Skip to content
Snippets Groups Projects
Commit 4159a61f authored by Jelle van der Waa's avatar Jelle van der Waa :construction: Committed by Jelle van der Waa
Browse files

dbscripts: switch to Git packaging 

This drops all svn specific functionality and switches to dbscripts git
version. Drops the community repository as it's merged into extra.
parent 83309360
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 270 additions and 361 deletions
group_vars/all/archusers.yml
+ 102
0
View file @ 4159a61f
......@@ -22,6 +22,7 @@ arch_users:
groups:
- tu
- packager
- junior-packager
alad:
name: "Alad Wenter"
email: "alad@archlinux.org"
......@@ -38,6 +39,7 @@ arch_users:
groups:
- tu
- packager
- junior-packager
alex19ep:
name: "Alexander Epaneshnikov"
email: "alex19ep@archlinux.org"
......@@ -46,6 +48,7 @@ arch_users:
- tu
- multilib
- packager
- junior-packager
allan:
name: "Allan McRae"
email: "allan@archlinux.org"
......@@ -60,34 +63,42 @@ arch_users:
ssh_key: alucryd.pub
groups:
- dev
- junior-dev
- tu
- multilib
- packager
- junior-packager
artafinde:
name: "Leonidas Spyropoulos"
email: "artafinde@archlinux.org"
ssh_key: "artafinde.pub"
groups:
- dev
- junior-dev
- multilib
- tu
- packager
- junior-packager
anatolik:
name: "Anatol Pomozov"
email: "anatolik@archlinux.org"
ssh_key: anatolik.pub
groups:
- dev
- junior-dev
- tu
- multilib
- packager
- junior-packager
andrew:
name: "Andrew Gregory"
email: "andrew@archlinux.org"
ssh_key: andrew.pub
groups:
- dev
- junior-dev
- packager
- junior-packager
andrewsc:
name: "Andrew Crerar"
email: "crerar@archlinux.org"
......@@ -95,6 +106,7 @@ arch_users:
groups:
- tu
- packager
- junior-packager
anthraxx:
name: "Levente Polyak"
email: "anthraxx@archlinux.org"
......@@ -102,17 +114,21 @@ arch_users:
shell: /bin/zsh
groups:
- dev
- junior-dev
- tu
- multilib
- packager
- junior-packager
andyrtr:
name: "Andreas Radke"
email: "andyrtr@archlinux.org"
ssh_key: andyrtr.pub
groups:
- dev
- junior-dev
- tu
- packager
- junior-packager
antiz:
name: "Robin Candau"
email: "antiz@archlinux.org"
......@@ -120,6 +136,7 @@ arch_users:
groups:
- tu
- packager
- junior-packager
archange:
name: "Bruno Pagani"
email: "archange@archlinux.org"
......@@ -129,6 +146,7 @@ arch_users:
- tu
- multilib
- packager
- junior-packager
arodseth:
name: "Alexander Rødseth"
email: "xyproto@archlinux.org"
......@@ -137,12 +155,16 @@ arch_users:
- tu
- multilib
- packager
- junior-packager
arojas:
name: "Antonio Rojas"
email: "arojas@archlinux.org"
ssh_key: arojas.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
aur-notify:
......@@ -154,6 +176,7 @@ arch_users:
ssh_key: bastelfreak.pub
groups:
- packager
- junior-packager
- tu
bgyorgy:
name: "Balló György"
......@@ -161,6 +184,7 @@ arch_users:
ssh_key: bgyorgy.pub
groups:
- packager
- junior-packager
- tu
blakkheim:
name: "T.J. Townsend"
......@@ -168,6 +192,7 @@ arch_users:
ssh_key: blakkheim.pub
groups:
- packager
- junior-packager
- tu
bluewind:
name: "Florian Pritz"
......@@ -176,7 +201,9 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
braindamage:
......@@ -192,6 +219,7 @@ arch_users:
ssh_key: cbehan.pub
groups:
- packager
- junior-packager
- tu
coderobe:
name: "Robin Broda"
......@@ -199,6 +227,7 @@ arch_users:
ssh_key: coderobe.pub
groups:
- packager
- junior-packager
- tu
daurnimator:
name: "Daurnimator"
......@@ -206,6 +235,7 @@ arch_users:
ssh_key: daurnimator.pub
groups:
- packager
- junior-packager
- tu
dbermond:
name: "Daniel Bermond"
......@@ -213,6 +243,7 @@ arch_users:
ssh_key: dbermond.pub
groups:
- packager
- junior-packager
- tu
demize:
name: "Johannes Löthberg"
......@@ -221,7 +252,9 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
denisse:
......@@ -244,7 +277,9 @@ arch_users:
ssh_key: diabonas.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
