-#! /bin/sh
+#! /bin/bash
set -e
-export SCRIPTVARS=/org/security.debian.org/katie/vars-security
+set -o pipefail
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
-cd $unchecked
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
-changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
report=$queuedir/REPORT
+reportdis=$queuedir/REPORT.disembargo
timestamp=$(date "+%Y-%m-%d %H:%M")
+doanything=false
+dopolicy=false
+LOCKFILE="$lockdir/unchecked.lock"
+
+last_changed() {
+ psql -qAtc "SELECT MAX(last_changed) FROM suite WHERE archive_id=(SELECT id FROM archive WHERE name='$1')"
+}
+
+cleanup() {
+ rm -f "$LOCKFILE"
+}
+
+if ! lockfile -r8 "$LOCKFILE"; then
+ echo "aborting cron.unchecked because $LOCKFILE has already been locked"
+ exit 0
+fi
+trap cleanup EXIT
+
+old_last_changed=$(last_changed security)
+
+cd $unchecked
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report
+ dak process-upload -a -d "$unchecked" >> $report
+fi
+
+cd $disembargo
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis
+ dak process-upload -a -d "$disembargo" >> $reportdis
+fi
+
+for queue in embargoed unembargoed; do
+ echo "$timestamp: processing ${queue}" >> ${report}
+ dak process-policy ${queue} | mail -a "X-Debian: DAK" -e -s "Automatically accepted from ${queue}" -a "From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>" team@security.debian.org
+done
+accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
+if [ -n "${accepted}" ]; then
+ dopolicy=true
+fi
+
+# sync accepted files to ftpmaster
+cd ${base}
+find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+
+# export policy queues
+for queue in embargoed; do
+ cd ${queuedir}/${queue}
+ rm -rf export.new
+ mkdir export.new
+ dak export -q ${queue} -d export.new --all
+ rsync -a --delete export.new/. export/.
+ rm -rf export.new
+ cd ${base}
+done
+
+if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
+ echo "$timestamp": Nothing to do >> $report
+ exit 0
+fi
+
+# Update stable-kfreebsd
+dak update-suite stable stable-kfreebsd
+
+# manage build queues
+dak manage-build-queues -a
+dak generate-packages-sources2 -a build-queues
+dak generate-releases -a build-queues >/dev/null
+${scriptsdir}/update-buildd-archive ${base}/build-queues ${incoming}/debian-security-buildd
+$configdir/cron.buildd
-if [ -z "$changes" ]; then
- echo "$timestamp": Nothing to do >> $report
- exit 0;
-fi;
+new_last_changed=$(last_changed security)
-echo "$timestamp": "$changes" >> $report
-jennifer -a $changes >> $report
-echo "--" >> $report
+if [[ "${old_last_changed}" != "${new_last_changed}" ]]; then
+ # We had something approved from a policy queue, push out new archive
+ dak dominate
+ cd $configdir
+ $configdir/map.sh
+ dak generate-packages-sources2 -a security
+ dak generate-releases -a security >/dev/null
+ /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh >/dev/null
+ sudo -u archvsync -H /home/archvsync/signal_security
+fi
-sh $masterdir/cron.buildd-security
+cleanup
+trap - EXIT
projects / dak.git / blobdiff