X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=config%2Fdebian-security%2Fdak.conf;h=c4a932a0cd1ac23255f5e18756c925e7ae0ad53f;hp=aa729c37675f667200cda973df0337ecd2921b95;hb=356f4f93a9d0b29c0878111f7c3eee194f6571e5;hpb=5229fa5525b627414d96fe11b8f6853d3d58d29e diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf index aa729c37..c4a932a0 100644 --- a/config/debian-security/dak.conf +++ b/config/debian-security/dak.conf @@ -3,7 +3,6 @@ Dinstall // was non-us.d.o path before SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg"; SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg"; - SigningKeyIds "55BE302B"; SendmailCommand "/usr/sbin/sendmail -odq -oi -t"; MyEmailAddress "Debian FTP Masters "; MyAdminAddress "ftpmaster@debian.org"; @@ -13,8 +12,6 @@ Dinstall PackagesServer "packages.debian.org"; Bcc "archive@ftp-master.debian.org"; // GroupOverrideFilename "override.group-maint"; - FutureTimeTravelGrace 28800; // 8 hours - PastCutoffYear "1984"; SkipTime 300; CloseBugs "false"; OverrideDisparityCheck "false"; @@ -32,11 +29,16 @@ Process-New LockDir "/srv/security-master.debian.org/lock/new/"; }; +Process-Policy +{ + CopyDir "/srv/security-master.debian.org/queue/accepted"; +}; + Import-Users-From-Passwd { - ValidGID "800"; + ValidGID "Debian"; // Comma separated list of users who are in Postgres but not the passwd file - KnownPostgres "postgres,dak,www-data,udmsearch,repuser"; + KnownPostgres "postgres,dak,www-data,udmsearch,repuser,debian-backup"; }; Queue-Report @@ -54,6 +56,7 @@ Import-LDAP-Fingerprints { LDAPDn "ou=users,dc=debian,dc=org"; LDAPServer "db.debian.org"; + CACertFile "/etc/ssl/ca-debian/ca-certificates.crt"; ExtraKeyrings { "/srv/keyring.debian.org/keyrings/removed-keys.pgp"; @@ -102,104 +105,38 @@ Rm Clean-Suites { - // How long (in seconds) dead packages are left before being killed - StayOfExecution 129600; // 1.5 days MorgueSubDir "pool"; - OverrideFilename "override.source-only"; -}; - -Security-Install -{ - ComponentMappings - { - main "ftp-master.debian.org:/pub/UploadQueue"; - contrib "ftp-master.debian.org:/pub/UploadQueue"; - non-free "ftp-master.debian.org:/pub/UploadQueue"; - non-US/main "non-us.debian.org:/pub/UploadQueue"; - non-US/contrib "non-us.debian.org:/pub/UploadQueue"; - non-US/non-free "non-us.debian.org:/pub/UploadQueue"; - }; -}; - -Suite -{ - // Priority determines which suite is used for the Maintainers file - // as generated by 'dak make-maintainers' (highest wins). - - OldStable - { - Components - { - updates/main; - updates/contrib; - updates/non-free; - }; - Announce "dak@security.debian.org"; - Version ""; - Origin "Debian"; - Label "Debian-Security"; - Description "Debian 5.0 Security Updates"; - ValidTime 864000; // 10 days - CodeName "lenny"; - OverrideCodeName "lenny"; - CopyDotDak "/srv/security-master.debian.org/queue/done/"; - }; - - Stable - { - Components - { - updates/main; - updates/contrib; - updates/non-free; - }; - Announce "dak@security.debian.org"; - Version ""; - Origin "Debian"; - Label "Debian-Security"; - Description "Debian 6.0 Security Updates"; - ValidTime 864000; // 10 days - CodeName "squeeze"; - OverrideCodeName "squeeze"; - CopyDotDak "/srv/security-master.debian.org/queue/done/"; - }; - - Testing - { - Components - { - updates/main; - updates/contrib; - updates/non-free; - }; - Announce "dak@security.debian.org"; - Version ""; - Origin "Debian"; - Label "Debian-Security"; - Description "Debian testing Security Updates"; - ValidTime 864000; // 10 days - CodeName "wheezy"; - OverrideCodeName "wheezy"; - CopyDotDak "/srv/security-master.debian.org/queue/done/"; - }; }; SuiteMappings { "silent-map stable-security stable"; + "silent-map stable-kfreebsd-security stable-kfreebsd"; "silent-map oldstable-security