buildd: provide sbuild.conf with ASPCUD criteria
[mirror/dsa-puppet.git] / modules / buildd / manifests / init.pp
1 class buildd ($ensure=present) {
2
3         include schroot
4
5         package { 'sbuild':
6                 ensure => installed,
7                 tag    => extra_repo,
8         }
9         package { 'libsbuild-perl':
10                 ensure => installed,
11                 tag    => extra_repo,
12                 before => Package['sbuild']
13         }
14
15         package { 'apt-transport-https':
16                 ensure => installed,
17         }
18         if $ensure == present {
19                 package { 'dupload':
20                         ensure => installed,
21                 }
22                 file { '/etc/dupload.conf':
23                         source  => 'puppet:///modules/buildd/dupload.conf',
24                         require => Package['dupload'],
25                 }
26                 package { 'buildd':
27                         ensure => installed,
28                 }
29                 file { '/etc/buildd/buildd.conf':
30                         source  => 'puppet:///modules/buildd/buildd.conf',
31                         require => Package['buildd'],
32                 }
33                 file { '/etc/sbuild/sbuild.conf':
34                         source  => 'puppet:///modules/buildd/sbuild.conf',
35                         require => Package['sbuild'],
36                 }
37                 include ferm::ftp_conntrack
38         }
39
40         site::aptrepo { 'buildd':
41                 ensure => absent,
42         }
43
44         $suite = $::lsbdistcodename ? {
45                 wheezy   => $::lsbdistcodename,
46                 jessie   => $::lsbdistcodename,
47                 stretch  => $::lsbdistcodename,
48                 undef   => 'wheezy',
49                 default => 'jessie'
50         }
51
52         $buildd_apt_url = $::debarchitecture ? {
53                 /^sparc$/ => 'http://buildd.debian.org/apt/',
54                 default   => 'https://buildd.debian.org/apt/',
55         }
56
57         site::aptrepo { 'buildd.debian.org':
58                 key        => 'puppet:///modules/buildd/buildd.debian.org.gpg',
59                 url        => $buildd_apt_url,
60                 suite      => $suite,
61                 components => 'main',
62                 require    => Package['apt-transport-https'],
63         }
64
65         $buildd_prop_ensure = $::hostname ? {
66                 /^(alkman)$/ => 'present',
67                 default => 'absent',
68         }
69
70         if ($::lsbmajdistrelease >= 8) {
71                 file { '/etc/apt/apt.conf.d/puppet-https-buildd':
72                         content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/ca-debian/ca-certificates.crt\";\n",
73                 }
74         } else {
75                 file { '/etc/apt/apt.conf.d/puppet-https-buildd':
76                         content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n",
77                 }
78         }
79         site::aptrepo { 'buildd.debian.org-proposed':
80                 ensure     => $buildd_prop_ensure,
81                 url        => 'https://buildd.debian.org/apt/',
82                 suite      => "${suite}-proposed",
83                 components => 'main',
84                 require    => [ Package['apt-transport-https'],
85                                 File['/etc/apt/apt.conf.d/puppet-https-buildd'] ],
86         }
87
88         # 'bad' extension
89         file { '/etc/apt/preferences.d/buildd.debian.org':
90                 ensure => absent,
91         }
92         file { '/etc/apt/preferences.d/buildd':
93                 ensure => absent,
94         }
95         file { '/etc/cron.d/dsa-buildd':
96                 source  => 'puppet:///modules/buildd/cron.d-dsa-buildd',
97                 require => Package['debian.org']
98         }
99
100         if ($::kernel == 'Linux') {
101                 package { 'python-psutil':
102                         ensure => installed,
103                 }
104                 if ($::lsbmajdistrelease >= 8) {
105                         file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
106                                 source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill',
107                                 mode    => '0555',
108                         }
109                 } else {
110                         file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
111                                 source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.wheezy',
112                                 mode    => '0555',
113                         }
114                 }
115         } else {
116                 file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
117                         source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.squeeze',
118                         mode    => '0555',
119                 }
120         }
121         file { '/etc/cron.d/puppet-buildd-aptitude':
122                 content => "*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill\n",
123         }
124
125         if $has_srv_buildd {
126                 file { '/etc/cron.d/puppet-update-buildd-schroots':
127                         content  => "13 21 * * 0,3 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd\n",
128                 }
129         }
130
131         file { '/home/buildd':
132                 ensure  => directory,
133                 mode    => '2755',
134                 group   => buildd,
135                 owner   => buildd,
136         }
137         file { '/home/buildd/build':
138                 ensure  => directory,
139                 mode    => '2750',
140                 group   => buildd,
141                 owner   => buildd,
142         }
143         file { '/home/buildd/logs':
144                 ensure  => directory,
145                 mode    => '2750',
146                 group   => buildd,
147                 owner   => buildd,
148         }
149         file { '/home/buildd/old-logs':
150                 ensure  => directory,
151                 mode    => '2750',
152                 group   => buildd,
153                 owner   => buildd,
154         }
155         file { '/home/buildd/upload-security':
156                 ensure  => directory,
157                 mode    => '2750',
158                 group   => buildd,
159                 owner   => buildd,
160         }
161         file { '/home/buildd/stats':
162                 ensure  => directory,
163                 mode    => '2755',
164                 group   => buildd,
165                 owner   => buildd,
166         }
167         file { '/home/buildd/stats/graphs':
168                 ensure  => directory,
169                 mode    => '2755',
170                 group   => buildd,
171                 owner   => buildd,
172         }
173         file { '/home/buildd/upload':
174                 ensure  => directory,
175                 mode    => '2755',
176                 group   => buildd,
177                 owner   => buildd,
178         }
179         file { '/home/buildd/.forward':
180                 content  => "|/usr/bin/buildd-mail\n",
181                 group   => buildd,
182                 owner   => buildd,
183         }
184         file { '/home/buildd/.gnupg':
185                 ensure  => directory,
186                 mode    => '700',
187                 group   => buildd,
188                 owner   => buildd,
189         }
190         file { '/home/buildd/.gnupg/gpg.conf':
191                 content  => "personal-digest-preferences SHA512\n",
192                 group   => buildd,
193                 owner   => buildd,
194         }
195
196         if ! $::buildd_key {
197                 exec { 'create-buildd-key':
198                         command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
199                         onlyif  => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]'
200                 }
201         }
202
203
204         if $::buildd_user_exists {
205                 exec { 'add-buildd-user-to-sbuild':
206                         command => 'adduser buildd sbuild',
207                         onlyif  => "getent group sbuild > /dev/null && ! getent group sbuild | grep '\\<buildd\\>' > /dev/null"
208                 }
209         }
210 }