blob: 8a13535ad559594972cf7de629700edcaa428cab (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
Tracker setup on soler.debian.org
=================================
(This is internal documentation, in case things need to be fixed.
It is not relevant to day-to-day edting tasks.)
Relevant files and directories
------------------------------
The tracker runs under the user ID "sectracker". Most of its files
are stored in the directory /org/security-tracker.debian.org/website:
bin/cron invoked by cron once every minute
bin/cron-hourly invoked by cron once every hour
bin/cron-daily invoked by cron once every day
bin/read-and-touch invoked by ~/.procmailrc
bin/start-daemon invoked by cron at reboot
secure-testing Subversion checkout
secure-testing/bin/* main entry points, called bin bin/cron
secure-testing/stamps/* files which trigger processing by bin/cron
~sectracker/.procmailrc invokes bin/read-and-touch to create stamp
files, which are then picked up by bin/cron. This is done to
serialize change events in batches (e.g., commits originated from
git-svn). <sectracker@security-tracker.debian.org> is subscribed to
these mailing lists to be notified of changes:
<debian-security-announce@lists.debian.org>
<secure-testing-commits.lists.alioth.debian.org>
The crontab of the "sectracker" user is set up such that the scripts
are invoked as specified above.
Web server
----------
80/TCP is handled by Apache. The Apache configuration is here:
/org/security-tracker.debian.org/etc/apache.conf
mod_proxy is used to forward requests to the actual server which
listens on 127.0.0.1:25648 and is started by the
/org/security-tracker.debian.org/website/bin/start-daemon script.
Logging
-------
Apche logs are stored in:
/var/log/apache2/security-tracker.debian.org.access.log
/var/log/apache2/security-tracker.debian.org.error.log
The Python daemon writes logs to a separate file, too:
/org/security-tracker.debian.org/website/log/daemon.log
This also contains the exception traces.
debsecan metadata
-----------------
/org/security-tracker.debian.org/website/bin/cron contains code which
pushes updates to secure-testing-master, using rsync.
PTS interface
-------------
The PTS fetches bug counts from this URL:
http://security-tracker.debian.org/tracker/data/pts/1
Code updates
------------
Updates to the Subversion checkout only affect the directory
/org/security-tracker.debian.org/website/secure-testing/data.
Code changes need to be applied manually, using "svn update".
|
