X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=config%2Fdebian-security%2Fdak.conf;h=c4a932a0cd1ac23255f5e18756c925e7ae0ad53f;hp=0f77a7f49e61b9286f13890a8932d36d8bda4318;hb=356f4f93a9d0b29c0878111f7c3eee194f6571e5;hpb=125987c8dc985671e5f6cd24bffae35e9acf5aea

diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index 0f77a7f4..c4a932a0 100644
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -1,61 +1,85 @@
 Dinstall
 {
-   GPGKeyring {
-     "/org/keyring.debian.org/keyrings/debian-keyring.gpg";
-   };
-   SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg";
-   SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
-   SigningKeyIds "55BE302B";
+   // was non-us.d.o path before
+   SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
+   SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
-   MyEmailAddress "Debian Installer <installer@ftp-master.debian.org>";
+   MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
    MyAdminAddress "ftpmaster@debian.org";
    MyHost "debian.org";  // used for generating user@my_host addresses in e.g. manual_reject()
    MyDistribution "Debian"; // Used in emails
    BugServer "bugs.debian.org";
    PackagesServer "packages.debian.org";
-   LockFile "/org/security.debian.org/dak/lock";
    Bcc "archive@ftp-master.debian.org";
    // GroupOverrideFilename "override.group-maint";
-   FutureTimeTravelGrace 28800; // 8 hours
-   PastCutoffYear "1984";
    SkipTime 300;
    CloseBugs "false";
    OverrideDisparityCheck "false";
    BXANotify "false";
-   QueueBuildSuites
-   {
-     oldstable;
-     stable;
-     testing;
-   };
-   SecurityQueueHandling "true";     
-   SecurityQueueBuild "true";     
    DefaultSuite "stable";
-   SuiteSuffix "updates";
+   SuiteSuffix "updates/";
    OverrideMaintainer "dak@security.debian.org";
    LegacyStableHasNoSections "false";
+   AllowSourceOnlyUploads "true";
 };
 
 Process-New
 {
-  AcceptedLockFile "/org/security.debian.org/lock/unchecked.lock";
+  DinstallLockFile "/srv/security-master.debian.org/lock/processnew.lock";
   LockDir "/srv/security-master.debian.org/lock/new/";
 };
 
+Process-Policy
+{
+  CopyDir "/srv/security-master.debian.org/queue/accepted";
+};
+
 Import-Users-From-Passwd
 {
-  ValidGID "800";
+  ValidGID "Debian";
   // Comma separated list of users who are in Postgres but not the passwd file
-  KnownPostgres "postgres,dak,www-data,udmsearch";
+  KnownPostgres "postgres,dak,www-data,udmsearch,repuser,debian-backup";
 };
 
 Queue-Report
 {
   Directories
   {
-    // byhand;
-    // new;
+    byhand;
+    new;
     unembargoed;
+    embargoed;
+  };
+};
+
+Import-LDAP-Fingerprints
+{
+  LDAPDn "ou=users,dc=debian,dc=org";
+  LDAPServer "db.debian.org";
+  CACertFile "/etc/ssl/ca-debian/ca-certificates.crt";
+  ExtraKeyrings
+  {
+    "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
+    "/srv/keyring.debian.org/keyrings/removed-keys.gpg";
+    "/srv/keyring.debian.org/keyrings/extra-keys.pgp";
+  };
+  KeyServer "wwwkeys.eu.pgp.net";
+};
+
+Check-Overrides
+{
+  OverrideSuites
+  {
+    Stable
+    {
+      Process "0";
+    };
+
+    Testing
+    {
+      Process "0";
+    };
+
   };
 };
 
@@ -76,205 +100,77 @@ Rm
   };
 
   MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
-  LogFile "/org/security.debian.org/dak-log/removals.txt";
-};
-
-Init-Archive
-{
-  ExportDir "/org/security.debian.org/dak/import-archive-files/";
+  LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
 };
 
