X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=config%2Fdebian-security%2Fdak.conf;h=42e400e9c3b95ef5ae08c43ad6f63aff1ae87a8b;hp=e5ef686800ade3e99aa19a0489f302aab235365b;hb=356f4f93a9d0b29c0878111f7c3eee194f6571e5;hpb=59fd5aa2a8be3b76dbc968429c457f096adfa472

diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index e5ef6868..c4a932a0 100644
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -1,317 +1,176 @@
 Dinstall
 {
-   PGPKeyring "/org/keyring.debian.org/keyrings/debian-keyring.pgp";
-   GPGKeyring "/org/keyring.debian.org/keyrings/debian-keyring.gpg";
-   SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg";
-   SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
-   SigningKeyIds "4F368D5D";
+   // was non-us.d.o path before
+   SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
+   SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
-   MyEmailAddress "Debian Installer <installer@ftp-master.debian.org>";
+   MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
    MyAdminAddress "ftpmaster@debian.org";
    MyHost "debian.org";  // used for generating user@my_host addresses in e.g. manual_reject()
    MyDistribution "Debian"; // Used in emails
    BugServer "bugs.debian.org";
    PackagesServer "packages.debian.org";
-   LockFile "/org/security.debian.org/katie/lock";
    Bcc "archive@ftp-master.debian.org";
    // GroupOverrideFilename "override.group-maint";
-   FutureTimeTravelGrace 28800; // 8 hours
-   PastCutoffYear "1984";
    SkipTime 300;
    CloseBugs "false";
    OverrideDisparityCheck "false";
    BXANotify "false";
-   QueueBuildSuites
-   {
-     oldstable;
-     stable;
-     testing;
-   };
-   SecurityQueueHandling "true";     
-   SecurityQueueBuild "true";     
-   DefaultSuite "Testing";
-   SuiteSuffix "updates";
-   OverrideMaintainer "katie@security.debian.org";
-   StableDislocationSupport "false";
+   DefaultSuite "stable";
+   SuiteSuffix "updates/";
+   OverrideMaintainer "dak@security.debian.org";
    LegacyStableHasNoSections "false";
+   AllowSourceOnlyUploads "true";
 };
 
-Julia
+Process-New
 {
-  ValidGID "800";
+  DinstallLockFile "/srv/security-master.debian.org/lock/processnew.lock";
+  LockDir "/srv/security-master.debian.org/lock/new/";
+};
+
+Process-Policy
+{
+  CopyDir "/srv/security-master.debian.org/queue/accepted";
+};
+
+Import-Users-From-Passwd
+{
+  ValidGID "Debian";
   // Comma separated list of users who are in Postgres but not the passwd file
-  KnownPostgres "postgres,katie,www-data,udmsearch";
+  KnownPostgres "postgres,dak,www-data,udmsearch,repuser,debian-backup";
 };
 
-Helena
+Queue-Report
 {
   Directories
   {
     byhand;
     new;
-    accepted;
+    unembargoed;
+    embargoed;
   };
 };
 
-Shania
+Import-LDAP-Fingerprints
 {
-  Options
+  LDAPDn "ou=users,dc=debian,dc=org";
+  LDAPServer "db.debian.org";
+  CACertFile "/etc/ssl/ca-debian/ca-certificates.crt";
+  ExtraKeyrings
   {
-    Days 14;
+    "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
+    "/srv/keyring.debian.org/keyrings/removed-keys.gpg";
+    "/srv/keyring.debian.org/keyrings/extra-keys.pgp";
   };
- MorgueSubDir "shania";
+  KeyServer "wwwkeys.eu.pgp.net";
 };
 
-Melanie
+Check-Overrides
 {
-  Options
+  OverrideSuites
   {
-    Suite "unstable";
-  };
-
-  MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
-  LogFile "/org/security.debian.org/katie-log/removals.txt";
-};
+    Stable
+    {
+      Process "0";
+    };
 
-Neve
-{
-  ExportDir "/org/security.debian.org/katie/neve-files/";
-};
+    Testing
+    {
+      Process "0";
+    };
 
-Rhona
-{
-  // How long (in seconds) dead packages are left before being killed
-  StayOfExecution 129600; // 1.5 days
-  QueueBuildStayOfExecution 86400; // 24 hours
-  MorgueSubDir "rhona";
-  OverrideFilename "override.source-only";
+  };
 };
 
-Amber
+Clean-Queues
 {
-  ComponentMappings
+  Options
   {
-    main "ftp-master.debian.org:/pub/UploadQueue";
-    contrib "ftp-master.debian.org:/pub/UploadQueue";
-    non-free "ftp-master.debian.org:/pub/UploadQueue";
-    non-US/main "non-us.debian.org:/pub/UploadQueue";
-    non-US/contrib "non-us.debian.org:/pub/UploadQueue";
-    non-US/non-free "non-us.debian.org:/pub/UploadQueue";
+    Days 14;
   };
+ MorgueSubDir "queue";
 };
 
-Suite
+Rm
 {
-  // Priority determines which suite is used for the Maintainers file
-  // as generated by charisma (highest wins).
-
-  Oldstable
-  {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Architectures 
-	{
-	  source;  
-	  all;
-	  alpha; 
-	  arm;
-	  hppa;
-	  i386;
-	  ia64;
-	  m68k;
-	  mips;
-	  mipsel;
-	  powerpc;
-	  s390;
-	  sparc;
-	};
-	Announce "katie@security.debian.org";
-	Version "3.0";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 3.0 Security Updates";
-	CodeName "woody";
-	OverrideCodeName "woody";
-	CopyKatie "/org/security.debian.org/queue/done/";
-  };
-
-  Stable
+  Options
   {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Architectures 
-	{
-	  source;  
-	  all;
-	  alpha;
-	  amd64; 
-	  arm;
-	  hppa;
-	  i386;
-	  ia64;
-	  m68k;
-	  mips;
-	  mipsel;
-	  powerpc;
-	  s390;
-	  sparc;
-	};
-	Announce "katie@security.debian.org";
-	Version "3.1";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 3.1 Security Updates";
-	CodeName "sarge";
-	OverrideCodeName "sarge";
-	CopyKatie "/org/security.debian.org/queue/done/";
+    Suite "unstable";
   };
 
-  Testing
-  {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Architectures 
-	{
-	  source;  
-	  all;
-	  amd64; 
-	  alpha; 
-	  arm;
-	  hppa;
-	  i386;
-	  ia64;
-	  m68k;
-	  mips;
-	  mipsel;
-	  powerpc;
-	  s390;
-	  sparc;
-	};
-	Announce "katie@security.debian.org";
-	Version "x.y";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian x.y Security Updates";
-	CodeName "etch";
-	OverrideCodeName "etch";
-	CopyKatie "/org/security.debian.org/queue/done/";
-  };
+  MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
+  LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
+};
 
+Clean-Suites
+{
+  MorgueSubDir "pool";
 };
 
 SuiteMappings
 {
-  "silent-map oldstable-security oldstable";
  "silent-map stable-security stable";
- // JT - FIXME, hackorama
- // "silent-map testing-security stable";
+ "silent-map stable-kfreebsd-security stable-kfreebsd";
+ "silent-map oldstable-security oldstable";
+ "silent-map oldoldstable-security oldoldstable";
   "silent-map testing-security testing";
-};
-
-Dir
-{
-  Root "/org/security.debian.org/ftp/";
-  Pool "/org/security.debian.org/ftp/pool/";
-  Katie "/org/security.debian.org/katie/";
-  Templates "/org/security.debian.org/katie/templates/";
-  PoolRoot "pool/";
-  Override "/org/security.debian.org/override/";
-  Lock "/org/security.debian.org/lock/";
-  Lists "/org/security.debian.org/katie-database/dists/";
-  Log "/org/security.debian.org/katie-log/";
-  Morgue "/org/security.debian.org/morgue/";
-  MorgueReject "reject";
-  Override "/org/security.debian.org/scripts/override/";
-  QueueBuild "/org/security.debian.org/buildd/";
-  Queue
-  {
-    Accepted "/org/security.debian.org/queue/accepted/";
-    Byhand "/org/security.debian.org/queue/byhand/";
-    Done "/org/security.debian.org/queue/done/";
-    Holding "/org/security.debian.org/queue/holding/";
-    New "/org/security.debian.org/queue/new/";
-    Reject "/org/security.debian.org/queue/reject/";
-    Unchecked "/org/security.debian.org/queue/unchecked/";
-
-    Embargoed "/org/security.debian.org/queue/embargoed/";
-    Unembargoed "/org/security.debian.org/queue/unembargoed/";
-    Disembargo "/org/security.debian.org/queue/unchecked-disembargo/";
-  };
-};
-
-DB
-{
-  Name "obscurity";
-  Host ""; 
-  Port -1;
+  "silent-map squeeze-security oldoldstable";
+  "silent-map wheezy-security oldstable";
+  "silent-map jessie-security stable";
+  "silent-map jessie-kfreebsd-security stable-kfreebsd";
+  "silent-map stretch-security testing";
 
+  "reject oldoldstable";
 };
 
-Architectures
+AutomaticByHandPackages
 {
-
-  source "Source";
-  all "Architecture Independent";
-  alpha "DEC Alpha";
-  hppa "HP PA RISC";
-  arm "ARM";
-  i386 "Intel ia32";
-  ia64 "Intel ia64";
-  m68k "Motorola Mc680x0";
-  mips "MIPS (Big Endian)";
-  mipsel "MIPS (Little Endian)";
-  powerpc "PowerPC";
-  s390 "IBM S/390";
-  sparc "Sun SPARC/UltraSPARC";
-  amd64 "AMD x86_64 (AMD64)";
-
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
 };
 
-Archive
+Dir
 {
+  Base "/srv/security-master.debian.org/";
+  Root "/srv/security-master.debian.org/ftp/";
+  Pool "/srv/security-master.debian.org/ftp/pool/";
+  Export "/srv/security-master.debian.org/export/";
+  Dak "/srv/security-master.debian.org/dak/";
+  Templates "/srv/security-master.debian.org/dak/templates/";
+  Override "/srv/security-master.debian.org/override/";
+  Lock "/srv/security-master.debian.org/lock/";
+  Cache "/srv/security-master.debian.org/database/";
+  Lists "/srv/security-master.debian.org/dak-database/dists/";
+  Log "/srv/security-master.debian.org/dak-log/";
+  Morgue "/srv/security-master.debian.org/morgue/";
+  Override "/srv/security-master.debian.org/scripts/override/";
+  Upload "/srv/queued/ftpmaster/";
+  TempPath "/srv/security-master.debian.org/tmp";
+  Done "/srv/security-master.debian.org/queue/done/";
+  Reject "/srv/security-master.debian.org/queue/reject/";
 
-  security
+  Queue
   {
-    OriginServer "security.debian.org";
-    PrimaryMirror "security.debian.org";
-    Description "Security Updates for the Debian project";
+    Embargoed "/srv/security-master.debian.org/queue/embargoed/";
+    Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
+    Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
   };
-
 };
 
-Component
+DB
 {
-
-  updates/main
-  {
-	Description "Main (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/contrib
-  {
-	Description "Contrib (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/non-free
-  {
-	Description "Software that fails to meet the DFSG";
-	MeetsDFSG "false";
-  };
-
+  Service "obscurity";
+  // PoolSize should be at least ThreadCount + 1
+  PoolSize 5;
+  // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize
+  MaxOverflow 13;
+  // should be false for encoding == SQL_ASCII
+  Unicode "false"
 };
 
 ComponentMappings
@@ -319,86 +178,6 @@ ComponentMappings
  "main updates/main";
  "contrib updates/contrib";
  "non-free updates/non-free";
- "non-US/main updates/main";
- "non-US/contrib updates/contrib";
- "non-US/non-free updates/non-free";
-};
-
-Section
-{
-  admin;
-  base;
-  comm;
-  debian-installer;
-  devel;
-  doc;
-  editors;
-  electronics;
-  embedded;
-  games;
-  gnome;
-  graphics;
-  hamradio;
-  interpreters;
-  kde;
-  libdevel;
-  libs;
-  mail;
-  math;
-  misc;
-  net;
-  news;
-  oldlibs;
-  otherosfs;
-  perl;
-  python;
-  science;
-  shells;
-  sound;
-  tex;
-  text;
-  utils;
-  web;
-  x11;
-  non-US;
-};
-
-Priority
-{
-  required 1;
-  important 2;
-  standard 3;
-  optional 4;
-  extra 5;
-  source 0; // i.e. unused
-};
-
-OverrideType
-{
-  deb;
-  udeb;
-  dsc;
-};
-
-Location
-{
-  /org/security.debian.org/ftp/dists/
-    {
-      Archive "security";
-      Type "legacy";
-    };
-
-  /org/security.debian.org/ftp/pool/
-    {
-      Archive "security";
-      Suites 
-	{
-	  Oldstable;
-	  Stable;
-	  Testing;
-        };
-      Type "pool";
-    };
 };
 
 Urgency