--- /dev/null
+# pretend this is in a vhost
+ ServerAdmin team@security.debian.org
+ DocumentRoot /srv/security-master.debian.org/htdocs-security-master
+ ServerName security-master.debian.org
+
+ ErrorLog /var/log/apache2/security-master.debian.org-error.log
+ LogLevel warn
+ CustomLog /var/log/apache2/security-master.debian.org-access.log combined
+
+
+ Alias /debian-security /org/security.debian.org/archive/debian-security/
+ Alias /buildd/ /org/security-master.debian.org/buildd/
+
+ #RewriteEngine on
+ #RewriteRule ^/$ http://www.debian.org/security/
+
+ # New suite aliases
+ Alias /buildd-lenny /srv/security-master.debian.org/buildd/lenny/
+ Alias /buildd-squeeze /srv/security-master.debian.org/buildd/squeeze/
+ Alias /buildd-wheezy /srv/security-master.debian.org/buildd/wheezy/
+
+ # BuildD access list
+ <LocationMatch "^/(buildd|buildd-lenny|buildd-squeeze|buildd-wheezy|debian-security)/">
+ order deny,allow
+ deny from all
+
+ Use DebianBuilddHostList
+
+ # i386
+ # brahms
+ allow from 206.12.19.115
+ allow from 2607:f8f0:610:4000:216:36ff:fe40:3802
+ # murphy
+ allow from 70.103.162.31
+ # biber
+ allow from 194.177.211.204
+ allow from 2001:648:2ffc:deb:214:22ff:feb2:1268
+
+ # amd64
+ # barber
+ allow from 194.177.211.203
+ allow from 2001:648:2ffc:deb:214:22ff:feb2:2370
+
+ # armel
+ # ancina
+ allow from 157.193.39.13
+ # arnold
+ allow from 217.140.96.57
+ # alain
+ allow from 217.140.96.58
+ # alwyn
+ allow from 217.140.96.59
+ # antheil
+ allow from 217.140.96.60
+
+ # alpha
+ # goetz
+ allow from 193.62.202.26
+
+ # samosa
+ allow from 192.25.206.57
+ # spohr
+ allow from 192.25.206.33
+
+ # mipsel
+ # rem
+ allow from 82.195.75.68
+ allow from 2001:41b8:202:deb:202:4cff:fefe:d06
+ # mayer
+ allow from 140.211.166.78
+ allow from 2001:6f8:1173:2:202:4cff:fefe:d06
+
+ # sparc
+ # lebrun
+ allow from 193.198.184.10
+ # schroeder
+ allow from 193.198.184.11
+ # spontini
+ allow from 206.12.19.14
+ allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b
+
+ # mips
+ # corelli
+ allow from 206.12.19.16
+ allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489
+ # lucatelli
+ allow from 206.12.19.15
+ allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141
+ # ball
+ allow from 2001:41b8:202:deb:202:4cff:fefe:d09
+ allow from 82.195.75.70
+
+ # s390
+ allow from 80.245.147.46
+
+ # kfreebsd, i386
+ # finzi
+ allow from 206.12.19.111
+ # field
+ allow from 194.177.211.210
+
+ # kfreebsd, amd64
+ # fasch
+ allow from 194.177.211.201
+ # fano
+ allow from 206.12.19.110
+
+ # ia64
+ # alkman
+ allow from 192.25.206.63
+ # mundy
+ allow from 192.25.206.62
+
+ # powerpc
+ # praetorius
+ allow from 130.239.18.121
+ allow from 2001:6b0:e:2a18:204:acff:fede:459f
+ # poulenc
+ allow from 144.32.168.77
+ # porpora
+ allow from 144.32.168.78
+
+ # Ganneff, test
+ allow from 78.46.40.15
+ allow from 2001:4dd0:ff00:df::2
+ allow from 213.146.108.162
+ allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3
+
+ AuthName "security.debian.org"
+ AuthType Basic
+ AuthUserFile /org/security-master.debian.org/apache.htpasswd
+ require valid-user
