]>
err.no Git - dak/log
Ansgar Burchardt [Sun, 3 Feb 2013 12:42:51 +0000 (13:42 +0100)]
debianqueued: open ftp connection when trying to upload .dak-commands
Ansgar Burchardt [Sun, 27 Jan 2013 12:50:40 +0000 (13:50 +0100)]
dak/acl.py: only add fingerprints from active keyrings to an ACL.
Ansgar Burchardt [Sun, 27 Jan 2013 12:48:23 +0000 (13:48 +0100)]
dak/acl.py: allow comments and empty lines
Ansgar Burchardt [Sun, 27 Jan 2013 10:52:38 +0000 (11:52 +0100)]
dak/acl.py: raise an exception when an unknown selector is used
Ansgar Burchardt [Sun, 27 Jan 2013 10:50:38 +0000 (11:50 +0100)]
dak/acl.py: allow to filter by keyring
This is intended to be used for the backports ACL to allow all buildd
keys to upload.
Ansgar Burchardt [Tue, 22 Jan 2013 23:50:51 +0000 (00:50 +0100)]
debianqueued: add armhf and s390x keyrings for security-master.
Ansgar Burchardt [Tue, 22 Jan 2013 23:07:20 +0000 (00:07 +0100)]
debianqueued: move log and pid files to run directory for security archive
Ansgar Burchardt [Tue, 22 Jan 2013 17:54:32 +0000 (18:54 +0100)]
daklib/archive.py: Use correct variable for the rejected suite.
Ansgar Burchardt [Sun, 20 Jan 2013 09:59:40 +0000 (10:59 +0100)]
Handle *.dak-commands files owned by a different user.
Ansgar Burchardt [Tue, 8 Jan 2013 14:49:21 +0000 (15:49 +0100)]
include Built-Using sources in Sources indices
Bug: http://bugs.debian.org/657212
Ansgar Burchardt [Sat, 19 Jan 2013 15:13:59 +0000 (16:13 +0100)]
config/debian/cron.monthly: debianqueued now runs as dak-unpriv
Ansgar Burchardt [Sat, 19 Jan 2013 14:42:33 +0000 (15:42 +0100)]
config/debian/dak.conf: keep dak-unpriv user in postgres
dak show-deferred now runs as dak-unpriv and needs a (read-only) database
connection.
Ansgar Burchardt [Sat, 19 Jan 2013 14:20:58 +0000 (15:20 +0100)]
Run debianqueued as dak-unpriv.
We also need to run show-deferred as dak-unpriv as it changes
permissions of some files in the deferred queues.
Ansgar Burchardt [Sat, 19 Jan 2013 14:20:02 +0000 (15:20 +0100)]
debianqueued: move log and pid files to run subdirectory
The dak-unpriv user needs to be able to write these files.
Ansgar Burchardt [Sat, 12 Jan 2013 15:30:49 +0000 (16:30 +0100)]
debianqueued: remove current directory from @INC
Ansgar Burchardt [Sat, 12 Jan 2013 13:53:24 +0000 (14:53 +0100)]
<Files> matches only the basename, so wrap it inside a <Directory> block
Ansgar Burchardt [Sat, 12 Jan 2013 13:49:00 +0000 (14:49 +0100)]
config/debian/apache.conf-incoming: allow access to robots.txt
Ansgar Burchardt [Sat, 12 Jan 2013 13:40:16 +0000 (14:40 +0100)]
Stop generating dm-uploaders.html.
dm-uploaders.html is huge (74 MB) which makes is unusable. DM upload
permissions can now be seen in dm.txt.
Ansgar Burchardt [Sat, 12 Jan 2013 13:37:30 +0000 (14:37 +0100)]
Add robots.txt for incoming.debian.org.
Files on incoming.debian.org only exist for a short while so it makes no
sense to have them indexed.
Ansgar Burchardt [Mon, 7 Jan 2013 10:24:48 +0000 (11:24 +0100)]
dak/process_new.py: show target suite and changed-by
Ansgar Burchardt [Mon, 7 Jan 2013 09:32:19 +0000 (10:32 +0100)]
dak/show_new.py: use apply_async instead of map_async
The map variant established multiple database connections in each worker
exceeding the maximum number of connections configured in PostgreSQL.
apply_async doesn't have this problem with our wrapper in DakProcessPool.
However as a regression we longer have a timeout and always have to wait for
the job to finish. This could be worked around by using the timeout function
for individual results.
Ansgar Burchardt [Sun, 6 Jan 2013 13:07:42 +0000 (14:07 +0100)]
config/debian/dak.conf: There is no dak group.
Ansgar Burchardt [Sun, 6 Jan 2013 12:48:07 +0000 (13:48 +0100)]
dak/show_new.py: set examine_package.use_html before creating worker pool
We want examine_package.use_html to be set everywhere. So we have to
change it before we create the worker pool.
This was broken by
24cb4fe2729e5805e8a9d81149dce947787ee20d where the
worker pool was setup earlier.
Ansgar Burchardt [Sun, 6 Jan 2013 12:44:51 +0000 (13:44 +0100)]
show-new: run lintian as unprivileged user
As dak/examine_package.py is also used by process-new we cannot run
lintian unconditionally as the unprivileged user. Therefore move the
Unpriv{User,Group} setting from the database to a (group-specific)
dak.conf.
Ansgar Burchardt [Fri, 4 Jan 2013 19:15:29 +0000 (20:15 +0100)]
dak/admin.py: add new subcommand to add buildd keyring
This also creates a new ACL which is not fun to do by hand.
Ansgar Burchardt [Fri, 4 Jan 2013 15:08:16 +0000 (16:08 +0100)]
Export buildd queues on security archive.
Ansgar Burchardt [Fri, 4 Jan 2013 14:39:56 +0000 (15:39 +0100)]
apache.conf-incoming: add alias for /debian-buildd.
Ansgar Burchardt [Fri, 4 Jan 2013 12:13:58 +0000 (13:13 +0100)]
scriptdir vs. scriptsdir is confusing
Ansgar Burchardt [Fri, 4 Jan 2013 12:08:56 +0000 (13:08 +0100)]
Export buildd queues to public location
The dists/ directory should be updated as atomic as possible. Therefore
buildds access a copy that can be updated with two file renames.
Ansgar Burchardt [Thu, 3 Jan 2013 20:30:36 +0000 (21:30 +0100)]
dak/show_new.py: setup worker pool before connecting to database
Ansgar Burchardt [Wed, 2 Jan 2013 16:01:07 +0000 (17:01 +0100)]
daklib/archive.py: always copy files instead of using symlinks
Some files in pool locations might not be accessible to the user dak runs
lintian as. So always copy the files and set appropriate permissions.
Bug: http://bugs.debian.org/689598
Adam D. Barratt [Tue, 1 Jan 2013 16:40:02 +0000 (16:40 +0000)]
cruft-report: check for rdeps of arch:all packages on all architectures
When checking for reverse dependencies of sourceless arch:all packages
only those rdeps which were also arch-indep were detected.
Signed-off-by: Adam D. Barratt <adam@adam-barratt.org.uk>
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Ansgar Burchardt [Tue, 1 Jan 2013 10:00:52 +0000 (11:00 +0100)]
Use Squeezy key instead of the expired Lenny key.
Joerg Jaspert [Tue, 1 Jan 2013 10:03:05 +0000 (11:03 +0100)]
%Y works so much nicer than here
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Joerg Jaspert [Tue, 1 Jan 2013 10:01:14 +0000 (11:01 +0100)]
monthly rotation of the queued log on franck
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Ansgar Burchardt [Sat, 29 Dec 2012 11:28:25 +0000 (12:28 +0100)]
Configure dm-{remove,migrate}.
People allowed to use dm-{remove,migrate} are the keyring maintainers
and ftp masters for now.
Ansgar Burchardt [Sat, 29 Dec 2012 11:22:06 +0000 (12:22 +0100)]
Implement dm-remove and dm-migrate commands.
The dm-remove command can be used to remove all DM ACL entries for a
given fingerprint:
Action: dm-remove
Fingerprint: ...
The dm-migrate command can be used to migrate all DM ACL entries from
one key to another:
Action: dm-migrate
From: ...
To: ...
Ansgar Burchardt [Sat, 29 Dec 2012 10:11:23 +0000 (11:11 +0100)]
daklib/upload.py: more verbose message for hash mismatches
Reported-by: Laszlo Kajan <lkajan@rostlab.org>
Ansgar Burchardt [Thu, 20 Dec 2012 10:39:26 +0000 (11:39 +0100)]
daklib/checks.py: name of local variable changed: what -> filename
When moving the hash validation in
e6b1c633b7127f1d2ef938b7ea2181ce9e184906
one occurrence of "what" was not changed to "filename".
Ansgar Burchardt [Tue, 18 Dec 2012 16:13:55 +0000 (17:13 +0100)]
Check hashes from .changes before loading .dsc.
Ansgar Burchardt [Tue, 18 Dec 2012 16:10:00 +0000 (17:10 +0100)]
Do not load .dsc to check if an upload is sourceful.
This caused an error when rejecting an upload with an invalid .dsc.
We also do not want to load the .dsc before we have made sure it matches the
hash from the .changes.
Ansgar Burchardt [Tue, 18 Dec 2012 15:37:36 +0000 (16:37 +0100)]
daklib/archive.py: don't fail in prepare() if the .dsc is invalid
We only need the .dsc here to try and grab any files not included in the
upload. If there is an error loading the .dsc, do not throw an exception here,
but do so later instead.
Ansgar Burchardt [Sat, 15 Dec 2012 10:17:20 +0000 (11:17 +0100)]
debianqueued: check pgp signature before any further processing
As we no longer look at the file in the case of a bad signature, we
cannot know the maintainer address and this cannot send a mail about
the bad signature.
Ansgar Burchardt [Sat, 15 Dec 2012 10:16:54 +0000 (11:16 +0100)]
debianqueued: make pgp_check stricter
Ansgar Burchardt [Sat, 15 Dec 2012 08:31:00 +0000 (09:31 +0100)]
config/debian/cron.hourly: remove unchecked lock on failure
Ansgar Burchardt [Sat, 15 Dec 2012 08:26:48 +0000 (09:26 +0100)]
daklib/policy.py: REJECT.* files should not be executable
Ansgar Burchardt [Sat, 15 Dec 2012 08:25:59 +0000 (09:25 +0100)]
dak/process_policy.py: handle rejecting the same package twice
Tollef Fog Heen [Tue, 11 Dec 2012 11:56:12 +0000 (12:56 +0100)]
dak/generate_releases.py: Add -q option to be a bit more quiet
Signed-off-by: Tollef Fog Heen <tfheen@varnish-software.com>
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Ansgar Burchardt [Fri, 7 Dec 2012 12:07:17 +0000 (13:07 +0100)]
debianqueued: escape "." in ".changes" in regular expression
Reported-by: Jakub Wilk <jwilk@debian.org>
Reference: https://lists.debian.org/debian-dak/2012/12/msg00016.html
Ansgar Burchardt [Thu, 6 Dec 2012 15:04:52 +0000 (16:04 +0100)]
debianqueued: use POSIX::access to check for write access
Ansgar Burchardt [Thu, 6 Dec 2012 13:52:05 +0000 (14:52 +0100)]
debianqueued: don't use shell to start gpg
Ansgar Burchardt [Thu, 6 Dec 2012 13:31:23 +0000 (14:31 +0100)]
debianqueued: remove unused variables
Ansgar Burchardt [Thu, 6 Dec 2012 13:01:22 +0000 (14:01 +0100)]
debianqueued: use Perl, not shell
Ansgar Burchardt [Thu, 6 Dec 2012 11:32:30 +0000 (12:32 +0100)]
debianqueued: construct Digest::MD5 object before trying to use it
Ansgar Burchardt [Thu, 6 Dec 2012 11:32:02 +0000 (12:32 +0100)]
debianqueued: only start processing files with a sane name
Ansgar Burchardt [Thu, 6 Dec 2012 11:25:44 +0000 (12:25 +0100)]
debianqueued: remove two no longer used functions
Ansgar Burchardt [Thu, 6 Dec 2012 11:01:30 +0000 (12:01 +0100)]
debianqueued: use three argument form of open() in most places
Ansgar Burchardt [Thu, 6 Dec 2012 10:53:02 +0000 (11:53 +0100)]
debianqueued: remove notifications for incomplete uploads
We do not want to inspect unsigned files if we can avoid doing so.
This also fixes get_maintainer not making sure the filename is safe to pass to
shell commands by removing the function.
Ansgar Burchardt [Thu, 6 Dec 2012 10:47:10 +0000 (11:47 +0100)]
debianqueued: use Digest::MD5 instead of external md5sum binary
Ansgar Burchardt [Thu, 6 Dec 2012 10:38:29 +0000 (11:38 +0100)]
debianqueued: use stricter filename pattern
The new pattern is taken from daklib/regexes.py.
Joerg Jaspert [Wed, 5 Dec 2012 22:20:48 +0000 (23:20 +0100)]
sanitize variable before using it
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Ansgar Burchardt [Sun, 2 Dec 2012 22:21:44 +0000 (23:21 +0100)]
daklib/checks.py: fix index in format string
Tollef Fog Heen [Tue, 27 Nov 2012 10:13:33 +0000 (11:13 +0100)]
dak/generate_releases.py: pull components from the database
Address FIXME that talks about pulling Components from the DB.
Signed-off-by: Tollef Fog Heen <tfheen@varnish-software.com>
Signed-off-by: Ansgar Burchardt <ansgar@debian.org>
Ansgar Burchardt [Sun, 25 Nov 2012 11:25:20 +0000 (12:25 +0100)]
update93.py: update world.files-1 to handle backports archive on ftp-master
The addition of the backports archive on ftp-master broke the assumption
that only one of the backports, ftp-master and security archives exist.
Ansgar Burchardt [Sun, 25 Nov 2012 10:50:15 +0000 (11:50 +0100)]
config/debian/dak.conf: reject uploads to squeeze-backports
We do not want to accept uploads to squeeze-backports on ftp-master for
now.
Ansgar Burchardt [Sun, 25 Nov 2012 10:48:41 +0000 (11:48 +0100)]
Merge remote-tracking branch 'origin/master'
Joerg Jaspert [Sat, 24 Nov 2012 20:08:05 +0000 (21:08 +0100)]
remove DMUA flag handling
drop usage of the DMUA flag, only use the new ACL set, as announced in
https://lists.debian.org/debian-devel-announce/2012/09/msg00012.html
and
https://lists.debian.org/debian-devel-announce/2012/09/msg00008.html
Signed-off-by: Joerg Jaspert <joerg@debian.org>
Tollef Fog Heen [Thu, 22 Nov 2012 14:06:56 +0000 (15:06 +0100)]
Add archive rename command
Make it possible to rename archives using
dak admin archive rename OLD NEW
Signed-off-by: Tollef Fog Heen <tfheen@varnish-software.com>
Tollef Fog Heen [Thu, 22 Nov 2012 14:08:54 +0000 (15:08 +0100)]
Typo in comment
Signed-off-by: Tollef Fog Heen <tfheen@varnish-software.com>
Ansgar Burchardt [Tue, 20 Nov 2012 14:51:31 +0000 (15:51 +0100)]
daklib/dbconn.py: use unicode workaround also for sqlalchemy 0.7
Reference: https://lists.debian.org/debian-dak/2012/11/msg00043.html
Ansgar Burchardt [Sat, 24 Nov 2012 14:01:16 +0000 (15:01 +0100)]
apache.conf-incoming: allow access from nagini.codelibre.net
Allow access from nagini.codelibre.net to allow testing sbuild-db.
Ansgar Burchardt [Sat, 17 Nov 2012 15:39:53 +0000 (16:39 +0100)]
dak/process_policy.py: don't try to copy files to accepted twice
We might already have copied files to accepted before, for example when
accepting multiple uploads that use the same upstream tarball. So we
have to ignore existing files here.
Ansgar Burchardt [Sat, 17 Nov 2012 13:25:25 +0000 (14:25 +0100)]
daklib/archive.py: give a nicer error message for already known .changes
Bug-Debian: http://bugs.debian.org/693163
Ansgar Burchardt [Sat, 17 Nov 2012 12:12:15 +0000 (13:12 +0100)]
dak/rm.py: also close forwarded bug reports
Bug-Debian: http://bugs.debian.org/693491
Ansgar Burchardt [Tue, 13 Nov 2012 19:13:26 +0000 (20:13 +0100)]
config/debian-security/cron.buildd: $DISTS should only be stable and testing
The archive now has more (private) suites for handling policy and build
queues. These are not of interest here.
Ansgar Burchardt [Tue, 13 Nov 2012 19:01:24 +0000 (20:01 +0100)]
config/debian-security/cron.unchecked: call process-upload before process-policy
This saves one run for uploads that are automatically accepted from the
policy queues (eg. buildd uploads for an already accepted source).
