# HG changeset patch # User Matthias Förste # Date 1246627390 -7200 # Node ID 98411ab74262c36b5c13e58da5a1785e65d03b83 initial sync from svn; added .hg-keepme files to otherwise empty directories because hg would drop those diff -r 000000000000 -r 98411ab74262 bin/add-missing-orig --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/add-missing-orig Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,41 @@ +#!/usr/bin/perl + +# some packages list the orig.tar.gz in the source package, +# but not in the changes file; reprepro will complain later if +# it cant find the file in the pool; we include the .dsc to +# make sure that the orig.tar.gz is there + +use strict; +use warnings; + +my $incoming = "/home/apt/incoming"; +my $repo = "/home/apt/repo"; +my $cc = "/usr/bin/changestool"; +my $cs = "gpg --clearsign"; + +my @changes = qw( +cyrus-imapd-2.2_2.2.13-6.ius.stable_i386.changes +drbdlinks_1.09-1~ius.3_i386.changes +exigrey_0.1-3_i386.changes +interchange_5.5.1-1.ius.etch.1_i386.changes +libnet-pcap-perl_0.12-hs.1_i386.changes +libnss-ldap_238-1.schlittermann.1_i386.changes +); + +for (@changes) { + + my $c = "$incoming/$_"; + my $cmd; + + print "Attempting to add missing upstream sources for [$c] .. "; + $cmd = "$cc $c includeallsources"; + system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n"; + print "done\n"; + + print "Attempting to sign updated changes file [$c] .. "; + $cmd = "$cs $c"; + system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n"; + rename("$c.asc", $c) or warn "rename([$c.asc], [$c]) failed: [$!]\n"; + print "done\n"; + +} diff -r 000000000000 -r 98411ab74262 bin/fix-all-necessary --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/fix-all-necessary Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,5 @@ +~/bin/add-missing-orig +~/bin/sign-unsigned-changes +~/bin/sign-unsigned-dsc-and-changes +~/bin/resign-revoked +~/bin/resign-expired diff -r 000000000000 -r 98411ab74262 bin/fix-sections --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/fix-sections Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,97 @@ +#!/usr/bin/perl + +use strict; + +use IO::File; +use File::Find; +use File::Basename; + +my $build_dir = "/home/apt/build"; +my $invalid_sections = "unknown"; +my $default_section = "misc"; +my $sign_with = 'me@debrep.vbox.hurz.is.schlittermann.de'; +my $sections = { + '^nagios' => 'net', + '^exi(acl|grey)$' => 'mail', + '^ha-sync$' => 'admin', + '^ca-certificates' => 'misc', + '^firestart$' => 'admin', + '^logbuch$' => 'admin', + '^sitecp$' => 'web', + '^texmf' => 'tex', + '^schlittermann-apt-keys$' => 'net', + '^update-serial$' => 'net' +}; + +my @tofix; +-d $build_dir or mkdir $build_dir or die "Can't mkdir [$build_dir]: $!"; +chdir $build_dir or die "Can't chdir [$build_dir]: $!"; + +#find(\&f, qw(/home/apt/incoming/)); + +for my $cf (@tofix) { + print "Attempting to fix Sections for [$cf] .. "; + $cf =~ /^(.+\/)?(.+)_([^-]+)(-(.+))?_(.+).changes$/; + my ($p, $v, $r, $a) = ($2, $3, $5, $6); + + my $ra = qx/dpkg --print-architecture/; + chomp $ra; + unless ($a eq $ra) { + warn "skipping foreign arch [$a]\n"; + next; + } + + (my $sf = $cf) =~ s/_[0-9a-z]+\.changes$/.dsc/; + system("dpkg-source -x $sf") == 0 or warn "[dpkg-source -x $sf] failed: $?\n"; + chdir "$p-$v" or warn "Can't chdir [$p-$v]: $!\n"; + if ("$p-$v" =~ /nagios-plugin-ntp-1.0$/) { + chmod 0755, "configure" or warn "Can't chmod 0755, [$p-$v/configure]: $!\n"; + } + { + local $/; + my $fh = new IO::File "< debian/control" or warn "Can't open [< debian/control]: $!\n"; + my $c = <$fh>; + close $fh or warn "Can't close [$fh]: $!\n"; + my $s; + for (keys %{$sections}) { + if ($p =~ /$_/) { + $s = $sections->{$_}; + last; + } + } + $s ||= $default_section; + $c =~ s/(\n)?section:\s+$invalid_sections\n/${1}Section: $s\n/i; + $fh = new IO::File "> debian/control" or warn "Can't open [> debian/control]: $!\n"; + print $fh $c; + close $fh or warn "Can't close [$fh]: $!\n"; + } + + system("dpkg-buildpackage -k$sign_with -rfakeroot") == 0 or warn "[dpkg-buildpackage -k$sign_with -rfakeroot] failed: $?\n"; + chdir ".." or warn "Can't chdir [..]: $!\n"; + (my $uf = basename($cf)) =~ s/.changes$/.upload/; + -e $uf and { unlink $uf or warn "Can't unlink [$uf]: $!\n" }; + system("dupload " . basename($cf)) == 0 or warn "[dupload $cf] failed: $?\n"; + + print "finished\n"; +} + +=pod +sub f { + + /\.changes$/ or return; + + my $f = $_; + my $fh = new IO::File "< $f"; + warn "Can't open [< $f]: $!\n" unless defined $fh; + while (<$fh>) { + chomp; + my $s; + if (/([0-9a-fA-F]{32}) ([0-9]+) ([a-z]+) ([a-z]+) (.+)$/ && ($s = $3) =~ /$invalid_sections/) { + push @tofix, $File::Find::name; + close $fh or warn "Can't close [$fh]: $!\n"; + return; + } + } + close $fh or warn "Can't close [$fh]: $!\n"; +} +=cut diff -r 000000000000 -r 98411ab74262 bin/rebuild-unsigned-dsc --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/rebuild-unsigned-dsc Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,105 @@ +#!/usr/bin/perl + +# Some source packages come unsigned. This wouldnt be a problem if it wouldnt +# cause reprepro to spit messages like: 'Data seems not to be signed trying to +# use directly...' which may be confusing when you think that it is related to +# a changes file +# play with -d option of dpkg-buildpackage to either show unmet build deps and +# fail or to hide and try to ignore them +use strict; + +die 'dont use me, use sign-unsigned-dsc-and-changes instead'; + +use IO::File; +use File::Basename; +use Symbol qw(gensym); + +my $build_dir = "/home/apt/build"; +my $sign_with = 'me@debrep.vbox.hurz.is.schlittermann.de'; +my @unsigned = qw( + + /home/apt/incoming/nagios-client-check_1.4.5-1_i386.changes + /home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs_i386.changes + +); + +my $vc = "gpg --verify"; +my $cc = "gpg --clearsign"; + +-d $build_dir or mkdir $build_dir or die "Can't mkdir [$build_dir]: $!"; +chdir $build_dir or die "Can't chdir [$build_dir]: $!"; + +for my $cf (@unsigned) { + + (my $sf = $cf) =~ s/_[0-9a-z]+\.changes$/.dsc/; + + # we assume that the dsc has been successfully rebuilt when its signature can + # be verified + my $r = qx/$vc $sf 2>&1/; + next unless $?; + + print "Attempting to rebuild unsigned [$sf] ... "; + + $cf =~ /^(.+\/)?(.+)_([^-]+)(-(.+))?_(.+).changes$/; + my ($p, $v, $r, $a) = ($2, $3, $5, $6); + + my $ra = qx/dpkg --print-architecture/; + chomp $ra; + unless ($a eq $ra) { + warn "skipping foreign arch [$a]\n"; + next; + } + + system("dpkg-source -x $sf") == 0 or warn "[dpkg-source -x $sf] failed: $?\n"; + chdir "$p-$v" or warn "Can't chdir [$p-$v]: $!\n"; + + apply_patches($sf); + + my $cmd = "dpkg-buildpackage -d -k$sign_with -rfakeroot"; + system($cmd) == 0 or warn "[$cmd] failed: $?\n"; + chdir ".." or warn "Can't chdir [..]: $!\n"; + (my $uf = basename($cf)) =~ s/.changes$/.upload/; + -e $uf and { unlink $uf or warn "Can't unlink [$uf]: $!\n" }; + system("dupload " . basename($cf)) == 0 or warn "[dupload $cf] failed: $?\n"; + + print "finished\n"; +} + +sub apply_patches($) { + + my ($f) = @_; + + if ($f eq "/home/apt/incoming/freeradius_1.0.0+cvs20040609-0.hs.dsc") { + my $ch = gensym; + my $cmd = "|patch -p0"; + open $ch, $cmd or warn "Can't run [$cmd]: $!\n"; + print $ch <&1/; + return if $?; + $r =~ /$expired/ || return; + print "Attempting to resign [$f] .. "; + my $t = File::Temp->new()->filename(); + my $cmd = "$dc -o $t $f &>/dev/null"; + open PIPE, "$cmd |" or warn "Can't open [$cmd |]: [$?] [$!]\n"; + $cmd = "$cc -o $f $t"; + open PIPE, "$cmd |" or warn "Can't open [$cmd |]: [$?] [$!]\n"; + print "finished\n"; + +} diff -r 000000000000 -r 98411ab74262 bin/resign-revoked --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/resign-revoked Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,30 @@ +#!/usr/bin/perl + +use strict; +use File::Find; +use File::Temp; + +my $incoming = "/home/apt/incoming"; + +my @tofix = qw( + + send-config_1.0-1_i386.changes + +); + +my $dc = qq(gpg --batch --yes --decrypt); +my $cc = qq(gpg --batch --yes --clearsign); + +for (@tofix) { + + my $f = "$incoming/$_"; + + print "Attempting to resign [$f] .. "; + my $t = File::Temp->new()->filename(); + my $cmd = "$dc -o $t $f &>/dev/null"; + open PIPE, "$cmd |" or warn "Can't open [$cmd |]: [$?] [$!]\n"; + $cmd = "$cc -o $f $t"; + open PIPE, "$cmd |" or warn "Can't open [$cmd |]: [$?] [$!]\n"; + print "finished\n"; + +} diff -r 000000000000 -r 98411ab74262 bin/rpi --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/rpi Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,410 @@ +#!/usr/bin/perl + +use warnings; +use strict; + +use IO::File; +use IPC::Run qw(run); +use Mail::Sendmail; +use Sys::Hostname::Long; + +=head1 Name + +rpi - a wrapper around B + +=head1 Description + +Until B supports a better mechanism for sending notifications for +rejected packages we just execute B and parse its +stdout and its stderr. Everything matching C<$important> patterns will be sent +to either the signer of the changes file, the changer (from the B +field if present) or the maintainer (from the B field). Depending +on the type of message suggestions for problem resolution may be added. To +enable us to determine which message relates to which .changes file we need a +patched B: + + --- incoming.c.orig 2009-06-11 10:48:27.000000000 +0200 + +++ reprepro-3.5.2/incoming.c 2009-06-11 14:29:28.000000000 +0200 + @@ -1854,6 +1854,8 @@ + for( j = 0 ; j < i->files.count ; j ++ ) { + const char *basename = i->files.values[j]; + size_t l = strlen(basename); + + char *fullfilename; + + + #define C_SUFFIX ".changes" + #define C_LEN strlen(C_SUFFIX) + if( l <= C_LEN || strcmp(basename+(l-C_LEN),C_SUFFIX) != 0 ) + @@ -1861,7 +1863,16 @@ + if( changesfilename != NULL && strcmp(basename, changesfilename) != 0 ) + continue; + /* a .changes file, check it */ + + fullfilename = calc_dirconcat(i->directory, i->files.values[j]); + + if( fullfilename == NULL ) { + + result = RET_ERROR_OOM; + + continue; + + } + + printf("processing changesfile '%s'\n", fullfilename); + + fprintf(stderr, "processing changesfile '%s'\n", fullfilename); + r = process_changes(database, dereferenced, i, j); + + printf("changesfile '%s' done\n", fullfilename); + + fprintf(stderr, "changesfile '%s' done\n", fullfilename); + RET_UPDATE(result, r); + } + +To avoid possibly bothering random people we can limit possible recipients with +a regular expression in C<$valid_receivers>. Any output matching the +C<$unimportant> regular expression will not be sent to anyone. If we cant +determine anyone to send the notification to we will try to send it to the +C<$fallback> address. Anything matching none of the defined patterns will be +sent to the C<$fallback> address too. Everything will be printed to stdout. + +=cut + +my $hostname = hostname_long; +for (*STDERR, *STDOUT) { select $_; $|=1; } + +# see man reprepro +# used as argument to the -b option of reprepro +my $repo = "$ENV{HOME}/repo"; + +# the ruleset to use for processincoming +my $ruleset = "ius"; + +# the actual reprepro command to execute +my @cmd = ('/usr/bin/reprepro', '-b', $repo, 'processincoming', $ruleset); + +# wont send any notification mails to anyone not matching this regexp +my $valid_receivers = '[@.]schlittermann.de>?$'; + +# anything noteworthy not sent to anyone else will be sent here; does not need +# to match $valid_receivers +my $fallback = "apt\@$hostname"; + +# any output not matching any of the defined patterns will be logged here if +# defined, dont forget to also pass the write mode, fex: "> /path/to/file" if +# you want to overwrite it or ">> /path/to/file" if you want to append to it +my $log_uncaught; +$log_uncaught = ">> $ENV{HOME}/var/log/reprepro/uncaught"; + +# raw command output will be logged here if defined, dont forget the write mode +# - see $log_uncaught +my $log_raw; +$log_raw = ">> $ENV{HOME}/var/log/reprepro/raw"; + +# anything that would be sent to the signer/changer/maintainer goes to +# $fallback instead if this is set +my $dont_send_to_real_uploader = 1; + +# prototypes for message handling routines +sub m_mismatch($); +sub m_missingfile($$$); +sub m_mayexist($$$); +sub m_allskipped($); +sub m_equal_or_newer($$); +sub m_unsigned($); +sub m_asis(); + +# prototypes for other routines +sub parse_incoming($); +sub uploader($); +sub run_command_and_parse_output($$$$$$); +sub parse_output($$$$$$$$); +sub sendmails($$$$); + +# anything matching these is considered noteworthy and should be sent to someone +my $important = { + qq{^File "([^"]+)" is already registered with different checksums!} => \&m_mismatch, + "^file '([^']+)' is needed for '([^']+)', not yet registered in the pool and not found in '([^']+)'\$" => \&m_missingfile, + "^Warning: trying to put version '([^']+)' of '([^']+)' in '([^']+)',\$" => \&m_mayexist, + "^Skipping ([^ ]+) because all packages are skipped!\$" => \&m_allskipped, + "^Data seems not to be signed trying to use directly...\$" => \&m_unsigned, + "^ERROR: File '([^']+)' does not match expextations:\$" => \&m_asis, + "^Not putting '([^']+)' in '([^']+)' as already in there with equal or newer version.\$" => \&m_equal_or_newer +}; + +# anything matching these will not be sent to anyone +my $unimportant = '^' + . ( join '|', + "Exporting indices...", + "while there already is '[^']+' in there.", + "(md5|sha(1|256)) expected: [[:xdigit:]]{32,}, got: [[:xdigit:]]{32,}", + "size expected: \\d+, got: \\d+", + "There have been errors!") + . '$'; + +my $rci = "$repo/conf/incoming"; +my $i = parse_incoming($rci)->{$ruleset}->{'IncomingDir'}; +die "Can't find IncomingDir for ruleset [$ruleset] in configuration file: [$rci]\n" unless defined $i; + +# we need to determine uploaders before running reprepro, because it will +# remove the *.changes files before we are going to parse its output +my $uploaders = { map { $_ => uploader($_) } glob("$i/*.changes") }; +my $messages = run_command_and_parse_output([@cmd], $uploaders, $important, $unimportant, $log_uncaught, $log_raw); +sendmails($messages, $valid_receivers, $fallback, $hostname); + +# determine 'uploader' of changes file; 'uploader' means here: either the +# signer of the changes file or the changer or the maintainer in that order of +# preference; the 'changer' means what is extracted from the 'Changed-By' field +# of the .changes file if present; 'maintainer' will be extracted from the +# 'Maintainer' field if necessary; nothing will be returned if the signature +# verification command fails for some reason +sub uploader($) { + my ($c) = @_; + my $vc = "LANG=POSIX /usr/bin/gpg --verify $c 2>&1"; + + my @r = qx{$vc}; + + if ($?) { + warn "[$0]: [$vc] failed: [$!] [$?]\n"; + return; + } + + for (@r) { + return "$1" if /^gpg: Good signature from "(.+)"$/; + } + + my $e; + my $fh = new IO::File "< $c" or warn "[$0]: Can't open [< $c]: $!\n"; + while (<$fh>) { + if (/^Changed-By:\s*(\S.+\S)\s*$/) { + $e = $1; last; + } + $e = $1 if /^Maintainer:\s*(\S.+\S)\s*$/ + } + close $fh or warn "[$0]: Can't close [$fh]: $!\n"; + + return $e; + +} + +# checksum mismatch +sub m_mismatch($) { + return "Try to remove the offending lines from the changesfile or just rebuild with dpkg-buildpackage -B\n"; +} + +# missingfile +sub m_missingfile($$$) { + my ($m, $i, $c) = @_; + my $t = $m =~ /\.orig\.tar\.gz$/ ? "Try to rebuild with dpkg-buildpackage -sa or do 'changestool <.changes-filename> includeallsources' and resign the changesfile afterwards\n" : ''; + #print "MISSINGFILE: [$c], [$t]\n"; + return $t; +} + +# mayexist +sub m_mayexist($$$) { + # package & version are confused in reprepro output + # currently (3.5.2-6) + # my ($p, $v, $cca) = @_; + # $cca =~ /^[^|]+\|[^|]+\|([^|]+)$/; + + #print "MAYEXIST: [$c], [package ..]\n"; + return "package may be already present with higher version\n"; +} + +# allskipped +sub m_allskipped($) { + #print "ALLSKIPPED: [$_[0]], [nüx ..]\n"; + return "package may be already present with same or higher version\n"; +} + +# equal or newer +sub m_equal_or_newer($$) { + #print "EQUAL_OR_NEWER: [$_[0]], [nüx ..]\n"; + return ''; +} + +# unsigned +sub m_unsigned($) { return 'You may want to check whether both the .changes and the .dsc file are signed'; } + +# return empty string +sub m_asis() { return ''; } + +# parse conf/incoming, return ref to hash: +# { name1 => { field11 => value11, field12 => value12, ... }, +# { name2 => { field21 => value21, ... }, ... +sub parse_incoming($) { + + my ($cf) = @_; + my ($name, $conf); + my $fh = new IO::File "< $cf" or warn "Can't open [< $cf]: $!"; + + while (<$fh>) { + + if (/^(\S+)\s*:\s*(\S+)\s/) { + + if ($1 eq 'Name') { + $name = $2; + $conf->{$name} = {}; + } else { + warn "Undefined Name\n" unless defined $name; + $conf->{$name}->{$1} = $2; + } + + } + + } + close $fh or warn "Can't close [$fh]: $!\n"; + + return $conf; + +} + +# run the command and parse its output +sub run_command_and_parse_output($$$$$$) { + + my @cmd = @{shift()}; + my ($u, $important, $unimportant, $luname, $lrname) = @_; + + my ($ih, $oh, $eh); + + run \@cmd, \$ih, \$oh, \$eh or warn "running [@cmd] returned: [$?] [$!]\n"; + + my ($ln, $lh); + $ln = { uncaught => $luname, raw => $lrname }; + + for (keys %{$ln}) { + if (defined $ln->{$_}) { + $lh->{$_} = new IO::File $ln->{$_} or warn "Can't open [$ln->{$_}]: $!\n"; + } + } + + my $messages = parse_output([@cmd], $oh, $eh, $u, $important, $unimportant, $lh->{'uncaught'}, $lh->{'raw'}); + + for (keys %{$lh}) { + if (defined $lh->{$_}) { + close $lh->{$_} or warn "Can't close [$lh->{$_}]: $!"; + } + } + + return $messages; + +} + +# parse the commands output extract messages matching the defined patterns from +# stdout/err, add suggestions for problem resolution if possible and try to +# assign it to an uploader +sub parse_output($$$$$$$$) { + + my @cmd = @{shift()}; + my ($oh, $eh, $u, $important, $unimportant, $uncaught, $raw) = @_; + + my ($m, $c, $f); + + $f = 'fallback'; + + LINE: + for my $line (split /\n/, $oh . $eh) { + + $line .= "\n"; + print "[@cmd]: $line"; + print $raw $line if defined $raw; + + # try to determine uploader + if ($line =~ /^processing changesfile '([^']+)'$/) { + $c = $1; + $u = $uploaders->{$c}; + unless (defined $u) { + + $u = $f; + my $w = "Won't send notification for [$i/$c] because i couldn't determine any uploader to sent it to.\n"; + $m->{$u} //= ''; + $m->{$u} .= "[$c]: $w"; + warn "[$0]: $w"; + + } + + next LINE; + + } + + # done with that changesfile + if ($line =~ /^changesfile '[^']+' done$/) { + undef $c; + $u = $f; + next LINE; + } + + # anything matching $important should be sent to someone + for (keys(%{$important})) { + if ($line =~ $_) { + my $t = $important->{$_}->($1, $2, $3, $4, $5, $6, $7, $8, $9); + if (defined $u) { + $m->{$u} = '' unless defined $m->{$u}; + $m->{$u} .= "[$c]: $line"; + $m->{$u} .= $t if defined $t; + $m->{$u} .= "\n"; + } + next LINE; + } + + } + + # unimportant stuff? + next LINE if $line =~ /$unimportant/; + + # everything not matching any other pattern + $m->{$f} = '' unless defined $m->{$f}; + $m->{$f} .= "[uncaught line]: $line\n"; + + print $uncaught $line if defined $uncaught; + + } + + return $m; + +} + +# send the notification mails +sub sendmails($$$$) { + + my ($messages, $valid_receivers, $fallback, $hostname) = @_; + + my $from = "$ENV{LOGNAME}\@$hostname"; + my $mfb = $messages->{'fallback'}; + + for my $u (keys %{$messages}) { + + next if $u eq 'fallback'; + + if ($u =~ $valid_receivers) { + + my ($msg, $to) = ($messages->{$u}, $u); + ($msg, $to) = ("[This is just a test mail to you. If this wasn't a test mail, then it should have been sent to [$u]]\n\n" . $messages->{$u}, $fallback) if $dont_send_to_real_uploader; + + sendmail(From => $from, + Subject => "[apt] Possible Problem importing your changes", + To => $to, + Message => $msg); + print "[$0]: ", $Mail::Sendmail::log, "\n"; + warn "[$0]: ", $Mail::Sendmail::error, "\n" if $Mail::Sendmail::error; + + } else { + + my $w = "Won't send notification: invalid receiver [$u]\n\n"; + $mfb //= ''; $mfb .= $w; $mfb .= ">>>\n[$messages->{$u}]\n<<<\n\n"; + warn "[$0]: $w"; + + } + + } + + if (defined $mfb) { + + sendmail(From => $from, + Subject => "[apt] Possible Problem processing incoming", + To => $fallback, + Message => $mfb); + print "[$0]: ", $Mail::Sendmail::log, "\n"; + warn "[$0]: ", $Mail::Sendmail::error, "\n" if $Mail::Sendmail::error; + + } + +} + +sub BEGIN { + print "[$0]: Started at ", scalar localtime, "\n"; +} + +sub END { + print "[$0]: Finished at ", scalar localtime, "\n"; +} diff -r 000000000000 -r 98411ab74262 bin/sign-unsigned-changes --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/sign-unsigned-changes Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,30 @@ +#!/usr/bin/perl + +use strict; +use File::Find; + +my $incoming = "/home/apt/incoming"; + +my @unsigned = qw( + + freeradius_1.0.0+cvs20040609-0.hs.5_i386.changes + +); + +my $vc = "gpg --verify"; +my $cc = "gpg --clearsign"; + +for (@unsigned) { + + my $f = "$incoming/$_"; + + # since we use a fixed list of unsigned files we shouldnt sign them twice + my $r = qx/$vc $f 2>&1/; + next unless $?; + + print "Attempting to sign [$f] .. "; + system("$cc $f") == 0 or warn "system([$cc] [$f]) failed: [$?] [$!]\n"; + rename("$f.asc", $f) or warn "rename([$f.asc], [$f]) failed: [$!]\n"; + print "finished\n"; + +} diff -r 000000000000 -r 98411ab74262 bin/sign-unsigned-dsc-and-changes --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/bin/sign-unsigned-dsc-and-changes Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,54 @@ +#!/usr/bin/perl + +# Some source packages come unsigned. This wouldnt be a problem if it wouldnt +# cause reprepro to spit messages like: 'Data seems not to be signed trying to +# use directly...' which may be confusing when you think that it is related to +# a changes file +use strict; + +use IO::File; +use File::Basename; +use Symbol qw(gensym); + +my $arch = 'i386'; +my $incoming = "/home/apt/incoming"; + +my @unsigned = qw( + + nagios-client-check_1.4.5-1.dsc + freeradius_1.0.0+cvs20040609-0.hs.dsc + libnss-ldap_238-1.schlittermann.1.dsc + +); + +my $cv = "/usr/bin/gpg --verify"; +my $cc = "/usr/bin/gpg --clearsign"; +my $cu = "/usr/bin/changestool"; + +for (@unsigned) { + + my $cmd; + + my $sf = "$incoming/$_"; + (my $cf = $sf) =~ s/\.dsc$/_${arch}.changes/; + + # we assume that the changes have been successfully resigned too when the dsc + # files can be verified + my $r = qx/$cv $sf 2>&1/; + next unless $?; + + print "Attempting to sign [$sf] .. "; + $cmd = "$cc $sf"; + system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n"; + rename("$sf.asc", $sf) or warn "rename([$sf.asc], [$sf]) failed: [$!]\n"; + print "finished\n"; + + print "Attempting to update and sign [$cf] .. "; + $cmd = "$cu $cf updatechecksums $sf"; + system("$cmd") == 0 or warn "[system($cmd)] failed: [$?] [$!]\n"; + $cmd = "$cc $cf"; + system($cmd) == 0 or warn "[system($cmd)] failed: [$?] [$!]\n"; + rename("$cf.asc", $cf) or warn "rename([$cf.asc], [$cf]) failed: [$!]\n"; + print "finished\n"; + +} diff -r 000000000000 -r 98411ab74262 packages-old --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/packages-old Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,206 @@ +dists/stable/main/binary-amd64/Packages:Package: ca-certificates-schlittermann +dists/stable/main/binary-amd64/Packages:Package: cyrus-admin-2.2 +dists/stable/main/binary-amd64/Packages:Package: cyrus-doc-2.2 +dists/stable/main/binary-amd64/Packages:Package: cyrus22-admin +dists/stable/main/binary-amd64/Packages:Package: cyrus22-doc +dists/stable/main/binary-amd64/Packages:Package: ddns +dists/stable/main/binary-amd64/Packages:Package: drbdlinks +dists/stable/main/binary-amd64/Packages:Package: exiacl +dists/stable/main/binary-amd64/Packages:Package: exigrey +dists/stable/main/binary-amd64/Packages:Package: ferm +dists/stable/main/binary-amd64/Packages:Package: finch-dev +dists/stable/main/binary-amd64/Packages:Package: firestart +dists/stable/main/binary-amd64/Packages:Package: ha-sync +dists/stable/main/binary-amd64/Packages:Package: havp +dists/stable/main/binary-amd64/Packages:Package: interchange-cat-standard +dists/stable/main/binary-amd64/Packages:Package: interchange-ui +dists/stable/main/binary-amd64/Packages:Package: ius.upgrade +dists/stable/main/binary-amd64/Packages:Package: libpurple-bin +dists/stable/main/binary-amd64/Packages:Package: libpurple-dev +dists/stable/main/binary-amd64/Packages:Package: logbuch +dists/stable/main/binary-amd64/Packages:Package: nagios-client-check +dists/stable/main/binary-amd64/Packages:Package: nagios-passivist +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-amanda +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-antivir +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-aptkeys +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-avwebgate +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-cert +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-check-exim +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-exim +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-hddtemp +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-mailq +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-ntp +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-raid +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-rsnapshot +dists/stable/main/binary-amd64/Packages:Package: nagios-plugin-spamd +dists/stable/main/binary-amd64/Packages:Package: nagios-plugins-exim +dists/stable/main/binary-amd64/Packages:Package: pidgin-data +dists/stable/main/binary-amd64/Packages:Package: pidgin-dev +dists/stable/main/binary-amd64/Packages:Package: qfoot +dists/stable/main/binary-amd64/Packages:Package: schlittermann-apt-keys +dists/stable/main/binary-amd64/Packages:Package: schlittermann-ssh-keys +dists/stable/main/binary-amd64/Packages:Package: send-config +dists/stable/main/binary-amd64/Packages:Package: sitecp +dists/stable/main/binary-amd64/Packages:Package: texmf-ius +dists/stable/main/binary-amd64/Packages:Package: update-serial +dists/stable/main/binary-i386/Packages:Package: ca-certificates-schlittermann +dists/stable/main/binary-i386/Packages:Package: cyrus-admin-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-clients-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-common-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-dev-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-doc-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-imapd-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-murder-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-nntpd-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus-pop3d-2.2 +dists/stable/main/binary-i386/Packages:Package: cyrus22-admin +dists/stable/main/binary-i386/Packages:Package: cyrus22-clients +dists/stable/main/binary-i386/Packages:Package: cyrus22-common +dists/stable/main/binary-i386/Packages:Package: cyrus22-dev +dists/stable/main/binary-i386/Packages:Package: cyrus22-doc +dists/stable/main/binary-i386/Packages:Package: cyrus22-imapd +dists/stable/main/binary-i386/Packages:Package: cyrus22-murder +dists/stable/main/binary-i386/Packages:Package: cyrus22-pop3d +dists/stable/main/binary-i386/Packages:Package: ddns +dists/stable/main/binary-i386/Packages:Package: drbdlinks +dists/stable/main/binary-i386/Packages:Package: exiacl +dists/stable/main/binary-i386/Packages:Package: exigrey +dists/stable/main/binary-i386/Packages:Package: ferm +dists/stable/main/binary-i386/Packages:Package: finch +dists/stable/main/binary-i386/Packages:Package: finch-dev +dists/stable/main/binary-i386/Packages:Package: firestart +dists/stable/main/binary-i386/Packages:Package: ha-sync +dists/stable/main/binary-i386/Packages:Package: interchange +dists/stable/main/binary-i386/Packages:Package: interchange-cat-standard +dists/stable/main/binary-i386/Packages:Package: interchange-ui +dists/stable/main/binary-i386/Packages:Package: ius.upgrade +dists/stable/main/binary-i386/Packages:Package: libcyrus-imap-perl22 +dists/stable/main/binary-i386/Packages:Package: libpurple-bin +dists/stable/main/binary-i386/Packages:Package: libpurple-dev +dists/stable/main/binary-i386/Packages:Package: libpurple0 +dists/stable/main/binary-i386/Packages:Package: logbuch +dists/stable/main/binary-i386/Packages:Package: nagios-client-check +dists/stable/main/binary-i386/Packages:Package: nagios-passivist +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-amanda +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-antivir +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-aptkeys +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-avwebgate +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-cert +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-check-exim +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-exim +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-hddtemp +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-mailq +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-ntp +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-raid +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-rsnapshot +dists/stable/main/binary-i386/Packages:Package: nagios-plugin-spamd +dists/stable/main/binary-i386/Packages:Package: nagios-plugins-exim +dists/stable/main/binary-i386/Packages:Package: pidgin +dists/stable/main/binary-i386/Packages:Package: pidgin-data +dists/stable/main/binary-i386/Packages:Package: pidgin-dbg +dists/stable/main/binary-i386/Packages:Package: pidgin-dev +dists/stable/main/binary-i386/Packages:Package: schlittermann-apt-keys +dists/stable/main/binary-i386/Packages:Package: schlittermann-ssh-keys +dists/stable/main/binary-i386/Packages:Package: send-config +dists/stable/main/binary-i386/Packages:Package: sitecp +dists/stable/main/binary-i386/Packages:Package: texmf-ius +dists/stable/main/binary-i386/Packages:Package: update-serial +dists/stable/main/source/Sources:Package: ca-certificates-schlittermann +dists/stable/main/source/Sources:Package: cyrus-imapd-2.2 +dists/stable/main/source/Sources:Package: cyrus22-imapd +dists/stable/main/source/Sources:Package: ddns +dists/stable/main/source/Sources:Package: drbdlinks +dists/stable/main/source/Sources:Package: exiacl +dists/stable/main/source/Sources:Package: exigrey +dists/stable/main/source/Sources:Package: ferm +dists/stable/main/source/Sources:Package: firestart +dists/stable/main/source/Sources:Package: ha-sync +dists/stable/main/source/Sources:Package: havp +dists/stable/main/source/Sources:Package: interchange +dists/stable/main/source/Sources:Package: ius.upgrade +dists/stable/main/source/Sources:Package: logbuch +dists/stable/main/source/Sources:Package: nagios-client-check +dists/stable/main/source/Sources:Package: nagios-passivist +dists/stable/main/source/Sources:Package: nagios-plugin-amanda +dists/stable/main/source/Sources:Package: nagios-plugin-antivir +dists/stable/main/source/Sources:Package: nagios-plugin-aptkeys +dists/stable/main/source/Sources:Package: nagios-plugin-avwebgate +dists/stable/main/source/Sources:Package: nagios-plugin-cert +dists/stable/main/source/Sources:Package: nagios-plugin-check-exim +dists/stable/main/source/Sources:Package: nagios-plugin-exim +dists/stable/main/source/Sources:Package: nagios-plugin-hddtemp +dists/stable/main/source/Sources:Package: nagios-plugin-mailq +dists/stable/main/source/Sources:Package: nagios-plugin-ntp +dists/stable/main/source/Sources:Package: nagios-plugin-raid +dists/stable/main/source/Sources:Package: nagios-plugin-rsnapshot +dists/stable/main/source/Sources:Package: nagios-plugin-spamd +dists/stable/main/source/Sources:Package: nagios-plugins-exim +dists/stable/main/source/Sources:Package: pidgin +dists/stable/main/source/Sources:Package: qfoot +dists/stable/main/source/Sources:Package: schlittermann-apt-keys +dists/stable/main/source/Sources:Package: schlittermann-ssh-keys +dists/stable/main/source/Sources:Package: send-config +dists/stable/main/source/Sources:Package: sitecp +dists/stable/main/source/Sources:Package: texmf-ius +dists/stable/main/source/Sources:Package: update-serial +dists/testing/main/binary-amd64/Packages:Package: exiacl +dists/testing/main/binary-amd64/Packages:Package: ha-sync +dists/testing/main/binary-amd64/Packages:Package: update-serial +dists/testing/main/binary-i386/Packages:Package: exiacl +dists/testing/main/binary-i386/Packages:Package: ha-sync +dists/testing/main/binary-i386/Packages:Package: libalarm-perl +dists/testing/main/binary-i386/Packages:Package: libnet-pcap-perl +dists/testing/main/binary-i386/Packages:Package: pemtrans +dists/testing/main/binary-i386/Packages:Package: texmf-ius +dists/testing/main/binary-i386/Packages:Package: update-serial +dists/testing/main/source/Sources:Package: exiacl +dists/testing/main/source/Sources:Package: ha-sync +dists/testing/main/source/Sources:Package: libalarm-perl +dists/testing/main/source/Sources:Package: libnet-pcap-perl +dists/testing/main/source/Sources:Package: pemtrans +dists/testing/main/source/Sources:Package: texmf-ius +dists/testing/main/source/Sources:Package: update-serial +dists/unstable/main/binary-amd64/Packages:Package: cyrus22-admin +dists/unstable/main/binary-amd64/Packages:Package: cyrus22-doc +dists/unstable/main/binary-amd64/Packages:Package: exiacl +dists/unstable/main/binary-amd64/Packages:Package: firestart +dists/unstable/main/binary-amd64/Packages:Package: freeradius-dialupadmin +dists/unstable/main/binary-amd64/Packages:Package: nagios-client-check +dists/unstable/main/binary-amd64/Packages:Package: nagios-plugin-check-iface +dists/unstable/main/binary-amd64/Packages:Package: qfoot +dists/unstable/main/binary-amd64/Packages:Package: schlittermann-ssh-keys +dists/unstable/main/binary-amd64/Packages:Package: send-config +dists/unstable/main/binary-i386/Packages:Package: cyrus22-admin +dists/unstable/main/binary-i386/Packages:Package: cyrus22-clients +dists/unstable/main/binary-i386/Packages:Package: cyrus22-common +dists/unstable/main/binary-i386/Packages:Package: cyrus22-dev +dists/unstable/main/binary-i386/Packages:Package: cyrus22-doc +dists/unstable/main/binary-i386/Packages:Package: cyrus22-imapd +dists/unstable/main/binary-i386/Packages:Package: cyrus22-murder +dists/unstable/main/binary-i386/Packages:Package: cyrus22-pop3d +dists/unstable/main/binary-i386/Packages:Package: exiacl +dists/unstable/main/binary-i386/Packages:Package: firestart +dists/unstable/main/binary-i386/Packages:Package: freeradius +dists/unstable/main/binary-i386/Packages:Package: freeradius-dialupadmin +dists/unstable/main/binary-i386/Packages:Package: freeradius-iodbc +dists/unstable/main/binary-i386/Packages:Package: freeradius-krb5 +dists/unstable/main/binary-i386/Packages:Package: freeradius-ldap +dists/unstable/main/binary-i386/Packages:Package: freeradius-mysql +dists/unstable/main/binary-i386/Packages:Package: freeradius-postgresql +dists/unstable/main/binary-i386/Packages:Package: libnss-ldap +dists/unstable/main/binary-i386/Packages:Package: nagios-client-check +dists/unstable/main/binary-i386/Packages:Package: nagios-plugin-check-iface +dists/unstable/main/binary-i386/Packages:Package: schlittermann-ssh-keys +dists/unstable/main/binary-i386/Packages:Package: send-config +dists/unstable/main/binary-i386/Packages:Package: texmf-ius +dists/unstable/main/source/Sources:Package: cyrus22-imapd +dists/unstable/main/source/Sources:Package: exiacl +dists/unstable/main/source/Sources:Package: firestart +dists/unstable/main/source/Sources:Package: freeradius +dists/unstable/main/source/Sources:Package: libnss-ldap +dists/unstable/main/source/Sources:Package: nagios-client-check +dists/unstable/main/source/Sources:Package: nagios-plugin-check-iface +dists/unstable/main/source/Sources:Package: qfoot +dists/unstable/main/source/Sources:Package: schlittermann-ssh-keys +dists/unstable/main/source/Sources:Package: send-config +dists/unstable/main/source/Sources:Package: texmf-ius diff -r 000000000000 -r 98411ab74262 pub/debian-ius --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/pub/debian-ius Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,1 @@ +. \ No newline at end of file diff -r 000000000000 -r 98411ab74262 pub/dists/.hg-keepme diff -r 000000000000 -r 98411ab74262 pub/pool/.hg-keepme diff -r 000000000000 -r 98411ab74262 repo/conf/distributions --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/repo/conf/distributions Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,29 @@ +Origin: ius +Suite: stable +Codename: lenny +Architectures: amd64 i386 source +Components: main non-free contrib +Description: ius specific (or backported) packages +SignWith: yes +Uploaders: uploaders +Log: /home/apt/var/log/reprepro/lenny + +Origin: ius +Suite: testing +Codename: squeeze +Architectures: amd64 i386 source +Components: main non-free contrib +Description: ius specific (or backported) packages +SignWith: yes +Uploaders: uploaders +Log: /home/apt/var/log/reprepro/squeeze + +Origin: ius +Suite: unstable +Codename: sid +Architectures: amd64 i386 source +Components: main non-free contrib +Description: ius specific (or backported) packages +SignWith: yes +Uploaders: uploaders +Log: /home/apt/var/log/reprepro/sid diff -r 000000000000 -r 98411ab74262 repo/conf/incoming --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/repo/conf/incoming Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,8 @@ +Name: ius +# processincoming is nonrecursive +IncomingDir: /home/apt/incoming +TempDir: /home/apt/repo/tmp +Allow: stable>lenny testing>squeeze unstable>sid +Default: lenny +Permit: older_version +Cleanup: on_error diff -r 000000000000 -r 98411ab74262 repo/conf/uploaders --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/repo/conf/uploaders Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,1 @@ +allow * by any key diff -r 000000000000 -r 98411ab74262 repo/dists --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/repo/dists Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,1 @@ +../pub/dists \ No newline at end of file diff -r 000000000000 -r 98411ab74262 repo/pool --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/repo/pool Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,1 @@ +../pub/pool \ No newline at end of file diff -r 000000000000 -r 98411ab74262 reprepro-3.5.2-incoming.c.diff --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/reprepro-3.5.2-incoming.c.diff Fri Jul 03 15:23:10 2009 +0200 @@ -0,0 +1,28 @@ +--- incoming.c.orig 2009-06-11 10:48:27.000000000 +0200 ++++ reprepro-3.5.2/incoming.c 2009-06-11 14:29:28.000000000 +0200 +@@ -1854,6 +1854,8 @@ + for( j = 0 ; j < i->files.count ; j ++ ) { + const char *basename = i->files.values[j]; + size_t l = strlen(basename); ++ char *fullfilename; ++ + #define C_SUFFIX ".changes" + #define C_LEN strlen(C_SUFFIX) + if( l <= C_LEN || strcmp(basename+(l-C_LEN),C_SUFFIX) != 0 ) +@@ -1861,7 +1863,16 @@ + if( changesfilename != NULL && strcmp(basename, changesfilename) != 0 ) + continue; + /* a .changes file, check it */ ++ fullfilename = calc_dirconcat(i->directory, i->files.values[j]); ++ if( fullfilename == NULL ) { ++ result = RET_ERROR_OOM; ++ continue; ++ } ++ printf("processing changesfile '%s'\n", fullfilename); ++ fprintf(stderr, "processing changesfile '%s'\n", fullfilename); + r = process_changes(database, dereferenced, i, j); ++ printf("changesfile '%s' done\n", fullfilename); ++ fprintf(stderr, "changesfile '%s' done\n", fullfilename); + RET_UPDATE(result, r); + } + diff -r 000000000000 -r 98411ab74262 var/log/reprepro/.hg-keepme