dpkg/dupload
1
0
Fork 0
mirror of https://git.dpkg.org/git/dpkg/dupload.git synced 2025-04-03 20:15:26 +00:00
Code Activity
Files
dupload/dupload.conf
Guillem Jover 9ff16e45a9 Add support for per host OpenPGP keyrings 
We use these to specify what signatures are allowed for each individual
host, to make this more configurable, and so that we can stop relying on
the implicit certificates from the GnuPG store.
2025-02-21 12:23:52 +01:00

327 lines
9.4 KiB
Perl
Raw Permalink Blame History

# This is the configuration for dupload.
# It is intended to be read and evaluated from Perl.
#
### PLEASE READ THE dupload.conf(5) MANUAL PAGE
#
# Reading the dupload(1) manual page is also advisable.
package config;
use strict;
use warnings;
use Dpkg::Vendor qw(get_current_vendor get_vendor_object);
# ----------------
# Global variables
# ----------------
# The host to use if no --to option is used.
our $default_host;
my $vendor = get_current_vendor();
if ($vendor eq 'Debian') {
$default_host = 'debian-ssh';
} elsif ($vendor eq 'Ubuntu') {
$default_host = 'ubuntu';
}
# Boolean, as its name says.
our $no_parentheses_to_fullname;
# Pathname to a sendmail compatible MTA.
our $mta;
# ------------
# Global hooks
# ------------
our %preupload = (
# Check changes file for valid signatures.
changes => [
'/usr/share/dupload/openpgp-check %1',
# 'lintian -v -i %1',
],
sourcepackage => [] ,
file => [],
deb => [],
package => [],
host => [],
);
our %postupload = (
changes => [],
sourcepackage => [],
file => [],
deb => [],
package => [],
host => [],
);
# Note: hooks can also be defined in a per-host basis, this
# overrides globally defined hooks.
# -------------------
# Hosts configuration
# -------------------
our %cfg;
# Per-host variables:
# fqdn - full hostname
# method - ftp, scp, scpb or rsync
# (defaults to ftp)
# login - user name to use on the remote host
# (defaults to 'anonymous' for FTP and local username for SSH methods)
# use "user\@remote" for firewall logins
# password - password for anonymous FTP logins
# filemode - destination files mode (undef disables, defaults to 0644)
# incoming - directory where to upload first
# queuedir - directory where to move if upload succeeded
# distallowlist - regex of the distributions allowed for this host
# distblocklist - regex of the distributions blocked for this host
# mail - an array with 'to' and 'cc' addresses for announcement and
# distribution 'match' keys
# fullname - the full name to use in the announcement email
# (defaults to what your local MTA uses)
# visibleuser - the username to use in the announcement email
# (defaults to local username)
# visiblename - the domainname to use in the announcement email
# (defaults to what your local MTA uses)
# -----------------
# Pre-defined hosts
# -----------------
my $vendor_debian = get_vendor_object('Debian');
my $preupload_debian = [
'/usr/share/dupload/openpgp-check %1',
'/usr/share/dupload/debian-source-only %1',
'/usr/share/dupload/debian-transition %1',
];
my $preupload_debian_security = [
'/usr/share/dupload/openpgp-check %1',
'/usr/share/dupload/debian-security-auth %1',
'/usr/share/dupload/debian-source-only %1',
];
my $postupload_debian_host = [
'/usr/share/dupload/debian-next-dinstall %1',
];
my $keyrings_debian = [
$vendor_debian->run_hook('package-keyrings'),
];
$cfg{'debian-ssh'} = {
fqdn => 'ssh.upload.debian.org',
method => 'scpb',
incoming => '/srv/upload.debian.org/UploadQueue/',
keyrings => $keyrings_debian,
distblocklist => qr/^(?:UNRELEASED|.*-security$)/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian,
},
postupload => {
host => $postupload_debian_host,
},
};
$cfg{'debian-ftp'} = {
fqdn => 'ftp.upload.debian.org',
method => 'ftp',
passive => 1,
incoming => '/pub/UploadQueue/',
keyrings => $keyrings_debian,
distblocklist => qr/^(?:UNRELEASED|.*-security$)/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian,
},
postupload => {
host => $postupload_debian_host,
},
};
# See <https://lists.debian.org/debian-project/2009/05/msg00036.html>.
$cfg{'debian-ftp-eu'} = {
fqdn => 'ftp.eu.upload.debian.org',
method => 'ftp',
passive => 1,
incoming => '/pub/UploadQueue/',
keyrings => $keyrings_debian,
distblocklist => qr/^(?:UNRELEASED|.*-security$)/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian,
},
postupload => {
host => $postupload_debian_host,
},
};
# See <https://backports.debian.org/Contribute/> for more information.
$cfg{'debian-backports'} = {
fqdn => 'backports-master.debian.org',
method => 'ftp',
passive => 1,
incoming => '/pub/UploadQueue/',
keyrings => $keyrings_debian,
distblocklist => qr/^(?:UNRELEASED|.*-security$)/,
distallowlist => qr/^.*-backports(?:-sloppy)?$/,
dinstall_runs => 1,
};
# For Delayed uploads use this. You can use 0-day, which is uploaded
# one hour before dinstall runs.
my $delay = (defined($ENV{DEBDELAY}) ? $ENV{DEBDELAY} : 7);
$cfg{'debian-ftp-delayed'} = {
fqdn => 'ftp.upload.debian.org',
method => 'ftp',
passive => 1,
incoming => "/pub/UploadQueue/DELAYED/$delay-day/",
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian,
},
postupload => {
host => $postupload_debian_host,
},
};
# Debian Ports upload queue, for more information see
# <https://www.ports.debian.org/archive>.
$cfg{'debian-ports'} = {
fqdn => 'ports-master.debian.org',
method => 'ftp',
passive => 1,
incoming => '/incoming/',
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
dinstall_runs => 1,
};
# Mentors upload queue, for more information see
# <https://mentors.debian.net/cgi-bin/maintainer-intro>.
$cfg{'debian-mentors'} = {
fqdn => 'mentors.debian.net',
method => 'ftp',
passive => 1,
incoming => '/pub/UploadQueue/',
dinstall_runs => 1,
};
# NOTE: Do _NOT_ upload a package to the security upload queue
# (oldstable-security, stable-security, etc.) without prior authorization
# from the Debian security team. Please see
# <https://www.debian.org/doc/developers-reference/pkgs.html#bug-security>.
# See <https://lists.debian.org/debian-devel-announce/2017/10/msg00000.html>
$cfg{'debian-ssh-security'} = {
fqdn => 'ssh.security.upload.debian.org',
method => 'scpb',
incoming => '/srv/security.upload.debian.org/SecurityUploadQueue',
filemode => undef,
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
distallowlist => qr/^.*-security$/,
# Files pass on to dinstall on security which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian_security,
},
postupload => {
host => $postupload_debian_host,
},
};
$cfg{'debian-ftp-security'} = {
fqdn => 'ftp.security.upload.debian.org',
method => 'ftp',
passive => 1,
incoming => '/pub/SecurityUploadQueue',
filemode => undef,
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
distallowlist => qr/^.*-security$/,
# Files pass on to dinstall on security which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian_security,
},
postupload => {
host => $postupload_debian_host,
},
};
$cfg{'debian-ssh-security-unembargoed'} = {
fqdn => 'ssh.security.upload.debian.org',
method => 'scpb',
incoming => '/srv/security.upload.debian.org/OpenSecurityUploadQueue',
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
distallowlist => qr/^.*-security$/,
# Files pass on to dinstall on security which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian_security,
},
postupload => {
host => $postupload_debian_host,
},
};
$cfg{'debian-ftp-security-unembargoed'} = {
fqdn => 'ftp.security.upload.debian.org',
method => 'ftp',
passive => 1,
incoming => '/pub/OpenSecurityUploadQueue',
keyrings => $keyrings_debian,
distblocklist => qr/^UNRELEASED/,
distallowlist => qr/^.*-security$/,
# Files pass on to dinstall on security which sends emails itself.
dinstall_runs => 1,
preupload => {
changes => $preupload_debian_security,
},
postupload => {
host => $postupload_debian_host,
},
};
my $vendor_ubuntu = get_vendor_object('Ubuntu');
my $keyrings_ubuntu = [
$vendor_ubuntu->run_hook('package-keyrings'),
];
$cfg{'ubuntu'} = {
fqdn => 'upload.ubuntu.com',
method => 'ftp',
passive => 1,
incoming => '/ubuntu',
keyrings => $keyrings_ubuntu,
distblocklist => qr/^UNRELEASED/,
dinstall_runs => 1,
};
# Compatibility aliases.
$cfg{'ftp-master'} = $cfg{'debian-ssh'};
$cfg{'anonymous-ftp-master'} = $cfg{'debian-ftp'};
$cfg{'anonymous-ftp-eu'} = $cfg{'debian-ftp-eu'};
$cfg{'delayed'} = $cfg{'debian-ftp-delayed'};
$cfg{'bpo'} = $cfg{'debian-backports'};
$cfg{'mentors'} = $cfg{'debian-mentors'};
$cfg{'security'} = $cfg{'debian-ssh-security'};
$cfg{'anonymous-security'} = $cfg{'debian-ftp-security'};
$cfg{'anonymous-security-unembargoed'} = $cfg{'debian-ftp-security-unembargoed'};
# Do not remove the following line. Perl needs it.
1;
## vim: ft=perl
## Local Variables: ##
## mode:perl ##
## End: ##
View Git Blame Copy Permalink