mirror/dsa-puppet.git
9 years agoFix blacklist entry
Paul Wise [Wed, 18 Mar 2015 14:46:43 +0000 (22:46 +0800)]
Fix blacklist entry

9 years agoBlacklist paytm.com, no opt-in, no opt-out
Paul Wise [Tue, 17 Mar 2015 09:33:54 +0000 (17:33 +0800)]
Blacklist paytm.com, no opt-in, no opt-out

9 years agoAT LAST, SIR TERRY, WE MUST WALK TOGETHER.
Stephen Gran [Mon, 16 Mar 2015 20:28:20 +0000 (20:28 +0000)]
AT LAST, SIR TERRY, WE MUST WALK TOGETHER.

Signed-off-by: Stephen Gran <steve@lobefin.net>
9 years agono backups for x86-grnet-01
Julien Cristau [Mon, 16 Mar 2015 12:20:18 +0000 (13:20 +0100)]
no backups for x86-grnet-01

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agobuildd.d.o: update archive key
Héctor Orón Martínez [Sun, 15 Mar 2015 11:14:37 +0000 (12:14 +0100)]
buildd.d.o: update archive key

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agogrnet-node01 has ekey now
Martin Zobel-Helas [Sun, 15 Mar 2015 10:19:26 +0000 (10:19 +0000)]
grnet-node01 has ekey now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agodi-autobuilding: allow d-i group builds on porterboxes
Héctor Orón Martínez [Sun, 15 Mar 2015 10:18:57 +0000 (11:18 +0100)]
di-autobuilding: allow d-i group builds on porterboxes

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agoDecommission senfl.debian.org
Paul Wise [Fri, 6 Mar 2015 07:10:20 +0000 (15:10 +0800)]
Decommission senfl.debian.org

9 years agoSSL certificate for search.debian.org
Martin Zobel-Helas [Wed, 4 Mar 2015 09:53:27 +0000 (09:53 +0000)]
SSL certificate for search.debian.org

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
9 years agobuildd: add jessie suite
Héctor Orón Martínez [Wed, 25 Feb 2015 19:33:52 +0000 (20:33 +0100)]
buildd: add jessie suite

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
9 years agono more static-update-component lintian on lilburn
Peter Palfrader [Thu, 19 Feb 2015 20:14:17 +0000 (21:14 +0100)]
no more static-update-component lintian on lilburn

9 years agolintian moved to lindsay. Move its master from bizet to dillon too
Peter Palfrader [Thu, 19 Feb 2015 20:09:32 +0000 (21:09 +0100)]
lintian moved to lindsay.  Move its master from bizet to dillon too

9 years agobm autofs for lindsay
Peter Palfrader [Thu, 19 Feb 2015 19:37:15 +0000 (20:37 +0100)]
bm autofs for lindsay

9 years agomake armhf and armel chroot on arm64
Peter Palfrader [Wed, 18 Feb 2015 13:42:11 +0000 (14:42 +0100)]
make armhf and armel chroot on arm64

9 years agodsa-check-libs: Allow -v for --verbose
Peter Palfrader [Wed, 18 Feb 2015 11:15:15 +0000 (12:15 +0100)]
dsa-check-libs: Allow -v for --verbose

9 years agodsa-check-libs: Ignore deleted directories that we happen to be in
Peter Palfrader [Wed, 18 Feb 2015 11:13:17 +0000 (12:13 +0100)]
dsa-check-libs: Ignore deleted directories that we happen to be in

9 years agospacing
Peter Palfrader [Sun, 15 Feb 2015 18:16:24 +0000 (19:16 +0100)]
spacing

9 years agomore zani swap messing
Peter Palfrader [Sun, 15 Feb 2015 18:16:10 +0000 (19:16 +0100)]
more zani swap messing

9 years agochange order
Peter Palfrader [Sun, 15 Feb 2015 18:14:05 +0000 (19:14 +0100)]
change order

9 years agoRevert "more quoting"
Peter Palfrader [Sun, 15 Feb 2015 18:11:19 +0000 (19:11 +0100)]
Revert "more quoting"

This reverts commit 389d5d780402be55af5779e918bfefefdbc157a7.

9 years agomore quoting
Peter Palfrader [Sun, 15 Feb 2015 18:10:19 +0000 (19:10 +0100)]
more quoting

9 years agoMake rc.local a template, make swap on zani
Peter Palfrader [Sun, 15 Feb 2015 18:09:13 +0000 (19:09 +0100)]
Make rc.local a template, make swap on zani

9 years agomail-big-homedirs: never touch the homedir of the buildd user
Peter Palfrader [Sun, 15 Feb 2015 09:54:42 +0000 (10:54 +0100)]
mail-big-homedirs: never touch the homedir of the buildd user

9 years agoAdd buildd to sbuild
Peter Palfrader [Sat, 14 Feb 2015 21:43:37 +0000 (22:43 +0100)]
Add buildd to sbuild

9 years agowhitespace fix
Peter Palfrader [Sat, 14 Feb 2015 21:39:22 +0000 (22:39 +0100)]
whitespace fix

9 years agobuildd user exists facter
Peter Palfrader [Sat, 14 Feb 2015 21:38:35 +0000 (22:38 +0100)]
buildd user exists facter

9 years agoBut we do want to create a ~buildd/stats
Peter Palfrader [Sat, 14 Feb 2015 21:34:20 +0000 (22:34 +0100)]
But we do want to create a ~buildd/stats

9 years agoget rid of status
Peter Palfrader [Sat, 14 Feb 2015 21:30:13 +0000 (22:30 +0100)]
get rid of status

9 years agoinstall buildd keys
Peter Palfrader [Sat, 14 Feb 2015 21:15:21 +0000 (22:15 +0100)]
install buildd keys

9 years agoonly hostname, not fqdn
Peter Palfrader [Sat, 14 Feb 2015 14:18:21 +0000 (15:18 +0100)]
only hostname, not fqdn

9 years agoremove extra whitespace
Peter Palfrader [Sat, 14 Feb 2015 14:13:08 +0000 (15:13 +0100)]
remove extra whitespace

9 years agofix template
Peter Palfrader [Sat, 14 Feb 2015 14:11:57 +0000 (15:11 +0100)]
fix template

9 years agocreate authorized_keys for wb-buildd
Peter Palfrader [Sat, 14 Feb 2015 14:08:57 +0000 (15:08 +0100)]
create authorized_keys for wb-buildd

9 years agocreate ssh key for buildd
Peter Palfrader [Sat, 14 Feb 2015 14:01:00 +0000 (15:01 +0100)]
create ssh key for buildd

9 years agoowner/group for .forward
Peter Palfrader [Sat, 14 Feb 2015 12:00:26 +0000 (13:00 +0100)]
owner/group for .forward

9 years agoShip 99builddsourceslist on jessie systems
Peter Palfrader [Sat, 14 Feb 2015 11:57:57 +0000 (12:57 +0100)]
Ship 99builddsourceslist on jessie systems

9 years agobuildd directories and files as requested by aurel
Peter Palfrader [Sat, 14 Feb 2015 11:52:28 +0000 (12:52 +0100)]
buildd directories and files as requested by aurel

9 years agostricter regex
Peter Palfrader [Fri, 13 Feb 2015 19:14:01 +0000 (20:14 +0100)]
stricter regex

9 years agoexport ubc multipath config to boito
Peter Palfrader [Fri, 13 Feb 2015 18:57:01 +0000 (19:57 +0100)]
export ubc multipath config to boito

9 years agoremove rossini and salieri
Luca Filipozzi [Fri, 13 Feb 2015 18:48:30 +0000 (18:48 +0000)]
remove rossini and salieri

9 years agoexport ubc multipath config to bertali
Peter Palfrader [Fri, 13 Feb 2015 18:00:42 +0000 (19:00 +0100)]
export ubc multipath config to bertali

9 years agoexport ubc multipath config to tristano
Peter Palfrader [Fri, 13 Feb 2015 17:40:29 +0000 (18:40 +0100)]
export ubc multipath config to tristano

9 years agoubc: Ignore sda on p410 blades
Peter Palfrader [Fri, 13 Feb 2015 16:40:21 +0000 (17:40 +0100)]
ubc: Ignore sda on p410 blades

9 years agoexport ubc multipath config to pasquini
Peter Palfrader [Fri, 13 Feb 2015 16:32:50 +0000 (17:32 +0100)]
export ubc multipath config to pasquini

9 years agomultipath-ubc-ganeti: remove old volumes
Peter Palfrader [Fri, 13 Feb 2015 16:32:14 +0000 (17:32 +0100)]
multipath-ubc-ganeti: remove old volumes

9 years agoMake syslog-ng require the network and unbound to be up before starting
Tollef Fog Heen [Wed, 11 Feb 2015 15:17:10 +0000 (16:17 +0100)]
Make syslog-ng require the network and unbound to be up before starting

9 years agoTurn off forwarding of systemd journal messages to syslog-ng
Tollef Fog Heen [Wed, 11 Feb 2015 14:11:24 +0000 (15:11 +0100)]
Turn off forwarding of systemd journal messages to syslog-ng

Modern syslogs (such as rsyslog and syslog-ng > 3.6) pull from the
systemd journal themselves. Tell systemd to not forward the messages
to syslog.  Also change it so syslog-ng no longer hooks into the
syslog.socket early boot stuff, since that causes headaches when it
tries to connect to loghost and can't resolve names.

9 years agosystem shutdown check with systemd
Peter Palfrader [Wed, 11 Feb 2015 13:22:00 +0000 (14:22 +0100)]
system shutdown check with systemd

9 years agoDrop no longer in use office network
Tollef Fog Heen [Wed, 11 Feb 2015 12:51:18 +0000 (13:51 +0100)]
Drop no longer in use office network

9 years agoReplace a tab with spaces in python code
Peter Palfrader [Tue, 10 Feb 2015 10:38:40 +0000 (11:38 +0100)]
Replace a tab with spaces in python code

9 years agoKill evil spaces
Peter Palfrader [Tue, 10 Feb 2015 10:38:20 +0000 (11:38 +0100)]
Kill evil spaces

9 years agoMake ud-replicated depend on syslog.service
Peter Palfrader [Mon, 9 Feb 2015 18:22:01 +0000 (19:22 +0100)]
Make ud-replicated depend on syslog.service

9 years agomake dsa-check-libs +x
Peter Palfrader [Mon, 9 Feb 2015 12:01:14 +0000 (13:01 +0100)]
make dsa-check-libs +x

9 years agoFix path
Peter Palfrader [Mon, 9 Feb 2015 09:30:18 +0000 (10:30 +0100)]
Fix path

9 years agoShip dsa-check-libs via puppet for now
Peter Palfrader [Mon, 9 Feb 2015 09:28:16 +0000 (10:28 +0100)]
Ship dsa-check-libs via puppet for now

9 years agoapache 2.4 config for default vhost
Peter Palfrader [Sun, 8 Feb 2015 13:01:55 +0000 (14:01 +0100)]
apache 2.4 config for default vhost

9 years agorossini out of ekey
Peter Palfrader [Sun, 8 Feb 2015 07:58:55 +0000 (08:58 +0100)]
rossini out of ekey

9 years agoremove villa from no-backup
Peter Palfrader [Sat, 7 Feb 2015 18:58:31 +0000 (19:58 +0100)]
remove villa from no-backup

9 years agoset listen=NO in vsftpd
Peter Palfrader [Sat, 7 Feb 2015 18:31:53 +0000 (19:31 +0100)]
set listen=NO in vsftpd

9 years agoapache 2.4 compatbile security.d.o
Peter Palfrader [Sat, 7 Feb 2015 18:20:42 +0000 (19:20 +0100)]
apache 2.4 compatbile security.d.o

9 years agoMake a template out of the security.d.o apache conf
Peter Palfrader [Sat, 7 Feb 2015 18:19:19 +0000 (19:19 +0100)]
Make a template out of the security.d.o apache conf

9 years agosyntax fix
Peter Palfrader [Sat, 7 Feb 2015 18:12:14 +0000 (19:12 +0100)]
syntax fix

9 years agoapache 2.4 sites stuff
Peter Palfrader [Sat, 7 Feb 2015 18:11:28 +0000 (19:11 +0100)]
apache 2.4 sites stuff

9 years agopostmasterish is not a spam trap, put that after host and sender address blacklist
Tollef Fog Heen [Wed, 4 Feb 2015 19:32:03 +0000 (20:32 +0100)]
postmasterish is not a spam trap, put that after host and sender address blacklist

9 years agomove entropy key from salieri to rossini
Luca Filipozzi [Mon, 2 Feb 2015 03:16:26 +0000 (03:16 +0000)]
move entropy key from salieri to rossini

9 years agoGet rid of always broken http.d.net
Peter Palfrader [Wed, 28 Jan 2015 17:30:31 +0000 (18:30 +0100)]
Get rid of always broken http.d.net

9 years agoIgnore /etc/nagios/check-libs.conf
Peter Palfrader [Wed, 28 Jan 2015 13:24:31 +0000 (14:24 +0100)]
Ignore /etc/nagios/check-libs.conf

