#! /bin/bash
#
# Run daily via cron, out of dak's crontab.

set -e
set -o pipefail
set -u
export SCRIPTVARS=/srv/ftp-master.debian.org/dak/config/debian/vars
. $SCRIPTVARS

# common functions are "outsourced"
. "${configdir}/common"

################################################################################

TMPFILE=$( mktemp -p ${TMPDIR} )
TMPCNTB=$( mktemp -p ${TMPDIR} )

function cleanup {
    ERRVAL=$?
    rm -f ${TMPFILE} ${TMPCNTB}
    exit ${ERRVAL}
}
trap cleanup SIGHUP SIGINT SIGPIPE SIGTERM EXIT ERR

# log to dinstall's logfile instead of sending email
PROGRAM="cron.daily"
# Start logging
NOW=`date "+%Y.%m.%d-%H:%M:%S"`
LOGFILE="$logdir/daily_${NOW}.log"
exec >> "$LOGFILE" 2>&1

# get the latest list of wnpp bugs and their source packages
wget -q -O${TMPFILE} --ca-directory=/etc/ssl/ca-debian https://qa.debian.org/data/bts/wnpp_rm
chmod go+r ${TMPFILE}
mv ${TMPFILE} /srv/ftp-master.debian.org/scripts/masterfiles/wnpp_rm

# Push files over to security
# The key over there should have the following set for the ssh key:
#  command="/usr/bin/xzcat | /usr/bin/psql -1 -c 'DELETE FROM external_files; COPY external_files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) FROM STDIN' obscurity"
psql -c 'COPY files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) TO STDOUT' projectb | \
            xz -3 | \
            ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 \
                -i ${base}/s3kr1t/push_external_files dak@security-master.debian.org sync

# Update wanna-build dump
log "Update wanna-build database dump"
$base/dak/scripts/nfu/get-w-b-db

reports

clean_debbugs

# Generate list of override disparities
dak override-disparity | gzip -9 > ${webdir}/override-disparity.gz

# Generate stats about the new queue
dak stats new ${webdir}/NEW-stats.yaml 2> /dev/null

# Generate the contributor data
# FIXME: In a day or three, when this worked from cron without
# failure, redirect its output to dev/null. Alternatively until then
# enrico added a --quiet and we use that.
log "Submitting data to contributors"
REQUESTS_CA_BUNDLE=/etc/ssl/ca-debian/ca-certificates.crt dc-tool --mine="${configdir}/contributor.source" --auth-token @"${base}/s3kr1t/contributor.auth" --source ftp.debian.org --json > ${TMPCNTB}

# Post with curl as a workaround for #801506
# See https://wiki.debian.org/ServicesSSL#curl
dir=/etc/ssl/ca-debian
test -d $dir && capath="--capath $dir"
curl -s $capath https://contributors.debian.org/contributors/post \
    -F source=ftp.debian.org \
    -F auth_token="$(cat ${base}/s3kr1t/contributor.auth)" \
    -F data=@${TMPCNTB} > ${TMPCNTB}.result
cat ${TMPCNTB}.result
rm -f ${TMPCNTB}.result


${scriptsdir}/link_morgue.sh

################################################################################

log "Finally, all is done, compressing logfile"
exec > /dev/null 2>&1

bzip2 -9 "$LOGFILE"