X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=dak%2Fnew_security_install.py;h=7d4603d5811ebcc21b3dc5b24e9f3a4cb77ba5eb;hp=8ef994d460ee66fc06235e1548f2b68bb86fc4c8;hb=026bdb9580e6d18bf504d2f44d46890df5d89f1a;hpb=8e854e7c354125a32e6df81289fea75d97e81298 diff --git a/dak/new_security_install.py b/dak/new_security_install.py index 8ef994d4..7d4603d5 100755 --- a/dak/new_security_install.py +++ b/dak/new_security_install.py @@ -86,32 +86,32 @@ def sudo(arg, fn, exit): def do_Approve(): sudo("A", _do_Approve, True) def _do_Approve(): - # 1. use process-policy to go through the COMMENTS dir - spawn("dak process-policy embargo") - spawn("dak process-policy disembargo") - newstage=get_policy_queue('newstage') - - # 2. sync the stuff to ftpmaster - print "Sync stuff for upload to ftpmaster" - spawn("rsync -a -q %s/. /srv/queued/ftpmaster/." % (newstage.path)) - - # 3. Now run process-upload in the newstage dir - print "Now put it into the security archive" - spawn("dak process-upload -a -d %s" % (newstage.path)) - - # 4. Run all the steps that are needed to publish the changed archive - print "Domination" - spawn("dak dominate") - print "Generating filelist for apt-ftparchive" - spawn("dak generate-filelist") - print "Updating Packages and Sources files... This may take a while, be patient" - spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh") - spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file())) - print "Updating Release files..." - spawn("dak generate-releases") - print "Triggering security mirrors..." - spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh") - spawn("sudo -u archvsync -H /home/archvsync/signal_security") + print "Locking unchecked" + lockfile='/srv/security-master.debian.org/lock/unchecked.lock' + spawn("lockfile -r42 {0}".format(lockfile)) + + try: + # 1. Install accepted packages + print "Installing accepted packages into security archive" + for queue in ("embargoed",): + spawn("dak process-policy {0}".format(queue)) + + # 3. Run all the steps that are needed to publish the changed archive + print "Domination" + spawn("dak dominate") + print "Updating Packages and Sources files... This may take a while, be patient" + spawn("/srv/security-master.debian.org/dak/config/debian-security/map.sh") + spawn("dak generate-packages-sources2 -a security") + print "Updating Release files..." + spawn("dak generate-releases -a security") + print "Triggering security mirrors... (this may take a while)" + spawn("/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh") + spawn("sudo -u archvsync -H /home/archvsync/signal_security") + print "Triggering metadata export for packages.d.o and other consumers" + spawn("/srv/security-master.debian.org/dak/config/debian-security/export.sh") + finally: + os.unlink(lockfile) + print "Lock released." ######################################################################## ######################################################################## @@ -123,17 +123,17 @@ def main(): Arguments = [('h', "Help", "Security::Options::Help"), ('n', "No-Action", "Security::Options::No-Action"), ('c', 'Changesfile', "Security::Options::Changesfile"), - ('s', "Sudo", "Security-Install::Options::Sudo"), - ('A', "Approve", "Security-Install::Options::Approve") + ('s', "Sudo", "Security::Options::Sudo"), + ('A', "Approve", "Security::Options::Approve") ] for i in ["Help", "No-Action", "Changesfile", "Sudo", "Approve"]: if not cnf.has_key("Security::Options::%s" % (i)): cnf["Security::Options::%s" % (i)] = "" - changes_files = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv) + changes_files = apt_pkg.parse_commandline(cnf.Cnf, Arguments, sys.argv) - Options = cnf.SubTree("Security::Options") + Options = cnf.subtree("Security::Options") if Options['Help']: usage() @@ -153,7 +153,7 @@ def main(): Options["Sudo"] = "" if not Options["Sudo"] and not Options["No-Action"]: - Logger = daklog.Logger(cnf.Cnf, "security-install") + Logger = daklog.Logger("security-install") session = DBConn().session() @@ -167,14 +167,27 @@ def main(): # Yes, we could do this inside do_Approve too. But this way we see who exactly # called it (ownership of the file) - dbchange=get_dbchange(os.path.basename(changes[0]), session) - acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, dbchange.version) + + acceptfiles={} + for change in changes: + dbchange=get_dbchange(os.path.basename(change), session) + # strip epoch from version + version=dbchange.version + version=version[(version.find(':')+1):] + acceptfilename="%s/COMMENTS/ACCEPT.%s_%s" % (os.path.dirname(os.path.abspath(changes[0])), dbchange.source, version) + acceptfiles[acceptfilename]=1 + + print "Would create %s now and then go on to accept this package, if you allow me to." % (acceptfiles.keys()) if Options["No-Action"]: - print "Would create %s now and then go on to accept this package, but No-Action is set" % (acceptfilename) sys.exit(0) - accept_file = file(acceptfilename, "w") - accept_file.write("OK\n") - accept_file.close() + else: + raw_input("Press Enter to continue") + + for acceptfilename in acceptfiles.keys(): + accept_file = file(acceptfilename, "w") + accept_file.write("OK\n") + accept_file.close() + do_Approve()