donate:
name: ""
......@@ -255,7 +290,9 @@ arch_users:
ssh_key: dvzrv.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- multilib
- tu
edh:
......@@ -271,6 +308,7 @@ arch_users:
ssh_key: escondida.pub
groups:
- packager
- junior-packager
- tu
eworm:
name: "Christian Hesse"
......@@ -279,7 +317,9 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
farseerfc:
......@@ -288,6 +328,7 @@ arch_users:
ssh_key: farseerfc.pub
groups:
- packager
- junior-packager
- tu
felixonmars:
name: "Felix Yan"
......@@ -295,7 +336,9 @@ arch_users:
ssh_key: felixonmars.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
ffy00:
......@@ -305,6 +348,7 @@ arch_users:
shell: /bin/bash
groups:
- packager
- junior-packager
- tu
flyingpig:
name: "Sibo Dong"
......@@ -323,7 +367,9 @@ arch_users:
- build.archlinux.org
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
foxboron:
......@@ -332,7 +378,9 @@ arch_users:
ssh_key: foxboron.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
foxxx0:
name: "Thore Bödecker"
......@@ -341,6 +389,7 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- tu
gitlab:
name: ""
......@@ -351,6 +400,7 @@ arch_users:
ssh_key: grawlinson.pub
groups:
- packager
- junior-packager
- tu
grazzolini:
name: "Giancarlo Razzolini"
......@@ -358,7 +408,9 @@ arch_users:
ssh_key: grazzolini.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- multilib
- tu
gromit:
......@@ -367,6 +419,7 @@ arch_users:
ssh_key: gromit.pub
groups:
- packager
- junior-packager
- tu
hashworks:
name: "Justin Kromlinger"
......@@ -375,6 +428,7 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- tu
additional_ssh_keys:
- name: hashworks_yubikey_5_nfc.pub
......@@ -390,7 +444,9 @@ arch_users:
- homedir.archlinux.org
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
idevolder:
......@@ -399,6 +455,7 @@ arch_users:
ssh_key: idevolder.pub
groups:
- packager
- junior-packager
- tu
jelle:
name: "Jelle van der Waa"
......@@ -406,7 +463,9 @@ arch_users:
ssh_key: jelle.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
jleclanche:
......@@ -416,6 +475,7 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- tu
jlichtblau:
name: "Jaroslav Lichtblau"
......@@ -423,6 +483,7 @@ arch_users:
ssh_key: jlichtblau.pub
groups:
- packager
- junior-packager
- tu
jouke:
name: "Jouke Witteveen"
......@@ -435,6 +496,7 @@ arch_users:
ssh_key: jsteel.pub
groups:
- packager
- junior-packager
- tu
juergen:
name: "Jürgen Hötzel"
......@@ -442,7 +504,9 @@ arch_users:
ssh_key: juergen.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- multilib
- tu
kewl:
......@@ -458,7 +522,9 @@ arch_users:
ssh_key: kgizdov.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
klausenbusk:
name: "Kristian Klausen"
......@@ -480,7 +546,9 @@ arch_users:
ssh_key: lcarlier.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
lfleischer:
......@@ -490,7 +558,9 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
maximbaz:
......@@ -503,6 +573,7 @@ arch_users:
- homedir.archlinux.org
groups:
- packager
- junior-packager
- tu
mtorromeo:
name: "Massimiliano Torromeo"
......@@ -510,6 +581,7 @@ arch_users:
ssh_key: mtorromeo.pub
groups:
- packager
- junior-packager
- tu
muflone:
name: "Fabio Castelli"
......@@ -517,6 +589,7 @@ arch_users:
ssh_key: muflone.pub
groups:
- packager
- junior-packager
- tu
neitsab:
name: "Bastien Traverse"
......@@ -531,6 +604,7 @@ arch_users:
ssh_key: nicohood.pub
groups:
- packager
- junior-packager
- tu
orhun:
name: "Orhun Parmaksiz"
......@@ -538,6 +612,7 @@ arch_users:
ssh_key: orhun.pub
groups:
- packager
- junior-packager
- tu
pierre:
name: "Pierre Schmitz"
......@@ -545,7 +620,9 @@ arch_users:
ssh_key: pierre.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- multilib
- tu
pitastrudl:
......@@ -561,6 +638,7 @@ arch_users:
ssh_key: polyzen.pub
groups:
- packager
- junior-packager
- tu
remy:
name: "Rémy Oudompheng"
......@@ -568,7 +646,9 @@ arch_users:
ssh_key: remy.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
sangy:
name: "Santiago Torres-Arias"
......@@ -576,6 +656,7 @@ arch_users:
ssh_key: sangy.pub
groups:
- packager
- junior-packager
- tu
morganamilo:
name: "Morgan Adamiec"
......@@ -583,6 +664,7 @@ arch_users:
ssh_key: morganamilo.pub
groups:
- packager
- junior-packager
- tu
freswa:
name: "Frederik Schwan"
......@@ -590,7 +672,9 @@ arch_users:
ssh_key: freswa.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
seblu:
......@@ -600,7 +684,9 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
serebit:
......@@ -609,6 +695,7 @@ arch_users:
ssh_key: serebit.pub
groups:
- packager
- junior-packager
- tu
shibumi:
name: "Christian Rebischke"
......@@ -617,6 +704,7 @@ arch_users:
shell: /bin/zsh
groups:
- packager
- junior-packager
- tu
skydiver:
name: "Xiao Guo"
......@@ -631,6 +719,7 @@ arch_users:
ssh_key: kpcyrd.pub
groups:
- packager
- junior-packager
- tu
- multilib
raster:
......@@ -639,6 +728,7 @@ arch_users:
ssh_key: raster.pub
groups:
- packager
- junior-packager
- tu
rgacogne:
name: "Remi Rgacogne"
......@@ -646,6 +736,7 @@ arch_users:
ssh_key: rgacogne.pub
groups:
- packager
- junior-packager
- tu
spupykin:
name: "Sergej Pupykin"
......@@ -653,6 +744,7 @@ arch_users:
ssh_key: spupykin.pub
groups:
- packager
- junior-packager
- tu
- multilib
segaja:
......@@ -661,6 +753,7 @@ arch_users:
ssh_key: segaja.pub
groups:
- packager
- junior-packager
- tu
svenstaro:
name: "Sven-Hendrik Haase"
......@@ -668,7 +761,9 @@ arch_users:
ssh_key: svenstaro.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- tu
- multilib
torxed:
......@@ -677,6 +772,7 @@ arch_users:
ssh_key: torxed.pub
groups:
- packager
- junior-packager
- tu
tpkessler:
name: "Torsten Keßler"
......@@ -684,6 +780,7 @@ arch_users:
ssh_key: tpkessler.pub
groups:
- packager
- junior-packager
- tu
tpowa:
name: "Tobias Powalowski"
......@@ -691,7 +788,9 @@ arch_users:
ssh_key: tpowa.pub
groups:
- packager
- junior-packager
- dev
- junior-dev
- multilib
- tu
wild:
......@@ -700,6 +799,7 @@ arch_users:
ssh_key: wild.pub
groups:
- packager
- junior-packager
- tu
xyne:
name: "Xyne"
......@@ -707,6 +807,7 @@ arch_users:
ssh_key: xyne.pub
groups:
- packager
- junior-packager
- tu
yan12125:
name: "Chih-Hsuan Yen"
......@@ -714,6 +815,7 @@ arch_users:
ssh_key: yan12125.pub
groups:
- packager
- junior-packager
- multilib
- tu
......
playbooks/tasks/include/post-upgrade/gemini.archlinux.org.yml
+ 0
8
View file @ 4159a61f
......@@ -7,11 +7,3 @@
when:
- who is changed
- who.stdout_lines|length > 1
- name: Stop arch-svntogit.timer
service: name=arch-svntogit.timer state=stopped
- name: Wait for svntogit to finish
wait_for:
path: /srv/svntogit/update-repos.sh.lock
state: absent
roles/common/templates/pacman.conf.j2
+ 3
6
View file @ 4159a61f
......@@ -12,7 +12,7 @@
#RootDir = /
#DBPath = /var/lib/pacman/
{% if 'mirrors' in group_names or inventory_hostname in ['gemini.archlinux.org', 'build.archlinux.org'] %}
CacheDir = /var/cache/pacman/pkg/ /srv/ftp/pool/packages/ /srv/ftp/pool/community/
CacheDir = /var/cache/pacman/pkg/ /srv/ftp/pool/packages/
{% else %}
#CacheDir = /var/cache/pacman/pkg/
{% endif %}
......@@ -72,7 +72,7 @@ LocalFileSigLevel = Optional
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
[testing]
[core-testing]
Usage=Search Sync
Include = /etc/pacman.d/mirrorlist
......@@ -82,13 +82,10 @@ Include = /etc/pacman.d/mirrorlist
[extra]
Include = /etc/pacman.d/mirrorlist
[community-testing]
[extra-testing]
Usage=Search Sync
Include = /etc/pacman.d/mirrorlist
[community]
Include = /etc/pacman.d/mirrorlist
# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.
......
roles/dbscripts/defaults/main.yml
+ 29
10
View file @ 4159a61f
dbscripts_commit: 20220131
dbscripts_commit: 16a748c71c3799b12981f64fedf014881160527f
dbscripts_update: true
dbscripts_pgp_emails: ['jelle@archlinux.org']
dbscripts_pgp_emails: ['jelle@archlinux.org', 'anthraxx@archlinux.org']
community_repos:
- community-debug
- community-testing-debug
- community-staging-debug
- multilib-debug
git_state_repo: /srv/repos/state
git_pkg_cache: /srv/repos/pkg-cache
junior_multilib_repos:
- multilib-staging
- multilib-testing
- multilib-staging-debug
- multilib-testing-debug
package_repos:
multilib_repos:
- multilib
- multilib-debug
junior_developer_repos:
- core-testing
- core-staging
- core-testing-debug
- core-staging-debug
developer_repos:
- core
- core-debug
junior_packager_repos:
- extra-testing
- extra-staging
- extra-testing-debug
- extra-staging-debug
packager_repos:
- extra
- extra-debug
- testing-debug
- staging-debug
- kde-unstable-debug
- gnome-unstable-debug
roles/dbscripts/files/arch-svntogit.service deleted 100644 → 0
+ 0
7
View file @ 83309360
[Unit]
Description=arch-svntogit
[Service]
Type=oneshot
User=svntogit
ExecStart=/srv/svntogit/update-repos.sh
roles/dbscripts/files/arch-svntogit.timer deleted 100644 → 0
+ 0
9
View file @ 83309360
[Unit]
Description=arch-svntogit
[Timer]
OnBootSec=3min
OnUnitActiveSec=5min
[Install]
WantedBy=timers.target
roles/dbscripts/files/cleanup.service
+ 2
3
View file @ 4159a61f
......@@ -4,8 +4,7 @@ Description=Cleanup
[Service]
Type=oneshot
User=cleanup
ExecStart=/srv/repos/svn-community/dbscripts/cron-jobs/ftpdir-cleanup
ExecStart=/srv/repos/svn-packages/dbscripts/cron-jobs/ftpdir-cleanup
ExecStart=/srv/repos/git-packages/dbscripts/cron-jobs/ftpdir-cleanup
CapabilityBoundingSet=
PrivateDevices=true
......@@ -14,4 +13,4 @@ NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ReadWritePaths=/srv/ftp/ /srv/repos/svn-community /srv/repos/svn-packages
ReadWritePaths=/srv/ftp/ /srv/repos/git-packages
roles/dbscripts/files/createlinks
+ 1
1
View file @ 4159a61f
#!/bin/bash
target="/srv/ftp"
repos=('core' 'extra' 'community' 'testing' 'community-testing' 'staging' 'community-staging' 'multilib' 'multilib-testing' 'multilib-staging' 'gnome-unstable' 'kde-unstable')
repos=('core' 'core-testing' 'core-staging' 'extra' 'extra-testing' 'extra-staging' 'multilib' 'multilib-testing' 'multilib-staging' 'gnome-unstable' 'kde-unstable')
arches=('x86_64')
lock='/tmp/links.lck'
tmp="$(mktemp -d)"
......