+
+ # Either good IP address or good user/pass is sufficient
+ satisfy any
+ </LocationMatch>
+
+# end
--- /dev/null
+APT::FTPArchive::Contents on;
+
+Dir
+{
+ ArchiveDir "/srv/debian-r/ftp/";
+ OverrideDir "/srv/debian-r/scripts/override/";
+ CacheDir "/srv/debian-r/dak-database/";
+};
+
+Default
+{
+ Packages::Compress "gzip bzip2";
+ Sources::Compress "gzip bzip2";
+ Contents::Compress "gzip";
+ DeLinkLimit 0;
+ MaxContentsChange 25000;
+ FileMode 0664;
+}
+
+tree "dists/stable"
+{
+ FileList "/srv/debian-r/dak-database/dists/stable/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/debian-r/dak-database/dists/stable/$(SECTION)_source.list";
+ Sections "main";
+ Architectures "i386 amd64 powerpc source";
+ BinOverride "override.squeeze.$(SECTION)";
+ ExtraOverride "override.squeeze.extra.$(SECTION)";
+ SrcOverride "override.squeeze.$(SECTION).src";
+ Contents " ";
+ Packages::Compress "gzip bzip2";
+ Sources::Compress "gzip bzip2";
+};
+
+tree "dists/testing"
+{
+ FileList "/srv/debian-r/dak-database/dists/testing/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/debian-r/dak-database/dists/testing/$(SECTION)_source.list";
+ Sections "main"
+ Architectures "i386 amd64 powerpc source";
+ BinOverride "override.wheezy.$(SECTION)";
+ ExtraOverride "override.wheezy.extra.$(SECTION)";
+ SrcOverride "override.wheezy.$(SECTION).src";
+ Contents " ";
+ Packages::Compress "gzip bzip2";
+ Sources::Compress "gzip bzip2";
+};
+
+tree "dists/unstable"
+{
+ FileList "/srv/debian-r/dak-database/dists/unstable/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/debian-r/dak-database/dists/unstable/$(SECTION)_source.list";
+ Sections "main"
+ Architectures "i386 amd64 powerpc source";
+ BinOverride "override.sid.$(SECTION)";
+ ExtraOverride "override.sid.extra.$(SECTION)";
+ SrcOverride "override.sid.$(SECTION).src";
+ Contents " ";
+ Packages::Compress "gzip bzip2";
+ Sources::Compress "gzip bzip2";
+};
--- /dev/null
+#! /bin/bash
+#
+# Executed after cron.unchecked
+
+set -e
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+SSH_SOCKET=~/.ssh/buildd.debian.org.socket
+DISTS=$(dak admin s list)
+
+if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then
+ exit 0
+fi
+
+dists=
+now=$(date +%s)
+check=$(( now - 3*60 ))
+
+for dist in $DISTS; do
+ smodtime=$(stat -c "%Y" $base/buildd/$dist/Sources.gz)
+ pmodtime=$(stat -c "%Y" $base/buildd/$dist/Packages.gz)
+
+ if [ ${smodtime} -gt ${check} ] || [ ${pmodtime} -gt ${check} ]; then
+ # Packages/Sources changed in the last minutes
+ dists="${dists} ${dist}"
+ else
+ continue
+ fi
+done
+
+if [ ! -z "${dists}" ]; then
+ # setup ssh master process
+ ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null &
+ SSH_PID=$!
+ while [ ! -S $SSH_SOCKET ]; do
+ sleep 1
+ done
+ trap 'kill -TERM $SSH_PID' 0
+ for d in ${dists}; do
+ case ${d} in
+ oldstable)
+ send=lenny
+ ;;
+ stable)
+ send=squeeze
+ ;;
+ testing)
+ send=wheezy
+ ;;
+ *)
+ send=unknown
+ ;;
+ esac
+
+ ssh wbadm@buildd -S $SSH_SOCKET trigger.security $send
+ done
+fi
--- /dev/null
+#!/bin/bash
+#
+# Executed daily via cron, out of dak's crontab.