 Clean-Suites
 {
-  // How long (in seconds) dead packages are left before being killed
-  StayOfExecution 129600; // 1.5 days
-  QueueBuildStayOfExecution 86400; // 24 hours
   MorgueSubDir "pool";
-  OverrideFilename "override.source-only";
-};
-
-Security-Install
-{
-  ComponentMappings
-  {
-    main "ftp-master.debian.org:/pub/UploadQueue";
-    contrib "ftp-master.debian.org:/pub/UploadQueue";
-    non-free "ftp-master.debian.org:/pub/UploadQueue";
-    non-US/main "non-us.debian.org:/pub/UploadQueue";
-    non-US/contrib "non-us.debian.org:/pub/UploadQueue";
-    non-US/non-free "non-us.debian.org:/pub/UploadQueue";
-  };
-};
-
-Suite
-{
-  // Priority determines which suite is used for the Maintainers file
-  // as generated by 'dak make-maintainers' (highest wins).
-
-  OldStable
-  {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 4.0 Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "etch";
-	OverrideCodeName "etch";
-	CopyDotDak "/org/security.debian.org/queue/done/";
-  };
-
-  Stable
-  {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 5.0 Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "lenny";
-	OverrideCodeName "lenny";
-	CopyDotDak "/org/security.debian.org/queue/done/";
-  };
-
-  Testing
-  {
-	Components
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian testing Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "squeeze";
-	OverrideCodeName "squeeze";
-	CopyDotDak "/org/security.debian.org/queue/done/";
-  };
 };
 
 SuiteMappings
 {
  "silent-map stable-security stable";
+ "silent-map stable-kfreebsd-security stable-kfreebsd";
  "silent-map oldstable-security oldstable";
- // JT - FIXME, hackorama
- // "silent-map testing-security stable";
-  "silent-map etch-secure oldstable";
-  "silent-map lenny-secure stable";
+ "silent-map oldoldstable-security oldoldstable";
   "silent-map testing-security testing";
-};
-
-Dir
-{
-  Root "/org/security.debian.org/ftp/";
-  Pool "/org/security.debian.org/ftp/pool/";
-  Dak "/org/security.debian.org/dak/";
-  Templates "/org/security.debian.org/dak/templates/";
-  PoolRoot "pool/";
-  Override "/org/security.debian.org/override/";
-  Lock "/org/security.debian.org/lock/";
-  Lists "/org/security.debian.org/dak-database/dists/";
-  Log "/org/security.debian.org/dak-log/";
-  Morgue "/org/security.debian.org/morgue/";
-  MorgueReject "reject";
-  Override "/org/security.debian.org/scripts/override/";
-  QueueBuild "/org/security.debian.org/buildd/";
-  Upload "/srv/queued/UploadQueue/";
-  Queue
-  {
-    Accepted "/org/security.debian.org/queue/accepted/";
-    Byhand "/org/security.debian.org/queue/byhand/";
-    Done "/org/security.debian.org/queue/done/";
-    Holding "/org/security.debian.org/queue/holding/";
-    New "/org/security.debian.org/queue/new/";
-    Reject "/org/security.debian.org/queue/reject/";
-    Unchecked "/org/security.debian.org/queue/unchecked/";
-    ProposedUpdates "/does/not/exist/"; // XXX fixme
-    OldProposedUpdates "/does/not/exist/"; // XXX fixme
+  "silent-map squeeze-security oldoldstable";
+  "silent-map wheezy-security oldstable";
+  "silent-map jessie-security stable";
+  "silent-map jessie-kfreebsd-security stable-kfreebsd";
+  "silent-map stretch-security testing";
 
-    Embargoed "/org/security.debian.org/queue/embargoed/";
-    Unembargoed "/org/security.debian.org/queue/unembargoed/";
-    Disembargo "/org/security.debian.org/queue/unchecked-disembargo/";
-  };
+  "reject oldoldstable";
 };
 
-DB
+AutomaticByHandPackages
 {
-  Name "obscurity";
-  Host ""; 
-  Port -1;
-
-};
-
-Architectures
-{
-
-  source "Source";
-  all "Architecture Independent";
-  alpha "DEC Alpha";
-  hppa "HP PA RISC";
-  arm "ARM";
-  armel "ARM EABI";
-  i386 "Intel ia32";
-  ia64 "Intel ia64";
-  mips "MIPS (Big Endian)";
-  mipsel "MIPS (Little Endian)";
-  powerpc "PowerPC";
-  s390 "IBM S/390";
-  sparc "Sun SPARC/UltraSPARC";
-  amd64 "AMD x86_64 (AMD64)";
-
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
 };
 
-Archive
+Dir
 {
+  Base "/srv/security-master.debian.org/";
+  Root "/srv/security-master.debian.org/ftp/";
+  Pool "/srv/security-master.debian.org/ftp/pool/";
+  Export "/srv/security-master.debian.org/export/";
+  Dak "/srv/security-master.debian.org/dak/";
+  Templates "/srv/security-master.debian.org/dak/templates/";
+  Override "/srv/security-master.debian.org/override/";
+  Lock "/srv/security-master.debian.org/lock/";
+  Cache "/srv/security-master.debian.org/database/";
+  Lists "/srv/security-master.debian.org/dak-database/dists/";
+  Log "/srv/security-master.debian.org/dak-log/";
+  Morgue "/srv/security-master.debian.org/morgue/";
+  Override "/srv/security-master.debian.org/scripts/override/";
+  Upload "/srv/queued/ftpmaster/";
+  TempPath "/srv/security-master.debian.org/tmp";
+  Done "/srv/security-master.debian.org/queue/done/";
+  Reject "/srv/security-master.debian.org/queue/reject/";
 
-  security
+  Queue
   {
-    OriginServer "security.debian.org";
-    PrimaryMirror "security.debian.org";
-    Description "Security Updates for the Debian project";
+    Embargoed "/srv/security-master.debian.org/queue/embargoed/";
+    Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
+    Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
   };
-
 };
 
-Component
+DB
 {
-
-  updates/main
-  {
-	Description "Main (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/contrib
-  {
-	Description "Contrib (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/non-free
-  {
-	Description "Software that fails to meet the DFSG";
-	MeetsDFSG "false";
-  };
-
+  Service "obscurity";
+  // PoolSize should be at least ThreadCount + 1
+  PoolSize 5;
+  // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize
+  MaxOverflow 13;
+  // should be false for encoding == SQL_ASCII
+  Unicode "false"
 };
 
 ComponentMappings
@@ -282,97 +178,6 @@ ComponentMappings
  "main updates/main";
  "contrib updates/contrib";
  "non-free updates/non-free";
- "non-US/main updates/main";
- "non-US/contrib updates/contrib";
- "non-US/non-free updates/non-free";
-};
-
-Section
-{
-  admin;
-  cli-mono;
-  comm;
-  database;
-  debian-installer;
-  debug;
-  devel;
-  doc;
-  editors;
-  embedded;
-  electronics;
-  fonts;
-  games;
-  gnome;
-  graphics;
-  gnu-r;
-  gnustep;
-  hamradio;
-  haskell;
-  httpd;
-  interpreters;
-  java;
-  kde;
-  kernel;
-  libdevel;
-  libs;
-  lisp;
-  localization;
-  mail;
-  math;
-  misc;
-  net;
-  news;
-  ocaml;
-  oldlibs;
-  otherosfs;
-  perl;
-  php;
-  python;
-  ruby;
-  science;
-  shells;
-  sound;
-  tex;
-  text;
-  utils;
-  web;
-  vcs;
-  video;
-  x11;
-  xfce;
-  zope;
-};
-
-Priority
-{
-  required 1;
-  important 2;
-  standard 3;
-  optional 4;
-  extra 5;
-  source 0; // i.e. unused
-};
-
-OverrideType
-{
-  deb;
-  udeb;
-  dsc;
-};
-
-Location
-{
-  /org/security.debian.org/ftp/pool/
-    {
-      Archive "security";
-      Suites 
-	{
-	  OldStable;
-	  Stable;
-	  Testing;
-        };
-      Type "pool";
-    };
 };
 
 Urgency