roles/dbscripts/files/integrity-check.service
+ 1
1
View file @ 4159a61f
......@@ -4,4 +4,4 @@ Description=Integrity Check
[Service]
Type=oneshot
User=svn-packages
ExecStart=/srv/repos/svn-packages/dbscripts/cron-jobs/integrity-check arch-notifications@archlinux.org,arch-dev-public@archlinux.org
ExecStart=/srv/repos/git-packages/dbscripts/cron-jobs/integrity-check arch-notifications@archlinux.org,arch-dev-public@archlinux.org
roles/dbscripts/files/sourceballs.service
+ 1
2
View file @ 4159a61f
......@@ -4,5 +4,4 @@ Description=Sourceballs
[Service]
Type=oneshot
User=sourceballs
ExecStart=/srv/repos/svn-community/dbscripts/cron-jobs/sourceballs
ExecStart=/srv/repos/svn-packages/dbscripts/cron-jobs/sourceballs
ExecStart=/srv/repos/git-packages/dbscripts/cron-jobs/sourceballs
roles/dbscripts/files/sudoers.d
+ 3
7
View file @ 4159a61f
%dev ALL=(svn-packages) NOPASSWD:/usr/bin/svnserve
%dev ALL=(svn-packages) NOPASSWD:/usr/bin/svn
#%dev ALL=(svn-community) NOPASSWD:/usr/bin/svnserve
%tu ALL=(svn-community) NOPASSWD:/usr/bin/svnserve
%tu ALL=(svn-community) NOPASSWD:/usr/bin/svn
%dev ALL = (archive) NOPASSWD: /packages/db-archive
%tu ALL = (archive) NOPASSWD: /community/db-archive
%junior-dev ALL = (archive) NOPASSWD: /packages/db-archive
%packager ALL = (archive) NOPASSWD: /packages/db-archive
%junior-packager ALL = (archive) NOPASSWD: /packages/db-archive
sourceballs ALL=(svn-community) NOPASSWD:/usr/bin/svn
sourceballs ALL=(svn-packages) NOPASSWD:/usr/bin/svn
roles/dbscripts/files/update-repos.sh deleted 100644 → 0
+ 0
97
View file @ 83309360
#!/bin/bash -eC
REPO_HOME=/srv/svntogit/repos
REPOS=(packages community)
REMOTE=public
LOCKFILE="$0.lock"
update_pkg() {
local pkg=$1
if git show master:$pkg &>/dev/null; then
if ! git show-ref -q --verify refs/heads/packages/$pkg; then
# Added package; create package branch
git branch packages/$pkg master
git filter-branch -f --subdirectory-filter $pkg packages/$pkg \
>/dev/null
else
# Updated package; apply changes to package branch
git checkout -q packages/$pkg
git format-patch -k --stdout last-commit-processed..master -- $pkg |
git am -k -p2 --keep-cr --committer-date-is-author-date \
&>/dev/null
fi
else
# Deleted package; destroy the branch and stop processing this package
git branch -D packages/$pkg &>/dev/null || true
git push -q --delete $REMOTE packages/$pkg &>/dev/null || true
return 0
fi
}
# Rather simple locking mechanism
echo $$ >"$LOCKFILE"
for repo in ${REPOS[@]}; do
echo "==> Updating '$repo' Git repository on $(date -u)"
pushd "$REPO_HOME/$repo" >/dev/null
# Make sure we have a last-commit-processed tag to work from
if ! git show-ref -q --verify refs/tags/last-commit-processed; then
echo "==> ERR: Couldn't update '$repo' Git repository;" \
"missing last-commit-processed tag" >&2
# Skip to the next repo
continue
fi
# Make sure we're on the master branch
git checkout -q master
echo ' -> Fetching changes from SVN'
if ! git svn rebase &>/dev/null; then
echo ' > git svn rebase command failed; skipping to next repository'
echo "==> Aborted updating '$repo' on $(date -u)"
echo
popd >/dev/null
continue
fi
echo ' -> Updating package branches'
pkgs=($(git diff --name-only --no-renames last-commit-processed |
cut -d'/' -f1 | uniq))
pkg_count=${#pkgs[@]}
if ((pkg_count)); then
# Update each package branch
for pkg in ${pkgs[@]}; do
echo " > Updating package branch for '$pkg'"
update_pkg $pkg
done
# Return to the master branch
git checkout -q master
echo " -> Updated $pkg_count package branches"
echo ' -> Updating public Git repository'
if ! git push -q --all $REMOTE &>/dev/null; then
echo ' > git push command failed'
fi
else
echo ' > No updates found'
fi
echo ' -> Tagging last commit processed'
git tag -f last-commit-processed >/dev/null
popd >/dev/null
echo "==> Finished updating '$repo' on $(date -u)"
echo
done
# Remove lock
rm "$LOCKFILE"
# vim:set ts=4 sw=4 noet:
roles/dbscripts/tasks/main.yml
+ 121
199
View file @ 4159a61f
- name: Install svn, git, rsync and some perl stuff
pacman: name=git,subversion,rsync,perl-dbd-pg,perl-timedate,diffstat state=present
- name: Install git, rsync and some perl stuff
pacman: name=git,rsync,perl-dbd-pg,perl-timedate,diffstat state=present
- name: Install sourceballs requirements (makepkg download dependencies)
pacman: name=git,subversion,mercurial,breezy state=present
......@@ -10,11 +10,10 @@
- name: Create dbscripts users
user: name="{{ item }}" shell=/bin/bash
with_items:
- svn-packages
- svn-community
- git-packages
- name: Add cleanup user
user: name=cleanup groups=tu,dev,multilib shell=/sbin/nologin
user: name=cleanup groups=junior-dev,dev,junior-packager,packager,multilib shell=/sbin/nologin
- name: Add sourceballs user
user: name=sourceballs shell=/sbin/nologin
......@@ -47,24 +46,6 @@
state: present
with_dict: "{{ arch_users }}"
- name: Create .ssh directory
file: path=/home/svn-packages/.ssh state=directory owner=svn-packages group=svn-packages mode=0700
- name: Configure ssh keys for devs
template: src=authorized_keys-group.j2 dest=/home/svn-packages/.ssh/authorized_keys owner=svn-packages group=svn-packages mode=600
vars:
pubkey_groups: ['dev']
tags: ['archusers']
- name: Create .ssh directory
file: path=/home/svn-community/.ssh state=directory owner=svn-community group=svn-community mode=0700
- name: Configure ssh keys for TUs
template: src=authorized_keys-group.j2 dest=/home/svn-community/.ssh/authorized_keys owner=svn-community group=svn-community mode=600
vars:
pubkey_groups: ['tu']
tags: ['archusers']
- name: Create /etc/dbscripts directory
file: path=/etc/dbscripts state=directory owner=root group=root mode=0755
......@@ -78,7 +59,7 @@
dbscripts_mkdirs:
pathtmpl: '/home/{user}/staging/{dirname}'
permissions: '755'
directories: ['', 'core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
directories: ['', 'core', 'extra', 'multilib', 'multilib-staging', 'multilib-testing', 'core-testing', 'core-staging', 'extra-testing', 'extra-staging']
users: "{{ arch_users.keys() | list }}"
group: users
tags: ["archusers"]
......@@ -86,77 +67,64 @@
- name: Create dbscripts paths
file: path="{{ item }}" state=directory owner=root group=root mode=0755
with_items:
- /srv/repos/svn-community
- /srv/repos/svn-packages
- name: Create svn-community/package-cleanup directory
file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
- name: Add acl user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
- name: Add acl default:user::rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
- name: Add acl default:user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: Add acl default:group::rwx to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
- name: Add acl default:other::r-x to /srv/repos/svn-community/package-cleanup
acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present
- name: Create svn-packages/package-cleanup directory
file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
- name: Add acl user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
- name: Add acl default:user::rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
- name: Add acl default:user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: Add acl default:group::rwx to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
- name: Add acl default:other::r-x to /srv/repos/svn-packages/package-cleanup
acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present
- name: Create svn-community/source-cleanup directory
file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
- name: Create svn-packages/source-cleanup directory
file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755
- name: Create svn-community/svn directory
file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
- name: Add acl default:user::rwx to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
- name: Add acl default:group::r-x to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
- name: Add acl default:other::r-x to /srv/repos/svn-community/svn
acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present
- name: Create svn-packages/svn directory
file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
- name: Add acl default:user::rwx to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
- name: Add acl default:group::r-x to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
- name: Add acl default:other::r-x to /srv/repos/svn-packages/svn
acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present
- name: Create svn-community/tmp directory
file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
- name: Add acl user:sourceballs:rwx to /srv/repos/svn-community/tmp
acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present
- name: Create svn-packages/tmp directory
file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
- name: Add acl user:sourceballs:rwx to /srv/repos/svn-packages/tmp
acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present
- /srv/repos/git-packages
- name: Create git-packages/package-cleanup directory
file: path="/srv/repos/git-packages/package-cleanup" state=directory owner=git-packages group=junior-packager mode=0775
- name: Add acl user:cleanup:rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="user:cleanup:rwx" state=present
- name: Add acl default:user::rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:user::rwx" state=present
- name: Add acl default:user:cleanup:rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: Add acl default:group::rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:group::rwx" state=present
- name: Add acl default:other::r-x to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:other::r-x" state=present
- name: Create git-packages/source-cleanup directory
file: path="/srv/repos/git-packages/source-cleanup" state=directory owner=sourceballs group=git-packages mode=0755
- name: Add acl default:junior-packager::rwx to /srv/repos/state
acl: name=/srv/repos/git-packages/package-cleanup entry="default:group:junior-packager:rwx" state=present
- name: Create pkg cache directory
file: path="{{ git_pkg_cache }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Create state directory
file: path="{{ git_state_repo }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Set permissions for state directory
file: path="{{ git_state_repo }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Add acl default:group:junior-packager:rw- to git_state_repo
acl: name="{{ git_state_repo }}" entry="default:group:junior-packager:rw-" state=present
- name: Git init repository # noqa command-instead-of-module
command: /usr/bin/git init --shared=group "{{ git_state_repo }}"
args:
creates: "{{ git_state_repo }}/.git/config"
- name: Create git-packages/tmp directory
file: path="/srv/repos/git-packages/tmp" state=directory owner=git-packages group=junior-packager mode=1775
- name: Add acl user:sourceballs:rwx to /srv/repos/git-packages/tmp
acl: name=/srv/repos/git-packages/tmp entry="user:sourceballs:rwx" state=present
- name: Add acl user:cleanup:rwx to /srv/repos/git-packages/tmp
acl: name=/srv/repos/git-packages/tmp entry="user:cleanup:rwx" state=present
- name: Touch /srv/ftp/lastsync file
file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
- name: Touch /srv/ftp/lastupdate file
file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- name: Add acl group:tu:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:packager:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:junior-packager:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:junior-dev:rw-" state=present
- name: Fetch dbscripts PGP key
command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
......@@ -166,50 +134,83 @@
- name: Clone dbscripts git repo
git: >
dest=/srv/repos/{{ item }}/dbscripts
dest=/srv/repos/git-packages/dbscripts
repo=https://gitlab.archlinux.org/archlinux/dbscripts.git
version={{ dbscripts_commit }} update={{ dbscripts_update }}
verify_commit=yes
- name: Symlink config file
file: path=/srv/repos/git-packages/dbscripts/config.local src=config.local.git state=link owner=root group=root mode=0644
- name: Symlink /packages to /srv/repos/git-packages/dbscripts
file: path=/packages src=/srv/repos/git-packages/dbscripts state=link owner=root group=root mode=0755
- name: Symlink dbscript binaries to /usr/local/bin
file: path=/usr/local/bin/{{ item }} src=/packages/{{ item }} state=link owner=root group=root mode=0755
with_items:
- svn-community
- svn-packages
- db-move
- db-update
- db-remove
- db-repo-add
- db-repo-remove
- testing2x
- name: Make /srv/svn
file: path=/srv/svn state=directory owner=root group=root mode=0755
- name: Make debug packages pool
file: path=/srv/ftp/pool/packages state=directory owner=root group=junior-packager mode=0775
- name: Symlink /srv/svn/community to /srv/repos/svn-community/svn
file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link owner=root group=root mode=0755
- name: Make debug packages-debug pool
file: path=/srv/ftp/pool/packages-debug state=directory owner=root group=junior-packager mode=0775
- name: Make junior developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_developer_repos }}'
- name: Symlink /srv/svn/packages to /srv/repos/svn-packages/svn
file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link owner=root group=root mode=0755
- name: Make junior developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-dev mode=0775
with_items: '{{ junior_developer_repos }}'
- name: Symlink /community to /srv/repos/svn-community/dbscripts
file: path=/community src=/srv/repos/svn-community/dbscripts state=link owner=root group=root mode=0755
- name: Make developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ developer_repos }}'
- name: Symlink /packages to /srv/repos/svn-packages/dbscripts
file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link owner=root group=root mode=0755
- name: Make developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775
with_items: '{{ developer_repos }}'
- name: Make debug packages-debug pool
file: path=/srv/ftp/pool/packages-debug state=directory owner=root group=dev mode=0775
- name: Make junior packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_packager_repos }}'
- name: Make debug community-debug pool
file: path=/srv/ftp/pool/community-debug state=directory owner=root group=tu mode=2775
- name: Make junior packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775
with_items: '{{ junior_packager_repos }}'
- name: Make package root debug repos
- name: Make packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ package_repos }}'
with_items: '{{ packager_repos }}'
- name: Make community root debug repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=00755
with_items: '{{ community_repos }}'
- name: Make packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775
with_items: '{{ packager_repos }}'
- name: Make package debug repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775
with_items: '{{ package_repos }}'