Ansgar Burchardt [Tue, 13 Nov 2012 19:00:10 +0000 (20:00 +0100)]
config/debian-security/cron.unchecked: calling process-policy once per queue is enough
Ansgar Burchardt [Thu, 8 Nov 2012 07:34:15 +0000 (08:34 +0100)]
dak/import.py: control -> source
Don' try to fix bugs while eating breakfast, you will miss things.
Ansgar Burchardt [Thu, 8 Nov 2012 07:29:02 +0000 (08:29 +0100)]
dak/import.py: control -> source
Ansgar Burchardt [Thu, 8 Nov 2012 07:22:02 +0000 (08:22 +0100)]
dak/import.py: use section_name variable where we need it
Ansgar Burchardt [Wed, 7 Nov 2012 20:01:06 +0000 (21:01 +0100)]
Improve dak/import.py.
Ansgar Burchardt [Wed, 7 Nov 2012 14:19:53 +0000 (15:19 +0100)]
Add new import subcommand.
Ansgar Burchardt [Wed, 7 Nov 2012 13:47:22 +0000 (14:47 +0100)]
daklib/upload.py: add from_file classmethods
Allow to create HashedFile, Binary and Source objects from existing files.
This will be used to directly import binary and source packages into an
archive.
Ansgar Burchardt [Mon, 5 Nov 2012 08:07:07 +0000 (09:07 +0100)]
daklib/archive.py: use right name for .dsc dict
Ansgar Burchardt [Sun, 4 Nov 2012 19:46:24 +0000 (20:46 +0100)]
config/debian-security/cron.unchecked: be silent
Ansgar Burchardt [Sun, 4 Nov 2012 18:56:35 +0000 (19:56 +0100)]
Make sure *.new directories do exist.
The directories will not be created by dak export / dak export-suite if
they have no files to put there.
Ansgar Burchardt [Sun, 4 Nov 2012 18:38:00 +0000 (19:38 +0100)]
Always regenerate policy queue exports.
Otherwise outdated symlinks will be kept around for a while after
dak new-security-install was run until cron.unchecked does some real
work again.
Ansgar Burchardt [Sun, 4 Nov 2012 18:00:11 +0000 (19:00 +0100)]
dak/make_changelog.py: use correct column name
Ansgar Burchardt [Sun, 4 Nov 2012 17:59:01 +0000 (18:59 +0100)]
make_changelog.py: typo
Ansgar Burchardt [Sun, 4 Nov 2012 17:44:11 +0000 (18:44 +0100)]
Only move accepted files in cron.unchecked
This avoids triggering the taint check in spawn().
Ansgar Burchardt [Sun, 4 Nov 2012 17:24:17 +0000 (18:24 +0100)]
dak/export_suite.py: add workaround to allow exporting broken build queues
Ansgar Burchardt [Sun, 4 Nov 2012 17:12:25 +0000 (18:12 +0100)]
config/debian-security/cron.unchecked: export policy queues in old format
Ansgar Burchardt [Sun, 4 Nov 2012 17:02:45 +0000 (18:02 +0100)]
config/debian-security/cron.weekly: only regenerate Release for public archive
Ansgar Burchardt [Sun, 4 Nov 2012 17:02:26 +0000 (18:02 +0100)]
config/debian-security/cron.daily: use explicit list of suites
Ansgar Burchardt [Sun, 4 Nov 2012 16:52:49 +0000 (17:52 +0100)]
config/debian-security/cron.unchecked: just run process-policy to see if there were files to process
Ansgar Burchardt [Sun, 4 Nov 2012 16:51:59 +0000 (17:51 +0100)]
dak/new_security_install.py: remove reference to newstage
Ansgar Burchardt [Sun, 4 Nov 2012 16:37:24 +0000 (17:37 +0100)]
config/debian-security/cron.unchecked: fix gpg call, use correct description
Ansgar Burchardt [Sun, 4 Nov 2012 16:26:35 +0000 (17:26 +0100)]
daklib/archive.py (install_source): always copy source files to target archive
Ansgar Burchardt [Sun, 4 Nov 2012 15:58:36 +0000 (16:58 +0100)]
dak/export_suite.py: same file might be in multiple components
Use first() instead of one() in case the file is available in multiple
components.
Ansgar Burchardt [Sun, 4 Nov 2012 15:51:49 +0000 (16:51 +0100)]
dak/export_suite.py: take archive file for the archive we are exporting from