+
+set -e
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+
+################################################################################
+
+# Fix overrides
+
+rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir
+
+cd $overridedir
+for file in override*.gz; do
+ zcat $file > $(basename $file .gz)
+done
+find . -maxdepth 1 -mindepth 1 -type l | xargs --no-run-if-empty rm
+
+for suite in $suites; do
+ case $suite in
+ oldstable) override_suite=lenny;;
+ stable) override_suite=squeeze;;
+ testing) override_suite=wheezy;;
+ *) echo "Unknown suite type ($suite)"; exit 1;;
+ esac
+ for component in $components; do
+ for override_type in $override_types; do
+ case $override_type in
+ deb) type="" ;;
+ dsc) type=".src" ;;
+ udeb) type=".debian-installer" ;;
+ esac
+
+ if [ "$override_type" = "udeb" ]; then
+ if [ ! "$component" = "main" ]; then
+ continue
+ fi
+ fi
+
+ OFILE="override.$override_suite.$component$type.gz"
+ if [ -r "$OFILE" ]; then
+ zcat "$OFILE" | dak control-overrides -q -a -t $override_type -s $suite -c updates/$component
+ fi
+ done
+ done
+done
+
+# Generate .all3 overides for the buildd support
+for dist in lenny squeeze wheezy; do
+ rm -f override.$dist.all3
+ components="main contrib non-free";
+ if [ -f override.$dist.main.debian-installer.gz ]; then
+ components="$components main.debian-installer"
+ fi
+ for component in $components; do
+ zcat override.$dist.$component.gz >> override.$dist.all3
+ if [ -e "override.$dist.$component.src.gz" ]; then
+ zcat override.$dist.$component.src.gz >> override.$dist.all3.src
+ fi
+ done
+done
+
+################################################################################
+
+cd $configdir
+dak import-keyring -L /srv/keyring.debian.org/keyrings/debian-keyring.gpg
+dak clean-queues
+dak clean-queues -i $disembargo
+dak clean-suites
+
+symlinks -d -r $ftpdir
+
+pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S)
+find -maxdepth 1 -mindepth 1 -type f -name 'dump_*' \! -name '*.bz2' \! -name '*.gz' -mmin +720 |
+while read dumpname; do
+ bzip2 -9fv "$dumpname"
+done
+
+#apt-ftparchive -q clean apt.conf
+#apt-ftparchive -q clean apt.conf.buildd
+
+################################################################################
--- /dev/null
+#! /bin/bash
+#
+# Executed hourly via cron, out of dak's crontab.
+
+set -e
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+
+dak import-users-from-passwd
+# dak queue-report -n > $webdir/new.html
+# dak queue-report -8 -d new,byhand,proposedupdates,oldproposedupdates -r $webdir/stat
+# dak show-deferred -r $webdir/stat > ${webdir}/deferred.html
+# dak graph -n new,byhand,proposedupdates,oldproposedupdates,deferred -r $webdir/stat -i $webdir/stat -x $scriptsdir/rrd-release-freeze-dates
+# dak show-new > /dev/null
+
+# cd $webdir
+# cat removals-20*.txt > removals-full.txt
+# cat removals.txt >> removals-full.txt
+# cat removals-20*.822 > removals-full.822
+# cat removals.822 >> removals-full.822
+
+#$base/dak/tools/queue_rss.py -q $queuedir/new -o $webdir/rss/ -d $base/misc -l $base/log/
+#$base/dak/tools/removals.pl $configdir/removalsrss.rc > $webdir/removals.rss
+
+#$scriptsdir/generate-di
+
+# do the buildd key updates
+BUILDDFUN=$(mktemp -p "${TMPDIR}" BUILDDFUN.XXXXXX)
+exec >> "${BUILDDFUN}" 2>&1
+#${scriptsdir}/buildd-remove-keys
+#${scriptsdir}/buildd-add-keys
+#${scriptsdir}/buildd-prepare-dir
+for keyring in $(dak admin k list-binary); do
+ dak import-keyring --generate-users "%s" ${keyring}
+done
+exec >>/dev/null 2>&1
+
+DATE=$(date -Is)
+cat "${BUILDDFUN}" | mail -a "X-Debian: DAK" -e -s "[$(hostname -s)] Buildd key changes ${DATE}" buildd-keys@ftp-master.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
+
+rm -f "${BUILDDFUN}"
--- /dev/null
+#! /bin/bash
+
+set -e
+set -u
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
+
+report=$queuedir/REPORT
+reportdis=$queuedir/REPORT.disembargo
+timestamp=$(date "+%Y-%m-%d %H:%M")
+doanything=false
+dopolicy=false
+
+# So first we should go and see if any process-policy action is done
+dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
+dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org
+
+# Now, if this really did anything, we can then sync it over. Files
+# in newstage mean they are (late) accepts of security stuff, need
+# to sync to ftp-master
+
+cd $newstage
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+ dopolicy=true
+ echo "$timestamp": ${changes:-"Nothing to do in newstage"} >> $report
+ rsync -a -q $newstage/. /srv/queued/ftpmaster/.
+ dak process-upload -a -d "$newstage" >> $report
+fi
+
+cd $unchecked
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+if [ -n "$changes" ]; then
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report
+ dak process-upload -a -d "$unchecked" >> $report
+fi
+
+cd $disembargo
+changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs)
+
+if [ -n "$changes" ]; then
+ doanything=true
+ echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis
+ dak process-upload -a -d "$disembargo" >> $reportdis
+fi
+
+if ! $doanything; then
+ echo "$timestamp": Nothing to do >> $report
+ exit 0
+fi
+
+dak manage-build-queues -a
+
+if [ "x${dopolicy}x" = "xtruex" ]; then
+ # We had something approved from a policy queue, push out new archive
+ dak dominate
+ dak generate-filelist
+ cd $configdir
+ $configdir/map.sh
+ apt-ftparchive generate apt.conf
+ dak generate-releases
+ /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+ sudo -u archvsync -H /home/archvsync/signal_security
+fi
+
+$configdir/cron.buildd
--- /dev/null
+#!/bin/bash
+#
+# Executed weekly via cron, out of dak's crontab.
+
+set -e
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+
+################################################################################
+
+# Weekly generation of release files, then pushing mirrors.
+# Used as we have a "Valid-until" field in our release files of 10 days. In case
+# we dont have a security update in that time...
+cd $configdir
+dak generate-releases
+/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh
+sudo -u archvsync -H /home/archvsync/signal_security
+
+
+################################################################################
--- /dev/null
+Dinstall
+{
+ // was non-us.d.o path before
+ Options::No-Mail "true";
+ SigningKeyring "/srv/debian-r/s3kr1t/dot-gnupg/secring.gpg";
+ SigningPubKeyring "/srv/debian-r/s3kr1t/dot-gnupg/pubring.gpg";
+ SigningKeyIds "55BE302B";
+ SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
+ MyEmailAddress "Don Armstrong <don+crandak@donarmstrong.com>";
+ MyAdminAddress "don+crandak@donarmstrong.com";
+ MyHost "donarmstrong.com"; // used for generating user@my_host addresses in e.g. manual_reject()
+ MyDistribution "Debian-r"; // Used in emails
+ // BugServer "bugs-debian-r";
+ // PackagesServer "packages-debian-r";
+ // Bcc "don+cran-archive@donarmstrong.com";
+ // GroupOverrideFilename "override.group-maint";
+ FutureTimeTravelGrace 28800; // 8 hours
+ PastCutoffYear "1984";
+ SkipTime 300;
+ CloseBugs "false";
+ OverrideDisparityCheck "false";
+ BXANotify "false";
+ DefaultSuite "stable";
+ SuiteSuffix "updates/";
+ OverrideMaintainer "don+crandak@donarmstrong.com";
+ LegacyStableHasNoSections "false";
+ AllowSourceOnlyUploads "true";
+};
+
+Process-New
+{
+ DinstallLockFile "/srv/debian-r/lock/processnew.lock";
+ LockDir "/srv/debian-r/lock/new/";
+};
+
+Import-Users-From-Passwd
+{
+ ValidGID "800";
+ // Comma separated list of users who are in Postgres but not the passwd file
+ KnownPostgres "postgres,dak,www-data,udmsearch,repuser";
+};
+
+Queue-Report
+{
+ Directories
+ {
+ byhand;
+ new;
+ unembargoed;
+ embargoed;
+ };
+};
+
+Import-LDAP-Fingerprints
+{
+// LDAPDn "ou=users,dc=debian,dc=org";
+// LDAPServer "db.debian.org";
+ ExtraKeyrings
+ {
+ "/srv/debian-r/keyrings/removed-keys.gpg";
+ "/srv/debian-r/keyrings/extra-keys.gpg";
+ };
+ KeyServer "wwwkeys.eu.pgp.net";
+};
+
+Check-Overrides
+{
+ OverrideSuites
+ {
+ Stable
+ {
+ Process "0";
+ };
+
+ Testing
+ {
+ Process "0";
+ };
+
+ };
+};
+
+Clean-Queues
+{
+ Options
+ {
+ Days 14;
+ };
+ MorgueSubDir "queue";
+};
+
+Rm
+{
+ Options
+ {
+ Suite "unstable";
+ };
+
+ MyEmailAddress "Cran Dak Archive Maintenance <don+crandak@donarmstrong.com>";
+ LogFile "/srv/debian-r/dak-log/removals.txt";
+};
+
+Clean-Suites
+{
+ // How long (in seconds) dead packages are left before being killed
+ StayOfExecution 129600; // 1.5 days
+ MorgueSubDir "pool";
+ OverrideFilename "override.source-only";
+};
+
+Security-Install
+{
+ ComponentMappings
+ {
+ main "ftp-master.debian.org:/pub/UploadQueue";
+ contrib "ftp-master.debian.org:/pub/UploadQueue";
+ non-free "ftp-master.debian.org:/pub/UploadQueue";
+ non-US/main "non-us.debian.org:/pub/UploadQueue";
+ non-US/contrib "non-us.debian.org:/pub/UploadQueue";
+ non-US/non-free "non-us.debian.org:/pub/UploadQueue";
+ };
+};
+
+Suite
+{
+ // Priority determines which suite is used for the Maintainers file
+ // as generated by 'dak make-maintainers' (highest wins).
+
+ Stable
+ {
+ Components
+ {
+ main;
+ };
+ Announce "don+dak@donarmstrong.com";
+ Version "";
+ Origin "Debian-r";
+ Label "Debian-r";
+ Description "Debian R packages for stable from cran and bioc";
+ ValidTime 864000; // 10 days
+ CodeName "squeeze";
+ OverrideCodeName "squeeze";
+ CopyDotDak "/srv/debian-r/queue/done/";
+ };
+
+ Testing
+ {
+ Components
+ {
+ main;
+ };
+ Announce "don+dak@donarmstrong.com";
+ Version "";
+ Origin "Debian-r";
+ Label "Debian-r";
+ Description "Debian R Packages for testing from cran and bioc";
+ ValidTime 864000; // 10 days
+ CodeName "wheezy";
+ OverrideCodeName "wheezy";
+ CopyDotDak "/srv/debian-r/queue/done/";
+ };
+};
+
+SuiteMappings
+{
+ "map squeeze stable";
+ "map wheezy testing";
+};
+
+Dir
+{
+ Root "/srv/debian-r/ftp/";
+ Pool "/srv/debian-r/ftp/pool/";
+ Templates "/srv/debian-r/dak/templates/";
+ Export "/srv/debian-r/export/";
+ Lists "/srv/debian-r/database/dists/";
+ Cache "/srv/debian-r/database/";
+ Log "/srv/debian-r/log/";
+ Lock "/srv/debian-r/lock";
+ Morgue "/srv/debian-r/morgue/";
+ Override "/srv/debian-r/scripts/override/";
+ TempPath "/srv/debian-r/tmp/";
+ BTSVersionTrack "/srv/debian-r/queue/bts_version_track/";
+ Holding "/srv/debian-r/queue/holding/";
+ Done "/srv/debian-r/queue/done/";
+ Reject "/srv/debian-r/queue/reject/";
+// Queue
+// {
+// Unchecked "/srv/debian-r/queue/unchecked/";
+// Byhand "/srv/debian-r/queue/byhand/";
+// New "/srv/debian-r/queue/new/";
+// NewStage "/srv/debian-r/queue/newstage/";
+// Reject "/srv/debian-r/queue/reject/";
+// };
+};
+
+DB
+{
+ Service "debianr";
+ // PoolSize should be at least ThreadCount + 1
+ PoolSize 5;
+ // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize
+ MaxOverflow 13;
+ // should be false for encoding == SQL_ASCII
+ Unicode "false"
+};
+
+Architectures
+{
+
+ source "Source";
+ all "Architecture Independent";
+ i386 "Intel ia32";
+ powerpc "PowerPC";
+ amd64 "AMD x86_64 (AMD64)";
+};
+
+Archive
+{
+ debian-r
+ {
+ OriginServer "security.debian.org";
+ PrimaryMirror "security.debian.org";
+ Description "Security Updates for the Debian project";
+ };
+
+};
+
+ComponentMappings
+{
+ "main main";
+};
+
+Section
+{
+ cran;
+ bioc;
+};
+
+Priority
+{
+ required 1;
+ important 2;
+ standard 3;
+ optional 4;
+ extra 5;
+ source 0; // i.e. unused
+};
+
+Urgency
+{
+ Default "low";
+ Valid
+ {
+ low;
+ medium;
+ high;
+ emergency;
+ critical;
+ };
+};
+
+Contents
+{
+ Header "contents";
+ Root "/srv/debian-r/test/";
+}
+
+Common
+{
+ ThreadCount 4;
+}
+
+Changelogs
+{
+ Export "/srv/debian-r/export/changelogs";
+}
+
+Generate-Releases
+{
+ MD5Sum
+ {
+ stable;
+ testing;
+ unstable;
+ };
+ SHA1
+ {
+ stable;
+ testing;
+ unstable;
+ };
+ SHA256
+ {
+ stable;
+ testing;
+ unstable;
+ };
+}
--- /dev/null
+Config
+{
+ helion.donarmstrong.com
+ {
+ DatabaseHostname "helion";
+ DakConfig "/srv/dak/dak/config/debian-r/dak.conf";
+ AptConfig "/srv/dak/dak/config/debian-r/apt.conf";
+ }
+}
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+
+set -e
+set -u
+set -E
+
+export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars
+. $SCRIPTVARS
+
+# Make sure we start out with a sane umask setting
+umask 022
+
+# And use one locale, no matter what the caller has set
+export LANG=C
+export LC_ALL=C
+
+. "${configdir}/../debian/common"
+
+# extract changelogs and stuff
+function changelogs() {
+ log "Extracting changelogs"
+ dak make-changelog -e
+ mkdir -p ${exportpublic}/changelogs
+ cd ${exportpublic}/changelogs
+ rsync -aHW --delete --delete-after --ignore-errors ${exportdir}/changelogs/. .
+ sudo -H -u archvsync /home/archvsync/runmirrors metasdo > ~dak/runmirrors-metadata.log 2>&1 &
+}
+
+changelogs
--- /dev/null
+#!/bin/bash
+
+set -e
+
+LANG=C
+LC_ALL=C
+
+echo "Regenerating \"public\" mirror/ hardlink fun"
+date -u > /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+echo "Using dak v1" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+echo "Running on host: $(hostname -f)" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+cd /srv/security.debian.org/archive/debian-security/
+rsync -aH --link-dest /srv/security-master.debian.org/ftp/ --exclude Archive_Maintenance_In_Progress --delete --delete-after --ignore-errors /srv/security-master.debian.org/ftp/. .
--- /dev/null
+#!/bin/bash
+
+dak make-pkg-file-mapping | bzip2 -9 > /srv/security-master.debian.org/ftp/indices/package-file.map.bz2
--- /dev/null
+# locations used by many scripts
+
+base=/srv/security-master.debian.org
+public=/srv/security.debian.org
+bindir=$base/bin
+ftpdir=$base/ftp/
+masterdir=$base/dak/
+configdir=$masterdir/config/debian-security/
+webdir=$masterdir/web
+indices=$ftpdir/indices
+archs=$(dak admin a list | tr '\n' ' ')
+
+scriptdir=$base/scripts
+scriptsdir=$masterdir/scripts/debian/
+dbdir=$base/dak-database/
+lockdir=$base/lock
+stagedir=$lockdir/stages
+overridedir=$base/override
+extoverridedir=$scriptdir/external-overrides
+logdir=$base/log/cron/
+
+queuedir=$base/queue/
+unchecked=$queuedir/unchecked/
+newstage=$queuedir/newstage/
+disembargo=$queuedir/unchecked-disembargo/
+done=$queuedir/done/
+
+mirrordir=$base/mirror/
+exportdir=$base/export/
+exportpublic=$public/rsync/export/
+
+uploadhost=ftp-master.debian.org
+uploaddir=/pub/UploadQueue/
+
+ftpgroup=debadmin
+
+components="main non-free contrib"
+suites=$(dak admin s list)
+override_types="deb dsc udeb"
+
+TMPDIR=${base}/tmp
+
+PATH=$masterdir:$PATH
+umask 022
+unset CDPATH
+
+# Set the database variables
+eval $(dak admin config db-shell)
+
+PATH=$masterdir:$PATH
+umask 022
entry = entry.lower()
config_name = "%s::%s" % (tree, entry)
target = config[config_name]
- do_dir(target, config_name)
+ if not target:
+ process_tree(config,config_name)
+ else:
+ do_dir(target, config_name)
def process_morguesubdir(subdir):
"""Create directories for morgue sub directories."""
alternative configuration files with Config::host::DakConfig and
Config::host::AptConfig (where "host" is the fully qualified domain
name of your machine).
-o Create a PostgreSQL database on the host given in dak.conf's DB::Host
- with the name specified in DB::Name.
+o Create a PostgreSQL database on the host given in dak.conf's
+ Config::host::DatabaseHostname with the name specified in
+ DB::Service.
o Run 'dak init-dirs': this will create all directories which are specified in
dak.conf and apt.conf.
o If you have an existing archive: