   MD5Sum
 450   {
 451     oldstable;
 452     stable;
 453     testing;
 454   };
 455   SHA1
 456   {
 457     oldstable;
 458     stable;
 459     testing;
 460   };
 461   SHA256
 462   {
 463     oldstable;
 464     stable;
 465     testing;
 466   };
 467 }