9 years agoPush nagios check-libs.conf via puppet
Peter Palfrader [Wed, 28 Jan 2015 13:16:40 +0000 (14:16 +0100)]
Push nagios check-libs.conf via puppet

9 years agoAdd nagios plugins to root's PATH
Peter Palfrader [Wed, 28 Jan 2015 13:09:30 +0000 (14:09 +0100)]
Add nagios plugins to root's PATH

9 years agoAllow nagios to run dsa-check-libs under sudo
Peter Palfrader [Tue, 27 Jan 2015 23:15:52 +0000 (00:15 +0100)]
Allow nagios to run dsa-check-libs under sudo

9 years agoAdd minkus to porterboxes
Peter Palfrader [Mon, 26 Jan 2015 20:37:27 +0000 (21:37 +0100)]
Add minkus to porterboxes

9 years agoBlacklist hatemshaheen21@yahoo.com
Peter Palfrader [Thu, 22 Jan 2015 09:37:49 +0000 (10:37 +0100)]
Blacklist hatemshaheen21@yahoo.com

9 years agoMake buildd-schroot-aptitude-kill work on jessie
Peter Palfrader [Thu, 15 Jan 2015 22:36:56 +0000 (23:36 +0100)]
Make buildd-schroot-aptitude-kill work on jessie

9 years agoI think we want to ignore errors here
Peter Palfrader [Wed, 14 Jan 2015 21:56:32 +0000 (22:56 +0100)]
I think we want to ignore errors here

9 years agoTry porting torproject changes: support excluding mirror for a single static component
Peter Palfrader [Wed, 14 Jan 2015 21:43:28 +0000 (22:43 +0100)]
Try porting torproject changes: support excluding mirror for a single static component

9 years agoAdd root ssh key for jcristau
Julien Cristau [Sat, 10 Jan 2015 15:18:33 +0000 (16:18 +0100)]
Add root ssh key for jcristau

Signed-off-by: Julien Cristau <jcristau@debian.org>
9 years agoNew leap second
Peter Palfrader [Fri, 9 Jan 2015 19:00:44 +0000 (20:00 +0100)]
New leap second

9 years agort-mailgate needs the ca-debian workaround too
Paul Wise [Wed, 7 Jan 2015 15:12:58 +0000 (23:12 +0800)]
rt-mailgate needs the ca-debian workaround too

9 years agoThe snakeoil key is handled by puppet also.
Paul Wise [Wed, 7 Jan 2015 07:06:52 +0000 (15:06 +0800)]
The snakeoil key is handled by puppet also.

9 years agoWe still have some debian.org certs signed by SPI and USERFirst
Paul Wise [Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)]
We still have some debian.org certs signed by SPI and USERFirst

9 years agoTrailing line ending characters are sometimes nice
Paul Wise [Wed, 7 Jan 2015 06:11:01 +0000 (14:11 +0800)]
Trailing line ending characters are sometimes nice

9 years agoFix typo
Paul Wise [Wed, 7 Jan 2015 06:09:14 +0000 (14:09 +0800)]
Fix typo

9 years agoEnforce SSL configuration using puppet, add dirs for debian and global CAs
Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs

9 years agoRemove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)

9 years agoFix typo
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo

9 years agoSkip processes that no longer exist
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist

9 years agocdn.debian.net has been deprecated, replace it with http.debian.net
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net

https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com

9 years agoWork around service(8) not reloading syslog-ng correctly
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly

It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing.  Just call systemctl directly if we're
running systemd to work around this.

9 years agodd-schroot-cmd: Relax session name check
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check

As per schroot.conf(5):

  A  number  of characters or words are not permitted in a chroot name,
  session name or configuration filename.  The name may not contain a
  leading period (‘.’).  The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
  (forward slash) are not permitted anywhere in the name.  The name may
  also not contain  a  trailing  tilde  (‘~’).

Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.

Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
10 years agorun ntp everywhere again
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoRevert "disable oyens for now"
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"

This reverts commit 57a38b9f3f9858c0619de09d7b3d01e86c599f9c.

10 years agodisable oyens for now
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
10 years agoFix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks

10 years agoFirst attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie

10 years agoUpdate security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly

10 years agos/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/

10 years agoAdd stunnel for search
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search

10 years agoautofs: ensure nfsv4 module is loaded
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded

Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
10 years agostable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again

10 years agoUpdate leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list.  Not that any new ones have been added.