- name: Make junior multilib root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_multilib_repos }}'
- name: Make community debug repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=tu mode=0775
with_items: '{{ community_repos }}'
- name: Make junior multilib repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775
with_items: '{{ junior_multilib_repos }}'
- name: Make multilib root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ multilib_repos }}'
- name: Make multilib repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775
with_items: '{{ multilib_repos }}'
- name: Make /srv/ftp/other/packages available
file: path=/srv/ftp/other/packages state=directory owner=root group=junior-dev mode=0775
- name: Put rsyncd.conf into tmpfiles
copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644
......@@ -234,73 +235,6 @@
register: gen_rsyncd
changed_when: "gen_rsyncd.rc == 0"
- name: Install svnlog
copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=0755
- name: Add arch-svntogit user
user: name=svntogit shell=/sbin/nologin home=/srv/svntogit generate_ssh_key=yes ssh_key_bits=4096
- name: Configure svntogit git user name # noqa command-instead-of-module
command: git config --global user.name svntogit
become: true
become_user: svntogit
register: git_config_username
changed_when: "git_config_username.rc == 0"
- name: Configure svntogit git user email # noqa command-instead-of-module
command: git config --global user.email svntogit@repos.archlinux.org
become: true
become_user: svntogit
register: git_config_email
changed_when: "git_config_email.rc == 0"
- name: Template arch-svntogit
copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=0755
- name: Create svntogit repos subdir
file: path="/srv/svntogit/repos" state=directory owner=svntogit group=svntogit mode=0775
- name: Clone git-svn repos # noqa command-instead-of-module
command: git svn clone file:///srv/repos/svn-{{ item }}/svn /srv/svntogit/repos/{{ item }} creates=/srv/svntogit/repos/{{ item }}
with_items:
- community
- packages
become: true
become_user: svntogit
- name: Add svntogit public remotes # noqa command-instead-of-module
command: git remote add public git@github.com:archlinux/svntogit-{{ item }}.git chdir=/srv/svntogit/repos/{{ item }}
with_items:
- community
- packages
become: true
become_user: svntogit
ignore_errors: true
register: git_public_remote
changed_when: "git_public_remote.rc == 0"
# The following command also serves as a way to get the data the first time the repo is set up
- name: Configure svntogit pull upstream branch # noqa command-instead-of-module
command: git pull --set-upstream public master chdir=/srv/svntogit/repos/{{ item }}
environment:
SHELL: /bin/bash
with_items:
- community
- packages
become: true
become_user: svntogit
register: git_pull_upstream
changed_when: "git_pull_upstream.rc == 0"
- name: Fix svntogit home permissions
file: path="/srv/svntogit" state=directory owner=svntogit group=svntogit mode=0775
- name: Install repo helpers
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- lsrepo
- checklib32
- name: Install createlinks script
copy: src=createlinks dest=/usr/local/bin/createlinks owner=root group=root mode=0755
......@@ -313,18 +247,6 @@
tags:
- firewall
- name: Configure svnserve
copy: dest=/etc/conf.d/svnserve owner=root group=root mode=0644 content="SVNSERVE_ARGS=-R -r /srv/svn\n"
- name: Start and enable svnserve
service: name=svnserve enabled=yes state=started
- name: Open firewall hole for svnserve
ansible.posix.firewalld: service=svn permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
- name: Install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
......@@ -336,12 +258,8 @@
- lastsync.service
- gen_rsyncd.timer
- gen_rsyncd.service
- arch-svntogit.timer
- arch-svntogit.service
- createlinks.timer
- createlinks.service
notify:
- Daemon reload
- name: Activate systemd timers
service: name={{ item }} enabled=yes state=started
......@@ -350,5 +268,9 @@
- sourceballs.timer
- lastsync.timer
- gen_rsyncd.timer
- arch-svntogit.timer
- createlinks.timer
# Allow different maintainers (unix users) to touch the git state repositories
# https://git-scm.com/docs/git-config/2.35.2#Documentation/git-config.txt-safedirectory
- name: Install gitconfig
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
roles/dbscripts/templates/rsyncd.conf.proto.j2
+ 7
11
View file @ 4159a61f
......@@ -105,18 +105,14 @@ hosts deny = *
path = /srv/ftp/core
comment = core repository
[core-testing]
path = /srv/ftp/core-testing
comment = core-testing repository
[extra]
path = /srv/ftp/extra
comment = extra repository
[community]
path = /srv/ftp/community
comment = community repository
[testing]
path = /srv/ftp/testing
comment = testing repository
[community-testing]
path = /srv/ftp/community-testing
comment = community-testing repository
[extra-testing]
path = /srv/ftp/extra-testing
comment = extra-testing repository
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment