# Run daily via cron, out of dak's crontab.
set -e
+set -o pipefail
set -u
export SCRIPTVARS=/srv/ftp-master.debian.org/dak/config/debian/vars
. $SCRIPTVARS
################################################################################
TMPFILE=$( mktemp -p ${TMPDIR} )
+TMPCNTB=$( mktemp -p ${TMPDIR} )
function cleanup {
ERRVAL=$?
- rm -f ${TMPFILE}
+ rm -f ${TMPFILE} ${TMPCNTB}
exit ${ERRVAL}
}
trap cleanup SIGHUP SIGINT SIGPIPE SIGTERM EXIT ERR
# log to dinstall's logfile instead of sending email
PROGRAM="cron.daily"
-LOGFILE="$logdir/dinstall.log"
+# Start logging
+NOW=`date "+%Y.%m.%d-%H:%M:%S"`
+LOGFILE="$logdir/daily_${NOW}.log"
exec >> "$LOGFILE" 2>&1
# get the latest list of wnpp bugs and their source packages
-wget -q -O${TMPFILE} http://qa.debian.org/data/bts/wnpp_rm
+wget -q -O${TMPFILE} --ca-directory=/etc/ssl/ca-debian https://qa.debian.org/data/bts/wnpp_rm
chmod go+r ${TMPFILE}
mv ${TMPFILE} /srv/ftp-master.debian.org/scripts/masterfiles/wnpp_rm
+# Push files over to security
+# The key over there should have the following set for the ssh key:
+# command="/usr/bin/xzcat | /usr/bin/psql -1 -c 'DELETE FROM external_files; COPY external_files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) FROM STDIN' obscurity"
+psql -c 'COPY files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) TO STDOUT' projectb | \
+ xz -3 | \
+ ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 \
+ -i ${base}/s3kr1t/push_external_files dak@security-master.debian.org sync
+
# Update wanna-build dump
-echo "Update wanna-build database dump"
+log "Update wanna-build database dump"
$base/dak/scripts/nfu/get-w-b-db
reports
# Generate list of override disparities
dak override-disparity | gzip -9 > ${webdir}/override-disparity.gz
+# Generate stats about the new queue
+dak stats new ${webdir}/NEW-stats.yaml 2> /dev/null
+
+# Generate the contributor data
+# FIXME: In a day or three, when this worked from cron without
+# failure, redirect its output to dev/null. Alternatively until then
+# enrico added a --quiet and we use that.
+log "Submitting data to contributors"
+REQUESTS_CA_BUNDLE=/etc/ssl/ca-debian/ca-certificates.crt dc-tool --mine="${configdir}/contributor.source" --auth-token @"${base}/s3kr1t/contributor.auth" --source ftp.debian.org --json > ${TMPCNTB}
+
+# Post with curl as a workaround for #801506
+# See https://wiki.debian.org/ServicesSSL#curl
+dir=/etc/ssl/ca-debian
+test -d $dir && capath="--capath $dir"
+curl -s $capath https://contributors.debian.org/contributors/post \
+ -F source=ftp.debian.org \
+ -F auth_token="$(cat ${base}/s3kr1t/contributor.auth)" \
+ -F data=@${TMPCNTB} > ${TMPCNTB}.result
+cat ${TMPCNTB}.result
+rm -f ${TMPCNTB}.result
+
+
+${scriptsdir}/link_morgue.sh
+
################################################################################
+
+log "Finally, all is done, compressing logfile"
+exec > /dev/null 2>&1
+
+bzip2 -9 "$LOGFILE"
projects / dak.git / blobdiff