launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~lgp171188/launchpad:set-up-ppa-update-keys-cronscript into launchpad:master

To: mp+464690@xxxxxxxxxxxxxxxxxx
From: Guruprasad <mp+464690@xxxxxxxxxxxxxxxxxx>
Date: Fri, 19 Apr 2024 13:55:20 -0000
Reply-to: mp+464690@xxxxxxxxxxxxxxxxxx
Sender: noreply@xxxxxxxxxxxxx

Guruprasad has proposed merging ~lgp171188/launchpad:set-up-ppa-update-keys-cronscript into launchpad:master.

Commit message:
charm/launchpad-ppa-publisher: Add the PPA key updater cron job

Also use a unique name for the ppa-update-keys cron script,

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~lgp171188/launchpad/+git/launchpad/+merge/464690
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~lgp171188/launchpad:set-up-ppa-update-keys-cronscript into launchpad:master.

diff --git a/charm/launchpad-ppa-publisher/config.yaml b/charm/launchpad-ppa-publisher/config.yaml
index 84483d6..1c1940b 100644
--- a/charm/launchpad-ppa-publisher/config.yaml
+++ b/charm/launchpad-ppa-publisher/config.yaml
@@ -50,6 +50,12 @@ options:
     type: string
     default:
     description: If set, use as rsync endpoint for synchronizing the OVAL data.
+  ppa_update_keys_script_archives_limit:
+    type: int
+    default: 1000
+    description: |
+      The number of affected PPAs that the ppa-update-keys.py cron script should
+      process in a single run.
   require_signing_keys:
     type: boolean
     description: > 
diff --git a/charm/launchpad-ppa-publisher/templates/crontab.j2 b/charm/launchpad-ppa-publisher/templates/crontab.j2
index 7096ac0..dbe2998 100644
--- a/charm/launchpad-ppa-publisher/templates/crontab.j2
+++ b/charm/launchpad-ppa-publisher/templates/crontab.j2
@@ -19,6 +19,9 @@ P3AROOT={{ ppa_archive_private_root }}
 */20 * * * * nice -n 12 ionice -c 2 -n 7 {{ code_dir }}/cronscripts/ppa-generate-keys.py -q --log-file=INFO:{{ logs_dir }}/ppa-generate-keys.log
 {% endif %}
 
+# This cron job will generate new 4096-bit RSA signing keys for PPAs that only have a 1024-bit RSA signing key
+*/15 * * * * nice -n 12 ionice -c 2 -n 7 {{ code_dir  }}/cronscripts/ppa-update-keys.py -L {{ ppa_update_keys_script_archives_limit }} -q --log-file=INFO:{{ logs_dir }}/ppa-update-keys.log
+
 # OOPS amqp
 */15 * * * * {{ code_dir }}/bin/datedir2amqp --exchange oopses --host {{ rabbitmq_host }} --username {{ rabbitmq_username }} --password {{ rabbitmq_password }} --vhost {{ rabbitmq_vhost }} --repo {{ oopses_dir }} --key ""
 
diff --git a/cronscripts/ppa-update-keys.py b/cronscripts/ppa-update-keys.py
index 50ebef9..94dda2b 100755
--- a/cronscripts/ppa-update-keys.py
+++ b/cronscripts/ppa-update-keys.py
@@ -14,5 +14,5 @@ from lp.services.config import config
 from lp.soyuz.scripts.ppakeyupdater import PPAKeyUpdater
 
 if __name__ == "__main__":
-    script = PPAKeyUpdater("ppa-generate-keys", config.archivepublisher.dbuser)
+    script = PPAKeyUpdater("ppa-update-keys", config.archivepublisher.dbuser)
     script.lock_and_run()