oldstable"; - // JT - FIXME, hackorama - // "silent-map testing-security stable"; - "silent-map etch-secure oldstable"; - "silent-map lenny-secure stable"; + "silent-map oldoldstable-security oldoldstable"; "silent-map testing-security testing"; - "silent-map lenny-security oldstable"; - "silent-map squeeze-security stable"; - "silent-map wheezy-security testing"; + "silent-map squeeze-security oldoldstable"; + "silent-map wheezy-security oldstable"; + "silent-map jessie-security stable"; + "silent-map jessie-kfreebsd-security stable-kfreebsd"; + "silent-map stretch-security testing"; + + "reject oldoldstable"; +}; + +AutomaticByHandPackages +{ + "linux-code-sign" { + Source "linux"; + Section "byhand"; + Extension "tar.xz"; + Script "/srv/security-master.debian.org/dak/scripts/debian/byhand-code-sign"; + }; }; Dir { + Base "/srv/security-master.debian.org/"; Root "/srv/security-master.debian.org/ftp/"; Pool "/srv/security-master.debian.org/ftp/pool/"; Export "/srv/security-master.debian.org/export/"; @@ -214,20 +151,11 @@ Dir Override "/srv/security-master.debian.org/scripts/override/"; Upload "/srv/queued/ftpmaster/"; TempPath "/srv/security-master.debian.org/tmp"; - Holding "/srv/security-master.debian.org/queue/holding/"; Done "/srv/security-master.debian.org/queue/done/"; Reject "/srv/security-master.debian.org/queue/reject/"; Queue { - Byhand "/srv/security-master.debian.org/queue/byhand/"; - New "/srv/security-master.debian.org/queue/new/"; - Unchecked "/srv/security-master.debian.org/queue/unchecked/"; - Newstage "/srv/security-master.debian.org/queue/newstage/"; - - ProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme - OldProposedUpdates "/srv/security-master.debian.org/does/not/exist/"; // XXX fixme - Embargoed "/srv/security-master.debian.org/queue/embargoed/"; Unembargoed "/srv/security-master.debian.org/queue/unembargoed/"; Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/"; @@ -245,114 +173,11 @@ DB Unicode "false" }; -Architectures -{ - - source "Source"; - all "Architecture Independent"; - alpha "DEC Alpha"; - hppa "HP PA RISC"; - arm "ARM"; - armel "ARM EABI"; - i386 "Intel ia32"; - ia64 "Intel ia64"; - mips "MIPS (Big Endian)"; - mipsel "MIPS (Little Endian)"; - powerpc "PowerPC"; - s390 "IBM S/390"; - sparc "Sun SPARC/UltraSPARC"; - amd64 "AMD x86_64 (AMD64)"; - kfreebsd-i386 "GNU/kFreeBSD i386"; - kfreebsd-amd64 "GNU/kFreeBSD amd64"; - -}; - -Archive -{ - - security - { - OriginServer "security.debian.org"; - PrimaryMirror "security.debian.org"; - Description "Security Updates for the Debian project"; - }; - -}; - ComponentMappings { "main updates/main"; "contrib updates/contrib"; "non-free updates/non-free"; - "non-US/main updates/main"; - "non-US/contrib updates/contrib"; - "non-US/non-free updates/non-free"; -}; - -Section -{ - admin; - cli-mono; - comm; - database; - debian-installer; - debug; - devel; - doc; - editors; - embedded; - electronics; - fonts; - games; - gnome; - graphics; - gnu-r; - gnustep; - hamradio; - haskell; - httpd; - interpreters; - java; - kde; - kernel; - libdevel; - libs; - lisp; - localization; - mail; - math; - misc; - net; - news; - ocaml; - oldlibs; - otherosfs; - perl; - php; - python; - ruby; - science; - shells; - sound; - tex; - text; - utils; - web; - vcs; - video; - x11; - xfce; - zope; -}; - -Priority -{ - required 1; - important 2; - standard 3; - optional 4; - extra 5; - source 0; // i.e. unused }; Urgency @@ -367,30 +192,3 @@ Urgency critical; }; }; - -Changelogs -{ - Export "/srv/security-master.debian.org/export/changelogs"; -} - -Generate-Releases -{ - MD5Sum - { - oldstable; - stable; - testing; - }; - SHA1 - { - oldstable; - stable; - testing; - }; - SHA256 - { - oldstable; - stable; - testing; - }; -}