From: Don Armstrong Date: Wed, 15 Feb 2012 00:06:54 +0000 (-0800) Subject: add debian-r X-Git-Tag: debian-r/squeeze~20 X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=55096630a840843b0ade88c5aa31bb1037c52796;p=dak.git add debian-r --- diff --git a/config/debian-r/apache.conf b/config/debian-r/apache.conf new file mode 100644 index 00000000..d8038cc8 --- /dev/null +++ b/config/debian-r/apache.conf @@ -0,0 +1,138 @@ +# pretend this is in a vhost + ServerAdmin team@security.debian.org + DocumentRoot /srv/security-master.debian.org/htdocs-security-master + ServerName security-master.debian.org + + ErrorLog /var/log/apache2/security-master.debian.org-error.log + LogLevel warn + CustomLog /var/log/apache2/security-master.debian.org-access.log combined + + + Alias /debian-security /org/security.debian.org/archive/debian-security/ + Alias /buildd/ /org/security-master.debian.org/buildd/ + + #RewriteEngine on + #RewriteRule ^/$ http://www.debian.org/security/ + + # New suite aliases + Alias /buildd-lenny /srv/security-master.debian.org/buildd/lenny/ + Alias /buildd-squeeze /srv/security-master.debian.org/buildd/squeeze/ + Alias /buildd-wheezy /srv/security-master.debian.org/buildd/wheezy/ + + # BuildD access list + + order deny,allow + deny from all + + Use DebianBuilddHostList + + # i386 + # brahms + allow from 206.12.19.115 + allow from 2607:f8f0:610:4000:216:36ff:fe40:3802 + # murphy + allow from 70.103.162.31 + # biber + allow from 194.177.211.204 + allow from 2001:648:2ffc:deb:214:22ff:feb2:1268 + + # amd64 + # barber + allow from 194.177.211.203 + allow from 2001:648:2ffc:deb:214:22ff:feb2:2370 + + # armel + # ancina + allow from 157.193.39.13 + # arnold + allow from 217.140.96.57 + # alain + allow from 217.140.96.58 + # alwyn + allow from 217.140.96.59 + # antheil + allow from 217.140.96.60 + + # alpha + # goetz + allow from 193.62.202.26 + + # samosa + allow from 192.25.206.57 + # spohr + allow from 192.25.206.33 + + # mipsel + # rem + allow from 82.195.75.68 + allow from 2001:41b8:202:deb:202:4cff:fefe:d06 + # mayer + allow from 140.211.166.78 + allow from 2001:6f8:1173:2:202:4cff:fefe:d06 + + # sparc + # lebrun + allow from 193.198.184.10 + # schroeder + allow from 193.198.184.11 + # spontini + allow from 206.12.19.14 + allow from 2607:f8f0:610:4000:a00:20ff:fea0:918b + + # mips + # corelli + allow from 206.12.19.16 + allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4489 + # lucatelli + allow from 206.12.19.15 + allow from 2607:f8f0:610:4000:2e0:98ff:fe00:4141 + # ball + allow from 2001:41b8:202:deb:202:4cff:fefe:d09 + allow from 82.195.75.70 + + # s390 + allow from 80.245.147.46 + + # kfreebsd, i386 + # finzi + allow from 206.12.19.111 + # field + allow from 194.177.211.210 + + # kfreebsd, amd64 + # fasch + allow from 194.177.211.201 + # fano + allow from 206.12.19.110 + + # ia64 + # alkman + allow from 192.25.206.63 + # mundy + allow from 192.25.206.62 + + # powerpc + # praetorius + allow from 130.239.18.121 + allow from 2001:6b0:e:2a18:204:acff:fede:459f + # poulenc + allow from 144.32.168.77 + # porpora + allow from 144.32.168.78 + + # Ganneff, test + allow from 78.46.40.15 + allow from 2001:4dd0:ff00:df::2 + allow from 213.146.108.162 + allow from 2a01:198:5d0:0:21c:c0ff:fead:e3a3 + + AuthName "security.debian.org" + AuthType Basic + AuthUserFile /org/security-master.debian.org/apache.htpasswd + require valid-user + + # Either good IP address or good user/pass is sufficient + satisfy any + + +# end diff --git a/config/debian-r/apt.conf b/config/debian-r/apt.conf new file mode 100644 index 00000000..e0d5f434 --- /dev/null +++ b/config/debian-r/apt.conf @@ -0,0 +1,60 @@ +APT::FTPArchive::Contents on; + +Dir +{ + ArchiveDir "/srv/debian-r/ftp/"; + OverrideDir "/srv/debian-r/scripts/override/"; + CacheDir "/srv/debian-r/dak-database/"; +}; + +Default +{ + Packages::Compress "gzip bzip2"; + Sources::Compress "gzip bzip2"; + Contents::Compress "gzip"; + DeLinkLimit 0; + MaxContentsChange 25000; + FileMode 0664; +} + +tree "dists/stable" +{ + FileList "/srv/debian-r/dak-database/dists/stable/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/debian-r/dak-database/dists/stable/$(SECTION)_source.list"; + Sections "main"; + Architectures "i386 amd64 powerpc source"; + BinOverride "override.squeeze.$(SECTION)"; + ExtraOverride "override.squeeze.extra.$(SECTION)"; + SrcOverride "override.squeeze.$(SECTION).src"; + Contents " "; + Packages::Compress "gzip bzip2"; + Sources::Compress "gzip bzip2"; +}; + +tree "dists/testing" +{ + FileList "/srv/debian-r/dak-database/dists/testing/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/debian-r/dak-database/dists/testing/$(SECTION)_source.list"; + Sections "main" + Architectures "i386 amd64 powerpc source"; + BinOverride "override.wheezy.$(SECTION)"; + ExtraOverride "override.wheezy.extra.$(SECTION)"; + SrcOverride "override.wheezy.$(SECTION).src"; + Contents " "; + Packages::Compress "gzip bzip2"; + Sources::Compress "gzip bzip2"; +}; + +tree "dists/unstable" +{ + FileList "/srv/debian-r/dak-database/dists/unstable/$(SECTION)_binary-$(ARCH).list"; + SourceFileList "/srv/debian-r/dak-database/dists/unstable/$(SECTION)_source.list"; + Sections "main" + Architectures "i386 amd64 powerpc source"; + BinOverride "override.sid.$(SECTION)"; + ExtraOverride "override.sid.extra.$(SECTION)"; + SrcOverride "override.sid.$(SECTION).src"; + Contents " "; + Packages::Compress "gzip bzip2"; + Sources::Compress "gzip bzip2"; +}; diff --git a/config/debian-r/cron.buildd b/config/debian-r/cron.buildd new file mode 100755 index 00000000..1b60593d --- /dev/null +++ b/config/debian-r/cron.buildd @@ -0,0 +1,59 @@ +#! /bin/bash +# +# Executed after cron.unchecked + +set -e +set -u + +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS +SSH_SOCKET=~/.ssh/buildd.debian.org.socket +DISTS=$(dak admin s list) + +if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then + exit 0 +fi + +dists= +now=$(date +%s) +check=$(( now - 3*60 )) + +for dist in $DISTS; do + smodtime=$(stat -c "%Y" $base/buildd/$dist/Sources.gz) + pmodtime=$(stat -c "%Y" $base/buildd/$dist/Packages.gz) + + if [ ${smodtime} -gt ${check} ] || [ ${pmodtime} -gt ${check} ]; then + # Packages/Sources changed in the last minutes + dists="${dists} ${dist}" + else + continue + fi +done + +if [ ! -z "${dists}" ]; then + # setup ssh master process + ssh wbadm@buildd -S $SSH_SOCKET -MN 2> /dev/null & + SSH_PID=$! + while [ ! -S $SSH_SOCKET ]; do + sleep 1 + done + trap 'kill -TERM $SSH_PID' 0 + for d in ${dists}; do + case ${d} in + oldstable) + send=lenny + ;; + stable) + send=squeeze + ;; + testing) + send=wheezy + ;; + *) + send=unknown + ;; + esac + + ssh wbadm@buildd -S $SSH_SOCKET trigger.security $send + done +fi diff --git a/config/debian-r/cron.daily b/config/debian-r/cron.daily new file mode 100755 index 00000000..abe3c08a --- /dev/null +++ b/config/debian-r/cron.daily @@ -0,0 +1,84 @@ +#!/bin/bash +# +# Executed daily via cron, out of dak's crontab. + +set -e +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS + +################################################################################ + +# Fix overrides + +rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir + +cd $overridedir +for file in override*.gz; do + zcat $file > $(basename $file .gz) +done +find . -maxdepth 1 -mindepth 1 -type l | xargs --no-run-if-empty rm + +for suite in $suites; do + case $suite in + oldstable) override_suite=lenny;; + stable) override_suite=squeeze;; + testing) override_suite=wheezy;; + *) echo "Unknown suite type ($suite)"; exit 1;; + esac + for component in $components; do + for override_type in $override_types; do + case $override_type in + deb) type="" ;; + dsc) type=".src" ;; + udeb) type=".debian-installer" ;; + esac + + if [ "$override_type" = "udeb" ]; then + if [ ! "$component" = "main" ]; then + continue + fi + fi + + OFILE="override.$override_suite.$component$type.gz" + if [ -r "$OFILE" ]; then + zcat "$OFILE" | dak control-overrides -q -a -t $override_type -s $suite -c updates/$component + fi + done + done +done + +# Generate .all3 overides for the buildd support +for dist in lenny squeeze wheezy; do + rm -f override.$dist.all3 + components="main contrib non-free"; + if [ -f override.$dist.main.debian-installer.gz ]; then + components="$components main.debian-installer" + fi + for component in $components; do + zcat override.$dist.$component.gz >> override.$dist.all3 + if [ -e "override.$dist.$component.src.gz" ]; then + zcat override.$dist.$component.src.gz >> override.$dist.all3.src + fi + done +done + +################################################################################ + +cd $configdir +dak import-keyring -L /srv/keyring.debian.org/keyrings/debian-keyring.gpg +dak clean-queues +dak clean-queues -i $disembargo +dak clean-suites + +symlinks -d -r $ftpdir + +pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S) +find -maxdepth 1 -mindepth 1 -type f -name 'dump_*' \! -name '*.bz2' \! -name '*.gz' -mmin +720 | +while read dumpname; do + bzip2 -9fv "$dumpname" +done + +#apt-ftparchive -q clean apt.conf +#apt-ftparchive -q clean apt.conf.buildd + +################################################################################ diff --git a/config/debian-r/cron.hourly b/config/debian-r/cron.hourly new file mode 100755 index 00000000..ddbf09fc --- /dev/null +++ b/config/debian-r/cron.hourly @@ -0,0 +1,43 @@ +#! /bin/bash +# +# Executed hourly via cron, out of dak's crontab. + +set -e +set -u + +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS + +dak import-users-from-passwd +# dak queue-report -n > $webdir/new.html +# dak queue-report -8 -d new,byhand,proposedupdates,oldproposedupdates -r $webdir/stat +# dak show-deferred -r $webdir/stat > ${webdir}/deferred.html +# dak graph -n new,byhand,proposedupdates,oldproposedupdates,deferred -r $webdir/stat -i $webdir/stat -x $scriptsdir/rrd-release-freeze-dates +# dak show-new > /dev/null + +# cd $webdir +# cat removals-20*.txt > removals-full.txt +# cat removals.txt >> removals-full.txt +# cat removals-20*.822 > removals-full.822 +# cat removals.822 >> removals-full.822 + +#$base/dak/tools/queue_rss.py -q $queuedir/new -o $webdir/rss/ -d $base/misc -l $base/log/ +#$base/dak/tools/removals.pl $configdir/removalsrss.rc > $webdir/removals.rss + +#$scriptsdir/generate-di + +# do the buildd key updates +BUILDDFUN=$(mktemp -p "${TMPDIR}" BUILDDFUN.XXXXXX) +exec >> "${BUILDDFUN}" 2>&1 +#${scriptsdir}/buildd-remove-keys +#${scriptsdir}/buildd-add-keys +#${scriptsdir}/buildd-prepare-dir +for keyring in $(dak admin k list-binary); do + dak import-keyring --generate-users "%s" ${keyring} +done +exec >>/dev/null 2>&1 + +DATE=$(date -Is) +cat "${BUILDDFUN}" | mail -a "X-Debian: DAK" -e -s "[$(hostname -s)] Buildd key changes ${DATE}" buildd-keys@ftp-master.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org + +rm -f "${BUILDDFUN}" diff --git a/config/debian-r/cron.unchecked b/config/debian-r/cron.unchecked new file mode 100755 index 00000000..a1b516ff --- /dev/null +++ b/config/debian-r/cron.unchecked @@ -0,0 +1,72 @@ +#! /bin/bash + +set -e +set -u + +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS + +# And use one locale, no matter what the caller has set +export LANG=C +export LC_ALL=C + +report=$queuedir/REPORT +reportdis=$queuedir/REPORT.disembargo +timestamp=$(date "+%Y-%m-%d %H:%M") +doanything=false +dopolicy=false + +# So first we should go and see if any process-policy action is done +dak process-policy embargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from embargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org +dak process-policy unembargoed | mail -a "X-Debian: DAK" -e -s "Automatically accepted from unembargoed" team@security.debian.org -- -F "Debian FTP Masters" -f ftpmaster@ftp-master.debian.org + +# Now, if this really did anything, we can then sync it over. Files +# in newstage mean they are (late) accepts of security stuff, need +# to sync to ftp-master + +cd $newstage +changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) +if [ -n "$changes" ]; then + dopolicy=true + echo "$timestamp": ${changes:-"Nothing to do in newstage"} >> $report + rsync -a -q $newstage/. /srv/queued/ftpmaster/. + dak process-upload -a -d "$newstage" >> $report +fi + +cd $unchecked +changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) +if [ -n "$changes" ]; then + doanything=true + echo "$timestamp": ${changes:-"Nothing to do in unchecked"} >> $report + dak process-upload -a -d "$unchecked" >> $report +fi + +cd $disembargo +changes=$(find . -maxdepth 1 -mindepth 1 -type f -name \*.changes | sed -e "s,./,," | xargs) + +if [ -n "$changes" ]; then + doanything=true + echo "$timestamp": ${changes:-"Nothing to do in disembargo"} >> $reportdis + dak process-upload -a -d "$disembargo" >> $reportdis +fi + +if ! $doanything; then + echo "$timestamp": Nothing to do >> $report + exit 0 +fi + +dak manage-build-queues -a + +if [ "x${dopolicy}x" = "xtruex" ]; then + # We had something approved from a policy queue, push out new archive + dak dominate + dak generate-filelist + cd $configdir + $configdir/map.sh + apt-ftparchive generate apt.conf + dak generate-releases + /srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh + sudo -u archvsync -H /home/archvsync/signal_security +fi + +$configdir/cron.buildd diff --git a/config/debian-r/cron.weekly b/config/debian-r/cron.weekly new file mode 100755 index 00000000..80a83538 --- /dev/null +++ b/config/debian-r/cron.weekly @@ -0,0 +1,20 @@ +#!/bin/bash +# +# Executed weekly via cron, out of dak's crontab. + +set -e +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS + +################################################################################ + +# Weekly generation of release files, then pushing mirrors. +# Used as we have a "Valid-until" field in our release files of 10 days. In case +# we dont have a security update in that time... +cd $configdir +dak generate-releases +/srv/security-master.debian.org/dak/config/debian-security/make-mirror.sh +sudo -u archvsync -H /home/archvsync/signal_security + + +################################################################################ diff --git a/config/debian-r/dak.conf b/config/debian-r/dak.conf new file mode 100644 index 00000000..96cd03dc --- /dev/null +++ b/config/debian-r/dak.conf @@ -0,0 +1,305 @@ +Dinstall +{ + // was non-us.d.o path before + Options::No-Mail "true"; + SigningKeyring "/srv/debian-r/s3kr1t/dot-gnupg/secring.gpg"; + SigningPubKeyring "/srv/debian-r/s3kr1t/dot-gnupg/pubring.gpg"; + SigningKeyIds "55BE302B"; + SendmailCommand "/usr/sbin/sendmail -odq -oi -t"; + MyEmailAddress "Don Armstrong "; + MyAdminAddress "don+crandak@donarmstrong.com"; + MyHost "donarmstrong.com"; // used for generating user@my_host addresses in e.g. manual_reject() + MyDistribution "Debian-r"; // Used in emails + // BugServer "bugs-debian-r"; + // PackagesServer "packages-debian-r"; + // Bcc "don+cran-archive@donarmstrong.com"; + // GroupOverrideFilename "override.group-maint"; + FutureTimeTravelGrace 28800; // 8 hours + PastCutoffYear "1984"; + SkipTime 300; + CloseBugs "false"; + OverrideDisparityCheck "false"; + BXANotify "false"; + DefaultSuite "stable"; + SuiteSuffix "updates/"; + OverrideMaintainer "don+crandak@donarmstrong.com"; + LegacyStableHasNoSections "false"; + AllowSourceOnlyUploads "true"; +}; + +Process-New +{ + DinstallLockFile "/srv/debian-r/lock/processnew.lock"; + LockDir "/srv/debian-r/lock/new/"; +}; + +Import-Users-From-Passwd +{ + ValidGID "800"; + // Comma separated list of users who are in Postgres but not the passwd file + KnownPostgres "postgres,dak,www-data,udmsearch,repuser"; +}; + +Queue-Report +{ + Directories + { + byhand; + new; + unembargoed; + embargoed; + }; +}; + +Import-LDAP-Fingerprints +{ +// LDAPDn "ou=users,dc=debian,dc=org"; +// LDAPServer "db.debian.org"; + ExtraKeyrings + { + "/srv/debian-r/keyrings/removed-keys.gpg"; + "/srv/debian-r/keyrings/extra-keys.gpg"; + }; + KeyServer "wwwkeys.eu.pgp.net"; +}; + +Check-Overrides +{ + OverrideSuites + { + Stable + { + Process "0"; + }; + + Testing + { + Process "0"; + }; + + }; +}; + +Clean-Queues +{ + Options + { + Days 14; + }; + MorgueSubDir "queue"; +}; + +Rm +{ + Options + { + Suite "unstable"; + }; + + MyEmailAddress "Cran Dak Archive Maintenance "; + LogFile "/srv/debian-r/dak-log/removals.txt"; +}; + +Clean-Suites +{ + // How long (in seconds) dead packages are left before being killed + StayOfExecution 129600; // 1.5 days + MorgueSubDir "pool"; + OverrideFilename "override.source-only"; +}; + +Security-Install +{ + ComponentMappings + { + main "ftp-master.debian.org:/pub/UploadQueue"; + contrib "ftp-master.debian.org:/pub/UploadQueue"; + non-free "ftp-master.debian.org:/pub/UploadQueue"; + non-US/main "non-us.debian.org:/pub/UploadQueue"; + non-US/contrib "non-us.debian.org:/pub/UploadQueue"; + non-US/non-free "non-us.debian.org:/pub/UploadQueue"; + }; +}; + +Suite +{ + // Priority determines which suite is used for the Maintainers file + // as generated by 'dak make-maintainers' (highest wins). + + Stable + { + Components + { + main; + }; + Announce "don+dak@donarmstrong.com"; + Version ""; + Origin "Debian-r"; + Label "Debian-r"; + Description "Debian R packages for stable from cran and bioc"; + ValidTime 864000; // 10 days + CodeName "squeeze"; + OverrideCodeName "squeeze"; + CopyDotDak "/srv/debian-r/queue/done/"; + }; + + Testing + { + Components + { + main; + }; + Announce "don+dak@donarmstrong.com"; + Version ""; + Origin "Debian-r"; + Label "Debian-r"; + Description "Debian R Packages for testing from cran and bioc"; + ValidTime 864000; // 10 days + CodeName "wheezy"; + OverrideCodeName "wheezy"; + CopyDotDak "/srv/debian-r/queue/done/"; + }; +}; + +SuiteMappings +{ + "map squeeze stable"; + "map wheezy testing"; +}; + +Dir +{ + Root "/srv/debian-r/ftp/"; + Pool "/srv/debian-r/ftp/pool/"; + Export "/srv/debian-r/export/"; + Dak "/srv/dak/dak/"; + Templates "/srv/dak/dak/templates/"; + Override "/srv/debian-r/override/"; + Lock "/srv/dak/lock/"; + Cache "/srv/debian-r/database/"; + Log "/srv/debian-r/dak-log/"; + Morgue "/srv/debian-r/morgue/"; + Override "/srv/debian-r/scripts/override/"; + Holding "/srv/debian-r/queue/holding/"; + Done "/srv/debian-r/queue/done/"; + Reject "/srv/debian-r/queue/reject/"; + + Queue + { + Byhand "/srv/debian-r/queue/byhand/"; + New "/srv/debian-r/queue/new/"; + Unchecked "/srv/debian-r/queue/unchecked/"; + Newstage "/srv/debian-r/queue/newstage/"; + + ProposedUpdates "/srv/debian-r/does/not/exist/"; // XXX fixme + OldProposedUpdates "/srv/debian-r/does/not/exist/"; // XXX fixme + + Embargoed "/srv/debian-r/queue/embargoed/"; + Unembargoed "/srv/debian-r/queue/unembargoed/"; + Disembargo "/srv/debian-r/queue/unchecked-disembargo/"; + }; +}; + +DB +{ + Service "debianr"; + // PoolSize should be at least ThreadCount + 1 + PoolSize 5; + // MaxOverflow shouldn't exceed postgresql.conf's max_connections - PoolSize + MaxOverflow 13; + // should be false for encoding == SQL_ASCII + Unicode "false" +}; + +Architectures +{ + + source "Source"; + all "Architecture Independent"; + i386 "Intel ia32"; + powerpc "PowerPC"; + amd64 "AMD x86_64 (AMD64)"; +}; + +Archive +{ + debian-r + { + OriginServer "security.debian.org"; + PrimaryMirror "security.debian.org"; + Description "Security Updates for the Debian project"; + }; + +}; + +ComponentMappings +{ + "main main"; +}; + +Section +{ + cran; + bioc; +}; + +Priority +{ + required 1; + important 2; + standard 3; + optional 4; + extra 5; + source 0; // i.e. unused +}; + +Urgency +{ + Default "low"; + Valid + { + low; + medium; + high; + emergency; + critical; + }; +}; + +Contents +{ + Header "contents"; + Root "/srv/debian-r/test/"; +} + +Common +{ + ThreadCount 4; +} + +Changelogs +{ + Export "/srv/debian-r/export/changelogs"; +} + +Generate-Releases +{ + MD5Sum + { + stable; + testing; + unstable; + }; + SHA1 + { + stable; + testing; + unstable; + }; + SHA256 + { + stable; + testing; + unstable; + }; +} diff --git a/config/debian-r/dak.conf-etc b/config/debian-r/dak.conf-etc new file mode 100644 index 00000000..9870536c --- /dev/null +++ b/config/debian-r/dak.conf-etc @@ -0,0 +1,9 @@ +Config +{ + helion.donarmstrong.com + { + DatabaseHostname "helion"; + DakConfig "/srv/dak/dak/config/debian-r/dak.conf"; + AptConfig "/srv/dak/dak/config/debian-r/apt.conf"; + } +} \ No newline at end of file diff --git a/config/debian-r/export.sh b/config/debian-r/export.sh new file mode 100755 index 00000000..81d5ee08 --- /dev/null +++ b/config/debian-r/export.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +set -e +set -u +set -E + +export SCRIPTVARS=/srv/security-master.debian.org/dak/config/debian-security/vars +. $SCRIPTVARS + +# Make sure we start out with a sane umask setting +umask 022 + +# And use one locale, no matter what the caller has set +export LANG=C +export LC_ALL=C + +. "${configdir}/../debian/common" + +# extract changelogs and stuff +function changelogs() { + log "Extracting changelogs" + dak make-changelog -e + mkdir -p ${exportpublic}/changelogs + cd ${exportpublic}/changelogs + rsync -aHW --delete --delete-after --ignore-errors ${exportdir}/changelogs/. . + sudo -H -u archvsync /home/archvsync/runmirrors metasdo > ~dak/runmirrors-metadata.log 2>&1 & +} + +changelogs diff --git a/config/debian-r/make-mirror.sh b/config/debian-r/make-mirror.sh new file mode 100755 index 00000000..1b803258 --- /dev/null +++ b/config/debian-r/make-mirror.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e + +LANG=C +LC_ALL=C + +echo "Regenerating \"public\" mirror/ hardlink fun" +date -u > /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Using dak v1" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +echo "Running on host: $(hostname -f)" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org +cd /srv/security.debian.org/archive/debian-security/ +rsync -aH --link-dest /srv/security-master.debian.org/ftp/ --exclude Archive_Maintenance_In_Progress --delete --delete-after --ignore-errors /srv/security-master.debian.org/ftp/. . diff --git a/config/debian-r/map.sh b/config/debian-r/map.sh new file mode 100755 index 00000000..06cd5384 --- /dev/null +++ b/config/debian-r/map.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +dak make-pkg-file-mapping | bzip2 -9 > /srv/security-master.debian.org/ftp/indices/package-file.map.bz2 diff --git a/config/debian-r/vars b/config/debian-r/vars new file mode 100644 index 00000000..2d040a91 --- /dev/null +++ b/config/debian-r/vars @@ -0,0 +1,51 @@ +# locations used by many scripts + +base=/srv/security-master.debian.org +public=/srv/security.debian.org +bindir=$base/bin +ftpdir=$base/ftp/ +masterdir=$base/dak/ +configdir=$masterdir/config/debian-security/ +webdir=$masterdir/web +indices=$ftpdir/indices +archs=$(dak admin a list | tr '\n' ' ') + +scriptdir=$base/scripts +scriptsdir=$masterdir/scripts/debian/ +dbdir=$base/dak-database/ +lockdir=$base/lock +stagedir=$lockdir/stages +overridedir=$base/override +extoverridedir=$scriptdir/external-overrides +logdir=$base/log/cron/ + +queuedir=$base/queue/ +unchecked=$queuedir/unchecked/ +newstage=$queuedir/newstage/ +disembargo=$queuedir/unchecked-disembargo/ +done=$queuedir/done/ + +mirrordir=$base/mirror/ +exportdir=$base/export/ +exportpublic=$public/rsync/export/ + +uploadhost=ftp-master.debian.org +uploaddir=/pub/UploadQueue/ + +ftpgroup=debadmin + +components="main non-free contrib" +suites=$(dak admin s list) +override_types="deb dsc udeb" + +TMPDIR=${base}/tmp + +PATH=$masterdir:$PATH +umask 022 +unset CDPATH + +# Set the database variables +eval $(dak admin config db-shell) + +PATH=$masterdir:$PATH +umask 022