X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=dak%2Fnew_security_install.py;h=7d4603d5811ebcc21b3dc5b24e9f3a4cb77ba5eb;hp=861c05d215e66a70c0c8b1613297775a759e3d37;hb=17c5cab4eb8d5181ec7a81267a4e2e6b43c0fc65;hpb=20a4e564227ec9aee0da320de81c1b25aa47b5c7 diff --git a/dak/new_security_install.py b/dak/new_security_install.py index 861c05d2..7d4603d5 100755 --- a/dak/new_security_install.py +++ b/dak/new_security_install.py @@ -78,7 +78,7 @@ def spawn(command): def sudo(arg, fn, exit): if Options["Sudo"]: os.spawnl(os.P_WAIT, "/usr/bin/sudo", "/usr/bin/sudo", "-u", "dak", "-H", - "/usr/local/bin/dak", "new-security-install", "-"+arg, "--", advisory) + "/usr/local/bin/dak", "new-security-install", "-"+arg) else: fn() if exit: @@ -86,32 +86,32 @@ def sudo(arg, fn, exit): def do_Approve(): sudo("A", _do_Approve, True) def _do_Approve(): - # 1. use process-policy to go through the COMMENTS dir - spawn("dak process-policy embargo") - spawn("dak process-policy disembargo") - newstage=get_policy_queue('newstage') - - # 2. sync the stuff to ftpmaster - print "Sync stuff for upload to ftpmaster" - spawn("rsync -a -q %s/. /srv/queued/ftpmaster/." % (newstage.path)) - - # 3. Now run process-upload in the newstage dir - print "Now put it into the security archive" - spawn("dak process-upload -a -d %s" % (newstage.path)) - - # 4. Run all the steps that are needed to publish the changed archive - print "Domination" - spawn("dak dominate") - print "Generating filelist for apt-ftparchive" - spawn("dak generate-filelist") - print "Updating Packages and Sources files... This may take a while, be patient" - spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh") - spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file())) - print "Updating Release files..." - spawn("dak generate-releases") - print "Triggering security mirrors..." - spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh") - spawn("sudo -u archvsync -H /home/archvsync/signal_security") + print "Locking unchecked" + lockfile='/srv/security-master.debian.org/lock/unchecked.lock' + spawn("lockfile -r42 {0}".format(lockfile)) + + try: + # 1. Install accepted packages + print "Installing accepted packages into security archive" + for queue in ("embargoed",): + spawn("dak process-policy {0}".format(queue)) + + # 3. Run all the steps that are needed to publish the changed archive + print "Domination" + spawn("dak dominate") + print "Updating Packages and Sources files... This may take a while, be patient" + spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh") + spawn("dak generate-packages-sources2 -a security") + print "Updating Release files..." + spawn("dak generate-releases -a security") + print "Triggering security mirrors... (this may take a while)" + spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh") + spawn("sudo -u archvsync -H /home/archvsync/signal_security") + print "Triggering metadata export for packages.d.o and other consumers" + spawn("/srv/security-master.debian.org/dak/config/debian-security/export.sh") + finally: + os.unlink(lockfile) + print "Lock released." ######################################################################## ######################################################################## @@ -120,20 +120,20 @@ def main(): global Options, Logger, Queue, changes cnf = Config() - Arguments = [('h', "help", "Security::Options::Help"), - ('n', "no-action", "Security::Options::No-Action"), - ('c', 'changesfile', "Security::Options::Changesfile"), - ('s', "sudo", "Security-Install::Options::Sudo"), - ('A', "approve", "Security-Install::Options::Approve") + Arguments = [('h', "Help", "Security::Options::Help"), + ('n', "No-Action", "Security::Options::No-Action"), + ('c', 'Changesfile', "Security::Options::Changesfile"), + ('s', "Sudo", "Security::Options::Sudo"), + ('A', "Approve", "Security::Options::Approve") ] - for i in ["help", "no-action", "changesfile", "sudo", "approve"]: + for i in ["Help", "No-Action", "Changesfile", "Sudo", "Approve"]: if not cnf.has_key("Security::Options::%s" % (i)): cnf["Security::Options::%s" % (i)] = "" - changes_files = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv) + changes_files = apt_pkg.parse_commandline(cnf.Cnf, Arguments, sys.argv) - Options = cnf.SubTree("Security::Options") + Options = cnf.subtree("Security::Options") if Options['Help']: usage() @@ -153,7 +153,7 @@ def main(): Options["Sudo"] = "" if not Options["Sudo"] and not Options["No-Action"]: - Logger = daklog.Logger(cnf.Cnf, "security-install") + Logger = daklog.Logger("security-install") session = DBConn().session() @@ -167,14 +167,27 @@ def main(): # Yes, we could do this inside do_Approve too. But this way we see who exactly # called it (ownership of the file) - dbchange=get_dbchange(os.path.basename(changes[0]), session) - acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, dbchange.version) + + acceptfiles={} + for change in changes: + dbchange=get_dbchange(os.path.basename(change), session) + # strip epoch from version + version=dbchange.version + version=version[(version.find(':')+1):] + acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, version) + acceptfiles[acceptfilename]=1 + + print "Would create %s now and then go on to accept this package, if you allow me to." % (acceptfiles.keys()) if Options["No-Action"]: - print "Would create %s now and then go on to accept this package, but No-Action is set" % (acceptfilename) sys.exit(0) - accept_file = file(acceptfilename, "w") - accept_file.write("OK\n") - accept_file.close() + else: + raw_input("Press Enter to continue") + + for acceptfilename in acceptfiles.keys(): + accept_file = file(acceptfilename, "w") + accept_file.write("OK\n") + accept_file.close() + do_Approve()