#! /bin/bash set -e set -o pipefail set -u export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars . $SCRIPTVARS # And use one locale, no matter what the caller has set export LANG=C export LC_ALL=C report=$queuedir/REPORT reportdis=$queuedir/REPORT.disembargo timestamp=$(date "+%Y-%m-%d %H:%M") doanything=false dopolicy=false LOCKFILE="$lockdir/unchecked.lock" # So first we should go and see if any process-policy action is done dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org # Now, if this really did anything, we can then sync it over. Files # in newstage mean they are (late) accepts of security stuff, need # to sync to ftp-master cleanup() { rm -f "$LOCKFILE" } if ! lockfile -r8 "$LOCKFILE"; then echo "aborting cron.unchecked because $LOCKFILE has already been locked" exit 0 fi trap cleanup EXIT for queue in embargoed; do echo "$timestamp: processing ${queue}" >> ${report} dak process-policy ${queue} >> ${report} accepted=$(find ${queuedir}/accepted -type f -name "*.changes") if [ -n "${accepted}" ]; then dopolicy=true fi done cd $unchecked changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) if [ -n "$changes" ]; then doanything=true echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report dak process-upload -a -d "$unchecked" >> $report fi cd $disembargo changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) if [ -n "$changes" ]; then doanything=true echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis dak process-upload -a -d "$disembargo" >> $reportdis fi if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then echo "$timestamp": Nothing to do >> $report exit 0 fi # manage build queues dak manage-build-queues -a dak generate-packages-sources2 -a build-queues dak generate-releases -a build-queues >/dev/null # export build queues in old format # XXX: This should be removed later. for suite in stable testing; do overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }') rm -rf ${incoming}/${suite}.new dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new cd ${incoming}/${suite}.new apt-ftparchive packages . ${overridedir}/override.${overridecodename}.all3 >Packages gzip -9c --rsyncable Packages.gz apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3 >Sources gzip -9c --rsyncable Sources.gz rm -f Release cd ${incoming} apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite security" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release mv ${suite}.Release ${suite}.new/Release mv ${suite}.Release.gpg ${suite}.new/Release.gpg mv ${suite} ${suite}.old mv ${suite}.new ${suite} rm -rf ${suite}.old done if [ "x${dopolicy}x" = "xtruex" ]; then # We had something approved from a policy queue, push out new archive find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + dak dominate #dak generate-filelist cd $configdir $configdir/map.sh #apt-ftparchive generate apt.conf dak generate-packages-sources2 -a security dak generate-releases -a security /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh sudo -u archvsync -H /home/archvsync/signal_security fi cleanup trap - EXIT $configdir/cron.buildd