[dak/master] config/debian-security: use rsync-over-ssh for sync to ftp-master
The rsync run happens during unchecked to make sure queue/accepted
only contains complete uploads.
---
config/debian-security/cron.unchecked | 10 ++++++++--
config/homedir/ssh/security-config | 8 ++++++++
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked
index a5af71eb..9e6f170f 100755
--- a/config/debian-security/cron.unchecked
+++ b/config/debian-security/cron.unchecked
@@ -62,8 +62,14 @@ if [ -n "${accepted}" ]; then
fi
# sync accepted files to ftpmaster
-cd ${base}
-find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +
+sync-accepted() {
+ cd ${base}
+ rsync --recursive --times --partial --remove-source-files \
+ ${queuedir}/accepted/ rsync-to-ssh.upload.debian.org:/does/not/matter
+}
+if [ -n "${accepted}" ]; then
+ sync-accepted || :
+fi
# export policy queues
for queue in embargoed; do
diff --git a/config/homedir/ssh/security-config b/config/homedir/ssh/security-config
index 2a1fb739..fe9e9b82 100644
--- a/config/homedir/ssh/security-config
+++ b/config/homedir/ssh/security-config
@@ -27,3 +27,11 @@ Host rsync-from-security-upload-master
ControlMaster auto
ControlPath ~/.ssh/socket-%n
ControlPersist yes
+
+Host rsync-to-ssh.upload.debian.org
+ Hostname usper.debian.org
+ User dak
+ IdentityFile /srv/security-master.debian.org/s3kr1t/rsync-to-ssh.upload.debian.org
+ ControlMaster auto
+ ControlPath ~/.ssh/socket-%n
+ ControlPersist yes
--
2.11.0
Reply to: