Notify w-b earlier

[dak.git] / config / debian-security / cron.unchecked

diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index bd750d4a022e1eca4df3d7765d1e04821428bc2d..cba7c05ffcedae2270a0535629f81eff5f5708c4 100755 (executable)
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -18,13 +18,9 @@ doanything=false
 dopolicy=false
 LOCKFILE="$lockdir/unchecked.lock"
 
-# So first we should go and see if any process-policy action is done
-dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
-dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
-
-# Now, if this really did anything, we can then sync it over. Files
-# in newstage mean they are (late) accepts of security stuff, need
-# to sync to ftp-master
+last_changed() {
+    psql -qAtc "SELECT MAX(last_changed) FROM suite WHERE archive_id=(SELECT id FROM archive WHERE name='$1')"
+}
 
 cleanup() {
     rm -f "$LOCKFILE"
@@ -36,14 +32,7 @@ if ! lockfile -r8 "$LOCKFILE"; then
 fi
 trap cleanup EXIT
 
-for queue in embargoed; do
-    echo "$timestamp: processing ${queue}" >> ${report}
-    dak process-policy ${queue} >> ${report}
-    accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
-    if [ -n "${accepted}" ]; then
-       dopolicy=true
-    fi
-done
+old_last_changed=$(last_changed security)
 
 cd $unchecked
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
@@ -55,65 +44,63 @@ fi
 
 cd $disembargo
 changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
-
 if [ -n "$changes" ]; then
     doanything=true
     echo "$timestamp": ${changes:-"Nothing to do in disembargo"}  >> $reportdis
     dak process-upload -a -d "$disembargo" >> $reportdis
 fi
 
+for queue in embargoed unembargoed; do
+    echo "$timestamp: processing ${queue}" >> ${report}
+    dak process-policy ${queue} | mail -a "X-Debian: DAK" -e -s "Automatically accepted from ${queue}" -a "From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>" team@security.debian.org
+done
+accepted=$(find ${queuedir}/accepted -type f -name "*.changes")
+if [ -n "${accepted}" ]; then
+    dopolicy=true
+fi
+
+# sync accepted files to ftpmaster
+cd ${base}
+find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+
+# export policy queues
+for queue in embargoed; do
+    cd ${queuedir}/${queue}
+    rm -rf export.new
+    mkdir export.new
+    dak export -q ${queue} -d export.new --all
+    rsync -a --delete export.new/. export/.
+    rm -rf export.new
+    cd ${base}
+done
+
 if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then
     echo "$timestamp": Nothing to do >> $report
     exit 0
 fi
 
+# Update stable-kfreebsd
+dak update-suite stable stable-kfreebsd
+
 # manage build queues
 dak manage-build-queues -a
 dak generate-packages-sources2 -a build-queues
 dak generate-releases -a build-queues >/dev/null
+${scriptsdir}/update-buildd-archive ${base}/build-queues ${incoming}/debian-security-buildd
+$configdir/cron.buildd
 
-# export build queues in old format
-# XXX: This should be removed later.
-for suite in stable testing; do
-    overridecodename=$(dak admin suite show ${suite} | awk '$1 == "OverrideCodename:" { print $2 }')
-    rm -rf ${incoming}/${suite}.new
-    dak export-suite -s buildd-${suite} -d ${incoming}/${suite}.new
-
-    cd ${incoming}/${suite}.new
-    apt-ftparchive packages . ${overridedir}/override.${overridecodename}.all3 >Packages
-    gzip -9c --rsyncable <Packages >Packages.gz
-    apt-ftparchive sources . ${overridedir}/override.${overridecodename}.all3 >Sources
-    gzip -9c --rsyncable <Sources >Sources.gz
-    rm -f Release
-
-    cd ${incoming}
-    apt-ftparchive -qq -o APT::FTPArchive::Release::Origin="Debian" -o APT::FTPArchive::Release::Label="Debian" -o APT::FTPArchive::Release::Description="buildd $suite security" -o APT::FTPArchive::Release::Architectures="$archs" release ${suite}.new >${suite}.Release
-
-    gpg --secret-keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg --keyring /srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg --no-options --batch --no-tty --armour --default-key 473041FA --detach-sign -o ${suite}.Release.gpg ${suite}.Release
-
-    mv ${suite}.Release ${suite}.new/Release
-    mv ${suite}.Release.gpg ${suite}.new/Release.gpg
-
-    mv ${suite} ${suite}.old
-    mv ${suite}.new ${suite}
-    rm -rf ${suite}.old
-done
+new_last_changed=$(last_changed security)
 
-if [ "x${dopolicy}x" = "xtruex" ]; then
+if [[ "${old_last_changed}" != "${new_last_changed}" ]]; then
     # We had something approved from a policy queue, push out new archive
-    find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
     dak dominate
-    #dak generate-filelist
     cd $configdir
     $configdir/map.sh
-    #apt-ftparchive generate apt.conf
     dak generate-packages-sources2 -a security
-    dak generate-releases -a security
-    /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+    dak generate-releases -a security >/dev/null
+    /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh >/dev/null
     sudo -u archvsync -H /home/archvsync/signal_security
 fi
 
 cleanup
 trap - EXIT
-
-$configdir/cron.buildd