From f37ffde83d0b15674d6e885f195b79bd9a62f211 Mon Sep 17 00:00:00 2001 From: Ansgar Burchardt Date: Sun, 4 Nov 2012 18:44:11 +0100 Subject: [PATCH] Only move accepted files in cron.unchecked This avoids triggering the taint check in spawn(). --- config/debian-security/cron.unchecked | 5 ++++- dak/new_security_install.py | 4 ---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/config/debian-security/cron.unchecked b/config/debian-security/cron.unchecked index f55315c5..8685f34d 100755 --- a/config/debian-security/cron.unchecked +++ b/config/debian-security/cron.unchecked @@ -62,6 +62,10 @@ if [ -n "$changes" ]; then dak process-upload -a -d "$disembargo" >> $reportdis fi +# sync accepted files to ftpmaster +cd ${base} +find ${queuedir}/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + + if [ "${doanything}" = "false" ] && [ "${dopolicy}" = "false" ]; then echo "$timestamp": Nothing to do >> $report exit 0 @@ -113,7 +117,6 @@ done if [ "x${dopolicy}x" = "xtruex" ]; then # We had something approved from a policy queue, push out new archive - find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' + dak dominate #dak generate-filelist cd $configdir diff --git a/dak/new_security_install.py b/dak/new_security_install.py index 8bd86fbe..4f718b45 100755 --- a/dak/new_security_install.py +++ b/dak/new_security_install.py @@ -100,10 +100,6 @@ def _do_Approve(): for queue in ("embargoed",): spawn("dak process-policy {0}".format(queue)) - # 2. sync the stuff to ftpmaster - print "Sync stuff for upload to ftpmaster" - spawn("find /srv/security-master.debian.org/queue/accepted -type f -exec mv -t /srv/queued/ftpmaster '{}' +") - # 3. Run all the steps that are needed to publish the changed archive print "Domination" spawn("dak dominate") -- 2.39.5