X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=config%2Fdebian-security%2Fdak.conf;h=c4a932a0cd1ac23255f5e18756c925e7ae0ad53f;hp=5f09abf2a84c643fa9d7e9dba7976b468a37f127;hb=356f4f93a9d0b29c0878111f7c3eee194f6571e5;hpb=70f6c4de94c2d2e1bb76e165a2f15aaf0184215c

diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index 5f09abf2..c4a932a0 100644
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -1,12 +1,8 @@
 Dinstall
 {
-   GPGKeyring {
-     "/srv/keyring.debian.org/keyrings/debian-keyring.gpg";
-   };
    // was non-us.d.o path before
    SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
    SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
-   SigningKeyIds "55BE302B";
    SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
    MyEmailAddress "Debian FTP Masters <ftpmaster@ftp-master.debian.org>";
    MyAdminAddress "ftpmaster@debian.org";
@@ -14,26 +10,17 @@ Dinstall
    MyDistribution "Debian"; // Used in emails
    BugServer "bugs.debian.org";
    PackagesServer "packages.debian.org";
-   LockFile "/org/security-master.debian.org/dak/lock";
    Bcc "archive@ftp-master.debian.org";
    // GroupOverrideFilename "override.group-maint";
-   FutureTimeTravelGrace 28800; // 8 hours
-   PastCutoffYear "1984";
    SkipTime 300;
    CloseBugs "false";
    OverrideDisparityCheck "false";
    BXANotify "false";
-   QueueBuildSuites
-   {
-     stable;
-     testing;
-   };
-   SecurityQueueHandling "true";     
-   SecurityQueueBuild "true";     
    DefaultSuite "stable";
    SuiteSuffix "updates/";
    OverrideMaintainer "dak@security.debian.org";
    LegacyStableHasNoSections "false";
+   AllowSourceOnlyUploads "true";
 };
 
 Process-New
@@ -42,11 +29,16 @@ Process-New
   LockDir "/srv/security-master.debian.org/lock/new/";
 };
 
+Process-Policy
+{
+  CopyDir "/srv/security-master.debian.org/queue/accepted";
+};
+
 Import-Users-From-Passwd
 {
-  ValidGID "800";
+  ValidGID "Debian";
   // Comma separated list of users who are in Postgres but not the passwd file
-  KnownPostgres "postgres,dak,www-data,udmsearch,repuser";
+  KnownPostgres "postgres,dak,www-data,udmsearch,repuser,debian-backup";
 };
 
 Queue-Report
@@ -60,18 +52,11 @@ Queue-Report
   };
 };
 
-Import-Keyring
-{
-  /srv/keyring.debian.org/keyrings/debian-maintainers.gpg
-    {
-      Debian-Maintainer "true";
-    };
-};
-
 Import-LDAP-Fingerprints
 {
   LDAPDn "ou=users,dc=debian,dc=org";
   LDAPServer "db.debian.org";
+  CACertFile "/etc/ssl/ca-debian/ca-certificates.crt";
   ExtraKeyrings
   {
     "/srv/keyring.debian.org/keyrings/removed-keys.pgp";
@@ -118,118 +103,45 @@ Rm
   LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
 };
 
-Init-Archive
-{
-  ExportDir "/srv/security-master.debian.org/dak/import-archive-files/";
-};
-
 Clean-Suites
 {
-  // How long (in seconds) dead packages are left before being killed
-  StayOfExecution 129600; // 1.5 days
-  QueueBuildStayOfExecution 86400; // 24 hours
   MorgueSubDir "pool";
-  OverrideFilename "override.source-only";
-};
-
-Security-Install
-{
-  ComponentMappings
-  {
-    main "ftp-master.debian.org:/pub/UploadQueue";
-    contrib "ftp-master.debian.org:/pub/UploadQueue";
-    non-free "ftp-master.debian.org:/pub/UploadQueue";
-    non-US/main "non-us.debian.org:/pub/UploadQueue";
-    non-US/contrib "non-us.debian.org:/pub/UploadQueue";
-    non-US/non-free "non-us.debian.org:/pub/UploadQueue";
-  };
-};
-
-Suite
-{
-  // Priority determines which suite is used for the Maintainers file
-  // as generated by 'dak make-maintainers' (highest wins).
-
-  OldStable
-  {
-	Components 
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 5.0 Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "lenny";
-	OverrideCodeName "lenny";
-	CopyDotDak "/srv/security-master.debian.org/queue/done/";
-  };
-
-  Stable
-  {
-	Components
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian 6.0 Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "squeeze";
-	OverrideCodeName "squeeze";
-	CopyDotDak "/srv/security-master.debian.org/queue/done/";
-  };
-
-  Testing
-  {
-	Components
-	{
-	  updates/main;
-	  updates/contrib;
-	  updates/non-free;
-	};
-	Announce "dak@security.debian.org";
-	Version "";
-	Origin "Debian";
-	Label "Debian-Security";
-	Description "Debian testing Security Updates";
-	ValidTime 864000; // 10 days
-	CodeName "wheezy";
-	OverrideCodeName "wheezy";
-	CopyDotDak "/srv/security-master.debian.org/queue/done/";
-  };
 };
 
 SuiteMappings
 {
  "silent-map stable-security stable";
+ "silent-map stable-kfreebsd-security stable-kfreebsd";
  "silent-map oldstable-security oldstable";
- // JT - FIXME, hackorama
- // "silent-map testing-security stable";
-  "silent-map etch-secure oldstable";
-  "silent-map lenny-secure stable";
+ "silent-map oldoldstable-security oldoldstable";
   "silent-map testing-security testing";
-  "silent-map lenny-security oldstable";
-  "silent-map squeeze-security stable";
-  "silent-map wheezy-security testing";
+  "silent-map squeeze-security oldoldstable";
+  "silent-map wheezy-security oldstable";
+  "silent-map jessie-security stable";
+  "silent-map jessie-kfreebsd-security stable-kfreebsd";
+  "silent-map stretch-security testing";
+
+  "reject oldoldstable";
+};
+
+AutomaticByHandPackages
+{
+  "linux-code-sign" {
+    Source "linux";
+    Section "byhand";
+    Extension "tar.xz";
+    Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign";
+  };
 };
 
 Dir
 {
+  Base "/srv/security-master.debian.org/";
   Root "/srv/security-master.debian.org/ftp/";
   Pool "/srv/security-master.debian.org/ftp/pool/";
   Export "/srv/security-master.debian.org/export/";
   Dak "/srv/security-master.debian.org/dak/";
   Templates "/srv/security-master.debian.org/dak/templates/";
-  PoolRoot "pool/";
   Override "/srv/security-master.debian.org/override/";
   Lock "/srv/security-master.debian.org/lock/";
   Cache "/srv/security-master.debian.org/database/";
@@ -237,22 +149,13 @@ Dir
   Log "/srv/security-master.debian.org/dak-log/";
   Morgue "/srv/security-master.debian.org/morgue/";
   Override "/srv/security-master.debian.org/scripts/override/";
-  QueueBuild "/srv/security-master.debian.org/buildd/";
   Upload "/srv/queued/ftpmaster/";
   TempPath "/srv/security-master.debian.org/tmp";
+  Done "/srv/security-master.debian.org/queue/done/";
+  Reject "/srv/security-master.debian.org/queue/reject/";
+
   Queue
   {
-    Byhand "/srv/security-master.debian.org/queue/byhand/";
-    Done "/srv/security-master.debian.org/queue/done/";
-    Holding "/srv/security-master.debian.org/queue/holding/";
-    New "/srv/security-master.debian.org/queue/new/";
-    Reject "/srv/security-master.debian.org/queue/reject/";
-    Unchecked "/srv/security-master.debian.org/queue/unchecked/";
-    Newstage "/srv/security-master.debian.org/queue/newstage/";
-
-    ProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme
-    OldProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme
-
     Embargoed "/srv/security-master.debian.org/queue/embargoed/";
     Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
     Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
@@ -270,159 +173,11 @@ DB
   Unicode "false"
 };
 
-Architectures
-{
-
-  source "Source";
-  all "Architecture Independent";
-  alpha "DEC Alpha";
-  hppa "HP PA RISC";
-  arm "ARM";
-  armel "ARM EABI";
-  i386 "Intel ia32";
-  ia64 "Intel ia64";
-  mips "MIPS (Big Endian)";
-  mipsel "MIPS (Little Endian)";
-  powerpc "PowerPC";
-  s390 "IBM S/390";
-  sparc "Sun SPARC/UltraSPARC";
-  amd64 "AMD x86_64 (AMD64)";
-  kfreebsd-i386 "GNU/kFreeBSD i386";
-  kfreebsd-amd64 "GNU/kFreeBSD amd64";
-
-};
-
-Archive
-{
-
-  security
-  {
-    OriginServer "security.debian.org";
-    PrimaryMirror "security.debian.org";
-    Description "Security Updates for the Debian project";
-  };
-
-};
-
-Component
-{
-
-  updates/main
-  {
-	Description "Main (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/contrib
-  {
-	Description "Contrib (updates)";
-	MeetsDFSG "true";
-  };
-
-  updates/non-free
-  {
-	Description "Software that fails to meet the DFSG";
-	MeetsDFSG "false";
-  };
-
-};
-
 ComponentMappings
 {
  "main updates/main";
  "contrib updates/contrib";
  "non-free updates/non-free";
- "non-US/main updates/main";
- "non-US/contrib updates/contrib";
- "non-US/non-free updates/non-free";
-};
-
-Section
-{
-  admin;
-  cli-mono;
-  comm;
-  database;
-  debian-installer;
-  debug;
-  devel;
-  doc;
-  editors;
-  embedded;
-  electronics;
-  fonts;
-  games;
-  gnome;
-  graphics;
-  gnu-r;
-  gnustep;
-  hamradio;
-  haskell;
-  httpd;
-  interpreters;
-  java;
-  kde;
-  kernel;
-  libdevel;
-  libs;
-  lisp;
-  localization;
-  mail;
-  math;
-  misc;
-  net;
-  news;
-  ocaml;
-  oldlibs;
-  otherosfs;
-  perl;
-  php;
-  python;
-  ruby;
-  science;
-  shells;
-  sound;
-  tex;
-  text;
-  utils;
-  web;
-  vcs;
-  video;
-  x11;
-  xfce;
-  zope;
-};
-
-Priority
-{
-  required 1;
-  important 2;
-  standard 3;
-  optional 4;
-  extra 5;
-  source 0; // i.e. unused
-};
-
-OverrideType
-{
-  deb;
-  udeb;
-  dsc;
-};
-
-Location
-{
-  /srv/security-master.debian.org/ftp/pool/
-    {
-      Archive "security";
-      Suites 
-	{
-	  OldStable;
-	  Stable;
-	  Testing;
-        };
-      Type "pool";
-    };
 };
 
 Urgency
@@ -437,30 +192,3 @@ Urgency
     critical;
   };
 };
-
-Changelogs
-{
-  Export "/srv/security-master.debian.org/export/changelogs";
-}
-
-Generate-Releases
-{
-  MD5Sum
-  {
-    oldstable;
-    stable;
-    testing;
-  };
-  SHA1
-  {
-    oldstable;
-    stable;
-    testing;
-  };
-  SHA256
-  {
-    oldstable;
-    stable;
-    testing;
-  };
-}