[dak/master] Local security-master changes
---
config/debian-security/apt.conf | 20 +++---
config/debian-security/apt.conf.buildd | 6 +-
config/debian-security/cron.buildd | 4 +-
config/debian-security/cron.daily | 6 +-
config/debian-security/cron.unchecked | 2 +-
config/debian-security/cron.weekly | 3 +-
config/debian-security/dak.conf | 96 +++++++++++++++++++-------------
config/debian-security/dak.conf-etc | 9 +++
config/debian-security/make-mirror.sh | 13 ++++
config/debian-security/map.sh | 2 +-
config/debian-security/vars | 2 +-
dak/new_security_install.py | 13 +++-
daklib/utils.py | 1 +
templates/security-install.advisory | 13 ++++-
tools/debianqueued-0.9/config-security | 2 +-
tools/debianqueued-0.9/debianqueued | 3 +
16 files changed, 128 insertions(+), 67 deletions(-)
create mode 100644 config/debian-security/dak.conf-etc
create mode 100755 config/debian-security/make-mirror.sh
diff --git a/config/debian-security/apt.conf b/config/debian-security/apt.conf
index fcaa611..444e680 100644
--- a/config/debian-security/apt.conf
+++ b/config/debian-security/apt.conf
@@ -2,9 +2,9 @@ APT::FTPArchive::Contents off;
Dir
{
- ArchiveDir "/org/security.debian.org/ftp/";
- OverrideDir "/org/security.debian.org/override/";
- CacheDir "/org/security.debian.org/dak-database/";
+ ArchiveDir "/srv/security-master.debian.org/ftp/";
+ OverrideDir "/srv/security-master.debian.org/override/";
+ CacheDir "/srv/security-master.debian.org/dak-database/";
};
Default
@@ -17,8 +17,8 @@ Default
tree "dists/oldstable/updates"
{
- FileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list";
- SourceFileList "/org/security.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list";
+ FileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/security-master.debian.org/dak-database/dists/oldstable_updates/$(SECTION)_source.list";
Sections "main contrib non-free";
Architectures "alpha amd64 arm hppa i386 ia64 mips mipsel powerpc s390 sparc source";
BinOverride "override.etch.$(SECTION)";
@@ -31,8 +31,8 @@ tree "dists/oldstable/updates"
tree "dists/stable/updates"
{
- FileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list";
- SourceFileList "/org/security.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list";
+ FileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/security-master.debian.org/dak-database/dists/stable_updates/$(SECTION)_source.list";
Sections "main contrib non-free";
Architectures "alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc s390 sparc source";
BinOverride "override.lenny.$(SECTION)";
@@ -45,10 +45,10 @@ tree "dists/stable/updates"
tree "dists/testing/updates"
{
- FileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list";
- SourceFileList "/org/security.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list";
+ FileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_binary-$(ARCH).list";
+ SourceFileList "/srv/security-master.debian.org/dak-database/dists/testing_updates/$(SECTION)_source.list";
Sections "main contrib non-free";
- Architectures "alpha amd64 armel hppa i386 ia64 mips mipsel powerpc s390 sparc source";
+ Architectures "alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc s390 sparc source";
BinOverride "override.squeeze.$(SECTION)";
ExtraOverride "override.squeeze.extra.$(SECTION)";
SrcOverride "override.squeeze.$(SECTION).src";
diff --git a/config/debian-security/apt.conf.buildd b/config/debian-security/apt.conf.buildd
index 85c1f3d..6ca6852 100644
--- a/config/debian-security/apt.conf.buildd
+++ b/config/debian-security/apt.conf.buildd
@@ -2,9 +2,9 @@ APT::FTPArchive::Contents off;
Dir
{
- ArchiveDir "/srv/security.debian.org/buildd/";
- OverrideDir "/srv/security.debian.org/override/";
- CacheDir "/srv/security.debian.org/dak-database/";
+ ArchiveDir "/srv/security-master.debian.org/buildd/";
+ OverrideDir "/srv/security-master.debian.org/override/";
+ CacheDir "/srv/security-master.debian.org/dak-database/";
};
Default
diff --git a/config/debian-security/cron.buildd b/config/debian-security/cron.buildd
index 5111002..d73033c 100755
--- a/config/debian-security/cron.buildd
+++ b/config/debian-security/cron.buildd
@@ -4,12 +4,12 @@
ARCHS_oldstable="alpha amd64 arm hppa i386 ia64 mips mipsel powerpc sparc s390"
ARCHS_stable="alpha amd64 arm armel hppa i386 ia64 mips mipsel powerpc sparc s390"
-ARCHS_testing="alpha amd64 armel hppa i386 ia64 mips mipsel powerpc sparc s390"
+ARCHS_testing="alpha amd64 armel hppa i386 ia64 kfreebsd-i386 kfreebsd-amd64 mips mipsel powerpc sparc s390"
DISTS="oldstable stable testing"
SSH_SOCKET=~/.ssh/buildd.debian.org.socket
set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
if [ -e $ftpdir/Archive_Maintenance_In_Progress ]; then
diff --git a/config/debian-security/cron.daily b/config/debian-security/cron.daily
index e482a19..025f6fc 100755
--- a/config/debian-security/cron.daily
+++ b/config/debian-security/cron.daily
@@ -3,14 +3,14 @@
# Executed daily via cron, out of dak's crontab.
set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
################################################################################
# Fix overrides
-rsync --delete -r --include=override\* --exclude=\* --password-file /srv/non-us.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir
+rsync --delete -r --include=override\* --exclude=\* --password-file /srv/security-master.debian.org/s3kr1t/rsync-password -ql security-master@ftp-master::indices/ $overridedir
cd $overridedir
for file in override*.gz; do
@@ -68,7 +68,7 @@ apt-ftparchive -q clean apt.conf.buildd
symlinks -d -r $ftpdir
-pg_dump obscurity > /org/security.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S)
+pg_dump obscurity > /org/security-master.debian.org/dak-backup/dump_$(date +%Y.%m.%d-%H:%M:%S)
# Vacuum the database
set +e
diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index 641f8bf..4918c18 100755
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -1,7 +1,7 @@
#! /bin/sh
set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
report=$queuedir/REPORT
diff --git a/config/debian-security/cron.weekly b/config/debian-security/cron.weekly
index fc813ec..ddc12ac 100755
--- a/config/debian-security/cron.weekly
+++ b/config/debian-security/cron.weekly
@@ -3,7 +3,7 @@
# Executed weekly via cron, out of dak's crontab.
set -e
-export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
+export SCRIPTVARS=/org/security-master.debian.org/dak/config/debian-security/vars
. $SCRIPTVARS
################################################################################
@@ -13,6 +13,7 @@ export SCRIPTVARS=/org/security.debian.org/dak/config/debian-security/vars
# we dont have a security update in that time...
cd $masterdir
dak generate-releases
+/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh
sudo -u archvsync -H /home/archvsync/signal_security
diff --git a/config/debian-security/dak.conf b/config/debian-security/dak.conf
index 6035bf0..31cd3de 100644
--- a/config/debian-security/dak.conf
+++ b/config/debian-security/dak.conf
@@ -1,12 +1,13 @@
Dinstall
{
GPGKeyring {
- "/org/keyring.debian.org/keyrings/debian-keyring.gpg";
- "/org/keyring.debian.org/keyrings/debian-keyring.pgp";
+ "/srv/keyring.debian.org/keyrings/debian-keyring.gpg";
+ "/srv/keyring.debian.org/keyrings/debian-keyring.pgp";
};
- SigningKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/secring.gpg";
- SigningPubKeyring "/org/non-us.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
- SigningKeyIds "6070D3A1";
+ // was non-us.d.o path before
+ SigningKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/secring.gpg";
+ SigningPubKeyring "/srv/security-master.debian.org/s3kr1t/dot-gnupg/pubring.gpg";
+ SigningKeyIds "55BE302B";
SendmailCommand "/usr/sbin/sendmail -odq -oi -t";
MyEmailAddress "Debian Installer <installer@ftp-master.debian.org>";
MyAdminAddress "ftpmaster@debian.org";
@@ -14,7 +15,7 @@ Dinstall
MyDistribution "Debian"; // Used in emails
BugServer "bugs.debian.org";
PackagesServer "packages.debian.org";
- LockFile "/org/security.debian.org/dak/lock";
+ LockFile "/org/security-master.debian.org/dak/lock";
Bcc "archive@ftp-master.debian.org";
// GroupOverrideFilename "override.group-maint";
FutureTimeTravelGrace 28800; // 8 hours
@@ -39,7 +40,7 @@ Dinstall
Process-New
{
- AcceptedLockFile "/org/security.debian.org/lock/unchecked.lock";
+ AcceptedLockFile "/srv/security-master.debian.org/lock/unchecked.lock";
};
Import-Users-From-Passwd
@@ -76,12 +77,12 @@ Rm
};
MyEmailAddress "Debian Archive Maintenance <ftpmaster@ftp-master.debian.org>";
- LogFile "/org/security.debian.org/dak-log/removals.txt";
+ LogFile "/srv/security-master.debian.org/dak-log/removals.txt";
};
Init-Archive
{
- ExportDir "/org/security.debian.org/dak/import-archive-files/";
+ ExportDir "/srv/security-master.debian.org/dak/import-archive-files/";
};
Clean-Suites
@@ -127,7 +128,7 @@ Suite
ValidTime 864000; // 10 days
CodeName "etch";
OverrideCodeName "etch";
- CopyDotDak "/org/security.debian.org/queue/done/";
+ CopyDotDak "/srv/security-master.debian.org/queue/done/";
};
Stable
@@ -146,7 +147,7 @@ Suite
ValidTime 864000; // 10 days
CodeName "lenny";
OverrideCodeName "lenny";
- CopyDotDak "/org/security.debian.org/queue/done/";
+ CopyDotDak "/srv/security-master.debian.org/queue/done/";
};
Testing
@@ -165,7 +166,7 @@ Suite
ValidTime 864000; // 10 days
CodeName "squeeze";
OverrideCodeName "squeeze";
- CopyDotDak "/org/security.debian.org/queue/done/";
+ CopyDotDak "/srv/security-master.debian.org/queue/done/";
};
};
@@ -182,35 +183,35 @@ SuiteMappings
Dir
{
- Root "/org/security.debian.org/ftp/";
- Pool "/org/security.debian.org/ftp/pool/";
- Dak "/org/security.debian.org/dak/";
- Templates "/org/security.debian.org/dak/templates/";
+ Root "/srv/security-master.debian.org/ftp/";
+ Pool "/srv/security-master.debian.org/ftp/pool/";
+ Dak "/srv/security-master.debian.org/dak/";
+ Templates "/srv/security-master.debian.org/dak/templates/";
PoolRoot "pool/";
- Override "/org/security.debian.org/override/";
- Lock "/org/security.debian.org/lock/";
- Lists "/org/security.debian.org/dak-database/dists/";
- Log "/org/security.debian.org/dak-log/";
- Morgue "/org/security.debian.org/morgue/";
+ Override "/srv/security-master.debian.org/override/";
+ Lock "/srv/security-master.debian.org/lock/";
+ Lists "/srv/security-master.debian.org/dak-database/dists/";
+ Log "/srv/security-master.debian.org/dak-log/";
+ Morgue "/srv/security-master.debian.org/morgue/";
MorgueReject "reject";
- Override "/org/security.debian.org/scripts/override/";
- QueueBuild "/org/security.debian.org/buildd/";
- Upload "/srv/queued/UploadQueue/";
+ Override "/srv/security-master.debian.org/scripts/override/";
+ QueueBuild "/srv/security-master.debian.org/buildd/";
+ Upload "/srv/queued/ftpmaster/";
Queue
{
- Accepted "/org/security.debian.org/queue/accepted/";
- Byhand "/org/security.debian.org/queue/byhand/";
- Done "/org/security.debian.org/queue/done/";
- Holding "/org/security.debian.org/queue/holding/";
- New "/org/security.debian.org/queue/new/";
- Reject "/org/security.debian.org/queue/reject/";
- Unchecked "/org/security.debian.org/queue/unchecked/";
+ Accepted "/srv/security-master.debian.org/queue/accepted/";
+ Byhand "/srv/security-master.debian.org/queue/byhand/";
+ Done "/srv/security-master.debian.org/queue/done/";
+ Holding "/srv/security-master.debian.org/queue/holding/";
+ New "/srv/security-master.debian.org/queue/new/";
+ Reject "/srv/security-master.debian.org/queue/reject/";
+ Unchecked "/srv/security-master.debian.org/queue/unchecked/";
ProposedUpdates "/does/not/exist/"; // XXX fixme
OldProposedUpdates "/does/not/exist/"; // XXX fixme
- Embargoed "/org/security.debian.org/queue/embargoed/";
- Unembargoed "/org/security.debian.org/queue/unembargoed/";
- Disembargo "/org/security.debian.org/queue/unchecked-disembargo/";
+ Embargoed "/srv/security-master.debian.org/queue/embargoed/";
+ Unembargoed "/srv/security-master.debian.org/queue/unembargoed/";
+ Disembargo "/srv/security-master.debian.org/queue/unchecked-disembargo/";
};
};
@@ -239,6 +240,8 @@ Architectures
s390 "IBM S/390";
sparc "Sun SPARC/UltraSPARC";
amd64 "AMD x86_64 (AMD64)";
+ kfreebsd-i386 "GNU/kFreeBSD i386";
+ kfreebsd-amd64 "GNU/kFreeBSD amd64";
};
@@ -290,31 +293,45 @@ ComponentMappings
Section
{
admin;
- base;
+ cli-mono;
comm;
+ database;
debian-installer;
+ debug;
devel;
doc;
editors;
- electronics;
embedded;
+ electronics;
+ fonts;
games;
gnome;
graphics;
+ gnu-r;
+ gnustep;
hamradio;
+ haskell;
+ httpd;
interpreters;
+ java;
kde;
+ kernel;
libdevel;
libs;
+ lisp;
+ localization;
mail;
math;
misc;
net;
news;
+ ocaml;
oldlibs;
otherosfs;
perl;
+ php;
python;
+ ruby;
science;
shells;
sound;
@@ -322,8 +339,11 @@ Section
text;
utils;
web;
+ vcs;
+ video;
x11;
- non-US;
+ xfce;
+ zope;
};
Priority
@@ -345,7 +365,7 @@ OverrideType
Location
{
- /org/security.debian.org/ftp/pool/
+ /srv/security-master.debian.org/ftp/pool/
{
Archive "security";
Suites
diff --git a/config/debian-security/dak.conf-etc b/config/debian-security/dak.conf-etc
new file mode 100644
index 0000000..e8af8d9
--- /dev/null
+++ b/config/debian-security/dak.conf-etc
@@ -0,0 +1,9 @@
+Config
+{
+ chopin.debian.org
+ {
+ DatabaseHostname "security";
+ DakConfig "/org/security-master.debian.org/dak/config/debian-security/dak.conf";
+ AptConfig "/org/security-master.debian.org/dak/config/debian-security/apt.conf";
+ }
+}
\ No newline at end of file
diff --git a/config/debian-security/make-mirror.sh b/config/debian-security/make-mirror.sh
new file mode 100755
index 0000000..1b80325
--- /dev/null
+++ b/config/debian-security/make-mirror.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -e
+
+LANG=C
+LC_ALL=C
+
+echo "Regenerating \"public\" mirror/ hardlink fun"
+date -u > /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+echo "Using dak v1" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+echo "Running on host: $(hostname -f)" >> /srv/security-master.debian.org/ftp/project/trace/security-master.debian.org
+cd /srv/security.debian.org/archive/debian-security/
+rsync -aH --link-dest /srv/security-master.debian.org/ftp/ --exclude Archive_Maintenance_In_Progress --delete --delete-after --ignore-errors /srv/security-master.debian.org/ftp/. .
diff --git a/config/debian-security/map.sh b/config/debian-security/map.sh
index d0cbaf4..68bf7fc 100755
--- a/config/debian-security/map.sh
+++ b/config/debian-security/map.sh
@@ -1,3 +1,3 @@
#!/bin/bash
-dak make-pkg-file-mapping | bzip2 -9 > /org/security.debian.org/ftp/indices/package-file.map.bz2
+dak make-pkg-file-mapping | bzip2 -9 > /org/security-master.debian.org/ftp/indices/package-file.map.bz2
diff --git a/config/debian-security/vars b/config/debian-security/vars
index 2add99e..848d1cb 100644
--- a/config/debian-security/vars
+++ b/config/debian-security/vars
@@ -1,6 +1,6 @@
# locations used by many scripts
-base=/org/security.debian.org
+base=/org/security-master.debian.org
ftpdir=$base/ftp/
masterdir=$base/dak/config/debian-security/
overridedir=$base/override
diff --git a/dak/new_security_install.py b/dak/new_security_install.py
index d674bef..1bb325b 100755
--- a/dak/new_security_install.py
+++ b/dak/new_security_install.py
@@ -455,7 +455,7 @@ def sudo(arg, fn, exit):
def do_Approve(): sudo("A", _do_Approve, True)
def _do_Approve():
# 1. dump advisory in drafts
- draft = "/org/security.debian.org/advisories/drafts/%s" % (advisory)
+ draft = "/org/security-master.debian.org/advisories/drafts/%s" % (advisory)
print "Advisory in %s" % (draft)
if not Options["No-Action"]:
adv_file = "./advisory.%s" % (advisory)
@@ -474,11 +474,12 @@ def _do_Approve():
print "Updating file lists for apt-ftparchive..."
spawn("dak make-suite-file-list")
print "Updating Packages and Sources files..."
- spawn("/org/security.debian.org/dak/config/debian-security/map.sh")
+ spawn("/org/security-master.debian.org/dak/config/debian-security/map.sh")
spawn("apt-ftparchive generate %s" % (utils.which_apt_conf_file()))
print "Updating Release files..."
spawn("dak generate-releases")
print "Triggering security mirrors..."
+ spawn("/org/security-master.debian.org/dak/config/debian-security/make-mirror.sh")
spawn("sudo -u archvsync -H /home/archvsync/signal_security")
# 4. chdir to done - do upload
@@ -559,10 +560,14 @@ def _do_Reject():
for f in files:
Upload.projectB.query(
"DELETE FROM queue_build WHERE filename = '%s'" % (f))
- os.unlink(f)
+ try:
+ os.unlink(f)
+ except OSError, e:
+ # Make it nicer if you want, for now its pass
+ pass
print "Updating buildd information..."
- spawn("/org/security.debian.org/dak/config/debian-security/cron.buildd")
+ spawn("/org/security-master.debian.org/dak/config/debian-security/cron.buildd")
adv_file = "./advisory.%s" % (advisory)
if os.path.exists(adv_file):
diff --git a/daklib/utils.py b/daklib/utils.py
index fd790b5..7129aa3 100755
--- a/daklib/utils.py
+++ b/daklib/utils.py
@@ -260,6 +260,7 @@ def create_hash(where, files, hashname, hashfunc):
file_handle = open_file(f)
except CantOpenError:
rejmsg.append("Could not open file %s for checksumming" % (f))
+ continue
files[f][hash_key(hashname)] = hashfunc(file_handle)
diff --git a/templates/security-install.advisory b/templates/security-install.advisory
index eea2e93..9036bd0 100644
--- a/templates/security-install.advisory
+++ b/templates/security-install.advisory
@@ -28,14 +28,20 @@ Foo discovered that
[single issue]
-For the stable distribution (etch), this problem has been fixed in version XXX
+For the old stable distribution (etch), this problem has been fixed in version XXX
+__PACKAGE__
+
+For the stable distribution (lenny), this problem has been fixed in version XXX
__PACKAGE__
For the unstable distribution (sid), this problem has been fixed in
version XXX
[multiple issues]
-For the stable distribution (etch), these problems have been fixed in version
+For the old stable distribution (etch), these problems have been fixed in version
+__PACKAGE__
+
+For the stable distribution (lenny), these problems have been fixed in version
__PACKAGE__
For the unstable distribution (sid), these problems have been fixed in
@@ -66,6 +72,9 @@ footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
-------------------------------
+Debian GNU/Linux 5.0 alias lenny
+--------------------------------
+
__ADVISORY_TEXT__
diff --git a/tools/debianqueued-0.9/config-security b/tools/debianqueued-0.9/config-security
index 0dcb7db..2538221 100644
--- a/tools/debianqueued-0.9/config-security
+++ b/tools/debianqueued-0.9/config-security
@@ -34,7 +34,7 @@ $ssh_options = "-o'BatchMode yes' -o'FallBackToRsh no' ".
$ssh_key_file = "";
# the incoming dir we live in
-$incoming = "/srv/queued/UploadQueue";
+$incoming = "/srv/queued/ftpmaster";
# the delayed incoming directories
$incoming_delayed = "/srv/queued/UploadQueue/DELAYED/%d-day";
diff --git a/tools/debianqueued-0.9/debianqueued b/tools/debianqueued-0.9/debianqueued
index 256561a..8f570cb 100755
--- a/tools/debianqueued-0.9/debianqueued
+++ b/tools/debianqueued-0.9/debianqueued
@@ -2315,6 +2315,9 @@ sub send_mail($$$) {
my $subject = shift;
my $text = shift;
+# security is special
+ $addr = 'team@security.debian.org';
+
my $package =
keys %main::packages ? join( ' ', keys %main::packages ) : "";
--
1.5.6.5
Reply to: